|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Closing information leaks in jails?
From: Pawel Malachowski (pawmal-posting
freebsd.lublin.pl)
Date: Fri Aug 19 2005 - 03:46:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Aug 18, 2005 at 10:44:42PM +0000, Nate Nielsen wrote:
> netstat works, but it limits itself to the jail pretty well. In
> particular 'netstat -r' and friends don't work. The normal 'netstat -a'
> only shows connections to the current jail. It does show the output from
> 'netstat -m' and those sort of things, but those say nothing over the
> network load of the current machine.
One can use bmon application in jail to graph network activity in real time,
for example:
% sysctl -a | grep jail
security.jail.set_hostname_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.sysvipc_allowed: 0
security.jail.getfsstatroot_only: 1
security.jail.allow_raw_sockets: 0
security.jail.chflags_allowed: 0
security.jail.jailed: 1
% id
uid=11226(pawmal) gid=10999(pawmal) groups=10999(pawmal)
% bmon
# Interface RX Rate RX # TX Rate TX #
....................................................................................
xxx (source: local)
0 fxp0 1.29KiB 23 32.51KiB 34
1 lo0 442.00B 2 442.00B 2
2 vlan3 660.00B 11 32.40KiB 27
3 vlan4 419.00B 5 0.00B 0
4 vlan6 0.00B 0 0.00B 0
5 vlan9 0.00B 0 0.00B 0
--
Paweł Małachowski
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]