Extreme security in web servers

4,897 views

Published on

A model for safe deployment of web servers, thinking of extreme security, performance and maintainability.

Published in: Technology, Design
0 Comments
10 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,897
On SlideShare
0
From Embeds
0
Number of Embeds
2,962
Actions
Shares
0
Downloads
0
Comments
0
Likes
10
Embeds 0
No embeds

No notes for slide

Extreme security in web servers

  1. 1. Extreme security in web serversDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 1
  2. 2. Creative Commons LicenseThe art of disguise - Anti-fingerprinting techniquesby Daniel García García a.k.a. cr0hn is licensed under a:Creative Commons Reconocimiento-NoComercial-SinObraDerivada 3.0 Unported License.Permissions beyond the scope of this license may be available at: dani@iniqua.com.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 2
  3. 3. Acknowledgments • Manuel Trujillo <TooManySecrets> • Francisco Jesus Gomez Rodriguez (@ffranz) • @capi_x <capi_x@haibane.org> • Maikel Mayán <@AloneInTheShell>Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 3
  4. 4. About what is this talk? 1. Infrastructure: virtualization vs physical. 2. Choosing OS base: FreeBSD. 3. Brief intro to configuration of FreeBSD. 4. Isolating process.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 4
  5. 5. 1 - Infrastructure: Virtualization vs physicalDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 5
  6. 6. 1 – Infrastructure: Virtualization vs physical a) Virtualization advantages. b) Virtualization’s solutions. c) Why use server virtualization system? d) Organizing the virtual machines: approaches.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 6
  7. 7. 1.a - Virtualization advantages • Less physical space. • Less energy costs. • More use of resources. • Scalability. • Simplicity of administration.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 7
  8. 8. 1.b - Virtualization solutionsDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 8
  9. 9. 1.c - Why use server virtualization system? • Scalability • Centralized storage system. • Hot cloning. • Hot migrating of machines. • Modular architecture. • Simplicity management.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 9
  10. 10. 1.c - Why use server virtualization system?Examples:• VMWare ESXi• Xen• Proxmox
  11. 11. 1.d - Organizing the virtual machines: approaches I. One machine for all.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 11
  12. 12. 1.d - Organizing the virtual machines: approaches II. Two machines: frontend and backend.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 12
  13. 13. 1.d - Organizing the virtual machines: approaches III. Multilevel:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 13
  14. 14. 2 – Choosing OS base:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 14
  15. 15. 2 – Choosing OS base: FreeBSD a) Why use FreeBSD? b) Who use FreeBSD?Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 15
  16. 16. 2.a – Why use FreeBSD? • Simplicity of kernel. • Simplicity of re-compile all system. • Build-in security features. • Isolating features, like jails. • Administration simplicity. • Can run Linux binariesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 16
  17. 17. 2.b – Who use FreeBSD? • JunOS • Citrix • Nokia’s firewalls • PlayStation 3 • Netflix • Netcraft • Some parts of Apple OS X • …Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 17
  18. 18. 3 – Configuration of systemDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 18
  19. 19. 3 – Configuration of system. a) Adjust system binaries. b) Configuration files. c) Kernel and “user-land”.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 19
  20. 20. 3.a – Adjust system binariesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 20
  21. 21. I. Install LLVM/clang Q: Why use LLVM/clang? A: Generate more optimized code than gcc. See a comparison: http://blog.buguroo.com/?tag=compilador-gcc-llvm-clang-benchmark&lang=enDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 21
  22. 22. II. Patch and reinstall OpenSSH Q: Why path openSSH? A: Patch to evade fingerprinting techniques. See how to path it in: http://www.slideshare.net/cr0hn/the-art-of-disguise-antifingerprinting-techniquesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 22
  23. 23. 3.b – Configuration files.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 23
  24. 24. I. /etc/src.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 24
  25. 25. II. /etc/auth.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 25
  26. 26. III. /etc/login.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 26
  27. 27. IV. /etc/sysctl.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 27
  28. 28. V. /etc/make.conf Difficult the of execution exploits Prevent hookingDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 28
  29. 29. VI. /etc/rc.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 29
  30. 30. 3.c – Kernel and “user-land”Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 30
  31. 31. I. Update system source • First, we need cvsup tool. • Configure our repository config file: • Update system source (also include kernel).Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 31
  32. 32. II. Configure kernel • Configuration file: • Adjust some basic parameters: Only if you don’t need fat/vfat support!Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 32
  33. 33. III. Compile the kernel Our kernel configuration file Enable LLVM static analyzerDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 33
  34. 34. IIII. The “user-land” Q: What’s “user-land”? A: The user-land is a way to naming all basic binaries and programs of system, like: syslog, common commands (sed, awk, sort…), gcc, clang… Q: How configure the “user-land”? A: You can customize what include the user-land with the file: “/etc/src.conf”Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 34
  35. 35. IIII. Recompile the user-land Delete old compiled objects Make erasable all files Enable static optimizations of LLVMDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 35
  36. 36. 4 – Isolating processesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 36
  37. 37. 4 – Isolating process a) Concept of jail. b) How to create basic a jail?. c) Maintainable jail system. d) Jail deploy: Approaches. e) How deploy a web site using jails.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 37
  38. 38. 4.a – Concept of jail Jail ≠ chroot Jail chroot rules Resources Network toolsDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 38
  39. 39. 4.a – Concept of jail. Jail: Operating system level virtualizationDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 39
  40. 40. 4.b – How to create a basic jail Hand to work!Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 40
  41. 41. I. – Compilation variables When can you use compilation variables? • When compiling a port. • When compiling the kernel. • When compiling the user-land.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 41
  42. 42. I. – Compilation variables • FORCE_PKG_REGISTER: Force reinstallation, if binary is already installed. • PORT_DBDIR: location of database that manager what’s binaries are installed. • PREFIX: destination of compiled binaries. • DESTDIR: makes a chroot to indicated path, and install binaries in it.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 42
  43. 43. II. – Create a jail 1. Creating root folder for our jail: 2. Copying common system binaries: 3. Copying system source code: Special command that copy files, permissions, 4. Installing port system into jail: hadlinks, softlinks, etc 5. Copying missing system configuration files:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 43
  44. 44. II. – Create a jail • Add to host /etc/rc.conf: To allow to jail to access to outside of jail network, each jail must have an alias and the same IP of alias. • Manually start jail system:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 44
  45. 45. II. – Create a jail • Add to jail /home/j/test_jail/etc/rc.conf: This line allow to the jail outside connectivityDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 45
  46. 46. III. – Installation of programs Installing nginx server into jail:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 46
  47. 47. 4.c – Maintainable Jail systemDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 47
  48. 48. 4.c – Maintainable Jail system I. Separating roles II. Block diagram III. Advantages IV. Real example: role separated web serverDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 48
  49. 49. I. – Separating roles Isolated systemShared base Shared Skeletons binaries programsDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 49
  50. 50. I. – Separating roles Q: What’s shared base binaries? A: The user-land binaries. All jails have this in common. Q: What’s Skeletons? A: Collection of configuration files tuned for an specific task. We have one skel for each role: webservers, database servers, php, java… Also mush be called templates Q: What’s shared programs? A: Any program you want to run: apache, mysql, etcDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 50
  51. 51. I. – Separating roles In other words… Shared base binaries Common commands: Resulting jail. E.g. -> ls, sed, awk, sort, an jailed apache uniq… web server. Custom config files: - /etc/rc.conf Shared programs: -/etc/make.conf Apache, mysql, -/etc/pf.conf php… -…. Shared programs SkeletonsDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 51
  52. 52. II. – Block diagramDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 52
  53. 53. III. – AdvantagesQ: Why is maintainable jail system?A: Because all binaries are shared between all virtual machines and jails in a shared storage.Q: Why use skel templates?A: Then you can deploy new jail only copying a template. i.e: copying skel of a web server.Q: How can I update the system and/or any binary?A: You only must update shared binaries folder and/or shared binaries folder. Updates will spread to all jails.
  54. 54. IV. – Role separated web server a) Create folders for each type of role b) Create shared base binaries container c) Create base skeleton d) Create shared web server e) Mount the jail f) Start the jailDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 54
  55. 55. a) Create folders for each type of role • Skeletons: • Shared base binaries: • Shared binaries: • Mounted jails: Working directory for a concrete jail.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 55
  56. 56. b) Create shared base binaries containerDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 56
  57. 57. c) Create base skeleton Move configuration and non-shared info to skelDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 57
  58. 58. c) Create base skeleton Copy missing configuration files Not necessary for a template Make relative links to essential directoriesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 58
  59. 59. c) Create base skeleton Copy hardened configuration files, following steps of point 3.b, at jail: • src.conf • auth.conf • login.conf • make.conf • sysctl.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 59
  60. 60. d) Create shared web server 1. Create directory for binary: 2. Install nginx, and all dependences, into folder:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 60
  61. 61. e) Mount the jail Concrete skeleton of web server • Create mounting folder for our web server: Common and shared binaries • Like a puzzle, join roles in /etc/fstab: • Add jail to /etc/rc.conf of host: Shared of web server binariesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 61
  62. 62. f) Start the jail And the end, we start the jail system typing: Or, if is already started…Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 62
  63. 63. 4.d – Jail deploys: ApproachesDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 63
  64. 64. 4.d – Jail deploys: Approaches a) Simple architecture I b) Simple architecture II c) Equilibrated architecture. d) Complex architecture.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 64
  65. 65. Deploy approaches Maintainability Security levela) Simple architecture IIb) Simple architecture IIc) Equilibrated architectured) Complex architecture: Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 65
  66. 66. a) Simple architecture IDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 66
  67. 67. a) Simple architecture I • One machine for all services. • Shared programs: nginx, php, MySQL, pureFTPd… • Separated type of storages: DB/web content. • Isolated communications between jails. • Isolated php runtime environment for each web site. • Shared web and ftp servers for all web sites.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 67
  68. 68. a) Simple architecture IIDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 68
  69. 69. a) Simple architecture II • One machine for all services. • Shared programs: nginx, php, MySQL, pureFTPd… • Separated type of storages: DB/web content. • Isolated communications between jails. • Isolated php runtime environment for each web site. • Shared ftp servers for all web sites. • Isolated web server for each web site. Like Simple architecture IDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 69
  70. 70. b) Equilibrated architectureDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 70
  71. 71. b) Equilibrated architecture • Separated backend and frontend in two virtual machines. • Shared programs in network storage: nginx, php, MySQL, pureFTPd… • Isolated communications between jails. • Isolated php runtime environment for each web site. • Shared ftp servers for all web sites.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 71
  72. 72. c) Complex architectureDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 72
  73. 73. c) Complex architecture • 3 level in 3 virtual machines: load balancer, business layer and backend. • Separated storage out ouf virtualization server. • Isolated communications between jails. • Isolated php runtime environment for each web site. • Isolated web server for each web site. • Shared ftp servers for all web sites.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 73
  74. 74. 4.d – Deploying a web site using jails Example: Deploy the WordPress Site www.mytestsite.comDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 74
  75. 75. 4.d – Deploy a web site using jails I. Select a deploy model II. Create system binaries III. Create binaries IV. Create user content info V. Create mounting folder VI. Configure PHP VII. Configure web server VIII. Create PHP for site IX. Create web server for site X. Create FTP server XI. Create web balancer XII. Create MySQL server XIII. Install WordPress XIV. Configure jail and enable jail.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 75
  76. 76. I. – Select deploy model This example follows mentioned model: Simple architecture IIDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 76
  77. 77. II. – Create system binaries System binaries folder. Shared for all jailsDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 77
  78. 78. III. – Create binaries • Install php Don’t forget compile it without CLI option! (for security) • Install mysql • Install nginx • Install ftpDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 78
  79. 79. IV. – Create user content info Directories that will contain site info. For future useDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 79
  80. 80. V. – Create mounting folder 1. Create mount point directory: 2. Create root directories:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 80
  81. 81. VI. – Configure php• Modifying: /php/mytestsite.com/conf/php-fpm.ini Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 81
  82. 82. VI. – Configure php• Modifying: /home/js/mytestsite.com-php/usr/local/etc/php-fpm.conf Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 82
  83. 83. VII. – Configure web server• Configuring: /home/j/mytestsite.com/usr/local/etc/nginx/nginx.conf Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 83
  84. 84. VIII. – Create PHP for site• Create base folder and copy skeleton (or profile) for web server• Create mount point for each site of isolated php server.• Create mount point web content.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 84
  85. 85. VIII. – Create PHP for site • Configuration of init script for web server jail: /home/j/mytestsite.com-php/etc/rc.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 85
  86. 86. IX. – Create web server for site• Create base folder and copy skeleton (or profile) for web server• Create mount point for each site of isolated web server.• Create mount point web content.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 86
  87. 87. IX. – Create web server for site • Configuration of init script for web server jail: /home/j/mytestsite.com-wserver/etc/rc.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 87
  88. 88. X. – Create FTP server• Create base folder and copy skeleton (or profile) for FTP server• Create mount point of FTP isolated server.• Create mount point for web content. Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 88
  89. 89. X. – Create FTP server • Configuration of init script for FTP server jail: /home/j/ftpserver/etc/rc.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 89
  90. 90. X. – Create FTP server• Configuring: /home/j/ftpserver/usr/local/etc/pure-ftpd.conf There is more configuration parameters, but this is the most important. Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 90
  91. 91. XI. – Create web balancer• Create base folder and copy skeleton (or profile) for web balancer:• Create mount point of web balancer isolated server.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 91
  92. 92. XI. – Create web balancer • Configuration of init script for web balancer jail: /home/j/webbalancer/etc/rc.confDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 92
  93. 93. XI. – Create web balancer• Configuring: /home/j/webbalancer/usr/local/etc/nginx/nginx.conf Redirect to web server of isolated web site. Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 93
  94. 94. XII. – Create MySQL server• Create base folder and copy skeleton (or profile) for mysql server:• Create mount point of mysql isolated server.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 94
  95. 95. XII. – Create MySQL server • Configuration of init script for web server jail: /home/j/mysql/etc/rc.conf Change listen address.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 95
  96. 96. XIII. – Install WordPress• Install WordPress from FreeBSD sources, into host system. This method allows us to easily install our own patches.• Copy sources to our site:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 96
  97. 97. XIII. – Install wordpress• Configure our WordPress installation defining location of MySQL. IP of our jail with MySQLDaniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 97
  98. 98. XIV. – Configure and enable de jail Configure /etc/fstab.Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 98
  99. 99. XIV. – Configure and enable de jail Configure /etc/fstab (cont).Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 99
  100. 100. XIV. – Configure and enable de jail Enable jail in the system /etc/rc.conf:Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 100
  101. 101. XIV. – Configure and enable de jail Enable jail in the system /etc/rc.conf (cont):Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 101
  102. 102. Questions?Daniel García García a.k.a cr0hn (@ggdaniel) http://es.linkedin.com/in/garciagarciadaniel 102

×