FreeBSD Networking

Since the release of FreeBSD 7.0 many things have been changed to allow PostGres to run better than any other database under FreeBSD. To take advantage of this, I'll show how to setup PostGreSQL in FreeBSD jails. Of course, the same method is used to install on your main system as well.

Finally, with the release of FreeBSD 7.0, here's the updated version of the usual jail tutorial tailored to FreeBSD 7.0. Enjoy!

For our 3rd part of the tutorial, we are going to cover one of the MAC policies. The first one is MAC BIBA. This policy controls the upward flow of information. In otherwords, it can restrict a subject (a user or process), from various abilities (We will explain this in more detail later).

As we continue on looking at the MAC modules, we will cover two more minor modules that will prove crucial to our learning of some of the more advanced modules that deal with policies. These two modules are mac_seeotheruids, and mac_partition. While they are very simple, they are still good modules to keep in mind for your final implementation.

This was also posted on Screaming Electron, so if you have questions or comments, please visit that post.

While I was planning to do a simple tutorial covering all types of MAC security, I decided that one tutorial for all would really depreciate the tutorial as a whole. Instead, I'll be doing a single tutorial on each feature, and later one to integrate them all together to better suit your needs. This was also posted on Screaming Electron, so if you have questions or comments, please visit that post.

The BSD Extended module helps us protect every aspect of the system's file system, and then some. We are able to set explicit permissions on what a user can do, see, and control. Not only that, we can set what uid/gid in a specific jail can do. Now that's secure! Of course, let us not get ahead of ourselves. First, we must get the feel of this, and a moderate understanding of how it works before we can really start using it.

It seems that almost every year I need to update this tutorial. Some things change, and some things don't. This version is being done on FreeBSD 6.1, 6.2, and now tested with 6.3. If you are using FreeBSD 5.x, feel free to look at my 5.x tutorial on Screaming Electron.



To start out, make sure you have your source tree installed for FreeBSD. If you do not have this, run /stand/sysinstall, go to Configure, Distributions, and then "src". After you have your system preped and ready for jails to be added, start planning out your virtual network.