Well, my FreeSBIE experiment was a qualified success. At first, I thought it was another heartbreak. I booted off the CD on two different machines, and in both cases, the X server came up just fine, but the mouse was frozen. So it was good to see the older, ATI All-in-Wonder card come up just fine, but it was still unfortunate that I couldn't get the mouse to work.
So I tried a few other things. I left the machine switched in while it booted, but that didn't seem to help. But then I accidently moved the mouse while the X server was starting up, and, voila, I had a working mouse! Even switching out and back didn't break it. And it even worked on the older machine too - whoopee!
So it looks like if I have the mouse send a message at some point during the boot phase, the FreeBSD mouse drivers recognize it just fine. I might play with it some more to see exactly what's up, and then I might retry the latest FreeBSD full CD-ROM and see what happens. Or maybe just try the installation option on the FreeSBIE one.
FreeSBIE - Free System Burned In Economy
Tuesday, December 14, 2004
Friday, December 10, 2004
FreeSBIE
I'm pretty sure I've mentioned this before, but here's a distro for FreeBSD that you just burn on a CD, boot from it, and then just run it without installing it. I've downloaded the latest version (1.1, based on FreeBSD 5.3), and I'm going to try it on my problem system to see if it works any better.
FreeSBIE - Free System Burned In Economy
FreeSBIE - Free System Burned In Economy
Speaking of Xandros
Here's a very complete review of the latest Xandros version:
Review: Xandros Desktop OS 3 Deluxe Edition
Review: Xandros Desktop OS 3 Deluxe Edition
FreeBSD Follies
Sorry things have been so quiet here on my FreeBSD blog. To be
honest, the reason is that I've sort of drifted away from FreeBSD a
little. My server is still running FreeBSD, but I ran into several
annoying problems when trying to installed the latest version on one
of my older machines and decided to try a Linux flavor instead.
The story is that I have an older machine (an 850mhz overclocked
Pentium) that I bought a real cheap big hard drive for, intending to
use it as a backup server for the other machines I have here in the
house. I was able to pick up a 120gb hard drive for a mere US$49
after rebates - hard to argue with that price! So I figured I would
install a Bacula server, and use it to back up all the other
machines. This machine does have an old 14gb tape drive on it too,
but for price, I could probably just by another hard drive!
So off I went, intending to install the latest FreeBSD, and maybe even
play with X11 (either Gnome or KDE) while I was at it. The video card
is an ATI All-in-wonder card, which, while old, should still be
supported by all flavors of X. It does have a funky UDMA 66 controller
(not even UDMA 100), which Windows has a problem with, but I was
hoping for the best with my new hard drive.
Unfortunately, after spending a few hours one evening, I just couldn't
get FreeBSD 5.3 to work correctly. It may have been bad timing, but
the version I was trying to install seemed to be halfway between
XFree86 and the X.org X server. Most of the docs, as well as nearly
all the hints I found on the web, talked about XFree86 and running a
bunch of utilities that just weren't there. And it didn't work "out
of the box", which is strange because all the flavors of Linux I've
tried on this hardware did. Half the time the X server hung, while
the other half the time it worked in a 640x480 mode or something. It
was very frustrating, as I couldn't find any docs on how to config the
thing, so I was tweaking files without even knowing if they were the
right files!
Even when I could get the X server running in some minimal fashion, I
kept running into that long time FreeBSD bugaboo, which is that the
FreeBSD mouse drivers and KVM (Keyboard/Video/Mouse) switches don't
get along at all. I use a fairly popular Belkin 4 system switch to
good effect, and no Windows or Linux I've ever run has given me a
problem. But I remember running into the "wonky mouse" problem when
installing my server, which I just ignore because it doesn't use X.
And I see that some things never change, as it was still there, and
people were still complaining about it on the mailing list, and the
developers were still saying it is a problem with all the KVM
switches, not their software. A very frustrating attitude!
And, like I said, no Linux or Windows installation has ever had a
problem. Basically, when you swap out of and the back to the machine,
the driver loses contact with the mouse and the cursor starts flying
all over the place. I think one explanation I read was that the
driver was trying to be smart and it turns out it is probably being
too smart.
But without some kind of hacks (like replugging in the mouse or using
a second mouse), FreeBSD with X is well nigh usesless to me. So I
gave up, and put the whole backup server project on hold.
Then I came across a fairly new Linux distro called href="http://www.xandros.com" title="Xandros home page">Xandros,
mentioned in an OSNews.com
review. Now, I'm a sucker for new OS distributions. Don't ask me why,
I just love burning a new CD and seeing what they look like. So I've
tried a few different Linux distros, and I use href="http://www.redhat.com" title="RedHat.com">RedHat in my job,
so I'm reasonably familiar with using them. There are lots of basic
similiarities between FreeBSD and Linux, although many of the admin
features are quite different.
So in a Linux distro, I'm really looking for ease of use, especially
when it comes to setting it up and administering the system. Doing
things like turning on and off servers, keeping it up to date, etc,
need to be real easy, as I don't have the time to delve into it like I
do with FreeBSD. And let me tell you, Xandros has this in
spades!
I guess the 2.x Open Circulation version is the first version
from Xandros that could be downloaded for free. It doesn't provide
all the functionality of even the Standard Edition (US$50), but
is still pretty solid (I don't really need faster than 4x burning
speed). You can see the href="http://www.xandros.com/products/desktop_matrix.html"
title="Xandros comparison matrix">comparison matrix here (they
just came out with version 3). The Xandros distro got some real high
marks from various reviewers, including the not always reliable Jerry
Pournelle in his href="http://www.ddj.com/documents/s=9339/ddj0410q/0410q.html?temp=1TZ0OO0Dcd"
title="Chaos Manor Xandros review">Chaos Manor (registration
required) DDJ article, so I decided to give it a whirl.
Like Pournelle mentions in his column, everything just worked out of
the box. KDE installed and worked, Samba installed and worked, the
mouse isn't wonky and all is good. I can see the other machines (both
Windows and my server running Samba) from this machine and
vice-versa. It looks nice and was real easy to update and install new
software. It took a little digging to figure out how to point the
"Xandros Networks" program (its updater and package manager) to
non-official sites, but once I did, I was able to grab Bacula and get
it running, albeit with a little pain, as I had to figure out the
dependencies myself. Ahh, for the ports functionality, sigh...
But I was very happy how well it worked out of the box and how little
work I had to do to get it running. Probably the easiest installation
of an OS I've had in ages, and that includes all flavors of
Windows. So I think I'm going to stick with Xandros for this machine
anyway. I will probably use this blog to log my work on it as well as
my FreeBSD machine.
honest, the reason is that I've sort of drifted away from FreeBSD a
little. My server is still running FreeBSD, but I ran into several
annoying problems when trying to installed the latest version on one
of my older machines and decided to try a Linux flavor instead.
The story is that I have an older machine (an 850mhz overclocked
Pentium) that I bought a real cheap big hard drive for, intending to
use it as a backup server for the other machines I have here in the
house. I was able to pick up a 120gb hard drive for a mere US$49
after rebates - hard to argue with that price! So I figured I would
install a Bacula server, and use it to back up all the other
machines. This machine does have an old 14gb tape drive on it too,
but for price, I could probably just by another hard drive!
So off I went, intending to install the latest FreeBSD, and maybe even
play with X11 (either Gnome or KDE) while I was at it. The video card
is an ATI All-in-wonder card, which, while old, should still be
supported by all flavors of X. It does have a funky UDMA 66 controller
(not even UDMA 100), which Windows has a problem with, but I was
hoping for the best with my new hard drive.
Unfortunately, after spending a few hours one evening, I just couldn't
get FreeBSD 5.3 to work correctly. It may have been bad timing, but
the version I was trying to install seemed to be halfway between
XFree86 and the X.org X server. Most of the docs, as well as nearly
all the hints I found on the web, talked about XFree86 and running a
bunch of utilities that just weren't there. And it didn't work "out
of the box", which is strange because all the flavors of Linux I've
tried on this hardware did. Half the time the X server hung, while
the other half the time it worked in a 640x480 mode or something. It
was very frustrating, as I couldn't find any docs on how to config the
thing, so I was tweaking files without even knowing if they were the
right files!
Even when I could get the X server running in some minimal fashion, I
kept running into that long time FreeBSD bugaboo, which is that the
FreeBSD mouse drivers and KVM (Keyboard/Video/Mouse) switches don't
get along at all. I use a fairly popular Belkin 4 system switch to
good effect, and no Windows or Linux I've ever run has given me a
problem. But I remember running into the "wonky mouse" problem when
installing my server, which I just ignore because it doesn't use X.
And I see that some things never change, as it was still there, and
people were still complaining about it on the mailing list, and the
developers were still saying it is a problem with all the KVM
switches, not their software. A very frustrating attitude!
And, like I said, no Linux or Windows installation has ever had a
problem. Basically, when you swap out of and the back to the machine,
the driver loses contact with the mouse and the cursor starts flying
all over the place. I think one explanation I read was that the
driver was trying to be smart and it turns out it is probably being
too smart.
But without some kind of hacks (like replugging in the mouse or using
a second mouse), FreeBSD with X is well nigh usesless to me. So I
gave up, and put the whole backup server project on hold.
Then I came across a fairly new Linux distro called href="http://www.xandros.com" title="Xandros home page">Xandros,
mentioned in an OSNews.com
review. Now, I'm a sucker for new OS distributions. Don't ask me why,
I just love burning a new CD and seeing what they look like. So I've
tried a few different Linux distros, and I use href="http://www.redhat.com" title="RedHat.com">RedHat in my job,
so I'm reasonably familiar with using them. There are lots of basic
similiarities between FreeBSD and Linux, although many of the admin
features are quite different.
So in a Linux distro, I'm really looking for ease of use, especially
when it comes to setting it up and administering the system. Doing
things like turning on and off servers, keeping it up to date, etc,
need to be real easy, as I don't have the time to delve into it like I
do with FreeBSD. And let me tell you, Xandros has this in
spades!
I guess the 2.x Open Circulation version is the first version
from Xandros that could be downloaded for free. It doesn't provide
all the functionality of even the Standard Edition (US$50), but
is still pretty solid (I don't really need faster than 4x burning
speed). You can see the href="http://www.xandros.com/products/desktop_matrix.html"
title="Xandros comparison matrix">comparison matrix here (they
just came out with version 3). The Xandros distro got some real high
marks from various reviewers, including the not always reliable Jerry
Pournelle in his href="http://www.ddj.com/documents/s=9339/ddj0410q/0410q.html?temp=1TZ0OO0Dcd"
title="Chaos Manor Xandros review">Chaos Manor (registration
required) DDJ article, so I decided to give it a whirl.
Like Pournelle mentions in his column, everything just worked out of
the box. KDE installed and worked, Samba installed and worked, the
mouse isn't wonky and all is good. I can see the other machines (both
Windows and my server running Samba) from this machine and
vice-versa. It looks nice and was real easy to update and install new
software. It took a little digging to figure out how to point the
"Xandros Networks" program (its updater and package manager) to
non-official sites, but once I did, I was able to grab Bacula and get
it running, albeit with a little pain, as I had to figure out the
dependencies myself. Ahh, for the ports functionality, sigh...
But I was very happy how well it worked out of the box and how little
work I had to do to get it running. Probably the easiest installation
of an OS I've had in ages, and that includes all flavors of
Windows. So I think I'm going to stick with Xandros for this machine
anyway. I will probably use this blog to log my work on it as well as
my FreeBSD machine.
Wednesday, December 8, 2004
Portupgrade help
Short web page on how to fix the problem where generating an INDEX in the ports tree (like via portsdb -u for instance), generates a core dump:
How to use FreeBSD ports effectively
How to use FreeBSD ports effectively
Monday, November 29, 2004
Good FreeBSD book on sale
An excellent FreeBSD book is on sale at the great online tech book merchant, BookPool. In fact, their entire line of O'Reilly books are 43% off!
In this particular case, it is Greg Lehey's Complete FreeBSD, 4th edition, which is a great book on installing and using FreeBSD, for both the beginner and the expert. Obligatory connection note - I'm actually mentioned as a reviewer of the manuscript and I made lots of comments on it, and thus I got my copy for free. But I really really liked the 3rd edition alot, which is why I volunteered to help out on the 4th. For a mere US$25, this is a great buy.
Bookpool: Complete FreeBSD, The
In this particular case, it is Greg Lehey's Complete FreeBSD, 4th edition, which is a great book on installing and using FreeBSD, for both the beginner and the expert. Obligatory connection note - I'm actually mentioned as a reviewer of the manuscript and I made lots of comments on it, and thus I got my copy for free. But I really really liked the 3rd edition alot, which is why I volunteered to help out on the 4th. For a mere US$25, this is a great buy.
Bookpool: Complete FreeBSD, The
Sunday, November 28, 2004
MySQL notes
Some notes for MySQL on FreeBSD. I'm going to have to upgrade from my 3.x to the 4.x Real Soon Now, as I'd really love to have the better searching that 4.x has.
MySQL Manual | 2.12.4.1 FreeBSD Notes
MySQL Manual | 2.12.4.1 FreeBSD Notes
Monday, November 15, 2004
Get out of Jail free
Jail is something I probably should look into a little more, especially because I do have some outside users who access my server. It creates a nicely segregated "machine" that keeps folks really really away from your important, secure places. Here's a nice description of how to use it.
JMC Research - Juan M. Casillas Web Site
JMC Research - Juan M. Casillas Web Site
Sunday, November 14, 2004
Long time
Long time no "see", eh? I've been real busy and my server has been real nice, so there hasn't been much to talk about. But now, that isn't true, sigh. Some how, my server got turned off (darn front buttons!) and when I turned it back and and rebooted, all hell broke loose.
The main thing was that apache wouldn't load. There was some kind of complaint about php not loading because of a missing library. I eventually got php working, so apache could load, but now I don't seem to have MySQL support.
Reading /usr/ports/UPGRADING, I see I need to make the extensions seperately. I think I may also have messed things up by installing PHP5, when I had PHP4 installed before. So now I'm trying to get PHP5-extensions installed. And it let me pick MCVE support (whatever that is), even though the port is marked as broken for PHP5. One step at a time, I guess.
The main thing was that apache wouldn't load. There was some kind of complaint about php not loading because of a missing library. I eventually got php working, so apache could load, but now I don't seem to have MySQL support.
Reading /usr/ports/UPGRADING, I see I need to make the extensions seperately. I think I may also have messed things up by installing PHP5, when I had PHP4 installed before. So now I'm trying to get PHP5-extensions installed. And it let me pick MCVE support (whatever that is), even though the port is marked as broken for PHP5. One step at a time, I guess.
Wednesday, September 22, 2004
BSD vs. Linux
A long discussion of the differences between the BSDen and the Linuxen. Very complete and relatively platform-neutral:
BSD For Linux Users :: Intro
BSD For Linux Users :: Intro
mtree
A real cool command that I had never heard of - mtree. The basic premise is that if you screw up the permissions and/or ownerships of some folder hierarchy, you can easily restore them. This command:
will restore the /usr partitition based upon the original distribution.
Another use is mentioned in the man page - to prevernt trojan horses. You can periodically save off new mtree databases, and then compare the tree against its current incarnation. If there are any checksum changes, it will complain.
I'm going to have to look into doing this. It seems like it could be a real butt-saver some times! Those recursive commands, that merrily skip down folder hierarchies, can be very dangerous, esp for someone like me. I know better, but I still do all my work on my server logged in as root - yikes! Looks like a prime candidate to add to one of the periodic lists.
mtree
# mtree -p /usr -U /etc/mtree/BSD.usr.dist
will restore the /usr partitition based upon the original distribution.
Another use is mentioned in the man page - to prevernt trojan horses. You can periodically save off new mtree databases, and then compare the tree against its current incarnation. If there are any checksum changes, it will complain.
I'm going to have to look into doing this. It seems like it could be a real butt-saver some times! Those recursive commands, that merrily skip down folder hierarchies, can be very dangerous, esp for someone like me. I know better, but I still do all my work on my server logged in as root - yikes! Looks like a prime candidate to add to one of the periodic lists.
mtree
Thursday, September 9, 2004
FreeBSD Migration Guide
There's a beta version of the FreeBSD Migration Guide - help for moving from 4.x to 5.x. Take a look and give some comments.
FreeBSD 5.3-BETA Migration Guide
FreeBSD 5.3-BETA Migration Guide
Friday, August 20, 2004
Yet another info tool - lsof
To go along with the other network info tools that I mentioned earlier comes word of lsof, which is a standard Linux tool for doing an ls on all open files. I do lots of work on RedHat and my boss told me about this one. Just another in the set of things you can run that will tell you what your system is up to.
Port description for sysutils/lsof
Here is a nice online man page for lsof:
lsof(8): list open files - Linux man page
Update: Here's a cool little quickstart guide for lsof. If you saw the man page, you would see it has almost as many options as ls itselt! This article has a bunch of questions seaching for answers using lsof: lsof quickstart
Port description for sysutils/lsof
Here is a nice online man page for lsof:
lsof(8): list open files - Linux man page
Update: Here's a cool little quickstart guide for lsof. If you saw the man page, you would see it has almost as many options as ls itselt! This article has a bunch of questions seaching for answers using lsof: lsof quickstart
Tuesday, August 17, 2004
Source code control ports
I've been using Perforce as a source code control system now for quite some time. It is a really easy to learn, easy to use, and well supported commercial, client/server SCCS. The main drawback is that it is quite expensive. Not a problem usually with my employer, as it pays back in no time, but too much for my personal projects.
So I'm always on the lookout for good a good SCCS, as even for the smallest project I need to use it these days. Once you get used to using a good SCCS (and no, I consider Microsoft's Visual Source Safe to be pretty bad), you're hooked and you wonder how you got along without it.
Anyway, here's a note on good looking open source contender to the CVS crown, Subversion.
Port description for devel/subversion
And here's another one I've seen mentioned, Gnu-Arch. It seems to be more along the lines of Perforce, in that it use a more general client/server approach:
Port description for devel/arch
So I'm always on the lookout for good a good SCCS, as even for the smallest project I need to use it these days. Once you get used to using a good SCCS (and no, I consider Microsoft's Visual Source Safe to be pretty bad), you're hooked and you wonder how you got along without it.
Anyway, here's a note on good looking open source contender to the CVS crown, Subversion.
Port description for devel/subversion
And here's another one I've seen mentioned, Gnu-Arch. It seems to be more along the lines of Perforce, in that it use a more general client/server approach:
Port description for devel/arch
Friday, August 13, 2004
More "sniffing" tools
The TaoSecurity post also led me to a few other programs having to do with network hacking and sniffing.
Port description for net-mgmt/driftnet : this one will poll for traffic and put together any images and movies that are sent along.- Port description for net-mgmt/bsd-airtools : this one includes wireless sniffing tools, esp. dstumbler, which tells you all about wireless networks around you.
- Port description for security/nmap : this is I've seen talk about on some Windows blogs, as WinXP SP2 breaks it, due to some draconian socket "security" limits it implements. It is a "network exploration" tool, that helps with security auditing.
iftop
So I'm reading TaoSecurity blog, and he's got a cool little entry about hooking into a hotel's wireless network. In the entry, he talks about iftop, which is a simple application that does for network traffic that top does for CPU usage.
So I install the port and run it, and of course now I'm freaking out. Probably a case of too much information, with too little knowledge, but there's all kinds of ports (446, 2460, 2490) that have some (a very little) traffic on them that I just don't know what they are doing. Perhaps just pings to see if there is anything interesting on my machine, but still, worrisome.
My weekend project - install a firewall!
Port description for net-mgmt/iftop
So I install the port and run it, and of course now I'm freaking out. Probably a case of too much information, with too little knowledge, but there's all kinds of ports (446, 2460, 2490) that have some (a very little) traffic on them that I just don't know what they are doing. Perhaps just pings to see if there is anything interesting on my machine, but still, worrisome.
My weekend project - install a firewall!
Port description for net-mgmt/iftop
Thursday, August 12, 2004
Comparing the BSDen
Long article talking about the 4 main branches of BSD : NetBSD, OpenBSD, Mac OS X and, of course, FreeBSD. It gives a quick history and talks a little about the plusses and minusses of each.
Differentiating Among BSD Distros
Differentiating Among BSD Distros
Friday, August 6, 2004
ipfilter sample config
'fbsd_user' posted the following ipfilter configuration guide to the freebsd-questions mailing list, so I thought I would save it here. Looks very complete and well commented.
Well lets start with the kernel. Both ipfw and ipfilter are
delivered in the sysinstall process as boot time loadable modules,
which means it is not necessary to put any kernel options statements
into the kernel and recompile to get it to function.
As part of ipfilter setup also configurating ipmon syslog logging.
The ipfilter rule set will allow lan and gateway pc's to do both
active and passive ftp out to the public internet.
***********************************************
In rc.conf add these statements.
gateway_enable="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES" # Start ip monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
***********************************************
In syslog.conf
*.notice;authpriv.none;local0.none;mail.crit /var/log/messages
local0.* /var/log/security
Note1: local0 is where ipfilter flags option s
(ie log to syslog) writes to.
Note2: added local0.none to messages so ipfilter log records
will not go to messages file also.
***********************************************
In newsyslog.conf
/var/log/security 600 10 100 * B
says auto rotate log when file fills 100 k disk space.
***********************************************
/etc/ipf.rules
#### Note1: ed0 is the interface name of the Nic card connected to the
public internet. Replace it with your interface name. ####
#### Note2: this rule set may allow functions out and in which you may
not have or want, just comment out those statements or delete them
from the file. ####
#### Note3. If you want to run an FTP server on your system that is
accessible from the public internet, you must add the following rules.
Only active mode remote FTP is allowed as passive mode needs all the
high value port numbers open and this is an major security risk.
# Allow out active FTP data channel
pass out quick on ed0 proto tcp from any to any port = 20 flags S keep state
# Allow in active FTP control channel
pass in quick on ed0 proto tcp from any to any port = 21 flags S keep state
############# End of note3 #################
#################################################################
# For testing only, Bypasses the rest of the rules or just in or out
#pass in log quick on ed0 all
#pass out log quick on ed0 all
#log out quick on ed0 all
#################################################################
#################################################################
# No restrictions on Inside Lan Interface for private network
# Replace dc0 with the nic interface name of your Lan
#################################################################
pass out quick on dc0 all
pass in quick on dc0 all
#################################################################
# No restrictions on Loopback Interface
#################################################################
pass in quick on lo0 all
pass out quick on lo0 all
#################################################################
# Interface facing Public internet (Outbound Section)
# Interrogate session start requests originating from behind the
# firewall on the private network
# or from this gateway server destine for the public internet.
#################################################################
# Allow out access to my ISP's Domain name server.
# x.x.x.x must be the IP address of your ISP's DNS.
# Dup these lines if your ISP has more than one DNS server
# Get the IP addresses from /etc/resolv.conf file
#pass out quick on ed0 proto tcp from any to x.x.x.x port = 53 flags S keep state
#pass out quick on ed0 proto udp from any to x.x.x.x port = 53 keep state
pass out log quick on ed0 proto udp from any to any port = 53 keep state
# Allow out access to my ISP's DHCP server for cable or DSL networks.
# This rule is not needed for 'user ppp' type connection to the
# public internet, so you can delete this whole group.
# Use the following rule and check log for IP address.
# Then put IP address in commented out rule & delete first rule
pass out quick on ed0 proto udp from any to any port = 67 keep state
#pass out quick on ed0 proto udp from any to x.x.x.x port = 67 keep state
# Allow out non-secure standard www function
pass out quick on ed0 proto tcp from any to any port = 80 flags S keep state
# Allow out secure www function https over TLS SSL
pass out quick on ed0 proto tcp from any to any port = 443 flags S keep state
# Allow out send & get email function
pass out quick on ed0 proto tcp from any to any port = 25 flags S keep state
pass out quick on ed0 proto tcp from any to any port = 110 flags S keep state
# Allow out Time
pass out quick on ed0 proto tcp from any to any port = 37 flags S keep state
# Allow out nntp news
pass out quick on ed0 proto tcp from any to any port = 119 flags S keep state
# Allow out gateway & LAN users non-secure passive & active modes FTP
# This function uses the IPNAT built in FTP proxy function coded in
# the nat rules file to make this single rule function correctly.
# If you want to use the pkg_add command to install application packages
# on your gateway system you need this rule.
pass out quick on ed0 proto tcp from any to any port = 21 flags S keep state
# Allow out secure FTP, Telnet, and SCP
# This function is using SSH (secure shell)
pass out quick on ed0 proto tcp from any to any port = 22 flags S keep state
# Allow out non-secure Telnet
pass out quick on ed0 proto tcp from any to any port = 23 flags S keep state
# Allow out FBSD CVSUP function
pass out quick on ed0 proto tcp from any to any port = 5999 flags S keep state
# Allow out all icmp to public Internet
pass out quick on ed0 proto icmp from any to any keep state
# Allow out all ident to public Internet
#block out quick on ed0 proto tcp from any to any port = 113
# Allow out whois for LAN PC to public Internet
pass out quick on ed0 proto tcp from any to any port = 43 flags S keep state
# block ports that show on log and are ok to stop logging
# Deny tcp port 81 - hosts2 name server. winme is doing this.
block out quick on ed0 proto tcp from any to any port = 81
# Block and log only the first occurrence of everything
# else that's trying to get out.
# This rule enforces the block all by default logic.
block out log first quick on ed0 all
#################################################################
# Interface facing Public internet (Inbound Section)
# Interrogate packets originating from the public internet
# destine for this gateway server or the private network.
#################################################################
# Block all inbound traffic from non-routable or reserved address spaces
block in quick on ed0 from 192.168.0.0/16 to any #RFC 1918 private IP
block in quick on ed0 from 172.16.0.0/12 to any #RFC 1918 private IP
block in quick on ed0 from 10.0.0.0/8 to any #RFC 1918 private IP
block in quick on ed0 from 127.0.0.0/8 to any #loopback
block in quick on ed0 from 0.0.0.0/8 to any #loopback
block in quick on ed0 from 169.254.0.0/16 to any #DHCP auto-config
block in quick on ed0 from 192.0.2.0/24 to any #reserved for doc's
block in quick on ed0 from 204.152.64.0/23 to any #Sun cluster interconnect
block in quick on ed0 from 224.0.0.0/3 to any #Class D & E multicast
##### Block a bunch of different nasty things. ############
# That I don't want to see in the log
# Block frags
block in quick on ed0 all with frags
# Block short tcp packets
block in quick on ed0 proto tcp all with short
# block source routed packets
block in quick on ed0 all with opt lsrr
block in quick on ed0 all with opt ssrr
# Block nmap OS fingerprint attempts
# Log first occurrence of these so I can get their IP address
block in log first quick on ed0 proto tcp from any to any flags FUP
# Block anything with special options
block in quick on ed0 all with ipopts
# Block public pings
block in quick on ed0 proto icmp all icmp-type 8
# Block ident
block in quick on ed0 proto tcp from any to any port = 113
# Block all Netbios service. 137=name, 138=datagram, 139=session
# Netbios is MS/Windows sharing services.
# Block MS/Windows hosts2 name server requests 81
block in log first quick on ed0 proto tcp/udp from any to any port = 137
block in log first quick on ed0 proto tcp/udp from any to any port = 138
block in log first quick on ed0 proto tcp/udp from any to any port = 139
block in log first quick on ed0 proto tcp/udp from any to any port = 81
# Allow traffic in from ISP's DHCP server. This rule must contain
# the IP address of your ISP's DHCP server as it's the only
# authorized source to send this packet type. Only necessary for
# cable or DSL configurations. This rule is not needed for
# 'user ppp' type connection to the public internet.
# This is the same IP address you captured and
# used in the outbound section.
pass in quick on ed0 proto udp from x.x.x.x to any port = 68 keep state
# Allow in standard www function because I have apache server
pass in quick on ed0 proto tcp from any to any port = 80 flags S keep state
# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID & PW are passed over public internet
# as clear text.
# Delete this sample group if you do not have telnet server enabled.
pass in quick on ed0 proto tcp from any to any port = 23 flags S keep state
# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
#pass in quick on ed0 proto tcp from any to any port = 22 flags S keep state
# Allow in email SMTP from public Internet if commercial user
pass in quick on ed0 proto tcp from any to any port = 25 flags S keep state
# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops an 'denial of service' attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on ed0 all
***********************************************
/etc/ipnat.rules
# Provide special NAT services for FTP from LAN users.
map ed0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp
# Provide special NAT services for FTP from gateway system.
map ed0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp
# Provide Normal NAT services for LAN users.
# NAT my private LAN ip address to what every my ISP address is
map ed0 10.0.10.0/29 -> 0/32
Note: 10.0.10.0/29 is the private ip address range you assigned to
your LAN. Ed0 is the nic interface name facing the public internet.
Thursday, August 5, 2004
How to turn off sendmail
It's not as easy as it used to be to turn off sendmail. Not too long ago, you merely had to add:
to your /etc/rc.conf and the sendmail daemon wouldn't start.
But sendmail added an option early in 2003:
Sendmail FAQ, Section 3
And this makes it a little more difficult. In addition, they made it easier to add a different MTA (Mail Transport Agent), like Postfix say. So now you have to follow the instructions in /usr/src/UPDATING:
sendmail_enable="no"
to your /etc/rc.conf and the sendmail daemon wouldn't start.
But sendmail added an option early in 2003:
Sendmail FAQ, Section 3
And this makes it a little more difficult. In addition, they made it easier to add a different MTA (Mail Transport Agent), like Postfix say. So now you have to follow the instructions in /usr/src/UPDATING:
"20020404:
New sendmail startup scripts have been installed to make it
easier to use alternative MTAs with FreeBSD. Setting the rc.conf
variable sendmail_enable to "NO" no longer prevents any sendmail
daemons from starting. Instead, either set sendmail_enable to
"NONE" or change mta_start_script to a script for starting
an alternative MTA. Setting mta_start_script to "" will
also prevent any MTA from being started at boot."
Thursday, July 22, 2004
FreeBSD living with Linux
Interesting mini-HOWTO on dual bootingFreeBSD and Linux. The best part is talking about how to share the swap partition. As an inveterate OS dilettante, this is some good stuff to me.
The Linux FreeBSD mini-HOWTO
The Linux FreeBSD mini-HOWTO
Monday, July 19, 2004
More on root passwords
We're on a root password roll!
You may get the following interesting "error" message if you do the "boot into single user to change root password" process:
Well, FreeBSD isn't kidding. Basically, it needs to "seed" the random number generator, and perhaps you just haven't done enough to do that. It can use a combination of what you type and the nearly perfectly random times between keys to jumpstart the random number generator. So you can do a few things before running passwd to change root's password:
You may get the following interesting "error" message if you do the "boot into single user to change root password" process:
entropy device blocking. Dance fandago on keyboard to unlock
Well, FreeBSD isn't kidding. Basically, it needs to "seed" the random number generator, and perhaps you just haven't done enough to do that. It can use a combination of what you type and the nearly perfectly random times between keys to jumpstart the random number generator. So you can do a few things before running passwd to change root's password:
- Just type away for a bit, randomly. You can even redirect it to /dev/null:
# cat >/dev/null
Just type stuff away, and when you're done, hit ctrl-d to stop the cat'ing to /dev/null. Then re-run passwd. - As Matthew Seaman pointed on on the -questions list, you can just run vipw and delete the stuff between the second and third ':', leaving a blank password. Then you can reboot normally, login to root immediately(!!) and run passwd. The generator will be nice and warmed up.
- I guess on FreeBSD 5.x, which I haven't tried to install yet, you can run:
# /etc/rc.d/preseedrandom
Which, in fact, preseeds the random number generator.
Asking for password in single user
If you boot into single user (by hitting space duing the boot process, while the bar is spinning, then typing:
), you are dropped into FreeBSD as root, with all its privileges. This might not be a Good Thing if the system console is in an unsafe spot. You can have FreeBSD ask for a password by editing the /etc/ttys file. Change this line:
to this:
Now you'll get asked for the root password before single user mode kicks in. Of course, I'm not sure if there is any sort of workaround now, if you forget your root password. The way to fix that in the past is to change it in single user mode (see this for my note on it). You might have to re-install if you forget it now!
ok boot -s
), you are dropped into FreeBSD as root, with all its privileges. This might not be a Good Thing if the system console is in an unsafe spot. You can have FreeBSD ask for a password by editing the /etc/ttys file. Change this line:
console none unknown off secure
to this:
console none unknown off insecure
Now you'll get asked for the root password before single user mode kicks in. Of course, I'm not sure if there is any sort of workaround now, if you forget your root password. The way to fix that in the past is to change it in single user mode (see this for my note on it). You might have to re-install if you forget it now!
Friday, July 16, 2004
Another installation link
This one from the invaluable FreeBSD Diary; it is his process of installing 5.2.1 on a laptop. I'm busily installing it on my "slow" machine, which I'm going to use as a backup server, so these notes should help.
The FreeBSD Diary -- Installing FreeBSD on an IBM ThinkPad T41
The FreeBSD Diary -- Installing FreeBSD on an IBM ThinkPad T41
Wednesday, July 14, 2004
Comment Spam
Okay, I finally had to do it. Not like my site is a magnet for comment spam, but enough of it happens every day that I need to take a little more pro-active approach. Luckily, there is a Movable Type plugin that "washes" comments, called MT-Blacklist. I think in MT 3.0 they have a setting to only allow comments by "registered" users, which might help. But until then, I'll use this. Please let me know if your comment get accidently rejected.
MT-Blacklist - A Movable Type Anti-spam Plugin
MT-Blacklist - A Movable Type Anti-spam Plugin
Tuesday, July 13, 2004
Net News
Well, as a new project, I've decided to try to set up a news server. Mind you, I'm not going to be doing a "real" one, where I go and get some of the 10,000+ newsgroups found on a "real" news server. I just want to set up a private news server on the TheWargamer.com web site I run on my server. Not a big deal, right?
Well, news servers are typical of the undocumented applications available for Unixen servers. The two popular free ones are:
I set up INN, flailed about a bit, help by random web sites like Elena's UNIX Page and INN 2.4 Documentation and INN for the Impatient, but it is a struggle to figure out what all the options mean. Alot of the talk is for heavy-iron servers, dealing with the multi-gigabyte newsfeeds of today's Usenet News. But I'm not doing that - I'll be serving up a few private newsgroups with very low traffic, and figuring out which parts of the documentation apply to my setup and my version of INN has been slow going.
The, for some reason, I decided to try the Diablo server. It seemed more "modern" somehow, and maybe even better documented. Well, it might be the former, but it certainly isn't the latter. As I wasn't very careful when I made the port, I now have two competing news servers installed. What a dummy:-)
All I can say is Thank Goodness for the FreeBSD ports system. It at least gets things installed an running with a minimal amount of pain. I probably could never have done it by hand! So this is an ongoing project and I'll try to keep notes and let you know how it goes.
Ports used:
Well, news servers are typical of the undocumented applications available for Unixen servers. The two popular free ones are:
I set up INN, flailed about a bit, help by random web sites like Elena's UNIX Page and INN 2.4 Documentation and INN for the Impatient, but it is a struggle to figure out what all the options mean. Alot of the talk is for heavy-iron servers, dealing with the multi-gigabyte newsfeeds of today's Usenet News. But I'm not doing that - I'll be serving up a few private newsgroups with very low traffic, and figuring out which parts of the documentation apply to my setup and my version of INN has been slow going.
The, for some reason, I decided to try the Diablo server. It seemed more "modern" somehow, and maybe even better documented. Well, it might be the former, but it certainly isn't the latter. As I wasn't very careful when I made the port, I now have two competing news servers installed. What a dummy:-)
All I can say is Thank Goodness for the FreeBSD ports system. It at least gets things installed an running with a minimal amount of pain. I probably could never have done it by hand! So this is an ongoing project and I'll try to keep notes and let you know how it goes.
Ports used:
Tuesday, June 29, 2004
DragonFly BSD
I earlier mentioned DragonFly BSD, and here's its home link. DragonFly BSD is a branch off of the very nice FreeBSD 4.x line, taking a slightly different direction than FreeBSD 5.x. Read the main page for more info, as I haven't checked it out too much.
The DragonFly BSD Project
I will, as is my wont, download the ISO for it and probably check it out. If you've played with it at all, please comment!
The DragonFly BSD Project
I will, as is my wont, download the ISO for it and probably check it out. If you've played with it at all, please comment!
Monday, June 28, 2004
OSNews.com
This is a cool site that talks about the latest efforts in a wide variety of OSes, including, of course FreeBSD. It's sort of a slashdot for OS geeks like myself. My problem is that I'm such a junkie for these things, that I find myself downloading ISOs like crazy! Heck, I even just recently downloaded a copy of FreeDOS! Like I need a new DOS prompt :-)
OSNews.com - Exploring the Future of Computing
OSNews.com - Exploring the Future of Computing
LiveBSD.com
An excellent looking site for downloading a complete BSD system. It includes ISOs that come with Desktop Apps (I'm downloading this as we speak), one with "Security" apps, as well as a DragonFlyBSD LiveCD.
LiveBSD.com - BSD Live CD's
I'm downloading the KDE version because I'm going to dabble in the graphical BSD world finally. My server just runs as a text machine, but I want to set up a backup server that will backup the various machines on my internal network, which run Linux (RedHat), Win2k, WinXP and, of course, FreeBSD. I'll be using the previously mentioned bacula to do this, but I figured I'd add even more fun by trying to install KDE with this one too.
LiveBSD.com - BSD Live CD's
I'm downloading the KDE version because I'm going to dabble in the graphical BSD world finally. My server just runs as a text machine, but I want to set up a backup server that will backup the various machines on my internal network, which run Linux (RedHat), Win2k, WinXP and, of course, FreeBSD. I'll be using the previously mentioned bacula to do this, but I figured I'd add even more fun by trying to install KDE with this one too.
Thursday, May 27, 2004
Welcome 4.10!
FreeBSD 4.10 has finally been announced. This is probably the last 4.x point release I guess. Soon we'll be making the big move to 5.x. I'll probably wait until the excitement has died down before making the move myself.
FreeBSD 4.10-RELEASE Announcement
FreeBSD 4.10-RELEASE Announcement
Monday, May 24, 2004
Graphical firewall builder
One of the complaints in the Distrowatch.com review of FreeBSD was the lack of a graphical front end to build the firewall configuration file for ipfilter. Well, complain no more, for here it is:
Port description for security/fwbuilder
Of course, I can't use it, because I don't run X on my server. But if/when I get around to building my other machine, the backup machine, I might play with it then.
Port description for security/fwbuilder
Of course, I can't use it, because I don't run X on my server. But if/when I get around to building my other machine, the backup machine, I might play with it then.
FreeBSD review on Distrowatch.com
A cool Linux site is Distrowatch.com. It lists all the gazillion different Linux distributions, and their current state, and how to get them. It's a pretty neat web site, and I sometimes surf over, download an interesting distro, try it out and move on. In fact, oddly enough, I am currently downloading one just recently mentioned on the web site - CRUX, which is a source distro, very much like FreeBSD!
It looks like they have added BSDen to their watch as well. And here is a very long article reviewing FreeBSD 5.x:
DistroWatch.com: FreeBSD review
It looks like they have added BSDen to their watch as well. And here is a very long article reviewing FreeBSD 5.x:
DistroWatch.com: FreeBSD review
Friday, May 14, 2004
portcheckout
What to do if you don't want to, or don't have, the entire ports tree and need to install a port? Well, portcheckout is one option. Using just the /usr/ports/INDEX file, it will dumpt to stdout the commands to be used to build the port. This way, you can just go get the parts needed, rather than the whole tree.
One note is that the man page isn't all that clear on exactly what is required. But the implication is that you need the INDEX file from the ports tree, and probably nothing else. Of course, in these days of 400gb hard drives, the ports tree is a miniscule disk hit!
FreeBSD Hypertext Man Pages: portcheckout
One note is that the man page isn't all that clear on exactly what is required. But the implication is that you need the INDEX file from the ports tree, and probably nothing else. Of course, in these days of 400gb hard drives, the ports tree is a miniscule disk hit!
FreeBSD Hypertext Man Pages: portcheckout
Forcing an update
The ports system can get quite confusing, and one of the tougher problems is getting something to update correctly. For instance, say you have v2.1 of something installed. But the latest is version 2.2 and you want to just skip to that version. But other ports depend on the 2.1, so you don't want to just pkg_deinstall (or you can't). The way to do it is to "force" the upgrade.
Most Unix commands have an option that says "I know better than you, so just let me do it already and stop complaining". For instance, the -f option for the rm command forces it to just work. A scary option, to be sure, but sometimes a necessary one.
The port utilities are no exception. Most of them have a -f option that just says "Do this and don't complain". pkg_delete has it, so it will delete the port even if there are other dependencies. And so does portupgrade. So the way to fix the above problem is:
This tells portupgrade to update with , and just do what I say, please. Read the voluminous man page here:
FreeBSD Hypertext Man Pages: portupgrade
Most Unix commands have an option that says "I know better than you, so just let me do it already and stop complaining". For instance, the -f option for the rm command forces it to just work. A scary option, to be sure, but sometimes a necessary one.
The port utilities are no exception. Most of them have a -f option that just says "Do this and don't complain". pkg_delete has it, so it will delete the port even if there are other dependencies. And so does portupgrade. So the way to fix the above problem is:
$ portupgrade -o-f
This tells portupgrade to update
FreeBSD Hypertext Man Pages: portupgrade
FreeBSD security
A good starting point for securing your FreeBSD machine is the Security chapter in the all-important FreeBSD Handbook:
Introduction
Introduction
Thursday, May 13, 2004
searching ports
Something I always forget how to do is to search the ports collection for a particular port. For instance, I couldn't remember which directory my ftp server port (in this case bftpd - see link at bottom) was in. A very simple command would have told me:
This searches the port collection for any ports that contain the search string. Simple!
bFTPD.org - FTP server for Linux, BSD/OS, FreeBSD, Solaris, DG-UX and Tru64 ]
$ cd /usr/ ports
$ make search name=bftpd
This searches the port collection for any ports that contain the search string. Simple!
bFTPD.org - FTP server for Linux, BSD/OS, FreeBSD, Solaris, DG-UX and Tru64 ]
Wednesday, May 12, 2004
IPFilter and PF resources
More info on setting up IPFilter. Someday I'll get my firewall up and running. I shouldn't keep putting it off, though, because when it is too late...
IPFilter and PF Resources of obfuscation.org
IPFilter and PF Resources of obfuscation.org
Tuesday, April 27, 2004
Logging
A couple of ways to see the messages from your system:
- The dmesg command. This will dump the messages you see at start up. You'll probably need to pipe it through less to see all of it:
$ dmesg | less - Check out the /var/log folder. Lots of interesting log files in there, including various dmesg.* ones.
- Edit /etc/syslog.conf and uncomment the line to create /var/log/console.log. This way you'll even get any automagically run fsck and such.
"dependency chaining"
Someone asked on freebsd-questions how to force
phpMyAdmin to use his installed MySQL 5 & Apache 2, rather than keep asking for MySQL 4 and Apache 1. A good question, I think.
The maintainer of the phpMyAdmin port, Matthew Seaman, spoke up with a very interesting solution:
I took a quick look at the Makefile in the /usr/ports/databases/phpMyAdmin directory and I don't see anything that would help you out in this. I'm going to ask around and see if there is a more general solution to the problem of a port desiring an earlier version of an already installed application - somewhere to look for a list or something.
phpMyAdmin to use his installed MySQL 5 & Apache 2, rather than keep asking for MySQL 4 and Apache 1. A good question, I think.
The maintainer of the phpMyAdmin port, Matthew Seaman, spoke up with a very interesting solution:
Actually, the versions of apache and mysql are controlled through the
dependency chain by the PHP port you install. The phpmyadmin port
just wants to see that PHP is installed.
Setting the following in /etc/make.conf will make your system default
to apache2 and mysql-5:
APACHE_PORT= www/apache2
WITH_APACHE2= yes
WANT_MYSQL_VER= 50
Cheers,
Matthew
I took a quick look at the Makefile in the /usr/ports/databases/phpMyAdmin directory and I don't see anything that would help you out in this. I'm going to ask around and see if there is a more general solution to the problem of a port desiring an earlier version of an already installed application - somewhere to look for a list or something.
Tuesday, April 20, 2004
OpenOffice HOW-TO
While my server doesn't run X, I'll be creating another machine as a FreeBSD "user" machine, and that one will be running X. And I'll probably want to install OpenOffice.org, the Sun-supported freeware MSOffice compatible suite. It's a beast to install from ports (ie., via source), so here's a suggestion from Jerry McAllister on the -questions mailing list:
They have already built packages for FreeBSD that install just nicely.
Go to http://projects.imp.ch/openoffice/
Pick the latest package that suits your situation
Download it to /usr/local and run pkg_add on the compressed file.
Then, to set it up, run /usr/local/OpenOffice1.1.0/program/soffice.
Note the OpenOffice1.1.0 will vary according to what version you
download and where you tell it to put the Openoffice files.
Put that directory in your path.
After that, soffice, swriter, etc will start what you want. It works
fine as helper utilities in your browser too.
////jerry
Thursday, April 15, 2004
Notes on the SCO "lawsuit"
Greg "groggy" Lemis' page on the SCO vs. the world lawsuits. It's a little outdated, but still a good overview of the scuffle:
SCO's lawsuit against IBM
SCO's lawsuit against IBM
Tuesday, April 13, 2004
How to copy files
A deceptively simple question was asked on freebsd-questions:
My first inclination is to merely use cp:
This will copy all the files from a (mounted) CDROM to a folder in your currently directory called 'cdrom'. The -R says to do it recursively, thus picking up all the subfolders (creating them in the destination folder as well), while the -p says to preserve the various attributes, like mod time and user id.
Actually, to be truly honest, I normally would have suggested cp -r /cdrom . as a command. But the -r (note lowercase) is an archaic, obsolete and "strongly discouraged" option, as it has even more trouble with non-standard files like links and other special files.
There are, however, a couple of problems with this. One is that I can never remember at what depth is the destination folder created - ie., does it create the cdrom folder, or will it copy all the files in cdrom in the current directory? There is a subtle but important difference between cp -R /cdrom . and cp -R /cdrom/* .. The latter starts in the /cdrom directory for the files, while the former will create the cdrom directory in the current directly and then start copying.
Another, perhaps more important problem has to do with links. Symbolic links are copied like files, which may mean they no longer make sense. Ie, if you had a symbolic link that pointed to ../../test/test.cpp, and didn't copy the test folder, then it wouldn't point to anything useful. And hard links are not copied as links at all, but rather are copied as separate files, which may or may not be what you want.
To get away from those problems, the man pages suggests tar(1), cpio(1) or pax(1). Here's how it was suggested by Matthew Seaman on how to do it via tar:
This tells tar to dump the current directory to stdout, and then cd to the destination directory and read the input from stdin. A cool example of using Unix building blocks, bringing them together via the wonders of stdin and stdout and pipes.
How do I copy all the files, including subdirectories, from a cdrom to an arbitrary direcory?
My first inclination is to merely use cp:
$ cp -Rp /cdrom .
This will copy all the files from a (mounted) CDROM to a folder in your currently directory called 'cdrom'. The -R says to do it recursively, thus picking up all the subfolders (creating them in the destination folder as well), while the -p says to preserve the various attributes, like mod time and user id.
Actually, to be truly honest, I normally would have suggested cp -r /cdrom . as a command. But the -r (note lowercase) is an archaic, obsolete and "strongly discouraged" option, as it has even more trouble with non-standard files like links and other special files.
There are, however, a couple of problems with this. One is that I can never remember at what depth is the destination folder created - ie., does it create the cdrom folder, or will it copy all the files in cdrom in the current directory? There is a subtle but important difference between cp -R /cdrom . and cp -R /cdrom/* .. The latter starts in the /cdrom directory for the files, while the former will create the cdrom directory in the current directly and then start copying.
Another, perhaps more important problem has to do with links. Symbolic links are copied like files, which may mean they no longer make sense. Ie, if you had a symbolic link that pointed to ../../test/test.cpp, and didn't copy the test folder, then it wouldn't point to anything useful. And hard links are not copied as links at all, but rather are copied as separate files, which may or may not be what you want.
To get away from those problems, the man pages suggests tar(1), cpio(1) or pax(1). Here's how it was suggested by Matthew Seaman on how to do it via tar:
% cd /cdrom
% mkdir /home/jerry/cdimage
% tar -cvf - . | ( cd /home/jerry/cdimage ; tar -xvpf - )
This tells tar to dump the current directory to stdout, and then cd to the destination directory and read the input from stdin. A cool example of using Unix building blocks, bringing them together via the wonders of stdin and stdout and pipes.
Sunday, April 11, 2004
FreeBSD fund raising
In an interesting idea, Poul-Henning Kamp has offered his services to the FreeBSD community, but "at a price, Ugarte" (a line from my favorite movie, Casablanca). . He's a software contractor in Germany who is offering his time for US$5500 per month and is looking for donations to pay for it. He has a particular set of goals and is a long-time contributor to the FreeBSD developer community (see the web page for complete details). I like the sound of it and am going to contribute my little bit.
Fundraising for FreeBSD development
Fundraising for FreeBSD development
Comprehensive Guide to FreeBSD
A book online for setting up FreeBSD. It is a little dated (I think it only goes up to 3.x!), but chapters 3, 4 and 5 look like good outlines for setting up a network and server with FreeBSD. The actual steps may differ but what you want to accomplish probably hasn't.
Comprehensive Guide to FreeBSD
Comprehensive Guide to FreeBSD
Defcon1
Nice help FreeBSD page, with plenty of information to digest:
D E F C O N 1 . O R G - FreeBSD the Power to Serve.
D E F C O N 1 . O R G - FreeBSD the Power to Serve.
Process information
A few interesting things I've learned about getting information on currently running processes:
- If you have the PROCFS mounted (which I think is normally the case), you can look in /proc. This contains a bunch of subdirectories corresponding to the PID of the currently running processes. Inside each of the directories is a bunch of files with pertinent information. I haven't yet begun to look closely at these, but I shall! Here's the Procfs manpage:
FreeBSD Hypertext Man Pages: procfs - The command to get kernel information, esp. about its currently running condition is vmstat:
FreeBSD Hypertext Man Pages: vmstat - The following port looks to be a nice utility for getting process info as well. Perhaps it even parses the above files?
Port description for sysutils/pmap
Friday, April 9, 2004
Cleaning the ports db
Cool article on how to answer the mysterious question from pkgdb -F, when it asks about replace a "stale dependency". I usually just let it go and do its work but this can sometimes really break things. This article explains a little about what is going on when it asks.
ONLamp.com: Cleaning Up Ports [Nov. 29, 2001]
ONLamp.com: Cleaning Up Ports [Nov. 29, 2001]
Archiving solution
I just got a new machine from my employer (and the payer for my nice fast SDSL connection - inSORS; we do high-end video conferencing software), so I'm changing the roles of the various machines I have. One is a overclocked (clear to 800mhz - woo hoo!) Pentium, that I bought a big, cheap hard drive for, thinking to turn it into a backup server. I was looking at some Windows solutions, but realized that FreeBSD would be a better idea. The Light Dawns over Marblehead, eh?
Anyway, I looked at Bacula, and it looks exactly like what I need. Most of the machines on my network (I have 6 machines here now!) are Windows machines, except for this server (FreeBSD natch) and a dual-booting machine that I use for gaming (WinXP) and Linux development (RedHat 7.4 - part of our video conferencing solution is a server that runs on Linux). So I needed flexible clients, and Bacula does that very well.
It looks like a very complete solution - which of course means some complexity as well. So I'm going to take it slow and give it a whirl. Another thing I'm going to do on the new FreeBSD machine is to install X Windows - like I need another admin headache!
Port description for sysutils/bacula
Here's a nice page from FreeBSDDiary.org on how to set up and run Bacula:
http://www.freebsddiary.org/bacula.php
Anyway, I looked at Bacula, and it looks exactly like what I need. Most of the machines on my network (I have 6 machines here now!) are Windows machines, except for this server (FreeBSD natch) and a dual-booting machine that I use for gaming (WinXP) and Linux development (RedHat 7.4 - part of our video conferencing solution is a server that runs on Linux). So I needed flexible clients, and Bacula does that very well.
It looks like a very complete solution - which of course means some complexity as well. So I'm going to take it slow and give it a whirl. Another thing I'm going to do on the new FreeBSD machine is to install X Windows - like I need another admin headache!
Port description for sysutils/bacula
Here's a nice page from FreeBSDDiary.org on how to set up and run Bacula:
http://www.freebsddiary.org/bacula.php
Wednesday, April 7, 2004
/stand not updated?
Someone asked on FreeBSD-Questions about his /stand folder not getting updated. Ceri Davis replied:
Ceri also mentions /usr/sbin/sysinstall. I'm going to have to look into this, as I've never seen mention of it before. Looking at my 4.9 /stand, I too see that the file dates go back over 2 years ago. Not that I often use stuff from in there, but I'm going to do a little digging to see what is going on here.
Also, on an unrelated note, sorry if you've been seeing SPAM via comments on my blog. I was out of town over the weekend and someone (or should I say something, as they are among the lowest life forms) posted a bunch of spam comments. I block the IP when I see it, but I didn't catch this one until there were 4 posts.
Correct. The scripts don't automatically do it. You can do it by hand
on RELENG_4 by making install in src/release/sysinstall and then linking
everything else in /stand to /stand/sysinstall.
Ceri also mentions /usr/sbin/sysinstall. I'm going to have to look into this, as I've never seen mention of it before. Looking at my 4.9 /stand, I too see that the file dates go back over 2 years ago. Not that I often use stuff from in there, but I'm going to do a little digging to see what is going on here.
Also, on an unrelated note, sorry if you've been seeing SPAM via comments on my blog. I was out of town over the weekend and someone (or should I say something, as they are among the lowest life forms) posted a bunch of spam comments. I block the IP when I see it, but I didn't catch this one until there were 4 posts.
Thursday, April 1, 2004
Allowing users to mount CDs
Excellent, if undocumented (as are many of them) sysctl.conf variable:
As Malcolm Kay mentions in his email to freebsd-questions:
It can be tough to find docs on sysctl variables. I have a short entry in my blog (here) that points to a text page that documents some of them, but not all, and not vfs.usermount. Looks like there is an attempt to document more of these variables :
RFC: Automated process for documenting tunables/variables.
Let's hope it gets going! It is for exactly this sort of mysterious command/variable/setting that I started this blog. I'd never remember these things, so I just jot them down in my blog, and I can search later for them.
# sysctl vfs.usermount=1
As Malcolm Kay mentions in his email to freebsd-questions:
allows users to mount and then unmount drives provided other things
are in order. You can make this happen during the normal boot by addingvfs.usermount=1
to /etc/ sysctl.conf
It can be tough to find docs on sysctl variables. I have a short entry in my blog (here) that points to a text page that documents some of them, but not all, and not vfs.usermount. Looks like there is an attempt to document more of these variables :
RFC: Automated process for documenting tunables/variables.
Let's hope it gets going! It is for exactly this sort of mysterious command/variable/setting that I started this blog. I'd never remember these things, so I just jot them down in my blog, and I can search later for them.
DaemonNews.org
Cool site that gives you lots of coverage of all the news that is fit to print in the *BSD world. Wish it had an RSS feed, though - I'm addicted to RSS! It is second only to newsreaders as far as ease of getting information. Don't forget, Daemon Dancing has an RSS feed, thanks to the wonderful Movable Type package.
Daemon News
Daemon News
Keeping up with freebsd-questions
As you may know, the freebsd-questions mailing list is a veritable flood of information. It has an amazingly good "signal to noise" ratio; by that I mean there isn't much off-topic chatter, and most questions are answered in an accurate and timely fashion. However, it is a flood - several hundred posts a day, usually.
I don't like getting mailing lists in digest format. It is too hard to follow individual threads and too hard to form replies, etc. I don't like any web-based bulletin board system yet. Some are barely usable, but most are just too painful to work with. My favorite way to get information remains good old fashioned newsgroups. There are excellent newsreaders out there, that let you do things like ignore threads and obnoxious posters, watch particular threads, etc. I use the newsreader that comes with Mozilla, because I find that the way I use newsreaders and emailers is so much the same, I don't want to use two separate programs to do it. Another good one is the gnus package in Emacs, my favorite editor. But I've never quite gotten comfortable with it, so I've stuck with Netscape/Mozilla.
Anyway, I was glad to come across Gmane.org. It provides a mail <-> newsreader gateway, so you can read mailing lists via your newsreader. It makes keeping up with the heavy volume of the freebsd-questions list much easier. Check it out for lots of other, mostly technical, mailing lists too.
Gmane -- Mail To News And Back Again
I don't like getting mailing lists in digest format. It is too hard to follow individual threads and too hard to form replies, etc. I don't like any web-based bulletin board system yet. Some are barely usable, but most are just too painful to work with. My favorite way to get information remains good old fashioned newsgroups. There are excellent newsreaders out there, that let you do things like ignore threads and obnoxious posters, watch particular threads, etc. I use the newsreader that comes with Mozilla, because I find that the way I use newsreaders and emailers is so much the same, I don't want to use two separate programs to do it. Another good one is the gnus package in Emacs, my favorite editor. But I've never quite gotten comfortable with it, so I've stuck with Netscape/Mozilla.
Anyway, I was glad to come across Gmane.org. It provides a mail <-> newsreader gateway, so you can read mailing lists via your newsreader. It makes keeping up with the heavy volume of the freebsd-questions list much easier. Check it out for lots of other, mostly technical, mailing lists too.
Gmane -- Mail To News And Back Again
How to mount a floppy
If you want help on how to mount a removable disk, this is the spot to start - the entry in the FreeBSD FAQ :
Disks, Filesystems, and Boot Loaders : I have a new removable drive, how do I use it?
Disks, Filesystems, and Boot Loaders : I have a new removable drive, how do I use it?
Monday, March 22, 2004
Make X work
While I don't run an X server on my server machine (just text mode stuff there), I will be getting a new machine in the near future, and, in the trickle down theory of machines, I think I'll have a slower (800mhz!) machine to play around with FreeBSD 5, and on that I will install X. I've done it a few times, on various Unixen, and it is a process fraught with peril. This is especially true if you are using some cutting edge video card. Trailing edge ones are your best bet.
Anyway, here's an article that supplements the FreeBSD manual entry: The X Window System:
ONLamp.com: Building an X Server and a Window Manager [Jun. 21, 2000]
A little known fact - I was a developer on the original X Window system, way back in the days of MIT's Project Athena, where it all began. Actually, I wasn't an official developer, but I was one of the very first users of X Window System, as I worked as a teacher liason with Project Athena, and one of its centerpieces was X. I wrote a bridge game (unimaginatively called 'xbridge') that for years was on the X distribution tape. That was a looong time ago.....
Anyway, here's an article that supplements the FreeBSD manual entry: The X Window System:
ONLamp.com: Building an X Server and a Window Manager [Jun. 21, 2000]
A little known fact - I was a developer on the original X Window system, way back in the days of MIT's Project Athena, where it all began. Actually, I wasn't an official developer, but I was one of the very first users of X Window System, as I worked as a teacher liason with Project Athena, and one of its centerpieces was X. I wrote a bridge game (unimaginatively called 'xbridge') that for years was on the X distribution tape. That was a looong time ago.....
How To Ask Questions The Smart Way
Interesting article on how to intelligently ask questions in a public forum, like freebsd-questions. Fairly aggressive, but they are right, you know:-)
How To Ask Questions The Smart Way
How To Ask Questions The Smart Way
Thursday, March 18, 2004
Ports makefile
I've talked before about makefiles and ports (see here), but I just found out about Yet Another Makefile used by the port system: /usr/ports/Mk/bsd.port.mk. This one lists an amazing number of options that can and will be used by building stuff in the ports folders. It is of especial interest to port maintainers, but has some options that can also be useful for us mere mortals.
One of the more interesting options are the BATCH and INTERACTIVE ones. They are only docuemented (in 4.9, anyway) indirectly, under the IS_INTERACTIVE comment in /usr/ports/Mk/bsd.port.mk, which I find more than a little odd for something so useful. If you set the BATCH environment variable (or, I assume, define it on the make command line thusly:
), it will not try to make any port that asks for interactive input. This is especially useful if you are doing a massive portupgrade and want to go away for a bit. Define BATCH in your environment (BATCH=1; export BATCH in bash) and it won't try to build interactive ones, like PHP, which has tripped me up a few times.
INTERACTIVE is the opposite of BATCH. Define this, and only ports marked as INTERACTIVE will build. So you can do the BATCH portupgrade first, then come back and do the INTERACTIVE ones while you are there coaxing it along.
One of the more interesting options are the BATCH and INTERACTIVE ones. They are only docuemented (in 4.9, anyway) indirectly, under the IS_INTERACTIVE comment in /usr/ports/Mk/bsd.port.mk, which I find more than a little odd for something so useful. If you set the BATCH environment variable (or, I assume, define it on the make command line thusly:
$ make -dBATCH
), it will not try to make any port that asks for interactive input. This is especially useful if you are doing a massive portupgrade and want to go away for a bit. Define BATCH in your environment (BATCH=1; export BATCH in bash) and it won't try to build interactive ones, like PHP, which has tripped me up a few times.
INTERACTIVE is the opposite of BATCH. Define this, and only ports marked as INTERACTIVE will build. So you can do the BATCH portupgrade first, then come back and do the INTERACTIVE ones while you are there coaxing it along.
Tuesday, March 16, 2004
The 'wc' command
No, the 'wc' command doesn't "flush" anything :-). Someone asked on the freebsd-questions list "How do I count the number of files beginning with 'db' in my current directory?". And the key command is 'wc'. It's a nice, simple little command
that does one thing and one thing well - it counts "words". If you don't
give it any flags, it tells you the number of lines, words, and bytes. Using
-l will count the number of lines. So you pipe the output of a command to
it and it will count stuff for you. Thus:
will give you a single number telling you the number of lines in its input;
in this case, the input is the output of 'ls db*', which is a simple listing
of all the files in the current directory beginning with 'db'. Thus, you
get a count of the number of files in the directory that begin with db.
A very typical Un*x way of doing things - string together building block
commands to get your output. Flexbile if arcane.
FreeBSD Hypertext Man Pages: wc
that does one thing and one thing well - it counts "words". If you don't
give it any flags, it tells you the number of lines, words, and bytes. Using
-l will count the number of lines. So you pipe the output of a command to
it and it will count stuff for you. Thus:
$ ls db* |wc -l
will give you a single number telling you the number of lines in its input;
in this case, the input is the output of 'ls db*', which is a simple listing
of all the files in the current directory beginning with 'db'. Thus, you
get a count of the number of files in the directory that begin with db.
A very typical Un*x way of doing things - string together building block
commands to get your output. Flexbile if arcane.
FreeBSD Hypertext Man Pages: wc
Friday, March 12, 2004
ch c/c++ interpreter
A cool looking utility that just may end up in the ports collection, as they are finishing up a FreeBSD version:
Ch -- an embeddable C/C++ interpreter
Ch -- an embeddable C/C++ interpreter
portupgrade options
When using portupgrade, it can be nice to capture the output it generates, especially if it is a many port upgrade. There's a couple of solutions to this problem:
- Use commands that grab the output and save it for you. tee and script are ones that immediately come to mind. Script is recommended in several books on FreeBSD, esp. when rebuilding the kernel, which can generate a lot of messages. I tend to do these things inside an emacs command shell, so I "automatically" get logging.
- portupgrade itself has a very handy option : -l filename. This will log the output to the file. The -L option gives you control over the name of the log file.
Tuesday, March 9, 2004
PHPAccess
Interesting looking PHP utility for controlling access to your web folders. It looks easier to use and more robust than .htaccess.
PHPAccess: htAccess via PHP - The WWW Security Admin Tool with easy-to-use GUI
PHPAccess: htAccess via PHP - The WWW Security Admin Tool with easy-to-use GUI
DBDesigner
While not strictly a FreeBSD utility, this looks like an excellent "free" database designer, esp. for MySQL databases. It has a Linux KDE/Gnome version, which may just run under FreeBSD's excellent Linux emulation. Let me know if it does!
fabFORCE.net's DBDesigner
fabFORCE.net's DBDesigner
'id' command
I have often used the 'whoami' command to figure out who I am currently logged in as, if I somehow forget. However, if you need even more info than just who you are currently, you can use the id command. It gives you all sorts of info on your current login id, including groups and aliases. Nice.
FreeBSD Hypertext Man Pages: id
FreeBSD Hypertext Man Pages: id
Display keyboard layout (in X)
I don't use X on my server, but I thought I'd point out this nice command that 'epi' posted to the -questions list for displaying a visual map of your keyboard:
I still need to work on my keyboard map for my console though - I miss not having a meta key in emacs. But I've never gotten one that has all the "right" keys for me, so I stick with the default until I have the time to work on it.
xkbprint -color -nkg 2 -lg 1 :0 - | gv -seascape -scale 4 -
I still need to work on my keyboard map for my console though - I miss not having a meta key in emacs. But I've never gotten one that has all the "right" keys for me, so I stick with the default until I have the time to work on it.
Friday, March 5, 2004
cron mail
Whenever you run a command in your crontab, if there is any output, it will send you an email. This is sometimes a good thing, but sometimes not, depending on how often the job runs and what kind of output it generates.
If you just want to get rid of "normal" output, and only have it email you if there is error output, you can redirect stdout to /dev/null, like thus:
This sends normal output to the bit bucket, but anything the command puts out the stderr (the error output) will get emailed you.
If you want to ignore all output, error and normal, you can "tie" the error output to go to the same place the normal output goes, like thus:
Now you won't get any email.
Another option for turning off email is to set the MAILTO variable to NULL. See the manpage for more discussion on this option.
If you just want to get rid of "normal" output, and only have it email you if there is error output, you can redirect stdout to /dev/null, like thus:
5 * * * * yourcommandhere >/dev/null
This sends normal output to the bit bucket, but anything the command puts out the stderr (the error output) will get emailed you.
If you want to ignore all output, error and normal, you can "tie" the error output to go to the same place the normal output goes, like thus:
5 * * * * yourcommandhere >/dev/null 2>&1
Now you won't get any email.
Another option for turning off email is to set the MAILTO variable to NULL. See the manpage for more discussion on this option.
Thursday, March 4, 2004
Quickpatch
Excellent looking utility for keeping up with the Jones' ... err ... I mean the security updates and patches for FreeBSD. A perl script that will read the security bulletins and tell you (or even do) everything you need to know. I've always been a little lax at keeping up with these things, but I should be much more vigilant. Maybe this will help?
Quick Patch for FreeBSD / Roq.com
Quick Patch for FreeBSD / Roq.com
Fix port collection
Okay, I'm doing it.
Lots of other FreeBSD admins are doing it.
Why aren't you?-)
What is it we're doing? We're upgrading portupgrade, and ruby, that's what! We're doing this by carefully reading /usr/ports/UPGRADING and following its instructions.
Lots of other FreeBSD admins are doing it.
Why aren't you?-)
What is it we're doing? We're upgrading portupgrade, and ruby, that's what! We're doing this by carefully reading /usr/ports/UPGRADING and following its instructions.
Sample ipfilter rules file
Sometimes, it helps to see an example. And when it comes to firewall rules files, that is doubly true. Here's Shaun Erickson's ipfilter rules file:
IP Filter rules
IP Filter rules
trafshow
A utility that displays in some graphical way (on a text screen anyway) the current traffic on an interface card. I'm going to give this a try, as apachetop just crashes on me.
Port description for net/trafshow
Port description for net/trafshow
Rotate Apache logs
Yes, I've written a little about syslogd and the associated newsyslog previously, but here's a nice concrete example on how to use it. The gist of it all is that you just add the following line to your /etc/newsyslog.conf file:
Or at least one very much like it. Read more here:
The FreeBSD Diary -- Apache - rotating log files
In fact, I'm going to head off and add this right now!
/var/log/httpd-access_log 644 7 100 24 B /var/run/httpd.pid 30
Or at least one very much like it. Read more here:
The FreeBSD Diary -- Apache - rotating log files
In fact, I'm going to head off and add this right now!
FreeBSD iso Snapshots
This is a site that maintains updated FreeBSD ISO files. These are the files that you can burn directly onto a CD, thus giving you a bootable CD to install from, using the latest version. On FreeBSD.org, I think only the official RELEASE versions are kept.
FreeBSD SNAPSHOTs
FreeBSD SNAPSHOTs
Tuesday, March 2, 2004
memtest
A cool looking utility to test your memory chips. Make a simple boot disk and run this (free) utility to make sure your memory chips are working. This is an important thing to do when your computer starts acting "weird" - boots, freezes and other strange happenings. In FreeBSD, this often manifests itself when you get an "Error 1" when doing a make world. I have no idea why this is true, but it is in the FAQ!
Memtest86 - Memory Diagnostic Page
Memtest86 - Memory Diagnostic Page
Monday, March 1, 2004
New ports file
There's a new file that will be coming to /usr/ports near you soon. It is UPDATING, and is a collection of notes to be perused after you've updated your ports collection (probably via cvsup). The first entry will be on the portupgrade/ruby mess, which will show you the steps you need to do to upgrade portupgrade & ruby (basically, delete each of them and then add them back).
sudo
It's not really anything I need, as I'm the only real user for my server, but sudo looks like an important port for those running FreeBSD boxes that want to selectively give others permission to run utilities that are normally reserved for the root user. If you run into this, and don't want to give a user the root password (almost certainly not!) or even make them a member of the very special "wheel" group (which allows them to su as root), you might look into installing this port.
Port description for security/sudo
Port description for security/sudo
Jabber
An interesting looking IM (Instant Messaging) and more application called Jabber: Open Instant Messaging and a Whole Lot More, Powered by XMPP. I might install this on my machine and give it a whirl.
Port description for net/jabber
Port description for net/jabber
Kernal Config notes
As was just pointed on on the freebsd-questions list, in FreeBSD 5.x, the LINT configuration file found in /usr/src/sys/(arch)/conf file no longer contains comments on all the options. As you may recall, the LINT file contains all the options you can put into your own custom kernal configuration file. It is not a buildable configuration file, though, just a complete list.
In earlier versions of FreeBSD, it also contained short comments that documented the options. However, in 5.x, there is now a separate file that does this. It is called NOTES. I'm not sure why they did these, except that it is probably easier to document something when not forced to use makefile style comments.
In earlier versions of FreeBSD, it also contained short comments that documented the options. However, in 5.x, there is now a separate file that does this. It is called NOTES. I'm not sure why they did these, except that it is probably easier to document something when not forced to use makefile style comments.
Thursday, February 26, 2004
ipfw HOW-TO links
Nice list of links on using ipfw, as posted to the freebsd-questions list by "W.D.". Mind you, I haven't checked them, just thought I'd pass it along and archive it. And no, I haven't done my firewall yet....
- http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
- http://lists.freebsd.org/pipermail/freebsd-ipfw/
- http://marc.theaimsgroup.com/?l=freebsd-ipfw&r=1&w=2
- http://marc.theaimsgroup.com/?l=freebsd-ipfw&w=2&r=1&s=newbie&q=b
- http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html
- http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html
- http://freebsd.hanirc.org/holyboard/holyboard.cgi?db=ipfw
- http://www.Google.com/search?q=%22ipfw_rules%22+Richard+Caley
- http://www.Google.com/search?q=ipfw+firewall+rules
- http://www.Google.com/search?q=%22ipfw_rules%22
- http://www.Google.com/search?q=ipfw+firewall+rules+primer
- http://dva.dyndns.org/faq.html
freebsd-update port
An interesting looking client that will do a binary update of your FreeBSD machine, ala Windows Update.
Port description for security/freebsd-update
Port description for security/freebsd-update
Setting keyboard & font
One thing I've been trying to get "just so" has been my terminal setup. I don't use X, as my FreeBSD machine is basically a server, and I'm perfectly comfortable using Emacs and a command line. But I've been trying to get the font, video screen and keyboard mapping to work for me, and I still don't have it 100% my way.
I currently have the following in my rc.conf:
This sets my fonts to be the 'swiss' fonts, and screen to be in 80x60 mode, bright white on blue screen. Mind you, this is for all the virtual terminals (the ones you get to via Alt-F keys), and doesn't work in the X Terminals. I haven't been able to get the 132 column modes to work correctly yet.
Anyway, the following man page documents vidfont and kbdmap, two commands you can run interactively from the command line to let you select which video font and keyboard mapping to use. I haven't yet found a keyboard mapping that works right for me, so I'm still playing with this one too.
FreeBSD Hypertext Man Pages: kbdmpa, vidfont
You also should set the correct variables in /etc/rc.conf so the changes stick. See /etc/defaults/rc.conf for all the "System console options". That is what you do with the strings hat vidfont and kbdmap echo back for you, put them right into your rc.conf.
I currently have the following in my rc.conf:
#
# vidcontrol stuff
#
font8x8="swiss-8x8"
font8x16="swiss-8x16"
allscreens_flags="80x60 lightwhite blue"
This sets my fonts to be the 'swiss' fonts, and screen to be in 80x60 mode, bright white on blue screen. Mind you, this is for all the virtual terminals (the ones you get to via Alt-F keys), and doesn't work in the X Terminals. I haven't been able to get the 132 column modes to work correctly yet.
Anyway, the following man page documents vidfont and kbdmap, two commands you can run interactively from the command line to let you select which video font and keyboard mapping to use. I haven't yet found a keyboard mapping that works right for me, so I'm still playing with this one too.
FreeBSD Hypertext Man Pages: kbdmpa, vidfont
You also should set the correct variables in /etc/rc.conf so the changes stick. See /etc/defaults/rc.conf for all the "System console options". That is what you do with the strings hat vidfont and kbdmap echo back for you, put them right into your rc.conf.
Disk Usage
Quick and easy du command to find the space used by each folder found in another folder:
This command tells du to start in the root folder, do down 1 folder deep (-d 1), and give out stats in "human readable" form (-h) and to not traverse mounted file systems (-x). In a nutshell, it tells you which folders are taking up the most space on your root partition, something that is real nice to know.
FreeBSD Hypertext Man Pages: du
$ du -hx -d 1 /
This command tells du to start in the root folder, do down 1 folder deep (-d 1), and give out stats in "human readable" form (-h) and to not traverse mounted file systems (-x). In a nutshell, it tells you which folders are taking up the most space on your root partition, something that is real nice to know.
FreeBSD Hypertext Man Pages: du
Monday, February 16, 2004
Mount root filesystem read-only
Sometimes, it can be useful to mount the root (ie, the '/') filesystem read-only. Usually, this is to run fsck on it, to fix it up after a horrible crash. Here's how to do it:
# mount -u -o ro -f /
Of course, you do this as root (hence the '#' prompt).
Friday, February 13, 2004
Mail archive search
I am just on a roll today, aren't I? And I'm still only up to last December in my freebsd-questions mail backlog!
Anyway, this is a page to simply search the FreeBSD.org mailing lists. The search page on the FreeBSD site is more than just a little flakey. Depending on how you limit the search, you may or may not get a hit, even though the filter you put on your search should've had nothing to do with suppressing the message in question. This one, perhaps, works a little better.
Rambler: FreeBSD mail archives search
Anyway, this is a page to simply search the FreeBSD.org mailing lists. The search page on the FreeBSD site is more than just a little flakey. Depending on how you limit the search, you may or may not get a hit, even though the filter you put on your search should've had nothing to do with suppressing the message in question. This one, perhaps, works a little better.
Rambler: FreeBSD mail archives search
ports Makefile args
Here's the man page for ports(7). It gives a nice overview of ports, but most importantly, it documents the various arguments you can pass to make when you are in the port's directory. Flags like deinstall, reinstall, and configure are all explained.
FreeBSD Hypertext Man Pages: ports
FreeBSD Hypertext Man Pages: ports
Useful scripts
A list of (free) scripts and programs to use with FreeBSD. See especially the cleanbw script, which runs and logs a complete buildworld cycle:
Computer - Programs Scripts
Computer - Programs Scripts
leave
Quicky little command that will give a prod when it is time to leave:
FreeBSD Hypertext Man Pages: leave
FreeBSD Hypertext Man Pages: leave
FreeBSD Basics articles
Here's a list of the articles written by Dru Lavigne on using and running FreeBSD. Very informative stuff!
ONLamp.com: FreeBSD Basics [Mar. 14, 2002]
ONLamp.com: FreeBSD Basics [Mar. 14, 2002]
Realtek network cards
Realtek-based network cards are the bane of any OS, but they especially seem to be a problem on FreeBSD. They are the lowest of low end cards, and any simple google search will unearth dozens of problems found with them. Just search the freebsd-questions message archive! I have one in my server that I use as the local connection (I have two cards, one for the outside world and one that connects my internal network). I seem to recall my own problems getting the realtek to work, and I'm not sure of my workaround. But one that seems to have an excellent track record is to disable plug-n-play at the bios level. Here's a short answer that says as much:
Geocrawler.com - freebsd-hardware - rl0: couldn`t map ports/memory
Geocrawler.com - freebsd-hardware - rl0: couldn`t map ports/memory
atacontrol
atacontrol is a useful little command that will tell you a little about the IDE (ata) devices you have attached to your computer. For instance:
will list all the IDE devices attached to your computer. It talkes about the 'channel', which is usually at least 0 and 1. When I do it on my computer, I get:
Then you can set and adjust parameters for the various channels and devices. See the man page for more info.
FreeBSD Hypertext Man Pages: atacontrol
$ atacontrol list
will list all the IDE devices attached to your computer. It talkes about the 'channel', which is usually at least 0 and 1. When I do it on my computer, I get:
$ atacontrol list
ATA channel 0:
Master: ad0ATA/ATAPI rev 4
Slave: ad1ATA/ATAPI rev 5
ATA channel 1:
Master: acd0 <4X4X32/3.VR> ATA/ATAPI rev 0
Slave: no device present
Then you can set and adjust parameters for the various channels and devices. See the man page for more info.
FreeBSD Hypertext Man Pages: atacontrol
init.d and security levels
In the man page for init.d, there is a discussions of FreeBSD security levels. This is a number from -1 to 3 (least to most secure), which allow you to limit things like kernal module loading all the way up to sealing it down at the network packet level. You can set the security level via a variable in the rc.conf file in /etc:
FreeBSD Hypertext Man Pages: securelevel
kern_securelevel="1"
FreeBSD Hypertext Man Pages: securelevel
Thursday, February 12, 2004
Recovering forgotten root password
How to reset the root password if you forget it:
First, reboot the machine into single user mode. You do this by hitting space when FreeBSD says to "Hit [Enter] to boot immediately or any other key for command prompt", leaving you with the very cryptic "ok " prompt. Then type in :
Once it finishes booting, then you can do:
This is all courtesy of the Complete FreeBSD book, by Lehey. I particularily love the chapter where he goes over the boot screen line by line, telling you what FreeBSD is doing.
First, reboot the machine into single user mode. You do this by hitting space when FreeBSD says to "Hit [Enter] to boot immediately or any other key for command prompt", leaving you with the very cryptic "ok " prompt. Then type in :
ok boot -s
Once it finishes booting, then you can do:
# mount -u / ... mount root file system read/write
# mount /usr ... mount /usr file system (if seperate)
# passwd root .... change the password for root
Enter new password:
Enter password again:
# ^D ... enter ctrl-D to continue with startupbr>
This is all courtesy of the Complete FreeBSD book, by Lehey. I particularily love the chapter where he goes over the boot screen line by line, telling you what FreeBSD is doing.
Tuesday, February 10, 2004
How to use FreeBSD Questions
Greg 'Groggy' Lehey's excellent FAQ for the FreeBSD Questions list. He's the author of the excellent FreeBSD Handbook book.
How to get best results from FreeBSD-questions
How to get best results from FreeBSD-questions
Terse sysctl.conf doc
A terse text document that gives a quick overview of many (most? all?) the variables that can be set in /etc/sysctl.conf :
sysctl descriptions
You can find more docs on sysctl, although not much more, in the man pages:
FreeBSD Hypertext Man Pages: sysctl
sysctl descriptions
You can find more docs on sysctl, although not much more, in the man pages:
FreeBSD Hypertext Man Pages: sysctl
Another blog and "Content Management"
Another man's weblog, mostly about Linux with a smattering of tech notes and other personal things. A cool example of blogging, using this same Movable Type system we use here:
Mark's Weblog
In addition, he mentiones both Zope and a CMF (Content Management Framework) that sits on top it it called Plone, both of which are, of course, available in ports (see www/zope and www/plone). I'm not exactly sure where something like Movable Type ends and a CMF like Zope/Plone begins, but it is something I've been meaning to investigate further.
Port description for www/zope
Port description for www/plone
Mark's Weblog
In addition, he mentiones both Zope and a CMF (Content Management Framework) that sits on top it it called Plone, both of which are, of course, available in ports (see www/zope and www/plone). I'm not exactly sure where something like Movable Type ends and a CMF like Zope/Plone begins, but it is something I've been meaning to investigate further.
Port description for www/zope
Port description for www/plone
Tuesday, February 3, 2004
apachetop - realtime apache stats
I was just browsing the sysutils ports:
FreeBSD Ports: Sysutils
and I read about apachetop, which purports to show a real-time (a la top) display of the current apache session; something I've been thinking I needed. So I'm going to give it a try.
Port description for sysutils/apachetop
FreeBSD Ports: Sysutils
and I read about apachetop, which purports to show a real-time (a la top) display of the current apache session; something I've been thinking I needed. So I'm going to give it a try.
Port description for sysutils/apachetop
webmin
A port to admin Unix (and, of course, FreeBSD) systems via the web. I'm going to give this a try, as I do not run any graphical interface on my FreeBSD box. I do everything via the command line; the shell in emacs to be exact. This might be a nice thing to admin the system from my other interior system, via a local web connection.
Port description for sysutils/webmin
Port description for sysutils/webmin
dig - find DNS info
Cool little command line tool I just found out about:
FreeBSD Hypertext Man Pages: dig
You can get all kinds of neat info about a domain names (dig stands for Domain Information Groper) and DNS servers. Ask them about your domain name, get info on mx records, etc.
FreeBSD Hypertext Man Pages: dig
You can get all kinds of neat info about a domain names (dig stands for Domain Information Groper) and DNS servers. Ask them about your domain name, get info on mx records, etc.
phpbb - forum software
phpbb is a PHP-based bulletin board system. I"m thinking of installing something like this on my system, just to try it out.
Port description for www/phpbb
phpBB.com :: Creating Communities
Port description for www/phpbb
phpBB.com :: Creating Communities
Thursday, January 29, 2004
FreeBSD Wi-Fi IPsec setup
Setting up a connection between a Windows host with a wireless ethernet card and a FreeBSD NAT gateway.
FreeBSD Wi-Fi IPsec easy-setup guide
FreeBSD Wi-Fi IPsec easy-setup guide
CVSUp FAQ
A page by the creator of cvsup, the tool used to keep your FreeBSD machine up to date. Includes a FAQ too.
CVSup Home Page
CVSup Home Page
Samba HOWTO Collection
Probably one of the most used, least understood and most problematic port is SAMBA. You use Samba to interface with Windows network shares, either mountint them on your FreeBSD machine (that's how I use it), or mounting FreeBSD folders on Windows machines. It's kind of a pain to configure and get running, so there's lots and lots of questions on it on the freebsd-questions mailing list. Here's a link to the canonical list of Samba HOWTOs:
Samba HOWTO Collection
Samba HOWTO Collection
Wednesday, January 28, 2004
PPP
How to use PPP article. I think the title is supposed to be on a cable modem, not or a cable modem, though. Also note that a user who wishes to do this needs to be a member of the dialer group, as well as the network group as mentioned in the article, or so I've read about FreeBSD 5.x. Not sure about 4.x, as I don't use PPP.
ONLamp.com: Connecting to the Internet Using PPP or a Cable Modem [Jun. 14, 2000]
Also, see the man page for ppp:
FreeBSD Hypertext Man Pages: ppp
ONLamp.com: Connecting to the Internet Using PPP or a Cable Modem [Jun. 14, 2000]
Also, see the man page for ppp:
FreeBSD Hypertext Man Pages: ppp
Tuesday, January 27, 2004
Monitoring Programs
A couple programs you can use to monitor your computer. They will check various statuses and email you if there is a problem. I'm going to probably give Nagios a try, as it is in the ports:
Port description for net/nagios- Big Brother is the free version of Big Brother Professional; the pro version adds lots of configuration stuff and ease of use. Big Brother System and Network Monitor
Monday, January 26, 2004
Updating a Binary FreeBSD
If you've installed FreeBSD via a binary, rather than from the source, it can be a bit of a pain getting the updates. Here's a site that runs a server that rebuilds all the security updates, and provides them as an update to binary systems, ala the Windows Update tool in WinNT/WinXP. I do it from the source (via cvsup), so I don't use this service, but it probably is a life-saver for some!
FreeBSD Update
FreeBSD Update
FreeBSD firewall config
Yet Another Page showing a HOW-TO configure a firewall for FreeBSD. Oddly enough, it doesn't say whether it is ipfw or ipfilter, but I'm pretty sure it is ipfw:
FreeBSD Firewall Configuration
FreeBSD Firewall Configuration
Sunday, January 25, 2004
cvsup examples
Here is the path to example command files for the very important cvsup command:
/usr/share/examples/cvsup
chkrootkit
Interesting package that checks all your system files to make sure there a trojan horse program hasn't modified any of them:
chkrootkit -- locally checks for signs of a rootkit
Port description for security/chkrootkit
chkrootkit -- locally checks for signs of a rootkit
Port description for security/chkrootkit
BSD History lesson
Nice BSD history lesson. Only goes up to about 2000, but still gives a nice, in-depth view of how BSD in general came up.
O'Reilly Network: 20 Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable [Mar. 14, 2000]
O'Reilly Network: 20 Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable [Mar. 14, 2000]
Saturday, January 24, 2004
Find the fastest cvsup server
Cool little PERL utility to ping all the various cvsup servers and find the "fastest" one - ie, the one that currently has the lowest response time. Actually, it gives you the top three. So of course it is merely a slice in time, but hey, at least it gives you something to go off of.
A sample command line might be:
This will find the fastest ones in the United States.
Port description for sysutils/fastest_cvsup
A sample command line might be:
$ fastest_cvsup -c us
This will find the fastest ones in the United States.
Port description for sysutils/fastest_cvsup
Upgrade!
Well, I just upgraded my FreeBSD 4.7 system to 4.9 and things are looking pretty good so far. Sometimes, bugs show up in the strangest places, but the server and such are all running okay, so I'm pretty happy with the move. Now I just need to figure out how to best keep it up to date vis-a-vis the 4.9-RELENG tag. I do a cvsup as required, but I just need to nail down the exact steps needed to keep the actual installation up to date. Like when exactly do I need to do more? Do I just do the complete cycle, including mergemaster? Or is just building the kernel enough? Ahh, things to figure out...
Friday, January 23, 2004
NetBoz
An interesting FreeBSD variant - a single bootable CD that will turn your old Pentium class PC into a FreeBSD firewall machine. I just might give this one a try:
NetBoz Firewall
NetBoz Firewall
Subscribe to:
Posts (Atom)