Re: FreeBSD for webserver?
- Original Message From: VeeJay [EMAIL PROTECTED] To: FreeBSD-Questions freebsd-questions@freebsd.org; VeeJay [EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 11:05:26 PM Subject: FreeBSD for webserver? Hi there I am going to make 2 Webserver at my work going to handle 50 mil hits per month... They are using Linux already. But being a FreeBSD fan, I have proposed FreeBSD to my Boss convincing him that FreeBSD is more Fast and Secure solution for his needs... And now I want to show the results... *Hardware:* Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 Quad-Core 2x6MB cache WITH 16 GB RAM. *Tools:* 1. FreeBSD 7 Production Release 2. Apache 2.2.9 3. MySQL 5.1.26 I would go with MySQL 5.0.x since 5.1.x has speed issues. Thanks! BR / vj Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamassassin very slow
thnx Philip, your config will help in my current setup.
--- On Wed, 7/23/08, Philip M. Gollucci [EMAIL PROTECTED] wrote:
From: Philip M. Gollucci [EMAIL PROTECTED]
Subject: Re: Spamassassin very slow
To: James Tanis [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], freebsd-questions@freebsd.org
Date: Wednesday, July 23, 2008, 11:53 AM
James Tanis wrote:
lyd mc [EMAIL PROTECTED] wrote:
What causes spamassassin to slow?
Here is my config:
snippet from sendmail.mc
.. cut ..
I have .procmailrc in every home directory of my mail users and it
goes
like
this:
The following setup by the front line mx's (2 of them) for apache.org
can handle ~1million messages/day for a total of 2million without
breaking a sweat.
No .procailrc involved.
/etc/rc.conf:
postfix_enable=YES
sendmail_enable=NO
sendmail_submit_enable=NO
sendmail_outbound_enable=NO
sendmail_msp_queue_enable=NO
rbldnsd_enable=YES
rbldnsd_flags=MASKED OUT
svscan_enable=YES
clamav_clamd_enable=YES
clamav_freshclam_enable=YES
spamd_enable=YES
spamd_pidfile=/var/run/spamd/spamd.pid
spamd_flags=--min-children=4 --max-children=40 --min-spare=2
--max-spare=8 --max-conn-per-child=100 -c -d
--socketpath=/var/run/spamd/socket --socketmode=0777 -r ${spamd_pidfile}
Thats FreeBSD 6.x (soon to be 7.x when I update it)
httpd 2.2.9+worker mpm with qpsmtp using mod_perl
in my consulting buss, for sendmail I use the following sendmail.mc snippet:
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=,
T=S:4m;R:4m')
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock,
F=, T=C:15m;S:4m;R:4m;E:10m')
define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')
define(`confMILTER_MACROS_CONNECT',`b, j, _, {daemon_name}, {if_name},
{if_addr}')
That said, all individual users do you ~/.procmailrc, with the following
rule:
:0
* ^X-Spam-Status: Yes
spam
--
Philip M. Gollucci ([EMAIL PROTECTED])
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamassassin very slow
Hi James, I remove spamc on .procmailrc and I can see lots of improvements! Thanx, alyd --- On Wed, 7/23/08, James Tanis [EMAIL PROTECTED] wrote: From: James Tanis [EMAIL PROTECTED] Subject: Re: Spamassassin very slow To: [EMAIL PROTECTED] Date: Wednesday, July 23, 2008, 11:07 AM lyd mc [EMAIL PROTECTED] wrote: What causes spamassassin to slow? Here is my config: snippet from sendmail.mc .. cut .. I have .procmailrc in every home directory of my mail users and it goes like this: So if I'm understanding you correctly.. your calling spamc from a sendmail milter *and* .procmailrc. That's pretty redundant and would definately slow you down. Choose one based on your needs. I also have RulesDuJour installed and spammassassin --lint does complain about it. Extra rules can slow you down regardless of syntax, but most computers created this decade can handle RulesDuJour fine. Personally I think your main problem is that your effectively spam checking every message twice. The spamassassin queues most likely get filled followed by sendmail having to wait and queue up the slack. -- James Tanis Technical Coordinator Monsignor Donovan Catholic High School e: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD for webserver?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Schmehl Sent: Tuesday, July 22, 2008 2:22 PM To: VeeJay; FreeBSD-Questions Subject: Re: FreeBSD for webserver? --On Tuesday, July 22, 2008 22:05:26 +0200 VeeJay [EMAIL PROTECTED] wrote: Hi there I am going to make 2 Webserver at my work going to handle 50 mil hits per month... They are using Linux already. But being a FreeBSD fan, I have proposed FreeBSD to my Boss convincing him that FreeBSD is more Fast and Secure solution for his needs... And now I want to show the results... *Hardware:* Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 Quad-Core 2x6MB cache WITH 16 GB RAM. *Tools:* 1. FreeBSD 7 Production Release 2. Apache 2.2.9 3. MySQL 5.1.26 4. PHP 5.2.6 My question is, *To get the speed, performance and security*: Should I use Ports or Packages to install all these tools One by One? *OR* Should I use TAR files and compile them manually. For example giving command line arguments and commands like This seems to be a common misperception about ports. Ports aren't something magical. They do exactly what you would do from the commandline (i.e. ./configure, make, make install), except they come with several bonuses. 1) The port maintainer has already worked out all the quirks to make it compile and install properly on FreeBSD. 2) The port maintainer has already supplied patches that allow the software to build correctly on FreeBSD. 3) All the dependencies are already taken care of. 4) Upgrading is quite simple and straightforward. 5) The software is now architechture-independent (in most cases), meaning you can move from Intel to AMD (for example) without having to worry that the software will no longer build and you'll have to start from scratch again. For example, I decided today that I wanted to try out some software named arguseye. So I downloaded and untarred the program. I looked at the dependencies. It requires a number of perl modules, some of which are not in ports. So, I just created three new perl ports to satisfy those dependencies and submitted them this afternoon. Once those are accepted into the tree, I'll create the arguseye port and submit it as well. Then, when someone else wants to install arguseye, all they will have to do is type make install clean in the port directory and everything that they need will be installed for them. Unless you're a glutton for punishment, why would you do all that yourself? Because maybe you don't care for the porter's choice of defaults. Many programs come with hard-coded defaults that are modified in a config file. For example cistron-radius. Another example is the dspam port. The porter for that insisted on using a default of apache vhost. However the default apache port does not activate this. I don't give a rat's ass that vhost is supposedly more secure. Another one that always pisses me off is the porter's choice in building uw-imap to turn off plaintext passwords. And the default for pine is also to turn off plaintext support. Another problem is that not all porters are good about maintaining their ports. For example icradius. Someone spent a lot of time creating the port for that. Then just let it die. Another is the open source ingres database. Julian ported that one then lost interest, it died sometime around FBSD 4.X Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. The fundamental achillies heel of the ports system is it makes the assumption that every package in the ports system is popular and will be supported for the indefinite future by the original package developer. The ports system counts on this insofar that it assumes that if the original porter loses interest and stops tracking the master site, that someone else will step in and assume responsibility for maintaining the port. The reality is that in every release of FreeBSD, some ports go wanting for sponsors, and nobody steps forward and so when the port stops building, the FreeBSD maintainers simply cut it out of the ports tree, plus anything dependent on it. This assumption is fine for people running vanilla apache or whatever systems, which is most people. But, if your doing anything that isn't plain-jane middle of the road, you better assume that if your using a series of ports, to make detailed notes, and save the ports, and save the patches, and save the distfiles. You may need to see how
Re: FreeBSD for webserver?
On Wednesday 23 July 2008 03:47:04 Ted Mittelstaedt wrote: This seems to be a common misperception about ports. Ports aren't something magical. They do exactly what you would do from the commandline (i.e. ./configure, make, make install), except they come with several bonuses. 1) The port maintainer has already worked out all the quirks to make it compile and install properly on FreeBSD. 2) The port maintainer has already supplied patches that allow the software to build correctly on FreeBSD. 3) All the dependencies are already taken care of. 4) Upgrading is quite simple and straightforward. 5) The software is now architechture-independent (in most cases), meaning you can move from Intel to AMD (for example) without having to worry that the software will no longer build and you'll have to start from scratch again. For example, I decided today that I wanted to try out some software named arguseye. So I downloaded and untarred the program. I looked at the dependencies. It requires a number of perl modules, some of which are not in ports. So, I just created three new perl ports to satisfy those dependencies and submitted them this afternoon. Once those are accepted into the tree, I'll create the arguseye port and submit it as well. Then, when someone else wants to install arguseye, all they will have to do is type make install clean in the port directory and everything that they need will be installed for them. Unless you're a glutton for punishment, why would you do all that yourself? Because maybe you don't care for the porter's choice of defaults. Many programs come with hard-coded defaults that are modified in a config file. For example cistron-radius. Another example is the dspam port. The porter for that insisted on using a default of apache vhost. However the default apache port does not activate this. I don't give a rat's ass that vhost is supposedly more secure. Another one that always pisses me off is the porter's choice in building uw-imap to turn off plaintext passwords. And the default for pine is also to turn off plaintext support. Another problem is that not all porters are good about maintaining their ports. For example icradius. Someone spent a lot of time creating the port for that. Then just let it die. Another is the open source ingres database. Julian ported that one then lost interest, it died sometime around FBSD 4.X Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. The fundamental achillies heel of the ports system is it makes the assumption that every package in the ports system is popular and will be supported for the indefinite future by the original package developer. The ports system counts on this insofar that it assumes that if the original porter loses interest and stops tracking the master site, that someone else will step in and assume responsibility for maintaining the port. The reality is that in every release of FreeBSD, some ports go wanting for sponsors, and nobody steps forward and so when the port stops building, the FreeBSD maintainers simply cut it out of the ports tree, plus anything dependent on it. This assumption is fine for people running vanilla apache or whatever systems, which is most people. But, if your doing anything that isn't plain-jane middle of the road, you better assume that if your using a series of ports, to make detailed notes, and save the ports, and save the patches, and save the distfiles. You may need to see how they did it in an older FreeBSD system when a new version of FreeBSD comes out that is missing one or more of the ports you depend on. Ultimately, ports isn't any different than most other things. When it's properly executed it's great. But proper execution of the entire thing depends on every porter who has an active port in the system doing the right thing, and there's so many of them that statistically, some of them are going to be flakes. Ultimately, if your going to be a server admin, you need to know how to build your applications without ports. It's no different than, for example, I know how to pour and form concrete, I know how to plumb pipes. But if I needed concrete poured, or pipes plumbed, I would call a contractor and a plumber, and because I know how to do these things I would be able to keep an eye on what the people I hired were doing and know if they were doing what they were supposed to be doing, or
Re: FreeBSD for webserver?
Really good contribution I would of course go with ports but have a question in mind What should be installation sequience? 1. Apache 2.2.9 2. MySQL 5.1.26 3. PHP 5.2.6 And are there any options you guys would like to suggest to avoide for performance or security reasons? Regards VJ On Tue, Jul 22, 2008 at 10:05 PM, VeeJay [EMAIL PROTECTED] wrote: Hi there I am going to make 2 Webserver at my work going to handle 50 mil hits per month... They are using Linux already. But being a FreeBSD fan, I have proposed FreeBSD to my Boss convincing him that FreeBSD is more Fast and Secure solution for his needs... And now I want to show the results... *Hardware:* Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 Quad-Core 2x6MB cache WITH 16 GB RAM. *Tools:* 1. FreeBSD 7 Production Release 2. Apache 2.2.9 3. MySQL 5.1.26 4. PHP 5.2.6 My question is, *To get the speed, performance and security*: Should I use Ports or Packages to install all these tools One by One? *OR* Should I use TAR files and compile them manually. For example giving command line arguments and commands like ./configure --prefix=/www --enable-module=so make make install cd ../php-xxx ./configure --with-mysql --with-apxs=/www/bin/apxs make make install etc I have googled but still haven't reached to solution...personally I would prefer comiling them with command line arguments but then I seek some help from you guys i.e. How should I write this ./configure..stuff in FreeBSD and what would be the best options combination, I must choose to get the speed, performane and security in Apache, MySQL and PHP? Any suggestion is very welcomed! -- Thanks! BR / vj -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Has anyone used libusb for accessing usb devices here?
On Wednesday 23 July 2008 06:20:09 Andrew Falanga wrote: On Tuesday 22 July 2008 08:38:58 Lowell Gilbert wrote: Andrew Falanga [EMAIL PROTECTED] writes: I'd like to know if anyone here on the list has ever used libusb (http://libusb.sourceforge.net) for accessing usb devices. I successfully compiled and installed it on my FreeBSD 7 laptop but when I run a test program no USB HUBs are found. The same test on a Fedora box works fine. I was wondering what the magic is for FreeBSD since the web site claims the package works on FreeBSD. libusb is in ports, and a number of other ports use it. (See make search key=libusb.) That should provide a variety of working examples. Ok, I've installed from the ports collection this time (at home now on my 6.2p11 box) and I'm seeing busses in my computer. However, when I plug in my USB thumb drive, a Sandisk Cruizer Micro that the kernel does see as da0 (verified in /var/log/messages), I don't get any devices shown. I'm not entirely sure, but it's possible it only shows ugen devices. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD for webserver?
At least ports-mgmt/portaudit, which check if installed ports have published security vulnerabilities. I don't use PHP, but I used to create a separate user for each webapp with a special login class, so I would run PHP in FCGI mode (with something like xcache) instead of mod_php. For the rest ... it's usually a question of configuration. On Wed, 2008-07-23 at 11:06 +0200, VeeJay wrote: Really good contribution I would of course go with ports but have a question in mind What should be installation sequience? 1. Apache 2.2.9 2. MySQL 5.1.26 3. PHP 5.2.6 And are there any options you guys would like to suggest to avoide for performance or security reasons? Regards VJ On Tue, Jul 22, 2008 at 10:05 PM, VeeJay [EMAIL PROTECTED] wrote: Hi there I am going to make 2 Webserver at my work going to handle 50 mil hits per month... They are using Linux already. But being a FreeBSD fan, I have proposed FreeBSD to my Boss convincing him that FreeBSD is more Fast and Secure solution for his needs... And now I want to show the results... *Hardware:* Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 Quad-Core 2x6MB cache WITH 16 GB RAM. *Tools:* 1. FreeBSD 7 Production Release 2. Apache 2.2.9 3. MySQL 5.1.26 4. PHP 5.2.6 My question is, *To get the speed, performance and security*: Should I use Ports or Packages to install all these tools One by One? *OR* Should I use TAR files and compile them manually. For example giving command line arguments and commands like ./configure --prefix=/www --enable-module=so make make install cd ../php-xxx ./configure --with-mysql --with-apxs=/www/bin/apxs make make install etc I have googled but still haven't reached to solution...personally I would prefer comiling them with command line arguments but then I seek some help from you guys i.e. How should I write this ./configure..stuff in FreeBSD and what would be the best options combination, I must choose to get the speed, performane and security in Apache, MySQL and PHP? Any suggestion is very welcomed! -- Thanks! BR / vj -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: [EMAIL PROTECTED] @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
max MFSROOT size
i made 350MB mfsroot, and loader simply ignores to load it. with 100MB it works. machine have 512MB RAM. how to fix it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
Yet your point is completly valid one.. and that's why The Design and Implementation of the FreeBSD Operating System is the only book that I've been hesitant on buying so far ... Lucas (Absolute FreeBSD, 2nd Edition), Lavigne (The Best of FreeBSD Basics), Kong (BSD rootkits), Lehey (Download edition:) ) are all over my desktop as I write this mail, and I consult them daily ... Farrokhi (Network Administration with FreeBSD) and Hong (Building a Server with FreeBSD 7) are the ones coming in the next batch ... Has anyone on the list read Building a Server with FreeBSD 7: A Modular Approach? The description on bookpool.com makes it sound a little basic/superficial, covering topics such as how to install FreeBSD and how to install/configure programs via the ports. I'm already very familiar with these topics; does anyone know if this book covers more advanced topics or details like the nitty-gritty of configuing sendmail, apache, samba, NFS, etc? And what about Absolute FreeBSD? It's updated for FreeBSD 7, so I know it's current. Is it a good book? Is it worth the read? How valuable is its content? (I know I'm asking some very subjective questions, but if I'm going to spend hundreds of $$$ to build my library in this area, I'd like at least a couple of opinions about the books I buy.) So far .. there are only three books I would have bought but I didn't because I thought the situation could improve ... those are: The Design and Implementation of the FreeBSD Operating System, BSD Hacks and The FreeBSD HandBook... same reason for all of them .. too old by now (although I think I'll buy BSD Hacks anyways .. I just can't resist buying Lavigne books :( ) Personally, I don't think I'd ever buy The FreeBSD Handbook. It's a really good resource, but as long as it's actively updated electronically it's too dynamic to buy a hardcopy. I'd much rather read it online where I can get the latest revisions. Kevin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
On Wed, Jul 23, 2008 at 08:12:02AM -0400, FreeBSD Questions wrote: Yet your point is completly valid one.. and that's why The Design and Implementation of the FreeBSD Operating System is the only book that I've been hesitant on buying so far ... Lucas (Absolute FreeBSD, 2nd Edition), Lavigne (The Best of FreeBSD Basics), Kong (BSD rootkits), Lehey (Download edition:) ) are all over my desktop as I write this mail, and I consult them daily ... Farrokhi (Network Administration with FreeBSD) and Hong (Building a Server with FreeBSD 7) are the ones coming in the next batch ... Has anyone on the list read Building a Server with FreeBSD 7: A Modular Approach? The description on bookpool.com makes it sound a little basic/superficial, covering topics such as how to install FreeBSD and how to install/configure programs via the ports. I'm already very familiar with these topics; does anyone know if this book covers more advanced topics or details like the nitty-gritty of configuing sendmail, apache, samba, NFS, etc? I have read this book. It's not very useful to me since I run FreeBSD 7 as a desktop. But I did find it interesting. The book provides setup info for many server services. And what about Absolute FreeBSD? It's updated for FreeBSD 7, so I know it's current. Is it a good book? Is it worth the read? How valuable is its content? (I know I'm asking some very subjective questions, but if I'm going to spend hundreds of $$$ to build my library in this area, I'd like at least a couple of opinions about the books I buy.) Yes. Yes. Very valuable. I give it 5/5 stars. So far .. there are only three books I would have bought but I didn't because I thought the situation could improve ... those are: The Design and Implementation of the FreeBSD Operating System, BSD Hacks and The FreeBSD HandBook... same reason for all of them .. too old by now (although I think I'll buy BSD Hacks anyways .. I just can't resist buying Lavigne books :( ) Personally, I don't think I'd ever buy The FreeBSD Handbook. It's a really good resource, but as long as it's actively updated electronically it's too dynamic to buy a hardcopy. I'd much rather read it online where I can get the latest revisions. Kevin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ng_netflow question
Hi there. I'm stuck with splitting input and output traffic. I can't use srcaddr/dstaddr as the machine generating traffic gets dynamic ip's. I'm thinking of using input/output for that purpose, but it's not clearly stated how this parameters are populated. I.e. for outbound connection we got input=0 and output=ifX but for inbound connections input=output=ifX. Am I missing something here? Should the outbound connections get output=0? -- Sphinx of black quartz judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
FreeBSD Questions wrote: And what about Absolute FreeBSD? It's updated for FreeBSD 7, so I know it's current. Is it a good book? Is it worth the read? How valuable is its content? (I know I'm asking some very subjective questions, but if I'm going to spend hundreds of $$$ to build my library in this area, I'd like at least a couple of opinions about the books I buy.) Absolute FreeBSD is an excellent book, a must have if you ask me. Excellent tips, very good explanation of how things work, relaxed and easy writing style. You will get a lot out of this book. (Note: it is concentrated on server tasks, you will not get any X tips from it) Personally, I don't think I'd ever buy The FreeBSD Handbook. It's a really good resource, but as long as it's actively updated electronically it's too dynamic to buy a hardcopy. I'd much rather read it online where I can get the latest revisions. Kevin ___ True, the handbook is under constant development - and it should be, to match the system I have a printed version, and it is outdated in several sections. I find hardcopies easier to read though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
On Wed, Jul 23, 2008 at 04:12:51PM +0300, Manolis Kiagias wrote: FreeBSD Questions wrote: And what about Absolute FreeBSD? It's updated for FreeBSD 7, so I know it's current. Is it a good book? Is it worth the read? How valuable is its content? (I know I'm asking some very subjective questions, but if I'm going to spend hundreds of $$$ to build my library in this area, I'd like at least a couple of opinions about the books I buy.) Absolute FreeBSD is an excellent book, a must have if you ask me. Excellent tips, very good explanation of how things work, relaxed and easy writing style. You will get a lot out of this book. (Note: it is concentrated on server tasks, you will not get any X tips from it) I also recommend _X Power Tools_ for X-related info. Doesn't have everything I would like to know about X, but it filled in many gaps for me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
On Wed, Jul 23, 2008 at 8:12 AM, FreeBSD Questions [EMAIL PROTECTED] wrote: details like the nitty-gritty of configuing sendmail, apache, samba, NFS, etc? You might want to look at specific books targeting that software. Check o'rielly.For example http://search.oreilly.com/?q=sendmail Note: you can also look at google books for some of these titles. I have managed to find more that one that I needed and it's a free resource. http://books.google.com/ And what about Absolute FreeBSD? It's updated for FreeBSD 7, so I know it's current. Is it a good book? Is it worth the read? How valuable is its content? (I know I'm asking some very subjective questions, but if I'm going to spend hundreds of $$$ to build my library in this area, I'd like at least a couple of opinions about the books I buy.) I read it. I think it's a good FreeBSD book. Personally, I don't think I'd ever buy The FreeBSD Handbook. It's a really good resource, but as long as it's actively updated electronically it's too dynamic to buy a hardcopy. I'd much rather read it online where I can get the latest revisions. Do you mean The Complete FreeBSD? Thats available online for free. http://www.lemis.com/grog/Documentation/CFBSD/ The The FreeBSD Handbook is the free resource available on www.freebsd.org http://www.freebsd.org/doc/en/books/handbook/ Kevin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and shorts. Since writing that, I've tried them more than once and discovered that I was wrong. You don't get the shorts. -- M.W. Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Auto-saving distfiles on freebsd (was: FreeBSD for webserver?)
On Tue, Jul 22, 2008 at 11:47:04PM -0700, Ted Mittelstaedt wrote: Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? The ports would still go to the primary sites (to conserve bandwidth), but should the original distfile disappear, it would be still available on freebsd. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Upgrade 6.2-Release to 7.0-Release - stuck!
Am running freebsd-update following instructions at
http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.htm
l
Its decided that it cant merge named.conf changes automagically and has
dropped me into vi with the file open
looking as below. What exactly is it
wanting me to do? Tisnt particularly clear, and this is the first time
Ive ever attempted an upgrade
current version
include /etc/namedb/rndc.key;
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb
Exp
$
===
// $FreeBSD: src/etc/namedb/named.conf,v 1.26.4.1 2008/01/13 20:48:23 dougb
Exp
$
7.0-RELEASE
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
current version
pid-file /var/run/named/pid;
===
// Relative to the chroot directory, if any
7.0-RELEASE
directory /etc/namedb;
dump-file /var/dump/named_dump.db;
statistics-file /var/stats/named.stats;
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on { 127.0.0.1; };
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword any.
// listen-on-v6{ ::1; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone 255.255.255.255.IN-ADDR.ARPA;
disable-empty-zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
disable-empty-zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
// In addition to the forwarders clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND versions 8 and later
* use a pseudo-random unprivileged UDP port by default.
*/
// query-source address * port 53;
};
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone . { type hint; file named.root; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries below, and comment
the hint zone above.
*/
/*
zone . {
current version
type hint;
file /etc/namedb/named.root;
===
type slave;
file slave/root.slave;
masters {
192.5.5.241;// F.ROOT-SERVERS.NET.
};
notify no;
7.0-RELEASE
};
current version
zone 0.0.127.IN-ADDR.ARPA {
type master;
file /etc/namedb/localhost.rev;
===
zone arpa {
type slave;
file slave/arpa.slave;
masters {
192.5.5.241;// F.ROOT-SERVERS.NET.
};
notify no;
7.0-RELEASE
};
current version
// RFC 3152
zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
{
type master;
file /etc/namedb/localhost-v6.rev;
===
zone in-addr.arpa {
type slave;
file slave/in-addr.arpa.slave;
masters {
Re: connecting to a secured Windows 2003 terminal server
doubt, since even after googling for nearly five days I couldn't find any solution. Recently my company has updated their server to Windows 2003. The earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without any problem. But now, as I try to connect to the server, it simply gives me ERROR: recv: Connection reset by peer why such questions are on FreeBSD list ? rdp/rdesktop is not FreeBSD specific at all, and FreeBSD is not Windows. search the rdesktop mailing list etc. and ask there! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd
cpghost wrote: Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? Some might say that this already happens. Well, it's on ftp.freebsd.org rather than pointyhat, and it's only for the ports that are built by the package build cluster. Take a look at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/ (Warning: very long listing) I'm not sure what the policy is about getting rid of old distfiles, but there are generally several generations of distfile in there -- about 2 or 3 years worth. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Auto-saving distfiles on freebsd
cpghost wrote: On Tue, Jul 22, 2008 at 11:47:04PM -0700, Ted Mittelstaedt wrote: Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? We've regularly collected and published port distfiles for at least a decade (with increasingly higher frequency as disk space came to permit). It may come as no surprise that Ted is talking out of his ass again :) Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd
Matthew Seaman wrote: cpghost wrote: Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? Some might say that this already happens. Well, it's on ftp.freebsd.org rather than pointyhat, and it's only for the ports that are built by the package build cluster. Take a look at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/ (Warning: very long listing) I'm not sure what the policy is about getting rid of old distfiles, but there are generally several generations of distfile in there -- about 2 or 3 years worth. Basically we don't delete them any more unless we have to (e.g. porter accidentally allowed redistribution of a distfile for which we don't have permission). In the past we (I) occasionally weeded out everything except for the past couple of release distfile sets (and the current set) because we needed the space, but this is a pain in the ass to do and there hasn't been a need in some years. Thesedays we indeed collect distfiles with every build. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: connecting to a secured Windows 2003 terminal server
Wojciech Puchar wrote: doubt, since even after googling for nearly five days I couldn't find any solution. Recently my company has updated their server to Windows 2003. The earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without any problem. But now, as I try to connect to the server, it simply gives me ERROR: recv: Connection reset by peer why such questions are on FreeBSD list ? rdp/rdesktop is not FreeBSD specific at all, and FreeBSD is not Windows. search the rdesktop mailing list etc. and ask there! Did you even consider the possibility that the OP is connecting to a terminal/rdp server from a FreeBSD workstation? I know I've done it numerous times in the past. I think that if this is the case, its very FreeBSD related. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrade 6.2-Release to 7.0-Release - stuck!
Marc Coyles wrote:
Am running freebsd-update following instructions at
http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.htm
l
I did similar recently, although I went from 6.2 to 6.3 then to 7
(almost certainly not necessary though.)
It’s decided that it can’t merge named.conf changes automagically and has
dropped me into vi with the file open… looking as below. What exactly is it
wanting me to do? T’isn’t particularly clear, and this is the first time
I’ve ever attempted an upgrade…
Basicly, its saying the current version contains whatever it lists up to
the
===
and the 7 release version has whatever is after the seperator, up to the
7.0-RELEASE
and you need to edit it to say what you want it to be. If you have never
modifed the file, just delete the current stuff and leave the
7.0-RELEASE stuff. I have a very customised named.conf so i just said
that whatever was fine and then restored it from backup after the
upgrade was finished.
Vince
current version
include /etc/namedb/rndc.key;
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb
Exp
$
===
// $FreeBSD: src/etc/namedb/named.conf,v 1.26.4.1 2008/01/13 20:48:23 dougb
Exp
$
7.0-RELEASE
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
current version
pid-file /var/run/named/pid;
===
// Relative to the chroot directory, if any
7.0-RELEASE
directory /etc/namedb;
dump-file /var/dump/named_dump.db;
statistics-file /var/stats/named.stats;
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on { 127.0.0.1; };
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword any.
// listen-on-v6{ ::1; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone 255.255.255.255.IN-ADDR.ARPA;
disable-empty-zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
disable-empty-zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
// In addition to the forwarders clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND versions 8 and later
* use a pseudo-random unprivileged UDP port by default.
*/
// query-source address * port 53;
};
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone . { type hint; file named.root; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries below, and comment
the hint zone above.
*/
/*
zone . {
current version
type hint;
file /etc/namedb/named.root;
===
type slave;
file slave/root.slave;
masters {
192.5.5.241;
Re: Free BSD 6.3 Export Control Classification
On Tue, Jul 22, 2008 at 06:54:39PM -0400, darko gavrilovic wrote: http://www.freebsd.org/where.html I don't see anywhere in that reference that the question is answered or even alluded to. It does give information on how to obtain a copy of FreeBSD, but nothing about ECC. jerry On Tue, Jul 22, 2008 at 4:54 PM, Chocas, Connie S [EMAIL PROTECTED]wrote: I would appreciate you assistance in providing the U.S. Commerce Department Export Control Classification for FreeBSD 6.3. Thank you, Connie Chocas Sandia National Laboratories Classification and Export Control Phone: (505) 844-5982; Fax: (505) 284-4927 Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and shorts. Since writing that, I've tried them more than once and discovered that I was wrong. You don't get the shorts. -- M.W. Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrade 6.2-Release to 7.0-Release - stuck!
Marc Coyles wrote:
Am running freebsd-update following instructions at
http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.html
It’s decided that it can’t merge named.conf changes automagically and has
dropped me into vi with the file open… looking as below. What exactly is it
wanting me to do? T’isn’t particularly clear, and this is the first time
I’ve ever attempted an upgrade…
It's [apparently] expecting you to use vi to create a named.conf
that will work, and showing you the contents of both the old
named.conf and the one found in 7.0-RELEASE. I'm not familiar
with freebsd-update (still using the old csup/buildworld routine)
but it sure look like mergemaster, more or less, except that
mergemaster not only allowed you to leave it until later and
do the merge by hand but also had a two-column diff with
a selector routine, so you could create a merged version
on-the-fly.
Is the box an important DNS server? What happens if you just
save the file as is and try and come back to it later? (YMMV,
standard disclaimer, and all that). if you've *never* edited
named.conf before, you'd probably be OK to just remove all the
current version stuff in favor of the 7.0-RELEASE stuff, *but*
generally all my boxen *have* been altered, so that wouldn't
work.
current version
include /etc/namedb/rndc.key;
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb
Exp
$
===
// $FreeBSD: src/etc/namedb/named.conf,v 1.26.4.1 2008/01/13 20:48:23 dougb
Exp
$
7.0-RELEASE
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
current version
pid-file /var/run/named/pid;
===
// Relative to the chroot directory, if any
7.0-RELEASE
directory /etc/namedb;
dump-file /var/dump/named_dump.db;
statistics-file /var/stats/named.stats;
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on { 127.0.0.1; };
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword any.
// listen-on-v6{ ::1; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone 255.255.255.255.IN-ADDR.ARPA;
disable-empty-zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
disable-empty-zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
// In addition to the forwarders clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND versions 8 and later
* use a pseudo-random unprivileged UDP port by default.
*/
// query-source address * port 53;
};
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone . { type hint; file named.root; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries
Re: FreeBSD for webserver?
On Tue, Jul 22, 2008 at 09:01:44PM -0400, Sahil Tandon wrote: Paul Schmehl [EMAIL PROTECTED] wrote: [...] Some people enjoy doing that. Most people just want the software to work, be easy to maintain and upgrade and then stay out of their way. Ahem, and that 'just works' crowd is generally not found using FreeBSD or in an admin capacity. :-) Huh???That is what you get with FreeBSD. It works and requires a lot less handholding as a server. As a web server, FreeBSD requires almost no admin tinkering.You set it up, configure Apache and then it just works. jerry -- Sahil Tandon [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Upgrade 6.2-Release to 7.0-Release - stuck!
Have left as is (for now). Finish the rest off tomorrow... The box runs WHM
/ cPanel... and just holds a few vhosts under single domain. DNS is handled
by ISP's servers...
If anything in original was modified, it was done by WHM/cPanel, not me...
Am at the freebsd-update install point now... so will have another look at
things in the morning with fresh eyes...
Ta fer the suggestions folks!
Marc A Coyles
ICT Support Team (ext 730)
Mbl: 07850 518106
-Original Message-
From: Kevin Kinsey [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 4:16 PM
To: [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Subject: Re: Upgrade 6.2-Release to 7.0-Release - stuck!
Marc Coyles wrote:
Am running freebsd-update following instructions at
http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.htm
l
Its decided that it cant merge named.conf changes automagically and has
dropped me into vi with the file open
looking as below. What exactly is
it
wanting me to do? Tisnt particularly clear, and this is the first time
Ive ever attempted an upgrade
It's [apparently] expecting you to use vi to create a named.conf
that will work, and showing you the contents of both the old
named.conf and the one found in 7.0-RELEASE. I'm not familiar
with freebsd-update (still using the old csup/buildworld routine)
but it sure look like mergemaster, more or less, except that
mergemaster not only allowed you to leave it until later and
do the merge by hand but also had a two-column diff with
a selector routine, so you could create a merged version
on-the-fly.
Is the box an important DNS server? What happens if you just
save the file as is and try and come back to it later? (YMMV,
standard disclaimer, and all that). if you've *never* edited
named.conf before, you'd probably be OK to just remove all the
current version stuff in favor of the 7.0-RELEASE stuff, *but*
generally all my boxen *have* been altered, so that wouldn't
work.
current version
include /etc/namedb/rndc.key;
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27
dougb
Exp
$
===
// $FreeBSD: src/etc/namedb/named.conf,v 1.26.4.1 2008/01/13 20:48:23
dougb
Exp
$
7.0-RELEASE
//
// Refer to the named.conf(5) and named(8) man pages, and the
documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
current version
pid-file /var/run/named/pid;
===
// Relative to the chroot directory, if any
7.0-RELEASE
directory /etc/namedb;
dump-file /var/dump/named_dump.db;
statistics-file /var/stats/named.stats;
// If named is being used only as a local resolver, this is a safe
default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on { 127.0.0.1; };
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword any.
// listen-on-v6{ ::1; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone 255.255.255.255.IN-ADDR.ARPA;
disable-empty-zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
disable-empty-zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.IP6.ARPA;
// In addition to the forwarders clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND versions 8 and later
* use a pseudo-random unprivileged UDP port by default.
*/
// query-source address * port 53;
};
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism.
Re: The Design and Implementation of the FreeBSD Operating System
FreeBSD Questions wrote: This book was printed in August 2004. This predates FBSD 5, and I know there were some significant changes between the 4.x and 5.x branches. We've progressed further and are now into version 7. How well does this book apply to more current versions of FreeBSD, such as version 7? I stand ready for correction, but Design Implementation is mostly about, well, the design of the system itself ... not an operational manual but a programmer's guide to OS internals. And, not only that, but it's about 4.4BSD (1993?), so the exact OS described is quite old*; however, it's of great value not only as history but as 4.4BSD has fed code into not only FreeBSD, but NetBSD, OpenBSD, and others. (see /usr/share/misc/bsd-family-tree). If that's not of interest to you I'd not worry about this book --- no offence to Mr. McKusick et al, of course. Kevin Kinsey *Notwithstanding the fact that most likely the reason the last edition was printed in '04 was because they'd updated it to reflect changes in the previous 10 years. Perhaps another edition around 2013-14? -- I can't understand why people are frightened of new ideas. I'm frightened of the old ones. -- John Cage ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd (was: FreeBSD for webserver?)
cpghost [EMAIL PROTECTED] wrote: The ports would still go to the primary sites (to conserve bandwidth), but should the original distfile disappear, it would be still available on freebsd. I think his problem comes from the fact that some ports don't do this, not that it isn't a good idea. The port maintainers just never did it. -- James Tanis Technical Coordinator Monsignor Donovan Catholic High School e: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd
James Tanis wrote:
cpghost [EMAIL PROTECTED] wrote:
The ports would still go to the primary sites (to conserve bandwidth),
but should the original distfile disappear, it would be still available
on freebsd.
I think his problem comes from the fact that some ports don't do this, not
that it isn't a good idea. The port maintainers just never did it.
No, you're both mistaken:
# MASTER_SITE_BACKUP
# - Backup location(s) for distribution
files and patch
# files if not found locally and
${MASTER_SITES}/${PATCH_SITES}
# Default:
#
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
All ports fall back to fetching from the master distfile repository if
they can't be found at the upstream sites. This dates back at least to
1996.
Kris
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD for webserver?
Jerry McAllister wrote: On Tue, Jul 22, 2008 at 09:01:44PM -0400, Sahil Tandon wrote: Paul Schmehl [EMAIL PROTECTED] wrote: [...] Some people enjoy doing that. Most people just want the software to work, be easy to maintain and upgrade and then stay out of their way. Ahem, and that 'just works' crowd is generally not found using FreeBSD or in an admin capacity. :-) Huh???That is what you get with FreeBSD. It works and requires a lot less handholding as a server. As a web server, FreeBSD requires almost no admin tinkering.You set it up, configure Apache and then it just works. jerry Confirmed, I am getting my first taste of Centos this month. We needed to use Centos to meet a client requirement. I could have the server up in a few hours with FBSD. At the moment I am waiting for the Linux admin to finish building custom RPMs for everything I install because we need software either not in the YUM repository, or not configured the same as the RPM maintainer configured. When I say I'll just build from source the blood runs out of his face and he says That is not a good idea, everything needs to be an RPM, it would be bad, we can't do that. What a pain. DAve -- Don't tell me I'm driving the cart! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD for webserver?
--On Wednesday, July 23, 2008 11:06:30 +0200 VeeJay [EMAIL PROTECTED] wrote: Really good contribution I would of course go with ports but have a question in mind What should be installation sequience? 1. Apache 2.2.9 2. MySQL 5.1.26 3. PHP 5.2.6 Install Apache before you install php. Mysql doesn't matter. The default installs of all three should be fine unless you're doing something unusual. You'll also need to install php-extensions. Run make config first and decide which ones you need to have installed (after installing php5 of course.) And are there any options you guys would like to suggest to avoide for performance or security reasons? Setup mysql to listen on localhost only *or* to not listen on tcp at all and use unix sockets instead. Mysql, by default, comes with four accounts with blank passwords; [EMAIL PROTECTED], [EMAIL PROTECTED], @FQHN and @localhost (yes, that's blank @.) Remove all those accounts except [EMAIL PROTECTED] and then set a very good password for root. Create *new* and separate accounts for *every* database you create and grant only the rights needed to perform the task. Most applications only need select, insert, update and delete. Test it with those and add other rights if necessary. Install portaudit and aggressively update when security issues are found in any of the apps on your server. Do not enable any services that are not needed to do the job, and restrict access to ssh to only those networks and accounts that really need access. -- Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
Kevin Kinsey [EMAIL PROTECTED] writes: FreeBSD Questions wrote: This book was printed in August 2004. This predates FBSD 5, and I know there were some significant changes between the 4.x and 5.x branches. We've progressed further and are now into version 7. How well does this book apply to more current versions of FreeBSD, such as version 7? I stand ready for correction, but Design Implementation is mostly about, well, the design of the system itself ... not an operational manual but a programmer's guide to OS internals. Quite correct. And, not only that, but it's about 4.4BSD (1993?), so the exact OS described is quite old*; Not quite correct. The more recent edition was retitled to more accurately denote the fact that it covers FreeBSD (5). -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd
On Wed, 23 Jul 2008 16:51:10 +0200 Kris Kennaway [EMAIL PROTECTED] wrote: cpghost wrote: On Tue, Jul 22, 2008 at 11:47:04PM -0700, Ted Mittelstaedt wrote: Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? We've regularly collected and published port distfiles for at least a decade (with increasingly higher frequency as disk space came to permit). It may come as no surprise that Ted is talking out of his ass again :) Kris Ah, thanks! Good to know, and it's good news! :) Will distfiles for ports that are no longer in the tree remain there as well, so that these ports can still be compiled with an older ports tree (yes, I know about the hairy security and dependency issues involved with old unmaintained and even dead ports...)? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd
cpghost wrote: On Wed, 23 Jul 2008 16:51:10 +0200 Kris Kennaway [EMAIL PROTECTED] wrote: cpghost wrote: On Tue, Jul 22, 2008 at 11:47:04PM -0700, Ted Mittelstaedt wrote: Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? We've regularly collected and published port distfiles for at least a decade (with increasingly higher frequency as disk space came to permit). It may come as no surprise that Ted is talking out of his ass again :) Kris Ah, thanks! Good to know, and it's good news! :) Will distfiles for ports that are no longer in the tree remain there as well, so that these ports can still be compiled with an older ports tree (yes, I know about the hairy security and dependency issues involved with old unmaintained and even dead ports...)? Yes, as I mentioned in another reply it's been years since I have had to clean out old distfiles for space reasons, and there's no other need to do that so they will remain indefinitely. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto-saving distfiles on freebsd
On Wed, 23 Jul 2008 18:06:36 +0200 Kris Kennaway [EMAIL PROTECTED] wrote: cpghost wrote: On Wed, 23 Jul 2008 16:51:10 +0200 Kris Kennaway [EMAIL PROTECTED] wrote: cpghost wrote: On Tue, Jul 22, 2008 at 11:47:04PM -0700, Ted Mittelstaedt wrote: Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. Why not add this to pointyhat scripts? Just upload a copy of every *new* distfile ever encountered from the author's page to freebsd (unless there are legal constraints not to do so, of course)? We've regularly collected and published port distfiles for at least a decade (with increasingly higher frequency as disk space came to permit). It may come as no surprise that Ted is talking out of his ass again :) Kris Ah, thanks! Good to know, and it's good news! :) Will distfiles for ports that are no longer in the tree remain there as well, so that these ports can still be compiled with an older ports tree (yes, I know about the hairy security and dependency issues involved with old unmaintained and even dead ports...)? Yes, as I mentioned in another reply it's been years since I have had to clean out old distfiles for space reasons, and there's no other need to do that so they will remain indefinitely. Kris Great! That's indeed the best solution. ;) Thanks again, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Free BSD 6.3 Export Control Classification
I could not find anything referencing export controls for FreeBSD. You may find the following link for Apache Software Foundation products helpful. This is the type is information that is needed to determine what is required to legally export software. If FreeBSD has any cryptographic functions there are export restrictions that need to be considered. http://www.apache.org/licenses/exports/#matrix Connie -Original Message- From: Jerry McAllister [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 9:12 AM To: darko gavrilovic Cc: Chocas, Connie S; freebsd-questions@FreeBSD.org Subject: Re: Free BSD 6.3 Export Control Classification On Tue, Jul 22, 2008 at 06:54:39PM -0400, darko gavrilovic wrote: http://www.freebsd.org/where.html I don't see anywhere in that reference that the question is answered or even alluded to. It does give information on how to obtain a copy of FreeBSD, but nothing about ECC. jerry On Tue, Jul 22, 2008 at 4:54 PM, Chocas, Connie S [EMAIL PROTECTED]wrote: I would appreciate you assistance in providing the U.S. Commerce Department Export Control Classification for FreeBSD 6.3. Thank you, Connie Chocas Sandia National Laboratories Classification and Export Control Phone: (505) 844-5982; Fax: (505) 284-4927 Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and shorts. Since writing that, I've tried them more than once and discovered that I was wrong. You don't get the shorts. -- M.W. Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
Kevin Kinsey [EMAIL PROTECTED] wrote: I stand ready for correction, but Design Implementation is mostly about, well, the design of the system itself ... not an operational manual but a programmer's guide to OS internals. And, not only that, but it's about 4.4BSD (1993?), so the exact OS described is quite old*; however, it's of great value not only as history but as 4.4BSD has fed code into not only FreeBSD, but NetBSD, OpenBSD, and others. (see /usr/share/misc/bsd-family-tree). If that's not of interest to you I'd not worry about this book --- no offence to Mr. McKusick et al, of course. Your thinking of The Design and Implementation of the 4.4BSD Operating System not The Design and Implementation of the FreeBSD Operating System. They are, believe it or not, two different books. Your point is just as valid though as far as it being not an operational manual but a programmer's guide to OS internals. -- James Tanis Technical Coordinator Monsignor Donovan Catholic High School e: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Free BSD 6.3 Export Control Classification
On Wed, Jul 23, 2008 at 10:18:32AM -0600, Chocas, Connie S wrote: I could not find anything referencing export controls for FreeBSD. You may find the following link for Apache Software Foundation products helpful. This is the type is information that is needed to determine what is required to legally export software. If FreeBSD has any cryptographic functions there are export restrictions that need to be considered. http://www.apache.org/licenses/exports/#matrix I don't know about the legal details and I don't have time to read up about it, but I would note that FreeBSD is already exported by default since it is copied by people in many countries and there are mirrors in other countries.It is not explicitly exported by the FreeBSD Foundation, but its movement around the world is quite thorough, done by those who use it. There was a time that the encryption issue made things difficult for some people using FreeBSD, but the Gov standards were changed and the issue quieted down. I don't know if it is solved. jerry Connie -Original Message- From: Jerry McAllister [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 9:12 AM To: darko gavrilovic Cc: Chocas, Connie S; freebsd-questions@FreeBSD.org Subject: Re: Free BSD 6.3 Export Control Classification On Tue, Jul 22, 2008 at 06:54:39PM -0400, darko gavrilovic wrote: http://www.freebsd.org/where.html I don't see anywhere in that reference that the question is answered or even alluded to. It does give information on how to obtain a copy of FreeBSD, but nothing about ECC. jerry On Tue, Jul 22, 2008 at 4:54 PM, Chocas, Connie S [EMAIL PROTECTED]wrote: I would appreciate you assistance in providing the U.S. Commerce Department Export Control Classification for FreeBSD 6.3. Thank you, Connie Chocas Sandia National Laboratories Classification and Export Control Phone: (505) 844-5982; Fax: (505) 284-4927 Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and shorts. Since writing that, I've tried them more than once and discovered that I was wrong. You don't get the shorts. -- M.W. Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The Design and Implementation of the FreeBSD Operating System
On Wed, Jul 23, 2008 at 12:06 AM, Gonzalo Nemmi [EMAIL PROTECTED] wrote: On Tuesday 22 July 2008 15:23:15 Erik Trulsson wrote: On Tue, Jul 22, 2008 at 11:09:17AM -0400, FreeBSD Questions wrote: This book was printed in August 2004. This predates FBSD 5, and I know there were some significant changes between the 4.x and 5.x branches. We've progressed further and are now into version 7. How well does this book apply to more current versions of FreeBSD, such as version 7? The 2004 edition of that book does cover FreeBSD 5.2 (says so clearly on the cover anyway.) This means that all the major changes between 4.x and 5.x should be included in it. There have been many changes in FreeBSD since then, of course, but most of those changes have been fairly evolutionary in nature, so most of the book should still apply reasonably well. Actually .. I'd be more than willing to buy an updated version of that book too .. I _do_ undertand your point of view but to be honest, I'd rather buy a new copy that prints everything up to _yesterday_ and that has at least some hints into tomorrow ... Yet your point is completly valid one.. and that's why The Design and Implementation of the FreeBSD Operating System is the only book that I've been hesitant on buying so far ... Lucas (Absolute FreeBSD, 2nd Edition), Lavigne (The Best of FreeBSD Basics), Kong (BSD rootkits), Lehey (Download edition:) ) are all over my desktop as I write this mail, and I consult them daily ... Farrokhi (Network Administration with FreeBSD) and Hong (Building a Server with FreeBSD 7) are the ones coming in the next batch ... So far .. there are only three books I would have bought but I didn't because I thought the situation could improve ... those are: The Design and Implementation of the FreeBSD Operating System, BSD Hacks and The FreeBSD HandBook... same reason for all of them .. too old by now (although I think I'll buy BSD Hacks anyways .. I just can't resist buying Lavigne books :( ) (let alone the fact that I would rather buy them all through freebsdmall.com that from amazon .. I think freebsdmall would do good if they would offer the whole Reed's Media library and the No Starch Press BSD related titles ... i would surely buy everything from them =P) Finally; Editor, Publisher, _Dear_Writer_: if you guys are hesitant .. I think there's at least two copies of an updated version of The Design and Implementation .. already sold with a lot more on the way :) -- Blessings Gonzalo Nemmi I couldn't agree more with Gonzalo... i find myself in the exact same position. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
boot -s hangs
Hello, I have a FreeBSD install that will hang when trying to enter single user mode. If I use shutdown now from the console the system will return System shutdown time has arrived as expected but it will just hang there indefinitely. If I use option 4 (enter single user mode) from the boot options menu everything seems to boot properly until: Trying to mount root from ufs:/dev/mfid0s1a and that is where it hangs. In both cases it never returns a cursor or the expected enter path statement. In both cases I can ctrl-alt-delete the box once and it synchs disks and nicely reboots. If I go through standard booting it boots just fine. I am a bit stumped by this. Is this some weird raid card issue? I am not sure how to really trouble shoot this. /var/log/messages and /var/log/console do not even show the hung boot as having happened. # uname -a FreeBSD greed.mtmary.edu 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #0: Wed Jul 23 14:19:22 CDT 2008 [EMAIL PROTECTED]:/usr/src/sys/amd64/compile/PETE-GENERIC-AMD64 amd64 # dmesg Copyright (c) 1992-2008 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.0-RELEASE-p3 #0: Wed Jul 23 14:19:22 CDT 2008 [EMAIL PROTECTED]:/usr/src/sys/amd64/compile/PETE-GENERIC-AMD64 Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (2336.82-MHz K8-class CPU) Origin = GenuineIntel Id = 0x10676 Stepping = 6 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0xce3bdSSE3,RSVD2,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,b19 AMD Features=0x20100800SYSCALL,NX,LM AMD Features2=0x1LAHF Cores per package: 4 usable memory = 2133131264 (2034 MB) avail memory = 2058424320 (1963 MB) ACPI APIC Table: INTEL S5000PAL FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 24-47 on motherboard lapic0: Forcing LINT1 to edge trigger acpi0: INTEL S5000PAL on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0 acpi_hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff on acpi0 Timecounter HPET frequency 14318180 Hz quality 900 cpu0: ACPI CPU on acpi0 est0: Enhanced SpeedStep Frequency Control on cpu0 est: CPU supports Enhanced Speedstep, but is not recognized. est: cpu_vendor GenuineIntel, msr 720072006000720 device_attach: est0 attach returned 6 p4tcc0: CPU Frequency Thermal Control on cpu0 cpu1: ACPI CPU on acpi0 est1: Enhanced SpeedStep Frequency Control on cpu1 est: CPU supports Enhanced Speedstep, but is not recognized. est: cpu_vendor GenuineIntel, msr 720072006000720 device_attach: est1 attach returned 6 p4tcc1: CPU Frequency Thermal Control on cpu1 cpu2: ACPI CPU on acpi0 est2: Enhanced SpeedStep Frequency Control on cpu2 est: CPU supports Enhanced Speedstep, but is not recognized. est: cpu_vendor GenuineIntel, msr 720072006000720 device_attach: est2 attach returned 6 p4tcc2: CPU Frequency Thermal Control on cpu2 cpu3: ACPI CPU on acpi0 est3: Enhanced SpeedStep Frequency Control on cpu3 est: CPU supports Enhanced Speedstep, but is not recognized. est: cpu_vendor GenuineIntel, msr 720072006000720 device_attach: est3 attach returned 6 p4tcc3: CPU Frequency Thermal Control on cpu3 acpi_button0: Power Button on acpi0 pcib0: ACPI Host-PCI bridge port 0xca2,0xca3,0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 2.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib2: ACPI PCI-PCI bridge irq 16 at device 0.0 on pci1 pci2: ACPI PCI bus on pcib2 pcib3: ACPI PCI-PCI bridge irq 16 at device 0.0 on pci2 pci3: ACPI PCI bus on pcib3 pcib4: ACPI PCI-PCI bridge at device 0.0 on pci3 pci4: ACPI PCI bus on pcib4 mfi0: LSI MegaSAS 1064R mem 0xb8b0-0xb8b0,0xb890-0xb891 irq 18 at device 14.0 on pci4 mfi0: Megaraid SAS driver Ver 2.00 mfi0: 1093 (270141940s/0x0020/0) - Shutdown command received from host mfi0: 1094 (4278190080s/0x0020/0) - PCI 0x041000 0x04411 0x048086 0x043501: Firmware initialization started (PCI ID 0411/1000/3501/8086) mfi0: 1095 (4278190080s/0x0020/0) - Type 18: Firmware version 1.12.00-0310 mfi0: 1096 (4278190080s/0x0020/0) - PCI 0x041000 0x04411 0x048086 0x043501: Firmware initialization started (PCI ID 0411/1000/3501/8086) mfi0: 1097 (4278190080s/0x0020/0) - Type 18: Firmware version 1.12.00-0310 mfi0: 1098 (4278190095s/0x0008/0) - Battery temperature is normal mfi0: 1099 (4278190095s/0x0008/0) - Battery Present mfi0: 1100 (4278190095s/0x0020/0) - Type 18: Board Revision mfi0: 1101
libbz2.so.3 ?
FreeBSD 6.3-R amavis, spammassassin, clamav installed via ports clamav is logging : Jul 23 16:08:32 mx2 amavis[2626]: (02626-01-2) (!!)run_av (ClamAV-clamscan) FAILED - unexpected exit 1, output=/libexec/ld-elf.so.1: Shared object libbz2.so.3 not found, required by clamscan All the system has similar is: find / -iname *libbz2* /usr/lib/libbz2.a /usr/lib/libbz2.so.2 /usr/lib/libbz2.so /usr/lib/libbz2_p.a Really nothing on Google about libbz2.so.3 Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Port Management on a larger scale
Sorry if this has been asked before, but I've inherited a fairly large number of FreeBSD servers. All of them are running 6.3. What is the recommended way of doing port management? Or if there isn't a recommended way of updating ports on 10-15 servers, what do people do? How do you handle port upgrades that deal with custom compile configurations (such as exim with postgresql)? Do you build a port on one system and install it as a package on all the others? I come from a Slackware background, and in the past I would compile the update on a test system then distribute and install to all the other servers. Thanks for your input! Derek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: libbz2.so.3 ?
Len Conrad wrote: FreeBSD 6.3-R amavis, spammassassin, clamav installed via ports clamav is logging : Jul 23 16:08:32 mx2 amavis[2626]: (02626-01-2) (!!)run_av (ClamAV-clamscan) FAILED - unexpected exit 1, output=/libexec/ld-elf.so.1: Shared object libbz2.so.3 not found, required by clamscan All the system has similar is: find / -iname *libbz2* /usr/lib/libbz2.a /usr/lib/libbz2.so.2 /usr/lib/libbz2.so /usr/lib/libbz2_p.a Really nothing on Google about libbz2.so.3 You installed a 7.x/8.x package. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
system hangs on boot up if no internet available
I setup a FreeBSD server (v 6.1) for my company as a simple Samba server. It works fine. Except once in awhile our access to the outside internet goes out (due to our ISP), and when it does the FreeBSD server gets hung up, even after rebooted. This happened this morning, so I put a console on it, and rebooted it. I saw that it gets hung trying to start sshd. No error messages are given. If I hit Control-C, to skip loading sshd, then the rest of the boot-up goes normally and people can again access the server. Any ideas how I can avoid this problem? I'd rather not skip the loading of sshd. I don't have any special programs on the server that contact the outside world. Thanks, Dave ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: system hangs on boot up if no internet available
On Jul 23, 2008, at 2:25 PM, Dave Abouav wrote: I setup a FreeBSD server (v 6.1) for my company as a simple Samba server. It works fine. Except once in awhile our access to the outside internet goes out (due to our ISP), and when it does the FreeBSD server gets hung up, even after rebooted. This happened this morning, so I put a console on it, and rebooted it. I saw that it gets hung trying to start sshd. No error messages are given. If I hit Control-C, to skip loading sshd, then the rest of the boot-up goes normally and people can again access the server. Any ideas how I can avoid this problem? I'd rather not skip the loading of sshd. I don't have any special programs on the server that contact the outside world. It's probably doing something which needs a DNS lookup. Do you have a subnet-local nameserver available, or does simply waiting for 2 minutes or so for a timeout do the trick? -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Port Management on a larger scale
On Tue, Jul 22, 2008 at 12:41:46AM -0400, Derek Belrose wrote: What is the recommended way of doing port management? There doesn't seem to be a single standard way of doing this. There are several things you could do, assuming that all servers use identically configured software. Probably the least effort would be to update and test the ports one server, then use rsync to push /usr/local from that server to all others. This is efficient because you only have to build stuff once, an can then easily push it to other machines. Alternatively you could use one server to build packages which are then stored on a shared filesystem to install on all others, but that sounds like more work to me. Or you could mount /usr/local from a single NFS server on all others, keeping them automatically in sync but that might strain the NFS server and make it a single point of failure which is undesirable. Maybe it would be better to use the Coda filesystem in this case. I'd favor the rsync approach, because it keeps data and programs locally accessible on each machine while making in easy and efficient to syncronize from a test machine to others. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp0RPMWiPfaC.pgp Description: PGP signature
Re: system hangs on boot up if no internet available
Our DNS goes through our ISP. The IP addresses of their DNS servers are hard-coded into the server's /etc/rc.conf file. No amount of waiting seems to help. It always just hangs trying to load sshd. Chuck Swiger wrote: On Jul 23, 2008, at 2:25 PM, Dave Abouav wrote: I setup a FreeBSD server (v 6.1) for my company as a simple Samba server. It works fine. Except once in awhile our access to the outside internet goes out (due to our ISP), and when it does the FreeBSD server gets hung up, even after rebooted. This happened this morning, so I put a console on it, and rebooted it. I saw that it gets hung trying to start sshd. No error messages are given. If I hit Control-C, to skip loading sshd, then the rest of the boot-up goes normally and people can again access the server. Any ideas how I can avoid this problem? I'd rather not skip the loading of sshd. I don't have any special programs on the server that contact the outside world. It's probably doing something which needs a DNS lookup. Do you have a subnet-local nameserver available, or does simply waiting for 2 minutes or so for a timeout do the trick? -- Dave Abouav Product Manager Software Engineer KWJ Engineering, Transducer Technology Division Phone: (510) 791-0951 Fax: (510) 794-4330 Email: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [freebsd-questions] Re: Port Management on a larger scale
Or you could mount /usr/local from a single NFS server on all others, keeping them automatically in sync but that might strain the NFS server and make it a single point of failure which is undesirable. Maybe it would be better to use the Coda filesystem in this case.=20 In theory this sounded great when I first did it, but now, not so great. 1) I have to keep all the machines on the same OS release. 2) Taking down or a failure of the NFS server pulls EVERY other system with it. 3) Working with lockd/statd can be problematic at times. 4) NFS on FreeBSD varies (I'M TOLD) between versions as to effectiveness, issues, etc. 5) I've run into issues where some programs are just NOT happy running over NFS (hylafax for me for example. POTENTIALLY a locking issue, but running a locking tester shows everything fine, but it just for the life of it won't work over NFS for me atleast). Since this is a personal system, I put up with it. When I get the time/energy I'm going to break all the systems apart. Tuc/TBOH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing jdk on 7-Release: Has known vulnerabilities from 2005?
Hi, when I try to install linux-sun-jdk16 from ports I get: === linux-sun-jdk-1.6.0.07 has known vulnerabilities: = jdk -- jar directory traversal vulnerability. Reference: http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html = Please update your ports tree and try again. *** Error code 1 This refers to a vulnerability from 2005 (!). I get the same thing with the 1.5 port. I desperately want to avoid building the native version due to the fact that I have a not that sporty laptop, and the packages from the freebsd foundation is not available yet. I have the latest portsnap port snapshot. Hope somebody can help me. Is there any other way I can get the jdk without building it? Hope for quick reply, Torgeir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing jdk on 7-Release: Has known vulnerabilities from 2005?
Torgeir Hoffmann wrote: Hi, when I try to install linux-sun-jdk16 from ports I get: === linux-sun-jdk-1.6.0.07 has known vulnerabilities: = jdk -- jar directory traversal vulnerability. Reference: http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html = Please update your ports tree and try again. *** Error code 1 This refers to a vulnerability from 2005 (!). I get the same thing with the 1.5 port. I desperately want to avoid building the native version due to the fact that I have a not that sporty laptop, and the packages from the freebsd foundation is not available yet. I have the latest portsnap port snapshot. Update your portaudit database. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: system hangs on boot up if no internet available
Dave Abouav wrote: Our DNS goes through our ISP. The IP addresses of their DNS servers are hard-coded into the server's /etc/rc.conf file. No amount of waiting seems to help. It always just hangs trying to load sshd. Chuck Swiger wrote: On Jul 23, 2008, at 2:25 PM, Dave Abouav wrote: I setup a FreeBSD server (v 6.1) for my company as a simple Samba server. It works fine. Except once in awhile our access to the outside internet goes out (due to our ISP), and when it does the FreeBSD server gets hung up, even after rebooted. This happened this morning, so I put a console on it, and rebooted it. I saw that it gets hung trying to start sshd. No error messages are given. If I hit Control-C, to skip loading sshd, then the rest of the boot-up goes normally and people can again access the server. Any ideas how I can avoid this problem? I'd rather not skip the loading of sshd. I don't have any special programs on the server that contact the outside world. It's probably doing something which needs a DNS lookup. Do you have a subnet-local nameserver available, or does simply waiting for 2 minutes or so for a timeout do the trick? Workaround, perhaps: set UseDNS no in /etc/ssh/sshd_config and try again? Perhaps better to run named or something locally, if that helps, but doing this would at least test Chuck's theory (which seems about correct to me, though why it *never* goes on I don't know). Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: system hangs on boot up if no internet available
On Wed, Jul 23, 2008 at 03:04:15PM -0700, Dave Abouav wrote: Chuck Swiger wrote: On Jul 23, 2008, at 2:25 PM, Dave Abouav wrote: I setup a FreeBSD server (v 6.1) for my company as a simple Samba server. It works fine. Except once in awhile our access to the outside internet goes out (due to our ISP), and when it does the FreeBSD server gets hung up, even after rebooted. What does hung up mean in the case that it's not rebooted? This happened this morning, so I put a console on it, and rebooted it. I saw that it gets hung trying to start sshd. No error messages are given. If I hit Control-C, to skip loading sshd, then the rest of the boot-up goes normally and people can again access the server. Any ideas how I can avoid this problem? I'd rather not skip the loading of sshd. I don't have any special programs on the server that contact the outside world. It's probably doing something which needs a DNS lookup. Do you have a subnet-local nameserver available, or does simply waiting for 2 minutes or so for a timeout do the trick? [please don't top-post!] Our DNS goes through our ISP. The IP addresses of their DNS servers are hard-coded into the server's /etc/rc.conf file. No amount of waiting seems to help. It always just hangs trying to load sshd. First, try starting sshd in test mode (-t) to see if your config and keys are OK. Then, with the outside connection down, try starting sshd with the -d and -e options (and other options that you might have specified in /etc/rc.conf) to see where it goes wrong. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpQf4677Ffdy.pgp Description: PGP signature
RE: FreeBSD for webserver?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gonzalo Nemmi Sent: Wednesday, July 23, 2008 1:02 AM To: freebsd-questions@freebsd.org Subject: Re: FreeBSD for webserver? On Wednesday 23 July 2008 03:47:04 Ted Mittelstaedt wrote: This seems to be a common misperception about ports. Ports aren't something magical. They do exactly what you would do from the commandline (i.e. ./configure, make, make install), except they come with several bonuses. 1) The port maintainer has already worked out all the quirks to make it compile and install properly on FreeBSD. 2) The port maintainer has already supplied patches that allow the software to build correctly on FreeBSD. 3) All the dependencies are already taken care of. 4) Upgrading is quite simple and straightforward. 5) The software is now architechture-independent (in most cases), meaning you can move from Intel to AMD (for example) without having to worry that the software will no longer build and you'll have to start from scratch again. For example, I decided today that I wanted to try out some software named arguseye. So I downloaded and untarred the program. I looked at the dependencies. It requires a number of perl modules, some of which are not in ports. So, I just created three new perl ports to satisfy those dependencies and submitted them this afternoon. Once those are accepted into the tree, I'll create the arguseye port and submit it as well. Then, when someone else wants to install arguseye, all they will have to do is type make install clean in the port directory and everything that they need will be installed for them. Unless you're a glutton for punishment, why would you do all that yourself? Because maybe you don't care for the porter's choice of defaults. Many programs come with hard-coded defaults that are modified in a config file. For example cistron-radius. Another example is the dspam port. The porter for that insisted on using a default of apache vhost. However the default apache port does not activate this. I don't give a rat's ass that vhost is supposedly more secure. Another one that always pisses me off is the porter's choice in building uw-imap to turn off plaintext passwords. And the default for pine is also to turn off plaintext support. Another problem is that not all porters are good about maintaining their ports. For example icradius. Someone spent a lot of time creating the port for that. Then just let it die. Another is the open source ingres database. Julian ported that one then lost interest, it died sometime around FBSD 4.X Another problem with ports is that all of them like pulling the original source from the author's site. I've had a few where the author released the code under GPL then a few years later lost interest, stopped paying whatever ISP he had the main site for the program at, and the porter also lost interest in the project and never bothered obtaining the last available tarfile from the authors site and uploading it to freebsd, then both disappeared. Another one I can recall is the gated code, similar issue. The fundamental achillies heel of the ports system is it makes the assumption that every package in the ports system is popular and will be supported for the indefinite future by the original package developer. The ports system counts on this insofar that it assumes that if the original porter loses interest and stops tracking the master site, that someone else will step in and assume responsibility for maintaining the port. The reality is that in every release of FreeBSD, some ports go wanting for sponsors, and nobody steps forward and so when the port stops building, the FreeBSD maintainers simply cut it out of the ports tree, plus anything dependent on it. This assumption is fine for people running vanilla apache or whatever systems, which is most people. But, if your doing anything that isn't plain-jane middle of the road, you better assume that if your using a series of ports, to make detailed notes, and save the ports, and save the patches, and save the distfiles. You may need to see how they did it in an older FreeBSD system when a new version of FreeBSD comes out that is missing one or more of the ports you depend on. Ultimately, ports isn't any different than most other things. When it's properly executed it's great. But proper execution of the entire thing depends on every porter who has an active port in the system doing the right thing, and there's so many of them that statistically, some of them are going to be flakes. Ultimately, if your going to be a server admin, you need to know how to build your applications without ports. It's no different than, for example, I know how to pour
Re: Installing jdk on 7-Release: Has known vulnerabilities from 2005?
Hi again! when I try to install linux-sun-jdk16 from ports I get: === linux-sun-jdk-1.6.0.07 has known vulnerabilities: = jdk -- jar directory traversal vulnerability. Reference: http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html = Please update your ports tree and try again. *** Error code 1 This refers to a vulnerability from 2005 (!). I get the same thing with the 1.5 port. I desperately want to avoid building the native version due to the fact that I have a not that sporty laptop, and the packages from the freebsd foundation is not available yet. I have the latest portsnap port snapshot. Update your portaudit database. I did that. portaudit -Fda Still, same thing. Thought this was very strange as well. Anything else that I should have done? (It's probably right in front of me!) Many thanks, Torgeir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing jdk on 7-Release: Has known vulnerabilities from 2005?
Torgeir Hoffmann wrote: Hi again! when I try to install linux-sun-jdk16 from ports I get: === linux-sun-jdk-1.6.0.07 has known vulnerabilities: = jdk -- jar directory traversal vulnerability. Reference: http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html = Please update your ports tree and try again. *** Error code 1 This refers to a vulnerability from 2005 (!). I get the same thing with the 1.5 port. I desperately want to avoid building the native version due to the fact that I have a not that sporty laptop, and the packages from the freebsd foundation is not available yet. I have the latest portsnap port snapshot. Update your portaudit database. I did that. portaudit -Fda Still, same thing. Thought this was very strange as well. Anything else that I should have done? (It's probably right in front of me!) Talk to the port maintainer if you think the vulnerability no longer exists, or build with DISABLE_VULNERABILITIES if you choose to override the warning. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [freebsd-questions] Re: Port Management on a larger scale
On Wed, Jul 23, 2008 at 6:06 PM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote: 2) Taking down or a failure of the NFS server pulls EVERY other system with it. ..just thinking out loud here...but.. what if you had 2 identical NFS/rsync servers and used them together in a standby/failover method. i.e. when you have to bring down one NFS/rsync server, you direct all clients to the other and vice versa. 3) Working with lockd/statd can be problematic at times. 4) NFS on FreeBSD varies (I'M TOLD) between versions as to effectiveness, issues, etc. 5) I've run into issues where some programs are just NOT happy running over NFS (hylafax for me for example. POTENTIALLY a locking issue, but running a locking tester shows everything fine, but it just for the life of it won't work over NFS for me atleast). Since this is a personal system, I put up with it. When I get the time/energy I'm going to break all the systems apart. Tuc/TBOH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- regards, dg ..but the more you use clever tricks, the less support you'll get ... -- M.W.Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: libbz2.so.3 ?
FreeBSD 6.3-R amavis, spammassassin, clamav installed via ports clamav is logging : Jul 23 16:08:32 mx2 amavis[2626]: (02626-01-2) (!!)run_av (ClamAV-clamscan) FAILED - unexpected exit 1, output=/libexec/ld-elf.so.1: Shared object libbz2.so.3 not found, required by clamscan All the system has similar is: find / -iname *libbz2* /usr/lib/libbz2.a /usr/lib/libbz2.so.2 /usr/lib/libbz2.so /usr/lib/libbz2_p.a Really nothing on Google about libbz2.so.3 You installed a 7.x/8.x package. ok, thanks. I see where that did happen, grabbed the wrong one from freshports. deleted clamav pkg added the 6 clamav. Now get a different error: /usr/local/etc/rc.d/clamav-freshclam start Starting clamav_freshclam. /libexec/ld-elf.so.1: Shared object libc.so.7 not found, required by libgmp.so.7 Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't ping
Rem P Roberti wrote: Can someone tell what is going on here. All of a sudden I can't ping. When I try a get this message: ping: sendto: Permission denied All internet functions seem to be working fine...just can't ping. Rem ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pinging from a jail? check your sysctls. raw ips something or other. HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba and LDAP install on FreeBSD
[EMAIL PROTECTED] wrote: Here is my problem. I installed the OpenLdap 2.4.10 server and SASL client. I then went to install the Samba 3.0.30 Port and it tells me that it needs to install OpenLDAP client 2.3.42, but the 2.4.10 is in the same place and I need to deinstall it. I deinstall 2.4.10 and samba will install, but now openldap will not run because it has missing files. I went to reinstall the 2.4.10 SASL client, but it tells me that the openldap 2.3.42 needs to be removed. If I go to remove the 2.3.42 openldap client, it tells me that samba 3.0.30 relies on it. I am kind of stuck here. Does samba 3.0.30 not work with openldap 2.4? Do I have to have openldap 2.3? Thanks for any suggestions. as I had also written in a previous mail just moments ago earlier in the queue A 2.4.x database already established (as soon as 2.4 was run) may not be compatible with 2.3.x (not verified). the missing rc.conf values to start 2.3? and OpenLDAP won't log to ANYTHING until configured to do so. I'm going from memory on this last peice -- in slapd.conf, insert a loglevel 256 statement anywhere before the database definitions in /etc/syslog.conf define before the middle chunk of comments (seems it's picky) you need to add EITHER (which I think is the latter of these two): slapd.* /var/log/slapd.log-OR- local4.* /var/log/slapd.log touching (creating) /var/log/slapd.log to create the file, restarting syslogd restart slapd That should start logging. Now why it's not any easier to setup, I don't know. HTH. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Slapd not starting
[EMAIL PROTECTED] wrote: I was having some troubles with the samba install telling me that openldap 2.3.42 and 2.4.10 would conflict. I had installed openldap 2.4.10 server and I guess that was the problem. It seemed to start up just fine, but since I could not get samba to install and it kept giving me the error that the clients would conflict, I decided just to uninstall 2.4.10 and install the 2.3.42. Now when I try to /usr/local/etc/rc.d/slapd start, it just seems to sit there and then goes back to the prompt. I checked the port with sockstat -4 -p 389 and it is not running. I don't see anything in the /var/log/messages about it so I am not sure what is going on. I am confused why 2.4.1 seemd to run fine, but 2.3.42 does not even though the config files are the same. Thanks for any info. Here is my /usr/local/etc/openldap/ldap.conf SIZELIMIT200 HOST 127.0.0.1 URI ldap://server.bloomfield.k12.mo.us ssl start_tls tls_cacert /etc/ssl/cacert.crt and here is my /usr/local/etc/openldap/slapd.conf include/usr/local/etc/openldap/schema/core.schema include/usr/local/etc/openldap/schema/cosine.schema include/usr/local/etc/openldap/schema/nis.schema include/usr/local/etc/openldap/schema/inetorgperson.schema include/usr/local/etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args logfile /var/log/slapd.log loglevel -1 sizelimit -1 modulepath/usr/local/libexec/openldap moduleloadback_bdb security ssf=128 TLSCertificateFile /etc/ssl/cert.crt TLSCertificateKeyFile /etc/ssl/cert.key TLSCACertificateFile /etc/ssl/cacert.crt database bdb suffix dc=server,dc=bloomfield.k12.mo.us rootdn cn=Manager,dc=server,dc=bloomfield.k12.mo.us rootpw ### directory/var/db/openldap-data index objectClass eq index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index memberUID eq index default A 2.4.x database already established (as soon as 2.4 was run) may not be compatible with 2.3.x (not verified). the missing rc.conf values to start 2.3? and OpenLDAP won't log to ANYTHING until configured to do so. I'm going from memory on this last peice -- in slapd.conf, insert a loglevel 256 statement anywhere before the database definitions in /etc/syslog.conf define before the middle chunk of comments (seems it's picky) you need to add EITHER (which I think is the latter of these two): slapd.* /var/log/slapd.log-OR- local4.* /var/log/slapd.log touching (creating) /var/log/slapd.log to create the file, restarting syslogd restart slapd That should start logging. Now why it's not any easier to setup, I don't know. HTH. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portupgrade policykit problem
Hi, Hope I didn't do something stupid here Tried to 'portupgrade -R policykit' but it came back with an error. So I deinstalled it and now I'm trying to reinstall it, but it fails with the following error. R=\/usr/local/etc\ -DPACKAGE_DATA_DIR=\/usr/local/share\ -DPACKAGE_BIN_DIR=\/usr/local/bin\ -DPACKAGE_LOCALSTATE_DIR=\/var\ -DPACKAGE_LOCALE_DIR=\/usr/local/share/locale\ -DPACKAGE_LIB_DIR=\/usr/local/lib\ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DKIT_COMPILATION -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include-I/usr/local/include -O2 -fno-strict-aliasing -pipe -Wall -Wchar-subscripts -Wmissing-declarations -Wnested-externs -Wpointer-arith -Wcast-align -Wsign-compare -Wformat -Wformat-security -MT kit-string.lo -MD -MP -MF .deps/kit-string.Tpo -c -o kit-string.lo kit-string.c cc -DHAVE_CONFIG_H -I. -I../.. -I../../src -I../../src -DPACKAGE_LIBEXEC_DIR=\/usr/local/libexec\ -DPACKAGE_SYSCONF_DIR=\/usr/local/etc\ -DPACKAGE_DATA_DIR=\/usr/local/share\ -DPACKAGE_BIN_DIR=\/usr/local/bin\ -DPACKAGE_LOCALSTATE_DIR=\/var\ -DPACKAGE_LOCALE_DIR=\/usr/local/share/locale\ -DPACKAGE_LIB_DIR=\/usr/local/lib\ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -DKIT_COMPILATION -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -Wall -Wchar-subscripts -Wmissing-declarations -Wnested-externs -Wpointer-arith -Wcast-align -Wsign-compare -Wformat -Wformat-security -MT kit-string.lo -MD -MP -MF .deps/kit-string.Tpo -c kit-string.c -fPIC -DPIC -o .libs/kit-string.o kit-string.c:141: error: redefinition of 'strndup' kit-string.c:119: error: previous definition of 'strndup' was here gmake[3]: *** [kit-string.lo] Error 1 gmake[3]: Leaving directory `/usr/ports/sysutils/policykit/work/PolicyKit-0.9/src/kit' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/usr/ports/sysutils/policykit/work/PolicyKit-0.9/src' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/sysutils/policykit/work/PolicyKit-0.9' gmake: *** [all] Error 2 *** Error code 2 Stop in /usr/ports/sysutils/policykit. Also tried 'make distclean' and a new 'make install clean', but it keeps on failing. I hope that in case I need to reboot, it won't crash my system. But I'll postpone my reboot as long as possible. Maybe I can reinstall it with your advice. Thanks, Alain ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamassassin very slow
That says you are driving spamd into swapping. The two canonical
reasons for SpamAssassin to be really slow are dead BL sites or
overrunning memory and going into heavy swapping. You made a
change to reduce the amount of swapping. Hence you probably have
too many children at any one time.
Modify your minimum and maximum number of children. For best results
you MAY want only one child per processor you can spare from other
work. Regardless, use top to see when you go into swapping with the
spamd load. When you do, back off the number of children running at
any given time.
Check rule sets you are using with RDJ. Some of them require incredible
amounts of memory to run. I run enough rules to pull down about 60
megabytes of memory. There are some rule sets that can go over 100
megabytes on the SARE site (SpamAssassin Rules Emporium). 40 children
at 100 megabytes each could use a lot of machine. {^_-}
You might consider investigating the spamassassin users list at
apache.org. You can find it via the SpamAssassin home page,
http://www.spamassassin.org/
{^_^} Joanne
- Original Message -
From: lyd mc [EMAIL PROTECTED]
Sent: Tuesday, 2008, July 22 23:31
Hi James,
I remove spamc on .procmailrc and I can see lots of improvements!
Thanx,
alyd
--- On Wed, 7/23/08, James Tanis [EMAIL PROTECTED] wrote:
From: James Tanis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
lyd mc [EMAIL PROTECTED] wrote:
What causes spamassassin to slow?
Here is my config:
snippet from sendmail.mc
.. cut ..
I have .procmailrc in every home directory of my mail users and it goes
like
this:
So if I'm understanding you correctly.. your calling spamc from a sendmail
milter *and* .procmailrc. That's pretty redundant and would definately
slow
you down. Choose one based on your needs.
I also have RulesDuJour installed and spammassassin --lint does complain
about
it.
Extra rules can slow you down regardless of syntax, but most computers
created this decade can handle RulesDuJour fine. Personally I think your
main problem is that your effectively spam checking every message twice.
The
spamassassin queues most likely get filled followed by sendmail having to
wait and queue up the slack.
--
James Tanis
Technical Coordinator
Monsignor Donovan Catholic High School
e: [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
