conf those ports

Yet another port having to do with ports. I'm still confused as to which port builder is "better", and here's a port that claims to work with all three "major" port bulders, in order to set up the correct port options. I often need this, as I usually build from within an Emacs shell, and this go a kaflooey if the port tries to put up an options dialog. So I'd like to set all the options first, then invoke it with BATCH mode so it doesn't prompt me again. Maybe I'll look at this.

Port description for sysutils/portconf

denyhosts

I'm going to install this port and see how well it does.  It works by examining the ssh log file (/var/log/auth.log) and dynamically adding IPs to the hosts.allow file to keep the script kiddies from whacking away at your ssh daemon. I get plenty of those attempts and they fill my log file.  It also logs lots of info too. And can email you with reports.

Port description for security/denyhosts

Emulator schmemulators

When I get my computer upgrade, I'm going to install an emulator on it.  I've used and enjoyed the heck out of vmware, but it is too expensive for my dilettante tastes.  So I've been casting about for a freeware alternative and keep hearing about qemu.  So I'll probably try this one first.

And on the freebsd.questions list, someone asked about getting kqemu to work with it. I guess kqemu is a kernel patch or something that makes qemu run faster and jump higher.  The trick is to build qemu with a Makefile define so that it pulls in the kqemu port as well.  This once again points out the usefulness of reading the makefile before building a port.  The exact command is:

# make -DWITH_KQEMU install clean

Port description for emulators/qemu

/usr/ports/emulators/qemu

portaudit

Cool port that keeps a database of all the ports that have security problems, and it won't let you install them without a manual override. I'm going to look a little more into this one!

FreshPorts -- security/portaudit

Fancy GTK+ apps

There's a PC-BSD forum post that describes how to get "fancier" looking GTK+ (a GUI toolkit used by KDE) apps

Fancy nicer looking GTK+ apps? Apps that fall into this category include Firefox and Thunderbird. Simply run the following command from a console (as root) and restart your x session:

# pkg_add -r gtk-qt-engine

Of course, if you're like me, you'll probably want to make it from the source:

# cd /usr/ports/x11-themes/gtk-qt-engine

# make && make install && make clean

According to the FreeBSD ports page:

GTK-QT Theme Engine allows GTK2 apps to use QT (KDE) themes

Practice Healthy Computing

I've been looking for something to keep a more active watch on my server, which is now kept remotely. Here's one possiblity. I need to find out if the motherboard has any of the supported chips, though.

Port description for sysutils/healthd

I can hear your heartbeat

Now that my system is stored remotely, I'm looking into some way of keeping track of its status. One way is a "heartbeat", which regularily pings it and sends me a message if there is a problem. Here's one implementation in ports:

Port description for sysutils/heartbeat

The Fish - an rc.conf editor

A program to more visually edit the rc.conf file. While editing it is pretty easy (I'm an Emacs guy, not a vi guy), this program also tells you about all the options you don't know about too!


The Fish for FreeBSD

Yet another info tool - lsof

To go along with the other network info tools that I mentioned earlier comes word of lsof, which is a standard Linux tool for doing an ls on all open files. I do lots of work on RedHat and my boss told me about this one. Just another in the set of things you can run that will tell you what your system is up to.

Port description for sysutils/lsof

Here is a nice online man page for lsof:

lsof(8): list open files - Linux man page


Update: Here's a cool little quickstart guide for lsof. If you saw the man page, you would see it has almost as many options as ls itselt! This article has a bunch of questions seaching for answers using lsof: lsof quickstart

Source code control ports

I've been using Perforce as a source code control system now for quite some time. It is a really easy to learn, easy to use, and well supported commercial, client/server SCCS. The main drawback is that it is quite expensive. Not a problem usually with my employer, as it pays back in no time, but too much for my personal projects.

So I'm always on the lookout for good a good SCCS, as even for the smallest project I need to use it these days. Once you get used to using a good SCCS (and no, I consider Microsoft's Visual Source Safe to be pretty bad), you're hooked and you wonder how you got along without it.

Anyway, here's a note on good looking open source contender to the CVS crown, Subversion.

Port description for devel/subversion

And here's another one I've seen mentioned, Gnu-Arch. It seems to be more along the lines of Perforce, in that it use a more general client/server approach:

Port description for devel/arch

More "sniffing" tools

The TaoSecurity post also led me to a few other programs having to do with network hacking and sniffing.

• 
  Port description for net-mgmt/driftnet : this one will poll for traffic and put together any images and movies that are sent along.


• Port description for net-mgmt/bsd-airtools : this one includes wireless sniffing tools, esp. dstumbler, which tells you all about wireless networks around you.


• Port description for security/nmap : this is I've seen talk about on some Windows blogs, as WinXP SP2 breaks it, due to some draconian socket "security" limits it implements. It is a "network exploration" tool, that helps with security auditing.

iftop

So I'm reading TaoSecurity blog, and he's got a cool little entry about hooking into a hotel's wireless network. In the entry, he talks about iftop, which is a simple application that does for network traffic that top does for CPU usage.

So I install the port and run it, and of course now I'm freaking out. Probably a case of too much information, with too little knowledge, but there's all kinds of ports (446, 2460, 2490) that have some (a very little) traffic on them that I just don't know what they are doing. Perhaps just pings to see if there is anything interesting on my machine, but still, worrisome.

My weekend project - install a firewall!

Port description for net-mgmt/iftop

Graphical firewall builder

One of the complaints in the Distrowatch.com review of FreeBSD was the lack of a graphical front end to build the firewall configuration file for ipfilter. Well, complain no more, for here it is:

Port description for security/fwbuilder

Of course, I can't use it, because I don't run X on my server. But if/when I get around to building my other machine, the backup machine, I might play with it then.

OpenOffice HOW-TO

While my server doesn't run X, I'll be creating another machine as a FreeBSD "user" machine, and that one will be running X. And I'll probably want to install OpenOffice.org, the Sun-supported freeware MSOffice compatible suite. It's a beast to install from ports (ie., via source), so here's a suggestion from Jerry McAllister on the -questions mailing list:

They have already built packages for FreeBSD that install just nicely.

Go to http://projects.imp.ch/openoffice/

Pick the latest package that suits your situation
Download it to /usr/local and run pkg_add on the compressed file.

Then, to set it up, run /usr/local/OpenOffice1.1.0/program/soffice.
Note the OpenOffice1.1.0 will vary according to what version you
download and where you tell it to put the Openoffice files.

Put that directory in your path.

After that, soffice, swriter, etc will start what you want. It works
fine as helper utilities in your browser too.

////jerry

Process information

A few interesting things I've learned about getting information on currently running processes:

• If you have the PROCFS mounted (which I think is normally the case), you can look in /proc. This contains a bunch of subdirectories corresponding to the PID of the currently running processes. Inside each of the directories is a bunch of files with pertinent information. I haven't yet begun to look closely at these, but I shall! Here's the Procfs manpage:
  
  FreeBSD Hypertext Man Pages: procfs
  



• The command to get kernel information, esp. about its currently running condition is vmstat:
  
  FreeBSD Hypertext Man Pages: vmstat
  
  



• The following port looks to be a nice utility for getting process info as well. Perhaps it even parses the above files?
  
  Port description for sysutils/pmap
  

Archiving solution

I just got a new machine from my employer (and the payer for my nice fast SDSL connection - inSORS; we do high-end video conferencing software), so I'm changing the roles of the various machines I have. One is a overclocked (clear to 800mhz - woo hoo!) Pentium, that I bought a big, cheap hard drive for, thinking to turn it into a backup server. I was looking at some Windows solutions, but realized that FreeBSD would be a better idea. The Light Dawns over Marblehead, eh?

Anyway, I looked at Bacula, and it looks exactly like what I need. Most of the machines on my network (I have 6 machines here now!) are Windows machines, except for this server (FreeBSD natch) and a dual-booting machine that I use for gaming (WinXP) and Linux development (RedHat 7.4 - part of our video conferencing solution is a server that runs on Linux). So I needed flexible clients, and Bacula does that very well.

It looks like a very complete solution - which of course means some complexity as well. So I'm going to take it slow and give it a whirl. Another thing I'm going to do on the new FreeBSD machine is to install X Windows - like I need another admin headache!

Port description for sysutils/bacula

Here's a nice page from FreeBSDDiary.org on how to set up and run Bacula:

http://www.freebsddiary.org/bacula.php

Ports makefile

I've talked before about makefiles and ports (see here), but I just found out about Yet Another Makefile used by the port system: /usr/ports/Mk/bsd.port.mk. This one lists an amazing number of options that can and will be used by building stuff in the ports folders. It is of especial interest to port maintainers, but has some options that can also be useful for us mere mortals.

One of the more interesting options are the BATCH and INTERACTIVE ones. They are only docuemented (in 4.9, anyway) indirectly, under the IS_INTERACTIVE comment in /usr/ports/Mk/bsd.port.mk, which I find more than a little odd for something so useful. If you set the BATCH environment variable (or, I assume, define it on the make command line thusly:

$ make -dBATCH

), it will not try to make any port that asks for interactive input. This is especially useful if you are doing a massive portupgrade and want to go away for a bit. Define BATCH in your environment (BATCH=1; export BATCH in bash) and it won't try to build interactive ones, like PHP, which has tripped me up a few times.

INTERACTIVE is the opposite of BATCH. Define this, and only ports marked as INTERACTIVE will build. So you can do the BATCH portupgrade first, then come back and do the INTERACTIVE ones while you are there coaxing it along.

portupgrade options

When using portupgrade, it can be nice to capture the output it generates, especially if it is a many port upgrade. There's a couple of solutions to this problem:

• Use commands that grab the output and save it for you. tee and script are ones that immediately come to mind. Script is recommended in several books on FreeBSD, esp. when rebuilding the kernel, which can generate a lot of messages. I tend to do these things inside an emacs command shell, so I "automatically" get logging.


• portupgrade itself has a very handy option : -l filename. This will log the output to the file. The -L option gives you control over the name of the log file.

trafshow

A utility that displays in some graphical way (on a text screen anyway) the current traffic on an interface card. I'm going to give this a try, as apachetop just crashes on me.

Port description for net/trafshow

sudo

It's not really anything I need, as I'm the only real user for my server, but sudo looks like an important port for those running FreeBSD boxes that want to selectively give others permission to run utilities that are normally reserved for the root user. If you run into this, and don't want to give a user the root password (almost certainly not!) or even make them a member of the very special "wheel" group (which allows them to su as root), you might look into installing this port.

Port description for security/sudo