Ah Bastille is not longer a service, apparently
This commit is contained in:
Moni Ghaoui
parent
97dca92181
commit
326c03005e
2 changed files with 9 additions and 38 deletions
|
|
@ -60,45 +60,12 @@ Then start it:
|
|||
service pf start
|
||||
```
|
||||
|
||||
The `bastille setup` will try to configure the wrong config file and complain. We need to fix the zfs stuff manually.
|
||||
|
||||
And change, assuming you created a zpool named `data`.
|
||||
|
||||
For example (WATCH OUT, BELOW COMMAND IS DANGEROUS):
|
||||
|
||||
```sh
|
||||
zpool create -f data /dev/ada0
|
||||
```
|
||||
|
||||
Change bastille.conf
|
||||
|
||||
```sh
|
||||
nvim /usr/local/etc/bastille/bastille.conf
|
||||
```
|
||||
|
||||
```
|
||||
bastille_zfs_enable="YES"
|
||||
bastille_zfs_zpool="data"
|
||||
```
|
||||
|
||||
And just in case, run the setup again:
|
||||
|
||||
```sh
|
||||
bastille setup zfs
|
||||
```
|
||||
|
||||
## Start
|
||||
|
||||
Ok, now start Bastille:
|
||||
|
||||
```sh
|
||||
service bastille restart
|
||||
```
|
||||
|
||||
Bootstrap:
|
||||
|
||||
```sh
|
||||
bastille bootstrap 14.2-RELEASE update
|
||||
bastille bootstrap 14.3-RELEASE update
|
||||
```
|
||||
|
||||
## Create a container
|
||||
|
|
@ -113,7 +80,7 @@ You don't want the loopback but your real card that connects to the internet. Th
|
|||
|
||||
```sh
|
||||
# Lenovo Thinkcentre
|
||||
bastille create alcatraz 14.2-RELEASE 192.168.1.201 em0
|
||||
bastille create alcatraz 14.3-RELEASE 192.168.1.201 em0
|
||||
```
|
||||
|
||||
If you want to have exlusive packages in the jail and not share the host packages, do this:
|
||||
|
|
@ -166,5 +133,5 @@ Now destroy it:
|
|||
|
||||
```sh
|
||||
bastille stop alcatraz
|
||||
bastille destroy force alcatraz
|
||||
bastille destroy --force --yes alcatraz
|
||||
```
|
||||
|
|
@ -21,7 +21,7 @@ pkg update
|
|||
Install my favorite packages
|
||||
|
||||
```sh
|
||||
pkg install -y bash doas tmux htop neovim git ncdu tailscale aria2
|
||||
pkg install -y bash doas tmux htop neovim git ncdu tailscale aria2 bastille
|
||||
```
|
||||
|
||||
For doas you need to copy the config file:
|
||||
|
|
@ -71,6 +71,8 @@ Change this setting:
|
|||
KbdInteractiveAuthentication no
|
||||
```
|
||||
|
||||
If you're going to nvim: `%s/^#KbdInteractiveAuthentication \w\+/KbdInteractiveAuthentication no/g`
|
||||
|
||||
That should be it. The config file should have these settings, including the commented lines shown as below:
|
||||
|
||||
```
|
||||
|
|
@ -90,6 +92,8 @@ service sshd reload
|
|||
|
||||
# PF
|
||||
|
||||
If you're going to use Bastille, the `pf.conf` is going to look different. Check out [Bastille](../FreeBSD/Bastille/Bastille.md).
|
||||
|
||||
Now we need to get the filewall going.
|
||||
|
||||
```sh
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue