start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

start [2019/10/30 12:51] (current)
Line 1: Line 1:
 +A step-by-step practical guide to installing & configuring FreeBSD 6.2, 
 +together with some very common applications,​ by Sebastiaan Giebels [sgie bels_freebsdATpc probleemloos.nl].
 +
 +[[https://​www.freebsd.org|{{ freebsd-logo-full-thumb.png|the new FreeBSD logo, as of Oct.2005}}]]
 +This will probably always be 'Work in progress',​ but I think it's pretty usable. I would welcome any comments or corrections. By continuing reading you agree to the [[disclaimer|disclaimer]].
 +
 +update 28 nov 2009: well, FreeBSD 8.0 is out. I hope this guide isn't too outdated yet, haven'​t found the time yet to check for inconsistencies with 8.0. Please report any serious problems to the e-mail adress a few lines above, and I'll try to fix them.
 +
 +update 12 dec 2010: new [[https://​wiki.pcprobleemloos.nl/​using_lxc_linux_containers_on_debian_squeeze|wiki on LXC linux containers on debian squeeze]]
 +
 +** Commercial FreeBSD support **
 +//NEW!!\\ We can help you with many of your configuration and installation problems, by phone, chat, or e-mail from 
 +our office in Eindhoven, the Netherlands/​Nederland. ​
 +Contact [freebsd_supportATpc probleemloos.nl] to find out how we 
 +can help you with your BSD issues & ask for our hourly rates. Languages ​
 +spoken: dutch, english, german.
 +We are not endorsed by or affiliated with The FreeBSD Foundation.//​
 +
 +//NEW!!\\ Partnership with [[https://​www.datarecoverycentrale.nl|Data Recovery Centrale Nederland]] for FreeBSD/​Linux/​Mac or any other UNIX based filesystem data recovery from our [[https://​www.pcprobleemloos.nl|PC Probleemloos]] office in Eindhoven, the Netherlands/​Nederland. ​
 +Contact [unix recoveryATdata recovery centrale.nl] (remove the spaces, replace the AT) to find out how we can be of assistance.
 +//
 +
 +====== Introduction ======
 +For a few years I've been using the FreeBSD operating system now. I started with version 4.3 in 2001 (which a friend of me, with much more experience in BSD, installed) as a router/​firewall on an old 486.
 +Since then, I've been using this machine more and more, I've installed extra services (webserver, ftp-server, samba) on it to use it as a NAS-device, and I installed larger and larger harddisks, and stuffed it with all the unused RAM I had. 
 +I even installed [[#​mldonkey|software for Peer-2-peer file sharing]] (with a control interface that was accessible with a web browser).
 +
 +Because of my lack of FreeBSD (and even Unix-) knowledge, I regularly messed things up. Not as bad as I did to my Linux PC (oh, damned dependency conflicts!) but still bad enough to set some things out of service. Fixing the things I broke was difficult, as I didn't read any manpages to get them working in the first place. Reinstalling FreeBSD from scratch took much time everytime I saw no way out, and often copying configuration files from the old installation to the new machine didn't work.
 +
 +As other people were depending on this server too, I was '​strongly encouraged'​ to learn more about FreeBSD. I installed FreeBSD 4.8, 5.4 and a few others, and now, at FreeBSD version 6.2, I trust myself enough to write my experiences down, and let others use my knowledge. And if I would need to do another FreeBSD installation in the future, I'm sure that going though this manual step by step will get it installed in no-time. Except for the passwords , I think everything is in here, including personal preferences. There are a lot of [[#​references|other FreeBSD guides]] that might be better than this one, but this one  is for FreeBSD 6.2, and contains everything I need in one page. I'll link to those other guides when appropriate. A new FreeBSD version, version 7.0, is under active development,​ with some nice features. I won't discuss it in the rest of this tutorial.
 +
 +In my past BSD-days, I've grown accustomed to some applications. I'​ve ​
 +used Sendmail (now I'm using [[mailserver_configuration_with_postfix_courier-imap_procmail_spamassassin_clamav#​postfix|Postfix]]),​ I've used Boa (now I'm using [[#​apache_2.2_webserver|Apache]]),​ I've used Mambo as a CMS (now I'm using [[#​joomla|Joomla!]]),​ and I even use vi (well, just enough to edit my .bashrc to set [[#​nano|nano]] as my default editor :) ). I'm not one of those people that want to convince you that [[#​postfix|Postfix]] is a better e-mail server than Sendmail, I will just say that I've spent more time getting to know Postfix.\\
 +In the open-source world, you are overwhelmed with choices you can make: shells, editors, webservers, browsers. In any of those categories you can find tens, hundreds of good pieces of software which can all suit your needs. I make my choices with the help of the following criteria:
 +  * How much time do I expect to be needing to get it up and running the way I want?
 +  * How many other people are using it? (a big userbase often means good support)
 +  * How many features does it have that I will never use?
 +  * Are the right installation manuals avalable? (e.g. for connecting Postfix to ClamAV)
 +  * My own experience, or from friends.
 +
 +This guide explains how to install the software that I have chosen, and as a result of that it won't include Sendmail, Cyrus- & UW-IMAP, ​ GiFT, boa, Mambo, pine, and thousands of other pieces of software that might do the job just as well.
 +
 +I've taken almost all commands from man-pages or the internet ([[#​references|look here for a list of some good FreeBSD sites]]), and I'm sure: if somebody would have written on the internet "use //rm -Rf / //" as -the- solution for problems I was facing at first, I would have believed that person, leaving me not only with a problem-free pc, but a FreeBSD-free pc too... Please don't try //rm -rf-ing// your system to see what it does. After you've spent many hours of time configuring it all, //rm -rf// really hurts. ​
 +
 +===== Why not Linux? =====
 +If you're wondering why I'm not using Linux on my server, [[
 +https://​www.over-yonder.net/​~fullermd/​rants/​bsd4linux/​01 |read this on the design differences between BSD and Linux design roots]]. However, if I would be writing a guide purely for desktops instead of servers, it would probably be on Linux.
 +A lot of applications written for Linux run on FreeBSD without a problem (just look at the amount of applications in the ports tree and you'll see I'm right). Besides, FreeBSD has Linux support, so it can even run a lot of binary Linux programs!
 +
 +===== Document conventions =====
 +I will be using '<​freebsd62.example.org>'​ as my (fictional) hostname, '//<​my.freebsdpcs.ip.address>//'​ or '//<​1.2.3.4>//'​ as my (fictional) ip, '//<​my.router.ip.address>//'​ or '//<​1.2.3.1>//'​ as my default gateway (my DSL router) and '//<​freebsd_username>//'​ as a username for my regular user (notice the '<'​ and '>'​ characters). The passwords i'm using  (for the root user, //<​freebsd_username>//​-user,​ MySQL-database,​ phpMyAdmin) will all be referenced to as '//<​my_mothers_maiden_name>//',​ '//<​my_very_secret_password>//'​ or something like that throughout this document.\\
 +
 +Do not use the same password for everything.
 +
 +===== Security =====
 +Don't assume that by using my settings and making the same choices I did, you'll be 100% safe against hackers. After I've changed my root password from '​secret'​ to something ​ more challenging I might be safe, maybe not. 
 +As you know, software can contain bugs, or security holes. Some of these not-yet-discovered holes will probably be so big that even a elephant-sized hacker will be able to get into your system just by sneezing. It's your system, and your responsibility (not mine) to stay informed of security issues, and keeping up to date by applying the correct patches. ​
 +
 +I'll be using [[#​portaudit|portaudit]] to show you how to scan your system for ports/​packages with security vulnerabilities.
 +
 +As a basic security measure, I will show you how to limit direct access from the internet to MySQL and other software for which access from the outside is not required for proper functioning. Real firewall configuration I will do another time. I'm still not sure if I will be using ipf or pf. ipfw is horribly outdated my BSD-friend told me, so I'll won't be reinstalling that. 
 +For the routing however, I will use ipf/ipnat, because it should almost work 'out of the box' with just a few lines of code, and maybe I'll trow in some traffic shaping later on, with [[https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​firewalls-pf.html|ALTQ (1: FreeBSD Handbook on PF)]] [[https://​www.openbsd.org/​faq/​pf/​queueing.html|(2:​ PF:Packet Queueing and Prioritization)]] [[https://​www.benzedrine.cx/​ackpri.html|(3:​ Prioritizing empty TCP ACKs with pf and ALTQ)]] [[https://​www.onlamp.com/​pub/​a/​bsd/​2006/​02/​16/​os_fingerprint_filtering.html|(4:​ Network Filtering by Operating System)]].
 +
 +===== Backup =====
 +I will dive into backup strategies when I have some time left, 
 +currently, I'm using rsync to backup my maildir (bad idea to do this with rsync!), home 
 +directories (Including /root, butdon'​t forget to exclude all cache and 
 +temp folders!), configuration files (/etc, /​usr/​local/​etc),​ and another folder with my documents, pictures, downloaded files etc. There are very nice backup tools available, which certainly should be inspected. I will search for the notes on backup procedures i took, and post them here as soon as I find them.
 +/*
 +The room I work in is very small, so having 2 different keyboards on my desk wouldn'​t leave me any place to sleep ;-). One way to solve this is using VMware Workstation 5.0 to create a '​virtual freebsd machine'​ and run it on my Windows XP machine, and I've found a better way by using [[#​synergy|a better solution using Synergy]]), and another way using [[#​tightvnc|TightVNC]]. ​
 +When I'm sure I've installed the majority of the packages, I will copy (dd'd, or using a [[#​copying_freebsd_to_another_harddisk|more intelligent approach]]) this from my VMware-environment to a real harddisk which I will put in my '​production server'​ which lives in another room.
 +VMware Workstation also has a feature to take '​snapshots'​ of a virtual pc, which I can use to correct mistakes during installation,​ thus easily reverting to 'how it was before I wrecked it'.
 +*/
 +
 +===== Who am I? =====
 +I’m 30 years old, and I work as an IT consultant in Eindhoven, the Netherlands. ​
 +
 +I've started this blog around September 7 2007, that's an awful long time ago in unix terms, so check every software package for updates & security fixes, as the packages I'm showing you here might be horribly outdated.
 +
 +===== More good advice =====
 +You might want to keep notes of the steps you're taking in 
 +getting a FreeBSD machine up and running, just like I did. Not only will 
 +this help you in case you're going to reinstall FreeBSD on the same or another ​
 +machine anywhere in the future, but this will come in quite handy in case  ​
 +something breaks: You can walk back the steps to see where it went 
 +wrong, and if you're not able to fix it yourself and you're asking ​
 +someone else to help you, you can give a lot of useful information to them.
 +
 +===== Linking to this site  =====
 +I'd appreciate an e-mail if you link to this page, so I can inform you if the address changes (my address is on the top of this page). Please use this URL when linking: ​ https://​wiki.pcprobleemloos.nl/​my_freebsd_installation_and_configuration_guide/ ​ . Contacting me will also motivate me to improve and update this guide, whenever necessary. If I get enough e-mails from people from germany or from the netherlands,​ I will translate it to those '​Deutch,​ deutsche handleitung'​ and '​Nederlands,​ nederlandse handleiding'​ as well. Any questions, corrections,​ etc. you can direct to the same e-mail address.
 +
 +
 +
 +Let's get started..
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +====== Installing FreeBSD 6.2 ======
 +As there already are an overwhelming number of guides for installing FreeBSD, but less on configuring it, I'll concentrate on the latter, and I'll only show a 'quick install guide'​.
 +Someone made a [[https://​www.youtube.com/​watch?​v=iiLu-67fSy4|video of installing FreeBSD]] (not using my guide, BTW) and posted it on YouTube.
 +And someone else made [[https://​www.youtube.com/​watch?​v=ujWcmWeLvuo&​mode=related&​search=|a video for version 6.2]]
 +
 +This version with screenshots of every windows you'll see during the installation is very nice: https://​www.openaddict.com/​installing_freebsd_6_1.html
 +
 +However, if you want me to tell you how I've done it, this is the way: 
 +I will assume you are using an empty harddisk to install FreeBSD (if not, backup your data!)
 +There is a windows xp partition already on my hdd as I start installing FreeBSD. This is not a problem, but any mistake might make my Windows partition inaccessible after this installation.
 +
 +I used a FreeBSD 6.2-RELEASE installation CD. You can download the ISO image from the [[https://​www.freebsd.org|FreeBSD website https://​www.freebsd.org]] or use [[ftp://​ftp5.freebsd.org/​pub/​FreeBSD/​|this link to an FTP server]].\\
 +From the folder "​ISO-IMAGES-i386/​6.2/"​ download the file named '​6.2-RELEASE-i386-disc1.iso'​
 +I will be using the '​i386'​-architecture,​ even though I'll be running it on an AMD 64-bit processor and I could have chosen '​amd64'​-architecture. I've tried it before, and noticed some software didn't work properly (like TightVNC and the drivers from NVidia)
 +Because I'll be downloading almost all software from the internet during installation (instead of installing all from cd), the '​...-disk2.iso'​ file is not needed. The '​...-bootonly.iso'​ file is especially designed for this kind of installation,​ but I know I can use "​...-disk1.iso"​ also for repair purposes, where the '​...-bootonly.iso'​ is rather limited for this purpose.
 +
 +I will skip the step to check the ISO-file for hacker-tampering by comparing the MD5 or SHA256 checksums. Follow the FreeBSD Installation Handbook on that one if you would like to be 100% sure you've downloaded an untampered version.
 +
 +Burn this ISO-image to a cd, and boot from it. 
 +
 +After the boot-up process, a menu will appear asking for a "​Country Selection"​. Simply choose your country ("​Netherlands",​ in my case) with the up&down arrow keys, and confirm with the Return key, the next question is for the System Console Keymap, for me the default ("USA ISO") is ok, so I will just press enter. Next up, is the sysinstall Main Menu. I choose to do a '​Standard install',​ created a partition for use with FreeBSD (see next chapter), selected the "​FreeBSD BootMgr",​ Added some disk labels (see next chapter too) 
 +The blue line is:
 +   "​Disk:​ ad0   ​Partition name:​ad0s3 ​   Free: 40965750 blocks (20002MB)"​
 +This means: a0 the first harddisk (jumpered as '​Primary Master'​),​ as counting harddisks starts at 0 
 +            ad0s3 is the third partition on the first harddisk (confirmation required..)
 +
 +C to create a new slice in the free partition, enter the size for the new disk slice (for the first one, I entered "​500MB",​ selected "​FS",​ and specified "/"​ as the mount point). [[#​thoughts_for_partitioning_in_freebsd|Click here to see the partition layout I prefer.]]
 +Repeat the last step for all the disk slices you wish to make (for the swap-slice, select "​Swap"​ instead of "​FS"​)
 +The created slices will have names like:  ad0s3a, ad0s3b, ad0s3d, ad0s3e, ad0s3f, where the last vowel represents the slice order. Press '​q'​ to finish setting up the disk slices.
 +
 +"​Choose Distributions"​ ... **8 User**, confirm with the space-key, ​
 +Would you like to install the FreeBSD ports collection? **Yes**, use the '​Tab'​-key to go to '​OK',​ and press Enter to confirm.
 +(Select "8 User" if you're not planning to use X-Windows right now, or X-User if you want to install X-Windows directly.)
 +
 +
 +I selected "​FTP",​ at "​Choose Installation Media",​ but I could have chosen CD/DVD just as well (if I would have downloaded the ...-disc2.iso file as well)
 +I selected "​Netherlands ​ - ftp.nl./​freebsd.org"​ as a FreeBSD FTP distribution site.
 +Next up, is selecting the network card I'm using to conenct the internet (in my case, that will be the device called '​em0',​ for my On-board Intel Gigabit connection. Yours will almost certainly be different.)
 +I did not choose for IPv6 (so it will go on using IPv4), I did choose "try DHCP", as my router will provide my FreeBSD pc with an IP address.
 +You will see the IP address your router/dhcp server assigned to you in the next window. I filled in a hostname <​freebsd62>​ and domain name <​example.org>​ to complete it, and click '​ok'​
 +Next up, is the question if we are sure everything sure we entered everything correctly. I am, so I select '​Yes'​
 +
 +I did select to install the ports tree (later on I will show how to use [[#​portsnap|portsnap to update it]]). ​
 +
 +It will congratulate you with the install. Let's continue..
 +
 +-
 +Now there will be a lot of questions, I won't dive deep into what they all mean, I'll just tell you what I did:
 +
 +Do you want this machine to funciton as a network gateway? **Yes**
 +(In the future, I want to use my FreeBSD machine as a network router)
 +
 +Do you want to configure inetd and the network services that it provides? **Yes** ('​inetd'​ is a tool which helps easy configuration of network services, like an e-mail server, ... )
 +
 +... With this in mind, do you wish to enable inetd? **Yes**
 +
 +  * Select [Yes] now to invoke an editor on /​etc/​inetd.conf,​ or [No] to use the current settings. **No**
 +  * Would you like to enable SSH login? **Yes** (important)
 +  * Do you want to have anonymous FTP access to this machine? **No** (not yet, at least)
 +  * Do you want to configure this machine as an NFS server? **Yes** (I do want this, as I know it will provide an easy way to share files over the network with other machines, your choice may be different: if you choose **No**, skip the next .. steps of this guide)
 +  * ... Press [ENTER] now to invoke an editor on /​etc/​exports **OK**, Press the Escape-key, followed by the Return-key to exit the editor, as we're not setting up NFS shares here. 
 +  * Do you want to configure this machine as an NFS client? **Yes**
 +  * Would you like to customize your system console settings? **No**
 +  * Would you like to set this machine'​s time zone now? **Yes**
 +  * Is this machine'​s CMOS clock set to UTC? **No** (my pc's internal clock is set to local time)
 +  * Select a region **Europe** (your choice may be different :) )
 +  * Select a country or region **33 Netherlands** (your choice may be different :) )
 +  * Does the abbreviation '​CET'/'​CEST'​ look reasonable? **Yes**
 +  * Would you like to enable Linux binary compatibility?​ **Yes** (I think so, but if there'​s another way to install it, that might be better, as that will provide more recent files)
 +  * Does this system have a PS/2, serial, or bus mouse? **Yes** (my systen does have a PS/2 mouse, if you're not going to install X-Windows, you can select No). If you've chosen Yes, next up: select enable, move the mouse, select '​Yes'​ if the mouse is moving, and select '​Exit'​ to finish the mouse configuration.
 +  * The FreeBSD package collection ... Would you like to browse the collection now? No
 +  * Would you like to add initial user accounts to the system? ... **Yes**
 +  * Select "Add group",​ and create a new user group. Select User, add a new user, and use the newly created user group for this user. FIXME
 +  * Now you must set the system manager'​s password. ... **OK**
 +  * New Password: //<​your_very_secret_password>//​
 +  * Retype new Password: //<​your_very_secret_password>//​
 +  * Visit the general configuration menu for a chance to set any last options? **No**
 +
 +You are returned to the main installation menu. Choose 'Exit Installation'​ to finish & reboot.
 +
 +
 +
 +===== Thoughts for partitioning in FreeBSD =====
 +
 +I know the ports-tree will use quite a bit of space, because I'll be building a lot of applications from source. I'll guess a value of about 5GB is ok, for my maildir I'll take 2GB, and my www-folder to store my webpages will be maximum 1GB. 
 +The advantage of partitioning is, in my opinion, to prevent insufficient diskspace issues for certain things: Otherwise, if I would upload too much data (e.g. pictures) to my www-folder, my /​var/​maildir folder would run out of diskspace, which could result in e-mails getting lost; or no diskspace for logfiles in /var/log, which a hacker could use to prevent discovery of hacking activities.
 +
 +As I'm the only user for e-mail on this system, I might want to look into '​quota'​ later on.
 +
 +You can use the '​A'​ for automatic setup, which will set it up for you automatically,​ I did it by hand.
 +
 +
 +To read more about how the file system is organized (which directory has which purpose), enter:
 +  man hier
 +
 +== My final layout ==
 +
 +^Mount point^size^purpose^
 +|/​|500MB|(root filesystem, kernel and base system)|
 +|//​swap//​|500MB|(swapspace)|
 +|/​usr|10GB|the majority of user utilities and applications|
 +|| |The /usr will also contain:||
 +|| |/usr/ports (probably around 5GB in size) for sources and builds from the ports tree and||
 +|| |/usr/src (+-1GB) which contains sources and builds, the kernel build files will be here too)||
 +|| |/​usr/​local/​www (1GB) for the apache-webserver folder for all hosted domains)||
 +|/​var|5GB|files that change regularly, like logfiles, spool and transient files)|
 +|| |The /var folder will (among other things) contain:||
 +|| |/​var/​maildir (2GB) the maildir folder where I'll store my e-mail||
 +|| |/var/db (1GB) mysql and other databases like the package-database||
 +|| |/var/log (500MB) logfiles||
 +|| |The numbers above are bases on a bit of experience, but certainly no guarantee||
 +|/​tmp|500MB|temporary storage|
 +
 +If your harddrive has more space, you can double the size of /usr.
 +
 +After saving the partition layout, select: **BootMgr** as the boot manager to use.
 +
 +You might have luck adjusting your partition sizes using a tool like '​Partition Magic'​. You might also not be very lucky, shooting yourself in the foot by wiping out your entire harddisk in the process. Think now, correcting this later is a big PITA... ​
 +
 +Notice: If you want to change, add, or remove partitions once your system is installed & running, GEOM (FreeBSD'​s diskmanager) will not allow you to do fdisk-stuff while any part of the disk is mounted. You will have to boot from the FreeBSD installation cd-rom to do any modifications on partitions.
 +
 +You will get an error message like:
 +<​html>​
 +Error: Unable to write data to disk ad0
 +Disk partition write returned an error status!
 +</​html>​
 +
 +"You cannot open /dev/ad0 for writing if any. slices or labels are open."
 +See [[https://​lists.freebsd.org/​pipermail/​freebsd-questions/​2003-May/​007796.html]] ​
 +
 +Or, if you are getting paid by the minute for reading this step-by-step FreeBSD installation guide, go and read [[https://​www.bsdcan.org/​2004/​papers/​geom-tutorial.pdf|this GEOM tutorial]].
 +
 +===== Network configuration =====
 +
 +Congratulations,​ you have succesfully installed ...
 +  * Do you want to configure any ethernet devices?: **Yes**
 +  * Use IPV6? **No**
 +  * Use DHCP? **Yes**
 +  * Hostname=**freebsd61**,​ domain (use Tab-key to go to it)=**//​example.org//​**,​ Tab to '​**ok**'​ & press enter
 +  * Use INETD? **Yes**
 +  * Configure INETD? **No**
 +  * Do you want to enable SSH-login? **Yes**
 +Will this pc act as a router/​gateway?​ **Yes**
 +  * Do you want to have anonymous FTP access to this machine? **No**
 +  * Do you want to configure this machine as an NFS server? **Yes**
 +  * Do you want to configure this machine as an NFS client? **Yes**
 +
 +===== Other settings =====
 +  * Would you like to customize your system console settings? **No**
 +  * Would you like to set this machine'​s time zone now? **Yes**
 +  * Is this machine'​s CMS clock set to UTC? **No**
 +  * Time Zone Selector, Select a region: **Europe**
 +  * Countries in Europe, Select a coutnry or region: **Netherlands**
 +  * Does the abbreviation '​CEST'​ look reasonable? **Yes**
 +  * Would you like to enable Linux binary compatibility?​ **Yes** (I think so..)
 +  * Does this system have a PS/2, serial, or bus mouse? **Yes**
 +I did configure and enable the mouse daemon. Even if your box will not run as a X11/​X-windows machine, you can use it for copy/paste actions in the console. Remember to **set options** to enable three-button mouse-simulation if you  only have a 2-button mouse
 +Flags= **-3** ​  ​+enter;​ enable + test it. 
 +  * Is the mouse cursor moving? **Yes**
 +  * **X Exit**
 +
 +  * The FreeBSD package collection ... Would you like to browse the collection now? **No**
 +  * Would you like to add any initial user accounts? **Yes**
 +Group: Group name=**//<​freebsd_username>//​** (+ 4x enter)
 +User: Login ID=**//<​freebsd_username>//​**,​ Group=**//<​freebsd_username>//​**,​ password=**//<​something_secret>//​**, ​
 +Member groups: **wheel** (Tab, Tab, Tab, OK, X Exit)
 +In the '​Member groups',​ I entered '​wheel'​ to allow this user to use '​su'​ to gain root status ​
 +(which is, by the way, depreciated,​ but I've still got the habit to use su). Users that are not in the '​wheel'​-group,​ cannot '​su'​ or perform root-tasks.
 +Set root password: **OK**
 +New Password: **//<​my_mothers_maiden_name>//​**
 +Repeat Password: **//<​my_mothers_maiden_name>//​**
 +
 +  * Visit the general configuration menu for a chance to set any last options? **No**
 +  * **X Exit Install**
 +  * Are you sure you wish to exit?... **Yes**
 +
 +Your pc will reboot (remove the FreeBSD installation cd-rom)
 +After the boot proces, you will be greeted with the '​login:'​ prompt. ​
 +login: **root**
 +password: **//<​my_mothers_maiden_name>//​**
 +
 +You are greeted with the Message Of The Day (the contents of /etc/motd)
 +
 +FIXMEConfigure your internet connection, with ifconfig and edit /​etc/​resolv.conf to include your dns servers if you haven'​t already done this during FreeBSD installat
 +
 +on procedure.
 +
 +
 +
 +
 +
 +
 +
 +====== About ports and packages ======
 +port / packages difference..
 +
 +/​usr/​ports/​INDEX-6 (or INDEX?) has a list with all the software in the portstree, with descriptions. If you're looking for an application to do this or that, search this file.
 +
 +At this time, the only package that is installed is '​linux_base'​. To see the list of all installed packages (excluding the things you've installed from source) just enter:
 +  pkg_info
 +
 +To search for a package in the list of installed packages, use
 +  pkg_info | grep part_of_package_name
 +
 +The FreeBSD package system can download and install pre-compiled binaries from the internet, which is one of the easiest and fastest way to install software onto FreeBSD. For some of the software, I will use the ports-tree, as packages are not as frequently updated as the ports. I will also install some software from source, when package or ports are both outdated or nonexistant.\\
 +[[https://​www.bsdguides.org/​guides/​freebsd/​beginners/​install_apps.php|Differences between packages and ports explained]]
 +
 +I set the packagesite environment variable was set to a new location, to make sure that the most(?) recent packages will be downloaded, instead of the standard collection which was available at release-time of FreeBSD 6.2:
 +
 +  setenv PACKAGESITE ftp://​ftp.freebsd.org/​pub/​FreeBSD/​ports/​i386/​packages-6-stable/​Latest/​
 +If you are already using BASH, use this instead:
 +  export PACKAGESITE=ftp://​ftp.freebsd.org/​pub/​FreeBSD/​ports/​i386/​packages-6-stable/​Latest/​
 +
 + 
 +===== portsnap =====
 +Incremental ports-tree updater\\
 +URL: [[https://​www.freebsd.org/​doc/​en/​books/​handbook/​portsnap.html]]
 +
 +Portsnap is part of the FreeBSD base system now, no installing required.
 +Fetch & extract an updated ports tree from the internet:
 +  portsnap fetch
 +  portsnap extract
 +
 +In future, use the following command to update your ports tree:
 +  portsnap fetch update
 +
 +<cron job>
 +https://​www.daemonology.net/​portsnap/​
 +
 +===== portaudit =====
 +Security auditor/​checker for installed port and packages
 +
 +This tool will protect me from installing vulnerable packages, that's why I like to install it ASAP.
 +
 +Install package: ​ (version 0.5.10)
 +  pkg_add -r portaudit
 +
 +Update security information and check installed ports&​packages:​
 +  /​usr/​local/​sbin/​portaudit -Fda
 +
 +It should give the following output if everything is ok:
 +<​html>​
 +0 problem(s) in your installed packages found.
 +</​html>​
 +
 +Note: this tool won't protect me from installing insecure software from source.
 +
 +It will run every night, and report any problems to me by e-mail to <​root@example.org>​
 +
 +If portaudit says some of the installed packages have security issues, ​
 +use '​portupgrade'​ to install the latest version of that piece of 
 +software. In many cases this latest version has the security issues ​
 +resolved. ​
 +If you didn't configure portsnap to automatically fetch new 
 +ports every night using cron, you should run '​portsnap fetch update' ​
 +before running portupgrade,​ to make sure you'll install the latest ​
 +version.
 +
 +
 +===== portupgrade =====
 +Easy way to update/​upgrade installed ports and packages to new version
 +portupgrade-2.0.1_1,​1 FreeBSD ports/​packages administration and management tool s
 +
 +Install package:
 +  pkg_add -r portupgrade
 +(This will also install package '​ruby'​)
 +
 +To update a package (for example proftpd), enter:
 +  portupgrade -r -P proftpd
 +'​-r'​ means '​recursive',​ so it will download all dependant packages too, and
 +'​-P'​ means 'use packages',​ so it will try to download & install a precompiled package, and only if this doesn'​t work it will compile the package itself (using the ports tree), and show the message:
 +
 +    ** Could not find the latest version (...)
 +    ---> ​ Using the port instead of a package
 +
 +Alternative installation method:
 +  cd /​usr/​ports/​ports-mgmt/​portupgrade
 +  make clean deinstall install
 +
 +Use this alternative installation if you see the following error when 
 +running portsnap or portupgrade:​\
 +missing key: categories: Cannot read the portsdb! files/ <​...cut...>​.gz ​
 +not found -- snapshot corrupt.
 +
 +
 +Whenever you see a security issue with a package that is installed, try
 +
 +  portupgrade -r -P <​name_of_the_package_you_want_to_upgrade_or_install>​
 +
 +Where '​packagename'​ is the name of the package you are trying to update.
 +It will try to install the most recent package from the internet. (does it require a '​portsnap fetch update'​ to be aware of the newest versions of packages?)
 +
 +
 +
 +====== Additional software installation ======
 +Now, where will I start?
 +
 +Ports an package utilities (portsnap portinstall,​ portaudit)
 +General utilities (nano editor, bash shell, (de-)compression tools, perl, screen, midnight commander)
 +Network connectivity (proftpd, samba)
 +Debugging / network analysis (nmap, trafshow)
 +Security, logging, monit (portaudit)
 +Backup (rsync + script, bacula, ... )
 +
 +===== nano =====
 +A file editor
 +Official URL: [[https://​www.nano-editor.org/​]]
 +
 +Why do I want to install this: I can't work without this editor, and thus belongs to my basic necessities in unix-life. I know how to use the 'more difficult'​ editor VI, but don't see the need for you getting your knuckles bruised on it.
 +
 +Install package: ​ (version 1.2.5)
 +  pkg_add -r nano
 +
 +
 +I set the '​EDITOR'​ environment variable to make '​crontab -e' and '​chpass'​ use the nano editor instead of '​vi':​
 +  setenv EDITOR nano
 +If you're using bash instead of '​sh'​ as a shell, use:
 +  export EDITOR=nano
 +
 +Usage is pretty straightforward. The command:
 +  nano <​filename>​
 +will open <​filename>​ for editing, creating a file if it doesn'​t exist.
 +Important keyboard shortcuts (they appear on the bottom of the screen when you are using nano):
 +  * CTRL-X ​ -  Exit, will ask if to save the file if it is modified, and hasn't been saved already.
 +  * CTRL-W ​ -  Finds text in the file. You can use regular expressions after pressing ALT-R, you can use CTRL-R to use '​Search and replace'​
 +  * CTRL-K ​ -  Copies the current line to memmory and removes it ('​cut'​). Copy without removing the line = CTRL-K, CTRL-U ('​copy'​).
 +  * CTRL-U ​ -  Pastes the memmory conents on the current cursor position ('​paste'​).
 +  * CTRL-O ​ -  Save file (will not exit the program)
 +  * CTRL-C ​ -  Cancel current operation
 +
 +To run nano with word-wrapping disabled, run:
 +  nano -w <​filename>​
 +
 +Often, I'll start nano to edit a configuration file, and when try to save the file, I remember that I didn't '​su'​ to gain root-privileges to edit the file. I've created a small script around nano that will warn me whenever I try to open a file that is not writable:
 +
 +Save the following as /​usr/​bin/​nano (assuming that the '​real'​ nano is in /​bin/​nano ​ : 
 +<​html>​
 +#!/bin/sh
 +#
 +# Small wrapper around nano,
 +# Will show a warning when the file to be opened is not writable.
 +#
 +# by Sebastiaan Giebels <​sgiebels_ nano script @pcprobleemloos.nl>​
 +
 +if [ -w $1 ]; then
 + #file exists and is writable
 + echo File is writable, continuing
 + /​bin/​nano -w $1 $2 $3 $4 $5 $6 $7
 +else
 + if [ ! -f $1 ]; then
 +  #file does not exist, new file? check if target folder is writable.
 +  dir=`dirname "​$1"​`;​
 +  if [ -w $dir -a ! -d $1 ]; then
 +   /​bin/​nano -w $1 $2 $3 $4 $5 $6 $7
 +  else
 +   echo Cannot write to directory $dir, STOP.
 +  fi
 + else
 +  echo File exists, but is not writable by you, STOP.
 + fi
 +fi
 +</​html>​
 +
 +
 +
 +===== Vi =====
 +The shortest introduction to '​Vi'​ ever:
 +
 +Vi is a file editor, just like nano. It's installed by default on most UNIX operating systems, and has a 
 +lot of useful functions, learn them if you want. I'll just show you the most important Vi function: ​
 +
 +== Exiting Vi ==
 +
 +To exit Vi, enter ':​q'​ and press Return key (the moment you press ':', ​
 +the cursor should jump to the bottom of the screen and show the ':'​ prompt). If that doesn'​t work, press 
 +ESC, enter ':​q!'​ and press Return key, you will be safely returned to your precious command prompt.
 +
 +To start Vi (for the kick of it, to boast to your friends, or just to test your 'l33t UNIX 5ki11Z'​),​ enter:
 +  vi 
 +
 +===== bash =====
 +Command shell with command completion (enter just a part of a command ​
 +or filename , press the '​tab'​ key and bash will auto-complete the 
 +remainder, saving valuable time.
 +Official URL: [[https://​www.gnu.org/​software/​bash/​]]
 +
 +Install package: ​ (version 3.1.10_1 )
 +  pkg_add -r bash
 +
 +To test it, you must enter the full path to bash:
 +  /​usr/​local/​bin/​bash
 +Your prompt will change, as a sign you are using a different shell now.
 +
 +Change root shell from '/​bin/​sh'​ to '/​usr/​local/​bin/​bash'​ (I expect you 
 +to have installed nano in the previous step):
 +  export EDITOR=nano
 +  chpass root
 +
 +Change the line '​Shell:​ /​bin/​csh'​ or '​Shell:​ /​bin/​sh'​ into:
 +<​html>​
 +Shell: /​usr/​local/​bin/​bash
 +</​html>​
 +Use CTRL-o + enter to save, then press CTRL-x to exit nano.
 +
 +Now enter:
 +  chpass <​freebsd_username>​
 +And do the same for your regular user account.
 +
 +We're going to edit .bashrc, setting the environment variables EDITOR and PACKAGESITE:​
 +  nano /​root/​.bashrc
 +<​html>​
 +export EDITOR=nano
 +</​html>​
 +/*
 +export PACKAGESITE=ftp://​ftp.freebsd.org/​pub/​FreeBSD/​ports/​i386/​packages-6-stable/​Latest/​
 +*/
 +Notice how we don't use '​setenv'​ as we did before, but '​export'​ as that is what it's called within BASH.
 +
 +Now for the other users:
 +/*
 +Because non-root users aren't allowed to install packages, we can leave out '​export PACKAGESITE=...'​
 +*/
 +  su <​freebsd_username>​
 +  nano ~/.bashrc
 +Add the following:
 +<​html>​
 +export EDITOR=nano
 +</​html>​
 +
 +Edit '​.profile'​ too:
 +<​html>​
 +BLOCKSIZE=M; ​   export BLOCKSIZE
 +EDITOR=nano; ​   export EDITOR
 +</​html>​
 +
 +==== bash prompt ====
 +Adjusting the bash prompt to provide more information (such as the 
 +username, hostname of the system, and the current working directory). ​
 +I'll also trow some color in, to brighten up my day. :)
 +
 +URL: (warning, dutch!!) https://​doc.nl.linux.org/​HOWTO/​Bash-Prompt-NL-2.html\
 +URL: (warning, dutch!!) https://​www.bartendavid.be/​doc/​howto/​console/​misc/​bashprompt.html\
 +
 +A very simple command prompt:
 +<​html>​
 +export PS1="​[\u@\h:​\w]\$ "
 +</​html>​
 +
 +You can also add colors to this string, see the links for more info.
 +Personally I like [[https://​wiki.archlinux.org/​index.php?​title=Color_Bash_Prompt&​printable=yes|Wolfman'​s prompt]], It's colored, with the path in it, and on every system I give it a unique identifier with a unique color. This prevents me from accidently reboot the wrong system or perform even more harmfull actions to the wrong pc, as I can directly see which system it is I'm working on.
 +Download the code for my [[bashprompt.txt|bash prompt here]]
 +
 +And this bash-feature is too, to colorize '​ls'​ output:
 +<​html>​
 +export CLICOLOR=1
 +</​html>​
 +
 +You can also have the .bashrc file with all the correct settings automaticaly created when you add a new user, if you make the changes to the file in the '/​etc/​skel'​ folder:
 +  nano /​etc/​skel/​.bashrc
 +
 + ln -s .bashrc .bash_profile
 +https://​www.linuxfromscratch.org/​blfs/​view/​stable/​postlfs/​profile.html
 +
 +
 +
 +==== changing the default blocksize ====
 +The environment variable '​BLOCKSIZE'​ is used in '​df'​ and a few othe tools, and tells the system in which units it should display number of bytes.
 +
 +the standard output of '​df'​ begins with:
 +<​html>​
 +Filesystem ​ 1K-blocks ​     Used    Avail Capacity ​ Mounted on
 +...
 +</​html>​
 +Because harddisk drives nowadays are just under a terabyte, expressing sizes in 1K-blocks doesn'​t make it easier to read. Thats why I change it to megabyes instead of kilobytes:
 +
 +
 +  nano /​home/<​freebsd_username>/​.profile
 +Change the existing line with the '​=K'​ to '​=M',​ new situation:
 +<​html>​
 +BLOCKSIZE=M; ​   export BLOCKSIZE
 +</​html>​
 +
 +Logout, login, run '​df',​ and the output should be much better readable:
 +<​html>​
 +Filesystem ​ 1M-blocks ​  ​Used ​ Avail Capacity ​ Mounted on
 +/​dev/​ad0s2a ​      ​495 ​    ​74 ​   381    16%    /
 +...
 +/​dev/​ad0s4a ​    ​44625 ​  ​1977 ​ 39078     ​5% ​   /mnt/big
 +</​html>​
 +You see that my partition /dev/ad0s4a (mounted at /mnt/big) is around 45GB in size, 2GB used, and about 39GB free, the remainder is not shown, as it is some spare space needed to prevent disk fragmentation. [[https://​www.freebsdforums.org/​docs/​openbsd/​openbsdfaq.html|More info here (see section 14.14)]], or read 'man tunefs'​ to read how to change the amount that FreeBSD uses to counter fragmentation.
 +
 +
 +
 +==== changing the '​motd'​ ====
 +
 +The Message-Of-The-Day (motd) that is shown everytime I login, is really too long for me. I use it now for noting which things I still have to install, configure and test.
 +
 +I tend to loose '​notes'​ files in '​any-random-folder-here',​ but using /etc/motd as a substitute works for me. 
 +Don't do this if there are other users with login access to your machine, because they would see your todo-list too, which is not such a good idea if you put things like: "- fix remote exploitable bug in Apache"​ in the message.
 +
 +Remove all but the first three lines, and enter any notes after the 3rd line:
 +  nano /etc/motd
 +<​html>​
 +FreeBSD 6.2-RELEASE (FREEBSD62) #0: Mon Jan  4 01:56:50 CEST 2007
 +Welcome to FreeBSD!
 +
 +Todo:
 +- ...
 +</​html>​
 +
 +==== changing the hostname ====
 +Set hostname (perhaps already set correctly during install):
 +  nano /​etc/​rc.conf
 +<​html>​
 +hostname="<​freebsd62.example.org>"​
 +</​html>​
 +
 +==== changing the dns servers ====
 +Set up the DNS servers, if not already done so:
 +  nano /​etc/​resolv.conf
 +<​html>​
 +nameserver <​ip_address_of_myisp'​s_first_nameserver>​
 +nameserver <​ip_address_of_myisp'​s_second_nameserver>​
 +</​html>​
 +
 +
 +
 +===== ntpd =====
 +System time synchronization / Network Time Protocol Distribution
 +Official URL: [[https://​www.isc.org/​sw/​ntp/​]]
 +
 +The NTP-client (Network Time Protocol Client / ntpd) will set your systems time with the help of so called 'time servers'​ on the internet, which are very accurate clocks. In this way, your computers time is set correct exactly. It wil periodically re-sync your system time with atom clocks, to correct small differences.
 +
 +Why do I want to install it: knowing the exact time is very important ​
 +for logging error messages, investigating security issues, making ​
 +backups, etcetera. Additionally,​ some computers don't have an accurate internal clock. This tool helps setting the system'​s time.
 +
 +
 +Install package: ​ (version 4.2.0_1)
 +  pkg_add -r ntp
 +
 +Configuration:​
 +(change //<​my_isps_timeserver>//​ to a timeserver near to you or your 
 +ISP. Your ISP can tell you what timeserver you should use (I found mine, 
 +chime2.surfnet.nl,​ by searching ​
 +on the keywords 'time server <my internet service provider name>'​)
 +If you really can't find whats your ISP's timeserver, use one of the 
 +public time servers, like time.nist.gov or pool.ntp.org).:​
 +  nano /​etc/​ntp.conf
 +<​html>​
 +server <​my_isps_timeserver>​
 +</​html>​
 +
 +To make sure ntpd is started upon boot, add the correct line to /​etc/​rc.conf:​
 +  nano /​etc/​rc.conf
 +<​html>​
 +ntpd_enable="​YES"​
 +</​html>​
 +
 +Now synchronize the time on your pc with the time of your chosen timeserver (probably only needed once.)
 +  ntpd -gq
 +You will get a message like this one:
 +<​html>​
 +ntpd: time set -7152.403129s
 +</​html>​
 +If you, like me, are doing this installation on another pc than the pc that FreeBSD will run on, remember to run this command again on that other pc after installation.
 + 
 +===== screen =====
 +'​Screen'​ allows you to create '​virtual consoles',​ which allows you to run applications,​ and put them to the background with a few keypresses.\\
 +[[https://​www.bsdguides.org/​guides/​freebsd/​misc/​setup_screen.php|BSD Guides article on Setting Up Screen]]
 +
 +Install port:  (version 4.0.2_4)
 +  portinstall screen
 +
 +or, as an alternative,​ if you haven'​t installed portupgrade & portinstall:​
 +  cd /​usr/​ports/​sysutils/​screen
 +  make
 +  make install
 +
 +Test it:
 +  screen
 +Start any application (like '​mc'​),​ then press CTRL-a, followed by '​d'​ (=detach). Return to '​mc'​ by entering on the command line:
 +  screen -R
 +You will re-attach (=R) to the previously disconnected screen session.
 +Use the '​exit'​ command to exit a screen.
 +  exit
 +
 +
 +
 +/*
 +It will start screen, load a shell and drop you into it. You can exit it 
 +by exiting the shell (just type '​exit',​ and screen will close too). You 
 +can detach it by pressing Ctrl+A D  You'll be returned to the 
 +non-screened shell, and the process running in screen will continue ​
 +running in the background.
 +
 +To re-attach to a screen session, enter: ​ screen -R
 +You'll return to your screen session jus where you left it. 
 +(however, if there'​s more than one screen running then it will give you 
 +a list of screens to attach to)
 +
 +Inside the '​screen',​ there are various commands you can use:
 +To create a new screen, press Ctrl+A C. You can do this any number of 
 +times.
 +
 +
 +* The following screen command will create a new screen session, ​
 +'-d -m' means: start screen in "​detached"​ mode. This creates a new 
 +session but               ​doesn'​t ​ attach ​ to  it.  This  is  useful  ​
 +for  system startup scripts.
 +(So you can use this in /​etc/​rc.local to run anything in the background)
 +'-S midnight'​ means: sets the screen-name to '​midnight'​ (so if you'​re ​
 +running multiple screens you can easily find and re-attacht to it); 
 +'​mc'​ tell screen to start the command '​mc'​ (midnight commander, if 
 +you've installed it).
 +
 + ​screen -dmS midnight mc
 +
 +To attac to this screen, ener: screen -R midnight
 +
 +*/
 +persistent screen session with many windows. ​
 +To that end, I.ve added .screen -d -r to my .login. ​
 +
 +===== (De-)compression tools (RAR,​ZIP,​ARJ,​ZOO) =====
 +Install packages:
 +  pkg_add -r unrar unzip zip unarj zoo
 +
 +pkg_info will now also list the following packages to be installed (version numbers may be different in your case):
 +  * unrar-3.70.b3,​4
 +  * unzip-5.52_2
 +  * zip-2.32
 +  * unzoo-4.4_2
 +  * arj-3.10.22
 +
 +
 +
 +===== perl =====
 +Practical Extraction and Result Language
 +Very popular interpreted programming language
 +
 +Install package: ​ (version 5.8.8)
 +  pkg_add -r perl
 +
 +To install additional modules, I suggest you use the CPAN.pm shell, as 
 +it is the easiest way (instead of unpacking/​compiling/​installing modules ​
 +by hand)
 +  perl -MCPAN -e shell
 +Search for a module:
 +  i /​whattosearchfor/​
 +Installing a module:
 +  install Module::​Name
 +
 +(e.g.: install Date::​Format)
 +
 +(See https://​www.rcbowen.com/​imho/​perl/​modules.html for more information
 +
 +)
 +
 +You don't have to be root to use perl modules, non-root works too:
 +https://​linuxgazette.net/​139/​okopnik.html
 +
 +===== mc, the Midnight Commander =====
 +A console file manager, a Norton Commander (nc) clone.
 +It's like a 'swiss army knife',​ besides the dual-window file manager, it has a file exitor, ftp and smb (read:samba or windows file sharing) support.
 +
 +Install package:
 +  pkg_add -r mc
 +
 +Or you can build it from source:
 +  cd /​usr/​ports/​sysutils/​mc
 +  make
 +  make install
 +
 +===== wget =====
 +Command line HTTP downloader
 +
 +Install package: ​ (version 1.10.2)
 +  pkg_add -r wget
 +
 +
 +
 +===== curl =====
 +wget-like command line http downloader with cookies-support
 +
 +Install package: ​ (version 7.15.3)
 +  pkg_add -r curl
 +
 +
 +
 +
 +
 +====== Network / connectivity ======
 +
 +
 +===== ProFTPD =====
 +Official URL: https://​www.proftpd.org
 +
 +Installation:​
 +  cd /​usr/​ports/​ftp/​proftpd
 +  make
 +  make install
 +
 +Run on system startup:
 +  nano /​etc/​rc.conf
 +Add:
 +<​html>​
 +proftpd_enable="​YES"​
 +</​html>​
 +
 +Configuration:​
 +  nano /​usr/​local/​etc/​proftpd.conf ​
 +Remove <​Anonymous>​ section (CTRL-K cuts lines, CTRL-U uncuts lines). You might also want to change '​Servername'​ to something less standard:
 +<​html>​
 +Servername "//​freebsd62.example.org//"​
 +
 +AuthUserFile /​etc/​proftpd/​ftpd.passwd
 +#​UseIPv6 on
 +UseIPv6 off
 +DefaultRoot ~
 +# RequireValidShell off
 +RequireValidShell off
 +
 +</​html>​
 +
 +You can find other configurations on the proftpd website.
 +Download a basic configuration file from the proftpd website (make sure [curl|curl] is installed):
 +  curl -o /​usr/​local/​etc/​proftpd.conf https://​www.proftpd.org/​docs/​configs/​basic.conf
 +You can use https://​www.proftpd.org/​docs/​configs/​virtual.conf if you are planning on using virtual hosts.
 +
 +??  mkdir /​var/​run/​proftpd
 +</​html>​
 +PS: there is a sample configuration file in /​usr/​local/​share/​examples/​proftpd/​etc/​proftpd.conf ​
 +
 +
 +Start it:
 +  /​usr/​local/​etc/​rc.d/​proftpd start
 +You should see the line '​Starting proftpd.'​.
 +
 +
 +Test it:
 +  ftp localhost
 +You will see something like:
 +<​html>​
 +Trying ::1...
 +ftp: connect to address ::1: Connection refused
 +Trying 127.0.0.1...
 +Connected to localhost.
 +220 ProFTPD 1.3.0 Server (freebsd62.example.org) [127.0.0.1]
 +Name (localhost:​root): ​
 +</​html>​
 +This confirms your FTP server is running. Try to login using your regular user password (as a security measure, ftp access for root is blocked)
 +
 +In case of errors/​problems:​
 +Add the following to /​usr/​local/​etc/​proftpd.conf:​
 +<​html>​
 +ExtendedLog ​                    /​var/​log/​ftp.log
 +DebugLevel ​     9
 +</​html>​
 +Restart proftpd, and check the ftp.log file for error messages
 +
 +===== natd (internet sharing) =====
 +When you get just 1 internet IP address from your ISP, and you want to allow more computers ​
 +access to the internet (without using proxy servers) you need NAT (Network Address ​
 +Translation). Setting it up is easy, if you pay attention :)
 +
 +You need 2 network cards/​interfaces installed in your machine:
 +  /dev/pub0 is my network interface connected to the internet, ​
 +  /dev/priv0 is my network interface conencted to the internal network.
 +Replace occurences of <​pub0>​ and <​priv0>​ with your network interface device names and remove ​
 +the < > characters too.
 +You can find your network interface names with the command:
 +  ifconfig -a
 +
 +Edit /​etc/​rc.conf,​ and check if your network cards are set up correctly,
 +If your '​public'​ network card is connected to the internet an DSL- or Cable modem, it might 
 +be that your ISP provides you with an IP address, in this case, you'll probably already ​
 +have '​ifconfig_pub0="​DHCP"' ​ in your rc.conf.
 +My ISP gave me a fixed ip address (actually, a complete range), so in my case it's different:
 +<​html>​
 +    ifconfig_pub0="​inet <​my.public.ip.address>​ netmask <​my.public.net.mask>"​
 +</​html>​
 +
 +Now for the second network card, that is connected to your internal network:
 +<​html>​
 +    ifconfig_priv0="​inet 10.0.0.1 netmask 255.0.0.0"​
 +</​html>​
 +You can choose any private network range (10.0.0.0/​8,​ 192.168.0.0/​16,​ 172.16.0.0/​...) as 
 +long as it's not alreay used in your network.
 +
 +  nano /​etc/​rc.conf
 +Make sure the following lines are there (replace <​pub0>​ with your own network interface, e.g. '​rl0'​):​
 +<​html>​
 +gateway_enable="​YES" ​               # enable gateway
 +firewall_enable="​YES" ​              # and firewall
 +firewall_script="/​etc/​rc.firewall" ​ # firewall configuration file
 +firewall_type="​open" ​               # firewall type
 +firewall_quiet="​NO" ​                # show all firewall rules
 +natd_enable="​YES" ​                  # enable natd
 +natd_program="/​sbin/​natd" ​          # path to natd
 +natd_interface="<​pub0>" ​            # public/​external network interface
 +natd_flags="​-f /​etc/​natd.conf" ​     # extra options to natd
 +</​html>​
 +
 +Test it (by starting natd manually):
 +  natd -n <​pub0>​
 +  ipfw -q add 00050 divert natd ip4 from any to any via <​pub0>​
 +
 += Setting up the client =
 +Set up a computer ('​client'​) on your internal network, ip address 10.0.0.2, netmask 255.0.0.0, gateway ​
 +10.0.0.1, and DNS servers from your ISP (you can probably find them with 'cat /​etc/​resolv.conf'​) ​
 +
 += Testing natd connectivity =
 +On this client pc, go to a shell, (that'​s:​ Start -> Run -> cmd -> [ok]  for you windows ​
 +people, or WindowsKey-R -> cmd -> [ok]  for Vista unfortunates):​
 +  ping 10.0.0.1
 +If everything is ok (no firewalls in the way) you should get '​Response from 10.0.0.1 ...'.
 +
 +Next, ping another IP address (you can use the DNS server you found a moment ago):
 +  ping 194.109.6.66
 +If this works, natd works.
 +Note: some servers/​internetsites block '​ping':​ test if you can ping the address from your 
 +server, if this works, it should work from any client too.
 +
 +Now test if you can ping a website by it's name. 
 +  ping google.com
 +If this works, you can start your internet browser, and use the internet with multiple ​
 +computers.
 +
 +Reboot, to make sure natd is started automatically/​correctly upon the next boot.
 +
 +
 +===== Samba =====
 +CIFS / Windows Networking file sharing and more\\
 +Official URL: [[https://​www.samba.org]]\\
 +[[https://​www.bsdguides.org/​guides/​freebsd/​networking/​samba_wins_netbios.php|Samba as a WINS/​NetBIOS Server]]\\
 +URL: https://​www.comptechdoc.org/​os/​linux/​manual4/​smbconf.html\\
 +URL: [[https://​www.bsdforen.de/​showthread.php?​t=2174]]
 +
 +Install package: ​
 +  pkg_add -r samba3
 +Configure package:
 +  /​etc/​rc.conf:​
 +    samba_enable="​YES"​
 +  nano /​usr/​local/​etc/​smb.conf
 +
 +Configuration:​ FIXME
 +  nano /​usr/​local/​etc/​smb.conf
 +<​html>​
 +# Usual location for this file: /​usr/​local/​etc/​smb.conf
 +# Lines beginning with either a semi-colon or a pound sign (';'​ or '#'​) are comment lines,
 +# you can use them for explaining what options mean, or for temporarily disabling options
 +# by placing a # sign in front of the line.
 +# The length and usage of spaces and other non-alphanumerical characters is limited for some options
 +# Read the documentation
 +# NOTE: After modifying this file, run the command "​testparm"​ to check this file for syntax errors.
 +
 +# Global options
 +[global]
 +# '​workgroup'​ = NT-Domain-Name or Workgroup-Name
 +workgroup = WORKGROUP
 +
 +# '​netbios name' is the name you will see in "​Network Neighbourhood"​ (defaults to your hostname)
 +  netbios name = <​name_of_this_server>​
 +
 +# server string is the equivalent of the NT Description field
 +  server string = FreeBSD Samba Server ​
 +
 +# Logging:
 +# this tells Samba to use a separate log file for each machine that connects:
 +;  log file = /​var/​log/​samba/​log.%m
 +# Standard location for samba log files is /​var/​log/​samba/​
 +# Put a capping on the size of the log files (in Kb).
 +   max log size = 50
 +# Set the log (verbosity) level (0 <= log level <= 10)
 +;  log level = 3
 +
 +
 +# Which hosts to allow access to your SAMBA server
 +# Don't forget to replace or remove the < > stuff with your own values
 +# 127.0.0.1 = localhost (don't forget to include this one, or else you'll have trouble testing it)
 +# 192.168.*.*,​ 10.*.*.*, 172.16.*.* are local networks, optional.
 +# 1.2.3.4 is my ip adress and the number 27 is my netmask length (netmask = 255.255.255.224)
 +#  because of the netmask, it will also allow all other computers in my network access.
 +#  You can use a network/​netmask calculator like the one at https://​www.treachery.net/​tools/​calculator/​
 +# 123.123.123.123 is the (fictional) static ip address of a friend who I want to give access
 +  hosts allow = 127.0.0.1 192.168. 10. 172.16. <​1.2.3.4/​27>​ <​123.123.123.123>​
 +
 +# Denie traffic from all hosts (except from those configured with 'hosts allow'​)
 +  hosts deny = 0.0.0.0/0
 +
 +# Make this server the local&​preferred master server
 +# Don't use these if there other servers for the same task on your network.
 +  local master = yes
 +  os level = 100
 +  preferred master = yes
 +  wins support = yes
 +  domain master = yes 
 +
 +# I don't know what this does (<​1.2.3.255>​ is my broadcast address)
 +  remote announce = <​1.2.3.255>​
 +# Case sensitivity for filenames: read manual
 +
 +# Networking Options: this might give better performance
 +# See speed.txt and the manual pages for details
 +  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 +
 +# Printing: FIXME
 +#printing = CUPS
 +#​printcapname = CUPS
 +#map to guest = Bad User
 +#show add printer wizard = No
 +  show add printer wizard = No
 +
 +;  map to guest = Bad User
 +;   ​security = share
 +
 +
 +[shared]
 +  comment = Some shared folder
 +  path = /tmp/shared
 +  read only = No
 +  guest ok = Yes
 +  nt acl support = No
 +;  force user = freebsd
 +;  force group = users
 +
 +[music]
 +   ​comment = My MP3 collection
 +   path = /​mnt/<​musicdisc>/​mp3/​
 +   read only = yes
 +   ​public = yes
 +   hosts allow = 127.0.0.1 192.168. 10. 172.16. <​1.2.3.4/​27>​ <​123.123.123.123>​
 +   hosts deny = 0.0.0.0/0
 +
 +# Printer configuration with CUPS I will do another time. I've disabled it for now
 +;[printers]
 +;  comment = Print Temporary Spool Configuration
 +;  path = /​var/​spool/​samba
 +;  printable = Yes
 +;  guest ok = Yes
 +;  use clientdriver = Yes
 +;  browseable = No
 +
 +</​html>​
 +
 +You can find out which computers on your local network support the SAMBA-protocol (running either '​real'​ Windows CIFS, or by using SAMBA on any other operating system):
 +  nmblookup -B <​my.networks.broadcast.address>​ -d 2 "​*"​
 +I used 10.255.255.255.255 for my broadcast address, yours might be 192.168.255.255 or like that.
 +
 +
 +
 +===== OpenSSL =====
 +openssl-0.9.8c ​     SSL and crypto library
 +This SSL Library allows communication over secure channels (HTTPS, IMAPS), and is required in this guide for Courier-IMAP,​ Apache, and OpenVPN)
 +
 +Install package: ​ (version 0.9.8c)
 +
 +  pkg_add -r openssl
 +
 +
 +===== Apache 2.2 Webserver =====
 +URL: https://​www.apache.org
 +
 +Install package: (version 2.2.0_7)
 +  pkg_add -r apache22
 +
 +  nano /​etc/​rc.conf:​
 +<​html>​apache22_enable="​YES"</​html>​
 +
 +#​apache2ssl_enable="​YES"?​
 +  nano /etc/hosts:
 +<​html>​
 +    127.0.0.1 freebsd61.example.org
 +</​html>​
 +  mkdir /​usr/​local/​www
 +  nano /​usr/​local/​etc/​apache22/​httpd.conf:​
 +<​html>​
 +    ServerAdmin ....
 +    ServerName freebsd61.example.org
 +    ServerName 1.2.3.4
 +    DocumentRoot "/​usr/​local/​www"​
 +</​html>​
 +
 +Change:
 +<​html>​
 +    <​Directory "/​usr/​local/​www/​apache22/​data">​
 +    ...
 +    </​Directory>​
 +</​html>​
 +to ->
 +<​html>​
 +    <​Directory "/​usr/​local/​www"> ​
 +        Options Indexes FollowSymLinks ExecCGI
 +        AllowOverride All 
 +        Order allow,​deny ​
 +        Allow from all 
 +    </​Directory> ​
 +</​html>​
 +
 +Add:
 +<​html>​
 +AddType application/​x-httpd-php .php .php3 .php4 .php5
 +AddType application/​x-httpd-php-source .phps
 +
 +DirectoryIndex index.php index.cgi index.html
 +
 +AddHandler cgi-script .cgi
 +
 +NameVirtualHost *:80
 +
 +<​VirtualHost *:80>
 +  ServerAdmin webmaster@1.2.3.4
 +  DocumentRoot /www/ip
 +  ServerName 1.2.3.4
 +</​VirtualHost>​
 +
 +<​VirtualHost *:80>
 +  ServerAdmin webmaster@<​freebsd62.example.org>​
 +  DocumentRoot /​usr/​local/​www/<​freebsd62.example.org>​
 +  ServerName <​freebsd62.example.org>​
 +  ErrorLog /​var/​log/<​freebsd62.example.org>​-error_log
 +  CustomLog /​var/​log/<​freebsd62.example.org>​-access_log combined
 +</​VirtualHost>​
 +</​html>​
 +  mkdir /​usr/​local/​www/<​freebsd62.example.org>​
 +  apachectl configtest
 +  apacectrl restart
 +
 +Some time later, I noticed this error message upon manual start of apache:
 +<​html>​
 +[warn] (2)No such file or directory: Failed to enable the '​httpready'​ Accept Filter
 +</​html>​
 +I solved it temporarily by entering:
 +  kldload accf_http
 +
 +To load it on boot, add to your /​boot/​loader.conf:​
 +  accf_http_load="​YES"​
 +
 +I should check if the issue is resolved after the next reboot.
 +
 +
 +To prevent visitors seeing which version/​modules apache you're running, set ServerTokens to something else than '​Full',​ e.g.:
 +ServerTokens Prod
 +
 +
 +==== mod_jail (optional) ====
 +FIXME
 +Optional: mod_jail
 +A module to run Apache in a secure jail (like '​chrooted'​)
 +URL: https://​freshmeat.net/​projects/​mod_jail/?​branch_id=64870&​release_id=245997
 +
 +==== Custom 404-Errorhandler ====
 +It is possible in Apache, to use your own errorhandler for various errorcodes.
 +You might want to have this to inform you of people clicking 'dead links' on your website.
 +
 +  nano /​usr/​local/​etc/​apache22/​httpd.conf
 +<​html>​
 +ErrorDocument 404 "/​cgi-bin/​404_errorhandler.cgi"​
 +</​html>​
 +
 +
 +==== Apache::MP3 ====
 +
 +Apache::MP3 is a perl module for Apache, which allows you to listen to the music stored on your server from a windows pc trough a browser & Winamp.
 +Installation:​
 +
 + cd /​usr/​ports/​www/​p5-Apache-MP3
 + make
 +
 +This will also install '​mod_perl'​
 +
 +Add this line to the '​LoadModule'​-section in /​usr/​local/​etc/​apache22/​httpd.conf:​
 +<​html>​
 +  LoadModule perl_module libexec/​apache22/​mod_perl.so
 +</​html>​
 +
 +Visit the [[https://​search.cpan.org/​~lds/​Apache-MP3-4.00/​MP3.pm|Apache::​MP3 website]] for the rest of the installation instructions and all the documentation.
 +
 +If you get this error:
 +<​html>​
 +Syntax error on line ... of /​usr/​local/​etc/​apache22/​httpd.conf:​
 +Invalid command '​PerlHandler',​ perhaps misspelled or defined by a module not included in the server configuration
 +[root@freebsd62 /​usr/​local/​etc/​apache22]#​
 +</​html>​
 +Then the Apache mod_perl module isn't installed correctly.
 +
 +Follow the [[https://​search.cpan.org/​~lds/​Apache-MP3-4.00/​MP3.pm|rest of the installation instructions from the Apache::MP3 website]]
 +
 +Restart apache:
 +  apachectl restart
 +
 +Make a symlink to the folder where you store your mp3 files (in my case, that would be /​mnt/​audio/​music/​ )
 +  ln -s /​mnt/​audio/​music /​usr/​local/​www/​freebsd62.example.org/​songs
 +
 +Apache::MP3 comes with a set of icons, and style sheet to go with the html pages it generates. To make apache::mp3 find them, follow the next steps.\\
 +In /​usr/​local/​etc/​apache22/​httpd.conf,​ just below the <​Directory /> ... </​Directory>​ section, add:
 +<​html>​
 +<​Directory /​usr/​local/​share/​Apache-MP3>​
 +    AllowOverride None
 +    Order allow,deny
 +    Allow from all
 +</​Directory>​
 +</​html>​
 +And in the same file, just below the line '<​IfModule alias_module>',​ add:
 +<​html>​
 +Alias /apache_mp3 /​usr/​local/​share/​Apache-MP3
 +</​html>​
 +
 +Browse to https://​freebsd62.example.org/​songs/​ to see if it works
 +
 +I've changed a few lines in httpd.conf, to make sure that .mp3-files are treated equally as .MP3-files (and the same for .m3u, .pls and ogg-vorbis files):
 +<​html>​
 +AddType audio/​mpeg ​    mp3 MP3 Mp3 mP3
 +AddType audio/​playlist m3u M3U M3u m3U
 +AddType audio/​x-scpls ​ pls PLS PLs Pls pLS pLs plS
 +AddType application/​x-ogg ogg OGG Ogg OGg OgG oGG oGg ogG
 +</​html>​
 +
 +As the files in my MP3 collection often have bad mp3-id3 tags, I have Apache::MP3 to use the filename instead of the MP3-ID3 tag. In the '<​Location /​songs>'​ section of the httpd.conf file (or whatever you used instead of '/​songs'​ while following the Apache::MP3 installation instructions),​ add:
 +<​html>​
 +   ​PerlSetVar Fields filename
 +   ​PerlSetVar SortFields ​ filename
 +   ​PerlSetVar DescriptionFormat "​%f"​
 +   ​PerlSetVar ReadMP3Info no
 +</​html>​
 +You might like these settings too:
 +<​html>​
 +   ​PerlSetVar CacheDir ​      /​tmp/​mp3_cache
 +   ​PerlSetVar PathStyle Arrows
 +</​html>​
 +
 +
 +==== kplaylist ====
 +Official URL: https://​www.kplaylist.net
 +Requires: apache, php, mysql
 +
 +Installation:​
 +  cd /​usr/​ports/​audio/​kplaylist
 +  make
 +  make install
 +
 +Configure kplaylist with Apache (see instructions on the official website), make sure apache has access to your mp3 collection, configure the database to use, configure kplaylist.
 +Enter the location to your base mp3 folder in Filehandling -> Base directory
 +You can open the .m3u playlist files it generates with XMMS (or Winamp if you're using windows).
 +
 +
 +
 +
 +
 +
 +===== ISC DHCP-server (dhcpd) =====
 +On my computer network, there are some laptops. These laptops are not always connected to this network, but sometimes they are taken by their owner to another location, and plugged into another network.
 +This makes it unpractical to set-up static ip adresses onto these machines themselves, as the network settings would probably have to be changed everytime the laptop is plugged into another network.
 +This is why I will set up a DHCP server. This software will hand out network information like the unique ip adres the laptop may use, the netmask, the address of the default gateway, and which dns servers to use.
 +
 +FIXME If you use 192.168.*.*,​ 10.*.*.* or 172.16.*.* adresses, ...
 +
 +Install package: ​ (version 3.0.3_1)
 +pkg_add -r isc-dhcp3-server
 +(or portupgrade -r -P isc-dhcp3-server)
 +
 +
 +Configure package:
 +  nano /​etc/​rc.conf:​
 +<​html>​
 +dhcpd_enable="​YES" ​                         # dhcpd enabled?
 +dhcpd_flags="​-q" ​                           # command option(s)
 +dhcpd_conf="/​usr/​local/​etc/​dhcpd.conf" ​     # configuration file
 +dhcpd_ifaces="" ​                            # ethernet interface(s)
 +dhcpd_withumask="​022" ​                      # file creation mask
 +</​html>​
 +  cp /​usr/​local/​etc/​dhcpd.conf.sample /​usr/​local/​etc/​dhcpd.conf
 +  nano /​usr/​local/​etc/​dhcpd.conf
 +
 +<​html>​
 +default-lease-time 86400;
 +max-lease-time 172800;
 +default-lease-time 86400;
 +ddns-update-style interim;
 +
 +option ntp-servers 192.168.0.1;​
 +option domain-name "​freebsd61.example.org";​
 +option domain-name-servers 192.168.0.1;​
 +#, 192.168.2.1;​
 +option netbios-name-servers 192.168.0.1;​
 +#, 192.168.2.1;​
 +option netbios-node-type 8;
 +### NOTE ###
 +# netbios-node-type=8 means set clients to Hybrid Mode
 +# so they will use Unicast communication with the WINS
 +# server and thus reduce the level of UDP broadcast
 +# traffic by up to 90%.
 +############​
 +
 +subnet 192.168.0.0 netmask 255.255.0.0 {
 +  range dynamic-bootp 192.168.0.128 192.168.1.250;​
 +  option subnet-mask 255.255.0.0;​
 +  option routers 192.168.0.1;​
 +  allow unknown-clients;​
 +#  host hplj4 {
 +#    hardware ethernet 08:​00:​46:​7a:​35:​e4;​
 +#    fixed-address 192.168.1.10;​
 +#  }
 +}
 +}
 +  subnet 127.0.0.0 netmask 255.0.0.0 {
 +}
 +</​html>​
 +  touch /​var/​db/​dhcpd.leases
 +
 +Start it:
 +  /​usr/​local/​etc/​rc.d/​isc-dhcpd start
 +
 +Tools for dhcpd.conf management/​control & dhcp leases check
 +https://​www.linux-lovers.be/​index.php?​show=screen_kcmdhcpd
 +https://​dhcpstatus.sourceforge.net/​
 +https://​dixie.kneiseler.org/​index.php?​option=com_content&​task=view&​id=14&​Itemid=30
 +https://​config-dhcpd.sourceforge.net/​screenshots.html
 +https://​sauron.jyu.fi/​screenshots.shtml
 +
 +
 +Changing the DHCPD Logging File:
 +https://​www.onlamp.com/​pub/​a/​bsd/​2003/​05/​01/​FreeBSD_Basics.html?​page=2
 +
 +
 +To have a backup dhcpd or a fallback dhcp server (running 2 dhcp servers on the same network):
 +[[https://​www.kotfu.net/​2007/​10/​dhcp-failover.html|DHCP Failover on OpenBSD]]
 +https://​www.madboa.com/​geek/​dhcp-failover/​
 +
 +
 +===== BIND / named / DNS server =====
 +Official URL: [[https://​www.isc.org/​sw/​bind/​]]
 +
 +The BIND DNS Server (or '​named',​ as some call it) resolves (=translates) ​
 +web adresses to ip adresses (e.g. for translating the host name 
 +'​example.org'​ to it's IP adress '​208.77.188.166'​)
 +
 +There are two reasons for using it: 
 +* you want to act as a so called '​dns-proxy'​ or '​caching nameserver', ​
 +which will limit network traffic to the nameserver of your ISP.
 +* you are hosting websites and are doing DNS-server things yourself.
 +
 +
 +Install package: ​
 +  pkg_add -r bind
 +
 +Configuration of named is stored in /​var/​named/​etc/​named. This folder is symlinked to /etc/named (remember this when configuring the directories to backup).
 +The important files are:
 + * named.conf
 + * *.zone (the files you will create for every domain name)
 +
 +Configure package:
 +  cd /etc/named
 +
 +  sh make-localhost
 +  nano named.conf
 +
 +Comment out the line  "​listen-on ...":
 +<​html>​
 +//      listen-on ​      { 127.0.0.1; };
 +</​html>​
 +
 +Above the line "/ * An example master zone", insert the following for each domain you are running this nameserve for. Replace <​example.org>​ with the correct domain name (without the www-prefix). Remove the '<>'​ characters too:
 +<​html>​
 +zone "<​example.org>"​ {
 +        type master;
 +        file "<​example.org>​.zone/<​example.org>​.zone";​
 +};
 +</​html>​
 +
 +For each domain:
 +  mkdir <​example.org>​.zone
 +  cd <​example.org>​.zone
 +  nano <​example.org>​.zone
 +
 +Enter the following text (replace the <...> stuff with the correct information):​
 +<​html>​
 +$ORIGIN <​example.org>​.
 +; // Don't for get to incease the Serial value everytime you make changes to this file
 +; // I like to use the current date, so I can see when was the last time I've changed it
 +; // If you are updating this file more than once a day, this is not a good solution.
 +@       ​IN ​     SOA     <​ns1.upstream_nameserver.org>​. (
 +                                20070701 ; Serial
 +                                14400    ; Refresh
 +                                1800     ; Retry
 +                                3600000 ; Expire
 +                                3600 )
 +        IN      NS      <​ns1.upstream_nameserver.org>​.
 +        IN      NS      <​ns2.upstream_nameserver.org>​.
 +        IN      MX      10 <​smtp.example.org>​
 +
 +localhost ​      ​IN ​     A       ​127.0.0.1
 +<​example.org>​. ​ IN A       <​your.ip.address.here>​
 +*       ​IN ​     A       <​your.ip.address.here>​
 +</​html>​
 +
 +Test it (will show any configuration file errors, you can quit with CTRL-C):
 +  /​usr/​sbin/​named -t /var/named -u bind
 +
 +<​html>​
 +05-Mar-2007 12:​41:​06.992 starting BIND 9.3.2-P2 -f -g -t /var/named -u bind
 +05-Mar-2007 12:​41:​07.003 loading configuration from '/​etc/​namedb/​named.conf'​
 +05-Mar-2007 12:​41:​07.004 listening on IPv4 interface rl0, <​1.2.3.4>#​53
 +05-Mar-2007 12:​41:​07.006 command channel listening on 127.0.0.1#​953
 +05-Mar-2007 12:​41:​07.006 command channel listening on ::1#953
 +05-Mar-2007 12:​41:​07.006 ignoring config file logging statement due to -g option
 +05-Mar-2007 12:​41:​07.007 zone 0.0.127.IN-ADDR.ARPA/​IN:​ loaded serial 20070305
 +05-Mar-2007 12:​41:​07.007 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA/​IN:​ loaded serial 20070305
 +05-Mar-2007 12:​41:​34.475 <​example.org>​.zone/<​example.org>​.zone:​4:​ no TTL specified; using SOA MINTTL instead
 +05-Mar-2007 12:​41:​34.476 zone <​example.org>/​IN:​ loaded serial 20070305
 +05-Mar-2007 12:​41:​34.476 running
 +05-Mar-2007 12:​41:​34.476 zone <​example.org>/​IN:​ sending notifies (serial 20070305)
 +</​html>​
 +
 +This is how it looks here, when it's running correctly.
 +
 +Im my case, I got an error message:
 +<​html>​
 +05-Mar-2007 12:​41:​07.007 zone <​example.org>/​IN:​ loading master file <​example.org>​.zone/<​example.org>​.zone:​ permission denied
 +</​html>​
 +And it was immediately clear to me that copying the BIND/named configuration files from my backup to the /etc/named/ was ok, but that I had forgotten to give '​bind'​ access to the *.zone directories/​files. I fixed it by entering:
 +  chown -R bind /​etc/​named/​*.zone
 +
 +Configure it to run on system startup:
 +Add the following line to /​etc/​rc.conf:​
 +<​html>​
 +named_enable="​YES"​
 +</​html>​
 +
 +Start it:
 +  /​etc/​rc.d/​named start
 +<​html>​
 +wrote key file "/​var/​named/​etc/​namedb/​rndc.key"​
 +Starting named.
 +</​html>​
 +
 +<​FIXME>​
 +You'll need some information on the domains you want to do DNS stuff for (I take example.org as an example):
 +  whois example.org
 +You'll get something like this (write it down, we'll need it later):
 +<​html>​
 +   ​Domain nameservers:​
 +     <​ns1.upstream_nameserver.org> ​  <​1.2.3.4>​
 +     <​ns2.upstream_nameserver.org> ​  <​1.2.3.4>​
 +</​html>​
 +
 +==== Ad Blocking with your own DNS Server ====
 +URL: https://​www.deer-run.com/​~hal/​sysadmin/​dns-advert.html
 +
 +If you run your own dns server (BIND/​named),​ you can use it to do some ad-blocking (and even prevent Google tracing your whereabouts!).
 +
 +It works by blocking (actually, it is diverting) DNS request for a lot of banner-hosting domains. It even works against Google text-ads
 +If other computers are using this pc as a dns server (you can configure this in dhcpd.conf, section '​option domain-name-servers'​),​ they too will be '​protected'​ against evil advertisers that want to steal your precious time & bandwidth.
 +
 +You can block banners, text ads, some known cookie harvesting sites, and even normal sites.
 +Note that it will only block the DNS queries/​resolving,​ if you (or one of the users in your network) uses another DNS server, it will get resolved correctly, and nothing is blocked this way. You cannot block IP's this way (or banner URLS like <​code>​http://​1.2.3.4/​banner.gif</​code>,​ you would need a firewall to do that.
 +
 +Create the zone file '/​etc/​namedb/​adserver_redirect.zone':​
 +<​html>​
 +$TTL 24h
 +@       IN SOA <​example.org>​. hostmaster.<​example.org>​. (
 +        2007100900 ​     ; Serial yyyy/​mm/​dd/​id
 +        86400           ; Refresh (24 hours)
 +        300             ; Retry (5 minutes)
 +        604800 ​         ; Expire (7 days)
 +        3600 )          ; Negative Cache TTL (1 hour)
 +
 +@       ​IN ​     NS   <​freebsd62.example.org>​.
 +@       ​IN ​     A    <​server.dotted.ip.address>​
 +*       ​IN ​     A    <​server.dotted.ip.address>​
 +</​html>​
 +Replace <​example.org>,​ <​freebsd62.example.org>​ and <​server.dotted.ip.address>​. Make sure there are no spaces before the last three lines when you copy/past the text to a file.
 +If you use 127.0.0.1 as the <​server.dotted.ip.address>,​ requests from other clients (other computers in your network that are configured to use this FreeBSD as their dns server) will try to get the banners from '​their'​ localhost, instead of from the webserver on the FreeBSD machine.
 +I don't think there'​s much speed to gain, and I like having the FreeBSD server in the middle so I can take statistics how many banners are blocked.
 +
 +Next, edit /​etc/​namedb/​named.conf
 +For each domain name you wish to block banners (WARNING: and all other stuff from the same domain!) from, add the next line to the end of the file:
 +<​html>​
 +zone "<​domainname.tld>"​ { type master; file "​dummy-block";​ };
 +</​html>​
 +Replace <​domainname.tld>​ with the '​offending'​ site, like '​atdmt.com',​ '​doubleclick.net'​ or '​googlesyndication.com'​.
 +
 +<​html>​
 +doubleclick.com
 +doubleclick.net
 +adbrite.com
 +intellitxt.com
 +googlesyndication.com
 +atdmt.com
 +yieldmanager.com
 +</​html>​
 +There are sites which list known advertising ​ providers domains.
 +You can find more of these domain names by googling on a few of the names above combined.
 +
 +Instead of <​domainname.tld>​ you can also use <​subdomain.domainname.tld>,​ to prevent blocking important stuff.
 +
 +Configure your FreeBSD server to use it's own dns server. Edit /​etc/​resolv.conf,​ and make sure the first entry is:
 +<​html>​
 +nameserver 127.0.0.1
 +</​html>​
 +
 +Remember to reload named whenever you have edited /​etc/​namedb/​named.conf:​
 +  kill -HUP `cat /​var/​run/​named/​pid`
 +or
 +  killall -1 named
 +
 +Test it:
 +  ping some.random.thingy.yieldmanager.com
 +You should get a ping reply from '​127.0.0.1'​ or from your server'​s ip address.
 +
 +If you run into problems, make sure named is running:
 +  ps auxwww|grep named
 +If named isn't running, there might be something wrong with your configuration files.
 +Start named in '​foreground'​ mode, showing all messages on the console:
 +  named -g
 +or
 +  cd /etc/namedb
 +  named -f -d 9
 +Debug messages are stored in /​etc/​namedb/​named.run
 +
 +Named won't start if the named.conf has errors, or duplicate entries (!)
 +
 +You can start named correctly with the command:
 +  /​etc/​rc.d/​named start
 +
 +
 +Firefox has its own internal domain-name-based image blocking function,
 +To configure/​disable/​adjust,​ open FireFox, click Edit -> Preferences -> Content -> Exeptions-button just right of 'Load images automatically'​
 +It doesn'​t block text-ads, as far as I know, and works on that pc.
 +
 +another URL: https://​pgl.yoyo.org/​adservers/​
 +another URL: https://​www.xml-dev.com/​blog/​index.php?​action=viewtopic&​id=169
 +
 +There'​s a Firefox ad-blocking plugin, which works with a list of banner-serving sites,
 +https://​addons.mozilla.org/​en-US/​firefox/​addon/​1136
 +You can find more ad-serving hosts from the '​Filterset.G'​ file.
 +This file however isn't direct compatible with named.conf, you've got to edit it.
 +
 +After blocking *.google-analytics,​ Firefox gives this error:
 +<​html>​
 +ssl.google-analytics.com sent an unexpected / error message / code:  -12263
 +</​html>​
 +I guess this has something to do with the secure https protocol not able to find a valid SSL certificate.
 +I'm still searching for a nice solution, but I'll rather have the '​12263'​ firefox error message than having google follow me on the net.
 +<​html>​
 +https://​www.mozilla.org/​projects/​security/​pki/​nss/​ref/​ssl/​sslerr.html
 +...
 +Constant: SSL_ERROR_RX_RECORD_TOO_LONG
 +"SSL received a record that exceeded the maximum permissible length."​
 +-12263 ​
 +</​html>​
 +
 +I think I need to have the URL https://​ssl.google-analytics.com/​urchin.js redirect to an existing file.. or at least a webserver supporting ssl..
 +
 +An example website giving this error is: https://​www.csmonitor.com/​
 +
 +===== TrafShow =====
 +Network traffic monitoring (TCP/UDP)
 +
 +If you are looking for more advanced traffic monitoring tools (traffic sniffing tools), go google for: ethereal, ettercap, [[https://​www.wireshark.org/​|Wireshark]] (this one runs on Windows too)
 +
 +This provides basic network traffic visualisation on a text-based terminal.
 +You might also want to check out '​mrtg',​ which is another network load monitoring tool
 +
 +Install package: ​ (version 5.2.2,1)
 +  pkg_add -r trafshow
 +
 +Test it by running:
 +  trafshow
 +Select the correct network interface to monitor, and if there is any network traffic, you should see it.
 +
 +If you get an error:
 +<​html>​
 +No packet capture device available (no permission?​)
 +</​html>​
 +You are not running it as root. Get root privileges, or change the (read) permissions of the// /dev/bpf0 //and// /dev/bpf1 //devices. Don't make it world-readable (o+r), or else anyone with access to your computer can sniff on your network traffic, capture ftp-passwords and compromise your security!
 +/*
 +Reversing
 +
 +Sometimes you are sitting on the wrong side of the link, and you would 
 +like to have mrtg report Incoming traffic as Outgoing and vice versa. ​
 +This can be achieved by adding the '​-'​ sign in front of the "​Target" ​
 +description. It flips the incoming and outgoing traffic rates.
 +Example:
 + ​Target[ezci]:​ -1:​public@ezci-ether.domain
 +*/
 +===== NetCat =====
 +TCP tool '​nc'​
 +Install package: ​ (version 1.10_2)
 +  pkg_add -r netcat
 +
 +
 +===== nmap =====
 +Very good portscanner
 +
 +"Port scanning utility for large networks"​
 +Install package: ​ (version 4.01)
 +  pkg_add -r nmap
 +
 +
 +
 +
 +====== Databases ======
 +
 +===== MySQL =====
 +
 +Install package: ​ (version mysql-server-5.1.15)
 +  pkg_add -r mysql51-server ​
 +(includes mysql51-client-5.1.15)
 +  pkg_add -r  mysql51-scripts
 +
 +  mkdir /​var/​db/​mysql
 +  chown mysql:mysql /​var/​db/​mysql
 +  nano /​etc/​rc.conf
 +Add:
 +<​html>​
 +mysql_enable="​YES"​
 +</​html>​
 +
 +Start MySQL manually:
 +  /​usr/​local/​etc/​rc.d/​mysql-server start
 +
 +Now we are setting the MySQL database administrator password (you should choose a new password for <​my_mothers_maiden_name>​ here, do not use your current root password):
 +  mysql mysql -u root
 +You should get some infomation about the running MySQL engine, and a '​mysql>'​-prompt. Enter the following lines (replacing <​my_mothers_maiden_name>​ with some other password you have chosen):
 +<​html>​
 +UPDATE user SET Password=PASSWORD('<​my_mothers_maiden_name>'​) WHERE user='​root';​
 +FLUSH PRIVILEGES;
 +EXIT
 +</​html>​
 +
 +If successfull it will show you something like:
 +<​html>​
 +1 rows updated ...
 +</​html>​
 +
 +If you get the following error:
 +<​html>​
 +  ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/​tmp/​mysql.sock'​ (38)
 +</​html>​
 +then check if you have succesfully started the mysql daemon.
 +
 +
 +====== Webserver ======
 +
 +
 +
 +
 +
 +===== PHP =====
 +A popular web scripting language
 +Official URL: [[https://​www.php.net/​]]
 +
 +Install port (not using the package!): ​ (version 5.1.6)
 +  cd /​usr/​ports/​lang/​php5
 +  make
 +Enable '​MULTIBYTE Enable zend multibyte support',​ leave other settings as they are:
 +<​html>​
 +                 ​Options for php5 5.1.6                        .
 +...
 +     . .  [X] MULTIBYTE ​ Enable zend multibyte support ​                 ​
 +...
 +</​html>​
 +  make install
 +
 +This will put the following executables (including the apache library libphp5.so) in the correct place:
 +  /​usr/​local/​libexec/​apache22/​libphp5.so
 +  /​usr/​local/​bin/​php
 +  /​usr/​local/​bin/​php-cgi
 +
 +Now, install PHP5-extensions ​ (version 1.0, as it is a meta-package)
 +  cd /​usr/​ports/​lang/​php5-extensions
 +  make
 +Select extra: bz2, ftp, gettext, mysqli, ncurses, openssl & zip.
 +Do not select '​gd',​ as it will download lots of X11.org stuff
 +
 +This will install:
 +<​html>​
 +    php5-bcmath-5.1.6 ​  The bcmath shared extension for php
 +    php5-bz2-5.1.6 ​     The bz2 shared extension for php
 +    php5-calendar-5.1.6 The calendar shared extension for php
 +    php5-ctype-5.1.6 ​   The ctype shared extension for php
 +    php5-curl-5.1.6 ​    The curl shared extension for php
 +    php5-dom-5.1.6 ​     The dom shared extension for php
 +    php5-ftp-5.1.6 ​     The ftp shared extension for php
 +    php5-gettext-5.1.6 ​ The gettext shared extension for php
 +    php5-iconv-5.1.6 ​   The iconv shared extension for php
 +    php5-imap-5.1.6 ​    The imap shared extension for php
 +    php5-mcrypt-5.1.6 ​  The mcrypt shared extension for php
 +    php5-mysqli-5.1.6 ​  The mysqli shared extension for php
 +    php5-ncurses-5.1.6 ​ The ncurses shared extension for php
 +    php5-openssl-5.1.6 ​ The openssl shared extension for php
 +    php5-pcre-5.1.6 ​    The pcre shared extension for php
 +    php5-posix-5.1.6 ​   The posix shared extension for php
 +    php5-readline-5.1.6 The readline shared extension for php
 +    php5-session-5.1.6 ​ The session shared extension for php
 +    php5-simplexml-5.1.6 The simplexml shared extension for php
 +    php5-sqlite-5.1.6 ​  The sqlite shared extension for php
 +    php5-tokenizer-5.1.6 The tokenizer shared extension for php
 +    php5-xml-5.1.6 ​     The xml shared extension for php
 +    php5-xmlreader-5.1.6 The xmlreader shared extension for php
 +    php5-xmlwriter-5.1.6 The xmlwriter shared extension for php
 +    php5-zlib-5.1.6 ​    The zlib shared extension for php
 +</​html>​
 +Test it:
 +  make install
 +  nano /​usr/​local/​www/<​your_freebsd_hostname>/​phpinfo.php
 +<​html>​
 +    <?php
 +    phpinfo();
 +    ?>
 +</​html>​
 +Point your browser to the URL: ht tp :/ / <​your_freebsd_hostname>/​phpinfo.php
 +You should get lots of information about the php engine.
 +
 +To allow PHP to connect to a MySQL database, install the port '​php5-mysql':​
 +  /​usr/​ports/​databases/​php5-mysql
 +  make
 +  make install
 +
 +Also install the port '​php5-extensions':​
 +  cd /​usr/​ports/​lang/​php5-extensions
 +  make
 +  make install
 +You will need to tag '​multibyte string'​ to run phpMyAdmin.
 +
 +To configure Apache to use PHP, open '/​usr/​local/​etc/​apache22/​httpd.conf',​ make sure that the following modifications are there, or add them:
 +Add the line:
 +<​html>​
 +LoadModule php5_module ​       libexec/​apache22/​libphp5.so
 +</​html>​
 +And:
 +<​html>​
 +AddType application/​x-httpd-php .php .php3 .php4 .php5
 +AddType application/​x-httpd-php-source .phps
 +</​html>​
 +
 +Change:
 +<​html>​
 +    DirectoryIndex index.html index.cgi
 +</​html>​
 +To:
 +<​html>​
 +    DirectoryIndex index.html index.cgi index.php
 +</​html>​
 +
 +
 +===== phpMyAdmin =====
 +Web based/PHP frontend for MySQL administration\\
 +Official URL: [[https://​www.phpmyadmin.net]]
 +
 +Installation (requires that php5 has been built with '​MULTIBYTE'/​mbyte option):
 +  cd /​usr/​ports/​database/​phpmyadmin
 +  make
 +  make install
 +
 +Add the following to the Apache configuration file /​usr/​local/​etc/​apache22/​httpd.conf. Replace <​your_ip_address>​ with the IP address you want to connect from:
 +<​html>​
 +    Alias /​phpmyadmin/​ "/​usr/​local/​www/​phpMyAdmin/"​
 +
 +    <​Directory "/​usr/​local/​www/​phpMyAdmin/">​
 +        Options none
 +        AllowOverride Limit
 +
 +        Order Deny,Allow
 +        Deny from all
 +        Allow from 127.0.0.1 <​your_ip_address>​
 +    </​Directory>​
 +</​html>​
 +
 +Restart Apache:
 +    apachectl restart
 +
 +Visit http://<​freebsd62.example.org>/​phpMyAdmin/​
 +
 +WORK IN PROGRESS BELOW THIS LINE.
 +
 +Configuration:​
 +  cd /​usr/​local/​www/<​freebsd62.example.org>/​pMA
 +  cp config.sample.inc.php config.inc.php
 +  cd phpMyAdmin
 +  nano Documentation.txt ​
 +Read the 'quick install'​ section.
 +
 +Create directory for saving configuration,​ :
 +  mkdir config
 +Give it world writable permissions:​
 +  chmod o+rw config
 +
 +I went to http:/ /<​freebsd62.example.org>/​pMA/​scripts/​setup.php
 +Under '​Servers',​ click '​Add'​
 +Set '​Authentication type' to '​HTTP'​
 +Click '​Add',​ click '​Save'​
 +
 +Move file to current directory:
 +  mv config/​config.inc.php .
 +Remove world read and write permision:
 +  chmod o-rw config.inc.php
 +
 +  cp config.default.php config.inc.php
 +  nano config.inc.php
 +<​html>​
 +    $cfg['​PmaAbsoluteUri'​]='​http://<​freebsd62.example.org>/​pMA';​
 +</​html>​
 +
 +For now, I will use cookie authentication. This is not as secure as I'd like it to be (I would be happier if https was working), but I'll leave it for now:
 +<​html>​
 +    $i=0;
 +    $i++;
 +    $cfg['​Servers'​][$i]['​host'​] = '​localhost';​
 +    $cfg['​Servers'​][$i]['​extension'​] = '​mysqli';​
 +    $cfg['​Servers'​][$i]['​auth_type'​] = '​cookie';​
 +    $cfg['​blowfish_secret'​] = '<​my_fathers_maiden_name>';​ /* YOU MUST FILL IN THIS FOR COOKIE AUTH!$
 +</​html>​
 +
 +As an alternative,​ you can put the MySQL username and password in this configuration file, and use a .htpasswd file in the phpMyAdmin directory to limit access. In this case you would need to add/change the following configuration items in config.inc.php:​
 +<​html>​
 +    $cfg['​Servers'​][$i]['​host'​] = '​localhost';​
 +    $cfg['​Servers'​][$i]['​extension'​] = '​mysqli';​
 +    $cfg['​Servers'​][$i]['​auth_type'​] = '​config';​
 +    $cfg['​Servers'​][$i]['​user'​]='​root';​
 +    $cfg['​Servers'​][$i]['​password'​]='<​my_mothers_maiden_name>';​
 +</​html>​
 +Protecting the phpMyAdmin with .htpasswd is something I will explain another time. Just stick with cookie authentication for now.
 +
 +Restrict access to the configuration file (very important if you have stored the MySQL password in here):
 +  chmod 600 config.inc.php
 +
 +Check your installation by browsing to http:/ /<​freebsd62.example.org>/​phpMyAdmin
 +If everything is ok, you should be asked for a username and a password. Enter the MySQL username and password you have configured earlier. After entering the correct password and pressing ok, you should see the phpMyAdmin page, where you can manage your MySQL databases.
 +
 +
 +protect pMA directory with .htaccess and .htpasswd:
 +https://​httpd.apache.org/​docs/​2.0/​programs/​htpasswd.html
 +
 +  nano .htaccess
 +<​html>​
 +    AuthName "​Restricted Area" ​
 +    AuthType Basic 
 +    AuthUserFile /​var/​www/<​mysite>/<​my_protected_dir>/​.htpasswd ​
 +    AuthGroupFile /​dev/​null ​
 +    require valid-user
 +</​html>​
 +Change the AuthUserFile to the directory where you will put the .htpasswd file. You can change the '​AuthName'​ value too.
 +
 +Now, let's create the .htpasswd file, which will contain the usernames and (encrypted) passwords of the users that will have access.
 +Make sure you are in the correct directory, then enter:
 +  htpasswd -c .htpasswd <​username>​
 +If the file .htpasswd already exists, remove the -c to add users to an existing .htpasswd file:
 +  htpasswd .htpasswd <​username>​
 +You will be prompted for the password (2 times).
 +
 +Check if it works, open your webbrowser and go to <​mysite>/<​my_protected_dir>/​
 +It should prompt you for an username and a password.
 +
 +For security, make sure all files starting with '​.ht'​ are blocked from public viewing in your webserver configuration. ​
 +
 +===== Joomla =====
 +A Content Management System (CMS), similar like '​Mambo',​ another CMS
 +Official URL:
 +
 +Installation:​
 +  cd /​usr/​ports/​www/​joomla
 +  make
 +  make install
 +
 +  cd /​usr/​local/​www/​joomla
 +  ...
 +
 +Login to the phpMyAdmin website/​configuration panel, and make a new database, named '​joomla'​
 +
 +Edit /​usr/​local/​etc/​apache22/​httpd.conf,​
 +Add a line:
 +Alias joomla /​usr/​local/​www/​joomla <​FIXME>​
 +
 +Next, go to the site http:/ /<​freebsd.example.org>/​joomla/​INSTALL.php website
 +<​html>​
 +Session save path  Not set, Unwriteable
 +Database server: localhost
 +username: root
 +password: <​MySQL_server_password>​
 +database: joomla
 +
 +Site name: <​Title_for_your_Joomla_website>​
 +
 +URL: http:/ /<​freebsd62.example.org>/​joomla
 +Path: /​usr/​local/​www/​joomla
 +Your E-mail: joomla_administrator@freebsd62.example.org
 +Admin password: <​my_mothers_maiden_name>​
 +(Username : admin)
 +</​html>​
 +
 +Point your browser to: http:/ /<​freebsd62.example.org>/​joomla
 +You should get a message telling you that you should remove the installation-folder.
 +We will do this:
 +  cd /​usr/​local/​www/​joomla
 +  rm -R installation
 +Reload the same URL (http:/ /<​freebsd62.example.org>/​joomla) in your browser, you should see the default Joomla site now.
 +
 +Browse to http:/ /<​freebsd62.example.org>/​joomla/​administrator/ ​ to go to the configuration panel where you can add users, edit pages, install '​mambots'​ and themes, etc.
 +
 +
 +===== Coppermine Gallery =====
 +
 +  cd /​usr/​ports/​www/​coppermine
 +  make
 +  make install
 +  nano /​usr/​local/​etc/​apache2/​httpd.conf
 +    Alias /​coppermine/​ "/​usr/​local/​www/​coppermine/"​
 +
 +    <​Directory "/​usr/​local/​www/​coppermine">​
 + Options Indexes Followsymlinks MultiViews
 + AllowOverride None
 + Order allow,deny
 + Allow from all
 +    </​Directory>​
 +
 +use phpMyAdmin to create a database named '​coppermine',​
 +  apachectrl restart
 +browse to: http://​freebsd61.example.org/​coppermine/​index.php
 +  username: coppermine
 +  pass: 
 +MySQL Database Name: coppermine
 +MySQL Username:​root
 +MySQL Password:
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +===== DokuWiki =====
 +This is an easy to use wiki that I use for updating this page.\\
 +Official URL: https://​wiki.splitbrain.org/​wiki:​dokuwiki
 +
 +[[https://​wiki.splitbrain.org/​wiki:​syntax|Click here to get an idea of the features DokuWiki has to offer]]
 +
 +I needed a easy website content editor to publish this FreeBSD 6.2 manual online. I didn't want a CMS, as those generally depend on a database like MySQL, and these are too big for what I need. I've visited https://​www.freshmeat.net , did a search on '​wiki',​ and found DokuWiki. It's small, doesn'​t depend on databases (for example MySQL), uses PHP, has a 9 out of 10 user-rating,​ and is good for writing documentation. Excactly what I need!\\
 +
 +Read https://​wiki.splitbrain.org/​wiki%3AInstall for the original installation instructions,​ and make sure to read https://​wiki.splitbrain.org/​wiki:​security after installation to secure it properly.
 +
 +Using ports:
 +<​code>​
 +cd /​usr/​ports/​www/​dokuwiki
 +make
 +make install
 +</​code>​
 +
 +It will install in /​usr/​local/​www/​dokuwiki folder. You can rename the '​dokuwiki'​ folder, and place it somewhere else.
 +
 +During installation it will ask which type of wiki this will be, as it can help you configure read/write access in different ways for registered/​unregistered users. The 3 most common methods are:
 +  * Everybody can view + edit the page (an open approach, like wikipedia)
 +  * Only registered users can view the page (when you have information in your wiki that shouldn'​t be public to everyone)
 +  * Visitors can only look at the page, and make no changes + only registered users can make changes (the way I want it)
 +
 +After installation,​ move (or symlink) it to the /​usr/​local/​www/<​domain_name>/<​foldername>,​ which would make it accessible in a browser at the URL http:/ /​www.<​domain_name>/<​foldername>/ ​ :
 +  ln -s /​usr/​local/​www/​dokuwiki /​usr/​local/​www/​freebsd62.example.org/​freebsd
 +Browse to:  http://​freebsd62.example.org/​freebsd/ ​ (don't forget the last '/'​)
 +You should see some Dokuwiki page.
 +
 +<​code>​chown -R www data
 +chown -R www conf</​code>​
 +
 +Let's configure it (while still being in the dokuwiki folder).
 +We will save all settings to local.php, Dokuwiki'​s main configuration file.
 +  cp conf/​local.php.dist conf/​local.php
 +  nano conf/​local.php
 +<​code>​
 +$conf['​start'​] ​      = '​freebsd62guide';​ //name of start page
 +$conf['​title'​] ​      = 'My FreeBSD 6.2 step-by-step installation guide';​
 +$conf['​allowdebug'​] ​ = 0;                //Allow debugging ​
 +$conf['​openregister'​]= 0;                //Allow everyone to register? (no)
 +$conf['​autopasswd'​] ​ = 0;                //​autogenerate passwords and email them (no)
 +$conf['​breadcrumbs'​] = 0;                //How many levels of previously visited pages to remember (0)
 +$conf['​usewordblock'​] = 0;               //​Block spam based on wordlist (no)
 +$conf['​useacl'​] = 1;                     //Use Acces Control Lists (yes)
 +$conf['​superuser'​] = '​admin'; ​           //The user which will have administrative rights
 +$conf['​fetchsize'​] ​  = FALSE;
 +$conf['​refcheck'​] = 0;
 +</​code>​
 +
 +
 +Some more settings: (my dokuwiki is written in english, so I set the spellcheck accordingly)
 +<​html>​
 +  Enable spellchecker **yes**
 +  Recent changes **50**
 +  Language: **en** ​
 +  Send "HTTP 404/Page Not Found" for non existing pages **yes**
 +</​html>​
 +
 +Make sure all configuration files are owned by the user Apache runs on:
 +  chown -R www:www .
 +
 +Making sure some files aren't 'world writable'​ (for security reasons):
 +  chmod 664 doku.php
 +  chmod 664 conf/​users.auth.php
 +
 +
 +For editing the page, I want to setup a password
 +More info on Acces Control Lists at URL: https://​wiki.splitbrain.org/​wiki:​acl
 +
 +Create a password (replace <​your_password>​ with the password you wish to use in DokuWiki):
 +  md5 -s <​your_password>​
 +This should output the following (I used '​password'​ as password):
 +<​html>​
 +MD5 ("​password"​) = 5f4dcc3b5aa765d61d8327deb882cf99
 +</​html>​
 +
 +cp conf/​acl.auth.php.dist conf/​acl.auth.php
 +  nano users.auth.php
 +Add the following lines (replace 5f4dcc3b5aa765d61d8327deb882cf99 with your own result):
 +<​html>​
 +admin:​5f4dcc3b5aa765d61d8327deb882cf99:::​admins
 +editor:​$1$b283fa69$r0ZhbBepcfGD.nJ5kNFUV/:::​users
 +</​html>​
 +
 +  cp conf/​acl.auth.php.dist conf/​acl.auth.php
 +  nano conf/​acl.auth.php
 +Add the following lines to allow all (registered) users to create and edit pages, and allow visitors only reading:
 +<​html>​
 +*       ​@users ​ 4
 +*       ​@ALL ​   1
 +</​html>​
 +
 +
 +By default, DokuWiki has 7 colored boxes at the bottom of the page, one of these is a link to the Creative Commons site. I've chosen the Creative Commons license '​by-nc-sa v2.5' to publish this guide, and I just need to change the version number of the CC-license to 2.5. It's easy to change that in the file dokuwiki/​lib/​tpl/​default/​footer.html\\
 +I've also removed the other buttons in this file which I won't need: 
 +  * 'RSS XML-feed',​
 +  * '​Donate'​ (PayPal),
 +  * 'PHP Powered',​
 +  * 'W3C XHTML1.0'​ and
 +  * 'W3C CSS' links.
 +
 +I'm leaving the '​Driven by DokuWiki'​ link in place.\\
 +
 +In the file '​conf/​acronyms.conf'​ you can add abbreviations and their meaning. I've used them to remind people that links like <​my_mothers_maiden_name> ​ should be replaced by their own passwords (go on, hover your mouse cursor over the text between the < and the >, and you will see).
 +
 +I will make the configuration files available for download soon <​FIXME>​\\
 +
 +<​Download footer.html>​\\
 +<​Download /​conf/​local.php>​\\
 +<​Download /​conf/​acl.auth.php>​\\
 +<​Download /​conf/​user.auth.php>​\\
 +
 +[[https://​blog.riff.org/​2006_08_13_dokuwiki_vs_google|March 4 2007 - I Just read this article about helping Google and other search engines to index your DokuWiki site, worth a read.]]
 +In the .htaccess file that's mentioned on this article, I've changed some lines replacing '​doku.php'​ with '/​freebsd/​doku.php'​. I bet this is not the best fix, but it works, and at this time, that's all I care about.
 +
 +I've discovered that DokuWiki is telling search engine crawlers to "​noindex,​nofollow"​ in the file '/​inc/​template.php',​ so I've changed every noindex -> index and nofollow -> follow.
 +Also, I added some code for adding the correct META-tags to my page. Couldn'​t find any other way to do this in the manual, but I must admit I didn't take more than a minute to search for it.. hints are welcome.
 +<​code>​
 +$KEYWORDS = "​freebsd,​guide,​ ... ";
 +$head['​meta'​][] = array( '​name'​=>'​keywords',​ '​content'​=>​$KEYWORDS);​
 +
 +$DESCRIPTION = "​Installation and configuration of a FreeBSD server, ... ";
 +$head['​meta'​][] = array( '​name'​=>'​description',​ '​content'​=>​$DESCRIPTION);​
 +</​code>​
 +
 +DokuWiki has [[https://​wiki.splitbrain.org/​wiki:​multilingual_content|support for Multilingual sites]], so I can use DokuWiki for my future dutch and german translation of this page.
 +
 +To force the recaching/​refresh/​recompile/​remake/​refreshing of a DokuWiki ​
 +page just add the parameter ​
 +'?​purge=true'​ after the ... /​your_dokuwiki.php file: http://​www.example.org/​somefolder/​your_dokuwiki.php?​purge=true ​
 +
 +Optimizing your DokuWiki page for Search Engine Indexing: https://​wiki.splitbrain.org/​wiki:​tips:​searchengines
 +
 +
 +I set [[https://​wiki.splitbrain.org/​wiki:​config#​indexdelay|indexdelay to 0]], 
 +[[https://​wiki.splitbrain.org/​wiki:​config#​useslash|enabled '​useslash'​]],​ and configured it to create a 
 +[[https://​wiki.splitbrain.org/​wiki:​sitemap|Google sitemap]] (which needed some re-editing).
 +
 +
 +quote: "​Sitemap is generated by the indexer. To launch it manually, and debug it, try : 
 +http://​www.example.org/​dokuwiki/​lib/​exe/​indexer.php?​debug=1"​ (replacing www.example.org with your server name)
 +
 +
 +And I discovered how to [[https://​www.linux.org.py/​wiki/​howto/​dokuwiki_hit_counter_patch|count page-hits (a webcounter) within DokuWiki]]
 +
 +
 +
 +/*
 +https://​wiki.splitbrain.org/​plugin:​translation
 +WORK IN PROGRESS
 +
 +wget https://​www.splitbrain.org/​_media/​projects/​dokuwiki/​dokuwiki-2007-06-26b.tgz?​id=projects%3Adokuwiki&​cache=cache
 +tar -zxvf (filename)
 +mv dokuwiki<​...>​ dokuwiki
 +mv dokuwiki /​usr/​local/​www/<​...>​
 +cd /​usr/​local/​www/​
 +chown -R root:wheel .
 +http://​.../​dokuwiki/​
 +Click on "​installer script"​. The next page (DokuWiki installer) will 
 +tell you that some of your folders do not have the proper permission ​
 +settings. Fix it by going to your dokuwiki folder, and enter:
 +
 +chown www:www conf/
 +chown www:www data/
 +chown www:www data/pages/
 +chown www:www data/attic/
 +chown www:www data/media/
 +chown www:www data/meta
 +chown www:www data/cache
 +chown www:www data/locks
 +chown www:www data/index
 +(click retry)
 +Wiki Name: 
 +(the html title of your wiki page will be "Page name [wiki name]"​)
 +I used "by Sebasiaan Giebels"​ as the name for my wiki.
 +Enable ACL (recommended) ticked
 +Superuser: edit   this
 +just like e-mail and password
 +Decide what kind of Wiki this should be (who should be allowed to write 
 +in it) I chose Public Wiki
 +Click the button,
 +and your new wiki should show up.
 +Click on '​Login'​ (bottom-rigt) and login with your (Superuser) username ​
 +and password
 +Here you can edit your page etc. See Syntax and Playground
 +Go to the Configuration Manager",​ and change the name for the start 
 +page. (
 +My Debian Linux on the NSLU2 installation & configuration guide
 +Save the settings, and open .../​dokuwiki/​doku.php
 +It should give the title you just entered (when the page name is still 
 +'​start',​ you'​ve ​
 +done something wrong in the previous step) , 
 +and 
 +tell you 
 +'This topic does 
 +not exist yet'. Re-login (if needed) and click on the '​Create this page' ​
 +button. Enter some text, save it, and reload the page
 +
 +
 +
 +https://​wiki.splitbrain.org/​wiki:​multilingual_content:​local.php
 +*/
 +
 +Adding Video to DokuWiki (like Youtube video clips):
 +https://​wiki.symplus.co.jp/​computer/​en/​youtube_plugin
 +
 +=== Hidden Comment ===
 +URL: https://​wiki.splitbrain.org/​plugin:​hidden_comment
 +
 +This tiny plugin allows you to leave notes to yourself (and other 
 +authors of your wiki) in the wiki source code that won't be shown on the 
 +wiki page.
 +
 +extract the contents of the .zip file to 
 +<​your_dokuwiki_path>/​libs/​plugins ​ and it should work.
 +
 +Example:
 +<​html>​
 +The text /* between the slash-asterik and asterisk-slash */ is hidden
 +</​html>​
 +Becomes:
 +  The text /* between the slash-asterik and asterisk-slash */ is hidden
 +
 +/*
 +=== folded text ===
 +(example: )
 +https://​wiki.splitbrain.org/​plugin:​inline_folding2
 +(or https://​wiki.splitbrain.org/​plugin:​folded)
 +*/
 +
 +
 +
 +
 +
 +
 +
 +
 +===== TinyProxy =====
 +A lightweight HTTP proxy server
 +
 +Official URL: [[https://​www.tinyproxy.org]]
 +Install package: ​
 +  pkg_add -r tinyproxy
 +
 +
 +===== Serial Console =====
 +This will allow me to access this FreeBSD pc over a serial cable. As one of these installations will run in a fire-safe basement, and I don't want to get my hands dirty everytime I accidently disable the Ethernet interface, stop SSH, ruin the firewall settings, or do something else which would otherwise result in the need for hands-on access.
 +https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​articles/​console-server/​freebsd.html
 +configuration:​
 +  nano boot.config
 +    -P
 +  nano /etc/ttys
 +    # Serial terminal on COM1:
 +    ttyd0 "/​usr/​libexec/​getty std.9600" ​ vt100   on secure
 +
 +Options Message goes to
 +none internal console
 +-h serial console
 +-D serial and internal consoles
 +-Dh serial and internal consoles
 +-P, keyboard present internal console
 +-P, keyboard absent serial console
 +
 +
 +
 +
 +
 +
 +
 +
 +====== Compiling the FreeBSD Kernel ======
 +Compiling a new kernel can help overcome problems with new hardware (like my Gigabit onboard network card '/​dev/​nve0',​ which resets itself when I send lots of data through it), USB memmory sticks, etc. It's likely that a new kernel will speed up lots of things.
 +
 +The correct way to upgrade your kernel has changes over the last FreeBSD versions, so you might find some manuals on FreeBSD kernel building that are outdated (like '​makedev',​ which isn't required anymore). ​
 +
 +Steps we will be going through:
 +1. Getting the kernel sources
 +2. Updating the kernel sources to the most recent (stable) version
 +3. Configuring the kernel (changing the default configuration,​ to include for example tv-cards or hardware that isn't supported in the default '​stock'​ kernel.
 +4. Building (compiling) the new kernel & modules
 +5. Installing the new kernel
 +6. Testing the new kernel
 +
 +URL: https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​kernelconfig-building.html
 +URL: https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​kernelconfig.html
 +
 +Step 1:
 +Install the kernel sources
 +  sysinstall
 +Go to the '​**Configuration menu**',​ **Distributions**,​ **src**, **sys**. Uuse the space-key to tag it, tab & enter to confirm. After everything is done, exit sysinstall.
 +
 +Lacking a bit of creativity, I will call my new kernel '​FREEBSD62'​. I suggest you take your own name, in capitals. You can add a version number to it, so in the future you can find your old configurations easily.
 +
 +
 +Step 2: WORK IN PROGRESS
 +  [edit make.conf]<​FIXME>​
 +  cd /usr/src
 +  make update
 +
 +Step 3: Performing the kernel configuration (If your architecture is amd64, replace '​i386'​ with '​amd64'​)
 +  cd /​usr/​src/​sys/​i386/​conf/​
 +Copy the default kernel configuration to a new file: 
 +  cp GENERIC FREEBSD62
 +Replace FREEBSD62 with a descriptive name for your freeBSD machine (I added '​62'​ to easily remember that this machine is a FreeBSD version 6.2 installation)
 +Now we can make the modifications (if any) to the new file:
 +  nano FREEBSD62
 +Add any options you wish to include in your new kernel.
 +
 +^ Kernel configuration item: ^ Result: ^
 +| options BRIDGE | Required for using this PC as a router |
 +| options IPFILTER | Required for using this PC as a router |
 +| options IPFILTER_LOG | Required for using this PC as a router |
 +| device pf | PF Firewall |
 +| options ALTQ | ALTQ Traffic Shaping |
 +| options ALTQ_CBQ | ALTQ Traffic Shaping |
 +| options ALTQ_RED | ALTQ Traffic Shaping |
 +| options ALTQ_RIO | ALTQ Traffic Shaping |
 +| options ALTQ_HFSC | ALTQ Traffic Shaping |
 +| options ALTQ_CDNR | ALTQ Traffic Shaping |
 +| options ALTQ_PRIQ | ALTQ Traffic Shaping |
 +| device speaker #PC speaker | You can play sound (also MP3) through the pc internal speaker |
 +| device dummynet #dummy networking device | Required for OpenVPN? <​FIXME>​ |
 +| device pass | Required for access to USB disks, flashdrives,​ etc.?? |
 +^ ^ Untested: ^
 +| options EXT2FS # linux FS | Allows acces to EXT2FS Linux Extended File System v2 |
 +| pseudo-device ​ snp | '​snoop'​ device, allows you to '​spy'​ on other terminals. |
 +
 +Other stuff:
 +<​html>​
 +    options SUIDDIR ​
 +    device vn
 +    options NMBCLUSTERS=65535
 +</​html>​
 +
 +
 +  config FREEBSD62
 +  cd ../​compile/​FREEBSD62
 +  make cleandepend;​ make depend
 +  make
 +  make install
 +
 +Restart your system by entering the command:
 +  reboot
 +
 +And voilá, you have built, installed and booted your new kernel. Confirm this (after logging in) by entering:
 +  uname -a
 +
 +It will tell you something like:
 +<​html>​FreeBSD freebsd62.example.org 6.2-RELEASE FreeBSD 6.2-RELEASE #0: 
 +Mon Jan  4 01:56:50 CEST 2007      ​
 +root@freebsd61.example.org:/​usr/​src/​sys/​i386/​compile/​FREEBSD62</​html>​
 +This contains the FreeBSD version (**FreeBSD 6.2-RELEASE**),​ the compilation date (**Mon Jan  4 01:56:50 CEST 2007**, in my case) and the '​name'​ of the kernel (**FREEBSD62**)
 +
 +FIXME:what if some kernel option names have changed with the kernel-source-upgrade?​
 +
 +
 +
 +
 +
 +
 +=================== Increasing security a (small) bit
 +
 +===== Sudo =====
 +
 +This will probably -decrease- security, but helps me out if someone needs restricted root access and I am not willing to give him the root password.
 +Install package: ​
 +  pkg_add -r sudo
 +
 +===== Syslogd =====
 +Configure package:
 +  nano /​etc/​rc.conf
 +    syslogd_enable="​YES"​
 +    syslogd_flags="​-ss
 +
 +===== Bash 3.0 with Syslog-command logging =====
 +I'd like to have record of all commands I type in my bash console. This will help recover from stupid mistakes as well as (very unlikely) have something to look into in case somebody succesfully compromised my PC. Locally stored logfiles arent really hard to modify for a hacker, I know..
 +The option I've found isn't perfect (allows thousands of ways around it), but it will do for the time being, and I will like its simplicity.
 +
 +Copy (with WinSCP for example) the file bash-3.0-syslog.patch to your FreeBSD installation.
 +  cd /​usr/​ports/​shells/​bash/​
 +  make
 +After the installation has downloaded, tested, extracted the files and has applied the patches, press CTRL-C when you see: "--- Configuring for bash-3.0.16_1",​ then
 +  cd /​usr/​ports/​shells/​bash/​work/​
 +  patch < /​home/​freebsd/​bash-3.0-syslog.patch
 +  ./configure
 +  make
 +  make install
 +  nano /​etc/​syslog.conf
 +    local5.info /​var/​log/​bash.log
 +  touch /​var/​log/​bash.log
 +  killall -1 syslogd
 +  exit
 +Re-login, and check /​var/​log/​bash.log. It should show the last commands you have entered.
 +
 +===== mrtg (Multi Router Traffic Grapher) =====
 +This is a tool to monitor the traffic load on network-links. I use it to see how much data goes through my DSL router (which supports SNMP, which is required for mrtg to work). My router doesn'​t have nice graphics on how much traffic it is sending to/​receiving from the internet. mrtg checks every few minutes (using a cron-job) how much data has passes the router in either way (incoming & outgoing traffic). It stores this data, and generates nice diagrams in .png format. Click for an <​FIXME:​example>​
 +If any computer on my network would be sending out spam continuously,​ or if I have neglected to set a upload-rate limit for my peer-to-peer sharing software, this will show up in the diagrams, as the amount of data sent to the internet will be much higher than normal.
 +
 +There is a windows application that can do much the same, it's called '​PRTG'​ (https://​www.paessler.com/​prtg),​ you can download a 30-day trial version for free.
 +
 +My DSL router has 3 interfaces:
 +* '​ppp'​-interface to connect to the internet (Point-to-Point-Protocol)
 +* '​ethernet'​-interface (one interface, but 4 physical ethernet ports as it does some switching too)
 +* '​usb'​-interface (which I don't use, and I won't include it in the 
 +configuration)
 +
 +The snmp-data required from the router is always from the view of the router (how the router sees it coming in/out).
 +What comes in on the ethernet-device (shown as incoming traffic on this device), goes out to the internet on the ppp-device (shown as outgoing traffic on this device).
 +I'll use the ppp-interface to gather my statistics from, and not the ethernet device, because this device will also count the few bytes to the router itself (web configuration,​ dhcp-traffic,​ snmp traffic), which would impurify the statistics a bit.
 +
 +  pkg_add -r mrtg
 +As a regular user (non-root):
 +  mkdir ~/mrtg
 +  cd ~/mrtg
 +  ./cfgmaker --global '​Workdir:​ /​home/​freebsd/​mrtg'​ --global '​Options[_]:​ growright'​ --output /​home/​freebsd/​mrtg.cfg 1.2.3.4
 +
 +  nano mrtg.cfg
 +    EnableIPv6: no
 +    Workdir: /​home/​freebsd/​mrtg
 +    Options[_]: growright
 +
 +    Target[1.2.3.4_4]:​ 4:​public@1.2.3.4:​
 +    SetEnv[1.2.3.4_4]:​ MRTG_INT_IP=""​ MRTG_INT_DESCR="​ppp-channel-1"​
 +    MaxBytes[1.2.3.4_4]:​ 115920
 +    Title[1.2.3.4_4]:​ Traffic Analysis for 4 -- CopperJet RouterPlus
 +    PageTop[1.2.3.4_4]:​ <​H1>​Traffic Analysis for 4 -- CopperJet RouterPlus</​H1>​
 +     <​TABLE>​
 +       <​TR><​TD>​System:</​TD> ​    <​TD>​CopperJet RouterPlus in Earth</​TD></​TR>​
 +       <​TR><​TD>​Maintainer:</​TD>​ <​TD>​info@allieddata.com</​TD></​TR>​
 +       <​TR><​TD>​Description:</​TD><​TD>​ppp-channel-1 ​ </​TD></​TR>​
 +       <​TR><​TD>​ifType:</​TD> ​    <​TD>​ppp (23)</​TD></​TR>​
 +       <​TR><​TD>​ifName:</​TD> ​    <​TD></​TD></​TR>​
 +       <​TR><​TD>​Max Speed:</​TD> ​ <​TD>​927.4 kbits/​s</​TD></​TR>​
 +     </​TABLE>​
 +Replace '​1.2.3.4'​ with the ip-address of your snmp-capable router (or other device that supports snmp)
 +the "​_4"​ is the device number of the ppp-interface on this device (yours might be different..)
 +
 +Now we're going to get mrtg to run every 5 minutes to gather the statistics from the router, and we'll use a cronjob for this task. Start the cronjob editor:
 +  crontab -e
 +Add the following line, replacing '/​home/​freebsd/​mrtg/'​ with the location you've chosen to put the cfg file:
 +    */5     ​* ​      ​* ​      ​* ​      ​* ​      /​usr/​local/​bin/​mrtg /​home/​freebsd/​mrtg/​mrtg.cfg
 +
 +[[https://​mkaz.com/​ref/​unix_cron.html|Here'​s a nice page on crontab / cron]]
 +
 +
 +====== Mail server configuration ======
 +[[mailserver_configuration_with_postfix_courier-imap_procmail_spamassassin_clamav|This section will show you how you can handle e-mail on your FreeBSD server.
 +It includes the Postfix mail transfer agent, ClamAV as a e-mail virusscanner, ​
 + ​SpamAssassin to detect SPAM, procmail to do advanced custom mail processing/​sorting, ​
 + the courier IMAP / IMAPS server, the Squirrelmail webmail application, ​
 +and a basic console e-mail reader (mutt).]]
 +
 +The Postfix / Courier-IMAP / clamsmtp/​clamav / SpamAssassin / Procmail setup is pretty common.
 +
 +====== X-Windows (xorg) ======
 +X-Windows is not required if you want to use your FreeBSD pc just for server tasks, and I suggest that you install X-Windows only if you want to use your FreeBSD machine as a workstation too.
 +[[xorg_gnome-kde-office-mozilla|Installing xorg 7.2 on FreeBSD together with the Gnome and KDE desktop managers, Synergy, TightVNC, NVidia driver, Pidgin instant messaging (ICQ/​MSN/​...),​ Mozilla Thunderbird,​ Firefox, Last.FM radio/​audioscrobbler]],​ and OpenOffice.org as a Microsoft Office alternative for MS Word, MS Excel, and other parts of the Microsoft Office Suite.
 +
 +
 +====== System health ======
 +virusscanner
 +smartmontools
 +file checksummer / integrety ...
 +portaudit
 +monit applications/​services/​daemon checker
 +
 +===== SmartMonTools =====
 +Tool to monitor hard disk health status on a regular basis, by using the SMART feature that is available on most modern harddisks.
 +
 +URL: https://​smartmontools.sourceforge.net
 +
 +From /​usr/​ports/​sysutils/​smartmontools/​pkg_descr:​
 +<​html>​
 +The smartmontools package contains two utility programs (smartctl and smartd)
 +to control and monitor storage systems using the Self-Monitoring,​ Analysis
 +and Reporting Technology System (S.M.A.R.T.) built into most modern ATA and
 +SCSI hard disks. ​ It is derived from the smartsuite package, and includes
 +support for ATA/ATAPI-5 disks.
 +</​html>​
 +
 +  cd /​usr/​ports/​sysutils/​smartmontools
 +  make
 +  make install
 +
 +/*
 +pkg_add -r smartmontools
 +*/
 +  cp /​usr/​local/​etc/​smartd.conf.sample /​usr/​local/​etc/​smartd.conf
 +  echo '​smartd_enable="​YES"'​ >> /​etc/​rc.conf
 +  nano /​usr/​local/​etc/​smartd.conf
 +Change the line:
 +<​html>​
 +DEVICESCAN
 +</​html>​
 +to (.. and do not forget to change <​your_email_address>​..):​
 +<​html>​
 +DEVICESCAN -a -o on -S on -s (S/​../​../​./​02|L/​../​../​6/​03) -m <​your_email_address>​
 +</​html>​
 +
 +To start the smart monitoring tools (no reboot required):
 +  /​usr/​local/​etc/​rc.d/​smartd start
 +
 +Testing it:
 +FIXME
 +
 +====== Network connectivity ======
 +isc dhcp server
 +bind/named
 +bounce
 +trafshow
 +netcat
 +nmap
 +
 +====== Hardware configuration ======
 +See also: brooktree tv card
 +
 +
 +===== Soundcard on FreeBSD =====
 +URL: https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​sound-setup.html
 +
 +Let's start by trying the snd_driver kernel module, which is a '​wrapper'​ for all the available kernel sound modules:
 +  kldload snd_driver
 +
 +Check which driver was eventually used:
 +  dmesg
 +
 +Example output:
 +<​html>​
 +...
 +pcm0: <VIA VT8237> port 0xe800-0xe8ff irq 22 at device 17.5 on pci0
 +pcm0: <Avance Logic ALC850 AC97 Codec>
 +pcm0: <VIA DXS Enabled: DXS 4 / SGD 1 / REC 1>
 +</​html>​
 +
 +Find out the correct driver name:
 +  cat /​dev/​sndstat
 +<​html>​
 +FreeBSD Audio Driver (newpcm)
 +Installed devices:
 +pcm0: <VIA VT8237> at io 0xe800 irq 22 kld snd_via8233 (5p/1r/1v channels duplex default)
 +</​html>​
 +Look for snd_*, in my case the kernel module to use is snd_via8233 (on my other pc it's '​snd_ich'​)
 +Now I'll unload all drivers, and re-load only the correct one (for me that'​ll be snd_via8233,​ you should use the module name which we saw in the previous step):
 +  kldunload snd_driver
 +  kldload snd_via8233
 +
 +Test it:
 +Method 1: dumping some random noise to the soundcard:
 +  dd if=/​dev/​random of=/​dev/​audio0.0 bs=10K count=1
 +Method 2: playing a mp3 file (TODO: download link to mp3 file)
 +This requires mpg321 to be installed
 +  portinstall mpg321
 +  mpg321 <​some_file.mp3>​
 +
 +Have the correct module load on system startup (replace '​snd_via8233'​ with module name which we saw in the previous step):
 +  nano /​boot/​loader.conf
 +<​html>​
 +snd_via8233_load="​YES"​
 +</​html>​
 +
 +Now you can install other music players, mp3blaster, xmms (if you're using X-windows)
 +
 +
 +Optional:
 +Change the number of channels(?​):​
 +  sysctl hw.snd.pcm0.vchans=4
 +
 +/*
 +sysctl -a | grep snd
 +
 +hw.snd.pcm0.hwvol_step:​ 5
 +hw.snd.pcm0.hwvol_mixer:​ vol
 +
 +sysctl -a | grep snd
 +pcm0: <Intel ICH5 (82801EB)>​ port 0xe800-0xe8ff,​0xee80-0xeebf mem
 +0xeffff800-0xeffff9ff,​0xeffff400-0xeffff4ff irq 17 at device 31.5 on
 +pci0
 +pcm0: <Analog Devices AD1985 AC97 Codec>
 +pciconf -lv
 +*/
 +
 +
 +===== DVD/CD Burning with FreeBSD =====
 +URL: https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​creating-dvds.html
 +URL: https://​networking.ringofsaturn.com/​Unix/​FreeBSD-Burning.php
 +
 +Installation of burn software:
 +  cd /​usr/​ports/​sysutils/​cdrtools
 +  make
 +  make install
 +  ​
 +  cd /​usr/​ports/​sysutils/​dvd+rw-tools
 +  make
 +  make install
 +
 +If you are running X, you might want to try out '​K3b'​ which has a nicer GUI
 +
 +Another way (you might need to change the speed, or cd0 to cd1, depending on model & how it's connected):
 +  growisofs -dvd-compat -speed=6 -Z /​dev/​cd0=</​path/​to/​file.iso>​
 +
 +<​html>​
 +Executing '​builtin_dd if=<​some_iso_file>​ of=/​dev/​pass0 obs=32k seek=0'​
 +/dev/pass0: "​Current Write Speed" is 6.1x1352KBps.
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 12806:21 RBU 100.0% UBU 100.0%
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 21343:55 RBU 100.0% UBU 100.0%
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 27747:06 RBU 100.0% UBU 100.0%
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 34150:17 RBU 100.0% UBU 100.0%
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 42687:51 RBU 100.0% UBU 100.0%
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 49091:01 RBU 100.0% UBU 100.0%
 +      32768/​4196419584 ( 0.0%) @0.0x, remaining 55494:12 RBU 100.0% UBU 100.0%
 +    5111808/​4196419584 ( 0.1%) @1.1x, remaining 409:57 RBU 100.0% UBU  50.5%
 +   ​30375936/​4196419584 ( 0.7%) @5.5x, remaining 75:25 RBU 100.0% UBU  97.9%
 +   ​58195968/​4196419584 ( 1.4%) @6.0x, remaining 42:39 RBU 100.0% UBU  97.9%
 +   ​86048768/​4196419584 ( 2.1%) @6.0x, remaining 31:50 RBU 100.0% UBU  97.9%
 +  113901568/​4196419584 ( 2.7%) @6.0x, remaining 25:41 RBU 100.0% UBU  97.9%
 +  141754368/​4196419584 ( 3.4%) @6.0x, remaining 21:55 RBU 100.0% UBU  97.9%
 +  169607168/​4196419584 ( 4.0%) @6.0x, remaining 19:47 RBU 100.0% UBU  97.4%
 +:-( unable to WRITE@LBA=14dc0h:​ Input/​output error
 +:-( write failed: Input/​output error
 +/dev/pass0: flushing cache
 +:-( unable to FLUSH CACHE: Input/​output error
 +:-( unable to SYNCHRONOUS FLUSH CACHE: Input/​output error
 +</​html>​
 +
 +
 +For cd-rom burning (no dvd-r, dvd+r, or dvd+-rw and such) you can use the free version of cdrecord. It doesn'​t do DVD media, at least, not in the free version.
 +Usage:
 +  cdrecord -v -multi -data speed=32 dev=1,1,0 </​path/​to/​file.iso>​
 +'​-v'​ means '​verbose',​ -multi ​ enables multi-session,​ -data =?
 +
 +Your '​dev'​-line will likely be different, find out the correct values for your cd/dvd burner by entering:
 +  cdrecord -scanbus
 +Adjust the burn speed if needed, make sure you don't burn faster than your recordable/​rewritable media is capable of.
 +
 +
 +===== DACAL DC-300 =====
 +The 'DACAL DC-300 CD Library II' is a 150 cd-changer / jukebox system, with an USB connection for controlled ejecting/​inserting disks (there is no cdrom device inside, it's just for catalogizing your cd collection)
 +The device comes with Windows drivers & cd catalog software, and you can connect multiple Dacal DC300 units to another, allowing you to control/​catalog/​store more than 150 cd's.
 +The manufacturer does not provide drivers or support for Linux or FreeBSD/​NetBSD/​OpenBSD for its DC-300 unit. 
 +
 +Manufacturer Product URL: https://​www.dacal.com.tw/​dc300.htm
 +
 +I recently got some of these, as they were a lot cheaper than the '​Imation Disc Stakka'​ (a similar device, which just holds 100 disks). I also have 2 defective "Kubik Multiple CD-ROM 240 DISK CHANGER"​ -devices / -Jukebox units, which do have internal cd-rom drives (2 speed scsi cd-rom.. no dvd) waiting for extensive revisioning/​upgrading.
 +
 +There are two tools for controlling the Dacal units, I'll start with the 
 +smallest one:
 +
 +There is a sourceforge project for a Linux changer control application,​ and it works on FreeBSD
 +URL: https://​sourceforge.net/​projects/​dacal
 +Make sure you've installed Linux compatibility & Libusb (/​usr/​ports/​devel/​libusb),​ then download Dacal.c from 
 +Download URL: httpw://​sourceforge.net/​project/​showfiles.php?​group_id=115831&​package_id=125747&​release_id=383972
 +
 +Now compile it (I've had to edit '​Dacal.c'​ and remove the line '#​inculde <​malloc.h>'​ before compiling):
 +  gcc Dacal.c -o Dacal -I/​usr/​local/​include -L. -lnsl -lm -lc -L/​usr/​local/​lib -lusb
 +or:
 +  gcc Dacal.c -o dacal -I/​usr/​local/​include -L/​usr/​local/​lib -lusb
 +Copy the created binary executable to a folder in your path:
 +  cp dacal /​usr/​local/​bin
 +
 +The website also provides a compile.sh script, but that didn't work for me:
 +
 +Let's see if it works, by using '​dacal'​ to scan for Dacal devices on the usb bus:
 +  dacal --list
 +<​html>​
 +Scanning for 'DACAL Co.' devices...
 +Scan complete. Found 2 devices.
 +Available 'DACAL Co.' devices:
 +Dev#    Bus     ​Device ​ DeviceID ​       Identifier
 +  1     /​de ​    /​de ​     9914   DACAL Co.
 +  2     /​de ​    /​de ​     9972   DACAL Co.
 +</​html>​
 +Test it, ejecting disk number 2 from my first Dacal device (having a device id 9914):
 +  dacal 9914 2
 +For re-inserting,​ use the same command with the same number as the one you used for ejecting.
 +
 +
 +Method 2:
 +
 +I came acros [[https://​sourceforge.net/​projects/​libcdorganizer/​|libcdorganizer]] "​control cd organizer devices with a plugin-based architecture. Currently supports Dacal DC-300 and KDS CDM-751"​. ​
 +I've tried compiling the source, and days later somehow I ended up downloading FreeBSD-i386 binaries, which worked nicely:
 +Installation:​
 +Go to the [[https://​sourceforge.net/​project/​showfiles.php?​group_id=177574|download url for libcdorganizer]],​ and download the latest FreeBSD binaries for libcdorganizer,​ libcdorganizer-modules,​ and libcdorganizer-utilities.
 +
 +Extract the files: ​
 +  cd /
 +  tar -jxvf <?>/​libcdorganizer-freebsd-i386-2.1.1.tar.bz2
 +  tar -zxvf <?>/​libcdorganizer-utilities-freebsd-i386-2.1.0.tar.bz2
 +  tar -zxvf <?>/​libcdorganizer-modules-freebsd-i386-2.1.0.tar.bz2
 +
 +  /​usr/​local/​bin/​lcdoctl -p
 +<​html>​
 +dacalDC300 - Id = 10170
 +</​html>​
 +Use the Id value you get (here it is 10170, your will be different) for identiyfing the DACAL units. Every unit probably has an unique number, you might want to write it with a sticker on the device itself. Without the correct ID value, it will give the error "Could not find device by id: 4294967295"​
 +
 + /​usr/​local/​bin/​lcdoctl -e 20 -d 10170
 +
 +Connecting more than one DACAL unit (daisy chaining them with USB cables) works too, you will see the unit id's of the other DACAL  units with the same '​lcdoctl -p' command.
 +
 +If ejecting or inserting the cd does not work (for example when something is mechanically blocking the ejector), the display of the DACAL unit will show a '​505'​ (or SOS) code, which you can overcome
 +
 +Lets try to eject cd in the last slot (number 150, as slot numbering starts with 1, not with 0):
 +   /​usr/​local/​bin/​lcdoctl -e 150 -d 10170
 +
 +Ejecting a disk when the ejector is already out won't work, and won't produce any error message.
 +The ejector will automatically retract/​pull back  when idle for too long.
 +
 +Inserting the disk:
 +  /​usr/​local/​bin/​lcdoctl -i 0 -d 10170
 +The number (here 0) behind the '​-i'​ parameer is just ignored by the utility, as the DC-300 only rotates its caroussel when ejecting.
 +
 +Maybe in the near future, I'll build a web interface for it, and attach it to my MySQL database.. throw in a slot-loading dvd-writer, and have 3(units)x 150(dvd-r)x 4.5GB = just enough storage (2000GB, or 2TB for short) for all my mp3 music files ;)
 +
 +By the way, I've disabled UHID  in the kernel, but can't confirm this 
 +step is required to 
 +get things working - https://​www.apcupsd.com/​manual/​USB_Configuration.html
 +
 +===== SIS-PM CTL =====
 +A few days ago, I've bought a Gembird SilverShield SIS-PM 4 socket USB 
 +controlled power outlet. It comes with a control application for Windows, but I'​ve ​
 +also seen a Linux application for controlling the 4 controllable ​
 +power sockets on it. It's certainly not expensive: I've paid 
 +less than 30 euro for it. I didn't know for sure if I'd be able to get 
 +this Gembird SIS-PM working with FreeBSD, but I tried, and was 
 +succesfull (using Linux emulation).
 +
 +By the way, I've disabled UHID in the kernel, but can't confirm this step is required to get things working
 +
 +Linux tools are available at https://​sispmctl.sourceforge.net using LibUSB). ​
 +I've downloaded the most recent version at the sispmctl website
 +
 +Make sure you've installed LibUSB:
 +  cd /​usr/​ports/​devel/​libusb
 +  make
 +  make install
 +
 +Compiling the Linux sispmctl tool:
 +  cd /usr/src
 +  tar -zvxf sispmctl-2.4b.tar.gz
 +  cd /​usr/​src/​sispmctl-2.4b
 +  ./configure
 +  cd /​usr/​src/​sispmctl-2.4b/​src
 +  gcc sispm_ctl.c nethelp.c main.c socket.c -o sispm_ctl -I/​usr/​local/​include -L/​usr/​local/​lib -lusb
 +
 +Test it (the next command enables power on the first socket)
 +  ./sispm_ctl -o 1
 +<​html>​
 +Accessing Gembird #0 USB device /dev/ugen0
 +Switched outlet 1 on
 +</​html>​
 +Switching socket number 1 off can be done with the parameter '-f 1'
 +
 +Read the safety instructions in the booklet provided with the device:
 +Maximum load current 10A. Don't switch high inductive loads, such as big 
 +motors, electric drills, washing machines. Personally I would not switch ​
 +all sockets on at the same time, depending on the devices I'​ve ​
 +connected, and would leave a few seconds in between.
 +
 +references:
 +http://​www.freebsd.de/​archive/​de-bsd-questions/​de-bsd-questions.200606/​0096.html
 +sispm_ctl.c:​33:​17:​ usb.h: No such file or directory
 +http://​66.102.9.104/​search?​q=cache:​BDrz7-Rs2MgJ:​osdir.com/​ml/​lib.libusb.devel.general/​2007-01/​msg00038.html+freebsd+usb.h&​hl=nl&​ct=clnk&​cd=7&​gl=nl&​client=firefox-a?​
 +
 +
 +
 +===== External USB 2.0 harddisk drive =====
 +
 +After installing my new kernel, it works without problems (the device requires that the jumper on the IDE harddisk is set to '​master'​):​
 +Plug it in, and check if it's detected by FreeBSD:
 +  dmesg
 +<​html>​
 +umass0: Genesyslogic USB Mass Storage Device, rev 2.00/0.33, addr 2
 +da0 at umass-sim0 bus 0 target 0 lun 0
 +da0: <WDC WD20 00JB-00EVA0 0811> Fixed Direct Access SCSI-0 device
 +da0: 40.000MB/s transfers
 +da0: 190782MB (390721968 512 byte sectors: 255H 63S/T 24321C)
 +</​html>​
 +
 +Creating a new mountpoint, and mount the device
 +  cd /mnt/
 +  mkdir usb
 +  mount /​dev/​da0<​tab key to use autocomplete>​
 +<​html>​
 +da0     ​da0s1 ​  ​da0s1a ​ da0s1b ​ da0s1c ​ da0s1d ​ da0s1e ​ da0s1f ​ da0s2   ​da0s2c ​ da0s2d
 +</​html>​
 +  mount /dev/da0s1a /mnt/usb
 +If the partition on the drive is FAT32, NTFS or Ext2FS you might need the '-t <​fstype>' ​ parameter of mount, e.g.:
 +  mount -t msdosfs /dev/da0s2 /mnt/usb
 +(?) check for correctness
 +
 +
 +
 +====== Some (possibly useful) scripts ======
 +Here are some scripts I regularly use to perform various tasks.
 +
 +Some basic shell scripting info at [[https://​www.hsrl.rutgers.edu/​ug/​shell_help.html|How to write a shell script]]
 +
 +
 +===== reboot safety protection against accidental use =====
 +I manage several servers remotely, and it happened to me, more than once, that I rebooted the wrong machine, because I didn't notice I was entering the command in the wrong terminal window.
 +So I came up with a small shell script, that will 'wrap around'​ the original reboot command, providing some protection against quick fingers by requiring the hostname to be entered as an extra parameter. This way, as a safety measure, I will have to enter '​reboot freebsd62'​ (replacing freebsd62 with the name of the host I want to reboot) instead of just '​reboot'​ to restart the machine.
 +As root:
 +
 +  mv /​sbin/​reboot /​sbin/​reboot-unsafe
 +  nano /​sbin/​reboot
 +<​html>​
 +#!/bin/sh
 +HOSTNAME=`hostname -s`
 +if [ "​$1"​ = "​$HOSTNAME"​ ]; then
 + echo Now rebooting `hostname -s` $2 $3 $4 $5 $6 $7
 + /​sbin/​reboot-unsafe $2 $3 $4 $5 $6 $7
 + exit 127
 +fi
 +echo Safety lock for reboot, requiring hostname
 +echo "​Usage:​ reboot [hostname] [extra parameters]"​
 +echo "​E.g: ​ reboot $HOSTNAME"​
 +</​html>​
 +  chmod ugo+rx /​sbin/​reboot
 +
 +Test it (make sure you have no other large tasks running in the background, like kernel compiles that you better not abort):
 +  reboot
 +It shouldn'​t reboot, but just give you the syntax of the new reboot command.
 +
 +You can always use the old reboot command if you want to, by entering:
 +  reboot-unsafe
 +
 +
 +===== ff (find-file) =====
 +Usage:
 +  ff <​i>​some-pattern</​i>​
 +Will find files down the directory structure which have a filename containing '//​some-pattern//'​
 +  nano /bin/ff
 +<​html>​
 +    #!/bin/sh
 +    find . -print | grep -i "​$1"​
 +</​html>​
 +  chmod ugo+x /bin/ff
 +
 +
 +===== forall =====
 +  nano /bin/forall
 +<​html>​
 +    #!/bin/sh
 +    if [ 1 = `expr 2 \> $#` ]
 +    then
 +      echo Usage: $0 [directory] [command_to_run] [optional_arguments]
 +      echo Where [directory] is the directory containing the filenames you want to use as a parameter of [command_to_run]
 +      exit 1
 +    fi
 +    dir=$1
 +    shift
 +    find $dir -type f -print | xargs "​$@"​
 +</​html>​
 +  chmod ugo+x /bin/forall
 +
 +Example:
 +  forall /etc cat
 +Will run cat /​etc/<​firstfile>,​ cat /​etc/<​nextfile>,​ cat /​etc/<​nextfile>,​ ... , cat /​etc/<​lastfile>​
 +
 +===== beep =====
 +
 +Sometimes, you might want to have an audible beep coming from your pc'​s ​
 +internal speaker to get your attention. You can use it in scripts you 
 +write, or wherever it suits you:
 +
 +
 +nano /​usr/​local/​bin/​beep
 +<​html>​
 +#!/bin/sh
 +/​usr/​bin/​perl -e 'print "​\a"'​
 +</​html>​
 +
 +There must be an even easier way for this.. haven'​t found it though.
 +(like /​usr/​ports/​audio/​beep .. but that requires '​device speaker'​ in the 
 +kernel, doesn'​t it? )
 +
 +====== Enhancing security ======
 +
 +
 +Blocking SSH/FTP access from IP's which repeatedly fail authentication for ssh, ftp, ... (configurable):​
 +URL: https://​www.fail2ban.org/​wiki/​index.php/​ChangeLog
 +FIXME
 +
 +
 +===== PuTTY / SSH-client =====
 +To connect from a windows machine to this FreeBSD machine you will need a ssh-client. A good one is Putty.
 +I suggest you download the full installation package, as it will also include nice tools for key-management.
 +
 +To get putty to connect to a ssh-server (like the one our FreeBSD machine is running)
 +Go to  Start -> Programs -> Putty -> PuTTYgen (the authentication-key generator)
 +Click on '​Generate'​ and follow the instructions. After a key has been created, you can optionally protect it with a password (so whenever this key is loaded in your authentication-key agent, this password is asked). Click on "save private key" and "save public key" to save both keys under meaningful names like: key_freebsd62-private.ppk and key_freebsd62-public.ppk (ppk file extension is needed for PuTTY agent).
 +
 +Read on with https://​the.earth.li/​~sgtatham/​putty/​0.58/​htmldoc/​Chapter9.html (chapter 8 too)
 +
 +You might notice there'​s a problem with the '​Home'​ and '​End'​ keys, they'​re just generating the '​~'​-character.
 +To fix this, enter:
 +  export TERM=linux
 +
 +Add the same command to ~/​.bash_profile,​ or ~/.bashrc, or ~/.profile, and everything.
 +
 +If the backspace key doesn'​t work as expected, there are a few ways to fix it.
 +https://​unix.derkeiler.com/​Mailing-Lists/​FreeBSD/​questions/​2007-09/​threads.html#​01152
 +Fixing the backspace key can be done inside the putty configuration. In putty, click '​Change Settings...'​ -> Terminal -> Keyboard
 +Here, set 'The Backspace key' to '​Control-H'​. Save, re-login, and test.
 +
 +
 +If connecting to your FreeBSD machine takes a long time, there might be a problem with reverse DNS lookups.
 +You can add the following line aftet the last line in /​etc/​ssh/​sshd_config:​
 +<​html>​
 +UseDNS no
 +</​html>​
 +Which will disable DNS lookups.
 +You will have to restart OpenSSH for this to work.
 +
 +===== Password-less login with ssh =====
 +If you have accounts on more than one server (e.g. ServerA and ServerB), it is possible to login from ServerA to ServerB, without having to enter a password. ​
 +This is done by creating a key from the computer you are logging in -from- (ServerA), and adding this key to the .ssh/​autorized_keys file in the homedir of the user account on the server you are logging in -to- (ServerB)
 +
 +URL: https://​wordpress.uberdose.com/​unix/​ssh-automatic-login.html
 +
 +(Any comments from other professionals on my choice of rsa vs. dsa are welcome)
 +
 +Configure sshd to allow access based on private key authentication:​
 +  nano /​etc/​ssh/​sshd_config
 +<​html>​
 +#​AuthorizedKeysFile ​    ​.ssh/​authorized_keys
 +AuthorizedKeysFile ​    ​.ssh/​authorized_keys
 +</​html>​
 +
 +
 +On ServerA, where <​freebsd_username_on_ServerA>​ is the user that should get passwordless access to ServerB:
 +  su <​freebsd_username_on_ServerA>​
 +  ssh-keygen -t rsa
 +<​html>​Generating public/​private rsa key pair.
 +Enter file in which to save the key (/​home/<​freebsd_username_on_ServerA>/​.ssh/​id_rsa): ​ (just press enter)
 +Enter passphrase (empty for no passphrase): ​ (just press enter)
 +Enter same passphrase again: ​ (just press enter)
 +Your identification has been saved in /​home/<​freebsd_username_on_ServerA>/​.ssh/​id_rsa.
 +Your public key has been saved in /​home/<​freebsd_username_on_ServerA>/​.ssh/​id_rsa.pub.
 +The key fingerprint is:
 +35:​c3:​4c:​89:​cb:​e5:​08:​13:​d4:​23:​49:​3f:​07:​c9:​eb:​d6 <​freebsd_username_on_ServerA>​@freebsd62.example.org
 +</​html>​
 +
 +Now, the file .ssh/​id_rsa.pub exists, and contains the public key, which we will copy to ServerB.
 +There are two ways to do this. Method 1: copy the file to ServerB with "​scp",​ and then logging into the ServerB to add the contents of id_rsa.pub to .ssh/​authorized_keys;​ Method 2, which I will use, uses cat & ssh with a network pipe. cat sends the contents of id_rsa.pub to ssh trough a pipe, and on the ServerB side, cat is used again to add the key directly to the file .ssh/​authorized_keys on ServerB:
 +  ​
 +Make sure you are the correct user (use '​su'​ if you need to), then:
 +  cat ~/​.ssh/​id_rsa.pub | ssh <​ServerB>​ -l <​username_on_ServerB>​ 'cat >>​.ssh/​authorized_keys'​
 +
 +If this doesn'​t work, you can try the '​longer'​ method:
 +  scp ~/​.ssh/​id_rsa.pub <​username_on_ServerB>​@<​ServerB>:​~ ​
 +  ssh <​ServerB>​ -l <​username_on_ServerB>​ -C cat \~/​id_rsa.pub \>\> \~/​.ssh/​authorized_keys
 +
 +Test it:
 +  ssh <​ServerB>​ -l <​username_on_ServerB>​
 +
 +
 +If you want to make a SSH connection from your Windows pc to your FreeBSD server, use PuTTY. If you don't want to enter your password everytime you connect to your FreeBSD machine, you can use the Pageant (Putty SSH authentication agent) application to remember your passwords and enter them for you. This application comes with the PuTTY Windows installer, which you can find on the [[https://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​download.html|PuTTY website]].
 +
 +Read the [[https://​the.earth.li/​~sgtatham/​putty/​0.58/​htmldoc/​Chapter9.html|PuTTY manual, Chapter 9]] or follow [[https://​blog.danbartels.com/​archive/​2004/​10/​06/​211.aspx
 +|these PuTTY/​PuTTYgen/​PageAnt configuration instructions with nice screenshots]] (skip the SourceForge related stuff, that's not required)
 +
 +You can create a shortcut of your .PPK file, and place it in the Start Menu -> Startup folder, so your key gets loaded upon windows boot.
 +
 +===== Other =====
 +
 +
 +Check which TCP sockets are listening:
 +  sockstat -4
 +
 +Increasing security by disallowing normal users to list/enter root folder:
 +  chmod 700 /root
 +(this is about the same as 'chmod go-rx /​root'​)
 +
 +Clear the /tmp folder on a regular basis:
 +/​etc/​rc.conf:​
 +  clear_tmp_enable="​YES"​
 +
 +Increasing security by disallowing normal users to see processes of other users:
 +  nano /​etc/​sysctl.conf
 +    security.bsd.see_other_uids=0
 +
 +
 +Increasing security by using Blowfish-encryption for passwords
 +https://​www.bsdforen.de/​showthread.php?​t=2174
 +  nano /​etc/​login.conf
 +    :​ passwd_format=blf:​\
 +(note: between ':'​ and '​p'​ is a TAB, not a space!)
 +Below :​ignoretime@:​\,​ add:
 +    :​ idletime=30:​\ ​
 +Inactive users will be logged out after 30 minutes.
 +Rebuild login-database:​
 +  cap_mkdb /​etc/​login.conf
 +Change root password:
 +  passwd
 +And for other users:
 +  passwd <​username>​
 +
 +  more /​etc/​master.passwd
 +Passwords should start with $2.
 +Change the adduser tool to Blowfish:
 +  nano /​etc/​auth.conf
 +    crypt_default=blf
 +
 +
 +===== OpenVPN =====
 +A VPN (Virtual Private Network) allows users that are not directly connected to your network to 'log in' to your network from any location (e.g. over the internet) and use all network resources that are available to regular users that are directly connected you your network.
 +This VPN software works in Linux, FreeBSD and Windows. (v2.0.6)
 +
 +[[Official OpenVPN Site|https://​www.openvpn.net]]\\
 +URL: https://​openvpn.net/​bridge.html (only windows and Linux examples)\\
 +BEST for bridging: URL https://​www.mired.org/​home/​mwm/​papers/​FreeBSD-OpenVPN-Bridging.html\\
 +
 +Others, possibly old:\\
 +URL: https://​www.ubergeek.co.uk/​howtos/​openvpn-freebsd-pf-windows-howto.html\\
 +URL: https://​openvpn.net/​install.html\\
 +Windows URL: OpenVPN GUI  https://​openvpn.net/​INSTALL-win32.html\\
 +
 +
 +Installation:​
 +  portinstall security/​openvpn
 +
 +First decide if you need routing or bridging (https://​openvpn.net/​howto.html#​vpntype)
 +I need '​bridiging',​ because (quote):
 +"you would like to allow browsing of Windows file shares across the VPN without setting up a Samba or WINS server."​
 +
 +I've got a 10.0.0.0/​255.0.0.0 private network. I know that all of the clients don't use the 10.*.*.* network, which is vital to avoid problems.
 +
 +--server-bridge and --secret cannot be used together ... must use SSL/TLS keys)
 +https://​openvpn.net/​howto.html#​pki
 +cp -R /​usr/​local/​share/​doc/​openvpn/​easy-rsa /​home/<​my_freebsd_username>​
 +
 +Follow the instructions in the '​Creating Certificates'​-section of this page:
 +https://​www.ubergeek.co.uk/​howtos/​openvpn-freebsd-pf-windows-howto.html
 +Copy the resulting files: ca.crt, and the right clientXXX.crt/​clientXXX.key file combination to the client'​s '​config'​ folder.
 +
 +Client configuration file:
 +<​code>​
 +dev tap
 +remote vpnserver.example.org 1194
 +
 +tls-client
 +ca ca.crt
 +cert sebastiaan.crt
 +key sebastiaan.key
 +</​code>​
 +
 +WORK IN PROGRESS BELOW. DO NOT USE/COPY
 +
 +Configuration:​
 +Edit /​etc/​rc.conf to have openvpn start on next boot, and to configure basic the type of network (routed/​bridged,​ tun/tap)
 +  nano /​etc/​rc.conf
 +<​code>​
 +openvpn_enable="​YES" ​ # YES or NO
 +openvpn_if="​tun"​
 +</​code>​
 +
 +For a bridged network:
 +<​code>​
 +cloned_interfaces="​bridge0"​
 +ifconfig_bridge0="​addm rl1 up"
 +</​code>​
 +
 +Edit the OpenVPN configuration files:
 +  mkdir /​usr/​local/​etc/​openvpn
 +  nano /​usr/​local/​etc/​openvpn/​openvpn.conf
 +Copy/paste the following configuration data:
 +<​code>​
 +
 +</​code>​
 +
 +Next, start the VPN server:
 +  /​usr/​local/​etc/​rc.d/​openvpn start
 +
 +Check which(udp or tcp) port numbers OpenVPN uses, and configure port forwarding on your router accordingly (port number 1194 or 5000?)
 +
 +If you have a working basic configuration,​ you might want to add bridging. Bridiging in FreeBSD is done differently than it is done in Linux.
 +https://​www.shorewall.net/​OPENVPN.html
 +or search on "​openvpn freebsd bridge"​
 +https://​markun.onohara.to/​2007/​10/​15/​freebsd-62release-openvpn-20-b.html
 +
 +====== Copying FreeBSD to another harddisk ======
 +After you have installed FreeBSD, I'm going to show you how to copy the complete installation to another drive. This also works if you have created a virtual machine in VMware and want to copy the files to a real harddrive.
 +There are a few ways to do this:
 +
 +=== dd ===
 +The easiest is using '​dd'​. This makes a 1:1 copy of harddisk-A to harddisk-B.
 +I think it's comparable with Norton Ghosts 'clone entire disk' function.
 +
 +It's best done in FreeBSD '​single user mode', to prevent data corruption.
 +Switch to single user mode (entering '​shutdown now' will do the trick), alternatively you can reboot, and at the boot prompt press the space bar.
 +You'll see the boot prompt:
 +<​html>​
 +Type '?'​ for a list of commands, or '​help'​ for more detailed help
 +</​html>​
 +Enter:
 +  boot -s
 +<​html>​
 +Enter full pathname of shell or RETURN for /bin/sh:
 +</​html>​
 +Press the enter key and you will see the root prompt:
 +<​html>​
 +#
 +</​html>​
 +
 +
 +WARNING: if you have the device names wrong (or if your mistakenly mix '​if'​ with '​of'​),​ you will destroy the data on the original harddisk.
 +
 +  dd if=/dev/ad0 of=/dev/ad1 bs=1M
 +
 +if = where dd pulls the data from (remember '​i'​ as in '​IN'​)
 +of = where dd puts the data to (remember '​o'​ as in '​OUT'​)
 +bs = the blocksize, or how many bytes of data to read/write at once.
 +
 +Depending on the size of your '​from'​-harddisk,​ and the read/write speeds, it will take a while to finish (and it won't tell you how long it takes)
 +Most harddisks nowadays are capable of 25MB/second writes or better. If your original harddisk is 80GB, it'll take less than an hour to finish.
 +
 +After copying is done, umount all partitions (by hand?), and shutdown your computer (so you can disconnect cables from the newly prepared harddisk)
 +
 +
 +=== dump / restore ===
 +URL (english): https://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​backup-basics.html ([[https://​www.freebsd.org/​doc/​nl/​books/​handbook/​backup-basics.html|dutch version here]])\\
 +https://​www.unixcities.com/​howto/​index.html\\
 += https://​lantech.geekvenue.net/​chucktips/​jason/​chuck/​1004897633/​index_html\\
 +Here is a good article on the subject [[https://​www.bsdguides.org/​guides/​freebsd/​misc/​migrate_harddrive.php|Migrating FreeBSD From One Harddrive To Another]]. It's currently better than my text.
 +
 +
 +To copy a prepared FreeBSD 6.2 installation to a new hard disk drive, first use the FreeBSD installation cdrom and install the base system on the new harddisk (create and mount the correct partitions!)
 +(to make sure you don't overwrite your existing installation and the the bootsector is written correctly, do this on another pc, or disconnect the harddisk with the fully prepared FreeBSD 6.2 installation,​ and connect the new hard disk drive instead)
 +Write down the device names of your partitions and where you've mounted them (e.g.: /dev/ad0s1a is mounted on '/',​ /dev/ad0s1d is mounted on '/​usr',​ /dev/ad0s1e is mounted on '/​var',​ /dev/... is swap)
 +
 +If you're done, connect both harddisks (and make sure that the '​full'​ one is booted from)
 +When FreeBSD has booted, mount the partitions of the second harddisk at /​mnt/​newroot/​
 +The device names (/dev/... may differ, depending on how you've connected the new hardisk and how you've partitioned it.
 +  mount /dev/ad2s1a /​mnt/​newroot
 +  mount /dev/ad2s1d /​mnt/​newroot/​usr
 +  mount /dev/ad2s1e /​mnt/​newroot/​var
 +  mount /dev/ad2s1f /​mnt/​newroot/​tmp
 +You don't need to mount the swap partition.
 +
 +/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
 +      <​username_on_target_machine>​@<​target_machine.example.org>​ dd of=/​mnt/<​large_storage_space_disk>/​dump-usr-<​sourcemachine_identifier>​.gz
 +  DUMP: WARNING: should use -L when dumping live read-write filesystems!
 +   ls -al / | grep snap
 +    drwxrwxr-x ​  2 root  operator ​    512 Sep  4 01:47 .snap
 +  chmod 0770 /.snap/
 +  ls -al / | grep snap
 +    drwxrwx--- ​  2 root  operator ​    512 Sep  4 01:47 .snap
 +FIXME
 +  dump -L ...
 +
 +  mkdir /mnt/root
 +  mount /dev/ad2s1a /mnt/root
 +  mkdir /​mnt/​root/​var
 +  mount /dev/ad2s1f /​mnt/​root/​var
 +  mkdir /​mnt/​root/​var/​maildir
 +  mkdir /​mnt/​root/​usr/​local/​www
 +  mount /dev/ad2s1d /​mnt/​root/​var/​maildir
 +  mount /dev/ad2s1e /​mnt/​root/​var/​www
 +  ?cd /dir; dump 0af - / | restore xf -
 +
 +  cd /mnt/root; dump -oaf - /var | restore xf -
 +  cd /​mnt/​root/​var;​ dump -oaf - /var | restore xf -
 +  cp -Rp /var/www /​mnt/​root/​var/​www
 +
 +  umount /​mnt/​root/​var/​maildir
 +  umount /​mnt/​root/​var/​www
 +  umount /​mnt/​root/​var
 +  umount /mnt/root
 +  reboot
 +
 +====== '​Things to do' after copying all to a new harddisk ======
 +Remember that the copy of the disk you've just created contains a lot of security sensitive information:​ passwords (in different locations), private ssh-keys, mysql databases & root password, and perhals even SSL certificates.
 +Make sure to change passwords, ssh-keys, and remove all other private stuff if you're using this disk copy to quickly setup another server!
 +/*
 +/​etc/​passwd,​ /etc/ssh/*, */.ssh/*, *muttrc*, mysql root password
 +*/
 +
 +If you'll be using this copy of your FreeBSD installation in another server, It's likely that some device names will change, for example, the name of the network interface changed from /dev/em0 to /dev/sk0 when I put the drive in another pc, so I had to edit /​etc/​rc.conf.
 +Edit /​etc/​rc.conf to correct the hostname and network settings too (and adjust /etc/hosts and /​etc/​resolv.conf too)
 +
 +
 +  * Configure all ethernet ports, ip adresses, netmasks + other configs containing the old ip address, routers, dns servers, timeservers & ISP-smtp-servers.
 +  * Note all hosts, printers, routers, etc in /etc/hosts with correct ip. Making notes of the MAC-addresses will help you in the future if you want to set up DHCP or for problem locating.
 +  * Adjust backups scripts to new data locations.
 +  * Change the passwords for root and the existing users, both '​normal'​ password entries, and entries in /​usr/​local/​userdb (and run the correct update utility)
 +  * Generate new SSH keys.
 +  * Install the correct site certificates for SSL and IMAPS. (or remove them)
 +  * mutt e-mail reader configuration (stored passwords and servers in muttrc)
 +  * postfix aliases aanpassen / fetchmail pop3-retreival configuration / procmail recipes
 +  * Updat the ports-tree: '​portsnap update'​
 +  * Check installed ports and packages for security issued: '​portaudit -Fda'
 +  * ntpd -gq
 +  * Check clamav-freshclam.sh (check if the antivirus definitions are updated periodically)
 +  * Protect phpMyAdmin with .htaccess passwords.
 +  * Setup the firewall
 +  * Scripts monitoring all services, tools for restarting services
 +  * Install real SSL certificates
 +  * limit MySQL access to specific IP's
 +
 +https://​debian.chains.ch/​chroot/​chroot.html
 +https://​search.cpan.org/​~lds/​Apache-MP3-4.00/​MP3.pm
 +https://​fuse4bsd.creo.hu/​localcgi/​man-cgi.cgi?​mount_nullfs+8
 +
 +
 +====== Backup with FreeBSD ======
 +See also: rsync
 +
 +Demands:
 +  -Harddisk based backup (but in the future I want to use dvd-disks)
 +  -FreeBSD/​Linux/​Windows* compatible, one tool for all os's
 +  -Network based (over the internet to another location)
 +  -transmitting only the file differences during backups, preserving bandwidth
 +  -detecting file renames / moves (by file checksum?), so preserving diskspace
 +  -Diskspace conservative:​ no backupped file should be more than once in the backup
 +  -A Daily incremental backup should take less than 24hours :)
 +  -Verify-backup functionality (SHA1-hash?​)
 +  -Ease of restore
 +  -No 'fatal backup-errors'​ when I haven'​t used my laptop (which is supposed to be backuped every day) for a few days
 +  -Possibility to make 4.7GB big backup files that can be backed up to DVD.
 +  -Possibility to restore older versions of a file than the last backed-up
 +
 +Backup system using hardlinks:
 +https://​www.tim-bormann.de/​index.php?​section=134
 +https://​www.weak.org/​pipermail/​buug/​2007-February/​002890.html
 +
 +Rdiff-backup:​
 +https://​solutionsfirst.com.au/​~dave/​backup/​
 +https://​katastrophos.net/​andre/​blog/?​p=19
 +https://​www.nongnu.org/​rdiff-backup/​old-list-archive/​2002-February/​000066.html
 +https://​pycs.net/​lateral/​stories/​26.html
 +
 +Unison:
 +https://​www.cis.upenn.edu/​~bcpierce/​unison/​
 +https://​web.bii.a-star.edu.sg/​~francis/​Unison/​
 +
 +https://​support.zeus.com/​zws/​integration/​2005/​12/​14/​apache_mp3
 +
 +Bacula
 +
 +
 +
 +pkg_add -r lynx
 +pkg_add -r ncftp
 +
 +$ perl -MCPAN -e shell
 +Are you ready for manual configuration?​ [yes]
 +CPAN build and cache directory? [/​root/​.cpan]
 +Cache size for build directory (in MB)? [10]
 +Perform cache scanning (atstart or never)? [atstart]
 +Cache metadata (yes/no)? [yes]
 +Your terminal expects ISO-8859-1 (yes/no)? [yes]
 +File to save your history? [/​root/​.cpan/​histfile]
 +Number of lines to save? [100]
 +Policy on building prerequisites (follow, ask or ignore)? [ask]
 +Where is your gzip program? [/​usr/​bin/​gzip]
 +Where is your tar program? [/​usr/​bin/​tar]
 +Where is your unzip program? [/​usr/​local/​bin/​unzip]
 +Where is your make program? [/​usr/​bin/​make]
 +Where is your lynx program? [] /​usr/​local/​bin/​lynx
 +Where is your wget program? [/​usr/​local/​bin/​wget]
 +Warning: ncftpget not found in PATH
 +Where is your ncftpget program? []
 +Where is your ncftp program? [] /​usr/​local/​bin/​ncftp
 +Where is your ftp program? [/​usr/​bin/​ftp]
 +Where is your gpg program? [/​usr/​local/​bin/​gpg]
 +What is your favorite pager program? [more]
 +What is your favorite shell? [/​usr/​local/​bin/​bash]
 +Your choice: ​ []
 +Your choice: ​ []
 +Your choice: ​ []
 +Timeout for inactivity during Makefile.PL?​ [0]
 +Your ftp_proxy?
 +Your http_proxy?
 +Your no_proxy?
 +Select your continent (or several nearby continents) [] 4
 +Select your country (or several nearby countries) [] 21
 +.. (4) ftp://​ftp.cpan.nl/​pub/​CPAN/​ ..
 +Select as many URLs as you like (by number), put them on one line, separated by blanks, e.g. '1 4 5' []
 +Enter another URL or RETURN to quit: []
 +install Apache::MP3
 +
 +
 +http://​search.cpan.org/​~lds/​Apache-MP3-4.00/​MP3.pm
 +
 +  cd /​usr/​local/​etc/​apache22/​
 +  nano httpd.conf
 +<​html>​
 +AddType audio/​mpeg ​    mp3 MP3
 +AddType audio/​playlist m3u M3U
 +AddType audio/​x-scpls ​ pls PLS
 +AddType application/​x-ogg ogg OGG
 +<​Location /songs>
 +SetHandler perl-script
 +PerlHandler Apache::MP3
 +</​Location>​
 +</​html>​
 +
 +<​html>​
 +  # Or use the Apache::​MP3::​Sorted subclass to get sortable directory listings
 + <​Location /songs>
 +   ​SetHandler perl-script
 +   ​PerlHandler Apache::​MP3::​Sorted
 + </​Location>​
 +</​html>​
 +mount_nullfs /​mnt/​muziek/​ /​var/​www/​example.org/​songs/​
 +
 +---- Unsatisfied dependencies detected during [L/​LD/​LDS/​Apache-MP3-4.00.tar.gz] -----
 +    CGI::​Session
 +    Apache2::​RequestRec
 +    Audio::Wav
 +    MP3::Info
 +    Inline::​MakeMaker
 +    Ogg::​Vorbis::​Header
 +Shall I follow them and prepend them to the queue
 +of modules we are processing right now? [yes]
 +
 +Please provide a full path to '​apxs'​ executable
 +(press Enter if you don't have it installed):
 +Please provide the location of the Apache directory:
 +FIXME /​usr/​local/​share/​apache22/​
 +
 +Do you want to install Inline::C? [y]
 +
 +Shall I ... [y]
 +
 +
 +named, rc.conf hostname + te starten apps
 +
 +http://​www.nongnu.org/​rdiff-backup/​examples.html
 +http://​www.nongnu.org/​rdiff-backup/​rdiff-backup.1.html
 +
 +http://​search.cpan.org/​~lds/​Apache-MP3-4.00/​MP3.pm
 +http://​perl.apache.org/​docs/​2.0/​user/​intro/​start_fast.html
 +http://​httpd.apache.org/​docs/​2.0/​mod/​mod_dav.html
 +
 +
 +
 +
 +find . -mtime +1  # find files modified more than 48 hours ago
 +
 +Directories to backup:
 +  * /etc
 +  * /​usr/​local/​etc
 +  * homedirs of some users, including /root, especially:
 +    * Firefox favorites (probably in homedir)
 +    * ~/​.procmailrc mail delivery recipes
 +    * ~/.bashrc
 +  * /​var/​named/​etc/​named
 +  * /var/www (including this document)
 +  * /​var/​maildir,​ or any other place where I store e-mail.
 +  * /​boot.config
 +  * /​boot/​loader.conf
 +  * /​usr/​src/​sys/​i386/​conf/ ​ (kernel configuration for i386 architecture)
 +  * documents, notes,
 +
 +http://​www.freebsddiary.org/​bacula-tls.php\\
 +http://​www.devco.net/​pubwiki/​Bacula/​TLS/​\\
 +
 +
 +
 +
 +==== bacula ====
 +
 +WORK IN PROGRESS
 +
 +cd /​usr/​ports/​sysutils/​bacula-client/​work/​bacula-2.0.3/​src/​cats
 +nano ./​grant_mysql_privileges
 +change:  ​
 +  bindir=  ​
 +into:
 +  bindir=/​usr/​local/​bin
 +
 +Save, exit, and:
 +./​grant_mysql_privileges -p
 +<​html>​
 +...
 +Privileges for bacula granted.
 +</​html>​
 +
 +same edit with next files, then:
 +$ ./​create_mysql_database -p
 +Enter password:
 +Creation of bacula database succeeded.
 +
 +$ ./​make_mysql_tables -p
 +Enter password:
 +Creation of Bacula MySQL tables succeeded.
 +
 +http://​www.onlamp.com/​pub/​a/​onlamp/​2004/​01/​09/​bacula.html?​page=2
 +The FreeBSD port creates this user and group for you
 +
 +  cd /​usr/​ports/​sysutils/​bacula-server
 +  make
 +  make install
 +  cd /​usr/​ports/​sysutils/​bacula-client
 +  make
 +  make install
 +
 +  cd /​usr/​local/​etc/​
 +  cp bacula-dir.conf.sample bacula-dir.conf
 +  cp bacula-fd.conf.sample bacula-fd.conf
 +  cp bacula-sd.conf.sample bacula-sd.conf
 +
 +To start the bacula daemons on a FreeBSD system, issue the following command:
 +
 +  /​usr/​local/​etc/​rc.d/​bacula.sh start
 +
 +To confirm they are all running:
 +
 +  ps auwx | grep bacula
 +<​html>​
 +root 63416 0.0 0.3 2040 1172 ?? Ss 4:09PM 0:00.01 /​usr/​local/​sbin/​bacula-sd -v -c /​usr/​local/​etc/​bacula-sd.conf
 +root 63418 0.0 0.3 1856 1036 ?? Ss 4:09PM 0:00.00 /​usr/​local/​sbin/​bacula-fd -v -c /​usr/​local/​etc/​bacula-fd.conf
 +root 63422 0.0 0.4 2360 1440 ?? Ss 4:09PM 0:00.00 /​usr/​local/​sbin/​bacula-dir -v -c /​usr/​local/​etc/​bacula-dir.conf
 +</​html>​
 +
 +
 +
 +echo '​bacula=yes'​ >> /​etc/​rc.conf
 +echo '​baculadir=yes'​ >> /​etc/​rc.conf
 +echo '​baculasd=yes'​ >> /​etc/​rc.conf
 +echo '​baculafd=yes'​ >> /​etc/​rc.conf
 +
 +bacula conf:
 +
 +Pool {
 +  Maximum Volume Jobs = 8
 +  Recycle = yes: na 8 backup-sessies?​ mag er begonnen worden met het opnieuw herbruiken van de 1e volume
 +  RunBeforeJob = "/​sbin/​mount -o softdep,​noatime /dev/sd4a /​mnt/​sd4a/"​
 +  RunAfterJob = "/​sbin/​umount /​dev/​sd4a"​
 +  Max Start Delay: uren dat gewacht moet worden na het niet kunnen bereiken van een fs totdat er een error verstuurd wordt.
 +  Write Bootstrap: schrijf metadata ook naar fd
 +  Pool Type = Backup
 +  Accept Any Volume = yes
 +  AutoPrune = yes
 +
 +
 +Mailserver Address
 +
 +
 +http://​www.bacula.org/​dev-manual/​Conf-Diagram.png
 +
 +
 +
 +===== Rsync =====
 +Official URL: [[http://​samba.anu.edu.au/​rsync/​]]
 +Highly optimized file synchronization tool (network capable), transmits only the difference of the files (saving bandwidth & time)
 +
 +Install package: ​ (version 2.6.6)
 +  pkg_add -r rsync
 +
 +[[rsync Tips & Tricks|http://​sial.org/​howto/​rsync/​]]
 +
 +I found out it's not a good idea to backup your maildir with rsync:
 +# Mail comes in (and gets backed up)
 +# You read it (the filename changes to mark it as '​seen',​ and the new 
 +file gets backed up)
 +# You move it to another folder (and guess.. it gets backed up again).
 +So almost every mail that comes in, is read, and gets sorted is 
 +therefore backed up 3 times!
 +
 +http://​www.linjection.org/​download_linux_videos_mp3.html
 +Has a link to an mp3 of 'the rsync algorithm'​
 +
 +to prevent rsync 'file has vanished'​ error messages:
 +http://​samba.anu.edu.au/​rsync/​FAQ.html#​10
 +
 +===== Bounce =====
 +This tool can forward incoming TCP or UDP network connections to another host/port.
 +Usefull if you want to redirect traffic from one port to another, or to another host.
 +There are firewall rules to do this, but sometimes I find it easier to use '​bounce'​.
 +
 +Install package: ​ (version 1.0)
 +  pkg_add -r bounce
 +
 +
 +Usage: to divert traffic coming in on port 25 to another_host:​25,​ use:
 +  bounce -p 25 another_host.example.org 25
 +
 +Optional: add this command to /​etc/​rc.local to start it automatically when booting.
 +
 +
 +
 +
 +===== Java 2 on FreeBSD (v1.5) =====
 +New link, URL: http://​www.freebsdfoundation.org/​downloads/​java.shtml
 +http://​www.freshports.org/​search.php?​query=diablo&​search=go&​num=10&​stype=name&​method=match&​deleted=excludedeleted&​start=1&​casesensitivity=caseinsensitive
 +
 +stuff below is older:
 +
 +
 +When running java, I got an error message (but the program runs without noticable problems):
 +<​html>​
 +Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location
 +</​html>​
 +Solution: ​
 +  mount -t linprocfs linprocfs /​compat/​linux/​proc
 +or, add the following line to /etc/fstab:
 +FIXME
 +
 +
 +
 +Not so good alternative,​ not tested:
 +http://​www.sun.com/​software/​java2/​download.html
 +follow the instructions on this page for downloading the three required files to /​usr/​ports/​distfiles
 +  cd /​usr/​ports/​java/​jdk15
 +  make
 +Warning: this will install X-Windows too.
 +FIXME
 +
 +===== pstree =====
 +This tool will show a overview of the running processes in a structured tree. This way you can see which process has started another process, etc.
 +portinstall -P pstree
 +http://​forum.java.sun.com/​thread.jspa?​threadID=542672&​messageID=2634141
 +
 +sysutils/​pstree
 +
 +portinstall -P pstree
 +
 +===== Crypt-FileSystem =====
 +I'd rather have TrueCrypt working on FreeBSD..
 +Some people are working on [[http://​groups.google.com/​group/​lucky.freebsd.ports/​browse_thread/​thread/​45cdf5ac3cecfaaf|patches for TrueCrypt 5.0 on FreeBSD 7.0 PRERELEASE/​RC2]],​ but I wouldn'​t yet recommend to use it on stable machines, as there were some [[http://​lists.freebsd.org/​pipermail/​freebsd-ports/​2008-February/​046803.html|stability issues]]. (which may of course be fixed at the time you're reading this.
 +
 +
 +In the meantime, here is another way to use encryption with the use of CFS (Cryptographic FileSystem):​
 +
 +Quick start instructions:​
 +
 +  * add the following entry to /​etc/​exports:​
 +
 +    /​usr/​local/​cfsd-bootstrap localhost
 +
 +  * create the default CFS mountpoint (if you want to use a different
 +    mountpoint, set the cfsd_mountpoint variable in /​etc/​rc.conf):​
 +
 +    mkdir /crypt
 +
 +  * enable rpcbind, mountd and cfsd in /​etc/​rc.conf:​
 +
 +   * FreeBSD 4.x:
 +
 +      portmap_enable="​YES"​
 +      single_mountd_enable="​YES"​
 +      cfsd_enable="​YES"​
 +
 +   * FreeBSD 5.x:
 +
 +      mountd_enable="​YES"​
 +      cfsd_enable="​YES"​
 +
 +  * reboot the system
 +
 +===== monit Service Manager =====
 +Official URL: http://​www.tildeslash.com/​monit
 +
 +Monit is a tool which periodically checks if all the important ​
 +services/​daemons are running ok, if you're running out of 
 +memory/​diskspace,​ etc etc. (monit-4.9)
 +
 +I had some problems today with clamd failing to load, and because I 
 +didn't notice it, some mails couldn'​t be delivered. Last week, I 
 +upgraded all my ports, and didn't notice the dhcp server/​daemon ​
 +(isc-dhcpd) ​
 +wasn't automatically restarted after the upgrade, until some people ​
 +started complaining.
 +
 +Now I've got it running to monitor the following services/​daemons:​
 +-apache
 +-dhcpd
 +-courier-imap (including courier-authdaemond)
 +-postfix
 +-clamd (including freshclam and clamsmtpd)
 +-spamassassin-daemon
 +mlnet (mldonkey, an e-donkey-/​bittorrent-/​etc. client with webinterface)
 +proftpd
 +samba (smbd/nmbd)
 +
 +Still have to configure:
 +-natd(?) NAT
 +-SABnzbd.py (newsgroup/​usenet download manager with webinterface)
 +-mysql
 +-backup application(?​)
 +-diskspace
 +-system load
 +-(probably even more, don't know yet)
 +
 +Installation (as root):
 +  cd /​usr/​ports/​sysutils/​monit
 +  make
 +  make install
 +
 +Configuration:​ (http://​www.tildeslash.com/​monit/​doc/​)
 +  echo monit_enable=\"​YES\"​ >> /​etc/​rc.conf
 +
 +  cp /​usr/​local/​etc/​monitrc.sample /​usr/​local/​etc/​monitrc
 +  chmod 0700 /​usr/​local/​etc/​monitrc
 +
 +<​html>​
 + set httpd port 2812 and
 +  allow localhost ​       # allow localhost
 +  allow 10.0.0.0/​8 ​      # and any host from 10.*.*.*
 +# no password required:
 +#  allow admin:​monit ​     # require user '​admin'​ with password '​monit'​
 +</​html>​
 +
 +I want to send alerts (like services not running, hosts not 
 +accessible) to my e-mail address monit@example.org (replace this with your own address):
 +<​html>​
 +set alert monit@example.org
 +</​html>​
 +
 +In case e-mail alerts can't be delivered, they can be stored as files (optional):
 +  mkdir /var/monit
 +<​html>​
 + set eventqueue
 +  basedir /​var/​monit ​ # set the base directory where events will be stored
 +#  slots 100           # optionaly limit the queue size
 +<​html>​
 +
 +
 +Start it:
 +  /​usr/​local/​etc/​rc.d/​monit start
 +<​html>​
 +Starting monit daemon with http interface at [localhost:​2812]
 +</​html>​
 +
 +To reload the monit configuration (after you've made changes to the files in the /​usr/​local/​etc/​monit.d folder):
 +  /​usr/​local/​etc/​rc.d/​monit reload
 +
 +Read more at: /​usr/​local/​share/​doc/​monit/​examples.html
 +
 +I'll have to see if I can make a mail2sms gateway, so I can receive ​
 +notifications of problems on my phone
 +
 +  $ mount /dev/ad0s2 /mnt/usb/
 +  mount: /dev/ad0s2 on /mnt/usb: incorrect super block
 +Sure, it's fat32.. d�hh..
 +
 +  mount_msdosfs /dev/ad0s2 /mnt/usb/
 +  #
 +  ls /mnt/usb/
 +  c-mon&​~2 ​    ​marcco~1 ​    ​ratata~1.rat
 +  c-mon&​~1 ​    ​fav.dat ​     ratata~1 ​    ​settings.dat
 +  #
 +Short filenames (8.3), like fat16.. Hey.. this is VFAT/Fat32, let's retry:
 +
 +  umount /mnt/usb
 +
 +  $ mount_msdosfs -l /dev/ad0s2 /mnt/usb/
 +  mount_msdosfs:​ /dev/ad0s2: Invalid argument
 +  $ mount_msdosfs -o longnames /dev/ad0s2 /mnt/usb/
 +  mount_msdosfs:​ /dev/ad0s2: Invalid argument
 +
 +
 +  fsck_msdosfs /dev/da0s1
 +<​html>​
 +** /dev/da0s1
 +** Phase 1 - Read and Compare FATs
 +FAT starts with odd byte sequence (00000000ffffffff)
 +Correct? [yn] y
 +FAT starts with odd byte sequence (00000000ffffffff)
 +Correct? [yn] y
 +** Phase 2 - Check Cluster Chains
 +** Phase 3 - Checking Directories
 +** Phase 4 - Checking for Lost Files
 +Next free cluster in FSInfo block (32689) not free
 +fix? [yn] y
 +117 files, 628340 free (157085 clusters)
 +</​html>​
 +
 +cp -R /​boot/​kernel /​boot/​kernel.GENERIC
 +nano cvs-supfile
 +cvsup cvs-supfile
 +cd sys/​i386/​conf
 +nano FREEBSD62-4
 +$ config FREEBSD62-4
 +ERROR: version of config(8) does not match kernel!
 +http://​www.freebsddiary.org/​config.php
 +/​usr/​src/​UPDATING
 +        make kernel-toolchain
 +        make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
 +        make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
 +werktniet
 +
 +cd /usr/src
 +update world?/
 +
 +make buildworld
 +make installworld?​
 +
 +http://​www.freebsd-nl.org/​doc/​nl/​kernelconfig-building.html
 +
 +Ping a host by it's MAC address (instead of it's IP)
 +Installation:​
 +  portinstall arping
 +(/​usr/​ports/​net/​arping)
 +Usage:
 +  arping <​MAC_ADDRESS>​
 +(e.g.: 00:​0e:​a6:​82:​11:​69)
 +enter 'arp -a' to see the arp/ip tables to test
 +nice -n -15 arping -n 1 00:​50:​fc:​27:​00:​a9 ?
 +
 +
 +Kplaylist
 +
 +kernel + base system upgrade:
 +-Install cvsup- (nogui?)
 +cd /usr/src
 +/​etc/​make.conf
 +/​usr/​src/​cvs-supfile
 +
 +make update buildworld kernel
 +make installworld (dangerous)
 +
 +RELENG_6
 +(http://​www.freebsd-nl.org/​doc/​nl/​cvs-tags.html)
 +
 +edit /​etc/​make.conf or supfile to also update /usr/ports along the way
 +cd /usr/ports
 +make update
 +
 +MSDOSFS_LARGE
 +kernel tickrate = HZ=1000? tinky..
 +
 +/​etc/​sysctl.conf
 +net.inet6.ipv.v6only=0
 +
 +START
 +
 +=== Install the '​system sources'​ ===
 +Will install the sources for the basic system binaries. Needed for the 
 +update.
 +
 +  /​stand/​sysinstall
 +
 +Go to "​Configure",​ "​Distributions",​ "​src",​ and select '​All'​. Choose ​
 +'​exit'​ and follow the instruction to install. Choose Exit -> Exit 
 +Installation when finished.
 +
 +http://​jk.yazzy.org/​unmaintained/​articles/​freebsd/​up-to-date-with-freebsd.php
 +
 +=== Install CVSup ===
 +  portinstall -P cvsup-without-gui
 +
 +=== edit the cvsup configuration ===
 +Choose cvsup server (page 
 +bottom): ​
 +http://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​cvsup.html
 +You can also install fastest-cvsup (pkg_add -r fastest_cvsup) and use 
 +'​fastest_cvsup -q -c <your country code>'​ to find the fastest ​
 +freebsd cvsup mirror in your country.
 +Or use fastest_cvsup in one go, after you've configured the cvs-supfile:​
 +### cvsup -L 2 -h '​(fastest_cvsup -q -c us)' /​etc/​cvs-supfile
 +
 +I've chosen to use FreeBSD 6-STABLE (RELENG_6), which contains the 
 +latest sources found to be STABLE-worthy. ​
 +There is also '​HEAD'​ or '​CURRENT',​ which contains all the new stuff 
 +that will be coming in FreeBSD 7. But I'll stick with STABLE.
 +
 +My /​etc/​cvs-supfile :
 +<​html>​
 +*default host=cvsup.nl.FreeBSD.org
 +*default base=/usr
 +*default prefix=/usr
 +*default release=cvs tag=RELENG_6
 +*default delete use-rel-suffix
 +src-all
 +</​html>​
 +
 +Updating the ports tree can be done by cvsup by setting it up here, but 
 +I prefer using 
 +portsnap, as it's faster, uses less bandwidth, and it's more secure.
 +
 +=== modify /​etc/​make.conf ===
 +<​html>​
 +SUP_UPDATE=yes
 +SUP=/​usr/​local/​bin/​cvsup
 +SUPFILE=/​etc/​cvs-supfile
 +SUPFLAGS=-g -L 2 -z -h <​b>​cvsup2.nl.freebsd.org</​b>​
 +CFLAGS= -O -pipe
 +KERNCONF=<​b>​FREEBSD62</​b>​
 +</​html>​
 +
 +
 +=== update the kernel and system sources ===
 +make update
 +(or 'cvsup cvs-supfile'?​)
 +
 +=== create/edit the kernel config ===
 +  cd /​usr/​src/​sys/​i386/​conf/​
 +  cp GENERIC FREEBSD62
 +  nano FREEBSD62
 +I like to comment-out the following:
 +ident         ​FREEBSD62
 +#​options INET6
 +#cpu            I486_CPU
 +#cpu            I586_CPU
 +
 +options ​       MSDOSFS ​                # MSDOS Filesystem
 +options QUOTA
 +#​device ​        ​uhid ​           # "Human Interface Devices" ​
 +
 +I've disabled uhid to get my sis-pm USB controlled 4 power socket ​
 +working.
 +  - Why does "​options ​        ​MSDOSFS_LARGE " not work yet?
 +
 +=== Now, ===
 +
 +  cd /usr/src
 +  make buildworld
 +  make buildkernel
 +(I like to split these two commands, as shown. You could however also 
 +'make buildworld buildkernel'​ (or even 'make buildworld buildkernel installkernel '​). ​
 +
 +=== Install the new kernel ===
 +make installkernel
 +
 +=== Updating /etc/* files using mergemaster ===
 +  mergemaster -p
 +
 +This will update configuration files in /etc, unfortunately ​
 +you're asked a lot of questions if you have already installed and 
 +configured a lot of application.
 +
 +=== Install the world binaries ===
 +
 +make installworld
 +
 +The order: '​buildworld buildkernel installkernel installworld'​ is
 +important!
 +
 +
 +
 +==== Autologin ====
 +URL: http://​www.mail-archive.com/​freesbie@gufi.org/​msg00671.html
 +
 +How to automatically login with a non-root user and run gnome 
 +(gnome-session without using gdm) or kde (without using kdm)
 +
 +This neat trick will auto-login with the specified username on tty1 (the 
 +window at Alt-F1..). You can then automatically run gnome or kde with 
 +the specified username.
 +
 +I didn't get KDE/Gnome autologin working with the GDM/KDM settings (it 
 +kept asking for a password), so I had to resort to another ​
 +way to have it do auto log-in: trough the user's shell:
 +
 +First, we're going to have the user automatically logged in to the shell 
 +(steps 1,2,3), and to 
 +
 +Step1&​2:​
 +  nano /​etc/​gettytab
 +
 +Add this to the bottom of the file (change '​my_freebsd_username'​ with an 
 +existing username you wish to use for auto-login):​
 +<​html>​
 +my_freebsd_username:​\
 + :​al=my_freebsd_username:​ht:​np:​sp#​115200:​
 +</​html>​
 +
 +  nano /etc/ttys
 +Change the line starting with '​ttyv0'​ (change '​Pc'​ with the username you 
 +wish to use for auto-login, I used '​my_freebsd_username'​)
 +<​html>​
 +ttyv0 "/​usr/​libexec/​getty my_freebsd_username" ​  ​cons25 ​ on     ​secure
 +</​html>​
 +
 +Reboot the system, and you will see that after the system has booted, ​
 +you will have a shell prompt (instead of a login prompt).
 +
 +Step 3:
 +Change my_freebsd_username to the username you wish to use to auto-login, and edit the .profile of that user:
 +  su my_freebsd_username
 +  cd ~my_freebsd_username
 +  nano .profile
 +
 +<​html>​
 +#default: do not start X:
 +STARTX="​no"​
 +#but if tty=0 and shell-level=1,​ do start X:
 +[ `tty` = "/​dev/​ttyv0"​ ] && [ $SHLVL = "​1"​ ] && STARTX="​yes"​
 +[ $STARTX = "​yes"​ ] && {
 +  #Sleep a second, because my computer is too fast:
 +  #/bin/sleep 1
 +  /​usr/​local/​bin/​startx -- :1
 +}
 +# Note to Linux users: change /dev/ttyv0 to /dev/tty1; change /​usr/​local/​bin/​startx to /​usr/​bin/​startx.
 +</​html>​
 +
 +In the file /​home/​my_freebsd_username/​.xinitrc you need to set the 
 +window manager to start (KDE, Gnome, or another), together with any 
 +other applications you wish to start with X-windows (I start my browser, ​
 +e-mail client, chat/​instant messaging client)
 +
 +<​html>​
 +#!/bin/sh
 +
 +# screen saver after five minutes:
 +xset s 300
 +
 +# fix that annoying backspace problem
 +xmodmap -e "​keycode 22=BackSpace"​
 +
 +# Allow any application run on localhost to access this X session:
 +xhost +localhost
 +
 +# Instant messaging / chat client (Pidgin, formerly known as GAIM):
 +pidgin &
 +
 +# E-mail client (Mozilla Thunderbird):​
 +thunderbird &
 +
 +# Webbrowser (Mozilla Firefox):
 +firefox &
 +
 +# Konsole (shell) window:
 +konsole &
 +
 +# Background screen session (why?)
 +screen -dmS xsessie &
 +
 +# Audiomixer (set to 50% volume):
 +/​usr/​sbin/​mixer 50:50
 +/​usr/​sbin/​mixer pcm 100:100
 +
 +# Start the VNC server, so remote computers can access this pc's desktop:
 +x11vnc -rfbauth ~/​.vnc/​passwd -forever -shared &
 +
 +# Start a VNC-viewer in listening mode (port 5500), with low quality settings, which make it faster over slow network links:
 +vncviewer -bgr233 -compresslevel 9 -quality 0 -listen 0 &
 +
 +# Start the Gnome desktop environment:​
 +exec gnome-session
 +# Or, to use KDE:
 +# Start the KDE desktop environment:​
 +#exec startkde
 +</​html>​
 +
 +
 +===== Console '​screen saver' =====
 +This will put your monitor in standy
 + after you have not used it for a while (saving power, and thus money).
 +It will only work when you're on the console (not in X-windows):
 +  kldload green_saver.ko
 +Or add '​green_saver_load="​YES"'​ to /​etc/​loader.conf,​ to have
 +it loaded on system startup.
 +
 +
 +====== Printing in FreeBSD ======
 +Installing a laser/​deskjet or other printer in FreeBSD, and make it available to other computers through Samba for Windows computers.
 +I'll make it a multi-step project
 +
 +0. Preparations
 +1. Apsfilter
 +
 +Official URL: http://​www.apsfilter.org/​
 +URL: http://​www.onlamp.com/​pub/​a/​bsd/​2003/​11/​06/​Big_Scary_Daemons.html
 +
 +  cd /​usr/​ports/​print/​apsfilter
 +  make WITH_GHOSTSCRIPT_AFPL=yes BATCH=yes APSFILTER_ALL=yes install clean
 +I'm not 100% sure if it should be WITH_GHOSTSCRIPT_AFPL or WITH_GHOSTSCRIPT_GNU
 +
 +  cd /​usr/​local/​share/​apsfilter
 +  ./SETUP
 +<​html>​
 +Found ghostscript version 8.60 ...
 +You have to upgrade at least to gs version 6.50!
 +But you should upgrade to gs 7.00 for full driver support
 +prior installing printers with SETUP.
 +Do you you want to continue? [Y/n] y
 +</​html>​
 +<​html>​
 + ... Licence ...
 +Accept license [Y|y|J|j|N|n] ? y
 +</​html>​
 +<​html>​
 +The Owner of your spooldir seems to be: root
 +The Group of your spooldir seems to be: daemon
 +Is this correct? [y/n] y
 +</​html>​
 +<​html>​
 +saving original printcap -> /​etc/​printcap.orig
 +creating a working copy of printcap -> /​etc/​printcap.old
 +</​html>​
 +<​html>​
 +It seems you have configured a printer with this script before.
 +Do you want to (a)dd another printer entry or
 +            to (o)verwrite the existing entries?
 +a/o? o
 +</​html>​
 +In the APSFILTER main menu:
 +<​html>​
 +Select 1 (Printer Driver Selection)
 + ​Select 3 (printer driver natively supported by ghostscript)
 +  My printer is a HP LaserJet 4L using the ljet4l, so I've entered '​160'​ at the 'Enter number:'​ input. Choose for yourself.
 +  Do you want to use ljet4l? [Y|n] y
 +
 +Select 2 (Interface Setup)
 + The printer is connected trough a parallel cable, so in the interface setup, I've selected
 + ​option 1 (local parallel/​USB)
 +  The printer is connected to the first (and only) LPT port, FreeBSD calls this '/​dev/​lpt0':​
 +  Full path of parallel print device: /dev/lpt0
 +
 +Select 3 (Paper Format)
 + Here in the Netherlands,​ A4 is the standard, so I've chosen
 + ​option 1 (DIN A4)
 +
 +To test if the settings work, we'll print a test page. Make sure your printer is powered on, and connected correctly.
 +Select T (Print Test Page)
 + ​Select T (Print a test page)
 +
 +If the testpage looked ok, you can now choose
 +option I (Install printer with values shown above)
 +
 +** creating printcap entry for printer aps1...
 +   ​creating spooldir ...
 +   ​remember SETUP settings in printers apsfilterrc file...
 +** done.
 +
 +Finish the installation with '​Q'​.
 +</​html>​
 +
 +Don't forget to send the APSFILTER author a snail-mail, as requested.
 +To restart the printer daemons:
 +  lpc restart all
 +  /​etc/​rc.d/​lpd restart
 +
 +Backup your /​etc/​printcap file:
 +  cp -n /​etc/​printcap /​etc/​printcap-backup-<​current_date_without_spaces>​
 +
 +1a. testing with lpr
 +Download lpr_testfile.ps ​ (or use google to find a .ps file)
 +Print it:
 +  /​usr/​bin/​lpr lpr_testfile.ps
 +
 +
 +2. CUPS
 +2a. testing
 +3. Samba
 +3a. Windows network printer driver installation
 +3b. testing
 +4. print to pdf
 +
 +http://​www.newbie-net.de/​anleitung_freebsd_cups.html
 +http://​www.freebsdforums.org/​forums/​showthread.php?​s=&​threadid=15325&​perpage=15&​highlight=&​pagenumber=1
 +
 +work in progress
 +/*
 +cupsd_enable="​YES"​
 +/​usr/​local/​etc/​rc.d/​cupsd start
 +Starting cupsd.
 +
 +http://​localhost:​631/​admin/​
 +
 +cd /​usr/​ports/​print/​gimp-gutenprint/​
 +make install
 +/​usr/​ports/​print/​ghostscript-gnu
 +deselected all x11*
 +/​usr/​ports/​print/​ghostscript-gnu conflicteerd met
 +===> ​ ghostscript-gnu-7.07_17 conflicts with installed package(s):
 +      ghostscript-gpl-8.60
 +*/
 +
 +Print to PDF using Samba (warning: dutch page): ​
 +http://​machiel.generaal.net/​index.php?​subject=pdfprinter#​subject_4
 +
 +
 +
 +
 +====== P2P and other music/movie downloading apps ======
 +MLdonkey: edonkey, overket, kademlia(?)
 +SABnzbd: newsgroups
 +FTD4Linux: newsgroups index community/​database
 +
 +===== amule2 =====
 +Installation:​
 +  portinstall net-p2p/​amule2
 +
 +===== MLdonkey =====
 +A P2P client with web/http frontend
 +Official URL: [[http://​mldonkey.sourceforge.net/​Main_Page]] ​
 +
 +Among the supported Peer2peer protocols are:
 +  * Bittorrent (.torrent files)
 +  * Edonkey2000,​Emule,​Azareus
 +  * FastTrack (KaZaA) and OpenFT (giFT)
 +  * Gnutella, and many more
 +
 +  cd /​usr/​ports/​net-p2p/​mldonkey
 +  make
 +  make install
 +
 +Add the following line to /​etc/​rc.conf:​
 +<​html>​
 +mlnet_enable="​YES"​
 +mlnet_user="<​my_freebsd_username>"​
 +</​html>​
 +So mldonkey is started as a daemon upon next boot, with the permissions as <​my_freebsd_username>​. To increase security, you can create another user account and use this for running mlnet.
 +
 +Run it:
 +  su <​my_freebsd_username>​
 +  mlnet
 +
 +By default, mldonkey'​s web interface runs on http://​localhost:​4080 ​ This means you will either have to edit the configuration files, or really login using a browser on the same FreeBSD machine.
 +If you're seeing the '403 Forbidden - Connection from <​X.X.X.X>​ rejected (see downloads.ini,​ allowed_ips) MLDonkey/​2.9.1 at <​my.dotted.ip.address>​ Port 4080"​-error,​ you're not accessing the mlnet/​mldonkey web interface from localhost.
 +
 +  nano <​my_freebsd_userame>/​.mldonkey/​downloads.ini:​
 +Change the '​allowed_ips'​-line to include the ip's you're connecting from (this example allows local/​private networks 192.168.*.* and 10.*.*.* to connect):
 +<​html>​
 +allowed_ips = [ "​127.0.0.1";​ "​10.0.0.1/​8";​ "​192.168.0.1/​16";​ ]
 +</​html>​
 +Note: mlnet writes its configuration when it closes to the files. So first close mlnet, then edit the configuration files, then re-start mlnet.
 +
 +
 +With a webbrowser, go to: http:/ /<​your.freebsd.machine.ipaddress>:​4080
 +It will complain about an empty admin password. To fix this, in the upper-right input bar/field enter:
 +<​html>​
 +useradd admin <​your_mothers_maiden_name>​
 +</​html>​
 +Replace <​your_mothers_maiden_name>​ with a password of your own. Preferably shorter. :)
 +
 +If you want allow others to access mldonkey, they don't need admin access.
 +Add another '​regular'​ user account for them (replace <​login>​ and <​password>​):​
 +<​html>​
 +useradd <​login>​ <​password>​
 +</​html>​
 +
 +
 +
 +
 +Don't know yet what's the solution to the next error I saw when I tried 
 +the same on my other box:
 +<​html>​
 +gmake[1]: *** [lablgtktop] Segmentation fault: 11 (core dumped)
 +</​html>​
 +Perhaps I'll make the world again. And make it a better place for all of 
 +us to live in, with less errors.
 +
 +===== SABnzbd =====
 +A newsgroup download tool, capable of handling NZB-files, with integrated PAR2 checker, extracter, and a web interface.
 +Where you would use a tool like '​GrabIt'​ on Windows, SABnzbd does the same job, but better, for UNIX (Linux, BSD, etc)
 +
 +Installation:​
 +  cd /​usr/​ports/​sabnzbd
 +  make
 +  make install
 +
 +<​FIXME>​
 +Aug2007: I think the most recent version of 
 +CherryPy doesn'​t work with the SABnzbd-version I'm currently using, with the following error:
 +
 +<​html>​
 +Traceback (most recent call last):
 +  File "/​usr/​local/​bin/​SABnzbd.py",​ line 37, in ?
 +    import cherrypy
 +ImportError:​ No module named cherrypy
 +</​html>​
 +
 +Re-install it:
 +  export PYTHONPATH="/​usr/​local/​lib/​python2.5/​site-packages/"​
 +  cd /​usr/​ports/​news/​sabnzbd
 +  make deinstall
 +  make clean
 +  make
 +  make install
 +
 +If you get any errir when doig make install about missing directories:​
 +  mkdir /​usr/​local/​share/​sabnzbd
 +  mkdir /​usr/​local/​share/​doc/​sabnzbd ​
 +
 +
 +  cd /​usr/​ports/​www/​py-cherrypy
 +  make deinstall
 +  cd /​usr/​ports/​www/​py-cherrypy-old
 +  make deinstall
 +  make clean
 +  make
 +  make install
 +
 +<​html>​
 +****************************************************************************
 +Check /​usr/​local/​share/​SABnzbd for SABnzbd.ini.sample and templates
 +See /​usr/​local/​share/​doc/​SABnzbd for README.txt etc
 +****************************************************************************
 +===> ​  ​Registering installation for SABnzbd-0.2.5
 +</​html>​
 +
 +I like to have all configuration files in /etc or /​usr/​local/​etc,​ which I backup regularly. So I'll move SABnzbd'​s configuration file there:
 +
 +  cd /​usr/​local/​share/​SABnzbd
 +  mv SABnzbd.ini /​usr/​local/​etc/​
 +  ln -s /​usr/​local/​etc/​SABnzbd.ini SABnzbd.ini
 +
 +Configuration is done in the SABnzbd.ini file, which we just moved to /​usr/​locale/​etc
 +The things you want to edit are:
 +<​html>​
 +  username = <some username>​
 +  password = <some password>​
 +  download_dir = ...
 +  complete_dir = ...
 +  nzb_backup_dir = ...
 +  cache_dir = ...
 +  log_dir = ...
 +  dirscan_dir = ...
 +</​html>​
 +And, do not forget to enter your newsserver in the [servers] section of the same file.
 +
 +
 +Start it:
 +
 +  /​usr/​local/​bin/​SABnzbd.py -d -f /​usr/​local/​share/​SABnzbd/​SABnzbd.ini
 +
 +You might want to put this line in /​etc/​rc.local to have it start up at boot (you can also use '​su'​ to run it as another user, but make sure that the directories mentioned in SABnzbd.ini are writable for that user).
 +Or, even easier: add this crontab entry for the user you want to run SABnzbd as:
 +<​html>​
 +@reboot ​        /​usr/​local/​bin/​screen -dmS nzb /​usr/​local/​bin/​SABnzbd.py -f /​usr/​local/​etc/​SABnzbd.ini
 +</​html>​
 +
 +Test it by opening a web browser to http://​localhost:​8080/​sabnzbd/​connections/​
 +To allow other computers to access SABnzbd or to use another port number, edit the correct sections in SABnzbd.ini
 +
 +
 +
 +
 +
 +
 +===== rtorrent - Console Bittorrent-p2p client =====
 +URL: http://​libtorrent.rakshasa.no/​
 +
 +This is a bittorrent client with all the feautures you will find in other clients like Azureus, but all console-based.
 +
 +Installation (as root):
 +
 +  cd /​usr/​src ​
 +  wget http://​libtorrent.rakshasa.no/​downloads/​libtorrent-0.11.0.tar.gz
 +  tar -zxvf libtorrent-0.11.0.tar.gz
 +  cd libtorrent-0.11.0
 +  ./configure
 +  make
 +  make install
 + 
 +  cd /​usr/​src ​
 +  wget http://​libtorrent.rakshasa.no/​downloads/​rtorrent-0.7.0.tar.gz
 +  tar -zxvf rtorrent-0.7.0.tar.gz
 +  cd rtorrent-0.7.0
 +  ./configure
 +  make
 +  make install
 +
 +Go back to your non-root user account, then:
 +
 +  cp /​usr/​src/​rtorrent-0.7.0/​doc/​rtorrent.rc ~/​.rtorrent.rc
 +  nano ~/​.rtorrent.rc
 +
 +According to some manpage, this will increase the processing speed for hashing the already downloaded parts (http://​libtorrent.rakshasa.no/​wiki/​RTorrentPerformanceTuning
 +). Add the lines:
 +
 +    hash_read_ahead = 8
 +    hash_max_tries = 5
 +    hash_interval = 10
 +
 +Now let's start it in a screen session:
 +  screen rtorrent
 +
 +You can add torrent files by entering the URL to the torrent file
 +Use CTRL-q to quit (download will not continue) or CTRL-A D (screen detach hotkey) to detach this window
 +
 +I might want to start this program everytime my FreeBSD boots, next time.
 +
 +
 +
 +
 +====== VOIP telephony ======
 +
 +===== Asterisk* PBX =====
 +The Asterisk* PBX software package allows me to set-up a telephone system. I have special hardware for this (a Linksys Sipura SPA-3000 (or SPA3K as some call it), and a [[http://​www.grandstream.com/​gxp2000.html|Grandstream GXP2000 VoIP phone]]. Together with my VoipBuster account I will use Asterisk* to manage my home telephone system, my business telephone line, and route calls over the cheapest path from caller to callee.\\
 +URL: [[http://​www.asterisk.org]]\\
 +URL: [[http://​www.voip-info.org]]\\
 +URL: [[http://​www.voxilla.com]]\\
 +
 +Note: Asterisk, is way too complicated to have you up and running (with configured hardware) in a few minutes. I put it here for completeness,​ not as a quick-tutorial how to get it running at your site. There is a lot of documentation available on Asterisk.
 +
 +Work in progress: I'm working on 'My Asterisk PBX Installation and 
 +Configuration Guide',​ to help you understand and use asterisk telephony ​
 +system in no-time. For more configuration,​ browse to my 
 +[[http://​wiki.pcprobleemloos.nl/​my_asterisk_pbx_installation_and_configuration_guide/​|"​My Asterisk installation and 
 +configuration guide"​]] page. You'll find a lot of extensions.conf ​
 +examples there.
 +
 +
 +Install port:  (version 1.2.9.1_2)
 +  cd /​usr/​ports/​net/​asterisk
 +Check which version will be installed when you would use the ports tree:
 +  cat distfiles
 +Visit the Asterisk.org website to check if any serious bugs have been found after this release.
 +
 +There are a lot of bugfixes and othe updates since the version in the ports got updated, but lets install anyway:
 +  make
 +  make install
 +
 +There'​s a known problem with mpg123 (& Asterisk), where mpg123 is eating CPU time up to 100%, this should solve it: (yet untested)
 +http://​astrecipes.net/?​n=152
 +
 +Some other information about this:
 +http://​www.voip-info.org/​wiki/​view/​Asterisk+FreeBSD
 +http://​www.faktortel.com.au/​support-asterisk-musiconhold.shtml
 +
 +There is an add-on to change the pitch of your voice: (yet untested)
 +http://​www.lobstertech.com/​code/​voicechanger/​ ?
 +
 +I should have a look at this site, it might have some good configuration examples:
 +
 +http://​astrecipes.net/ ​  ​(didn'​t have much examples)
 +
 +<​html>​
 +Options for asterisk 1.4.3                      │
 +                     │ ┌────────────────────────────────────────────────────────────────┐ │
 +                     │ │        [X] OGGVORBIS ​ Enable Ogg Vorbis support ​               │ │
 +                     │ │        [X] ODBC       ​Enable ODBC support ​                     │ │
 +                     │ │        [ ] POSTGRES ​  ​Enable PostgreSQL support ​               │ │
 +                     │ │        [ ] RADIUS ​    ​Enable RADIUS accounting support ​        │ │
 +                     │ │        [X] SNMP       ​Enable SNMP support ​                     │ │
 +                     │ │        [X] H323       ​Enable H.323 support ​                    │ │
 +                     │ │        [X] JABBER ​    ​Enable Jabber and Gtalk support ​         │ │
 +                     │ │        [ ] ZAPTEL ​    ​Enable Zaptel support ​                   │ │
 +                     │ │                                           
 +</​html>​
 +(I disabled POSTGRES, RADIUS, and ZAPTEL)
 +
 +
 +voip-info.org
 +
 +====== Won't run on/under FreeBSD ======
 +The following software I want to use is not yet FreeBSD compatible (as far as I can see):
 +  * TrueCrypt http://​www.truecrypt.org/​
 +    http://​lists.freebsd.org/​pipermail/​freebsd-ports/​2005-December/​028155.html
 +
 +
 +====== References ======
 +A lot of information in this guide comes from the [[http://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​install-steps.html|FreeBSD Handbook on FreeBSD Installation]]. Bookmark it, it's good! It's [[http://​www.freebsd.org/​doc/​|translated in many different languages]] , and there is [[http://​www.freebsd.org/​docs.html|some more official and unofficial documentation here]].
 +
 +I've discovered another site which contains [[http://​www.engr.colostate.edu/​~reinholz/​freebsd/​freebsd.html|installation instructions and general help on FreeBSD (6.0) topics]]\\
 +
 +[[http://​www.bsdguides.org/​guides/​freebsd/​|BSD Guides has some nice FreeBSD guides too]]
 +
 +I don't get the impression it gets updated a lot, but in the past [[http://​www.freebsddiary.org/​chronological.php|The FreeBSD Diary]] helped me out a lot.
 +
 +http://​www.freebsdwiki.net
 +
 +http://​www.freebsdmadeeasy.com/​
 +
 +http://​www.bsdguides.org - Doing stuff with FreeBSD, OpenBSD, NetBSD & Mac OSX
 +
 +http://​www.bsdzone.net/​links/​ - FreeBSD help, how-to guides and more
 +
 +http://​www.madpenguin.org/​cms/?​m=show&​id=1853
 +
 +http://​linux.about.com/​bl_freebsd_inst_conf.htm
 +
 +http://​elibrary.fultus.com/​technical/​topic/​com.fultus.freebsd/​index.html
 +
 +http://​www.freebsd.org/​ports - the FreeBSD ports collection
 +
 +http://​www2.ocean.washington.edu/​unix.tutorial.html - '​generic'​ Unix Tutorial, focussed on usage, no installation.
 +
 +http://​www.sshkeychain.org/​mirrors/​SSH-with-Keys-HOWTO/​SSH-with-Keys-HOWTO-4.html
 +
 +http://​www.openaddict.com/​quick_and_dirty_guide_to_deploying_a_freebsd_6_1_server.html
 +
 +http://​www.littlewhitedog.com/​content-72.html How To Install a Secure BSD System
 +
 +http://​www.openaddict.com/​installing_freebsd_6_1.html Installing FreeBSD 6.1
 +
 +http://​www.a1poweruser.com/​Free_guide_index.php
 +
 +==== I'm currently working on ...  ====
 +  * freebsd mouse usb selecting text slow, polling problem?
 + It takes half a second or more to 'start selecting' ​ the text where I've clicked.
 +  That is, when trying to select a piece of text in X, if I do it too fast, it misses a part.
 + The same goes for resising windows, and other mouse stuff
 + I've tried the '​solution'​ to revert to PS/2, but that didn't make a difference
 +
 +  * Completing the routing section of this guide (natd?)
 +http://​freebsd.rogness.net/​redirect.cgi?​basic/​gateway.html
 +  * Structuring this guide, perhaps splitting it into multiple pages
 +  * check google coverage
 +
 +
 +====== Improving this guide ======
 +
 +You are welcome to send any links, fixes, comments, or compliments to 
 +the e-mail address listed at the top of this guide.
 +
 +
 +
 +/*
 +===== Junk below this line =====
 +Other FreeBSd page: http://​www.miskatonic.org/​freebsd.html
 +
 +Do make clean if you are hunting ghosts
 +
 +routed draaien
 +
 +  cd /​usr/​ports/​security/​nmap
 +  make
 +
 +
 +
 +
 +
 +Granting mount/​umount access to all users.
 +The first step is to allow users to run the mount command to actually mount a filesystem and to allow them to run the umount command. This is done by adding the following line to your /​etc/​sysctl.conf file.
 +    vfs.usermount=1
 +
 +This option will be set within the kernel at next system boot, to enable it immediately run the following command as root:
 +    sysctl vfs.usermount=1
 +
 +It is important to note that while setting this variable allows ALL users to run the mount/​umount commands to mount and unmount filesystems,​ mounting and unmounting will only be possible if:
 +    * The user has read/write permission to the device they wish to mount.
 +    * The user owns the directory they wish to mount the filesystem to. 
 +
 +The second issue is typically not a problem, users can always generate an empty directory to host the mount. The first issue is what allows us to restrict access to certain devices for mounting by particular users. However, this security is limited, while we can stop a user from mounting a device entirely, when permission is granted to mount the device, that user can mount it with whatever mount options they like.
 +
 +9.23. How do I let ordinary users mount floppies, CDROMs and other removable media?
 +
 +Ordinary users can be permitted to mount devices. Here is how:
 +
 +   1.
 +
 +      As root set the sysctl variable vfs.usermount to 1.
 +
 +      # sysctl -w vfs.usermount=1
 +
 +   2.
 +
 +      As root assign the appropriate permissions to the block device associated with the removable media.
 +
 +      For example, to allow users to mount the first floppy drive, use:
 +
 +      # chmod 666 /dev/fd0
 +
 +      To allow users in the group operator to mount the CDROM drive, use:
 +
 +      # chgrp operator /dev/acd0c
 +      # chmod 640 /dev/acd0c
 +
 +/etc/group
 +add after operator ...  : your username
 +
 +
 +
 +wget http://​surfnet.dl.sourceforge.net/​sourceforge/​getid3/​getid3-1.7.7.zip
 +
 +extract, so that /​usr/​local/​www/​ip/​mp3/​getid3/​getid3/​getid3.php exists
 +
 +nano kplaylist.php
 +
 +// enable the getid3 package. getid package must reside under getid3/ under the directory
 +// this file exists. If it does not, please change the '​include'​ statement below.
 +$cfg['​enablegetid3'​] = 1;
 +
 +// where the getid3.php file exists
 +$cfg['​getid3include'​] = '​getid3/​getid3/​getid3.php';​
 +kplaylist.php resides in /​usr/​local/​www/​ip/​mp3/​
 +
 +
 +http://​www.kplaylist.net/​forum/​viewtopic.php?​t=1003
 +
 +
 +last line
 +*/
 +/*
 +NFS:
 +http://​lantech.geekvenue.net/​chucktips/​jason/​chuck/​jason/​chuck/​1173860703/​index_html
 +
 +/​usr/​ports/​sysutils/​xcdroast]#​ make
 +You must be root to use xcdroast. ​ To use it as normal user,
 +click "​enable-nonroot"​ after starting it at first as root.
 +But beware! ​ This is a security risk!
 +It modifies the following files and gives them the
 +set-user-ID-on-execution bit:
 +
 +xcdwrap
 +
 +************************************************************
 +
 +Are you sure you want this? If not, hit Ctrl+C right now 
 +
 +         This is a security risk! XCDRost will use an own
 +         ​wrapping utility which gets a SUID Bit after enabling
 +         the non-root mode inside the application!
 +
 +
 +
 +Notes for FreeBSD 5.x and onwards users:
 +1. The FreeBSD k3b port supports SCSI drives only. If you have IDE CD or DVD
 +   ​drives,​ use them through the cam system. See Chapter 12.5.9 of the handbook
 +   ​(http://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​handbook/​creating-cds.html#​ATAPICAM)
 +2. Your CD and DVD drives must have a mount point in /etc/fstab. They have
 +   to be accessed through their atapicam device if possible. I.e. the drives
 +   have to be adressed by e.g. /dev/cd0 instead of /dev/acd0.
 +3. k3b has to be started from a root console, which is not recommended.
 +   ​Alternatively do ALL of the following:
 +3a. set the suid flag on cdrecord and cdrdao. The '​Notes'​ chapter of
 +    'man cdrecord'​ discusses this.
 +3b. - For every user who should be able to use k3b and for every CD or DVD
 +      device add a directory in the users home directory. These directories
 +      must be owned by the corresponding user. For each such directory add a
 +      line in /etc/fstab (see remark 2), like:
 +        /​dev/​cd0c ​ /​usr/​home/​XXX/​cdrom ​ cd9660 ​ ro,​noauto,​nodev,​nosuid ​ 0  0
 +      Furthermore allow user mounts as described in topic 9.22 of the FAQ:
 +      http://​www.freebsd.org/​doc/​en_US.ISO8859-1/​books/​faq/​disks.html#​USER-FLOPPYMOUNT
 +      To make the chmod'​s to /dev/cdX permanent, do the following:
 +        * add '​devd_enable="​YES"'​ to /​etc/​rc.conf
 +        * add a 'perm cdX 666' to /​etc/​devfs.conf for each cd/dvd device. X 
 +          is the device number. If you prefer allow access for a group only, 
 +          add a 'perm cdX 660' instead, followed by an 'own cdX root:​XXX' ​
 +          where XXX is the group name.
 +          Alternatively (especially if you are using hot plug capable CD or 
 +          DVD drives) you could add an 'add path '​cd*'​ mode 666' or an 
 +          'add path '​cd*'​ mode 660 group XXX' to your /​etc/​devfs.rules
 +          under '​[system=10]'​. To enable it, add a '​devfs_system_ruleset="​system"'​
 +          to your /​etc/​rc.conf.
 +    - or just give mount and umount the suid flag, which is a security leak.
 +3c. Every user who should be able to use k3b must have read and write access
 +    to all pass through devices connected with CD and DVD drives and to the 
 +    /dev/xpt0 device. Run '​camcontrol devlist'​ to identify those devices (seek 
 +    string '​passX'​ at the end of each line and modify the rights of 
 +    /​dev/​passX). Note, that this is a security leak as well but that there is 
 +    no alternative! To make this changes permanent, add '​devd_enable="​YES"' ​
 +    to /​etc/​rc.conf as described above. Furthermore add a 'perm passX 666' ​
 +    for each pass device and a 'perm xpt0 666'. If you prefer to bind the 
 +    access rights to a group, use the own command as described above. If you
 +    prefer to set this rights dynamically,​ add a line 'add path '​pass*'​ ...'
 +    to your /​etc/​devfs.rules as described above.
 +4. Check, that DMA is activated for atapi devices: '​sysctl hw.ata.atapi_dma'​
 +   If not, set it to 1 and put a '​hw.ata.atapi_dma=1'​ into /​boot/​loader.conf.
 +5. Create a directory on a partition, which has enough disk space to hold a CDs
 +   or DVDs content (usually below /usr). Enter this directory in Settings->​
 +   ​Configure K3b...->​Misc.
 +6. If you experience problems while burning CDs, try to set the cdrdao driver ​
 +   ​manually. To do so choose Settings->​Configure K3b...->​Devices. Below the CD 
 +   ​recorder click on the string "​auto"​ behind "​Cdrdao driver:"​ For most of the 
 +   ​recent drives "​generic-mmc"​ or "​generic-mmc-raw"​ should work. 
 +   See http://​cdrdao.sourceforge.net/​drives.html.
 +7. To burn video CDs install the port multimedia/​vcdimager.
 +8. To rip DVDs additionally install the ports multimedia/​transcode,​
 +   ​multimedia/​libdvdread and multimedia/​xvid.The ripping process itself is described ​
 +   in http://​k3b.plainblack.com/​videoencoding.
 +9. To burn bootable video CDs, install the port multimedia/​emovix.
 +10. To burn DVDs, install the port sysutils/​dvd+rw-tools.
 +11. To normalize the volumes of audio cds, install the port audio/​normalize.
 +12. To rip into more audio formats, install the port audio/sox.
 +
 +To read this instructions again, type 'make showinfo'​ in the k3b port directory
 +===> ​  ​Running ldconfig
 +/​sbin/​ldconfig -m /​usr/​local/​lib
 +===> ​  ​Registering installation for k3b-1.0.3
 +
 +*/
 +umass0: Unsupported ATAPI command 0x4a - trying anyway
 +umass0: Unsupported ATAPI command 0xac - trying anyway
 +
 +When I power up my Plextor PX-716AL external USB 2.0 DVD burner, '​dmesg'​ detects it:
 +<​html>​
 +umass0: PLEXTOR DVDR   ​PX-716AL,​ rev 2.00/4.13, addr 2
 +cd0 at umass-sim0 bus 0 target 0 lun 0
 +cd0: <PLEXTOR DVDR   ​PX-716AL 1.01> Removable CD-ROM SCSI-0 device
 +cd0: 1.000MB/s transfers
 +</​html>​
 +However, there'​s something wrong with the speed (just 1.000MB/s will surely result in a lot of buffer underruns). If I disconnect and reconnect the USB cable, the troughput (at 40.000MB/s) is ok, as shown by the '​dmesg'​ output:
 +<​html>​
 +umass0: PLEXTOR DVDR   ​PX-716AL,​ rev 2.00/4.13, addr 2
 +cd0 at umass-sim0 bus 0 target 0 lun 0
 +cd0: <PLEXTOR DVDR   ​PX-716AL 1.01> Removable CD-ROM SCSI-0 device ​
 +cd0: 40.000MB/s transfers
 +cd0: cd present [2213904 x 2048 byte records]
 +</​html>​
 +Maybe I'll take some time to check if it has something to do with a kernel option about usb / uhid / ugen. Probably I'll try to remember it and remember to unplug/​replug the usb connector when I've touched the Plextor'​s power switch.
 +
 +
 +===== reverse ssh =====
 + ssh -nNT -R 8022:​10.0.0.123:​22 ...@...example.org
 +
 +
 +copy paste select text gnome terminal
 +http://​lifehacker.com/​photogallery/​Top-10-Gnome-Tweaks/​2424543
 +
 +Game Integrity 20004-error in Wolfenstein:​ Enemy Territory:
 +http://​forums.pcbsd.org/​viewtopic.php?​p=62892
 +
 +
 +===== PXE Windows XP installation =====
 +I'm trying to boot a laptop with a broken cd-rom drive from the network, using PXE.
 +The following text and links describe my progress. It is not working at the moment.
 +
 +Best link one so far:
 +http://​unattended.sourceforge.net/​step-by-step.php
 +
 +http://​www.kegel.com/​linux/​pxe.html
 +
 +http://​www.netbsd.org/​docs/​network/​netboot/​tftpd.html#​freebsd
 +tftp    dgram   ​udp ​    ​wait ​   root    /​usr/​libexec/​tftpd ​     tftpd -s /tftpboot
 +tftp    dgram   ​udp ​    ​wait ​   root    /​usr/​libexec/​tftpd ​     tftpd -l -s /​mnt/​.../​install
 +  tftp localhost
 +<​html>​
 +tftp> get test.txt
 +tftp> quit
 +</​html>​
 +
 +If you try to download a non-existing file, you'll see the following error:
 +<​html>​
 +Error code 1: File not found
 +</​html>​
 +
 +Try to download the file you want to use (the one you set up in dhcpd.conf)
 +I will assume you've already installed the dhcp server ( net/​isc-dhcp3-server )
 +The DHCP server/​daemon needs a few configuration options to allow PXE boots:
 +    next-server 1.2.3.4;
 +    filename "​pxeboot";​
 +    option root-path "​1.2.3.4:/";​
 +
 +  echo dhcpd_enable=YES >> /​etc/​rc.conf
 +  /​usr/​local/​etc/​rc.d/​isc-dhcpd start
 +inetd_enable=YES
 +
 +http://​www.freebsd-nl.org/​doc/​nl/​network-diskless.html
 +http://​syslinux.zytor.com/​pxe.php
 +http://​silent.gumph.org/​content/​4/​7/​071-diskless-windows-pxe.html
 +http://​tomclegg.net/​pxe
 +http://​www.hanewin.de/​remote-boot.htm
 +
 +And after you've installed windows unattended, you might want to install OpenOffice.org as well:
 +OpenOffice.org unattended installation for Windows:
 +http://​www.msfn.org/​board/​openofficeorg_t12044.html
 +
 +===== How to mount an ISO image ====
 +Mounting an ISO image with FreeBSD (mount, mdconfig)
 +http://​www.redantigua.com/​mount-iso.html:​
 +  mkdir /mnt/iso
 +  mdconfig -a -t vnode -u 0 -f /​path/​to/​iso/​image/​file.iso
 +  mount -t cd9660 /dev/md0 /mnt/iso
 +
 +To unmount:
 +  mount -u /mnt/iso
 +  mdconfig -d -u 0
 +
 +You can mount multiple ISO's at the same time, just replace '​0'​ and '​md0'​ with '​1'​ and '​md1',​ or '​2'​ and '​md2'​ and so on, and use another mount point instead of /mnt/iso
 +
 +If you have a NRG (Nero Burning Rom image file), you can convert it with nrg2iso:
 +Installation:​
 +  portinstall sysutils/​nrg2iso
 +  ​
 +Usage:
 +  nrg2iso <​image.nrg>​ <​image.iso>​
 +<​image.iso>​ will be created from image.nrg
 +If the iso file is created, you can mount it 
 +
 +
 +===== OpenArena =====
 +A 3D shoot-em-up:​ OpenArena is an open-source content package, together with the GPL'd Quake III Arena 3D engine.
 +
 +URL: http://​openarena.ws/​
 +
 +Installation:​
 +  cd /​usr/​ports/​games/​openarena
 +  make
 +  make install
 +
 +As my NVidia graphics card is already configured in X, there'​s nothing important left to configure.
 +
 +Run it:
 +  openarena
 +
 +One time however, I did receive an error when starting openarena:
 +<​html>​Sys_Error:​ GLimp_Init() - could not load OpenGL subsystem</​html>​
 +The next day it worked just fine, and I don't remember doing anything special..
 +
 +/*
 +
 +http://​johan.fredin.info/​openbsd/​block_ssh_bruteforce.html
 +does not work yet
 +http://​www.freebsdwiki.net/​index.php/​Block_repeated_illegal_or_failed_SSH_logins
 +
 +
 +  cd /​usr/​ports/​security/​denyhosts
 +  make 
 +  make install
 +  echo denyhosts_enable="​YES">>/​etc/​rc.conf.
 +  touch /​etc/​hosts.deniedssh
 +  nano /​etc/​hosts.allow
 +Add to the top of this file:
 +<​html>​
 +sshd : /​etc/​hosts.deniedssh : deny
 +sshd : ALL : allow
 +<​html>​
 +Start it:
 +  /​usr/​local/​etc/​rc.d/​denyhosts start
 +BLOCK_SERVICE ​ = sshd
 +<​html>​
 +Starting denyhosts.
 +</​html>​
 +
 +-------------------------------------------------------------------------------
 +Configiration options can be found in /​usr/​local/​etc/​denyhosts.conf
 +-------------------------------------------------------------------------------
 +In order to proper working of denyhosts
 +1. edit your /​etc/​hosts.allow file and add:
 +sshd : /​etc/​hosts.deniedssh : deny
 +sshd : ALL : allow
 +2. issue the following command if /​etc/​hosts.deniedssh does not exist yet
 +touch /​etc/​hosts.deniedssh
 +-------------------------------------------------------------------------------
 +Warning:
 +
 +syslogd should ideally be run with the -c option; this will ensure that
 +denyhosts notices multiple repeated login attempts.
 +
 +ftp://​ftp7.mplayerhq.hu/​MPlayer/​releases/​codecs/​all-20071007.tar.bz2
 +
 + /​usr/​local/​lib/​codecs]#​ mv all-20071007/​* .
 +[root@freebsd62 /​usr/​local/​lib/​codecs]#​ rmdir all-20071007/​
 +
 +http://​www.freebsdwiki.net/​index.php/​Mplayer_Installation
 +
 +https://​addons.mozilla.org/​en-US/​firefox/​addon/​3899
 +Hackbar
 +[[http://​62-246.surfsnel.dsl.internl.net/​|other stuff]]
 +
 +https://​addons.mozilla.org/​en-US/​firefox/​addon/​3408
 +Save As Image
 +
 +for www/​linux-opera
 +textproc/​linux-aspell
 +Dutch                        ASPELL_NL=yes ​        *
 +
 +
 +OpenSearchFox
 +
 +Download Statusbar
 +
 +Measuring network speed in linux with nc (netcat) and dd: (can also be used for getting wireless network troughput numbers)
 +On machine A (sending):
 +  time dd if=/dev/mem bs=1M count=10 |  nc <​ip.of.machine.b>​ 1234
 +On machine B (receiving):​
 +  nc -l -p 1234 > /dev/null
 +
 +Replace /dev/mem with a device that can deliver data faster than your network device can send.
 +In this example, 10 blocks of 1MB (10 mbyte in total) is transferred,​ after which it tell you how much time it took. Divide them to find out the speed per second.
 +Increase or decrease '​count'​-value depending on your first estimate of troughput, to make sure the transfer will take 10 seconds or more.
 +
 +
 +ugen0: National Instruments NI USB-6008, rev 2.00/1.01, addr 2
 +
 +<​code>​
 +#!/bin/bash
 +#Small application that will download all (20) sms messages from my Siemens mobile phone
 +# Works with siemens GSM c35, c35i, s25, c25, s35, s35i, c45, c45i, etc. Make sure to use correct cable.
 +# Needs: scmxx  ( portinstall comms/scmxx ), optional: '​gscmxx'​
 +#make sure it can write to sms.txt, or else it will remove all messages without writing them to disk.
 +
 +
 +for (( j = 1 ; j <= 20; j++ )) ### Inner for loop ###
 +do
 +  scmxx -b 19200 -d /dev/ttyd0 --get --binary --sms --slot $j --out - >> sms.txt
 +  #  if file exists sms.txt',​ delete sms from phone memory:
 +
 +  scmxx -b 19200 -d /dev/ttyd0 --remove --sms --slot $j
 +done
 +</​code>​
 +
 +
 +
 +==== Spamassassin filter on relay country ====
 +Install perl module:
 +  perl -MCPAN -e '​install IP::​Country::​Fast'​
 +
 +Configure spamassassin:​
 +  nano /​etc/​spamassassin/​init.pre:​
 +uncomment:
 +loadplugin Mail::​SpamAssassin::​Plugin::​RelayCountry
 +
 +
 +Easy cron documentation / syntax explained: http://​mkaz.com/​ref/​unix_cron.html
 +
 +Requeue all messages / retry to deliver all queued messages in the Postfix defer / deferred queue folders
 +  postsuper -r ALL 
 +
 +
 +Perl one-liner command line search replace text in files (with backup):
 +  perl -i.bak -p -e'​s/​old/​new/​g'​ filename
 +
 +
 +mount_smbfs -I <ip> //<​samba_username>​@<​ip>/<​sharename>​ <​mountpoint>​
 +
 +*/
 +
 +~~DISCUSSION|Please leave a comment or any feedback!~~
 +
 +
  
start.txt · Last modified: 2019/10/30 12:51 (external edit)