Re: Accounting disabled/enabled messages
In the last episode (Sep 05), David J. Weller-Fahy said: I noticed today the following entries in my dmesg. #v+ Accounting enabled Accounting disabled Accounting enabled Accounting disabled Accounting enabled Accounting disabled Accounting enabled #v- The uname -a follows. FreeBSD NAStie 9.0-BETA1 FreeBSD 9.0-BETA1 #0: Thu Jul 28 16:34:16 UTC 2011 r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 I tracked the actual messages down to /usr/src/sys/kern/kern_acct.c, but am not familiar enough with kernel internals to figure out why its happening. It *looks* like its happening every time I reboot the system (been playing around with the power). However, I want to be sure, and figured I'd check with the list. So - are these messages something to be concerned about? Or something to ignore? Or something to ignore in a BETA environment, and not in a production environment? Assuming you have accounting enabled in /etc/rc.conf, that's to be expected. Accounting is enabled on boot, disabled on shutdown, and cycled twice during /var/account/acct rotation at 3am. See /etc/rc.d/accounting and /etc/periodic/daily/310.accounting . -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cutting sendmail out of the loop
Date: Sun, 04 Sep 2011 15:44:45 -0600 From: Brett Glass br...@lariat.net Subject: Re: Cutting sendmail out of the loop Johan: Actually, since the system I'm building is meant to be very secure and appliance-like, it doesn't ever need to get mail out of the system. And it has limited memory, so it shouldn't be running a mail daemon. At most, it needs a mail system that can ONLY mail locally, solely for the purpose of satisfying programs that want to send users status via mail. (The mail files will be trimmed by newsyslog, so they can't consume infinite space.) Even the Dragonfly mail daemon would be overkill. How about a simple _shell_script_ that simply finds the addressee in the command-line parameters, and appends the content from stdin to that addressee's mailbox? If you want to get fancy, you add calls to lockfile to prevent potentially intermixed output. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re[6]: vpn using pptpclient in FreeBSD
Здравствуйте, Marco. Вы писали 5 сентября 2011 г., 2:09:30: MB On Mon, 5 Sep 2011, the wise Коньков Евгений wrote: As I have so, you 1. Successfully connect to university MB ng0: flags=88d1UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST metric 0 MB mtu 1456 MB inet 130.115.77.12 -- 130.115.3.34 netmask 0x MB inet6 fe80::20e:cff:fe3d:e16d%ng0 prefixlen 64 scopeid 0x8 MB nd6 options=3PERFORMNUD,ACCEPT_RTADV 2. You also have route to it MB 130.115.0.0/16 130.115.3.34 UGS 00ng0 so you are done, are not? MB Unfortunately not, because it looks like I have a connection, but in fact MB I cannot log in to the university through the tunnel. With the above MB settings and running mpd, the university site is not pingable and MB unreachable by a browser. may be you have a problem with firewall. try #traceroute IP or name -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
On Sun, 04 Sep 2011 23:47:03 -0400, Pierre-Luc Drouin wrote: Hi, so I have a friend who is looking for the best OS for a web server, that allows to configure services (I guess HTTP, PHP, MySQL and web content) and do the OS maintenance (OS package updates, firewall configuration) without having to touch a shell. I was wondering if something like PC-BSD + CPanel would be the way to go. Would there be other BSD-based alternatives? I always do upgrades and configure services through the shell and I am not aware too much about the GUI alternatives... There are webbased configuration tools that run on common service combinations (like Apache + MySQL + PHP) that can be installed. However _installing_ them requires a skilled person who is able to administrate a server, which in turn traditionally implies the ability to use the command line, even if it's just for that abstraction job. FreeBSD can be the OS running such a combination. PC-BSD primarily aims at desktop usage, so for example it defaults to KDE, office applications, multimedia stuff and all the things you traditionally won't want on a server. Software solutions that come to mind are CPanel or WebMin. Maybe there are others? I'm not sure as I void those mostly inflexible, error-prone, overcomplicated and dangerous piles of bloat whenever possible. :-) For managing installed applications (ports), there are KDE tools for that (at least _have been_ in the past, not sure if they are still being maintained). The system cannot be updated by a GUI tool (why should it?), but it should be a job of max. 30 minutes to create a Tcl/Tk GUI wrapper for those things. And firewall configuration: I'm quite sure PC-BSD has something for that, except that it probably won't give you the flexibility to automatically change firewall rules depending on different kinds of attacks the server will encounter. Please keep in mind: If you're running a web server, you're part of the target group of thousands of villains across the Internet who will happily exploit any weakness you are presenting to them, depending on the services and software you run. What's possible to run will also depend on what kind of server you have. For example if you run a server without any GPU, but PC-BSD depends on hardware-accellerated 3D graphics for managing the firewall, then... you know. :-) There still is a question that your friend should give an answer to himself: Wouldn't it be worth investing in basic UNIX skills and command line operations to gain knowledge and experience to professionally administer a server instead of relying on abstracted layers of abstracted abstractions that GUIs provide here, maybe paying with speed and security loss? It's like driving a car; you _can_ pay a driver to drive your car all the time, but maybe you should consider to learn how to drive yourself. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re-create MBR
Hi All, I had to install Linux to participate in a project I was involved with. Now is all finished I have restored the partition but now need a 3bsd boot sector back. Scheme is ; 0 Primary XP 0 Extended FAT32 1 Primary FreeBSD Approx 1/3 disc for each. How can I restore the 3bsd boot sector? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help Finding ZFS snapshots
Hi All: Using FreeBSD 8.1, amd64 - I wanted to recover files from a snapshot of usr/home. Everything I've found via googling refers to a link such as path/zfs/.snapshot However, I'll be darned if I can find any such link. Snapshots existing are: NAME USED AVAIL REFER MOUNTPOINT zroot/usr@2011-01-02 1.06G - 10.2G - zroot/usr/home@2011-07-09 419M - 11.9G - zroot/usr/ports@2011-01-02 720M - 723M - zroot/usr/ports/distfiles@2011-01-02 310K - 2.72G - zroot/usr/ports/packages@2011-01-02 20.0K - 24.0K - zroot/usr/src@2011-01-02 159M - 310M - And ZFS is version 3: This system is currently running ZFS filesystem version 3. All filesystems are formatted with the current version. === Either 1) I'm looking in all the wrong places, 2) the link was somehow deleted, 3) ZFS has changed TWTAD (the way things are done). Can anyone point me in the right direction? Thanks. -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
On 09/05/2011 08:31 AM, Polytropon wrote: On Sun, 04 Sep 2011 23:47:03 -0400, Pierre-Luc Drouin wrote: Hi, so I have a friend who is looking for the best OS for a web server, that allows to configure services (I guess HTTP, PHP, MySQL and web content) and do the OS maintenance (OS package updates, firewall configuration) without having to touch a shell. I was wondering if something like PC-BSD + CPanel would be the way to go. Would there be other BSD-based alternatives? I always do upgrades and configure services through the shell and I am not aware too much about the GUI alternatives... There are webbased configuration tools that run on common service combinations (like Apache + MySQL + PHP) that can be installed. However _installing_ them requires a skilled person who is able to administrate a server, which in turn traditionally implies the ability to use the command line, even if it's just for that abstraction job. Well, this part is not an issue, as he will not be the one doing the initial install of the system FreeBSD can be the OS running such a combination. PC-BSD primarily aims at desktop usage, so for example it defaults to KDE, office applications, multimedia stuff and all the things you traditionally won't want on a server. But all these can be removed quite easily I guess... Software solutions that come to mind are CPanel or WebMin. Maybe there are others? I'm not sure as I void those mostly inflexible, error-prone, overcomplicated and dangerous piles of bloat whenever possible. :-) How much security risk do these represent compared to using a Windows server? For managing installed applications (ports), there are KDE tools for that (at least _have been_ in the past, not sure if they are still being maintained). Do the PC-BSD package management tools still require KDE? I though they were removing this dependency? The system cannot be updated by a GUI tool (why should it?), but it should be a job of max. 30 minutes to create a Tcl/Tk GUI wrapper for those things. Can PC-BSD OS be updated through a gui? And firewall configuration: I'm quite sure PC-BSD has something for that, except that it probably won't give you the flexibility to automatically change firewall rules depending on different kinds of attacks the server will encounter. Please keep in mind: If you're running a web server, you're part of the target group of thousands of villains across the Internet who will happily exploit any weakness you are presenting to them, depending on the services and software you run. What's possible to run will also depend on what kind of server you have. For example if you run a server without any GPU, but PC-BSD depends on hardware-accellerated 3D graphics for managing the firewall, then... you know. :-) There still is a question that your friend should give an answer to himself: Wouldn't it be worth investing in basic UNIX skills and command line operations to gain knowledge and experience to professionally administer a server instead of relying on abstracted layers of abstracted abstractions that GUIs provide here, maybe paying with speed and security loss? Well, I know that. I can try convincing him... Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re[6]: vpn using pptpclient in FreeBSD
On Mon, 5 Sep 2011, the wise Коньков Евгений wrote: may be you have a problem with firewall. try #traceroute IP or name Traceroute gives: ... traceroute vpn-eur-pptp.eur.nl traceroute: Warning: vpn-eur-pptp.eur.nl has multiple addresses; using 130.115.3.35 traceroute to vpn-eur-pptp.eur.nl (130.115.3.35), 64 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * ... May I also add that I also have a laptop behind the ADSL router running windows that has no problems at all with the vpn connection. That is why I think the problem is with FreeBSD or the vpn software. Marco -- If there really was a Jewish conspiracy to run the world, my rabbi would have let me in on it by now. I contribute enough to the shule. -- Saul Goodman___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help Finding ZFS snapshots
On 05/09/2011 14:13, Gene wrote: Either 1) I'm looking in all the wrong places, 2) the link was somehow deleted, 3) ZFS has changed TWTAD (the way things are done). Can anyone point me in the right direction? ZFS snapshots automount themselves when you cd to the snapshot directory. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
On Mon, 05 Sep 2011 09:18:21 -0400, Pierre-Luc Drouin wrote: On 09/05/2011 08:31 AM, Polytropon wrote: On Sun, 04 Sep 2011 23:47:03 -0400, Pierre-Luc Drouin wrote: Hi, so I have a friend who is looking for the best OS for a web server, that allows to configure services (I guess HTTP, PHP, MySQL and web content) and do the OS maintenance (OS package updates, firewall configuration) without having to touch a shell. I was wondering if something like PC-BSD + CPanel would be the way to go. Would there be other BSD-based alternatives? I always do upgrades and configure services through the shell and I am not aware too much about the GUI alternatives... There are webbased configuration tools that run on common service combinations (like Apache + MySQL + PHP) that can be installed. However _installing_ them requires a skilled person who is able to administrate a server, which in turn traditionally implies the ability to use the command line, even if it's just for that abstraction job. Well, this part is not an issue, as he will not be the one doing the initial install of the system Okay, in this case FreeBSD can provide an excellent OS for that purpose. PC-BSD primarily aims at desktop usage, so for example it defaults to KDE, office applications, multimedia stuff and all the things you traditionally won't want on a server. But all these can be removed quite easily I guess... I'm not sure about that as those are essential parts of that FreeBSD derivate. It's like you would say to intend to strip all GUI components from Windows... :-) However, I think it would be much easier to start with a FreeBSD install and then add those tools you want. I assume this will consume less time (and will be less complicated as you're not about to break something unintendedly). Software solutions that come to mind are CPanel or WebMin. Maybe there are others? I'm not sure as I void those mostly inflexible, error-prone, overcomplicated and dangerous piles of bloat whenever possible. :-) How much security risk do these represent compared to using a Windows server? What's a 'Windows' server? Really, I've not come to the conclusion that Windows is to be used on _any_ servers, and as I'm not a Windows person, I'm the wrong one to ask for details here. From my own experiences in dealing with the _problems_ Windows servers traditionally impose on a network (consisting of UNIX and Linux primarily) that those who have to administer those Windows boxes are either in constant trouble (fixing things here and there, rebooting), or just don't care (which often turns their systems into targets for spammers, botnets and all the other unwanted stuff that increases your costs). The main problem of GUI in general is that it _might_ remove control you want, because it basically maps just a subset of possibilities to a point grunt interface. A SUBset - this means that you can encounter a case where you need something, but it can't be achieved per GUI interaction. Oh, that's can also be a downside: With GUI, you are tied to interactive management. You cannot script a GUI thing, you can't automate things. You have to do them yourself, in a linear way. Depending on _what_ you want to do, this should be considered in making an educated choice. For managing installed applications (ports), there are KDE tools for that (at least _have been_ in the past, not sure if they are still being maintained). Do the PC-BSD package management tools still require KDE? I though they were removing this dependency? I also thought there would be a tool to manage PBIs from the command line. However, you're free to use the standard FreeBSD installation methods on FreeBSD, which are: binary packages (pkg_add -r), ports subsystem and ports management (like portmaster, portmanager, portupgrade). The system cannot be updated by a GUI tool (why should it?), but it should be a job of max. 30 minutes to create a Tcl/Tk GUI wrapper for those things. Can PC-BSD OS be updated through a gui? Yes. They do updating per PBI, i. e. you download something using a web browser (ouch!) and then push da button. In some regards, this is comparable to how Linux manages the system (as it makes no difference between the operating system and installed 3rd party software, as _all_ of them are packages, managed by the system's package installer tool). Furthermore I assume there will be an automated notification. So if you chosse to run PC-BSD, you encounter a typical strength of FreeBSD (as a multi-functional OS): You end up with a desktop system that exposes server functionality (in your case: web server with PHP and MySQL), and that's a completely valid approach, even though it _might_ cause problems later on, as depending on GUI tools can lead you to a point where functionality you need is dropped from the GUI abstraction layer and you _have to_ deal with the CLI in order to keep things running.
Re: Help Finding ZFS snapshots
On Mon, 05 Sep 2011 14:22:45 +0100, Matthew Seaman wrote On 05/09/2011 14:13, Gene wrote: Either 1) I'm looking in all the wrong places, 2) the link was somehow deleted, 3) ZFS has changed TWTAD (the way things are done). Can anyone point me in the right direction? ZFS snapshots automount themselves when you cd to the snapshot directory. Cheers, Matthew The problem is finding the snapshot directory to cd into... -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re-create MBR
On Mon, 5 Sep 2011 13:26:38 +0100, Graham Bentley wrote: Hi All, I had to install Linux to participate in a project I was involved with. Now is all finished I have restored the partition but now need a 3bsd boot sector back. Scheme is ; 0 Primary XP 0 Extended FAT32 1 Primary FreeBSD Approx 1/3 disc for each. How can I restore the 3bsd boot sector? See man fdisk. In your case - depending on device names you are currently using - something _like this_ should do the trick: # fdisk -B /dev/ad0s2 I think you can also use the sysinstall Partition screen to update the boot sector (make no change to the slice listing, maybe mark the FreeBSD slice as active, then exit the screen and choose either standard MBR or the boot manager depending on your requirements). As I'm not a multi-boot person, I can't be more specific, sorry. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
I just took a look at PBDir and the choice of PBIs for server-related softwares seems to be rather limited. They have a PBI for Apache, but I could not even find one for PHP... To me it seems that if not all the required softwares are available through PBI, it would be better to drop the whole PBI idea all together and fall back to the FreeBSD port/package system. But to go with the FreeBSD route, I will need to convince my friend of using the command line at least to update the packages and the OS. I am not sure if he will enjoy the usage of tools such as mergemaster, given that this requires to have a good idea of what is going on in the config files. This might make an OS like Ubuntu easier to use for my friend, although this is probably not the most stable and secure OS for a server. It might be a necessary compromise in this case though... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
A workable RSS feed for BSDTalk ?
Hi, Is there any workable RSS feeds for BSDTalk channel ? Both *.blogspot.com and *.feedburner.com are blocked in my country. -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
On Mon, 05 Sep 2011 09:59:23 -0400, Pierre-Luc Drouin wrote: I just took a look at PBDir and the choice of PBIs for server-related softwares seems to be rather limited. Okay, that's understandable, as servers are not their main target. In fact, what do you need a GUI for on a server? - This is a typical question in such a setting, even though it is _possible_ to run a desktop with server functionality. They have a PBI for Apache, but I could not even find one for PHP... To me it seems that if not all the required softwares are available through PBI, it would be better to drop the whole PBI idea all together and fall back to the FreeBSD port/package system. Yes, I would agree with that. PBIs are primarily used to distribute desktop-oriented software in a fashion that a web browser is involved in obtaining them (instead of using comfortable tools like pkg_add or portmaster). But to go with the FreeBSD route, I will need to convince my friend of using the command line at least to update the packages and the OS. That's not a problem! You can easily write a short script that performs the required steps. Really, what's so hard about entering portmaster -a? I know it's a bit more complicated to update the system (i. e. following the 11 steps in /usr/src/Makefile), but it's also possible to make a Tcl/Tk GUI wrapper for that. In fact, it's even possible to make a desktop icon for a shell script that performs the required steps. Oh, and just in case you do not intend to update from source, why not use freebsd-update? It's _very_ easy to use, and it can also be included in a GUI wrapper. That would be the way I'd suggest: Install desired packages first with portmaster, keep the system up to date using both portmaster (for ports) and freebsd-update for the OS. (Of course you can choose a different port management tool if you like.) I am not sure if he will enjoy the usage of tools such as mergemaster, given that this requires to have a good idea of what is going on in the config files. The person who runs and administers a server is supposed to know what's going on on the system he is responsible for. You may call me old-fashioned for having such an opinion. :-) But as I mentioned above, you can omit mergemaster use if you keep using the -RELEASE-pX OS branch and use the binary method of freebsd-update. It's as simple as pkg_add -r. This might make an OS like Ubuntu easier to use for my friend, although this is probably not the most stable and secure OS for a server. There _are_ Linux distributions that provide a lot of GUI even for their server systems. I'm not sure which one it was... Red Hat maybe? Or SuSE? Their server and PC systems are designed to be compatible (in terms of GUI presented to the user and the administrator). Regarding Ubuntu, it's a quite nice desktop Linux, but I'm not sure how well it does _perform_ (see: performance) on a server. Maybe you can do some research on Linux server operating systems that emphasize an administration GUI? As I said, I think SuSE or Red Hat has something like that. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
How well does it work to use binary packages only to maintain a FreeBSD web server in general (I am thinking of package availability, but also and in particular as a quasi-automated updating tool)? I noticed that in the past few years, updating softwares through ports has been requiring more user intervention, due to the way some dependencies are being updated from one version to the next. Would using binary packages allow to avoid more such user intervention? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Accounting disabled/enabled messages
* Dan Nelson dnel...@allantgroup.com [2011-09-05 03:26 -0400]: Assuming you have accounting enabled in /etc/rc.conf, that's to be expected. Accounting is enabled on boot, disabled on shutdown, and cycled twice during /var/account/acct rotation at 3am. See /etc/rc.d/accounting and /etc/periodic/daily/310.accounting . smacks forehead Thanks! Apparently my digging in the source precluded me from looking in the normal places one would look to find these things out. ;) Appreciate the nudge. Regards, -- dave [ please don't CC me ] pgpVvZfgSxWfk.pgp Description: PGP signature
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
If you really want. GUI based server, go for a Windows one. It will cost you but security has improved. I would never do it though but I manage my server with shell tools. I love the easiness of textbased config files ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
On Mon, 05 Sep 2011 10:20:22 -0400, Pierre-Luc Drouin wrote: How well does it work to use binary packages only to maintain a FreeBSD web server in general (I am thinking of package availability, but also and in particular as a quasi-automated updating tool)? Quite well - as long as you're satisfied with the default building options. You know that a binary package is a port, compiled with the default set of options. This is okay in most cases, but there may be situations where you explicitely need to enable or disable a certain feature at compile time. You also may encounter a situation where _no_ package is available for a port (e. g. too many options, or licensing restrictions). This can be solved by portmaster which has an option to go through all interactive configuration screens _before_ starting any action. Those settings can be saved for the next update run. The portmaster program itself can be instructed to _use_ binary packages (just as pkg_add -r would do) with the -P and -PP options. In this case, binary packages will be used as long as possible, and only those ports that require building (as no package exists) will be compiled. See man portmaster for details. This is a good approach in combination with freebsd-update. I have used that concept on some servers myself (especially on smaller ones with low resources where compiling would be too problematic). I noticed that in the past few years, updating softwares through ports has been requiring more user intervention, due to the way some dependencies are being updated from one version to the next. Would using binary packages allow to avoid more such user intervention? Yes. All dependencies would be incorporated automatically. Only ports without equivalent package that additionally have OPTIONS to set would invoke a configuration screen, and this screen would have to be dealt with only in the first run of the updating process. There are also options for portmaster that can be used to control program behaviour in case of problems (e. g. some package not found, conflicting ports, versioning problem, or port marked broken). Those solutions can also easily be scripted, e. g. check one a week for possible updates and get the packages, but do not install them automatically (which can be a security requirement). If the list is approved, the updates will be installed during night, creating a fallback copy just in case something went wrong (e. g. malfunctioning new software). Reports can be generated automatically and mailed to the system administrator. I would also suggest to frequently check the mailing lists of the software in use for bugs and security updates that might be interesting in terms of system security. This sould be done for any major server software (Apache, PHP, MySQL and the services utilizing those software, whatever you want to run on the server). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [OT] pfSense Book Publisher
On Sun, Sep 4, 2011 at 1:31 PM, Steven Friedrich steven.e.friedr...@gmail.com wrote: Product Details Thank you! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
On Mon, 05 Sep 2011 10:50:19 -0400, Pierre-Luc Drouin wrote: I noticed that in the past few years, updating softwares through ports has been requiring more user intervention, due to the way some dependencies are being updated from one version to the next. Would using binary packages allow to avoid more such user intervention? Yes. All dependencies would be incorporated automatically. Only ports without equivalent package that additionally have OPTIONS to set would invoke a configuration screen, and this screen would have to be dealt with only in the first run of the updating process. There are also options for portmaster that can be used to control program behaviour in case of problems (e. g. some package not found, conflicting ports, versioning problem, or port marked broken). So, what I was referring to in particulars was special updates like this: 20110517: AFFECTS: users of lang/perl* AUTHOR: s...@freebsd.org lang/perl5.14 is out. If you want to switch to it from, for example lang/perl5.12, that is: Portupgrade users: 0) Fix pkgdb.db (for safety): pkgdb -Ff 1) Reinstall new version of Perl (5.14): env DISABLE_CONFLICTS=1 portupgrade -o lang/perl5.14 -f perl-5.12.\* 2) Reinstall everything that depends on Perl: portupgrade -fr perl So you are saying that this type of special interventions is not necessary when using only binary packages, right? Erm... no, or basically yes. :-) First of all, the example here refers to portupgrade, not to portmaster. The DISABLE_CONFLICTS variable is only required where something is built from source. By using packages, you can even _force_ installation of (maybe conflicting) packages, implying of course that this may cause damage. In _worst_ cases, there's the option to forcedly deinstall packages and then re-install them (in a newer version), this may be useful when the upgrade path is too much trouble. Coming back to that example: If you order portmaster to upgrade perl, you will traditionally also upgrade all ports depending on it. And if this is possible via packages (-P, -PP), it will reconstruct the dependencies properly so all programs can use the new perl version. However, as I've turned into a compile guy due to sufficient hardware, I usually use source-based updates when needed. I don't update my home system very often, because I'd like to keep it in a functional state. :-) So I've not come across that particular update yet, as I still have perl-threaded-5.10.1_4 installed, and there's nothing here that requires 5.12 or 5.14. When you choose to use portupgrade instead of portmaster, it's a good choice to always run pkgdb -aF before and after anything you do (e. g. also around a pkg_add -r command). I've been using portupgrade in the past, but today I prefer just ports (home) and portmaster (work). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help Finding ZFS snapshots
On Mon, 05 Sep 2011 10:48:22 -0400, Daniel Staal wrote --As of September 5, 2011 8:13:52 AM -0500, Gene is alleged to have said: Using FreeBSD 8.1, amd64 - I wanted to recover files from a snapshot of usr/home. Everything I've found via googling refers to a link such as path/zfs/.snapshot --As for the rest, it is mine. Try path/.zfs. ;) (Which, on my system, then has a 'snapshot' directory, which holds all the snapshots.) Daniel T. Staal No such luck. The following: cd / ls -R | grep -i zfs finds only 'zfs' directories in the source tree and ports. Other ideas? I know the snapshots exist, I can see 'em with zfs list -t snapshot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help Finding ZFS snapshots
--As of September 5, 2011 10:23:32 AM -0500, Gene is alleged to have said: On Mon, 05 Sep 2011 10:48:22 -0400, Daniel Staal wrote --As of September 5, 2011 8:13:52 AM -0500, Gene is alleged to have said: Using FreeBSD 8.1, amd64 - I wanted to recover files from a snapshot of usr/home. Everything I've found via googling refers to a link such as path/zfs/.snapshot --As for the rest, it is mine. Try path/.zfs. ;) (Which, on my system, then has a 'snapshot' directory, which holds all the snapshots.) Daniel T. Staal No such luck. The following: cd / ls -R | grep -i zfs finds only 'zfs' directories in the source tree and ports. Other ideas? I know the snapshots exist, I can see 'em with zfs list -t snapshot. --As for the rest, it is mine. Don't check if the directory is there first. It isn't. Just 'cd' to it, and it will exist. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
cpio command and schg flags
I am trying to use this code sequence to clone a directory tree. mkdir /usr/test1 cd /var find . | cpio -dmp /usr/test1 The result is /usr/test1 gets populated with the directory tree but all the schg flags get stripped off. How can I keep the schg flags in the cloned directory? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cpio command and schg flags
On Mon, 5 Sep 2011 11:32:05 -0400, joeb1 wrote: I am trying to use this code sequence to clone a directory tree. mkdir /usr/test1 cd /var find . | cpio -dmp /usr/test1 The result is /usr/test1 gets populated with the directory tree but all the schg flags get stripped off. How can I keep the schg flags in the cloned directory? As far as I remember, cpio doesn't copy flags. But you can use either dump + restore, or dpdup (from ports). From man cpdup: The cpdup utility makes an exact mirror copy of the source in the destination, creating and deleting files and directories as necessary. UTimes, hardlinks, softlinks, devices, permissions, and flags are mirrored. Flags are explicitely mentioned here. Maybe you can give this program a try? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help Finding ZFS snapshots
On Mon, 05 Sep 2011 11:35:34 -0400, Daniel Staal wrote --As of September 5, 2011 10:23:32 AM -0500, Gene is alleged to have said: On Mon, 05 Sep 2011 10:48:22 -0400, Daniel Staal wrote --As of September 5, 2011 8:13:52 AM -0500, Gene is alleged to have said: Using FreeBSD 8.1, amd64 - I wanted to recover files from a snapshot of usr/home. Everything I've found via googling refers to a link such as path/zfs/.snapshot --As for the rest, it is mine. Try path/.zfs. ;) (Which, on my system, then has a 'snapshot' directory, which holds all the snapshots.) Daniel T. Staal No such luck. The following: cd / ls -R | grep -i zfs finds only 'zfs' directories in the source tree and ports. Other ideas? I know the snapshots exist, I can see 'em with zfs list -t snapshot. --As for the rest, it is mine. Don't check if the directory is there first. It isn't. Just 'cd' to it, and it will exist. Daniel T. Staal Well I'll be hornswaggled ... Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A workable RSS feed for BSDTalk ?
From owner-freebsd-questi...@freebsd.org Mon Sep 5 09:08:27 2011
Date: Mon, 5 Sep 2011 21:39:07 +0800
From: Aaron Lewis the.warl0ck.1...@gmail.com
To: FreeBSD Questions freebsd-questions@freebsd.org
Subject: A workable RSS feed for BSDTalk ?
Hi,
Is there any workable RSS feeds for BSDTalk channel ?
Eiher of *.blogspot.com and *.feedburner.com work just fine
Both *.blogspot.com and *.feedburner.com are blocked in my country.
Oh. you need a feed you can access in ${UNNAMED_COUNTRY}. And, apparently
the State of 'Confusion'.
Hint: if you don't specify the coutry, nobody has a _hope_ of being
able what might be 'not blocked' here.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help Finding ZFS snapshots
2011-09-05 17:23, Gene skrev: On Mon, 05 Sep 2011 10:48:22 -0400, Daniel Staal wrote --As of September 5, 2011 8:13:52 AM -0500, Gene is alleged to have said: Using FreeBSD 8.1, amd64 - I wanted to recover files from a snapshot of usr/home. Everything I've found via googling refers to a link such as path/zfs/.snapshot --As for the rest, it is mine. Try path/.zfs. ;) (Which, on my system, then has a 'snapshot' directory, which holds all the snapshots.) Daniel T. Staal No such luck. The following: cd / ls -R | grep -i zfs finds only 'zfs' directories in the source tree and ports. Other ideas? I know the snapshots exist, I can see 'em with zfs list -t snapshot. The .zfs directory is normally hidden, so it won't even show up on ls -a output. You have to either explicitly cd to it or make it visible by zfs set snapdir=visible filesystem ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
FreeBSD On Mon, Sep 5, 2011 at 8:31 AM, Polytropon free...@edvax.de wrote: On Sun, 04 Sep 2011 23:47:03 -0400, Pierre-Luc Drouin wrote: Hi, so I have a friend who is looking for the best OS for a web server, that allows to configure services (I guess HTTP, PHP, MySQL and web content) and do the OS maintenance (OS package updates, firewall configuration) without having to touch a shell. I was wondering if something like PC-BSD + CPanel would be the way to go. Would there be other BSD-based alternatives? I always do upgrades and configure services through the shell and I am not aware too much about the GUI alternatives... FreeBSD and ISPCP do wonders and its not bloated like cpanel, source available and it just works, webmin is junk, and cpanel is resource intensive There are webbased configuration tools that run on common service combinations (like Apache + MySQL + PHP) that can be installed. However _installing_ them requires a skilled person who is able to administrate a server, which in turn traditionally implies the ability to use the command line, even if it's just for that abstraction job. FreeBSD can be the OS running such a combination. PC-BSD primarily aims at desktop usage, so for example it defaults to KDE, office applications, multimedia stuff and all the things you traditionally won't want on a server. Software solutions that come to mind are CPanel or WebMin. Maybe there are others? I'm not sure as I void those mostly inflexible, error-prone, overcomplicated and dangerous piles of bloat whenever possible. :-) For managing installed applications (ports), there are KDE tools for that (at least _have been_ in the past, not sure if they are still being maintained). The system cannot be updated by a GUI tool (why should it?), but it should be a job of max. 30 minutes to create a Tcl/Tk GUI wrapper for those things. And firewall configuration: I'm quite sure PC-BSD has something for that, except that it probably won't give you the flexibility to automatically change firewall rules depending on different kinds of attacks the server will encounter. Please keep in mind: If you're running a web server, you're part of the target group of thousands of villains across the Internet who will happily exploit any weakness you are presenting to them, depending on the services and software you run. What's possible to run will also depend on what kind of server you have. For example if you run a server without any GPU, but PC-BSD depends on hardware-accellerated 3D graphics for managing the firewall, then... you know. :-) There still is a question that your friend should give an answer to himself: Wouldn't it be worth investing in basic UNIX skills and command line operations to gain knowledge and experience to professionally administer a server instead of relying on abstracted layers of abstracted abstractions that GUIs provide here, maybe paying with speed and security loss? It's like driving a car; you _can_ pay a driver to drive your car all the time, but maybe you should consider to learn how to drive yourself. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help Finding ZFS snapshots
Gene f...@brightstar.bomgardner.net writes: On Mon, 05 Sep 2011 10:48:22 -0400, Daniel Staal wrote --As of September 5, 2011 8:13:52 AM -0500, Gene is alleged to have said: Using FreeBSD 8.1, amd64 - I wanted to recover files from a snapshot of usr/home. Everything I've found via googling refers to a link such as path/zfs/.snapshot --As for the rest, it is mine. Try path/.zfs. ;) (Which, on my system, then has a 'snapshot' directory, which holds all the snapshots.) Daniel T. Staal No such luck. The following: cd / ls -R | grep -i zfs finds only 'zfs' directories in the source tree and ports. Other ideas? I know the snapshots exist, I can see 'em with zfs list -t snapshot. The .zfs directory is hidden by default so you have to specifically ls or go into them. Do a 'ls' on the base directory of any zfs file system, and then add .zfs to the end and you should see the .snapshots directory. -- Carl Johnsonca...@peak.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re-create MBR
On Mon, 5 Sep 2011, Graham Bentley wrote: I had to install Linux to participate in a project I was involved with. Now is all finished I have restored the partition but now need a 3bsd boot sector back. Scheme is ; 0 Primary XP 0 Extended FAT32 1 Primary FreeBSD Approx 1/3 disc for each. How can I restore the 3bsd boot sector? If you mean the FreeBSD boot0 multi-boot loader, see boot0cfg(8). It can be run from a live CD like mfsBSD (http://mfsbsd.vx.sk/). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
weekly_status_pkg_enable and vulnerabilities
Hi, is there a way to show only ports where security advisories have been posted in the weekly output, similar to enabling weekly_status_pkg_enable in periodic.conf? Moritz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: weekly_status_pkg_enable and vulnerabilities
On 05/09/2011 20:25, Moritz Wilhelmy wrote:
is there a way to show only ports where security advisories have been
posted in the weekly output, similar to enabling
weekly_status_pkg_enable in periodic.conf?
Not specifically weekly. There's a *daily* security check on installed
ports if you install ports-mgmt/portaudit
If you really want a weekly rather than a daily report, you could adapt
${LOCALBASE}/etc/periodic/security/410.portaudit into
${LOCALBASE}/etc/periodic/weekly/410.portaudit pretty easily.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
Re: weekly_status_pkg_enable and vulnerabilities
Hi,
On Mon, Sep 05, 2011 at 21:09:48 +0100, Matthew Seaman wrote:
On 05/09/2011 20:25, Moritz Wilhelmy wrote:
is there a way to show only ports where security advisories have been
posted in the weekly output, similar to enabling
weekly_status_pkg_enable in periodic.conf?
Not specifically weekly. There's a *daily* security check on installed
ports if you install ports-mgmt/portaudit
If you really want a weekly rather than a daily report, you could adapt
${LOCALBASE}/etc/periodic/security/410.portaudit into
${LOCALBASE}/etc/periodic/weekly/410.portaudit pretty easily.
Thanks, Matthew, portaudit is what I was looking for.
Moritz
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cpio command and schg flags
Polytropon free...@edvax.de writes: On Mon, 5 Sep 2011 11:32:05 -0400, joeb1 wrote: I am trying to use this code sequence to clone a directory tree. mkdir /usr/test1 cd /var find . | cpio -dmp /usr/test1 The result is /usr/test1 gets populated with the directory tree but all the schg flags get stripped off. How can I keep the schg flags in the cloned directory? As far as I remember, cpio doesn't copy flags. But you can use either dump + restore, or dpdup (from ports). From man cpdup: The cpdup utility makes an exact mirror copy of the source in the destination, creating and deleting files and directories as necessary. UTimes, hardlinks, softlinks, devices, permissions, and flags are mirrored. Flags are explicitely mentioned here. Maybe you can give this program a try? I think that tar will also work (but not gnu tar), and it is part of the base system. The manpage does show an example of how to do this, but calls it moving the file heirarchy. -- Carl Johnsonca...@peak.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Evolution problems...
Hope someone can help... I finally upgraded firefox, and in the course of this, libnotify.so.1 seems to have been deleted, which is required by evolution. So I tried deinstalling evolution, and then reinstalling: --- === Generating temporary packing list === Checking if graphics/gtk-update-icon-cache already installed === gtk-update-icon-cache-2.24.6 is already installed You may wish to ``make deinstall'' and install this port again by ``make reinstall'' to upgrade it properly. If you really wish to overwrite the old port of graphics/gtk-update-icon-cache without deleting it first, set the variable FORCE_PKG_REGISTER in your environment or the make install command line. *** Error code 1 Stop in /usr/ports/graphics/gtk-update-icon-cache. *** Error code 1 Stop in /usr/ports/graphics/gtk-update-icon-cache. *** Error code 1 Stop in /usr/ports/mail/evolution. *** Error code 1 Stop in /usr/ports/mail/evolution. *** Error code 1 Stop in /usr/ports/mail/evolution. - make deinstall: === Deinstalling for mail/evolution === evolution not installed, skipping --- portmaster is not helpful. Any clues would be most welcome. Thanks so much. Scott -- s...@ssr.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
nss-3.12.11.with.ckbi.1.87.tar.gz: File unavailable (e.g., file not found, no access)
Dear folks, sorry to bother you guys, but I am encountering a problem updating I need 4 ports only, but can't get past the error above: Building new INDEX files... done. === New version available: ca_root_nss-3.12.11_1 === New version available: gtk-2.24.6 === New version available: gtk-update-icon-cache-2.24.6 === New version available: firefox-6.0.1,1 === 402 total installed ports === 4 have new versions available grullahighschool# portmaster -a === License check disabled, port has not defined LICENSE === Found saved configuration for ca_root_nss-3.12.9 = nss-3.12.11.with.ckbi.1.87.tar.gz doesn't seem to exist in /usr/ports/distfiles//. = Attempting to fetch http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: No address record = Attempting to fetch http://mirror3.mirrors.tds.net/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://mirror3.mirrors.tds.net/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://mozilla.isc.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://mozilla.isc.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://releases.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://releases.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: No route to host = Attempting to fetch http://kyoto-mz-dl.sinet.ad.jp/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://kyoto-mz-dl.sinet.ad.jp/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://jp-nii01.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://jp-nii01.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://jp-nii02.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://jp-nii02.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://mozilla.mtk.nao.ac.jp/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://mozilla.mtk.nao.ac.jp/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://mirror.internode.on.net/pub/mozilla/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://mirror.internode.on.net/pub/mozilla/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://ftp.acc.umu.se/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://ftp.acc.umu.se/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Moved Temporarily = Attempting to fetch http://mozilla.c3sl.ufpr.br/releases/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://mozilla.c3sl.ufpr.br/releases/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch http://www.gtlib.cc.gatech.edu/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://www.gtlib.cc.gatech.edu/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: Not Found = Attempting to fetch ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: No address record = Attempting to fetch ftp://ftp.fh-wolfenbuettel.de/pub/www/mozilla/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch:
Re: Evolution problems...
On Mon, 5 Sep 2011, the wise Scott Ballantyne wrote: Stop in /usr/ports/graphics/gtk-update-icon-cache. *** Error code 1 Stop in /usr/ports/graphics/gtk-update-icon-cache. *** Error code 1 Try deinstalling and reinstalling gtk-update-icon-cache first. Regards, Marco -- My father was a God-fearing man, but he never missed a copy of the New York Times, either. -- E. B. White ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Evolution problems...
On Mon, Sep 5, 2011 at 4:35 PM, Scott Ballantyne s...@ssr.com wrote: I finally upgraded firefox, and in the course of this, libnotify.so.1 seems to have been deleted, which is required by evolution. So I tried deinstalling evolution, and then reinstalling: There are at least two entries in /usr/ports/UPDATING which you should follow. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPsec phase 1 and 2 negotiation in an infinite loop.
Hi, Can anyone please comment/shed some light/give hints on the following?: I've got a VPN cranking between 8.2-RELEASE-p2 (my end) and an unknown appliance (the other party doesn't want to disclose specs). Everything works just fine and I had a stable and fully established connection for 4 months without a problem. However, today the tunnel went down. I'm using FreeBSD's IPsec and ipsec-tools-0.8.0_2 (racoon). Everything's up to date. The thing is, according to tcpdump, it seems that both machines are trying to get beyond phases 1 and 2 in an infinite loop: 00:00:04.024146 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:01.800582 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident 00:00:02.220315 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:04.067302 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.69 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:02.393116 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.92 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:01.320660 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident 00:00:00.689822 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.93 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:02.009365 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.99 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:02.010914 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.000106 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:02.008823 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.62 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:02.015381 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.89 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:04.005956 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.000109 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:04.030017 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.83 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:04.012759 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.000100 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:04.007933 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.000105 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:04.019993 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 662: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 2/others ? oakley-quick[E] 00:00:00.97 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 82: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 2/others ? inf 00:00:04.047917 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500
Re: A workable RSS feed for BSDTalk ?
Hi,
Is there any workable RSS feeds for BSDTalk channel ?
Eiher of *.blogspot.com and *.feedburner.com work just fine
Both *.blogspot.com and *.feedburner.com are blocked in my country.
Oh. you need a feed you can access in ${UNNAMED_COUNTRY}. And, apparently
the State of 'Confusion'.
Hint: if you don't specify the coutry, nobody has a _hope_ of being
able what might be 'not blocked' here.
Sorry man , it's China , and the evil GFW reset all connections it
disparages.
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nss-3.12.11.with.ckbi.1.87.tar.gz: File unavailable (e.g., file not found, no access)
In the last episode (Sep 05), Antonio Olivares said: Dear folks, sorry to bother you guys, but I am encountering a problem updating I need 4 ports only, but can't get past the error above: Building new INDEX files... done. === New version available: ca_root_nss-3.12.11_1 === New version available: gtk-2.24.6 === New version available: gtk-update-icon-cache-2.24.6 === New version available: firefox-6.0.1,1 === 402 total installed ports === 4 have new versions available grullahighschool# portmaster -a === License check disabled, port has not defined LICENSE === Found saved configuration for ca_root_nss-3.12.9 = nss-3.12.11.with.ckbi.1.87.tar.gz doesn't seem to exist in /usr/ports/distfiles//. = Attempting to fetch http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz fetch: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/nss-3.12.11.with.ckbi.1.87.tar.gz: No address record This is your main problem; you aren't able to resolve ftp.mozilla.org for some reason. The other sites are mirrors that either aren't mirroring the security subdirectory, or haven't updated their mirror recently enough to have a copy of that file. I tried to get the file manually, but it does not exist. Thanks for advice/suggestions/comments. It definitely does exist at the above url. Since you seem to be having DNS issues, try putting 63.245.209.137 ftp.mozilla.org in your /etc/hosts file and try fetching again, since that's what ftp.mozilla.org currently resolves to. Remember to remove the line after fetching, since the IP may change later. http://www.robtex.com/dns/ftp.mozilla.org#records -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPsec phase 1 and 2 negotiation in an infinite loop.
On 9/5/2011 8:06 PM, Mikhail Goriachev wrote: Hi, Can anyone please comment/shed some light/give hints on the following?: I've got a VPN cranking between 8.2-RELEASE-p2 (my end) and an unknown appliance (the other party doesn't want to disclose specs). Everything works just fine and I had a stable and fully established connection for 4 months without a problem. However, today the tunnel went down. I'm using FreeBSD's IPsec and ipsec-tools-0.8.0_2 (racoon). Everything's up to date. The thing is, according to tcpdump, it seems that both machines are trying to get beyond phases 1 and 2 in an infinite loop: 00:00:04.024146 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:01.800582 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident Configuration files and logs are available on request. post a dozen lines of tcpdump -s0 - -ni external int port 500 As well as the racoon logs and config as well as setkey -DP ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPsec phase 1 and 2 negotiation in an infinite loop.
Hi Mike, Mike Tancsa wrote: On 9/5/2011 8:06 PM, Mikhail Goriachev wrote: Hi, Can anyone please comment/shed some light/give hints on the following?: I've got a VPN cranking between 8.2-RELEASE-p2 (my end) and an unknown appliance (the other party doesn't want to disclose specs). Everything works just fine and I had a stable and fully established connection for 4 months without a problem. However, today the tunnel went down. I'm using FreeBSD's IPsec and ipsec-tools-0.8.0_2 (racoon). Everything's up to date. The thing is, according to tcpdump, it seems that both machines are trying to get beyond phases 1 and 2 in an infinite loop: 00:00:04.024146 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:01.800582 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident Configuration files and logs are available on request. post a dozen lines of tcpdump -s0 - -ni external int port 500 I stopped ipsec and racoon. Fired up tcpdump, started ipsec and racoon and sent one ping to the other end. The following is the output: # tcpdump -s0 - -ni eth0 port 500 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 03:17:31.410202 IP (tos 0x0, ttl 64, id 41076, offset 0, flags [none], proto UDP (17), length 128) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024 (vid: len=16 afcad71372a1f1c96b8696fc99570100) 03:17:31.637424 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 108) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024 03:17:31.639838 IP (tos 0x0, ttl 64, id 41077, offset 0, flags [none], proto UDP (17), length 208) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 I ident: (ke: key len=128 c86646bb8a5a05d423e94dba3e59924d815f4edaf4747d98fd7d2d01ceba0bc17e00011efc92b7157d8644082c5655eca7d86c47b6015473446ae5875175f0a64d911bb8b16615f60e967c45a79f4bd225f892cfb9e4de481bc2e1f3ef08b442dafcefe887w3a3604c0932761f11247425b7745529bc879591f67f56dda7b2f6) (nonce: n len=16 ecb2af111bcdd6c6220a487a51d58100) 03:17:32.423407 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 212) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident: (ke: key len=128 f1e1fc68dc231887dd7af4bd758536ae72adaa6c8636ec62bf4a1d97e61fcc8f6af2f287e38de667398ae82286c865gb3301816b31f645f16f592a8a3afd7e3bec7f2d37c355c571700jkac37f288267f2f6a147232463c74f28fga7c89b06ef3aafdc46cf042000f26be2ddg57ede284c393dd7615afbbd64f78d8fea9049b0) (nonce: n len=20 59e43b2c35b61n18d67e7060f32aad1f7891f397) 03:17:32.425834 IP (tos 0x0, ttl 64, id 41085, offset 0, flags [none], proto UDP (17), length 96) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 I ident[E]: [encrypted id] 03:17:33.090177 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 96) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident[E]: [encrypted id] 03:17:33.090311 IP (tos 0x0, ttl 64, id 41092, offset 0, flags [none], proto UDP (17), length 112) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others I inf[E]: [encrypted hash] 03:17:33.090614 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 96) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident[E]: [encrypted id] 03:17:33.412039 IP (tos 0x0, ttl 64, id 41093, offset 0, flags [none], proto UDP (17), length 176) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others I oakley-quick[E]: [encrypted hash] 03:17:33.615466 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 184) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others R oakley-quick[E]: [encrypted hash] 03:17:33.615585 IP (tos 0x0, ttl 64, id 41094, offset 0, flags [none], proto UDP (17), length 88) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others I oakley-quick[E]: [encrypted hash] ^C 11 packets captured 200 packets received by filter 0 packets dropped by kernel Note: a.b.c.d is my end. w.x.y.z is the other end. vid:, ke: and nonce: are scrambled. As well as the
