start
Differences
This shows you the differences between two versions of the page.
— | start [2023-02-28 18:15] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | WARNING / Update 2023-02-28: This information getting really ancient, and will probably not be of use to anyone when installing a recent version of FreeBSD. | ||
+ | I will be leaving this online just for reference, but please be warned that these instructions will probably not work on any recent version of FreeBSD! | ||
+ | |||
+ | |||
+ | A step-by-step practical guide to installing & configuring FreeBSD 6.2, | ||
+ | together with some very common applications, | ||
+ | |||
+ | [[https:// | ||
+ | This will probably always be 'Work in progress', | ||
+ | |||
+ | update 28 nov 2009: well, FreeBSD 8.0 is out. I hope this guide isn't too outdated yet, haven' | ||
+ | |||
+ | update 12 dec 2010: new [[https:// | ||
+ | |||
+ | ** Commercial FreeBSD support ** | ||
+ | //NEW!!\\ We can help you with many of your configuration and installation problems, by phone, chat, or e-mail from | ||
+ | our office in Eindhoven, the Netherlands/ | ||
+ | Contact [freebsd_supportATpc probleemloos.nl] to find out how we | ||
+ | can help you with your BSD issues & ask for our hourly rates. Languages | ||
+ | spoken: dutch, english, german. | ||
+ | We are not endorsed by or affiliated with The FreeBSD Foundation.// | ||
+ | |||
+ | //NEW!!\\ Partnership with [[https:// | ||
+ | Contact [unix recoveryATdata recovery centrale.nl] (remove the spaces, replace the AT) to find out how we can be of assistance. | ||
+ | // | ||
+ | |||
+ | ====== Introduction ====== | ||
+ | For a few years I've been using the FreeBSD operating system now. I started with version 4.3 in 2001 (which a friend of me, with much more experience in BSD, installed) as a router/ | ||
+ | Since then, I've been using this machine more and more, I've installed extra services (webserver, ftp-server, samba) on it to use it as a NAS-device, and I installed larger and larger harddisks, and stuffed it with all the unused RAM I had. | ||
+ | I even installed [[# | ||
+ | |||
+ | Because of my lack of FreeBSD (and even Unix-) knowledge, I regularly messed things up. Not as bad as I did to my Linux PC (oh, damned dependency conflicts!) but still bad enough to set some things out of service. Fixing the things I broke was difficult, as I didn't read any manpages to get them working in the first place. Reinstalling FreeBSD from scratch took much time everytime I saw no way out, and often copying configuration files from the old installation to the new machine didn't work. | ||
+ | |||
+ | As other people were depending on this server too, I was ' | ||
+ | |||
+ | In my past BSD-days, I've grown accustomed to some applications. I' | ||
+ | used Sendmail (now I'm using [[mailserver_configuration_with_postfix_courier-imap_procmail_spamassassin_clamav# | ||
+ | In the open-source world, you are overwhelmed with choices you can make: shells, editors, webservers, browsers. In any of those categories you can find tens, hundreds of good pieces of software which can all suit your needs. I make my choices with the help of the following criteria: | ||
+ | * How much time do I expect to be needing to get it up and running the way I want? | ||
+ | * How many other people are using it? (a big userbase often means good support) | ||
+ | * How many features does it have that I will never use? | ||
+ | * Are the right installation manuals avalable? (e.g. for connecting Postfix to ClamAV) | ||
+ | * My own experience, or from friends. | ||
+ | |||
+ | This guide explains how to install the software that I have chosen, and as a result of that it won't include Sendmail, Cyrus- & UW-IMAP, | ||
+ | |||
+ | I've taken almost all commands from man-pages or the internet ([[# | ||
+ | |||
+ | ===== Why not Linux? ===== | ||
+ | If you're wondering why I'm not using Linux on my server, [[ | ||
+ | https:// | ||
+ | A lot of applications written for Linux run on FreeBSD without a problem (just look at the amount of applications in the ports tree and you'll see I'm right). Besides, FreeBSD has Linux support, so it can even run a lot of binary Linux programs! | ||
+ | |||
+ | ===== Document conventions ===== | ||
+ | I will be using '< | ||
+ | |||
+ | Do not use the same password for everything. | ||
+ | |||
+ | ===== Security ===== | ||
+ | Don't assume that by using my settings and making the same choices I did, you'll be 100% safe against hackers. After I've changed my root password from ' | ||
+ | As you know, software can contain bugs, or security holes. Some of these not-yet-discovered holes will probably be so big that even a elephant-sized hacker will be able to get into your system just by sneezing. It's your system, and your responsibility (not mine) to stay informed of security issues, and keeping up to date by applying the correct patches. | ||
+ | |||
+ | I'll be using [[# | ||
+ | |||
+ | As a basic security measure, I will show you how to limit direct access from the internet to MySQL and other software for which access from the outside is not required for proper functioning. Real firewall configuration I will do another time. I'm still not sure if I will be using ipf or pf. ipfw is horribly outdated my BSD-friend told me, so I'll won't be reinstalling that. | ||
+ | For the routing however, I will use ipf/ipnat, because it should almost work 'out of the box' with just a few lines of code, and maybe I'll trow in some traffic shaping later on, with [[https:// | ||
+ | |||
+ | ===== Backup ===== | ||
+ | I will dive into backup strategies when I have some time left, | ||
+ | currently, I'm using rsync to backup my maildir (bad idea to do this with rsync!), home | ||
+ | directories (Including /root, butdon' | ||
+ | temp folders!), configuration files (/etc, / | ||
+ | /* | ||
+ | The room I work in is very small, so having 2 different keyboards on my desk wouldn' | ||
+ | When I'm sure I've installed the majority of the packages, I will copy (dd'd, or using a [[# | ||
+ | VMware Workstation also has a feature to take ' | ||
+ | */ | ||
+ | |||
+ | ===== Who am I? ===== | ||
+ | I’m 30 years old, and I work as an IT consultant in Eindhoven, the Netherlands. | ||
+ | |||
+ | I've started this blog around September 7 2007, that's an awful long time ago in unix terms, so check every software package for updates & security fixes, as the packages I'm showing you here might be horribly outdated. | ||
+ | |||
+ | ===== More good advice ===== | ||
+ | You might want to keep notes of the steps you're taking in | ||
+ | getting a FreeBSD machine up and running, just like I did. Not only will | ||
+ | this help you in case you're going to reinstall FreeBSD on the same or another | ||
+ | machine anywhere in the future, but this will come in quite handy in case | ||
+ | something breaks: You can walk back the steps to see where it went | ||
+ | wrong, and if you're not able to fix it yourself and you're asking | ||
+ | someone else to help you, you can give a lot of useful information to them. | ||
+ | |||
+ | ===== Linking to this site ===== | ||
+ | I'd appreciate an e-mail if you link to this page, so I can inform you if the address changes (my address is on the top of this page). Please use this URL when linking: | ||
+ | |||
+ | |||
+ | |||
+ | Let's get started.. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Installing FreeBSD 6.2 ====== | ||
+ | As there already are an overwhelming number of guides for installing FreeBSD, but less on configuring it, I'll concentrate on the latter, and I'll only show a 'quick install guide' | ||
+ | Someone made a [[https:// | ||
+ | And someone else made [[https:// | ||
+ | |||
+ | This version with screenshots of every windows you'll see during the installation is very nice: https:// | ||
+ | |||
+ | However, if you want me to tell you how I've done it, this is the way: | ||
+ | I will assume you are using an empty harddisk to install FreeBSD (if not, backup your data!) | ||
+ | There is a windows xp partition already on my hdd as I start installing FreeBSD. This is not a problem, but any mistake might make my Windows partition inaccessible after this installation. | ||
+ | |||
+ | I used a FreeBSD 6.2-RELEASE installation CD. You can download the ISO image from the [[https:// | ||
+ | From the folder " | ||
+ | I will be using the ' | ||
+ | Because I'll be downloading almost all software from the internet during installation (instead of installing all from cd), the ' | ||
+ | |||
+ | I will skip the step to check the ISO-file for hacker-tampering by comparing the MD5 or SHA256 checksums. Follow the FreeBSD Installation Handbook on that one if you would like to be 100% sure you've downloaded an untampered version. | ||
+ | |||
+ | Burn this ISO-image to a cd, and boot from it. | ||
+ | |||
+ | After the boot-up process, a menu will appear asking for a " | ||
+ | The blue line is: | ||
+ | " | ||
+ | This means: a0 the first harddisk (jumpered as ' | ||
+ | ad0s3 is the third partition on the first harddisk (confirmation required..) | ||
+ | |||
+ | C to create a new slice in the free partition, enter the size for the new disk slice (for the first one, I entered " | ||
+ | Repeat the last step for all the disk slices you wish to make (for the swap-slice, select " | ||
+ | The created slices will have names like: ad0s3a, ad0s3b, ad0s3d, ad0s3e, ad0s3f, where the last vowel represents the slice order. Press ' | ||
+ | |||
+ | " | ||
+ | Would you like to install the FreeBSD ports collection? **Yes**, use the ' | ||
+ | (Select "8 User" if you're not planning to use X-Windows right now, or X-User if you want to install X-Windows directly.) | ||
+ | |||
+ | |||
+ | I selected " | ||
+ | I selected " | ||
+ | Next up, is selecting the network card I'm using to conenct the internet (in my case, that will be the device called ' | ||
+ | I did not choose for IPv6 (so it will go on using IPv4), I did choose "try DHCP", as my router will provide my FreeBSD pc with an IP address. | ||
+ | You will see the IP address your router/dhcp server assigned to you in the next window. I filled in a hostname < | ||
+ | Next up, is the question if we are sure everything sure we entered everything correctly. I am, so I select ' | ||
+ | |||
+ | I did select to install the ports tree (later on I will show how to use [[# | ||
+ | |||
+ | It will congratulate you with the install. Let's continue.. | ||
+ | |||
+ | - | ||
+ | Now there will be a lot of questions, I won't dive deep into what they all mean, I'll just tell you what I did: | ||
+ | |||
+ | Do you want this machine to funciton as a network gateway? **Yes** | ||
+ | (In the future, I want to use my FreeBSD machine as a network router) | ||
+ | |||
+ | Do you want to configure inetd and the network services that it provides? **Yes** (' | ||
+ | |||
+ | ... With this in mind, do you wish to enable inetd? **Yes** | ||
+ | |||
+ | * Select [Yes] now to invoke an editor on / | ||
+ | * Would you like to enable SSH login? **Yes** (important) | ||
+ | * Do you want to have anonymous FTP access to this machine? **No** (not yet, at least) | ||
+ | * Do you want to configure this machine as an NFS server? **Yes** (I do want this, as I know it will provide an easy way to share files over the network with other machines, your choice may be different: if you choose **No**, skip the next .. steps of this guide) | ||
+ | * ... Press [ENTER] now to invoke an editor on / | ||
+ | * Do you want to configure this machine as an NFS client? **Yes** | ||
+ | * Would you like to customize your system console settings? **No** | ||
+ | * Would you like to set this machine' | ||
+ | * Is this machine' | ||
+ | * Select a region **Europe** (your choice may be different :) ) | ||
+ | * Select a country or region **33 Netherlands** (your choice may be different :) ) | ||
+ | * Does the abbreviation ' | ||
+ | * Would you like to enable Linux binary compatibility? | ||
+ | * Does this system have a PS/2, serial, or bus mouse? **Yes** (my systen does have a PS/2 mouse, if you're not going to install X-Windows, you can select No). If you've chosen Yes, next up: select enable, move the mouse, select ' | ||
+ | * The FreeBSD package collection ... Would you like to browse the collection now? No | ||
+ | * Would you like to add initial user accounts to the system? ... **Yes** | ||
+ | * Select "Add group", | ||
+ | * Now you must set the system manager' | ||
+ | * New Password: //< | ||
+ | * Retype new Password: //< | ||
+ | * Visit the general configuration menu for a chance to set any last options? **No** | ||
+ | |||
+ | You are returned to the main installation menu. Choose 'Exit Installation' | ||
+ | |||
+ | |||
+ | |||
+ | ===== Thoughts for partitioning in FreeBSD ===== | ||
+ | |||
+ | I know the ports-tree will use quite a bit of space, because I'll be building a lot of applications from source. I'll guess a value of about 5GB is ok, for my maildir I'll take 2GB, and my www-folder to store my webpages will be maximum 1GB. | ||
+ | The advantage of partitioning is, in my opinion, to prevent insufficient diskspace issues for certain things: Otherwise, if I would upload too much data (e.g. pictures) to my www-folder, my / | ||
+ | |||
+ | As I'm the only user for e-mail on this system, I might want to look into ' | ||
+ | |||
+ | You can use the ' | ||
+ | |||
+ | |||
+ | To read more about how the file system is organized (which directory has which purpose), enter: | ||
+ | man hier | ||
+ | |||
+ | == My final layout == | ||
+ | |||
+ | ^Mount point^size^purpose^ | ||
+ | |/ | ||
+ | |// | ||
+ | |/ | ||
+ | || |The /usr will also contain:|| | ||
+ | || |/usr/ports (probably around 5GB in size) for sources and builds from the ports tree and|| | ||
+ | || |/usr/src (+-1GB) which contains sources and builds, the kernel build files will be here too)|| | ||
+ | || |/ | ||
+ | |/ | ||
+ | || |The /var folder will (among other things) contain:|| | ||
+ | || |/ | ||
+ | || |/var/db (1GB) mysql and other databases like the package-database|| | ||
+ | || |/var/log (500MB) logfiles|| | ||
+ | || |The numbers above are bases on a bit of experience, but certainly no guarantee|| | ||
+ | |/ | ||
+ | |||
+ | If your harddrive has more space, you can double the size of /usr. | ||
+ | |||
+ | After saving the partition layout, select: **BootMgr** as the boot manager to use. | ||
+ | |||
+ | You might have luck adjusting your partition sizes using a tool like ' | ||
+ | |||
+ | Notice: If you want to change, add, or remove partitions once your system is installed & running, GEOM (FreeBSD' | ||
+ | |||
+ | You will get an error message like: | ||
+ | < | ||
+ | Error: Unable to write data to disk ad0 | ||
+ | Disk partition write returned an error status! | ||
+ | </ | ||
+ | |||
+ | "You cannot open /dev/ad0 for writing if any. slices or labels are open." | ||
+ | See [[https:// | ||
+ | |||
+ | Or, if you are getting paid by the minute for reading this step-by-step FreeBSD installation guide, go and read [[https:// | ||
+ | |||
+ | ===== Network configuration ===== | ||
+ | |||
+ | Congratulations, | ||
+ | * Do you want to configure any ethernet devices?: **Yes** | ||
+ | * Use IPV6? **No** | ||
+ | * Use DHCP? **Yes** | ||
+ | * Hostname=**freebsd61**, | ||
+ | * Use INETD? **Yes** | ||
+ | * Configure INETD? **No** | ||
+ | * Do you want to enable SSH-login? **Yes** | ||
+ | Will this pc act as a router/ | ||
+ | * Do you want to have anonymous FTP access to this machine? **No** | ||
+ | * Do you want to configure this machine as an NFS server? **Yes** | ||
+ | * Do you want to configure this machine as an NFS client? **Yes** | ||
+ | |||
+ | ===== Other settings ===== | ||
+ | * Would you like to customize your system console settings? **No** | ||
+ | * Would you like to set this machine' | ||
+ | * Is this machine' | ||
+ | * Time Zone Selector, Select a region: **Europe** | ||
+ | * Countries in Europe, Select a coutnry or region: **Netherlands** | ||
+ | * Does the abbreviation ' | ||
+ | * Would you like to enable Linux binary compatibility? | ||
+ | * Does this system have a PS/2, serial, or bus mouse? **Yes** | ||
+ | I did configure and enable the mouse daemon. Even if your box will not run as a X11/ | ||
+ | Flags= **-3** | ||
+ | * Is the mouse cursor moving? **Yes** | ||
+ | * **X Exit** | ||
+ | |||
+ | * The FreeBSD package collection ... Would you like to browse the collection now? **No** | ||
+ | * Would you like to add any initial user accounts? **Yes** | ||
+ | Group: Group name=**//< | ||
+ | User: Login ID=**//< | ||
+ | Member groups: **wheel** (Tab, Tab, Tab, OK, X Exit) | ||
+ | In the ' | ||
+ | (which is, by the way, depreciated, | ||
+ | Set root password: **OK** | ||
+ | New Password: **//< | ||
+ | Repeat Password: **//< | ||
+ | |||
+ | * Visit the general configuration menu for a chance to set any last options? **No** | ||
+ | * **X Exit Install** | ||
+ | * Are you sure you wish to exit?... **Yes** | ||
+ | |||
+ | Your pc will reboot (remove the FreeBSD installation cd-rom) | ||
+ | After the boot proces, you will be greeted with the ' | ||
+ | login: **root** | ||
+ | password: **//< | ||
+ | |||
+ | You are greeted with the Message Of The Day (the contents of /etc/motd) | ||
+ | |||
+ | FIXMEConfigure your internet connection, with ifconfig and edit / | ||
+ | |||
+ | on procedure. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== About ports and packages ====== | ||
+ | port / packages difference.. | ||
+ | |||
+ | / | ||
+ | |||
+ | At this time, the only package that is installed is ' | ||
+ | pkg_info | ||
+ | |||
+ | To search for a package in the list of installed packages, use | ||
+ | pkg_info | grep part_of_package_name | ||
+ | |||
+ | The FreeBSD package system can download and install pre-compiled binaries from the internet, which is one of the easiest and fastest way to install software onto FreeBSD. For some of the software, I will use the ports-tree, as packages are not as frequently updated as the ports. I will also install some software from source, when package or ports are both outdated or nonexistant.\\ | ||
+ | [[https:// | ||
+ | |||
+ | I set the packagesite environment variable was set to a new location, to make sure that the most(?) recent packages will be downloaded, instead of the standard collection which was available at release-time of FreeBSD 6.2: | ||
+ | |||
+ | setenv PACKAGESITE ftp:// | ||
+ | If you are already using BASH, use this instead: | ||
+ | export PACKAGESITE=ftp:// | ||
+ | |||
+ | |||
+ | ===== portsnap ===== | ||
+ | Incremental ports-tree updater\\ | ||
+ | URL: [[https:// | ||
+ | |||
+ | Portsnap is part of the FreeBSD base system now, no installing required. | ||
+ | Fetch & extract an updated ports tree from the internet: | ||
+ | portsnap fetch | ||
+ | portsnap extract | ||
+ | |||
+ | In future, use the following command to update your ports tree: | ||
+ | portsnap fetch update | ||
+ | |||
+ | <cron job> | ||
+ | https:// | ||
+ | |||
+ | ===== portaudit ===== | ||
+ | Security auditor/ | ||
+ | |||
+ | This tool will protect me from installing vulnerable packages, that's why I like to install it ASAP. | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r portaudit | ||
+ | |||
+ | Update security information and check installed ports& | ||
+ | / | ||
+ | |||
+ | It should give the following output if everything is ok: | ||
+ | < | ||
+ | 0 problem(s) in your installed packages found. | ||
+ | </ | ||
+ | |||
+ | Note: this tool won't protect me from installing insecure software from source. | ||
+ | |||
+ | It will run every night, and report any problems to me by e-mail to < | ||
+ | |||
+ | If portaudit says some of the installed packages have security issues, | ||
+ | use ' | ||
+ | software. In many cases this latest version has the security issues | ||
+ | resolved. | ||
+ | If you didn't configure portsnap to automatically fetch new | ||
+ | ports every night using cron, you should run ' | ||
+ | before running portupgrade, | ||
+ | version. | ||
+ | |||
+ | |||
+ | ===== portupgrade ===== | ||
+ | Easy way to update/ | ||
+ | portupgrade-2.0.1_1, | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r portupgrade | ||
+ | (This will also install package ' | ||
+ | |||
+ | To update a package (for example proftpd), enter: | ||
+ | portupgrade -r -P proftpd | ||
+ | ' | ||
+ | ' | ||
+ | |||
+ | ** Could not find the latest version (...) | ||
+ | ---> | ||
+ | |||
+ | Alternative installation method: | ||
+ | cd / | ||
+ | make clean deinstall install | ||
+ | |||
+ | Use this alternative installation if you see the following error when | ||
+ | running portsnap or portupgrade: | ||
+ | missing key: categories: Cannot read the portsdb! files/ < | ||
+ | not found -- snapshot corrupt. | ||
+ | |||
+ | |||
+ | Whenever you see a security issue with a package that is installed, try | ||
+ | |||
+ | portupgrade -r -P < | ||
+ | |||
+ | Where ' | ||
+ | It will try to install the most recent package from the internet. (does it require a ' | ||
+ | |||
+ | |||
+ | |||
+ | ====== Additional software installation ====== | ||
+ | Now, where will I start? | ||
+ | |||
+ | Ports an package utilities (portsnap portinstall, | ||
+ | General utilities (nano editor, bash shell, (de-)compression tools, perl, screen, midnight commander) | ||
+ | Network connectivity (proftpd, samba) | ||
+ | Debugging / network analysis (nmap, trafshow) | ||
+ | Security, logging, monit (portaudit) | ||
+ | Backup (rsync + script, bacula, ... ) | ||
+ | |||
+ | ===== nano ===== | ||
+ | A file editor | ||
+ | Official URL: [[https:// | ||
+ | |||
+ | Why do I want to install this: I can't work without this editor, and thus belongs to my basic necessities in unix-life. I know how to use the 'more difficult' | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r nano | ||
+ | |||
+ | |||
+ | I set the ' | ||
+ | setenv EDITOR nano | ||
+ | If you're using bash instead of ' | ||
+ | export EDITOR=nano | ||
+ | |||
+ | Usage is pretty straightforward. The command: | ||
+ | nano < | ||
+ | will open < | ||
+ | Important keyboard shortcuts (they appear on the bottom of the screen when you are using nano): | ||
+ | * CTRL-X | ||
+ | * CTRL-W | ||
+ | * CTRL-K | ||
+ | * CTRL-U | ||
+ | * CTRL-O | ||
+ | * CTRL-C | ||
+ | |||
+ | To run nano with word-wrapping disabled, run: | ||
+ | nano -w < | ||
+ | |||
+ | Often, I'll start nano to edit a configuration file, and when try to save the file, I remember that I didn't ' | ||
+ | |||
+ | Save the following as / | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | # | ||
+ | # Small wrapper around nano, | ||
+ | # Will show a warning when the file to be opened is not writable. | ||
+ | # | ||
+ | # by Sebastiaan Giebels < | ||
+ | |||
+ | if [ -w $1 ]; then | ||
+ | #file exists and is writable | ||
+ | echo File is writable, continuing | ||
+ | / | ||
+ | else | ||
+ | if [ ! -f $1 ]; then | ||
+ | #file does not exist, new file? check if target folder is writable. | ||
+ | dir=`dirname " | ||
+ | if [ -w $dir -a ! -d $1 ]; then | ||
+ | / | ||
+ | else | ||
+ | echo Cannot write to directory $dir, STOP. | ||
+ | fi | ||
+ | else | ||
+ | echo File exists, but is not writable by you, STOP. | ||
+ | fi | ||
+ | fi | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Vi ===== | ||
+ | The shortest introduction to ' | ||
+ | |||
+ | Vi is a file editor, just like nano. It's installed by default on most UNIX operating systems, and has a | ||
+ | lot of useful functions, learn them if you want. I'll just show you the most important Vi function: | ||
+ | |||
+ | == Exiting Vi == | ||
+ | |||
+ | To exit Vi, enter ': | ||
+ | the cursor should jump to the bottom of the screen and show the ':' | ||
+ | ESC, enter ': | ||
+ | |||
+ | To start Vi (for the kick of it, to boast to your friends, or just to test your 'l33t UNIX 5ki11Z' | ||
+ | vi | ||
+ | |||
+ | ===== bash ===== | ||
+ | Command shell with command completion (enter just a part of a command | ||
+ | or filename , press the ' | ||
+ | remainder, saving valuable time. | ||
+ | Official URL: [[https:// | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r bash | ||
+ | |||
+ | To test it, you must enter the full path to bash: | ||
+ | / | ||
+ | Your prompt will change, as a sign you are using a different shell now. | ||
+ | |||
+ | Change root shell from '/ | ||
+ | to have installed nano in the previous step): | ||
+ | export EDITOR=nano | ||
+ | chpass root | ||
+ | |||
+ | Change the line ' | ||
+ | < | ||
+ | Shell: / | ||
+ | </ | ||
+ | Use CTRL-o + enter to save, then press CTRL-x to exit nano. | ||
+ | |||
+ | Now enter: | ||
+ | chpass < | ||
+ | And do the same for your regular user account. | ||
+ | |||
+ | We're going to edit .bashrc, setting the environment variables EDITOR and PACKAGESITE: | ||
+ | nano / | ||
+ | < | ||
+ | export EDITOR=nano | ||
+ | </ | ||
+ | /* | ||
+ | export PACKAGESITE=ftp:// | ||
+ | */ | ||
+ | Notice how we don't use ' | ||
+ | |||
+ | Now for the other users: | ||
+ | /* | ||
+ | Because non-root users aren't allowed to install packages, we can leave out ' | ||
+ | */ | ||
+ | su < | ||
+ | nano ~/.bashrc | ||
+ | Add the following: | ||
+ | < | ||
+ | export EDITOR=nano | ||
+ | </ | ||
+ | |||
+ | Edit ' | ||
+ | < | ||
+ | BLOCKSIZE=M; | ||
+ | EDITOR=nano; | ||
+ | </ | ||
+ | |||
+ | ==== bash prompt ==== | ||
+ | Adjusting the bash prompt to provide more information (such as the | ||
+ | username, hostname of the system, and the current working directory). | ||
+ | I'll also trow some color in, to brighten up my day. :) | ||
+ | |||
+ | URL: (warning, dutch!!) https:// | ||
+ | URL: (warning, dutch!!) https:// | ||
+ | |||
+ | A very simple command prompt: | ||
+ | < | ||
+ | export PS1=" | ||
+ | </ | ||
+ | |||
+ | You can also add colors to this string, see the links for more info. | ||
+ | Personally I like [[https:// | ||
+ | Download the code for my [[bashprompt.txt|bash prompt here]] | ||
+ | |||
+ | And this bash-feature is too, to colorize ' | ||
+ | < | ||
+ | export CLICOLOR=1 | ||
+ | </ | ||
+ | |||
+ | You can also have the .bashrc file with all the correct settings automaticaly created when you add a new user, if you make the changes to the file in the '/ | ||
+ | nano / | ||
+ | |||
+ | ln -s .bashrc .bash_profile | ||
+ | https:// | ||
+ | |||
+ | |||
+ | |||
+ | ==== changing the default blocksize ==== | ||
+ | The environment variable ' | ||
+ | |||
+ | the standard output of ' | ||
+ | < | ||
+ | Filesystem | ||
+ | ... | ||
+ | </ | ||
+ | Because harddisk drives nowadays are just under a terabyte, expressing sizes in 1K-blocks doesn' | ||
+ | |||
+ | |||
+ | nano / | ||
+ | Change the existing line with the ' | ||
+ | < | ||
+ | BLOCKSIZE=M; | ||
+ | </ | ||
+ | |||
+ | Logout, login, run ' | ||
+ | < | ||
+ | Filesystem | ||
+ | / | ||
+ | ... | ||
+ | / | ||
+ | </ | ||
+ | You see that my partition /dev/ad0s4a (mounted at /mnt/big) is around 45GB in size, 2GB used, and about 39GB free, the remainder is not shown, as it is some spare space needed to prevent disk fragmentation. [[https:// | ||
+ | |||
+ | |||
+ | |||
+ | ==== changing the ' | ||
+ | |||
+ | The Message-Of-The-Day (motd) that is shown everytime I login, is really too long for me. I use it now for noting which things I still have to install, configure and test. | ||
+ | |||
+ | I tend to loose ' | ||
+ | Don't do this if there are other users with login access to your machine, because they would see your todo-list too, which is not such a good idea if you put things like: "- fix remote exploitable bug in Apache" | ||
+ | |||
+ | Remove all but the first three lines, and enter any notes after the 3rd line: | ||
+ | nano /etc/motd | ||
+ | < | ||
+ | FreeBSD 6.2-RELEASE (FREEBSD62) #0: Mon Jan 4 01:56:50 CEST 2007 | ||
+ | Welcome to FreeBSD! | ||
+ | |||
+ | Todo: | ||
+ | - ... | ||
+ | </ | ||
+ | |||
+ | ==== changing the hostname ==== | ||
+ | Set hostname (perhaps already set correctly during install): | ||
+ | nano / | ||
+ | < | ||
+ | hostname="< | ||
+ | </ | ||
+ | |||
+ | ==== changing the dns servers ==== | ||
+ | Set up the DNS servers, if not already done so: | ||
+ | nano / | ||
+ | < | ||
+ | nameserver < | ||
+ | nameserver < | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== ntpd ===== | ||
+ | System time synchronization / Network Time Protocol Distribution | ||
+ | Official URL: [[https:// | ||
+ | |||
+ | The NTP-client (Network Time Protocol Client / ntpd) will set your systems time with the help of so called 'time servers' | ||
+ | |||
+ | Why do I want to install it: knowing the exact time is very important | ||
+ | for logging error messages, investigating security issues, making | ||
+ | backups, etcetera. Additionally, | ||
+ | |||
+ | |||
+ | Install package: | ||
+ | pkg_add -r ntp | ||
+ | |||
+ | Configuration: | ||
+ | (change //< | ||
+ | ISP. Your ISP can tell you what timeserver you should use (I found mine, | ||
+ | chime2.surfnet.nl, | ||
+ | on the keywords 'time server <my internet service provider name>' | ||
+ | If you really can't find whats your ISP's timeserver, use one of the | ||
+ | public time servers, like time.nist.gov or pool.ntp.org).: | ||
+ | nano / | ||
+ | < | ||
+ | server < | ||
+ | </ | ||
+ | |||
+ | To make sure ntpd is started upon boot, add the correct line to / | ||
+ | nano / | ||
+ | < | ||
+ | ntpd_enable=" | ||
+ | </ | ||
+ | |||
+ | Now synchronize the time on your pc with the time of your chosen timeserver (probably only needed once.) | ||
+ | ntpd -gq | ||
+ | You will get a message like this one: | ||
+ | < | ||
+ | ntpd: time set -7152.403129s | ||
+ | </ | ||
+ | If you, like me, are doing this installation on another pc than the pc that FreeBSD will run on, remember to run this command again on that other pc after installation. | ||
+ | |||
+ | ===== screen ===== | ||
+ | ' | ||
+ | [[https:// | ||
+ | |||
+ | Install port: (version 4.0.2_4) | ||
+ | portinstall screen | ||
+ | |||
+ | or, as an alternative, | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Test it: | ||
+ | screen | ||
+ | Start any application (like ' | ||
+ | screen -R | ||
+ | You will re-attach (=R) to the previously disconnected screen session. | ||
+ | Use the ' | ||
+ | exit | ||
+ | |||
+ | |||
+ | |||
+ | /* | ||
+ | It will start screen, load a shell and drop you into it. You can exit it | ||
+ | by exiting the shell (just type ' | ||
+ | can detach it by pressing Ctrl+A D You'll be returned to the | ||
+ | non-screened shell, and the process running in screen will continue | ||
+ | running in the background. | ||
+ | |||
+ | To re-attach to a screen session, enter: | ||
+ | You'll return to your screen session jus where you left it. | ||
+ | (however, if there' | ||
+ | a list of screens to attach to) | ||
+ | |||
+ | Inside the ' | ||
+ | To create a new screen, press Ctrl+A C. You can do this any number of | ||
+ | times. | ||
+ | |||
+ | |||
+ | * The following screen command will create a new screen session, | ||
+ | '-d -m' means: start screen in " | ||
+ | session but | ||
+ | for system startup scripts. | ||
+ | (So you can use this in / | ||
+ | '-S midnight' | ||
+ | running multiple screens you can easily find and re-attacht to it); | ||
+ | ' | ||
+ | you've installed it). | ||
+ | |||
+ | | ||
+ | |||
+ | To attac to this screen, ener: screen -R midnight | ||
+ | |||
+ | */ | ||
+ | persistent screen session with many windows. | ||
+ | To that end, I.ve added .screen -d -r to my .login. | ||
+ | |||
+ | ===== (De-)compression tools (RAR, | ||
+ | Install packages: | ||
+ | pkg_add -r unrar unzip zip unarj zoo | ||
+ | |||
+ | pkg_info will now also list the following packages to be installed (version numbers may be different in your case): | ||
+ | * unrar-3.70.b3, | ||
+ | * unzip-5.52_2 | ||
+ | * zip-2.32 | ||
+ | * unzoo-4.4_2 | ||
+ | * arj-3.10.22 | ||
+ | |||
+ | |||
+ | |||
+ | ===== perl ===== | ||
+ | Practical Extraction and Result Language | ||
+ | Very popular interpreted programming language | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r perl | ||
+ | |||
+ | To install additional modules, I suggest you use the CPAN.pm shell, as | ||
+ | it is the easiest way (instead of unpacking/ | ||
+ | by hand) | ||
+ | perl -MCPAN -e shell | ||
+ | Search for a module: | ||
+ | i / | ||
+ | Installing a module: | ||
+ | install Module:: | ||
+ | |||
+ | (e.g.: install Date:: | ||
+ | |||
+ | (See https:// | ||
+ | |||
+ | ) | ||
+ | |||
+ | You don't have to be root to use perl modules, non-root works too: | ||
+ | https:// | ||
+ | |||
+ | ===== mc, the Midnight Commander ===== | ||
+ | A console file manager, a Norton Commander (nc) clone. | ||
+ | It's like a 'swiss army knife', | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r mc | ||
+ | |||
+ | Or you can build it from source: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | ===== wget ===== | ||
+ | Command line HTTP downloader | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r wget | ||
+ | |||
+ | |||
+ | |||
+ | ===== curl ===== | ||
+ | wget-like command line http downloader with cookies-support | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r curl | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Network / connectivity ====== | ||
+ | |||
+ | |||
+ | ===== ProFTPD ===== | ||
+ | Official URL: https:// | ||
+ | |||
+ | Installation: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Run on system startup: | ||
+ | nano / | ||
+ | Add: | ||
+ | < | ||
+ | proftpd_enable=" | ||
+ | </ | ||
+ | |||
+ | Configuration: | ||
+ | nano / | ||
+ | Remove < | ||
+ | < | ||
+ | Servername "// | ||
+ | |||
+ | AuthUserFile / | ||
+ | # | ||
+ | UseIPv6 off | ||
+ | DefaultRoot ~ | ||
+ | # RequireValidShell off | ||
+ | RequireValidShell off | ||
+ | |||
+ | </ | ||
+ | |||
+ | You can find other configurations on the proftpd website. | ||
+ | Download a basic configuration file from the proftpd website (make sure [curl|curl] is installed): | ||
+ | curl -o / | ||
+ | You can use https:// | ||
+ | |||
+ | ?? mkdir / | ||
+ | </ | ||
+ | PS: there is a sample configuration file in / | ||
+ | |||
+ | |||
+ | Start it: | ||
+ | / | ||
+ | You should see the line ' | ||
+ | |||
+ | |||
+ | Test it: | ||
+ | ftp localhost | ||
+ | You will see something like: | ||
+ | < | ||
+ | Trying ::1... | ||
+ | ftp: connect to address ::1: Connection refused | ||
+ | Trying 127.0.0.1... | ||
+ | Connected to localhost. | ||
+ | 220 ProFTPD 1.3.0 Server (freebsd62.example.org) [127.0.0.1] | ||
+ | Name (localhost: | ||
+ | </ | ||
+ | This confirms your FTP server is running. Try to login using your regular user password (as a security measure, ftp access for root is blocked) | ||
+ | |||
+ | In case of errors/ | ||
+ | Add the following to / | ||
+ | < | ||
+ | ExtendedLog | ||
+ | DebugLevel | ||
+ | </ | ||
+ | Restart proftpd, and check the ftp.log file for error messages | ||
+ | |||
+ | ===== natd (internet sharing) ===== | ||
+ | When you get just 1 internet IP address from your ISP, and you want to allow more computers | ||
+ | access to the internet (without using proxy servers) you need NAT (Network Address | ||
+ | Translation). Setting it up is easy, if you pay attention :) | ||
+ | |||
+ | You need 2 network cards/ | ||
+ | /dev/pub0 is my network interface connected to the internet, | ||
+ | /dev/priv0 is my network interface conencted to the internal network. | ||
+ | Replace occurences of < | ||
+ | the < > characters too. | ||
+ | You can find your network interface names with the command: | ||
+ | ifconfig -a | ||
+ | |||
+ | Edit / | ||
+ | If your ' | ||
+ | be that your ISP provides you with an IP address, in this case, you'll probably already | ||
+ | have ' | ||
+ | My ISP gave me a fixed ip address (actually, a complete range), so in my case it's different: | ||
+ | < | ||
+ | ifconfig_pub0=" | ||
+ | </ | ||
+ | |||
+ | Now for the second network card, that is connected to your internal network: | ||
+ | < | ||
+ | ifconfig_priv0=" | ||
+ | </ | ||
+ | You can choose any private network range (10.0.0.0/ | ||
+ | long as it's not alreay used in your network. | ||
+ | |||
+ | nano / | ||
+ | Make sure the following lines are there (replace < | ||
+ | < | ||
+ | gateway_enable=" | ||
+ | firewall_enable=" | ||
+ | firewall_script="/ | ||
+ | firewall_type=" | ||
+ | firewall_quiet=" | ||
+ | natd_enable=" | ||
+ | natd_program="/ | ||
+ | natd_interface="< | ||
+ | natd_flags=" | ||
+ | </ | ||
+ | |||
+ | Test it (by starting natd manually): | ||
+ | natd -n < | ||
+ | ipfw -q add 00050 divert natd ip4 from any to any via < | ||
+ | |||
+ | = Setting up the client = | ||
+ | Set up a computer (' | ||
+ | 10.0.0.1, and DNS servers from your ISP (you can probably find them with 'cat / | ||
+ | |||
+ | = Testing natd connectivity = | ||
+ | On this client pc, go to a shell, (that' | ||
+ | people, or WindowsKey-R -> cmd -> [ok] for Vista unfortunates): | ||
+ | ping 10.0.0.1 | ||
+ | If everything is ok (no firewalls in the way) you should get ' | ||
+ | |||
+ | Next, ping another IP address (you can use the DNS server you found a moment ago): | ||
+ | ping 194.109.6.66 | ||
+ | If this works, natd works. | ||
+ | Note: some servers/ | ||
+ | server, if this works, it should work from any client too. | ||
+ | |||
+ | Now test if you can ping a website by it's name. | ||
+ | ping google.com | ||
+ | If this works, you can start your internet browser, and use the internet with multiple | ||
+ | computers. | ||
+ | |||
+ | Reboot, to make sure natd is started automatically/ | ||
+ | |||
+ | |||
+ | ===== Samba ===== | ||
+ | CIFS / Windows Networking file sharing and more\\ | ||
+ | Official URL: [[https:// | ||
+ | [[https:// | ||
+ | URL: https:// | ||
+ | URL: [[https:// | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r samba3 | ||
+ | Configure package: | ||
+ | / | ||
+ | samba_enable=" | ||
+ | nano / | ||
+ | |||
+ | Configuration: | ||
+ | nano / | ||
+ | < | ||
+ | # Usual location for this file: / | ||
+ | # Lines beginning with either a semi-colon or a pound sign (';' | ||
+ | # you can use them for explaining what options mean, or for temporarily disabling options | ||
+ | # by placing a # sign in front of the line. | ||
+ | # The length and usage of spaces and other non-alphanumerical characters is limited for some options | ||
+ | # Read the documentation | ||
+ | # NOTE: After modifying this file, run the command " | ||
+ | |||
+ | # Global options | ||
+ | [global] | ||
+ | # ' | ||
+ | workgroup = WORKGROUP | ||
+ | |||
+ | # ' | ||
+ | netbios name = < | ||
+ | |||
+ | # server string is the equivalent of the NT Description field | ||
+ | server string = FreeBSD Samba Server | ||
+ | |||
+ | # Logging: | ||
+ | # this tells Samba to use a separate log file for each machine that connects: | ||
+ | ; log file = / | ||
+ | # Standard location for samba log files is / | ||
+ | # Put a capping on the size of the log files (in Kb). | ||
+ | max log size = 50 | ||
+ | # Set the log (verbosity) level (0 <= log level <= 10) | ||
+ | ; log level = 3 | ||
+ | |||
+ | |||
+ | # Which hosts to allow access to your SAMBA server | ||
+ | # Don't forget to replace or remove the < > stuff with your own values | ||
+ | # 127.0.0.1 = localhost (don't forget to include this one, or else you'll have trouble testing it) | ||
+ | # 192.168.*.*, | ||
+ | # 1.2.3.4 is my ip adress and the number 27 is my netmask length (netmask = 255.255.255.224) | ||
+ | # because of the netmask, it will also allow all other computers in my network access. | ||
+ | # You can use a network/ | ||
+ | # 123.123.123.123 is the (fictional) static ip address of a friend who I want to give access | ||
+ | hosts allow = 127.0.0.1 192.168. 10. 172.16. < | ||
+ | |||
+ | # Denie traffic from all hosts (except from those configured with 'hosts allow' | ||
+ | hosts deny = 0.0.0.0/0 | ||
+ | |||
+ | # Make this server the local& | ||
+ | # Don't use these if there other servers for the same task on your network. | ||
+ | local master = yes | ||
+ | os level = 100 | ||
+ | preferred master = yes | ||
+ | wins support = yes | ||
+ | domain master = yes | ||
+ | |||
+ | # I don't know what this does (< | ||
+ | remote announce = < | ||
+ | # Case sensitivity for filenames: read manual | ||
+ | |||
+ | # Networking Options: this might give better performance | ||
+ | # See speed.txt and the manual pages for details | ||
+ | socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 | ||
+ | |||
+ | # Printing: FIXME | ||
+ | #printing = CUPS | ||
+ | # | ||
+ | #map to guest = Bad User | ||
+ | #show add printer wizard = No | ||
+ | show add printer wizard = No | ||
+ | |||
+ | ; map to guest = Bad User | ||
+ | ; | ||
+ | |||
+ | |||
+ | [shared] | ||
+ | comment = Some shared folder | ||
+ | path = /tmp/shared | ||
+ | read only = No | ||
+ | guest ok = Yes | ||
+ | nt acl support = No | ||
+ | ; force user = freebsd | ||
+ | ; force group = users | ||
+ | |||
+ | [music] | ||
+ | | ||
+ | path = / | ||
+ | read only = yes | ||
+ | | ||
+ | hosts allow = 127.0.0.1 192.168. 10. 172.16. < | ||
+ | hosts deny = 0.0.0.0/0 | ||
+ | |||
+ | # Printer configuration with CUPS I will do another time. I've disabled it for now | ||
+ | ;[printers] | ||
+ | ; comment = Print Temporary Spool Configuration | ||
+ | ; path = / | ||
+ | ; printable = Yes | ||
+ | ; guest ok = Yes | ||
+ | ; use clientdriver = Yes | ||
+ | ; browseable = No | ||
+ | |||
+ | </ | ||
+ | |||
+ | You can find out which computers on your local network support the SAMBA-protocol (running either ' | ||
+ | nmblookup -B < | ||
+ | I used 10.255.255.255.255 for my broadcast address, yours might be 192.168.255.255 or like that. | ||
+ | |||
+ | |||
+ | |||
+ | ===== OpenSSL ===== | ||
+ | openssl-0.9.8c | ||
+ | This SSL Library allows communication over secure channels (HTTPS, IMAPS), and is required in this guide for Courier-IMAP, | ||
+ | |||
+ | Install package: | ||
+ | |||
+ | pkg_add -r openssl | ||
+ | |||
+ | |||
+ | ===== Apache 2.2 Webserver ===== | ||
+ | URL: https:// | ||
+ | |||
+ | Install package: (version 2.2.0_7) | ||
+ | pkg_add -r apache22 | ||
+ | |||
+ | nano / | ||
+ | < | ||
+ | |||
+ | # | ||
+ | nano /etc/hosts: | ||
+ | < | ||
+ | 127.0.0.1 freebsd61.example.org | ||
+ | </ | ||
+ | mkdir / | ||
+ | nano / | ||
+ | < | ||
+ | ServerAdmin .... | ||
+ | ServerName freebsd61.example.org | ||
+ | ServerName 1.2.3.4 | ||
+ | DocumentRoot "/ | ||
+ | </ | ||
+ | |||
+ | Change: | ||
+ | < | ||
+ | < | ||
+ | ... | ||
+ | </ | ||
+ | </ | ||
+ | to -> | ||
+ | < | ||
+ | < | ||
+ | Options Indexes FollowSymLinks ExecCGI | ||
+ | AllowOverride All | ||
+ | Order allow, | ||
+ | Allow from all | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Add: | ||
+ | < | ||
+ | AddType application/ | ||
+ | AddType application/ | ||
+ | |||
+ | DirectoryIndex index.php index.cgi index.html | ||
+ | |||
+ | AddHandler cgi-script .cgi | ||
+ | |||
+ | NameVirtualHost *:80 | ||
+ | |||
+ | < | ||
+ | ServerAdmin webmaster@1.2.3.4 | ||
+ | DocumentRoot /www/ip | ||
+ | ServerName 1.2.3.4 | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | ServerAdmin webmaster@< | ||
+ | DocumentRoot / | ||
+ | ServerName < | ||
+ | ErrorLog / | ||
+ | CustomLog / | ||
+ | </ | ||
+ | </ | ||
+ | mkdir / | ||
+ | apachectl configtest | ||
+ | apacectrl restart | ||
+ | |||
+ | Some time later, I noticed this error message upon manual start of apache: | ||
+ | < | ||
+ | [warn] (2)No such file or directory: Failed to enable the ' | ||
+ | </ | ||
+ | I solved it temporarily by entering: | ||
+ | kldload accf_http | ||
+ | |||
+ | To load it on boot, add to your / | ||
+ | accf_http_load=" | ||
+ | |||
+ | I should check if the issue is resolved after the next reboot. | ||
+ | |||
+ | |||
+ | To prevent visitors seeing which version/ | ||
+ | ServerTokens Prod | ||
+ | |||
+ | |||
+ | ==== mod_jail (optional) ==== | ||
+ | FIXME | ||
+ | Optional: mod_jail | ||
+ | A module to run Apache in a secure jail (like ' | ||
+ | URL: https:// | ||
+ | |||
+ | ==== Custom 404-Errorhandler ==== | ||
+ | It is possible in Apache, to use your own errorhandler for various errorcodes. | ||
+ | You might want to have this to inform you of people clicking 'dead links' on your website. | ||
+ | |||
+ | nano / | ||
+ | < | ||
+ | ErrorDocument 404 "/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Apache::MP3 ==== | ||
+ | |||
+ | Apache::MP3 is a perl module for Apache, which allows you to listen to the music stored on your server from a windows pc trough a browser & Winamp. | ||
+ | Installation: | ||
+ | |||
+ | cd / | ||
+ | make | ||
+ | |||
+ | This will also install ' | ||
+ | |||
+ | Add this line to the ' | ||
+ | < | ||
+ | LoadModule perl_module libexec/ | ||
+ | </ | ||
+ | |||
+ | Visit the [[https:// | ||
+ | |||
+ | If you get this error: | ||
+ | < | ||
+ | Syntax error on line ... of / | ||
+ | Invalid command ' | ||
+ | [root@freebsd62 / | ||
+ | </ | ||
+ | Then the Apache mod_perl module isn't installed correctly. | ||
+ | |||
+ | Follow the [[https:// | ||
+ | |||
+ | Restart apache: | ||
+ | apachectl restart | ||
+ | |||
+ | Make a symlink to the folder where you store your mp3 files (in my case, that would be / | ||
+ | ln -s / | ||
+ | |||
+ | Apache::MP3 comes with a set of icons, and style sheet to go with the html pages it generates. To make apache::mp3 find them, follow the next steps.\\ | ||
+ | In / | ||
+ | < | ||
+ | < | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | </ | ||
+ | </ | ||
+ | And in the same file, just below the line '< | ||
+ | < | ||
+ | Alias /apache_mp3 / | ||
+ | </ | ||
+ | |||
+ | Browse to https:// | ||
+ | |||
+ | I've changed a few lines in httpd.conf, to make sure that .mp3-files are treated equally as .MP3-files (and the same for .m3u, .pls and ogg-vorbis files): | ||
+ | < | ||
+ | AddType audio/ | ||
+ | AddType audio/ | ||
+ | AddType audio/ | ||
+ | AddType application/ | ||
+ | </ | ||
+ | |||
+ | As the files in my MP3 collection often have bad mp3-id3 tags, I have Apache::MP3 to use the filename instead of the MP3-ID3 tag. In the '< | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | You might like these settings too: | ||
+ | < | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== kplaylist ==== | ||
+ | Official URL: https:// | ||
+ | Requires: apache, php, mysql | ||
+ | |||
+ | Installation: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Configure kplaylist with Apache (see instructions on the official website), make sure apache has access to your mp3 collection, configure the database to use, configure kplaylist. | ||
+ | Enter the location to your base mp3 folder in Filehandling -> Base directory | ||
+ | You can open the .m3u playlist files it generates with XMMS (or Winamp if you're using windows). | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== ISC DHCP-server (dhcpd) ===== | ||
+ | On my computer network, there are some laptops. These laptops are not always connected to this network, but sometimes they are taken by their owner to another location, and plugged into another network. | ||
+ | This makes it unpractical to set-up static ip adresses onto these machines themselves, as the network settings would probably have to be changed everytime the laptop is plugged into another network. | ||
+ | This is why I will set up a DHCP server. This software will hand out network information like the unique ip adres the laptop may use, the netmask, the address of the default gateway, and which dns servers to use. | ||
+ | |||
+ | FIXME If you use 192.168.*.*, | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r isc-dhcp3-server | ||
+ | (or portupgrade -r -P isc-dhcp3-server) | ||
+ | |||
+ | |||
+ | Configure package: | ||
+ | nano / | ||
+ | < | ||
+ | dhcpd_enable=" | ||
+ | dhcpd_flags=" | ||
+ | dhcpd_conf="/ | ||
+ | dhcpd_ifaces="" | ||
+ | dhcpd_withumask=" | ||
+ | </ | ||
+ | cp / | ||
+ | nano / | ||
+ | |||
+ | < | ||
+ | default-lease-time 86400; | ||
+ | max-lease-time 172800; | ||
+ | default-lease-time 86400; | ||
+ | ddns-update-style interim; | ||
+ | |||
+ | option ntp-servers 192.168.0.1; | ||
+ | option domain-name " | ||
+ | option domain-name-servers 192.168.0.1; | ||
+ | #, 192.168.2.1; | ||
+ | option netbios-name-servers 192.168.0.1; | ||
+ | #, 192.168.2.1; | ||
+ | option netbios-node-type 8; | ||
+ | ### NOTE ### | ||
+ | # netbios-node-type=8 means set clients to Hybrid Mode | ||
+ | # so they will use Unicast communication with the WINS | ||
+ | # server and thus reduce the level of UDP broadcast | ||
+ | # traffic by up to 90%. | ||
+ | ############ | ||
+ | |||
+ | subnet 192.168.0.0 netmask 255.255.0.0 { | ||
+ | range dynamic-bootp 192.168.0.128 192.168.1.250; | ||
+ | option subnet-mask 255.255.0.0; | ||
+ | option routers 192.168.0.1; | ||
+ | allow unknown-clients; | ||
+ | # host hplj4 { | ||
+ | # hardware ethernet 08: | ||
+ | # fixed-address 192.168.1.10; | ||
+ | # } | ||
+ | } | ||
+ | } | ||
+ | subnet 127.0.0.0 netmask 255.0.0.0 { | ||
+ | } | ||
+ | </ | ||
+ | touch / | ||
+ | |||
+ | Start it: | ||
+ | / | ||
+ | |||
+ | Tools for dhcpd.conf management/ | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | |||
+ | Changing the DHCPD Logging File: | ||
+ | https:// | ||
+ | |||
+ | |||
+ | To have a backup dhcpd or a fallback dhcp server (running 2 dhcp servers on the same network): | ||
+ | [[https:// | ||
+ | https:// | ||
+ | |||
+ | |||
+ | ===== BIND / named / DNS server ===== | ||
+ | Official URL: [[https:// | ||
+ | |||
+ | The BIND DNS Server (or ' | ||
+ | web adresses to ip adresses (e.g. for translating the host name | ||
+ | ' | ||
+ | |||
+ | There are two reasons for using it: | ||
+ | * you want to act as a so called ' | ||
+ | which will limit network traffic to the nameserver of your ISP. | ||
+ | * you are hosting websites and are doing DNS-server things yourself. | ||
+ | |||
+ | |||
+ | Install package: | ||
+ | pkg_add -r bind | ||
+ | |||
+ | Configuration of named is stored in / | ||
+ | The important files are: | ||
+ | * named.conf | ||
+ | * *.zone (the files you will create for every domain name) | ||
+ | |||
+ | Configure package: | ||
+ | cd /etc/named | ||
+ | |||
+ | sh make-localhost | ||
+ | nano named.conf | ||
+ | |||
+ | Comment out the line " | ||
+ | < | ||
+ | // listen-on | ||
+ | </ | ||
+ | |||
+ | Above the line "/ * An example master zone", insert the following for each domain you are running this nameserve for. Replace < | ||
+ | < | ||
+ | zone "< | ||
+ | type master; | ||
+ | file "< | ||
+ | }; | ||
+ | </ | ||
+ | |||
+ | For each domain: | ||
+ | mkdir < | ||
+ | cd < | ||
+ | nano < | ||
+ | |||
+ | Enter the following text (replace the <...> stuff with the correct information): | ||
+ | < | ||
+ | $ORIGIN < | ||
+ | ; // Don't for get to incease the Serial value everytime you make changes to this file | ||
+ | ; // I like to use the current date, so I can see when was the last time I've changed it | ||
+ | ; // If you are updating this file more than once a day, this is not a good solution. | ||
+ | @ | ||
+ | 20070701 ; Serial | ||
+ | 14400 ; Refresh | ||
+ | 1800 ; Retry | ||
+ | 3600000 ; Expire | ||
+ | 3600 ) | ||
+ | IN NS < | ||
+ | IN NS < | ||
+ | IN MX 10 < | ||
+ | |||
+ | localhost | ||
+ | < | ||
+ | * | ||
+ | </ | ||
+ | |||
+ | Test it (will show any configuration file errors, you can quit with CTRL-C): | ||
+ | / | ||
+ | |||
+ | < | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | 05-Mar-2007 12: | ||
+ | </ | ||
+ | |||
+ | This is how it looks here, when it's running correctly. | ||
+ | |||
+ | Im my case, I got an error message: | ||
+ | < | ||
+ | 05-Mar-2007 12: | ||
+ | </ | ||
+ | And it was immediately clear to me that copying the BIND/named configuration files from my backup to the /etc/named/ was ok, but that I had forgotten to give ' | ||
+ | chown -R bind / | ||
+ | |||
+ | Configure it to run on system startup: | ||
+ | Add the following line to / | ||
+ | < | ||
+ | named_enable=" | ||
+ | </ | ||
+ | |||
+ | Start it: | ||
+ | / | ||
+ | < | ||
+ | wrote key file "/ | ||
+ | Starting named. | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | You'll need some information on the domains you want to do DNS stuff for (I take example.org as an example): | ||
+ | whois example.org | ||
+ | You'll get something like this (write it down, we'll need it later): | ||
+ | < | ||
+ | | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | ==== Ad Blocking with your own DNS Server ==== | ||
+ | URL: https:// | ||
+ | |||
+ | If you run your own dns server (BIND/ | ||
+ | |||
+ | It works by blocking (actually, it is diverting) DNS request for a lot of banner-hosting domains. It even works against Google text-ads | ||
+ | If other computers are using this pc as a dns server (you can configure this in dhcpd.conf, section ' | ||
+ | |||
+ | You can block banners, text ads, some known cookie harvesting sites, and even normal sites. | ||
+ | Note that it will only block the DNS queries/ | ||
+ | |||
+ | Create the zone file '/ | ||
+ | < | ||
+ | $TTL 24h | ||
+ | @ IN SOA < | ||
+ | 2007100900 | ||
+ | 86400 ; Refresh (24 hours) | ||
+ | 300 ; Retry (5 minutes) | ||
+ | 604800 | ||
+ | 3600 ) ; Negative Cache TTL (1 hour) | ||
+ | |||
+ | @ | ||
+ | @ | ||
+ | * | ||
+ | </ | ||
+ | Replace < | ||
+ | If you use 127.0.0.1 as the < | ||
+ | I don't think there' | ||
+ | |||
+ | Next, edit / | ||
+ | For each domain name you wish to block banners (WARNING: and all other stuff from the same domain!) from, add the next line to the end of the file: | ||
+ | < | ||
+ | zone "< | ||
+ | </ | ||
+ | Replace < | ||
+ | |||
+ | < | ||
+ | doubleclick.com | ||
+ | doubleclick.net | ||
+ | adbrite.com | ||
+ | intellitxt.com | ||
+ | googlesyndication.com | ||
+ | atdmt.com | ||
+ | yieldmanager.com | ||
+ | </ | ||
+ | There are sites which list known advertising | ||
+ | You can find more of these domain names by googling on a few of the names above combined. | ||
+ | |||
+ | Instead of < | ||
+ | |||
+ | Configure your FreeBSD server to use it's own dns server. Edit / | ||
+ | < | ||
+ | nameserver 127.0.0.1 | ||
+ | </ | ||
+ | |||
+ | Remember to reload named whenever you have edited / | ||
+ | kill -HUP `cat / | ||
+ | or | ||
+ | killall -1 named | ||
+ | |||
+ | Test it: | ||
+ | ping some.random.thingy.yieldmanager.com | ||
+ | You should get a ping reply from ' | ||
+ | |||
+ | If you run into problems, make sure named is running: | ||
+ | ps auxwww|grep named | ||
+ | If named isn't running, there might be something wrong with your configuration files. | ||
+ | Start named in ' | ||
+ | named -g | ||
+ | or | ||
+ | cd /etc/namedb | ||
+ | named -f -d 9 | ||
+ | Debug messages are stored in / | ||
+ | |||
+ | Named won't start if the named.conf has errors, or duplicate entries (!) | ||
+ | |||
+ | You can start named correctly with the command: | ||
+ | / | ||
+ | |||
+ | |||
+ | Firefox has its own internal domain-name-based image blocking function, | ||
+ | To configure/ | ||
+ | It doesn' | ||
+ | |||
+ | another URL: https:// | ||
+ | another URL: https:// | ||
+ | |||
+ | There' | ||
+ | https:// | ||
+ | You can find more ad-serving hosts from the ' | ||
+ | This file however isn't direct compatible with named.conf, you've got to edit it. | ||
+ | |||
+ | After blocking *.google-analytics, | ||
+ | < | ||
+ | ssl.google-analytics.com sent an unexpected / error message / code: -12263 | ||
+ | </ | ||
+ | I guess this has something to do with the secure https protocol not able to find a valid SSL certificate. | ||
+ | I'm still searching for a nice solution, but I'll rather have the ' | ||
+ | < | ||
+ | https:// | ||
+ | ... | ||
+ | Constant: SSL_ERROR_RX_RECORD_TOO_LONG | ||
+ | "SSL received a record that exceeded the maximum permissible length." | ||
+ | -12263 | ||
+ | </ | ||
+ | |||
+ | I think I need to have the URL https:// | ||
+ | |||
+ | An example website giving this error is: https:// | ||
+ | |||
+ | ===== TrafShow ===== | ||
+ | Network traffic monitoring (TCP/UDP) | ||
+ | |||
+ | If you are looking for more advanced traffic monitoring tools (traffic sniffing tools), go google for: ethereal, ettercap, [[https:// | ||
+ | |||
+ | This provides basic network traffic visualisation on a text-based terminal. | ||
+ | You might also want to check out ' | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r trafshow | ||
+ | |||
+ | Test it by running: | ||
+ | trafshow | ||
+ | Select the correct network interface to monitor, and if there is any network traffic, you should see it. | ||
+ | |||
+ | If you get an error: | ||
+ | < | ||
+ | No packet capture device available (no permission? | ||
+ | </ | ||
+ | You are not running it as root. Get root privileges, or change the (read) permissions of the// /dev/bpf0 //and// /dev/bpf1 //devices. Don't make it world-readable (o+r), or else anyone with access to your computer can sniff on your network traffic, capture ftp-passwords and compromise your security! | ||
+ | /* | ||
+ | Reversing | ||
+ | |||
+ | Sometimes you are sitting on the wrong side of the link, and you would | ||
+ | like to have mrtg report Incoming traffic as Outgoing and vice versa. | ||
+ | This can be achieved by adding the ' | ||
+ | description. It flips the incoming and outgoing traffic rates. | ||
+ | Example: | ||
+ | | ||
+ | */ | ||
+ | ===== NetCat ===== | ||
+ | TCP tool ' | ||
+ | Install package: | ||
+ | pkg_add -r netcat | ||
+ | |||
+ | |||
+ | ===== nmap ===== | ||
+ | Very good portscanner | ||
+ | |||
+ | "Port scanning utility for large networks" | ||
+ | Install package: | ||
+ | pkg_add -r nmap | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Databases ====== | ||
+ | |||
+ | ===== MySQL ===== | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r mysql51-server | ||
+ | (includes mysql51-client-5.1.15) | ||
+ | pkg_add -r mysql51-scripts | ||
+ | |||
+ | mkdir / | ||
+ | chown mysql:mysql / | ||
+ | nano / | ||
+ | Add: | ||
+ | < | ||
+ | mysql_enable=" | ||
+ | </ | ||
+ | |||
+ | Start MySQL manually: | ||
+ | / | ||
+ | |||
+ | Now we are setting the MySQL database administrator password (you should choose a new password for < | ||
+ | mysql mysql -u root | ||
+ | You should get some infomation about the running MySQL engine, and a ' | ||
+ | < | ||
+ | UPDATE user SET Password=PASSWORD('< | ||
+ | FLUSH PRIVILEGES; | ||
+ | EXIT | ||
+ | </ | ||
+ | |||
+ | If successfull it will show you something like: | ||
+ | < | ||
+ | 1 rows updated ... | ||
+ | </ | ||
+ | |||
+ | If you get the following error: | ||
+ | < | ||
+ | ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/ | ||
+ | </ | ||
+ | then check if you have succesfully started the mysql daemon. | ||
+ | |||
+ | |||
+ | ====== Webserver ====== | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== PHP ===== | ||
+ | A popular web scripting language | ||
+ | Official URL: [[https:// | ||
+ | |||
+ | Install port (not using the package!): | ||
+ | cd / | ||
+ | make | ||
+ | Enable ' | ||
+ | < | ||
+ | | ||
+ | ... | ||
+ | . . [X] MULTIBYTE | ||
+ | ... | ||
+ | </ | ||
+ | make install | ||
+ | |||
+ | This will put the following executables (including the apache library libphp5.so) in the correct place: | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | |||
+ | Now, install PHP5-extensions | ||
+ | cd / | ||
+ | make | ||
+ | Select extra: bz2, ftp, gettext, mysqli, ncurses, openssl & zip. | ||
+ | Do not select ' | ||
+ | |||
+ | This will install: | ||
+ | < | ||
+ | php5-bcmath-5.1.6 | ||
+ | php5-bz2-5.1.6 | ||
+ | php5-calendar-5.1.6 The calendar shared extension for php | ||
+ | php5-ctype-5.1.6 | ||
+ | php5-curl-5.1.6 | ||
+ | php5-dom-5.1.6 | ||
+ | php5-ftp-5.1.6 | ||
+ | php5-gettext-5.1.6 | ||
+ | php5-iconv-5.1.6 | ||
+ | php5-imap-5.1.6 | ||
+ | php5-mcrypt-5.1.6 | ||
+ | php5-mysqli-5.1.6 | ||
+ | php5-ncurses-5.1.6 | ||
+ | php5-openssl-5.1.6 | ||
+ | php5-pcre-5.1.6 | ||
+ | php5-posix-5.1.6 | ||
+ | php5-readline-5.1.6 The readline shared extension for php | ||
+ | php5-session-5.1.6 | ||
+ | php5-simplexml-5.1.6 The simplexml shared extension for php | ||
+ | php5-sqlite-5.1.6 | ||
+ | php5-tokenizer-5.1.6 The tokenizer shared extension for php | ||
+ | php5-xml-5.1.6 | ||
+ | php5-xmlreader-5.1.6 The xmlreader shared extension for php | ||
+ | php5-xmlwriter-5.1.6 The xmlwriter shared extension for php | ||
+ | php5-zlib-5.1.6 | ||
+ | </ | ||
+ | Test it: | ||
+ | make install | ||
+ | nano / | ||
+ | < | ||
+ | <?php | ||
+ | phpinfo(); | ||
+ | ?> | ||
+ | </ | ||
+ | Point your browser to the URL: ht tp :/ / < | ||
+ | You should get lots of information about the php engine. | ||
+ | |||
+ | To allow PHP to connect to a MySQL database, install the port ' | ||
+ | / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Also install the port ' | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | You will need to tag ' | ||
+ | |||
+ | To configure Apache to use PHP, open '/ | ||
+ | Add the line: | ||
+ | < | ||
+ | LoadModule php5_module | ||
+ | </ | ||
+ | And: | ||
+ | < | ||
+ | AddType application/ | ||
+ | AddType application/ | ||
+ | </ | ||
+ | |||
+ | Change: | ||
+ | < | ||
+ | DirectoryIndex index.html index.cgi | ||
+ | </ | ||
+ | To: | ||
+ | < | ||
+ | DirectoryIndex index.html index.cgi index.php | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== phpMyAdmin ===== | ||
+ | Web based/PHP frontend for MySQL administration\\ | ||
+ | Official URL: [[https:// | ||
+ | |||
+ | Installation (requires that php5 has been built with ' | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Add the following to the Apache configuration file / | ||
+ | < | ||
+ | Alias / | ||
+ | |||
+ | < | ||
+ | Options none | ||
+ | AllowOverride Limit | ||
+ | |||
+ | Order Deny,Allow | ||
+ | Deny from all | ||
+ | Allow from 127.0.0.1 < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Restart Apache: | ||
+ | apachectl restart | ||
+ | |||
+ | Visit http://< | ||
+ | |||
+ | WORK IN PROGRESS BELOW THIS LINE. | ||
+ | |||
+ | Configuration: | ||
+ | cd / | ||
+ | cp config.sample.inc.php config.inc.php | ||
+ | cd phpMyAdmin | ||
+ | nano Documentation.txt | ||
+ | Read the 'quick install' | ||
+ | |||
+ | Create directory for saving configuration, | ||
+ | mkdir config | ||
+ | Give it world writable permissions: | ||
+ | chmod o+rw config | ||
+ | |||
+ | I went to http:/ /< | ||
+ | Under ' | ||
+ | Set ' | ||
+ | Click ' | ||
+ | |||
+ | Move file to current directory: | ||
+ | mv config/ | ||
+ | Remove world read and write permision: | ||
+ | chmod o-rw config.inc.php | ||
+ | |||
+ | cp config.default.php config.inc.php | ||
+ | nano config.inc.php | ||
+ | < | ||
+ | $cfg[' | ||
+ | </ | ||
+ | |||
+ | For now, I will use cookie authentication. This is not as secure as I'd like it to be (I would be happier if https was working), but I'll leave it for now: | ||
+ | < | ||
+ | $i=0; | ||
+ | $i++; | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | </ | ||
+ | |||
+ | As an alternative, | ||
+ | < | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | $cfg[' | ||
+ | </ | ||
+ | Protecting the phpMyAdmin with .htpasswd is something I will explain another time. Just stick with cookie authentication for now. | ||
+ | |||
+ | Restrict access to the configuration file (very important if you have stored the MySQL password in here): | ||
+ | chmod 600 config.inc.php | ||
+ | |||
+ | Check your installation by browsing to http:/ /< | ||
+ | If everything is ok, you should be asked for a username and a password. Enter the MySQL username and password you have configured earlier. After entering the correct password and pressing ok, you should see the phpMyAdmin page, where you can manage your MySQL databases. | ||
+ | |||
+ | |||
+ | protect pMA directory with .htaccess and .htpasswd: | ||
+ | https:// | ||
+ | |||
+ | nano .htaccess | ||
+ | < | ||
+ | AuthName " | ||
+ | AuthType Basic | ||
+ | AuthUserFile / | ||
+ | AuthGroupFile / | ||
+ | require valid-user | ||
+ | </ | ||
+ | Change the AuthUserFile to the directory where you will put the .htpasswd file. You can change the ' | ||
+ | |||
+ | Now, let's create the .htpasswd file, which will contain the usernames and (encrypted) passwords of the users that will have access. | ||
+ | Make sure you are in the correct directory, then enter: | ||
+ | htpasswd -c .htpasswd < | ||
+ | If the file .htpasswd already exists, remove the -c to add users to an existing .htpasswd file: | ||
+ | htpasswd .htpasswd < | ||
+ | You will be prompted for the password (2 times). | ||
+ | |||
+ | Check if it works, open your webbrowser and go to < | ||
+ | It should prompt you for an username and a password. | ||
+ | |||
+ | For security, make sure all files starting with ' | ||
+ | |||
+ | ===== Joomla ===== | ||
+ | A Content Management System (CMS), similar like ' | ||
+ | Official URL: | ||
+ | |||
+ | Installation: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | cd / | ||
+ | ... | ||
+ | |||
+ | Login to the phpMyAdmin website/ | ||
+ | |||
+ | Edit / | ||
+ | Add a line: | ||
+ | Alias joomla / | ||
+ | |||
+ | Next, go to the site http:/ /< | ||
+ | < | ||
+ | Session save path Not set, Unwriteable | ||
+ | Database server: localhost | ||
+ | username: root | ||
+ | password: < | ||
+ | database: joomla | ||
+ | |||
+ | Site name: < | ||
+ | |||
+ | URL: http:/ /< | ||
+ | Path: / | ||
+ | Your E-mail: joomla_administrator@freebsd62.example.org | ||
+ | Admin password: < | ||
+ | (Username : admin) | ||
+ | </ | ||
+ | |||
+ | Point your browser to: http:/ /< | ||
+ | You should get a message telling you that you should remove the installation-folder. | ||
+ | We will do this: | ||
+ | cd / | ||
+ | rm -R installation | ||
+ | Reload the same URL (http:/ /< | ||
+ | |||
+ | Browse to http:/ /< | ||
+ | |||
+ | |||
+ | ===== Coppermine Gallery ===== | ||
+ | |||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | nano / | ||
+ | Alias / | ||
+ | |||
+ | < | ||
+ | Options Indexes Followsymlinks MultiViews | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | </ | ||
+ | |||
+ | use phpMyAdmin to create a database named ' | ||
+ | apachectrl restart | ||
+ | browse to: http:// | ||
+ | username: coppermine | ||
+ | pass: | ||
+ | MySQL Database Name: coppermine | ||
+ | MySQL Username: | ||
+ | MySQL Password: | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== DokuWiki ===== | ||
+ | This is an easy to use wiki that I use for updating this page.\\ | ||
+ | Official URL: https:// | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | I needed a easy website content editor to publish this FreeBSD 6.2 manual online. I didn't want a CMS, as those generally depend on a database like MySQL, and these are too big for what I need. I've visited https:// | ||
+ | |||
+ | Read https:// | ||
+ | |||
+ | Using ports: | ||
+ | < | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | </ | ||
+ | |||
+ | It will install in / | ||
+ | |||
+ | During installation it will ask which type of wiki this will be, as it can help you configure read/write access in different ways for registered/ | ||
+ | * Everybody can view + edit the page (an open approach, like wikipedia) | ||
+ | * Only registered users can view the page (when you have information in your wiki that shouldn' | ||
+ | * Visitors can only look at the page, and make no changes + only registered users can make changes (the way I want it) | ||
+ | |||
+ | After installation, | ||
+ | ln -s / | ||
+ | Browse to: http:// | ||
+ | You should see some Dokuwiki page. | ||
+ | |||
+ | < | ||
+ | chown -R www conf</ | ||
+ | |||
+ | Let's configure it (while still being in the dokuwiki folder). | ||
+ | We will save all settings to local.php, Dokuwiki' | ||
+ | cp conf/ | ||
+ | nano conf/ | ||
+ | < | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | $conf[' | ||
+ | </ | ||
+ | |||
+ | |||
+ | Some more settings: (my dokuwiki is written in english, so I set the spellcheck accordingly) | ||
+ | < | ||
+ | Enable spellchecker **yes** | ||
+ | Recent changes **50** | ||
+ | Language: **en** | ||
+ | Send "HTTP 404/Page Not Found" for non existing pages **yes** | ||
+ | </ | ||
+ | |||
+ | Make sure all configuration files are owned by the user Apache runs on: | ||
+ | chown -R www:www . | ||
+ | |||
+ | Making sure some files aren't 'world writable' | ||
+ | chmod 664 doku.php | ||
+ | chmod 664 conf/ | ||
+ | |||
+ | |||
+ | For editing the page, I want to setup a password | ||
+ | More info on Acces Control Lists at URL: https:// | ||
+ | |||
+ | Create a password (replace < | ||
+ | md5 -s < | ||
+ | This should output the following (I used ' | ||
+ | < | ||
+ | MD5 (" | ||
+ | </ | ||
+ | |||
+ | cp conf/ | ||
+ | nano users.auth.php | ||
+ | Add the following lines (replace 5f4dcc3b5aa765d61d8327deb882cf99 with your own result): | ||
+ | < | ||
+ | admin: | ||
+ | editor: | ||
+ | </ | ||
+ | |||
+ | cp conf/ | ||
+ | nano conf/ | ||
+ | Add the following lines to allow all (registered) users to create and edit pages, and allow visitors only reading: | ||
+ | < | ||
+ | * | ||
+ | * | ||
+ | </ | ||
+ | |||
+ | |||
+ | By default, DokuWiki has 7 colored boxes at the bottom of the page, one of these is a link to the Creative Commons site. I've chosen the Creative Commons license ' | ||
+ | I've also removed the other buttons in this file which I won't need: | ||
+ | * 'RSS XML-feed', | ||
+ | * ' | ||
+ | * 'PHP Powered', | ||
+ | * 'W3C XHTML1.0' | ||
+ | * 'W3C CSS' links. | ||
+ | |||
+ | I'm leaving the ' | ||
+ | |||
+ | In the file ' | ||
+ | |||
+ | I will make the configuration files available for download soon < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | [[https:// | ||
+ | In the .htaccess file that's mentioned on this article, I've changed some lines replacing ' | ||
+ | |||
+ | I've discovered that DokuWiki is telling search engine crawlers to " | ||
+ | Also, I added some code for adding the correct META-tags to my page. Couldn' | ||
+ | < | ||
+ | $KEYWORDS = " | ||
+ | $head[' | ||
+ | |||
+ | $DESCRIPTION = " | ||
+ | $head[' | ||
+ | </ | ||
+ | |||
+ | DokuWiki has [[https:// | ||
+ | |||
+ | To force the recaching/ | ||
+ | page just add the parameter | ||
+ | '? | ||
+ | |||
+ | Optimizing your DokuWiki page for Search Engine Indexing: https:// | ||
+ | |||
+ | |||
+ | I set [[https:// | ||
+ | [[https:// | ||
+ | [[https:// | ||
+ | |||
+ | |||
+ | quote: " | ||
+ | http:// | ||
+ | |||
+ | |||
+ | And I discovered how to [[https:// | ||
+ | |||
+ | |||
+ | |||
+ | /* | ||
+ | https:// | ||
+ | WORK IN PROGRESS | ||
+ | |||
+ | wget https:// | ||
+ | tar -zxvf (filename) | ||
+ | mv dokuwiki< | ||
+ | mv dokuwiki / | ||
+ | cd / | ||
+ | chown -R root:wheel . | ||
+ | http:// | ||
+ | Click on " | ||
+ | tell you that some of your folders do not have the proper permission | ||
+ | settings. Fix it by going to your dokuwiki folder, and enter: | ||
+ | |||
+ | chown www:www conf/ | ||
+ | chown www:www data/ | ||
+ | chown www:www data/pages/ | ||
+ | chown www:www data/attic/ | ||
+ | chown www:www data/media/ | ||
+ | chown www:www data/meta | ||
+ | chown www:www data/cache | ||
+ | chown www:www data/locks | ||
+ | chown www:www data/index | ||
+ | (click retry) | ||
+ | Wiki Name: | ||
+ | (the html title of your wiki page will be "Page name [wiki name]" | ||
+ | I used "by Sebasiaan Giebels" | ||
+ | Enable ACL (recommended) ticked | ||
+ | Superuser: edit this | ||
+ | just like e-mail and password | ||
+ | Decide what kind of Wiki this should be (who should be allowed to write | ||
+ | in it) I chose Public Wiki | ||
+ | Click the button, | ||
+ | and your new wiki should show up. | ||
+ | Click on ' | ||
+ | and password | ||
+ | Here you can edit your page etc. See Syntax and Playground | ||
+ | Go to the Configuration Manager", | ||
+ | page. ( | ||
+ | My Debian Linux on the NSLU2 installation & configuration guide | ||
+ | Save the settings, and open .../ | ||
+ | It should give the title you just entered (when the page name is still | ||
+ | ' | ||
+ | done something wrong in the previous step) , | ||
+ | and | ||
+ | tell you | ||
+ | 'This topic does | ||
+ | not exist yet'. Re-login (if needed) and click on the ' | ||
+ | button. Enter some text, save it, and reload the page | ||
+ | |||
+ | |||
+ | |||
+ | https:// | ||
+ | */ | ||
+ | |||
+ | Adding Video to DokuWiki (like Youtube video clips): | ||
+ | https:// | ||
+ | |||
+ | === Hidden Comment === | ||
+ | URL: https:// | ||
+ | |||
+ | This tiny plugin allows you to leave notes to yourself (and other | ||
+ | authors of your wiki) in the wiki source code that won't be shown on the | ||
+ | wiki page. | ||
+ | |||
+ | extract the contents of the .zip file to | ||
+ | < | ||
+ | |||
+ | Example: | ||
+ | < | ||
+ | The text /* between the slash-asterik and asterisk-slash */ is hidden | ||
+ | </ | ||
+ | Becomes: | ||
+ | The text /* between the slash-asterik and asterisk-slash */ is hidden | ||
+ | |||
+ | /* | ||
+ | === folded text === | ||
+ | (example: ) | ||
+ | https:// | ||
+ | (or https:// | ||
+ | */ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== TinyProxy ===== | ||
+ | A lightweight HTTP proxy server | ||
+ | |||
+ | Official URL: [[https:// | ||
+ | Install package: | ||
+ | pkg_add -r tinyproxy | ||
+ | |||
+ | |||
+ | ===== Serial Console ===== | ||
+ | This will allow me to access this FreeBSD pc over a serial cable. As one of these installations will run in a fire-safe basement, and I don't want to get my hands dirty everytime I accidently disable the Ethernet interface, stop SSH, ruin the firewall settings, or do something else which would otherwise result in the need for hands-on access. | ||
+ | https:// | ||
+ | configuration: | ||
+ | nano boot.config | ||
+ | -P | ||
+ | nano /etc/ttys | ||
+ | # Serial terminal on COM1: | ||
+ | ttyd0 "/ | ||
+ | |||
+ | Options Message goes to | ||
+ | none internal console | ||
+ | -h serial console | ||
+ | -D serial and internal consoles | ||
+ | -Dh serial and internal consoles | ||
+ | -P, keyboard present internal console | ||
+ | -P, keyboard absent serial console | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Compiling the FreeBSD Kernel ====== | ||
+ | Compiling a new kernel can help overcome problems with new hardware (like my Gigabit onboard network card '/ | ||
+ | |||
+ | The correct way to upgrade your kernel has changes over the last FreeBSD versions, so you might find some manuals on FreeBSD kernel building that are outdated (like ' | ||
+ | |||
+ | Steps we will be going through: | ||
+ | 1. Getting the kernel sources | ||
+ | 2. Updating the kernel sources to the most recent (stable) version | ||
+ | 3. Configuring the kernel (changing the default configuration, | ||
+ | 4. Building (compiling) the new kernel & modules | ||
+ | 5. Installing the new kernel | ||
+ | 6. Testing the new kernel | ||
+ | |||
+ | URL: https:// | ||
+ | URL: https:// | ||
+ | |||
+ | Step 1: | ||
+ | Install the kernel sources | ||
+ | sysinstall | ||
+ | Go to the ' | ||
+ | |||
+ | Lacking a bit of creativity, I will call my new kernel ' | ||
+ | |||
+ | |||
+ | Step 2: WORK IN PROGRESS | ||
+ | [edit make.conf]< | ||
+ | cd /usr/src | ||
+ | make update | ||
+ | |||
+ | Step 3: Performing the kernel configuration (If your architecture is amd64, replace ' | ||
+ | cd / | ||
+ | Copy the default kernel configuration to a new file: | ||
+ | cp GENERIC FREEBSD62 | ||
+ | Replace FREEBSD62 with a descriptive name for your freeBSD machine (I added ' | ||
+ | Now we can make the modifications (if any) to the new file: | ||
+ | nano FREEBSD62 | ||
+ | Add any options you wish to include in your new kernel. | ||
+ | |||
+ | ^ Kernel configuration item: ^ Result: ^ | ||
+ | | options BRIDGE | Required for using this PC as a router | | ||
+ | | options IPFILTER | Required for using this PC as a router | | ||
+ | | options IPFILTER_LOG | Required for using this PC as a router | | ||
+ | | device pf | PF Firewall | | ||
+ | | options ALTQ | ALTQ Traffic Shaping | | ||
+ | | options ALTQ_CBQ | ALTQ Traffic Shaping | | ||
+ | | options ALTQ_RED | ALTQ Traffic Shaping | | ||
+ | | options ALTQ_RIO | ALTQ Traffic Shaping | | ||
+ | | options ALTQ_HFSC | ALTQ Traffic Shaping | | ||
+ | | options ALTQ_CDNR | ALTQ Traffic Shaping | | ||
+ | | options ALTQ_PRIQ | ALTQ Traffic Shaping | | ||
+ | | device speaker #PC speaker | You can play sound (also MP3) through the pc internal speaker | | ||
+ | | device dummynet #dummy networking device | Required for OpenVPN? < | ||
+ | | device pass | Required for access to USB disks, flashdrives, | ||
+ | ^ ^ Untested: ^ | ||
+ | | options EXT2FS # linux FS | Allows acces to EXT2FS Linux Extended File System v2 | | ||
+ | | pseudo-device | ||
+ | |||
+ | Other stuff: | ||
+ | < | ||
+ | options SUIDDIR | ||
+ | device vn | ||
+ | options NMBCLUSTERS=65535 | ||
+ | </ | ||
+ | |||
+ | |||
+ | config FREEBSD62 | ||
+ | cd ../ | ||
+ | make cleandepend; | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Restart your system by entering the command: | ||
+ | reboot | ||
+ | |||
+ | And voilá, you have built, installed and booted your new kernel. Confirm this (after logging in) by entering: | ||
+ | uname -a | ||
+ | |||
+ | It will tell you something like: | ||
+ | < | ||
+ | Mon Jan 4 01:56:50 CEST 2007 | ||
+ | root@freebsd61.example.org:/ | ||
+ | This contains the FreeBSD version (**FreeBSD 6.2-RELEASE**), | ||
+ | |||
+ | FIXME:what if some kernel option names have changed with the kernel-source-upgrade? | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | =================== Increasing security a (small) bit | ||
+ | |||
+ | ===== Sudo ===== | ||
+ | |||
+ | This will probably -decrease- security, but helps me out if someone needs restricted root access and I am not willing to give him the root password. | ||
+ | Install package: | ||
+ | pkg_add -r sudo | ||
+ | |||
+ | ===== Syslogd ===== | ||
+ | Configure package: | ||
+ | nano / | ||
+ | syslogd_enable=" | ||
+ | syslogd_flags=" | ||
+ | |||
+ | ===== Bash 3.0 with Syslog-command logging ===== | ||
+ | I'd like to have record of all commands I type in my bash console. This will help recover from stupid mistakes as well as (very unlikely) have something to look into in case somebody succesfully compromised my PC. Locally stored logfiles arent really hard to modify for a hacker, I know.. | ||
+ | The option I've found isn't perfect (allows thousands of ways around it), but it will do for the time being, and I will like its simplicity. | ||
+ | |||
+ | Copy (with WinSCP for example) the file bash-3.0-syslog.patch to your FreeBSD installation. | ||
+ | cd / | ||
+ | make | ||
+ | After the installation has downloaded, tested, extracted the files and has applied the patches, press CTRL-C when you see: "--- Configuring for bash-3.0.16_1", | ||
+ | cd / | ||
+ | patch < / | ||
+ | ./configure | ||
+ | make | ||
+ | make install | ||
+ | nano / | ||
+ | local5.info / | ||
+ | touch / | ||
+ | killall -1 syslogd | ||
+ | exit | ||
+ | Re-login, and check / | ||
+ | |||
+ | ===== mrtg (Multi Router Traffic Grapher) ===== | ||
+ | This is a tool to monitor the traffic load on network-links. I use it to see how much data goes through my DSL router (which supports SNMP, which is required for mrtg to work). My router doesn' | ||
+ | If any computer on my network would be sending out spam continuously, | ||
+ | |||
+ | There is a windows application that can do much the same, it's called ' | ||
+ | |||
+ | My DSL router has 3 interfaces: | ||
+ | * ' | ||
+ | * ' | ||
+ | * ' | ||
+ | configuration) | ||
+ | |||
+ | The snmp-data required from the router is always from the view of the router (how the router sees it coming in/out). | ||
+ | What comes in on the ethernet-device (shown as incoming traffic on this device), goes out to the internet on the ppp-device (shown as outgoing traffic on this device). | ||
+ | I'll use the ppp-interface to gather my statistics from, and not the ethernet device, because this device will also count the few bytes to the router itself (web configuration, | ||
+ | |||
+ | pkg_add -r mrtg | ||
+ | As a regular user (non-root): | ||
+ | mkdir ~/mrtg | ||
+ | cd ~/mrtg | ||
+ | ./cfgmaker --global ' | ||
+ | |||
+ | nano mrtg.cfg | ||
+ | EnableIPv6: no | ||
+ | Workdir: / | ||
+ | Options[_]: growright | ||
+ | |||
+ | Target[1.2.3.4_4]: | ||
+ | SetEnv[1.2.3.4_4]: | ||
+ | MaxBytes[1.2.3.4_4]: | ||
+ | Title[1.2.3.4_4]: | ||
+ | PageTop[1.2.3.4_4]: | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | Replace ' | ||
+ | the " | ||
+ | |||
+ | Now we're going to get mrtg to run every 5 minutes to gather the statistics from the router, and we'll use a cronjob for this task. Start the cronjob editor: | ||
+ | crontab -e | ||
+ | Add the following line, replacing '/ | ||
+ | */5 | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | |||
+ | ====== Mail server configuration ====== | ||
+ | [[mailserver_configuration_with_postfix_courier-imap_procmail_spamassassin_clamav|This section will show you how you can handle e-mail on your FreeBSD server. | ||
+ | It includes the Postfix mail transfer agent, ClamAV as a e-mail virusscanner, | ||
+ | | ||
+ | the courier IMAP / IMAPS server, the Squirrelmail webmail application, | ||
+ | and a basic console e-mail reader (mutt).]] | ||
+ | |||
+ | The Postfix / Courier-IMAP / clamsmtp/ | ||
+ | |||
+ | ====== X-Windows (xorg) ====== | ||
+ | X-Windows is not required if you want to use your FreeBSD pc just for server tasks, and I suggest that you install X-Windows only if you want to use your FreeBSD machine as a workstation too. | ||
+ | [[xorg_gnome-kde-office-mozilla|Installing xorg 7.2 on FreeBSD together with the Gnome and KDE desktop managers, Synergy, TightVNC, NVidia driver, Pidgin instant messaging (ICQ/ | ||
+ | |||
+ | |||
+ | ====== System health ====== | ||
+ | virusscanner | ||
+ | smartmontools | ||
+ | file checksummer / integrety ... | ||
+ | portaudit | ||
+ | monit applications/ | ||
+ | |||
+ | ===== SmartMonTools ===== | ||
+ | Tool to monitor hard disk health status on a regular basis, by using the SMART feature that is available on most modern harddisks. | ||
+ | |||
+ | URL: https:// | ||
+ | |||
+ | From / | ||
+ | < | ||
+ | The smartmontools package contains two utility programs (smartctl and smartd) | ||
+ | to control and monitor storage systems using the Self-Monitoring, | ||
+ | and Reporting Technology System (S.M.A.R.T.) built into most modern ATA and | ||
+ | SCSI hard disks. | ||
+ | support for ATA/ATAPI-5 disks. | ||
+ | </ | ||
+ | |||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | /* | ||
+ | pkg_add -r smartmontools | ||
+ | */ | ||
+ | cp / | ||
+ | echo ' | ||
+ | nano / | ||
+ | Change the line: | ||
+ | < | ||
+ | DEVICESCAN | ||
+ | </ | ||
+ | to (.. and do not forget to change < | ||
+ | < | ||
+ | DEVICESCAN -a -o on -S on -s (S/ | ||
+ | </ | ||
+ | |||
+ | To start the smart monitoring tools (no reboot required): | ||
+ | / | ||
+ | |||
+ | Testing it: | ||
+ | FIXME | ||
+ | |||
+ | ====== Network connectivity ====== | ||
+ | isc dhcp server | ||
+ | bind/named | ||
+ | bounce | ||
+ | trafshow | ||
+ | netcat | ||
+ | nmap | ||
+ | |||
+ | ====== Hardware configuration ====== | ||
+ | See also: brooktree tv card | ||
+ | |||
+ | |||
+ | ===== Soundcard on FreeBSD ===== | ||
+ | URL: https:// | ||
+ | |||
+ | Let's start by trying the snd_driver kernel module, which is a ' | ||
+ | kldload snd_driver | ||
+ | |||
+ | Check which driver was eventually used: | ||
+ | dmesg | ||
+ | |||
+ | Example output: | ||
+ | < | ||
+ | ... | ||
+ | pcm0: <VIA VT8237> port 0xe800-0xe8ff irq 22 at device 17.5 on pci0 | ||
+ | pcm0: <Avance Logic ALC850 AC97 Codec> | ||
+ | pcm0: <VIA DXS Enabled: DXS 4 / SGD 1 / REC 1> | ||
+ | </ | ||
+ | |||
+ | Find out the correct driver name: | ||
+ | cat / | ||
+ | < | ||
+ | FreeBSD Audio Driver (newpcm) | ||
+ | Installed devices: | ||
+ | pcm0: <VIA VT8237> at io 0xe800 irq 22 kld snd_via8233 (5p/1r/1v channels duplex default) | ||
+ | </ | ||
+ | Look for snd_*, in my case the kernel module to use is snd_via8233 (on my other pc it's ' | ||
+ | Now I'll unload all drivers, and re-load only the correct one (for me that' | ||
+ | kldunload snd_driver | ||
+ | kldload snd_via8233 | ||
+ | |||
+ | Test it: | ||
+ | Method 1: dumping some random noise to the soundcard: | ||
+ | dd if=/ | ||
+ | Method 2: playing a mp3 file (TODO: download link to mp3 file) | ||
+ | This requires mpg321 to be installed | ||
+ | portinstall mpg321 | ||
+ | mpg321 < | ||
+ | |||
+ | Have the correct module load on system startup (replace ' | ||
+ | nano / | ||
+ | < | ||
+ | snd_via8233_load=" | ||
+ | </ | ||
+ | |||
+ | Now you can install other music players, mp3blaster, xmms (if you're using X-windows) | ||
+ | |||
+ | |||
+ | Optional: | ||
+ | Change the number of channels(? | ||
+ | sysctl hw.snd.pcm0.vchans=4 | ||
+ | |||
+ | /* | ||
+ | sysctl -a | grep snd | ||
+ | |||
+ | hw.snd.pcm0.hwvol_step: | ||
+ | hw.snd.pcm0.hwvol_mixer: | ||
+ | |||
+ | sysctl -a | grep snd | ||
+ | pcm0: <Intel ICH5 (82801EB)> | ||
+ | 0xeffff800-0xeffff9ff, | ||
+ | pci0 | ||
+ | pcm0: <Analog Devices AD1985 AC97 Codec> | ||
+ | pciconf -lv | ||
+ | */ | ||
+ | |||
+ | |||
+ | ===== DVD/CD Burning with FreeBSD ===== | ||
+ | URL: https:// | ||
+ | URL: https:// | ||
+ | |||
+ | Installation of burn software: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | If you are running X, you might want to try out ' | ||
+ | |||
+ | Another way (you might need to change the speed, or cd0 to cd1, depending on model & how it's connected): | ||
+ | growisofs -dvd-compat -speed=6 -Z / | ||
+ | |||
+ | < | ||
+ | Executing ' | ||
+ | /dev/pass0: " | ||
+ | 32768/ | ||
+ | 32768/ | ||
+ | 32768/ | ||
+ | 32768/ | ||
+ | 32768/ | ||
+ | 32768/ | ||
+ | 32768/ | ||
+ | 5111808/ | ||
+ | | ||
+ | | ||
+ | | ||
+ | 113901568/ | ||
+ | 141754368/ | ||
+ | 169607168/ | ||
+ | :-( unable to WRITE@LBA=14dc0h: | ||
+ | :-( write failed: Input/ | ||
+ | /dev/pass0: flushing cache | ||
+ | :-( unable to FLUSH CACHE: Input/ | ||
+ | :-( unable to SYNCHRONOUS FLUSH CACHE: Input/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | For cd-rom burning (no dvd-r, dvd+r, or dvd+-rw and such) you can use the free version of cdrecord. It doesn' | ||
+ | Usage: | ||
+ | cdrecord -v -multi -data speed=32 dev=1,1,0 </ | ||
+ | ' | ||
+ | |||
+ | Your ' | ||
+ | cdrecord -scanbus | ||
+ | Adjust the burn speed if needed, make sure you don't burn faster than your recordable/ | ||
+ | |||
+ | |||
+ | ===== DACAL DC-300 ===== | ||
+ | The 'DACAL DC-300 CD Library II' is a 150 cd-changer / jukebox system, with an USB connection for controlled ejecting/ | ||
+ | The device comes with Windows drivers & cd catalog software, and you can connect multiple Dacal DC300 units to another, allowing you to control/ | ||
+ | The manufacturer does not provide drivers or support for Linux or FreeBSD/ | ||
+ | |||
+ | Manufacturer Product URL: https:// | ||
+ | |||
+ | I recently got some of these, as they were a lot cheaper than the ' | ||
+ | |||
+ | There are two tools for controlling the Dacal units, I'll start with the | ||
+ | smallest one: | ||
+ | |||
+ | There is a sourceforge project for a Linux changer control application, | ||
+ | URL: https:// | ||
+ | Make sure you've installed Linux compatibility & Libusb (/ | ||
+ | Download URL: httpw:// | ||
+ | |||
+ | Now compile it (I've had to edit ' | ||
+ | gcc Dacal.c -o Dacal -I/ | ||
+ | or: | ||
+ | gcc Dacal.c -o dacal -I/ | ||
+ | Copy the created binary executable to a folder in your path: | ||
+ | cp dacal / | ||
+ | |||
+ | The website also provides a compile.sh script, but that didn't work for me: | ||
+ | |||
+ | Let's see if it works, by using ' | ||
+ | dacal --list | ||
+ | < | ||
+ | Scanning for 'DACAL Co.' devices... | ||
+ | Scan complete. Found 2 devices. | ||
+ | Available 'DACAL Co.' devices: | ||
+ | Dev# Bus | ||
+ | 1 / | ||
+ | 2 / | ||
+ | </ | ||
+ | Test it, ejecting disk number 2 from my first Dacal device (having a device id 9914): | ||
+ | dacal 9914 2 | ||
+ | For re-inserting, | ||
+ | |||
+ | |||
+ | Method 2: | ||
+ | |||
+ | I came acros [[https:// | ||
+ | I've tried compiling the source, and days later somehow I ended up downloading FreeBSD-i386 binaries, which worked nicely: | ||
+ | Installation: | ||
+ | Go to the [[https:// | ||
+ | |||
+ | Extract the files: | ||
+ | cd / | ||
+ | tar -jxvf <?>/ | ||
+ | tar -zxvf <?>/ | ||
+ | tar -zxvf <?>/ | ||
+ | |||
+ | / | ||
+ | < | ||
+ | dacalDC300 - Id = 10170 | ||
+ | </ | ||
+ | Use the Id value you get (here it is 10170, your will be different) for identiyfing the DACAL units. Every unit probably has an unique number, you might want to write it with a sticker on the device itself. Without the correct ID value, it will give the error "Could not find device by id: 4294967295" | ||
+ | |||
+ | / | ||
+ | |||
+ | Connecting more than one DACAL unit (daisy chaining them with USB cables) works too, you will see the unit id's of the other DACAL units with the same ' | ||
+ | |||
+ | If ejecting or inserting the cd does not work (for example when something is mechanically blocking the ejector), the display of the DACAL unit will show a ' | ||
+ | |||
+ | Lets try to eject cd in the last slot (number 150, as slot numbering starts with 1, not with 0): | ||
+ | / | ||
+ | |||
+ | Ejecting a disk when the ejector is already out won't work, and won't produce any error message. | ||
+ | The ejector will automatically retract/ | ||
+ | |||
+ | Inserting the disk: | ||
+ | / | ||
+ | The number (here 0) behind the ' | ||
+ | |||
+ | Maybe in the near future, I'll build a web interface for it, and attach it to my MySQL database.. throw in a slot-loading dvd-writer, and have 3(units)x 150(dvd-r)x 4.5GB = just enough storage (2000GB, or 2TB for short) for all my mp3 music files ;) | ||
+ | |||
+ | By the way, I've disabled UHID in the kernel, but can't confirm this | ||
+ | step is required to | ||
+ | get things working - https:// | ||
+ | |||
+ | ===== SIS-PM CTL ===== | ||
+ | A few days ago, I've bought a Gembird SilverShield SIS-PM 4 socket USB | ||
+ | controlled power outlet. It comes with a control application for Windows, but I' | ||
+ | also seen a Linux application for controlling the 4 controllable | ||
+ | power sockets on it. It's certainly not expensive: I've paid | ||
+ | less than 30 euro for it. I didn't know for sure if I'd be able to get | ||
+ | this Gembird SIS-PM working with FreeBSD, but I tried, and was | ||
+ | succesfull (using Linux emulation). | ||
+ | |||
+ | By the way, I've disabled UHID in the kernel, but can't confirm this step is required to get things working | ||
+ | |||
+ | Linux tools are available at https:// | ||
+ | I've downloaded the most recent version at the sispmctl website | ||
+ | |||
+ | Make sure you've installed LibUSB: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Compiling the Linux sispmctl tool: | ||
+ | cd /usr/src | ||
+ | tar -zvxf sispmctl-2.4b.tar.gz | ||
+ | cd / | ||
+ | ./configure | ||
+ | cd / | ||
+ | gcc sispm_ctl.c nethelp.c main.c socket.c -o sispm_ctl -I/ | ||
+ | |||
+ | Test it (the next command enables power on the first socket) | ||
+ | ./sispm_ctl -o 1 | ||
+ | < | ||
+ | Accessing Gembird #0 USB device /dev/ugen0 | ||
+ | Switched outlet 1 on | ||
+ | </ | ||
+ | Switching socket number 1 off can be done with the parameter '-f 1' | ||
+ | |||
+ | Read the safety instructions in the booklet provided with the device: | ||
+ | Maximum load current 10A. Don't switch high inductive loads, such as big | ||
+ | motors, electric drills, washing machines. Personally I would not switch | ||
+ | all sockets on at the same time, depending on the devices I' | ||
+ | connected, and would leave a few seconds in between. | ||
+ | |||
+ | references: | ||
+ | http:// | ||
+ | sispm_ctl.c: | ||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | ===== External USB 2.0 harddisk drive ===== | ||
+ | |||
+ | After installing my new kernel, it works without problems (the device requires that the jumper on the IDE harddisk is set to ' | ||
+ | Plug it in, and check if it's detected by FreeBSD: | ||
+ | dmesg | ||
+ | < | ||
+ | umass0: Genesyslogic USB Mass Storage Device, rev 2.00/0.33, addr 2 | ||
+ | da0 at umass-sim0 bus 0 target 0 lun 0 | ||
+ | da0: <WDC WD20 00JB-00EVA0 0811> Fixed Direct Access SCSI-0 device | ||
+ | da0: 40.000MB/s transfers | ||
+ | da0: 190782MB (390721968 512 byte sectors: 255H 63S/T 24321C) | ||
+ | </ | ||
+ | |||
+ | Creating a new mountpoint, and mount the device | ||
+ | cd /mnt/ | ||
+ | mkdir usb | ||
+ | mount / | ||
+ | < | ||
+ | da0 | ||
+ | </ | ||
+ | mount /dev/da0s1a /mnt/usb | ||
+ | If the partition on the drive is FAT32, NTFS or Ext2FS you might need the '-t < | ||
+ | mount -t msdosfs /dev/da0s2 /mnt/usb | ||
+ | (?) check for correctness | ||
+ | |||
+ | |||
+ | |||
+ | ====== Some (possibly useful) scripts ====== | ||
+ | Here are some scripts I regularly use to perform various tasks. | ||
+ | |||
+ | Some basic shell scripting info at [[https:// | ||
+ | |||
+ | |||
+ | ===== reboot safety protection against accidental use ===== | ||
+ | I manage several servers remotely, and it happened to me, more than once, that I rebooted the wrong machine, because I didn't notice I was entering the command in the wrong terminal window. | ||
+ | So I came up with a small shell script, that will 'wrap around' | ||
+ | As root: | ||
+ | |||
+ | mv / | ||
+ | nano / | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | HOSTNAME=`hostname -s` | ||
+ | if [ " | ||
+ | echo Now rebooting `hostname -s` $2 $3 $4 $5 $6 $7 | ||
+ | / | ||
+ | exit 127 | ||
+ | fi | ||
+ | echo Safety lock for reboot, requiring hostname | ||
+ | echo " | ||
+ | echo " | ||
+ | </ | ||
+ | chmod ugo+rx / | ||
+ | |||
+ | Test it (make sure you have no other large tasks running in the background, like kernel compiles that you better not abort): | ||
+ | reboot | ||
+ | It shouldn' | ||
+ | |||
+ | You can always use the old reboot command if you want to, by entering: | ||
+ | reboot-unsafe | ||
+ | |||
+ | |||
+ | ===== ff (find-file) ===== | ||
+ | Usage: | ||
+ | ff < | ||
+ | Will find files down the directory structure which have a filename containing '// | ||
+ | nano /bin/ff | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | find . -print | grep -i " | ||
+ | </ | ||
+ | chmod ugo+x /bin/ff | ||
+ | |||
+ | |||
+ | ===== forall ===== | ||
+ | nano /bin/forall | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | if [ 1 = `expr 2 \> $#` ] | ||
+ | then | ||
+ | echo Usage: $0 [directory] [command_to_run] [optional_arguments] | ||
+ | echo Where [directory] is the directory containing the filenames you want to use as a parameter of [command_to_run] | ||
+ | exit 1 | ||
+ | fi | ||
+ | dir=$1 | ||
+ | shift | ||
+ | find $dir -type f -print | xargs " | ||
+ | </ | ||
+ | chmod ugo+x /bin/forall | ||
+ | |||
+ | Example: | ||
+ | forall /etc cat | ||
+ | Will run cat / | ||
+ | |||
+ | ===== beep ===== | ||
+ | |||
+ | Sometimes, you might want to have an audible beep coming from your pc' | ||
+ | internal speaker to get your attention. You can use it in scripts you | ||
+ | write, or wherever it suits you: | ||
+ | |||
+ | |||
+ | nano / | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | There must be an even easier way for this.. haven' | ||
+ | (like / | ||
+ | kernel, doesn' | ||
+ | |||
+ | ====== Enhancing security ====== | ||
+ | |||
+ | |||
+ | Blocking SSH/FTP access from IP's which repeatedly fail authentication for ssh, ftp, ... (configurable): | ||
+ | URL: https:// | ||
+ | FIXME | ||
+ | |||
+ | |||
+ | ===== PuTTY / SSH-client ===== | ||
+ | To connect from a windows machine to this FreeBSD machine you will need a ssh-client. A good one is Putty. | ||
+ | I suggest you download the full installation package, as it will also include nice tools for key-management. | ||
+ | |||
+ | To get putty to connect to a ssh-server (like the one our FreeBSD machine is running) | ||
+ | Go to Start -> Programs -> Putty -> PuTTYgen (the authentication-key generator) | ||
+ | Click on ' | ||
+ | |||
+ | Read on with https:// | ||
+ | |||
+ | You might notice there' | ||
+ | To fix this, enter: | ||
+ | export TERM=linux | ||
+ | |||
+ | Add the same command to ~/ | ||
+ | |||
+ | If the backspace key doesn' | ||
+ | https:// | ||
+ | Fixing the backspace key can be done inside the putty configuration. In putty, click ' | ||
+ | Here, set 'The Backspace key' to ' | ||
+ | |||
+ | |||
+ | If connecting to your FreeBSD machine takes a long time, there might be a problem with reverse DNS lookups. | ||
+ | You can add the following line aftet the last line in / | ||
+ | < | ||
+ | UseDNS no | ||
+ | </ | ||
+ | Which will disable DNS lookups. | ||
+ | You will have to restart OpenSSH for this to work. | ||
+ | |||
+ | ===== Password-less login with ssh ===== | ||
+ | If you have accounts on more than one server (e.g. ServerA and ServerB), it is possible to login from ServerA to ServerB, without having to enter a password. | ||
+ | This is done by creating a key from the computer you are logging in -from- (ServerA), and adding this key to the .ssh/ | ||
+ | |||
+ | URL: https:// | ||
+ | |||
+ | (Any comments from other professionals on my choice of rsa vs. dsa are welcome) | ||
+ | |||
+ | Configure sshd to allow access based on private key authentication: | ||
+ | nano / | ||
+ | < | ||
+ | # | ||
+ | AuthorizedKeysFile | ||
+ | </ | ||
+ | |||
+ | |||
+ | On ServerA, where < | ||
+ | su < | ||
+ | ssh-keygen -t rsa | ||
+ | < | ||
+ | Enter file in which to save the key (/ | ||
+ | Enter passphrase (empty for no passphrase): | ||
+ | Enter same passphrase again: | ||
+ | Your identification has been saved in / | ||
+ | Your public key has been saved in / | ||
+ | The key fingerprint is: | ||
+ | 35: | ||
+ | </ | ||
+ | |||
+ | Now, the file .ssh/ | ||
+ | There are two ways to do this. Method 1: copy the file to ServerB with " | ||
+ | | ||
+ | Make sure you are the correct user (use ' | ||
+ | cat ~/ | ||
+ | |||
+ | If this doesn' | ||
+ | scp ~/ | ||
+ | ssh < | ||
+ | |||
+ | Test it: | ||
+ | ssh < | ||
+ | |||
+ | |||
+ | If you want to make a SSH connection from your Windows pc to your FreeBSD server, use PuTTY. If you don't want to enter your password everytime you connect to your FreeBSD machine, you can use the Pageant (Putty SSH authentication agent) application to remember your passwords and enter them for you. This application comes with the PuTTY Windows installer, which you can find on the [[https:// | ||
+ | |||
+ | Read the [[https:// | ||
+ | |these PuTTY/ | ||
+ | |||
+ | You can create a shortcut of your .PPK file, and place it in the Start Menu -> Startup folder, so your key gets loaded upon windows boot. | ||
+ | |||
+ | ===== Other ===== | ||
+ | |||
+ | |||
+ | Check which TCP sockets are listening: | ||
+ | sockstat -4 | ||
+ | |||
+ | Increasing security by disallowing normal users to list/enter root folder: | ||
+ | chmod 700 /root | ||
+ | (this is about the same as 'chmod go-rx / | ||
+ | |||
+ | Clear the /tmp folder on a regular basis: | ||
+ | / | ||
+ | clear_tmp_enable=" | ||
+ | |||
+ | Increasing security by disallowing normal users to see processes of other users: | ||
+ | nano / | ||
+ | security.bsd.see_other_uids=0 | ||
+ | |||
+ | |||
+ | Increasing security by using Blowfish-encryption for passwords | ||
+ | https:// | ||
+ | nano / | ||
+ | : | ||
+ | (note: between ':' | ||
+ | Below : | ||
+ | : | ||
+ | Inactive users will be logged out after 30 minutes. | ||
+ | Rebuild login-database: | ||
+ | cap_mkdb / | ||
+ | Change root password: | ||
+ | passwd | ||
+ | And for other users: | ||
+ | passwd < | ||
+ | |||
+ | more / | ||
+ | Passwords should start with $2. | ||
+ | Change the adduser tool to Blowfish: | ||
+ | nano / | ||
+ | crypt_default=blf | ||
+ | |||
+ | |||
+ | ===== OpenVPN ===== | ||
+ | A VPN (Virtual Private Network) allows users that are not directly connected to your network to 'log in' to your network from any location (e.g. over the internet) and use all network resources that are available to regular users that are directly connected you your network. | ||
+ | This VPN software works in Linux, FreeBSD and Windows. (v2.0.6) | ||
+ | |||
+ | [[Official OpenVPN Site|https:// | ||
+ | URL: https:// | ||
+ | BEST for bridging: URL https:// | ||
+ | |||
+ | Others, possibly old:\\ | ||
+ | URL: https:// | ||
+ | URL: https:// | ||
+ | Windows URL: OpenVPN GUI https:// | ||
+ | |||
+ | |||
+ | Installation: | ||
+ | portinstall security/ | ||
+ | |||
+ | First decide if you need routing or bridging (https:// | ||
+ | I need ' | ||
+ | "you would like to allow browsing of Windows file shares across the VPN without setting up a Samba or WINS server." | ||
+ | |||
+ | I've got a 10.0.0.0/ | ||
+ | |||
+ | --server-bridge and --secret cannot be used together ... must use SSL/TLS keys) | ||
+ | https:// | ||
+ | cp -R / | ||
+ | |||
+ | Follow the instructions in the ' | ||
+ | https:// | ||
+ | Copy the resulting files: ca.crt, and the right clientXXX.crt/ | ||
+ | |||
+ | Client configuration file: | ||
+ | < | ||
+ | dev tap | ||
+ | remote vpnserver.example.org 1194 | ||
+ | |||
+ | tls-client | ||
+ | ca ca.crt | ||
+ | cert sebastiaan.crt | ||
+ | key sebastiaan.key | ||
+ | </ | ||
+ | |||
+ | WORK IN PROGRESS BELOW. DO NOT USE/COPY | ||
+ | |||
+ | Configuration: | ||
+ | Edit / | ||
+ | nano / | ||
+ | < | ||
+ | openvpn_enable=" | ||
+ | openvpn_if=" | ||
+ | </ | ||
+ | |||
+ | For a bridged network: | ||
+ | < | ||
+ | cloned_interfaces=" | ||
+ | ifconfig_bridge0=" | ||
+ | </ | ||
+ | |||
+ | Edit the OpenVPN configuration files: | ||
+ | mkdir / | ||
+ | nano / | ||
+ | Copy/paste the following configuration data: | ||
+ | < | ||
+ | |||
+ | </ | ||
+ | |||
+ | Next, start the VPN server: | ||
+ | / | ||
+ | |||
+ | Check which(udp or tcp) port numbers OpenVPN uses, and configure port forwarding on your router accordingly (port number 1194 or 5000?) | ||
+ | |||
+ | If you have a working basic configuration, | ||
+ | https:// | ||
+ | or search on " | ||
+ | https:// | ||
+ | |||
+ | ====== Copying FreeBSD to another harddisk ====== | ||
+ | After you have installed FreeBSD, I'm going to show you how to copy the complete installation to another drive. This also works if you have created a virtual machine in VMware and want to copy the files to a real harddrive. | ||
+ | There are a few ways to do this: | ||
+ | |||
+ | === dd === | ||
+ | The easiest is using ' | ||
+ | I think it's comparable with Norton Ghosts 'clone entire disk' function. | ||
+ | |||
+ | It's best done in FreeBSD ' | ||
+ | Switch to single user mode (entering ' | ||
+ | You'll see the boot prompt: | ||
+ | < | ||
+ | Type '?' | ||
+ | </ | ||
+ | Enter: | ||
+ | boot -s | ||
+ | < | ||
+ | Enter full pathname of shell or RETURN for /bin/sh: | ||
+ | </ | ||
+ | Press the enter key and you will see the root prompt: | ||
+ | < | ||
+ | # | ||
+ | </ | ||
+ | |||
+ | |||
+ | WARNING: if you have the device names wrong (or if your mistakenly mix ' | ||
+ | |||
+ | dd if=/dev/ad0 of=/dev/ad1 bs=1M | ||
+ | |||
+ | if = where dd pulls the data from (remember ' | ||
+ | of = where dd puts the data to (remember ' | ||
+ | bs = the blocksize, or how many bytes of data to read/write at once. | ||
+ | |||
+ | Depending on the size of your ' | ||
+ | Most harddisks nowadays are capable of 25MB/second writes or better. If your original harddisk is 80GB, it'll take less than an hour to finish. | ||
+ | |||
+ | After copying is done, umount all partitions (by hand?), and shutdown your computer (so you can disconnect cables from the newly prepared harddisk) | ||
+ | |||
+ | |||
+ | === dump / restore === | ||
+ | URL (english): https:// | ||
+ | https:// | ||
+ | = https:// | ||
+ | Here is a good article on the subject [[https:// | ||
+ | |||
+ | |||
+ | To copy a prepared FreeBSD 6.2 installation to a new hard disk drive, first use the FreeBSD installation cdrom and install the base system on the new harddisk (create and mount the correct partitions!) | ||
+ | (to make sure you don't overwrite your existing installation and the the bootsector is written correctly, do this on another pc, or disconnect the harddisk with the fully prepared FreeBSD 6.2 installation, | ||
+ | Write down the device names of your partitions and where you've mounted them (e.g.: /dev/ad0s1a is mounted on '/', | ||
+ | |||
+ | If you're done, connect both harddisks (and make sure that the ' | ||
+ | When FreeBSD has booted, mount the partitions of the second harddisk at / | ||
+ | The device names (/dev/... may differ, depending on how you've connected the new hardisk and how you've partitioned it. | ||
+ | mount /dev/ad2s1a / | ||
+ | mount /dev/ad2s1d / | ||
+ | mount /dev/ad2s1e / | ||
+ | mount /dev/ad2s1f / | ||
+ | You don't need to mount the swap partition. | ||
+ | |||
+ | /sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \ | ||
+ | < | ||
+ | DUMP: WARNING: should use -L when dumping live read-write filesystems! | ||
+ | ls -al / | grep snap | ||
+ | drwxrwxr-x | ||
+ | chmod 0770 /.snap/ | ||
+ | ls -al / | grep snap | ||
+ | drwxrwx--- | ||
+ | FIXME | ||
+ | dump -L ... | ||
+ | |||
+ | mkdir /mnt/root | ||
+ | mount /dev/ad2s1a /mnt/root | ||
+ | mkdir / | ||
+ | mount /dev/ad2s1f / | ||
+ | mkdir / | ||
+ | mkdir / | ||
+ | mount /dev/ad2s1d / | ||
+ | mount /dev/ad2s1e / | ||
+ | ?cd /dir; dump 0af - / | restore xf - | ||
+ | |||
+ | cd /mnt/root; dump -oaf - /var | restore xf - | ||
+ | cd / | ||
+ | cp -Rp /var/www / | ||
+ | |||
+ | umount / | ||
+ | umount / | ||
+ | umount / | ||
+ | umount /mnt/root | ||
+ | reboot | ||
+ | |||
+ | ====== ' | ||
+ | Remember that the copy of the disk you've just created contains a lot of security sensitive information: | ||
+ | Make sure to change passwords, ssh-keys, and remove all other private stuff if you're using this disk copy to quickly setup another server! | ||
+ | /* | ||
+ | / | ||
+ | */ | ||
+ | |||
+ | If you'll be using this copy of your FreeBSD installation in another server, It's likely that some device names will change, for example, the name of the network interface changed from /dev/em0 to /dev/sk0 when I put the drive in another pc, so I had to edit / | ||
+ | Edit / | ||
+ | |||
+ | |||
+ | * Configure all ethernet ports, ip adresses, netmasks + other configs containing the old ip address, routers, dns servers, timeservers & ISP-smtp-servers. | ||
+ | * Note all hosts, printers, routers, etc in /etc/hosts with correct ip. Making notes of the MAC-addresses will help you in the future if you want to set up DHCP or for problem locating. | ||
+ | * Adjust backups scripts to new data locations. | ||
+ | * Change the passwords for root and the existing users, both ' | ||
+ | * Generate new SSH keys. | ||
+ | * Install the correct site certificates for SSL and IMAPS. (or remove them) | ||
+ | * mutt e-mail reader configuration (stored passwords and servers in muttrc) | ||
+ | * postfix aliases aanpassen / fetchmail pop3-retreival configuration / procmail recipes | ||
+ | * Updat the ports-tree: ' | ||
+ | * Check installed ports and packages for security issued: ' | ||
+ | * ntpd -gq | ||
+ | * Check clamav-freshclam.sh (check if the antivirus definitions are updated periodically) | ||
+ | * Protect phpMyAdmin with .htaccess passwords. | ||
+ | * Setup the firewall | ||
+ | * Scripts monitoring all services, tools for restarting services | ||
+ | * Install real SSL certificates | ||
+ | * limit MySQL access to specific IP's | ||
+ | |||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | |||
+ | ====== Backup with FreeBSD ====== | ||
+ | See also: rsync | ||
+ | |||
+ | Demands: | ||
+ | -Harddisk based backup (but in the future I want to use dvd-disks) | ||
+ | -FreeBSD/ | ||
+ | -Network based (over the internet to another location) | ||
+ | -transmitting only the file differences during backups, preserving bandwidth | ||
+ | -detecting file renames / moves (by file checksum?), so preserving diskspace | ||
+ | -Diskspace conservative: | ||
+ | -A Daily incremental backup should take less than 24hours :) | ||
+ | -Verify-backup functionality (SHA1-hash? | ||
+ | -Ease of restore | ||
+ | -No 'fatal backup-errors' | ||
+ | -Possibility to make 4.7GB big backup files that can be backed up to DVD. | ||
+ | -Possibility to restore older versions of a file than the last backed-up | ||
+ | |||
+ | Backup system using hardlinks: | ||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | Rdiff-backup: | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | Unison: | ||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | Bacula | ||
+ | |||
+ | |||
+ | |||
+ | pkg_add -r lynx | ||
+ | pkg_add -r ncftp | ||
+ | |||
+ | $ perl -MCPAN -e shell | ||
+ | Are you ready for manual configuration? | ||
+ | CPAN build and cache directory? [/ | ||
+ | Cache size for build directory (in MB)? [10] | ||
+ | Perform cache scanning (atstart or never)? [atstart] | ||
+ | Cache metadata (yes/no)? [yes] | ||
+ | Your terminal expects ISO-8859-1 (yes/no)? [yes] | ||
+ | File to save your history? [/ | ||
+ | Number of lines to save? [100] | ||
+ | Policy on building prerequisites (follow, ask or ignore)? [ask] | ||
+ | Where is your gzip program? [/ | ||
+ | Where is your tar program? [/ | ||
+ | Where is your unzip program? [/ | ||
+ | Where is your make program? [/ | ||
+ | Where is your lynx program? [] / | ||
+ | Where is your wget program? [/ | ||
+ | Warning: ncftpget not found in PATH | ||
+ | Where is your ncftpget program? [] | ||
+ | Where is your ncftp program? [] / | ||
+ | Where is your ftp program? [/ | ||
+ | Where is your gpg program? [/ | ||
+ | What is your favorite pager program? [more] | ||
+ | What is your favorite shell? [/ | ||
+ | Your choice: | ||
+ | Your choice: | ||
+ | Your choice: | ||
+ | Timeout for inactivity during Makefile.PL? | ||
+ | Your ftp_proxy? | ||
+ | Your http_proxy? | ||
+ | Your no_proxy? | ||
+ | Select your continent (or several nearby continents) [] 4 | ||
+ | Select your country (or several nearby countries) [] 21 | ||
+ | .. (4) ftp:// | ||
+ | Select as many URLs as you like (by number), put them on one line, separated by blanks, e.g. '1 4 5' [] | ||
+ | Enter another URL or RETURN to quit: [] | ||
+ | install Apache::MP3 | ||
+ | |||
+ | |||
+ | http:// | ||
+ | |||
+ | cd / | ||
+ | nano httpd.conf | ||
+ | < | ||
+ | AddType audio/ | ||
+ | AddType audio/ | ||
+ | AddType audio/ | ||
+ | AddType application/ | ||
+ | < | ||
+ | SetHandler perl-script | ||
+ | PerlHandler Apache::MP3 | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # Or use the Apache:: | ||
+ | < | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | </ | ||
+ | mount_nullfs / | ||
+ | |||
+ | ---- Unsatisfied dependencies detected during [L/ | ||
+ | CGI:: | ||
+ | Apache2:: | ||
+ | Audio::Wav | ||
+ | MP3::Info | ||
+ | Inline:: | ||
+ | Ogg:: | ||
+ | Shall I follow them and prepend them to the queue | ||
+ | of modules we are processing right now? [yes] | ||
+ | |||
+ | Please provide a full path to ' | ||
+ | (press Enter if you don't have it installed): | ||
+ | Please provide the location of the Apache directory: | ||
+ | FIXME / | ||
+ | |||
+ | Do you want to install Inline::C? [y] | ||
+ | |||
+ | Shall I ... [y] | ||
+ | |||
+ | |||
+ | named, rc.conf hostname + te starten apps | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | find . -mtime +1 # find files modified more than 48 hours ago | ||
+ | |||
+ | Directories to backup: | ||
+ | * /etc | ||
+ | * / | ||
+ | * homedirs of some users, including /root, especially: | ||
+ | * Firefox favorites (probably in homedir) | ||
+ | * ~/ | ||
+ | * ~/.bashrc | ||
+ | * / | ||
+ | * /var/www (including this document) | ||
+ | * / | ||
+ | * / | ||
+ | * / | ||
+ | * / | ||
+ | * documents, notes, | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== bacula ==== | ||
+ | |||
+ | WORK IN PROGRESS | ||
+ | |||
+ | cd / | ||
+ | nano ./ | ||
+ | change: | ||
+ | bindir= | ||
+ | into: | ||
+ | bindir=/ | ||
+ | |||
+ | Save, exit, and: | ||
+ | ./ | ||
+ | < | ||
+ | ... | ||
+ | Privileges for bacula granted. | ||
+ | </ | ||
+ | |||
+ | same edit with next files, then: | ||
+ | $ ./ | ||
+ | Enter password: | ||
+ | Creation of bacula database succeeded. | ||
+ | |||
+ | $ ./ | ||
+ | Enter password: | ||
+ | Creation of Bacula MySQL tables succeeded. | ||
+ | |||
+ | http:// | ||
+ | The FreeBSD port creates this user and group for you | ||
+ | |||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | cd / | ||
+ | cp bacula-dir.conf.sample bacula-dir.conf | ||
+ | cp bacula-fd.conf.sample bacula-fd.conf | ||
+ | cp bacula-sd.conf.sample bacula-sd.conf | ||
+ | |||
+ | To start the bacula daemons on a FreeBSD system, issue the following command: | ||
+ | |||
+ | / | ||
+ | |||
+ | To confirm they are all running: | ||
+ | |||
+ | ps auwx | grep bacula | ||
+ | < | ||
+ | root 63416 0.0 0.3 2040 1172 ?? Ss 4:09PM 0:00.01 / | ||
+ | root 63418 0.0 0.3 1856 1036 ?? Ss 4:09PM 0:00.00 / | ||
+ | root 63422 0.0 0.4 2360 1440 ?? Ss 4:09PM 0:00.00 / | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | echo ' | ||
+ | echo ' | ||
+ | echo ' | ||
+ | echo ' | ||
+ | |||
+ | bacula conf: | ||
+ | |||
+ | Pool { | ||
+ | Maximum Volume Jobs = 8 | ||
+ | Recycle = yes: na 8 backup-sessies? | ||
+ | RunBeforeJob = "/ | ||
+ | RunAfterJob = "/ | ||
+ | Max Start Delay: uren dat gewacht moet worden na het niet kunnen bereiken van een fs totdat er een error verstuurd wordt. | ||
+ | Write Bootstrap: schrijf metadata ook naar fd | ||
+ | Pool Type = Backup | ||
+ | Accept Any Volume = yes | ||
+ | AutoPrune = yes | ||
+ | |||
+ | |||
+ | Mailserver Address | ||
+ | |||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | ===== Rsync ===== | ||
+ | Official URL: [[http:// | ||
+ | Highly optimized file synchronization tool (network capable), transmits only the difference of the files (saving bandwidth & time) | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r rsync | ||
+ | |||
+ | [[rsync Tips & Tricks|http:// | ||
+ | |||
+ | I found out it's not a good idea to backup your maildir with rsync: | ||
+ | # Mail comes in (and gets backed up) | ||
+ | # You read it (the filename changes to mark it as ' | ||
+ | file gets backed up) | ||
+ | # You move it to another folder (and guess.. it gets backed up again). | ||
+ | So almost every mail that comes in, is read, and gets sorted is | ||
+ | therefore backed up 3 times! | ||
+ | |||
+ | http:// | ||
+ | Has a link to an mp3 of 'the rsync algorithm' | ||
+ | |||
+ | to prevent rsync 'file has vanished' | ||
+ | http:// | ||
+ | |||
+ | ===== Bounce ===== | ||
+ | This tool can forward incoming TCP or UDP network connections to another host/port. | ||
+ | Usefull if you want to redirect traffic from one port to another, or to another host. | ||
+ | There are firewall rules to do this, but sometimes I find it easier to use ' | ||
+ | |||
+ | Install package: | ||
+ | pkg_add -r bounce | ||
+ | |||
+ | |||
+ | Usage: to divert traffic coming in on port 25 to another_host: | ||
+ | bounce -p 25 another_host.example.org 25 | ||
+ | |||
+ | Optional: add this command to / | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Java 2 on FreeBSD (v1.5) ===== | ||
+ | New link, URL: http:// | ||
+ | http:// | ||
+ | |||
+ | stuff below is older: | ||
+ | |||
+ | |||
+ | When running java, I got an error message (but the program runs without noticable problems): | ||
+ | < | ||
+ | Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location | ||
+ | </ | ||
+ | Solution: | ||
+ | mount -t linprocfs linprocfs / | ||
+ | or, add the following line to /etc/fstab: | ||
+ | FIXME | ||
+ | |||
+ | |||
+ | |||
+ | Not so good alternative, | ||
+ | http:// | ||
+ | follow the instructions on this page for downloading the three required files to / | ||
+ | cd / | ||
+ | make | ||
+ | Warning: this will install X-Windows too. | ||
+ | FIXME | ||
+ | |||
+ | ===== pstree ===== | ||
+ | This tool will show a overview of the running processes in a structured tree. This way you can see which process has started another process, etc. | ||
+ | portinstall -P pstree | ||
+ | http:// | ||
+ | |||
+ | sysutils/ | ||
+ | |||
+ | portinstall -P pstree | ||
+ | |||
+ | ===== Crypt-FileSystem ===== | ||
+ | I'd rather have TrueCrypt working on FreeBSD.. | ||
+ | Some people are working on [[http:// | ||
+ | |||
+ | |||
+ | In the meantime, here is another way to use encryption with the use of CFS (Cryptographic FileSystem): | ||
+ | |||
+ | Quick start instructions: | ||
+ | |||
+ | * add the following entry to / | ||
+ | |||
+ | / | ||
+ | |||
+ | * create the default CFS mountpoint (if you want to use a different | ||
+ | mountpoint, set the cfsd_mountpoint variable in / | ||
+ | |||
+ | mkdir /crypt | ||
+ | |||
+ | * enable rpcbind, mountd and cfsd in / | ||
+ | |||
+ | * FreeBSD 4.x: | ||
+ | |||
+ | portmap_enable=" | ||
+ | single_mountd_enable=" | ||
+ | cfsd_enable=" | ||
+ | |||
+ | * FreeBSD 5.x: | ||
+ | |||
+ | mountd_enable=" | ||
+ | cfsd_enable=" | ||
+ | |||
+ | * reboot the system | ||
+ | |||
+ | ===== monit Service Manager ===== | ||
+ | Official URL: http:// | ||
+ | |||
+ | Monit is a tool which periodically checks if all the important | ||
+ | services/ | ||
+ | memory/ | ||
+ | |||
+ | I had some problems today with clamd failing to load, and because I | ||
+ | didn't notice it, some mails couldn' | ||
+ | upgraded all my ports, and didn't notice the dhcp server/ | ||
+ | (isc-dhcpd) | ||
+ | wasn't automatically restarted after the upgrade, until some people | ||
+ | started complaining. | ||
+ | |||
+ | Now I've got it running to monitor the following services/ | ||
+ | -apache | ||
+ | -dhcpd | ||
+ | -courier-imap (including courier-authdaemond) | ||
+ | -postfix | ||
+ | -clamd (including freshclam and clamsmtpd) | ||
+ | -spamassassin-daemon | ||
+ | mlnet (mldonkey, an e-donkey-/ | ||
+ | proftpd | ||
+ | samba (smbd/nmbd) | ||
+ | |||
+ | Still have to configure: | ||
+ | -natd(?) NAT | ||
+ | -SABnzbd.py (newsgroup/ | ||
+ | -mysql | ||
+ | -backup application(? | ||
+ | -diskspace | ||
+ | -system load | ||
+ | -(probably even more, don't know yet) | ||
+ | |||
+ | Installation (as root): | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Configuration: | ||
+ | echo monit_enable=\" | ||
+ | |||
+ | cp / | ||
+ | chmod 0700 / | ||
+ | |||
+ | < | ||
+ | set httpd port 2812 and | ||
+ | allow localhost | ||
+ | allow 10.0.0.0/ | ||
+ | # no password required: | ||
+ | # allow admin: | ||
+ | </ | ||
+ | |||
+ | I want to send alerts (like services not running, hosts not | ||
+ | accessible) to my e-mail address monit@example.org (replace this with your own address): | ||
+ | < | ||
+ | set alert monit@example.org | ||
+ | </ | ||
+ | |||
+ | In case e-mail alerts can't be delivered, they can be stored as files (optional): | ||
+ | mkdir /var/monit | ||
+ | < | ||
+ | set eventqueue | ||
+ | basedir / | ||
+ | # slots 100 # optionaly limit the queue size | ||
+ | < | ||
+ | |||
+ | |||
+ | Start it: | ||
+ | / | ||
+ | < | ||
+ | Starting monit daemon with http interface at [localhost: | ||
+ | </ | ||
+ | |||
+ | To reload the monit configuration (after you've made changes to the files in the / | ||
+ | / | ||
+ | |||
+ | Read more at: / | ||
+ | |||
+ | I'll have to see if I can make a mail2sms gateway, so I can receive | ||
+ | notifications of problems on my phone | ||
+ | |||
+ | $ mount /dev/ad0s2 /mnt/usb/ | ||
+ | mount: /dev/ad0s2 on /mnt/usb: incorrect super block | ||
+ | Sure, it's fat32.. d�hh.. | ||
+ | |||
+ | mount_msdosfs /dev/ad0s2 /mnt/usb/ | ||
+ | # | ||
+ | ls /mnt/usb/ | ||
+ | c-mon& | ||
+ | c-mon& | ||
+ | # | ||
+ | Short filenames (8.3), like fat16.. Hey.. this is VFAT/Fat32, let's retry: | ||
+ | |||
+ | umount /mnt/usb | ||
+ | |||
+ | $ mount_msdosfs -l /dev/ad0s2 /mnt/usb/ | ||
+ | mount_msdosfs: | ||
+ | $ mount_msdosfs -o longnames /dev/ad0s2 /mnt/usb/ | ||
+ | mount_msdosfs: | ||
+ | |||
+ | |||
+ | fsck_msdosfs /dev/da0s1 | ||
+ | < | ||
+ | ** /dev/da0s1 | ||
+ | ** Phase 1 - Read and Compare FATs | ||
+ | FAT starts with odd byte sequence (00000000ffffffff) | ||
+ | Correct? [yn] y | ||
+ | FAT starts with odd byte sequence (00000000ffffffff) | ||
+ | Correct? [yn] y | ||
+ | ** Phase 2 - Check Cluster Chains | ||
+ | ** Phase 3 - Checking Directories | ||
+ | ** Phase 4 - Checking for Lost Files | ||
+ | Next free cluster in FSInfo block (32689) not free | ||
+ | fix? [yn] y | ||
+ | 117 files, 628340 free (157085 clusters) | ||
+ | </ | ||
+ | |||
+ | cp -R / | ||
+ | nano cvs-supfile | ||
+ | cvsup cvs-supfile | ||
+ | cd sys/ | ||
+ | nano FREEBSD62-4 | ||
+ | $ config FREEBSD62-4 | ||
+ | ERROR: version of config(8) does not match kernel! | ||
+ | http:// | ||
+ | / | ||
+ | make kernel-toolchain | ||
+ | make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE | ||
+ | make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE | ||
+ | werktniet | ||
+ | |||
+ | cd /usr/src | ||
+ | update world?/ | ||
+ | |||
+ | make buildworld | ||
+ | make installworld? | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Ping a host by it's MAC address (instead of it's IP) | ||
+ | Installation: | ||
+ | portinstall arping | ||
+ | (/ | ||
+ | Usage: | ||
+ | arping < | ||
+ | (e.g.: 00: | ||
+ | enter 'arp -a' to see the arp/ip tables to test | ||
+ | nice -n -15 arping -n 1 00: | ||
+ | |||
+ | |||
+ | Kplaylist | ||
+ | |||
+ | kernel + base system upgrade: | ||
+ | -Install cvsup- (nogui?) | ||
+ | cd /usr/src | ||
+ | / | ||
+ | / | ||
+ | |||
+ | make update buildworld kernel | ||
+ | make installworld (dangerous) | ||
+ | |||
+ | RELENG_6 | ||
+ | (http:// | ||
+ | |||
+ | edit / | ||
+ | cd /usr/ports | ||
+ | make update | ||
+ | |||
+ | MSDOSFS_LARGE | ||
+ | kernel tickrate = HZ=1000? tinky.. | ||
+ | |||
+ | / | ||
+ | net.inet6.ipv.v6only=0 | ||
+ | |||
+ | START | ||
+ | |||
+ | === Install the ' | ||
+ | Will install the sources for the basic system binaries. Needed for the | ||
+ | update. | ||
+ | |||
+ | / | ||
+ | |||
+ | Go to " | ||
+ | ' | ||
+ | Installation when finished. | ||
+ | |||
+ | http:// | ||
+ | |||
+ | === Install CVSup === | ||
+ | portinstall -P cvsup-without-gui | ||
+ | |||
+ | === edit the cvsup configuration === | ||
+ | Choose cvsup server (page | ||
+ | bottom): | ||
+ | http:// | ||
+ | You can also install fastest-cvsup (pkg_add -r fastest_cvsup) and use | ||
+ | ' | ||
+ | freebsd cvsup mirror in your country. | ||
+ | Or use fastest_cvsup in one go, after you've configured the cvs-supfile: | ||
+ | ### cvsup -L 2 -h ' | ||
+ | |||
+ | I've chosen to use FreeBSD 6-STABLE (RELENG_6), which contains the | ||
+ | latest sources found to be STABLE-worthy. | ||
+ | There is also ' | ||
+ | that will be coming in FreeBSD 7. But I'll stick with STABLE. | ||
+ | |||
+ | My / | ||
+ | < | ||
+ | *default host=cvsup.nl.FreeBSD.org | ||
+ | *default base=/usr | ||
+ | *default prefix=/usr | ||
+ | *default release=cvs tag=RELENG_6 | ||
+ | *default delete use-rel-suffix | ||
+ | src-all | ||
+ | </ | ||
+ | |||
+ | Updating the ports tree can be done by cvsup by setting it up here, but | ||
+ | I prefer using | ||
+ | portsnap, as it's faster, uses less bandwidth, and it's more secure. | ||
+ | |||
+ | === modify / | ||
+ | < | ||
+ | SUP_UPDATE=yes | ||
+ | SUP=/ | ||
+ | SUPFILE=/ | ||
+ | SUPFLAGS=-g -L 2 -z -h < | ||
+ | CFLAGS= -O -pipe | ||
+ | KERNCONF=< | ||
+ | </ | ||
+ | |||
+ | |||
+ | === update the kernel and system sources === | ||
+ | make update | ||
+ | (or 'cvsup cvs-supfile'? | ||
+ | |||
+ | === create/edit the kernel config === | ||
+ | cd / | ||
+ | cp GENERIC FREEBSD62 | ||
+ | nano FREEBSD62 | ||
+ | I like to comment-out the following: | ||
+ | ident | ||
+ | # | ||
+ | #cpu I486_CPU | ||
+ | #cpu I586_CPU | ||
+ | |||
+ | options | ||
+ | options QUOTA | ||
+ | # | ||
+ | |||
+ | I've disabled uhid to get my sis-pm USB controlled 4 power socket | ||
+ | working. | ||
+ | - Why does " | ||
+ | |||
+ | === Now, === | ||
+ | |||
+ | cd /usr/src | ||
+ | make buildworld | ||
+ | make buildkernel | ||
+ | (I like to split these two commands, as shown. You could however also | ||
+ | 'make buildworld buildkernel' | ||
+ | |||
+ | === Install the new kernel === | ||
+ | make installkernel | ||
+ | |||
+ | === Updating /etc/* files using mergemaster === | ||
+ | mergemaster -p | ||
+ | |||
+ | This will update configuration files in /etc, unfortunately | ||
+ | you're asked a lot of questions if you have already installed and | ||
+ | configured a lot of application. | ||
+ | |||
+ | === Install the world binaries === | ||
+ | |||
+ | make installworld | ||
+ | |||
+ | The order: ' | ||
+ | important! | ||
+ | |||
+ | |||
+ | |||
+ | ==== Autologin ==== | ||
+ | URL: http:// | ||
+ | |||
+ | How to automatically login with a non-root user and run gnome | ||
+ | (gnome-session without using gdm) or kde (without using kdm) | ||
+ | |||
+ | This neat trick will auto-login with the specified username on tty1 (the | ||
+ | window at Alt-F1..). You can then automatically run gnome or kde with | ||
+ | the specified username. | ||
+ | |||
+ | I didn't get KDE/Gnome autologin working with the GDM/KDM settings (it | ||
+ | kept asking for a password), so I had to resort to another | ||
+ | way to have it do auto log-in: trough the user's shell: | ||
+ | |||
+ | First, we're going to have the user automatically logged in to the shell | ||
+ | (steps 1,2,3), and to | ||
+ | |||
+ | Step1& | ||
+ | nano / | ||
+ | |||
+ | Add this to the bottom of the file (change ' | ||
+ | existing username you wish to use for auto-login): | ||
+ | < | ||
+ | my_freebsd_username: | ||
+ | : | ||
+ | </ | ||
+ | |||
+ | nano /etc/ttys | ||
+ | Change the line starting with ' | ||
+ | wish to use for auto-login, I used ' | ||
+ | < | ||
+ | ttyv0 "/ | ||
+ | </ | ||
+ | |||
+ | Reboot the system, and you will see that after the system has booted, | ||
+ | you will have a shell prompt (instead of a login prompt). | ||
+ | |||
+ | Step 3: | ||
+ | Change my_freebsd_username to the username you wish to use to auto-login, and edit the .profile of that user: | ||
+ | su my_freebsd_username | ||
+ | cd ~my_freebsd_username | ||
+ | nano .profile | ||
+ | |||
+ | < | ||
+ | #default: do not start X: | ||
+ | STARTX=" | ||
+ | #but if tty=0 and shell-level=1, | ||
+ | [ `tty` = "/ | ||
+ | [ $STARTX = " | ||
+ | #Sleep a second, because my computer is too fast: | ||
+ | #/bin/sleep 1 | ||
+ | / | ||
+ | } | ||
+ | # Note to Linux users: change /dev/ttyv0 to /dev/tty1; change / | ||
+ | </ | ||
+ | |||
+ | In the file / | ||
+ | window manager to start (KDE, Gnome, or another), together with any | ||
+ | other applications you wish to start with X-windows (I start my browser, | ||
+ | e-mail client, chat/ | ||
+ | |||
+ | < | ||
+ | #!/bin/sh | ||
+ | |||
+ | # screen saver after five minutes: | ||
+ | xset s 300 | ||
+ | |||
+ | # fix that annoying backspace problem | ||
+ | xmodmap -e " | ||
+ | |||
+ | # Allow any application run on localhost to access this X session: | ||
+ | xhost +localhost | ||
+ | |||
+ | # Instant messaging / chat client (Pidgin, formerly known as GAIM): | ||
+ | pidgin & | ||
+ | |||
+ | # E-mail client (Mozilla Thunderbird): | ||
+ | thunderbird & | ||
+ | |||
+ | # Webbrowser (Mozilla Firefox): | ||
+ | firefox & | ||
+ | |||
+ | # Konsole (shell) window: | ||
+ | konsole & | ||
+ | |||
+ | # Background screen session (why?) | ||
+ | screen -dmS xsessie & | ||
+ | |||
+ | # Audiomixer (set to 50% volume): | ||
+ | / | ||
+ | / | ||
+ | |||
+ | # Start the VNC server, so remote computers can access this pc's desktop: | ||
+ | x11vnc -rfbauth ~/ | ||
+ | |||
+ | # Start a VNC-viewer in listening mode (port 5500), with low quality settings, which make it faster over slow network links: | ||
+ | vncviewer -bgr233 -compresslevel 9 -quality 0 -listen 0 & | ||
+ | |||
+ | # Start the Gnome desktop environment: | ||
+ | exec gnome-session | ||
+ | # Or, to use KDE: | ||
+ | # Start the KDE desktop environment: | ||
+ | #exec startkde | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Console ' | ||
+ | This will put your monitor in standy | ||
+ | after you have not used it for a while (saving power, and thus money). | ||
+ | It will only work when you're on the console (not in X-windows): | ||
+ | kldload green_saver.ko | ||
+ | Or add ' | ||
+ | it loaded on system startup. | ||
+ | |||
+ | |||
+ | ====== Printing in FreeBSD ====== | ||
+ | Installing a laser/ | ||
+ | I'll make it a multi-step project | ||
+ | |||
+ | 0. Preparations | ||
+ | 1. Apsfilter | ||
+ | |||
+ | Official URL: http:// | ||
+ | URL: http:// | ||
+ | |||
+ | cd / | ||
+ | make WITH_GHOSTSCRIPT_AFPL=yes BATCH=yes APSFILTER_ALL=yes install clean | ||
+ | I'm not 100% sure if it should be WITH_GHOSTSCRIPT_AFPL or WITH_GHOSTSCRIPT_GNU | ||
+ | |||
+ | cd / | ||
+ | ./SETUP | ||
+ | < | ||
+ | Found ghostscript version 8.60 ... | ||
+ | You have to upgrade at least to gs version 6.50! | ||
+ | But you should upgrade to gs 7.00 for full driver support | ||
+ | prior installing printers with SETUP. | ||
+ | Do you you want to continue? [Y/n] y | ||
+ | </ | ||
+ | < | ||
+ | ... Licence ... | ||
+ | Accept license [Y|y|J|j|N|n] ? y | ||
+ | </ | ||
+ | < | ||
+ | The Owner of your spooldir seems to be: root | ||
+ | The Group of your spooldir seems to be: daemon | ||
+ | Is this correct? [y/n] y | ||
+ | </ | ||
+ | < | ||
+ | saving original printcap -> / | ||
+ | creating a working copy of printcap -> / | ||
+ | </ | ||
+ | < | ||
+ | It seems you have configured a printer with this script before. | ||
+ | Do you want to (a)dd another printer entry or | ||
+ | to (o)verwrite the existing entries? | ||
+ | a/o? o | ||
+ | </ | ||
+ | In the APSFILTER main menu: | ||
+ | < | ||
+ | Select 1 (Printer Driver Selection) | ||
+ | | ||
+ | My printer is a HP LaserJet 4L using the ljet4l, so I've entered ' | ||
+ | Do you want to use ljet4l? [Y|n] y | ||
+ | |||
+ | Select 2 (Interface Setup) | ||
+ | The printer is connected trough a parallel cable, so in the interface setup, I've selected | ||
+ | | ||
+ | The printer is connected to the first (and only) LPT port, FreeBSD calls this '/ | ||
+ | Full path of parallel print device: /dev/lpt0 | ||
+ | |||
+ | Select 3 (Paper Format) | ||
+ | Here in the Netherlands, | ||
+ | | ||
+ | |||
+ | To test if the settings work, we'll print a test page. Make sure your printer is powered on, and connected correctly. | ||
+ | Select T (Print Test Page) | ||
+ | | ||
+ | |||
+ | If the testpage looked ok, you can now choose | ||
+ | option I (Install printer with values shown above) | ||
+ | |||
+ | ** creating printcap entry for printer aps1... | ||
+ | | ||
+ | | ||
+ | ** done. | ||
+ | |||
+ | Finish the installation with ' | ||
+ | </ | ||
+ | |||
+ | Don't forget to send the APSFILTER author a snail-mail, as requested. | ||
+ | To restart the printer daemons: | ||
+ | lpc restart all | ||
+ | / | ||
+ | |||
+ | Backup your / | ||
+ | cp -n / | ||
+ | |||
+ | 1a. testing with lpr | ||
+ | Download lpr_testfile.ps | ||
+ | Print it: | ||
+ | / | ||
+ | |||
+ | |||
+ | 2. CUPS | ||
+ | 2a. testing | ||
+ | 3. Samba | ||
+ | 3a. Windows network printer driver installation | ||
+ | 3b. testing | ||
+ | 4. print to pdf | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | work in progress | ||
+ | /* | ||
+ | cupsd_enable=" | ||
+ | / | ||
+ | Starting cupsd. | ||
+ | |||
+ | http:// | ||
+ | |||
+ | cd / | ||
+ | make install | ||
+ | / | ||
+ | deselected all x11* | ||
+ | / | ||
+ | ===> | ||
+ | ghostscript-gpl-8.60 | ||
+ | */ | ||
+ | |||
+ | Print to PDF using Samba (warning: dutch page): | ||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== P2P and other music/movie downloading apps ====== | ||
+ | MLdonkey: edonkey, overket, kademlia(?) | ||
+ | SABnzbd: newsgroups | ||
+ | FTD4Linux: newsgroups index community/ | ||
+ | |||
+ | ===== amule2 ===== | ||
+ | Installation: | ||
+ | portinstall net-p2p/ | ||
+ | |||
+ | ===== MLdonkey ===== | ||
+ | A P2P client with web/http frontend | ||
+ | Official URL: [[http:// | ||
+ | |||
+ | Among the supported Peer2peer protocols are: | ||
+ | * Bittorrent (.torrent files) | ||
+ | * Edonkey2000, | ||
+ | * FastTrack (KaZaA) and OpenFT (giFT) | ||
+ | * Gnutella, and many more | ||
+ | |||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Add the following line to / | ||
+ | < | ||
+ | mlnet_enable=" | ||
+ | mlnet_user="< | ||
+ | </ | ||
+ | So mldonkey is started as a daemon upon next boot, with the permissions as < | ||
+ | |||
+ | Run it: | ||
+ | su < | ||
+ | mlnet | ||
+ | |||
+ | By default, mldonkey' | ||
+ | If you're seeing the '403 Forbidden - Connection from < | ||
+ | |||
+ | nano < | ||
+ | Change the ' | ||
+ | < | ||
+ | allowed_ips = [ " | ||
+ | </ | ||
+ | Note: mlnet writes its configuration when it closes to the files. So first close mlnet, then edit the configuration files, then re-start mlnet. | ||
+ | |||
+ | |||
+ | With a webbrowser, go to: http:/ /< | ||
+ | It will complain about an empty admin password. To fix this, in the upper-right input bar/field enter: | ||
+ | < | ||
+ | useradd admin < | ||
+ | </ | ||
+ | Replace < | ||
+ | |||
+ | If you want allow others to access mldonkey, they don't need admin access. | ||
+ | Add another ' | ||
+ | < | ||
+ | useradd < | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | Don't know yet what's the solution to the next error I saw when I tried | ||
+ | the same on my other box: | ||
+ | < | ||
+ | gmake[1]: *** [lablgtktop] Segmentation fault: 11 (core dumped) | ||
+ | </ | ||
+ | Perhaps I'll make the world again. And make it a better place for all of | ||
+ | us to live in, with less errors. | ||
+ | |||
+ | ===== SABnzbd ===== | ||
+ | A newsgroup download tool, capable of handling NZB-files, with integrated PAR2 checker, extracter, and a web interface. | ||
+ | Where you would use a tool like ' | ||
+ | |||
+ | Installation: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | < | ||
+ | Aug2007: I think the most recent version of | ||
+ | CherryPy doesn' | ||
+ | |||
+ | < | ||
+ | Traceback (most recent call last): | ||
+ | File "/ | ||
+ | import cherrypy | ||
+ | ImportError: | ||
+ | </ | ||
+ | |||
+ | Re-install it: | ||
+ | export PYTHONPATH="/ | ||
+ | cd / | ||
+ | make deinstall | ||
+ | make clean | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | If you get any errir when doig make install about missing directories: | ||
+ | mkdir / | ||
+ | mkdir / | ||
+ | |||
+ | |||
+ | cd / | ||
+ | make deinstall | ||
+ | cd / | ||
+ | make deinstall | ||
+ | make clean | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | < | ||
+ | **************************************************************************** | ||
+ | Check / | ||
+ | See / | ||
+ | **************************************************************************** | ||
+ | ===> | ||
+ | </ | ||
+ | |||
+ | I like to have all configuration files in /etc or / | ||
+ | |||
+ | cd / | ||
+ | mv SABnzbd.ini / | ||
+ | ln -s / | ||
+ | |||
+ | Configuration is done in the SABnzbd.ini file, which we just moved to / | ||
+ | The things you want to edit are: | ||
+ | < | ||
+ | username = <some username> | ||
+ | password = <some password> | ||
+ | download_dir = ... | ||
+ | complete_dir = ... | ||
+ | nzb_backup_dir = ... | ||
+ | cache_dir = ... | ||
+ | log_dir = ... | ||
+ | dirscan_dir = ... | ||
+ | </ | ||
+ | And, do not forget to enter your newsserver in the [servers] section of the same file. | ||
+ | |||
+ | |||
+ | Start it: | ||
+ | |||
+ | / | ||
+ | |||
+ | You might want to put this line in / | ||
+ | Or, even easier: add this crontab entry for the user you want to run SABnzbd as: | ||
+ | < | ||
+ | @reboot | ||
+ | </ | ||
+ | |||
+ | Test it by opening a web browser to http:// | ||
+ | To allow other computers to access SABnzbd or to use another port number, edit the correct sections in SABnzbd.ini | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== rtorrent - Console Bittorrent-p2p client ===== | ||
+ | URL: http:// | ||
+ | |||
+ | This is a bittorrent client with all the feautures you will find in other clients like Azureus, but all console-based. | ||
+ | |||
+ | Installation (as root): | ||
+ | |||
+ | cd / | ||
+ | wget http:// | ||
+ | tar -zxvf libtorrent-0.11.0.tar.gz | ||
+ | cd libtorrent-0.11.0 | ||
+ | ./configure | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | cd / | ||
+ | wget http:// | ||
+ | tar -zxvf rtorrent-0.7.0.tar.gz | ||
+ | cd rtorrent-0.7.0 | ||
+ | ./configure | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | Go back to your non-root user account, then: | ||
+ | |||
+ | cp / | ||
+ | nano ~/ | ||
+ | |||
+ | According to some manpage, this will increase the processing speed for hashing the already downloaded parts (http:// | ||
+ | ). Add the lines: | ||
+ | |||
+ | hash_read_ahead = 8 | ||
+ | hash_max_tries = 5 | ||
+ | hash_interval = 10 | ||
+ | |||
+ | Now let's start it in a screen session: | ||
+ | screen rtorrent | ||
+ | |||
+ | You can add torrent files by entering the URL to the torrent file | ||
+ | Use CTRL-q to quit (download will not continue) or CTRL-A D (screen detach hotkey) to detach this window | ||
+ | |||
+ | I might want to start this program everytime my FreeBSD boots, next time. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== VOIP telephony ====== | ||
+ | |||
+ | ===== Asterisk* PBX ===== | ||
+ | The Asterisk* PBX software package allows me to set-up a telephone system. I have special hardware for this (a Linksys Sipura SPA-3000 (or SPA3K as some call it), and a [[http:// | ||
+ | URL: [[http:// | ||
+ | URL: [[http:// | ||
+ | URL: [[http:// | ||
+ | |||
+ | Note: Asterisk, is way too complicated to have you up and running (with configured hardware) in a few minutes. I put it here for completeness, | ||
+ | |||
+ | Work in progress: I'm working on 'My Asterisk PBX Installation and | ||
+ | Configuration Guide', | ||
+ | system in no-time. For more configuration, | ||
+ | [[http:// | ||
+ | configuration guide" | ||
+ | examples there. | ||
+ | |||
+ | |||
+ | Install port: (version 1.2.9.1_2) | ||
+ | cd / | ||
+ | Check which version will be installed when you would use the ports tree: | ||
+ | cat distfiles | ||
+ | Visit the Asterisk.org website to check if any serious bugs have been found after this release. | ||
+ | |||
+ | There are a lot of bugfixes and othe updates since the version in the ports got updated, but lets install anyway: | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | There' | ||
+ | http:// | ||
+ | |||
+ | Some other information about this: | ||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | There is an add-on to change the pitch of your voice: (yet untested) | ||
+ | http:// | ||
+ | |||
+ | I should have a look at this site, it might have some good configuration examples: | ||
+ | |||
+ | http:// | ||
+ | |||
+ | < | ||
+ | Options for asterisk 1.4.3 │ | ||
+ | │ ┌────────────────────────────────────────────────────────────────┐ │ | ||
+ | │ │ [X] OGGVORBIS | ||
+ | │ │ [X] ODBC | ||
+ | │ │ [ ] POSTGRES | ||
+ | │ │ [ ] RADIUS | ||
+ | │ │ [X] SNMP | ||
+ | │ │ [X] H323 | ||
+ | │ │ [X] JABBER | ||
+ | │ │ [ ] ZAPTEL | ||
+ | │ │ | ||
+ | </ | ||
+ | (I disabled POSTGRES, RADIUS, and ZAPTEL) | ||
+ | |||
+ | |||
+ | voip-info.org | ||
+ | |||
+ | ====== Won't run on/under FreeBSD ====== | ||
+ | The following software I want to use is not yet FreeBSD compatible (as far as I can see): | ||
+ | * TrueCrypt http:// | ||
+ | http:// | ||
+ | |||
+ | |||
+ | ====== References ====== | ||
+ | A lot of information in this guide comes from the [[http:// | ||
+ | |||
+ | I've discovered another site which contains [[http:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | I don't get the impression it gets updated a lot, but in the past [[http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | ==== I'm currently working on ... ==== | ||
+ | * freebsd mouse usb selecting text slow, polling problem? | ||
+ | It takes half a second or more to 'start selecting' | ||
+ | That is, when trying to select a piece of text in X, if I do it too fast, it misses a part. | ||
+ | The same goes for resising windows, and other mouse stuff | ||
+ | I've tried the ' | ||
+ | |||
+ | * Completing the routing section of this guide (natd?) | ||
+ | http:// | ||
+ | * Structuring this guide, perhaps splitting it into multiple pages | ||
+ | * check google coverage | ||
+ | |||
+ | |||
+ | ====== Improving this guide ====== | ||
+ | |||
+ | You are welcome to send any links, fixes, comments, or compliments to | ||
+ | the e-mail address listed at the top of this guide. | ||
+ | |||
+ | |||
+ | |||
+ | /* | ||
+ | ===== Junk below this line ===== | ||
+ | Other FreeBSd page: http:// | ||
+ | |||
+ | Do make clean if you are hunting ghosts | ||
+ | |||
+ | routed draaien | ||
+ | |||
+ | cd / | ||
+ | make | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | Granting mount/ | ||
+ | The first step is to allow users to run the mount command to actually mount a filesystem and to allow them to run the umount command. This is done by adding the following line to your / | ||
+ | vfs.usermount=1 | ||
+ | |||
+ | This option will be set within the kernel at next system boot, to enable it immediately run the following command as root: | ||
+ | sysctl vfs.usermount=1 | ||
+ | |||
+ | It is important to note that while setting this variable allows ALL users to run the mount/ | ||
+ | * The user has read/write permission to the device they wish to mount. | ||
+ | * The user owns the directory they wish to mount the filesystem to. | ||
+ | |||
+ | The second issue is typically not a problem, users can always generate an empty directory to host the mount. The first issue is what allows us to restrict access to certain devices for mounting by particular users. However, this security is limited, while we can stop a user from mounting a device entirely, when permission is granted to mount the device, that user can mount it with whatever mount options they like. | ||
+ | |||
+ | 9.23. How do I let ordinary users mount floppies, CDROMs and other removable media? | ||
+ | |||
+ | Ordinary users can be permitted to mount devices. Here is how: | ||
+ | |||
+ | 1. | ||
+ | |||
+ | As root set the sysctl variable vfs.usermount to 1. | ||
+ | |||
+ | # sysctl -w vfs.usermount=1 | ||
+ | |||
+ | 2. | ||
+ | |||
+ | As root assign the appropriate permissions to the block device associated with the removable media. | ||
+ | |||
+ | For example, to allow users to mount the first floppy drive, use: | ||
+ | |||
+ | # chmod 666 /dev/fd0 | ||
+ | |||
+ | To allow users in the group operator to mount the CDROM drive, use: | ||
+ | |||
+ | # chgrp operator /dev/acd0c | ||
+ | # chmod 640 /dev/acd0c | ||
+ | |||
+ | /etc/group | ||
+ | add after operator ... : your username | ||
+ | |||
+ | |||
+ | |||
+ | wget http:// | ||
+ | |||
+ | extract, so that / | ||
+ | |||
+ | nano kplaylist.php | ||
+ | |||
+ | // enable the getid3 package. getid package must reside under getid3/ under the directory | ||
+ | // this file exists. If it does not, please change the ' | ||
+ | $cfg[' | ||
+ | |||
+ | // where the getid3.php file exists | ||
+ | $cfg[' | ||
+ | kplaylist.php resides in / | ||
+ | |||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | last line | ||
+ | */ | ||
+ | /* | ||
+ | NFS: | ||
+ | http:// | ||
+ | |||
+ | / | ||
+ | You must be root to use xcdroast. | ||
+ | click " | ||
+ | But beware! | ||
+ | It modifies the following files and gives them the | ||
+ | set-user-ID-on-execution bit: | ||
+ | |||
+ | xcdwrap | ||
+ | |||
+ | ************************************************************ | ||
+ | |||
+ | Are you sure you want this? If not, hit Ctrl+C right now | ||
+ | |||
+ | This is a security risk! XCDRost will use an own | ||
+ | | ||
+ | the non-root mode inside the application! | ||
+ | |||
+ | |||
+ | |||
+ | Notes for FreeBSD 5.x and onwards users: | ||
+ | 1. The FreeBSD k3b port supports SCSI drives only. If you have IDE CD or DVD | ||
+ | | ||
+ | | ||
+ | 2. Your CD and DVD drives must have a mount point in /etc/fstab. They have | ||
+ | to be accessed through their atapicam device if possible. I.e. the drives | ||
+ | have to be adressed by e.g. /dev/cd0 instead of /dev/acd0. | ||
+ | 3. k3b has to be started from a root console, which is not recommended. | ||
+ | | ||
+ | 3a. set the suid flag on cdrecord and cdrdao. The ' | ||
+ | 'man cdrecord' | ||
+ | 3b. - For every user who should be able to use k3b and for every CD or DVD | ||
+ | device add a directory in the users home directory. These directories | ||
+ | must be owned by the corresponding user. For each such directory add a | ||
+ | line in /etc/fstab (see remark 2), like: | ||
+ | / | ||
+ | Furthermore allow user mounts as described in topic 9.22 of the FAQ: | ||
+ | http:// | ||
+ | To make the chmod' | ||
+ | * add ' | ||
+ | * add a 'perm cdX 666' to / | ||
+ | is the device number. If you prefer allow access for a group only, | ||
+ | add a 'perm cdX 660' instead, followed by an 'own cdX root: | ||
+ | where XXX is the group name. | ||
+ | Alternatively (especially if you are using hot plug capable CD or | ||
+ | DVD drives) you could add an 'add path ' | ||
+ | 'add path ' | ||
+ | under ' | ||
+ | to your / | ||
+ | - or just give mount and umount the suid flag, which is a security leak. | ||
+ | 3c. Every user who should be able to use k3b must have read and write access | ||
+ | to all pass through devices connected with CD and DVD drives and to the | ||
+ | /dev/xpt0 device. Run ' | ||
+ | string ' | ||
+ | / | ||
+ | no alternative! To make this changes permanent, add ' | ||
+ | to / | ||
+ | for each pass device and a 'perm xpt0 666'. If you prefer to bind the | ||
+ | access rights to a group, use the own command as described above. If you | ||
+ | prefer to set this rights dynamically, | ||
+ | to your / | ||
+ | 4. Check, that DMA is activated for atapi devices: ' | ||
+ | If not, set it to 1 and put a ' | ||
+ | 5. Create a directory on a partition, which has enough disk space to hold a CDs | ||
+ | or DVDs content (usually below /usr). Enter this directory in Settings-> | ||
+ | | ||
+ | 6. If you experience problems while burning CDs, try to set the cdrdao driver | ||
+ | | ||
+ | | ||
+ | | ||
+ | See http:// | ||
+ | 7. To burn video CDs install the port multimedia/ | ||
+ | 8. To rip DVDs additionally install the ports multimedia/ | ||
+ | | ||
+ | in http:// | ||
+ | 9. To burn bootable video CDs, install the port multimedia/ | ||
+ | 10. To burn DVDs, install the port sysutils/ | ||
+ | 11. To normalize the volumes of audio cds, install the port audio/ | ||
+ | 12. To rip into more audio formats, install the port audio/sox. | ||
+ | |||
+ | To read this instructions again, type 'make showinfo' | ||
+ | ===> | ||
+ | / | ||
+ | ===> | ||
+ | |||
+ | */ | ||
+ | umass0: Unsupported ATAPI command 0x4a - trying anyway | ||
+ | umass0: Unsupported ATAPI command 0xac - trying anyway | ||
+ | |||
+ | When I power up my Plextor PX-716AL external USB 2.0 DVD burner, ' | ||
+ | < | ||
+ | umass0: PLEXTOR DVDR | ||
+ | cd0 at umass-sim0 bus 0 target 0 lun 0 | ||
+ | cd0: <PLEXTOR DVDR | ||
+ | cd0: 1.000MB/s transfers | ||
+ | </ | ||
+ | However, there' | ||
+ | < | ||
+ | umass0: PLEXTOR DVDR | ||
+ | cd0 at umass-sim0 bus 0 target 0 lun 0 | ||
+ | cd0: <PLEXTOR DVDR | ||
+ | cd0: 40.000MB/s transfers | ||
+ | cd0: cd present [2213904 x 2048 byte records] | ||
+ | </ | ||
+ | Maybe I'll take some time to check if it has something to do with a kernel option about usb / uhid / ugen. Probably I'll try to remember it and remember to unplug/ | ||
+ | |||
+ | |||
+ | ===== reverse ssh ===== | ||
+ | ssh -nNT -R 8022: | ||
+ | |||
+ | |||
+ | copy paste select text gnome terminal | ||
+ | http:// | ||
+ | |||
+ | Game Integrity 20004-error in Wolfenstein: | ||
+ | http:// | ||
+ | |||
+ | |||
+ | ===== PXE Windows XP installation ===== | ||
+ | I'm trying to boot a laptop with a broken cd-rom drive from the network, using PXE. | ||
+ | The following text and links describe my progress. It is not working at the moment. | ||
+ | |||
+ | Best link one so far: | ||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | |||
+ | http:// | ||
+ | tftp dgram | ||
+ | tftp dgram | ||
+ | tftp localhost | ||
+ | < | ||
+ | tftp> get test.txt | ||
+ | tftp> quit | ||
+ | </ | ||
+ | |||
+ | If you try to download a non-existing file, you'll see the following error: | ||
+ | < | ||
+ | Error code 1: File not found | ||
+ | </ | ||
+ | |||
+ | Try to download the file you want to use (the one you set up in dhcpd.conf) | ||
+ | I will assume you've already installed the dhcp server ( net/ | ||
+ | The DHCP server/ | ||
+ | next-server 1.2.3.4; | ||
+ | filename " | ||
+ | option root-path " | ||
+ | |||
+ | echo dhcpd_enable=YES >> / | ||
+ | / | ||
+ | inetd_enable=YES | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | And after you've installed windows unattended, you might want to install OpenOffice.org as well: | ||
+ | OpenOffice.org unattended installation for Windows: | ||
+ | http:// | ||
+ | |||
+ | ===== How to mount an ISO image ==== | ||
+ | Mounting an ISO image with FreeBSD (mount, mdconfig) | ||
+ | http:// | ||
+ | mkdir /mnt/iso | ||
+ | mdconfig -a -t vnode -u 0 -f / | ||
+ | mount -t cd9660 /dev/md0 /mnt/iso | ||
+ | |||
+ | To unmount: | ||
+ | mount -u /mnt/iso | ||
+ | mdconfig -d -u 0 | ||
+ | |||
+ | You can mount multiple ISO's at the same time, just replace ' | ||
+ | |||
+ | If you have a NRG (Nero Burning Rom image file), you can convert it with nrg2iso: | ||
+ | Installation: | ||
+ | portinstall sysutils/ | ||
+ | | ||
+ | Usage: | ||
+ | nrg2iso < | ||
+ | < | ||
+ | If the iso file is created, you can mount it | ||
+ | |||
+ | |||
+ | ===== OpenArena ===== | ||
+ | A 3D shoot-em-up: | ||
+ | |||
+ | URL: http:// | ||
+ | |||
+ | Installation: | ||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | As my NVidia graphics card is already configured in X, there' | ||
+ | |||
+ | Run it: | ||
+ | openarena | ||
+ | |||
+ | One time however, I did receive an error when starting openarena: | ||
+ | < | ||
+ | The next day it worked just fine, and I don't remember doing anything special.. | ||
+ | |||
+ | /* | ||
+ | |||
+ | http:// | ||
+ | does not work yet | ||
+ | http:// | ||
+ | |||
+ | |||
+ | cd / | ||
+ | make | ||
+ | make install | ||
+ | echo denyhosts_enable=" | ||
+ | touch / | ||
+ | nano / | ||
+ | Add to the top of this file: | ||
+ | < | ||
+ | sshd : / | ||
+ | sshd : ALL : allow | ||
+ | < | ||
+ | Start it: | ||
+ | / | ||
+ | BLOCK_SERVICE | ||
+ | < | ||
+ | Starting denyhosts. | ||
+ | </ | ||
+ | |||
+ | ------------------------------------------------------------------------------- | ||
+ | Configiration options can be found in / | ||
+ | ------------------------------------------------------------------------------- | ||
+ | In order to proper working of denyhosts | ||
+ | 1. edit your / | ||
+ | sshd : / | ||
+ | sshd : ALL : allow | ||
+ | 2. issue the following command if / | ||
+ | touch / | ||
+ | ------------------------------------------------------------------------------- | ||
+ | Warning: | ||
+ | |||
+ | syslogd should ideally be run with the -c option; this will ensure that | ||
+ | denyhosts notices multiple repeated login attempts. | ||
+ | |||
+ | ftp:// | ||
+ | |||
+ | / | ||
+ | [root@freebsd62 / | ||
+ | |||
+ | http:// | ||
+ | |||
+ | https:// | ||
+ | Hackbar | ||
+ | [[http:// | ||
+ | |||
+ | https:// | ||
+ | Save As Image | ||
+ | |||
+ | for www/ | ||
+ | textproc/ | ||
+ | Dutch ASPELL_NL=yes | ||
+ | |||
+ | |||
+ | OpenSearchFox | ||
+ | |||
+ | Download Statusbar | ||
+ | |||
+ | Measuring network speed in linux with nc (netcat) and dd: (can also be used for getting wireless network troughput numbers) | ||
+ | On machine A (sending): | ||
+ | time dd if=/dev/mem bs=1M count=10 | nc < | ||
+ | On machine B (receiving): | ||
+ | nc -l -p 1234 > /dev/null | ||
+ | |||
+ | Replace /dev/mem with a device that can deliver data faster than your network device can send. | ||
+ | In this example, 10 blocks of 1MB (10 mbyte in total) is transferred, | ||
+ | Increase or decrease ' | ||
+ | |||
+ | |||
+ | ugen0: National Instruments NI USB-6008, rev 2.00/1.01, addr 2 | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | #Small application that will download all (20) sms messages from my Siemens mobile phone | ||
+ | # Works with siemens GSM c35, c35i, s25, c25, s35, s35i, c45, c45i, etc. Make sure to use correct cable. | ||
+ | # Needs: scmxx ( portinstall comms/scmxx ), optional: ' | ||
+ | #make sure it can write to sms.txt, or else it will remove all messages without writing them to disk. | ||
+ | |||
+ | |||
+ | for (( j = 1 ; j <= 20; j++ )) ### Inner for loop ### | ||
+ | do | ||
+ | scmxx -b 19200 -d /dev/ttyd0 --get --binary --sms --slot $j --out - >> sms.txt | ||
+ | # if file exists sms.txt', | ||
+ | |||
+ | scmxx -b 19200 -d /dev/ttyd0 --remove --sms --slot $j | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ==== Spamassassin filter on relay country ==== | ||
+ | Install perl module: | ||
+ | perl -MCPAN -e ' | ||
+ | |||
+ | Configure spamassassin: | ||
+ | nano / | ||
+ | uncomment: | ||
+ | loadplugin Mail:: | ||
+ | |||
+ | |||
+ | Easy cron documentation / syntax explained: http:// | ||
+ | |||
+ | Requeue all messages / retry to deliver all queued messages in the Postfix defer / deferred queue folders | ||
+ | postsuper -r ALL | ||
+ | |||
+ | |||
+ | Perl one-liner command line search replace text in files (with backup): | ||
+ | perl -i.bak -p -e' | ||
+ | |||
+ | |||
+ | mount_smbfs -I <ip> //< | ||
+ | |||
+ | */ | ||
+ | |||
+ | ~~DISCUSSION|Please leave a comment or any feedback!~~ | ||
+ | |||
+ | |||