vps:vps4th2nd_02
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
vps:vps4th2nd_02 [2019/06/16 15:40] hoge@hoge [インストール前設定] |
vps:vps4th2nd_02 [2019/06/23 10:41] (current) hoge@hoge [インストール前設定] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== jailer設定 ====== | ====== jailer設定 ====== | ||
| - | ===== FreeBSD 11.0-RELEASE amd64 導入 ===== | + | ===== FreeBSD 12.0-RELEASE amd64 導入 ===== |
| FreeBSD-12.0-RELEASE amd64 を[[https://help.sakura.ad.jp/hc/ja/articles/206207881-%E3%82%AB%E3%82%B9%E3%82%BF%E3%83%A0OS%E3%82%A4%E3%83%B3%E3%82%B9%E3%83%88%E3%83%BC%E3%83%AB%E3%82%AC%E3%82%A4%E3%83%89-FreeBSD-11-FreeBSD-12|カスタムOSインストールガイド - FreeBSD 11 / FreeBSD 12]]に従い、導入を行う。 | FreeBSD-12.0-RELEASE amd64 を[[https://help.sakura.ad.jp/hc/ja/articles/206207881-%E3%82%AB%E3%82%B9%E3%82%BF%E3%83%A0OS%E3%82%A4%E3%83%B3%E3%82%B9%E3%83%88%E3%83%BC%E3%83%AB%E3%82%AC%E3%82%A4%E3%83%89-FreeBSD-11-FreeBSD-12|カスタムOSインストールガイド - FreeBSD 11 / FreeBSD 12]]に従い、導入を行う。 | ||
| ==== インストール前設定 ==== | ==== インストール前設定 ==== | ||
| + | カスタムインストールで用意されている OS を選択するとネットワーク設定は自動で行われる。 | ||
| + | |||
| ^ 項目 ^^^^ 設定値 ^ | ^ 項目 ^^^^ 設定値 ^ | ||
| |Keymap Selection||||Continue with default keymap| | |Keymap Selection||||Continue with default keymap| | ||
| |Set Hostname||||ホスト名| | |Set Hostname||||ホスト名| | ||
| - | |Distribution Select||||[ ]base-dbg\\ [ ]kernel-dbg\\ [ ]lib32-dbg\\ [*]lib32\\ [ ]ports\\ [*]src\\ [ ]tests| | + | |Distribution Select||||[ ]base-dbg\\ [ ]kernel-dbg\\ [ ]lib32-dbg\\ [*]lib32\\ [ ]ports\\ [ ]src\\ [ ]tests| |
| |Mirror Selection||||近場を指定。| | |Mirror Selection||||近場を指定。| | ||
| |Partitioning||||Auto (UFS)| | |Partitioning||||Auto (UFS)| | ||
| |Partition||||Entire Disk| | |Partition||||Entire Disk| | ||
| - | |Partition Scheme||||BSD| | + | |Partition Scheme||||GPT| |
| |Partition Editor||||提示された内容で Finish -> Commit| | |Partition Editor||||提示された内容で Finish -> Commit| | ||
| Line 21: | Line 23: | ||
| |Time & Date|日付を確認後 <Set Date>| | |Time & Date|日付を確認後 <Set Date>| | ||
| |:::|時刻を確認後 <Set Time>| | |:::|時刻を確認後 <Set Time>| | ||
| - | |System Configuration|[*]local_unbound\\ [ ]sshd\\ [ ]moused\\ [*]ntpd\\ [ ]powered\\ [ ]dumpdev| | + | |System Configuration|[*]local_unbound\\ [ ]sshd\\ [ ]moused\\ [ ]ntpdata\\ [*]ntpd\\ [ ]powerd\\ [ ]dumpdev| |
| - | |System Hardening|[ ]Hide processes running as other users\\ [ ]Hide processes running as other groups\\ [ ]Disable reading kernel message buffer for unprivileged users\\ [ ]Disable process debugging facilities for unprivileged users\\ [ ]Randomize the PID of newly created processes\\ [ ]Insert stack guard page ahead of the growable segments\\ [*]Clean the /tmp filesystem on system startup\\ [*]Disable opening Syslogd network socket (disables remote logging)\\ [ ]Disable Sendmail service| | + | |System Hardening|[ ]0 hide_uids\\ [ ]1 hide_gids\\ [ ]2 hide_jail\\ [ ]3 read_msgbuf\\ [ ]4 proc_debug\\ [ ]5 dandom_pid\\ [*]6 clear_tmp\\ [*]7 disable_syslogd\\ [ ]8 disable_sendmail\\ [ ]9 secure_console\\ [ ]10 disable_ddtrace| |
| |Add User Accounts|No| | |Add User Accounts|No| | ||
| - | ===== unbound.conf 設定 ===== | ||
| - | 参照先DNSサーバが DNSSEC をサポートしていない場合((さくらは対応済み))、 /var/unbound/unbound.conf 内の auto-trust-anchor-file 行をコメントアウトする。 | ||
| - | <code> | ||
| - | # auto-trust-anchor-file: /var/unbound/root.key | ||
| - | </code> | ||
| - | |||
| - | 編集後、service を再起動し、drillで確認する。 | ||
| - | <code> | ||
| - | # service local_unbound restart | ||
| - | Stopping local_unbound. | ||
| - | Waiting for PIDS: 1119. | ||
| - | Starting local_unbound. | ||
| - | Waiting for nameserver to start... good | ||
| - | # | ||
| - | # drill www.hoge.org | ||
| - | ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 13790 | ||
| - | ;; flags: gr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 | ||
| - | ;; QUESTION SECTION: | ||
| - | ;; www.hoge.org. IN A | ||
| - | |||
| - | ;; ANSWER SECTION: | ||
| - | www.hoge.org. 1643 IN A xxx.xxx.xxx.xxx | ||
| - | <以下略> | ||
| - | </code> | ||
| ===== 最新化 ===== | ===== 最新化 ===== | ||
| Line 56: | Line 34: | ||
| # freebsd-update install | # freebsd-update install | ||
| </code> | </code> | ||
| - | |||
| - | ===== kernel編集 ===== | ||
| - | kernelを編集し、VIMAGE対応とする。\\ | ||
| - | /usr/src/sys/amd64/conf/GENERICをVPSとしてコピーして編集する。 | ||
| - | <code> | ||
| - | #ident GENERIC | ||
| - | ident VPS | ||
| - | |||
| - | options VIMAGE | ||
| - | |||
| - | #device fdc | ||
| - | </code> | ||
| - | * fdc\\ 目についたので無効化 | ||
| - | |||
| - | ===== world構築 ===== | ||
| - | [[http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html|ハンドブック]]に従い、worldとkernelの構築を行う。 | ||
| - | |||
| - | |||
| - | |||
| ===== ntp設定 ===== | ===== ntp設定 ===== | ||
| Line 80: | Line 39: | ||
| ntpd_enable="YES" | ntpd_enable="YES" | ||
| </code> | </code> | ||
| - | * [[http://support.sakura.ad.jp/manual/vps/ossetup.html|さくらのVPS > OSセットアップ情報]]を参考に/etc/ntp.confを編集する。<code> | + | * [[http://support.sakura.ad.jp/manual/vps/ossetup.html|さくらのVPS > OSセットアップ情報]]を参考に/etc/ntp.confを編集する。((用意されたカスタムOSの場合設定済み))<code> |
| restrict default limited kod nomodify notrap nopeer noquery | restrict default limited kod nomodify notrap nopeer noquery | ||
| server ntp1.sakura.ad.jp | server ntp1.sakura.ad.jp | ||
vps/vps4th2nd_02.1560667228.txt.gz · Last modified: 2019/06/16 15:40 by hoge@hoge
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
