FreeBSD: Difference between revisions

http://www.denis.lemire.name/images/posts/freebsd.png

Essential Ports[edit]

ftp/wget[edit]

• Retrieve files from the Net via HTTP and FTP

misc/gnuls[edit]

I miss the colorized output of ls seen on most Linux systems... Installing the gnuls port and adding the following to /etc/csh.cshrc will add this missing convenience to FreeBSD:

alias ls        gnuls --color=auto -h

net-mgmt/net-snmp[edit]

• An extendable SNMP implementation

net/tcpick[edit]

tcpick is a textmode sniffer libpcap-based that can track, reassemble and reorder tcp streams. Tcpick is able to save the captured flows in different files or displays them in the terminal, and so it is useful to sniff files that are transmitted via ftp or http.

For example, to intercept and view a POP3 login via the rl1 interface, use the following command:

tcpick -i rl1 -p -bU -T1 "port 110"

ports-mgmt/portaudit[edit]

Checks ports against a list of security vulnerabilities. Also adds a daily periodic job to include vulnerabilities in currently installed ports in the daily security e-mail.

To disable checking ports again portaudit during installation set the environment variable as follows:

DISABLE_VULNERABILITIES=yes

ports-mgmt/portupgrade[edit]

Portupgrade is a tool to upgrade installed packages via ports or packages. You can upgrade installed packages without having to reinstall depending or dependent packages. It can automatically trace dependency chains up and down upgrading packages recursively.

This package also includes the following utilities:

• portinstall - Helps you install new ports in a handy way.
• portcvsweb - Instantly lets you browse change history via CVSweb.
• portversion - Replaces pkg_version(1) and helps you upgrade packages with portupgrade(1). (runs much faster)
• portsclean - Cleans ports workdir's, unreferenced distfiles, old and orphan shared libraries, and stale packages.
• portsdb - Creates binary database from the ports INDEX.
• ports_glob - Expands ports globs.
• pkg_deinstall - Wraps pkg_delete(1) and provides additional features.
• pkg_fetch - Fetches packages from a remote site.
• pkg_glob - Expands package globs.
• pkg_which - Checks which package a file came from quickly.
• pkgdb - Manages and searches the package database.

Example: Rebuild OpenSSL and all packages that depend on it:

portupgrade -rfx openssl openssl

security/sudo[edit]

• Allow others to run commands as root

sysutils/libchk[edit]

• Tool to check library linking

sysutils/screen[edit]

Screen is a full-screen window manager that multiplexes a physical terminal between several processes (typically interactive shells).

Screen is extremely handy for running commands that may take an extended time to complete. One can start a command, close their terminal and later re-attach another terminal to their session without interrupting the command(s) that are completing.

It can be also used to attach multiple users to a single screen session to allow easy collaboration.

sysutils/smartmontools[edit]

Adds S.M.A.R.T. (Self-Monitoring, Analysis and Reporting Technology) disk monitoring tools. This suite of tools is extremely handy to allow the administrator to be aware of disk problems before they result in a catastrophe.

See the following links for more information:

• smartmontools Home Page
• Monitoring Hard Disks with SMART (Linux Journal)

Example commands:

• smartctl -l selftest /dev/ad0
• smartctl -t long /dev/ad0
• smartctl -Hc /dev/ad0

dns/nss_mdns[edit]

• NSS module implementing multicast DNS name resolution

Technical Notes[edit]

Disk image via dd[edit]

dd bs=512 if=/dev/rXX# of=/some_dir/foo.dmg conv=noerror,sync

tar over netcat[edit]

• nc -v -v -w 40 -l -p 8888 > foo.tar
• tar cjvf * | nc remotehost 8888

Updating root DNS[edit]

dig @a.root-servers.net . ns > /etc/namedb/named.root

Qmail log Timestamps[edit]

Can be converted to human readable using the tai64nlocal command.

Name Services[edit]

Retrieving Database Entries[edit]

As of FreeBSD 7 the getent utility can be used to retrieve entries from the various administrative databases.

Name Service Caching Daemon[edit]

The nscd daemon added in FreeBSD 7 improves performance of nsswitch type lookups (users, groups, etc) but can cause some surprising results with new users not being found in the system. The cache can be cleared for all users by running:

%nscd -I cachename

Using IDE CD Burners[edit]

Place the following in /boot/loader.conf for IDE CDRW support:

atapicam_load="YES"
hw.ata.atapi_dma=1

Using Memory Disks[edit]

FreeBSD >= 5.x have a memory disk utility that can be utilized to mount file system images.

To setup a memory disk

mdconfig -a -t vnode -o readonly -f /path/to/image.iso -u 1
mount -t cd9660 /dev/md1 /mnt/cdrom

To reverse the process:

mount -u /mnt/cdrom
mdconfig -d -u 1

Displaying Dates in 12 Hour Format[edit]

Add the following to .cshrc or /etc/csh.cshrc (system wide):

alias date date +\"%a %b %e %r %Z %Y\"

View Daylight Savings Dates[edit]

zdump -v /etc/localtime | grep 2008

List BIND Domains[edit]

grep ^zone < /etc/namedb/named.conf | sed -e 's/zone "\(.*\)".*/\1/g' | sort

Find Hosts in a Subnet[edit]

nmap -sP 172.31.0.128/26

Build Port with Debugging Symbols[edit]

make WITH_DEBUG=yes

Setup LDAP Authentication[edit]

Install required ports:

sudo portinstall nss_ldap
sudo portinstall pam_ldap

Setup nss_ldap.conf

host 172.31.0.1
base dc=incoherency,dc=net
uri ldap://172.31.0.1:389/
ssl start_tls

binddn uid=nss,ou=dsa,dc=incoherency,dc=net
bindpw ********
bind_policy soft

nss_initgroups_ignoreusers root,ldap

timelimit 5
nss_reconnect_tries 2

port 389
nss_base_passwd dc=incoherency,dc=net?subtree
nss_base_group  ou=groups,dc=incoherency,dc=net?one
pam_password SSHA

Link ldap.conf to nss_ldap.conf

ln -s nss_ldap.conf ldap.conf

Add the following to /etc/pam.d/ for each relevant service

auth		sufficient	/usr/local/lib/pam_ldap.so	no_warn try_first_pass

Edit /etc/nsswitch.conf:

passwd: files ldap
group: files ldap

Fix for freebsd-update[edit]

%sudo freebsd-update upgrade -r 7.1-RC1
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching metadata signature for 7.1-PRERELEASE from update1.FreeBSD.org... failed.
No mirrors remaining, giving up.
%

%setenv UNAME_r 7.1-BETA2
%freebsd-update upgrade -r 7.1-RC1
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching metadata signature for 7.1-BETA2 from update1.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.

...

Install a standard MBR[edit]

Useful if you inadvertently install the FreeBSD boot manager or if you need to borrow a standard MBR for use on an OS that doesn't have one yet *cough* Haiku

fdisk −B −b /boot/mbr ad0

Avoid config menus on port builds[edit]

make config-recursive install

Mount ISO Image[edit]

mdconfig -a -t vnode -f <ISO filename> -u 0
mount -t cd9660 /dev/md0 <mount destination>

VirtualBox[edit]

• FreeBSD Handbook
• VBoxManage

Connect to TLS server[edit]

openssl s_client -starttls smtp -connect smtp.gmail.com:587