·~
•
,WTliUlhOitF(-r (0:0)-. ps auX .. ,
oot 10lH 0,0 0.1 10171 0,0 0.2 oot lOU) 0,0 0.1 oot -1025'> 0.0 0.1 oot 10ns 0,0 0,2 oot 10)27 0,0 0,1 oat 10l~8 0.0 0,1 oot 10458 0,0 0,2 t 10470 0,0 0,1 DOt 10541 0.0 0,1
00'
t
11)001
001 root root root i.
10613
3184
928
Sn2
12U
H~ ')96
U84 57'>2
Has ??
Is
9%
??
9-14
~~
IS 15
nil
1184 >7'>2
'>44
243S
106~ 0.0 IOH4 0,0 10756 0.0
0,1 0,2 0,1
3134 >75, H12
IOn9 0.0
0,0
488
UH
Is
7~
S.
15 55
?1 ?1
Is
15:16
U
15:l6
p4
0\...
1$:l9
?1
IS
n
I. 5s IS
~ ~44
11
Has
996 H8
15:26 15:26 15:26 15:26
15:26 IS:,6 15:26 15:26 lS:1(, 15:26 15:26 1S:l6 15:26
?? ??
'.196
94<t H3S
0,2 0, I
S. I.
??
)2U
1184 57"
0,0 0.0
~~ ~,
??
B cnl.1CKe npOLteCCOB - nRTb TOJ1bKO 4TO
o 00.01 /U5r/$l>jn/$ysl,,~
000.00 lusr/shin/sshd
000,01 luu/obinlcron -s
o 00,01 o 00,01o 00,01
o 00.00
lu<r;'bin/s~I""" lu,r/<b;n/nhd !usr!,b;n!cron ., !u<r!5b;n/<ysl"9'! _ !usr/oMn/..M !usrlsbin!cron -s !usr!5b;n/sys1oq<1 /",rlsb;n! ..hd !",r/,bln/cron -I /",r/sbfn/oyslog<! /",rlsb1n/5shd lusr/sb1n!cron -I
o 00,00 000.01 000.01 000,00 000,01 000,01 000.00 o 00.01 o 00,00 grep
3any~eHHblX
172.16.67.1 :!usr/jail 172 .16. 67.2 :/usr/jai 1 172 .16. 67.3: /usrjjai' 172 .16.67.4 :!usr/ja; 1 172.16.67.5 :/usr/jai 1 172.16.67. 6:/usr/jai' In .16.67.7 :/usr/jil; 1 172.16.67.8 :/usr/jai' 172 .16.67.9 :/usr/jail 72.16. 67 .10:/usr/·~i
nfeO: Hrver. host. com: 7-:-i-RELEAse:vasya@host.cOII:'l;rial :200903211500:okl nfeO: ssh. host. com: 7 .l-RELEASE :111; xer@host.cOlI:base;200904050122:ok: nfeO: necDO. host. com: 7 .I-RELEASE: nerao@hoS't.C(lfII:t";al:200903052241:ok nhO:lIIdb. host. com: 7 .I-RELEASE: m; i@host.COIlI:base:2oo903211500:ok nfeO:vor. host. com: 7 .1~RELEASE :vor@hos't.com:base:200901011U3:disabled edO: xakep.host . COllI: 7.l-RELEASE: xakep@host.clXII:vip:201005051132:ok edQ: boris .host .com: 7 .I-RELEASE: bor1 s(\lhost. com:base: 200903Z11S00: ok edO: edu. han. com:l.1-RELEASE: i1nna@host.com:extra:200903211S00:ok edO :",1 ra. host: .COII: 7.1-RELEASE:mi ra@.host.cOII:base:200903251631:ok : edO: 055. host. COla: 7. I-RELEASE : fossi-host. cora: ext:ra:200908211022 :ok
nplo1Mep 3an0J1HeHH0I1 6a3bl cepaepoa
cepSepOB
umount SJAILDIR/$IP/usr/ports/packages umount $JAILDlR/$IP/dev U11l0unt $JAILOIH/SIP/proc
"PROVIOE 11 REQUIRE t: KEYWORD
vservers OAEMON c1 eanvar nojail
ifconEig $U' inet -alias STP t.ITo6bI He 3aMOpa"lHBaTb01 CPyqHhIM 3MyCKOM cepnepOB, HaIIHWeMCKpHnT
jetejre.subr
vservers, KOTOpbU1 npOBepReTorrU:H1ovservers_enable B/ete/rc.conf, 3arryCK3
name="vservel's" rcvar= set_rcvar' start_cmd","vservers_start" stop_cmd"'''vservers_stop''
requi recLfil es","/us r /ia1 1base/db"
eT Bee roTOBbre BMPTYaJlhHhle cepBepbl no Bpe~rn 3arpy:llCH DC H ocr8HaBJTHBa eT 60 BpeM1:l waTl'aytIa.
# vim !usr/localletc!rc,d/vservers
CepBepOB VSERVERS",'Cat: jusrjiailbase/db I grep -e ':okS' I cut -d ':' -f l' if [ SVSERVERS '" •. ,. J; then ex; t #
nony~aeM
KnlO'IeBble CTpOlOi 3TOI'O 4>aHn:a:
Cn~COK pa60TOCnoco6H~X
fj
#
n0J1Y''!ae~1
Crrl1:COK pa6oTocnoco6HblX cep!'\epOB
VSERVERS'" 'cat /tlsr/jailbase/db I grep -e ':ok$' I cut-d :' -f l'
:; npou.e~ypa JanycKa cepBepOB vservers_start()
Ir I1pol(e.o.ypa 3anycK/l cepsepoB
(
vservers start ( ) for IP in SVSERVERS; do jusr/local/binjst:artvserver SIP done
for IP in $VSERVERS; do
/usr/local/bin/startvserver SIP
:: npou.eAypa OCTSH08K14 cepBepoa vservers_stopO
done
(
for IP in SVSERVERS; do
fi npoue.rtYpa oC'raHOBKI1 cepaepoa
CKpl.1nT lusr/localletc/rc.d/vservers
vservers_stop ( ) - f 4'
HOSTNAME"" echo $STRING I cut -d OSVE?"" echo $S'I'RING I cut -d it 1anycKaeM jclil-cEpsep
for IP in $VSERVERS; do
-f 5'
/usr/1ocal/binjstopvserver $IP done
ifconfig $IF inet alias $IP mount -t devfs ::lone $JAILDIR/SIP/dev
Bce. PaCCMOTpeHHble CKptInTbl aBTOMaTH3HpYJOT acro rpfl3H)110 pa60T}'.
devfs -m $JAILDIR/$IP/dev ruleset 1
BOT H
mount -t procfs none $JAILDIR/$IP/proc
60Jlbwe He Hj')KHo KOMOI-UmpOBaTb OKp)')Kemle HCITOllHeHIDI, tlo6aBJI>ITb
mount_nullfs $JAILBASE/dislfiles-$OSVER SJAILDIRISIP/usr/ports/distfiles mount_nullfs $JA:LBASE/packages-$OSVER
tlBe KOMaHAbl,- H BHpTyaJlbHblH cepBep C03,1l;aH, 3aJ1YIUeH H nOJIHOCTblO fOTOD
IP-OceB,ll,OHHMbl Ii pe.AaKTHpoBaTb tPaH.rrbl30HlJJ:ocraro'-lHO SblllOJIHHTh Dcero
I( HCrrOJlb30BaHHIO:
$JAILDIR/SIP/usrjports/packages jail SJAILDIR/$IP $HOSTNAME SIP /bin/sh /etc/rc
it IP=' addvserver new .host. com ".l-RELEASE vasya@mai1.ru
base 0906061200 CKpHDT stopvserver rrepe.n: oCTaHOBKOH. npo~cnblBae'rTe)f{e
warl1 H, nnJOCK
/ny6n~YH~w/KnD~/BacH'
# startvservel' $IP
3TOMY, npoBep.R:eT, 3arryrn;eH JlH cepBep CnOMOlltblO KOMaHAbl jls- H H3BJIeKa
eT eroJID (nepaM K01IOHKaBblBO,o;ajls): # vim lusr!locaVbin!stopvserver II npOF.lep.l'leM, 3anYUll.!H nl1
STRING='jls
I
cepaep
DCTaHOBHTb Ii YAMHTh cepsep eJ..Ll,e npo~e:
# stopvserve.r SIP # delvserver SIP
grep $IP'
if [ : • $STRING" ); then echo "CepBep SIP
H~
3cUTill\eu»
exit 3
fi Ii Y31laeM j id cepeepa JID'" 'echo SSTRING I cut -d ' , - f l'
OCTaJiOCb T01IbKO HaHRTb Be6-pa3pa6o-PrnKOB, K01'Opf>le C03l'aJIH 6bl nou.epx 3TOI'O X03HHCTBa npocrOH HHTep¢>eil:CtvlH perl1crpaUHH IIOJIb30BaTeJleH, Ii
HanHcaTb He6oJTbWO:H CKpI1ITr, KOTOpblH 313nyCKaJl016hl no KpOHy H npOBep$VI, He HCTeK lIH CpoK apeHAbi a KJ<aYHTa (npHMep CKpI1nTa Thl HaftnellI.b aaAHClCe) .
KAPKAC C03AAH MbJco3,QaJll1»nOJ1Hepa60TOcrroc06HblH. KapKaC
jai1-cepsep killall -j $JID -TERM> /dev/null 2>&1
6y~ero CepBl1ca. B CJH~,l{}'IOllteH CTaTb€ Mbl pacCMoTpH.M, KaK npHRpynlTb
sleep 1
TOB, cHCTeM)' 63Karra, HaJlO>KI1M BceB03MO)f(J-Ible orpaHH'leHl1J'I H C03l'3,l!,HM
kiUall -j SJID -KILL. > /dev/null 2>&1
reTeporeHHyIO CI1CTeM)', B KOTOPOH CMOryr COC}'IUecTBoBaTb pa3Hbie BeJX11H
umount $JAILDIR/$IP/usr/ports/distfiles
FreeBSD-OIcPYJ.KeJiHH. I
1/
OC11lHal-l/I:.1BaeM
XAKEP 05 /1251 09
K HeJ,1Y n01lHolJ:eHHblH. MOHHTOpHlIf, HacrpoH.KH tvm pa3HbJX nlnOB aKKa}'H
~
131