Date: Fri, 19 Aug 2005 10:46:47 +0200 From: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl> To: freebsd-security@freebsd.org Subject: Re: Closing information leaks in jails? Message-ID: <20050819084647.GA53116@shellma.zin.lublin.pl> In-Reply-To: <20050818224438.2084D70DBC6@mail.npubs.com> References: <43049FB2.1030203@fsn.hu> <20050818224438.2084D70DBC6@mail.npubs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 18, 2005 at 10:44:42PM +0000, Nate Nielsen wrote: > netstat works, but it limits itself to the jail pretty well. In > particular 'netstat -r' and friends don't work. The normal 'netstat -a' > only shows connections to the current jail. It does show the output from > 'netstat -m' and those sort of things, but those say nothing over the > network load of the current machine. One can use bmon application in jail to graph network activity in real time, for example: % sysctl -a | grep jail security.jail.set_hostname_allowed: 0 security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.getfsstatroot_only: 1 security.jail.allow_raw_sockets: 0 security.jail.chflags_allowed: 0 security.jail.jailed: 1 % id uid=11226(pawmal) gid=10999(pawmal) groups=10999(pawmal) % bmon # Interface RX Rate RX # TX Rate TX # .................................................................................... xxx (source: local) 0 fxp0 1.29KiB 23 32.51KiB 34 1 lo0 442.00B 2 442.00B 2 2 vlan3 660.00B 11 32.40KiB 27 3 vlan4 419.00B 5 0.00B 0 4 vlan6 0.00B 0 0.00B 0 5 vlan9 0.00B 0 0.00B 0 -- Paweł Małachowski
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050819084647.GA53116>