FreeBSD 6.2 release digt
Skrevet nær FreeBSD 6.2 release tidspunktet. Jeg glaeder mig i denne tid,nu kommer releasen snart saa blid.og saa maa 6.2 da komme!Min chef hver dag til hjemmesiden gaar,og naar han logger ud, jeg staarog ser hans triste blik.Og paa hans desktop forleden dag,jeg saa en yndig lille txt,og den jeg ikke glemmer.Release Schedule han henter med wget;men naar jeg kommer ind, han strakssin utaalmodighed bag browservinduer gemmer.Og sysadmin har Beta 2 forsoegt,det ved jeg, jeg har selv den booted,da den var ganske ny.Sit serverskab admin nu aabnet har,og SCSI-controlleren han i piller,den med de mange stik.Og admin har saa vaeldig travlt,hvert oejeblik kommer nye drivere,og admin og chefen hvisker.Men jeg kan dog…
IPv6, DHCPd, OpenLDAP on FreeBSD
Just a few small misc notes from my old FreeBSD server setup. There is a chance these are completely obsolete. IPv6 setup Add to rc.conf: ipv6_enable="YES" ipv6_ifconfig_fxp0="FEEE::1" ipv6_defaultrouter="FEEE::1" rtadvd_enable="YES" rtadvd_interfaces="em1" Edit /etc/rtadvd.conf em1:\ :addrs#1:addr="FEEE::":prefixlen#64:tc=ether: DHCPd ISC dhcpd in FreeBSD 8.2 Install the port: net/isc-dhcp41-server Set in rc.conf dhcpd_enable="YES" OpenLDAP OpenLDAP 2.4 on FreeBSD 7.1 Lars Sommer, lasg@lasg.dk, 2009-01-18 DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Install this port: net/openldap2.4-server With the option SASL enabled Misc. base system notes Base system configuration Set root password # passwd Add a user for administration # adduser enable sshd and set interface adresses. Create resolv.conf…
FreeBSD gmirror raid 1 setup
After installing the system on disk ad0, and wanting it to be mirrored at disk ad1. Eventually see: http://www.freebsd.org/doc/en/books/handbook/geom-mirror.html sysctl kern.geom.debugflags=17 gmirror label -vb round-robin gm0 /dev/ad0 gmirror load echo 'geom_mirror_load="YES"' >> /boot/loader.conf cp /etc/fstab /etc/fstab.old # vi /etc/fstab Replace all old ad0 references with mirror/gm0 by typing :%s/ad/mirror\/gm/g. reboot gmirror insert gm0 /dev/ad1 gmirror status The mirror is being build, which takes a while. Check with gmirror status..
NTPd on FreeBSD 8.0
Lars Sommer, lasg@lasg.dk, 2009-10-06 DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. I'm using NTP on all machines with internet connection, to keep their clock more accurate. Remember to run tzsetup to set up correct time zone, before NTP'ing. Do a manually sync if needed: ntpdate -v -b 0.us.pool.ntp.org Insert in /etc/rc.conf: ntpdate_enable="YES" ntpdate_hosts="0.us.pool.ntp.org" ntpd_enable="YES" #The following is confirmed in freebsd8.2 at 2011-04-19 #Note from 2009-01-07: As by FreeBSD 7.1 ntpd should be able to run without the following config file #ntpd will need a config file at /etc/ntp.conf, looking like: #server 0.us.pool.ntp.org #server 1.us.pool.ntp.org #server 2.us.pool.ntp.org #restrict 192.168.1.0 mask 255.255.255.0 nomodify…
Rootkit-detection in FreeBSD
Lars Sommer, lasg@lasg.dk, 2007-10-18DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Install these ports: security/chkrootkit security/rkhunter rkhunter install options: make options: WITH_LSOF=true WITH_NMAP=true --- chkrootkit usage: Run sometimes with: sudo chkrootkit -q Or add to /etc/crontab like weekly: 10 10 * * 2 root /usr/local/sbin/chkrootkit -q > /var/log/chkrootkit.log --- rkhunter usage: You should keep your rkhunter database up-to-date. This can be done automatically by putting this line to /etc/periodic.conf: daily_rkhunter_update_enable="YES" Also, you can run rkhunter as a part of the daily security check by putting this line to /etc/periodic.conf: daily_rkhunter_check_enable="YES" Add this "--quiet --createlogfile --no-verbose-logging" to: /usr/local/etc/periodic/security/415.rkhunter so relevant log is done
FreeBSD jails note
Lars Sommer, lasg@lasg.dk, 2009-05-20DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. Install these ports: sysutils/jailutils sysutils/ezjail If "make buildworld" just has been done, then ezjail-admin update -i to install the recently build world is fine. Otherwise, do ezjail-admin update -b first, and wait some time for world building Fix a nice jail flavour: cd /usr/jails/flavours cp -Rv default teknix Uncomment the sshd in etc/rc.conf Copy the config files from backup into the flavour --- Create examples: ezjail-admin create -f teknix lasg-ws 192.168.1.54 ezjail-admin create -f teknix -i -s 5G -c eli tor 192.168.1.53 /usr/local/etc/rc.d/ezjail.sh start lasg-ws /usr/local/etc/rc.d/ezjail.sh start tor Automatic start of…
Denyhosts on FreeBSD 8
Lars Sommer, lasg@lasg.dk, 2011-06-20 Install the port security/denyhosts Add to /etc/rc.conf denyhosts_enable="YES" add syslogd_flags="-c" in /etc/hosts.allow add: sshd : /etc/hosts.deniedssh : deny sshd : ALL : allow Or, if anything should be denied from these hosts who fails ssh login; insert ALL instead of sshd. If done so, change the BLOCK_SERVICE line in denyhosts.conf from sshd to ALL as well. touch /etc/hosts.deniedssh /etc/rc.d/syslogd restart /usr/local/etc/rc.d/denyhosts start
Host Intrusion Detection System in FreeBSD
Also called Host IDS or just HIDSLars Sommer, lasg@lasg.dk, 2009-01-07DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining. In ports in security, there are several HIDS utilities: aide integrit osiris ossec-hids-local samhain But which should I use, and why? ------ aide Aide aims to be a Tripwire ripoff, and a bit more. It is _very_ easy to install and configure. Installation: pkg_add -r aide or build the port security/aide Configuration: cd /var/db/aide aide --init mv databases/aide.db.new databases/aide.db Take a look in the config file /usr/local/etc/aide.conf Usage: Run with "aide" Should be a cronjob e.g.: 10 20 * * 2 root /usr/local/bin/aide > /var/log/aide.log…
GELI encryption of full drive in FreeBSD
Lars Sommer, lasg@lasg.dk, 2010-01-27 Based on: http://www.freebsd.org/doc/handbook/disks-encrypting.html I am using harddrives two and two in RAID1 with geom_mirror. After creating a mirror, I encrypt it using GELI. Loading the GELI module for now: kldload geom_eli Insert into /boot/loader.conf: geom_eli_load="YES" In this example my geom_mirror is called gm2 and resides in /dev/mirror/gm2 Create the master key and attach it to the GELI provider. Then doing a new filesystem on it, and at last mounting it. dd if=/dev/random of=/root/gm2.key bs=64 count=1 geli init -s 4096 -K /root/gm2.key /dev/mirror/gm2 geli attach -k /root/gm2.key /dev/mirror/gm2 dd if=/dev/random of=/dev/mirror/gm2.eli bs=1m newfs /dev/mirror/gm2.eli mount /dev/mirror/gm2.eli /data/2 Consider moving the master key to somewhere safer. I use an USB…
Gnokii SMS support in FreeBSD 8.2
2011-04-19, Lars Sommer, lasg@lasg.dk Install the port: comms/gnokii With options: USB, MYSQL 2011-05-06: Build fails if NOT selecting xgnokii as well. Create a user in phpmyadmin, called smsd, and a database called smsd. Find the sms.tables.mysql.sql in the config file backup folder, and import it: mysql -u root -p smsd < sms.tables.mysql.sql Settings for gnokiirc: port = /dev/ttyU0 model = AT connection = serial use_locking = no Use the startup script from the backup folder touch /var/log/smsd.log insert into crontab: 32 * * * * root /home/ls/repos1/bin/start_smsd.sh > /dev/null which checks if the smsd is running smsd --user smsd --password "MySecretPassword" --db smsd --host localhost --module mysql --logfile /var/log/smsd.log