From owner-freebsd-questions@freebsd.org Thu Jun 6 06:39:49 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4427015C798C for ; Thu, 6 Jun 2019 06:39:49 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (net-2-44-121-52.cust.vodafonedsl.it [2.44.121.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mailserver.netfence.it", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A3D9F87BBA for ; Thu, 6 Jun 2019 06:39:42 +0000 (UTC) (envelope-from ml@netfence.it) Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) (authenticated bits=0) by soth.netfence.it (8.15.2/8.15.2) with ESMTPSA id x566dU2u032410 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 6 Jun 2019 08:39:32 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu Subject: Re: to jail or not to jail To: freebsd-questions@freebsd.org, dave.mehler@gmail.com References: <20190603101917.GA76784@home.lan> From: Andrea Venturoli Message-ID: <4d1e0daa-90c6-1729-6ccd-b44200d87034@netfence.it> Date: Thu, 6 Jun 2019 08:39:30 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: A3D9F87BBA X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 2.44.121.52 as permitted sender) smtp.mailfrom=ml@netfence.it X-Spamd-Result: default: False [-4.07 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:2.44.121.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; TO_DN_NONE(0.00)[]; HAS_XAW(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[netfence.it]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mailserver.netfence.it]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.70)[-0.698,0]; IP_SCORE(-1.06)[ip: (-3.23), ipnet: 2.44.0.0/16(-1.61), asn: 30722(-0.52), country: IT(0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:30722, ipnet:2.44.0.0/16, country:IT]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jun 2019 06:39:49 -0000 On 6/6/19 6:41 AM, David Mehler wrote: > 2. I'm needing each jail to log to the host machine. I'm wanting to do > this because I've got fail2ban going on the host and want to ban > addresses that are hitting on the jails. In the jail: _ add syslogd_enable="NO" to /etc/rc.conf; _ service syslogd stop. In the host: _ add "-l /usr/jails/{myjail}/var/run/log" to syslogd_flags in /etc/rc.conf (or whatever if you use other files); _ service syslogd restart. Standard security considerations apply. bye av.