Updating OpenSSL ...
I'd like to install the OpenSSL port, and stay current with it in the future. It isn't clear to me what I have to do to have the system use the port, instead of what's in the base, and what I'll need to rebuild after installing the port. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.2.1: Wireless X questions
Ok. I installed 5.2.1 on a laptop last night, which went quite nicely. During the install, it detected my wireless card, just fine. It wanted to dhcp for it, but that (correctly) failed, as my net uses wep. So, it punted me to the manual interface configuration screen, where I was easily able to tell it everything it needed to successfully get me on the air. I was a happy camper. :) Questions: 1) How do I tell the system the ssid, wepmode, and key, and then have it get everything else via dhcp? 2) How do I *easily* handle multiple wireless nets? I will be using the laptop on a number of them. 3) How do I tell the system to cope, when I put a wired card in, instead of a wireless card, and I just want it to get me on the air with dhcp? 4) It's a Dell Lattitude CPx J. How do I configure X on it? That's really two questions ... I skipped the X setup during install, and don't know how to get back to that configuration screen, and I don't know anything about the video card and screen in the laptop. From the Dell support site's original configuration specs for this specific laptop, it says this about the screen: Part# 4564E, Description: Liquid Crystal Display, TFT, 14.1, CRNA, Samsung. TIA, -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to allow 'User-A' to burn CD
You will have to install the security/sudo port and read up on the sudoers(5) manual page and the visudo(8) application used to edit that file. What do these numbers (5) and (8) referring to. Page number? They refer to the section of the manual. To read them, issue these commands: man 5 sudoers man 8 visudo -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: Just give 777 permissions to /var/log/messages This is BAD advice, and you should NOT follow it. If you do, you will give anyone the ability to modify or delete your log entries, which yoou do NOT want. Find and fix the actual problem; don't bypass the symptom with something that reduces system security. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: Hi, I did not mean to change the permissions to 777 permanently. Just to come to a conclusion on whether it is a permission problem. As 90% unix problems are related to permissions. Then you should have said so. But you did not - you simply told an admitted noob to set the permissions to 777, without any explanation. He might have done that, and if it had fixed his problem, he might have left it that way, thinking everything was solved - but with his logfile open to attack. Please think about the advice you give, and whom you are giving it to, before you give it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
chkrootkit says 'date' is infected
I just installed and ran the chkrootkit port on my 5.2.1-RELEASE-p5 system. It says my date command is infected. Nothing else, just that. How can I determine if this is a false positive or if I'm truly hacked? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need vinum info/advice, fast.
A client has hired me to do some work, part of which is replacing Red Hat 9, which is end-of-lifed at the end of this month. I'd convinced him to let me install FreeBSD, right up until I told him that - to my knowledge - you cannot trivially set up software raid on FreeBSD, during install, as you can with Red Hat Linux. I'm supposed to build the new server tomorrow. *Is* there any way I can set up software raid of two ide disks, during install, and for all partitions? This is just to mirror the system disk, so that we can avoid downtime, and going to backups in case of a disk failure. If it can be done, how do I do it? I've never used vinum before, and only know what it is, but nothing about it. I wish I had more than one night to figure this out, but I don't. If it isn't FreeBSD, he going to likely want me to install Fedora Core 2 Linux, instead. TIA, -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need vinum info/advice, fast.
Greg 'groggy' Lehey wrote: On Wednesday, 21 April 2004 at 18:28:47 -0400, Bill Moran wrote: I believe this is still valid: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum-root.html Thanks. I just read that chapter, and, while it makes some sense, it didn't tell me anything about how to do mirroring during install, or how to mirror an existing drive after installation of the OS. I don't see anything incorrect in it. You may find the description at http://www.vinumvm.org/cfbsd/vinum.pdf easier to understand. Thanks. Will read that now, and then post any questions I have. I appreciate the rapid responses, guys. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need vinum info/advice, fast.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum-root.html http://www.vinumvm.org/cfbsd/vinum.pdf Ok. I've read both documents, which were quite educational. Thanks. :) It seems that what I want to do is install to the first system disk, as normally, and then convert that disk to a vinum disk, using the method described starting on page 237 of the above vinum.pdf. The steps aren't entirely clear to me, after that, as to how to make the second disk a vinum drive that is a mirror of the first. Do I just partition it as normally, but saying that the partition types are type vinum? Then do I format those new partitions, and then describe the volume, plexes and subdisks in the configuration file, adding each subdisk to the existing setup so it will mirror? Do I ever even have to format thos partitions, or does vinum just recreate the filesystems bit by bit? I'm not sure I'm asking the right questions. Pointers are most welcome. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nslookup
Brian Henning wrote: is there a bsd tool that gives the domain name of an IP address? host? nslookup? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/proc
One of the things I really miss from my Linux system, is the /proc directory structure, where I could easily find out so much about my system and, in some cases, modify it. Is there are way I can get such a thing under FreeBSD 5.2.1-RELEASE-p4? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How can I remove this file ?
Nick wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Supote Leelasupphakorn Sent: Friday, April 09, 2004 7:41 AM To: [EMAIL PROTECTED] Subject: How can I remove this file ? Hi lists How can I delete file named prefix with - ? TIA Pote rm ./-file rm -- -file -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OT: how do I get this to link?
I'm trying to port a program to FreeBSD 5.2.1-RELEASE-p4, from Linux. First, I haven't tried to do anything like this since college, which was a looong time ago, so please forgive my ignorance ... I can't get the program to link. In the output below, the things that c-client4.a is complaining about are found in the pam and ssl libs earlier in the line (I grep'd for a number of them, in /usr/lib/*.a, and they were found in those two libs). I have tried many different ways of ordering the libs, and this is the one that produces the least undefined references. I have all the libs found in /usr/lib first and the libs from /usr/local/lib second. I'm pulling my hair out trying to get this to work. Can someone help me figure this out please? Here's the output: peter# make gcc -c filtercmd.c -DSQUIRRELMAILCONFIGFILE='/usr/local/www/squirrelmail/config/config.php' gcc -c checkcreds_cclient.c -I/usr/local/include/c-client '-DMAIL_H=mail.h' '-DLINKAGE_C=linkage.c' -DIMAP_TIMEOUT=2 '-DMAILBOXFLAGS=/norsh/tls/novalidate-cert' gcc -o filtercmd filtercmd.o checkcreds_cclient.o -lpam -lssl -lcrypt -lkrb5 -lcom_err -lz -lcrypto -L/usr/local/lib -lc-client4 -lgssapi_krb5 -lk5crypto -static /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_onceonlyinit': osdep.o(.text+0x859d): warning: tmpnam() possibly used unsafely; consider using mkstemp() /usr/local/lib/libc-client4.a(osdep.o): In function `checkpw': osdep.o(.text+0x83f7): undefined reference to `pam_start' osdep.o(.text+0x8417): undefined reference to `pam_set_item' osdep.o(.text+0x842e): undefined reference to `pam_authenticate' osdep.o(.text+0x8445): undefined reference to `pam_acct_mgmt' osdep.o(.text+0x845c): undefined reference to `pam_setcred' osdep.o(.text+0x847f): undefined reference to `pam_setcred' osdep.o(.text+0x8492): undefined reference to `pam_end' osdep.o(.text+0x84ac): undefined reference to `pam_end' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_onceonlyinit': osdep.o(.text+0x8690): undefined reference to `RAND_seed' osdep.o(.text+0x86d9): undefined reference to `SSL_library_init' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_start_work': osdep.o(.text+0x899f): undefined reference to `TLSv1_client_method' osdep.o(.text+0x89a6): undefined reference to `SSLv23_client_method' osdep.o(.text+0x89ae): undefined reference to `SSL_CTX_new' osdep.o(.text+0x89e1): undefined reference to `SSL_CTX_ctrl' osdep.o(.text+0x8a17): undefined reference to `SSL_CTX_set_verify' osdep.o(.text+0x8a22): undefined reference to `SSL_CTX_set_default_verify_paths' osdep.o(.text+0x8a2d): undefined reference to `SSL_new' osdep.o(.text+0x8a52): undefined reference to `BIO_new_socket' osdep.o(.text+0x8a65): undefined reference to `SSL_set_bio' osdep.o(.text+0x8a70): undefined reference to `SSL_set_connect_state' osdep.o(.text+0x8a7b): undefined reference to `SSL_state' osdep.o(.text+0x8aa3): undefined reference to `SSL_ctrl' osdep.o(.text+0x8abe): undefined reference to `SSL_write' osdep.o(.text+0x8af0): undefined reference to `SSL_get_peer_certificate' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_open_verify': osdep.o(.text+0x8bf2): undefined reference to `X509_STORE_CTX_get_error' osdep.o(.text+0x8bfa): undefined reference to `X509_verify_cert_error_string' osdep.o(.text+0x8c08): undefined reference to `X509_STORE_CTX_get_current_cert' osdep.o(.text+0x8c10): undefined reference to `X509_get_subject_name' osdep.o(.text+0x8c2a): undefined reference to `X509_NAME_oneline' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_getdata': osdep.o(.text+0x90e4): undefined reference to `SSL_get_fd' osdep.o(.text+0x914e): undefined reference to `SSL_pending' osdep.o(.text+0x9306): undefined reference to `SSL_read' osdep.o(.text+0x9325): undefined reference to `SSL_get_error' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_sout': osdep.o(.text+0x942f): undefined reference to `SSL_write' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_abort': osdep.o(.text+0x94ca): undefined reference to `SSL_shutdown' osdep.o(.text+0x94d5): undefined reference to `SSL_free' osdep.o(.text+0x94ed): undefined reference to `SSL_CTX_free' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_server_init': osdep.o(.text+0x96eb): undefined reference to `ERR_load_crypto_strings' osdep.o(.text+0x96f0): undefined reference to `SSL_load_error_strings' osdep.o(.text+0x976a): undefined reference to `TLSv1_server_method' osdep.o(.text+0x9771): undefined reference to `SSLv23_server_method' osdep.o(.text+0x9779): undefined reference to `SSL_CTX_new' osdep.o(.text+0x97bf): undefined reference to `SSL_CTX_ctrl' osdep.o(.text+0x97d2): undefined reference to `SSL_CTX_set_cipher_list' osdep.o(.text+0x9806): undefined reference to `SSL_CTX_use_certificate_chain_file' osdep.o(.text+0x983e): undefined reference to `SSL_CTX_use_RSAPrivateKey_file' osdep.o(.text+0x988b): undefined reference to `SSL_CTX_ctrl' osdep.o(.text+0x98a2): undefined
Re: OT: how do I get this to link?
I wrote: I can't get the program to link. In the output below, the things that c-client4.a is complaining about are found in the pam and ssl libs earlier in the line (I grep'd for a number of them, in /usr/lib/*.a, and they were found in those two libs). I have tried many different ways of ordering the libs, and this is the one that produces the least undefined references. I have all the libs found in /usr/lib first and the libs from /usr/local/lib second. I'm pulling my hair out trying to get this to work. Can someone help me figure this out please? I'm at my wits end with this. I've continued to try reordering the libs or adding them more than once, as 'man ld' says I can do (that only led to even more undefined references), and even tried to tell ld to search the libs multiple times, via the -( -) construct, but make barfed on that. Any programmers out there that would be able to help me sort this out, off list, please? TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: how do I get this to link?
Malcolm Kay wrote: Maybe it is OK but to me the -static option at the end of the command looks strange. And I know the documentation says that mostly the command line order doesn't matter; but try it near the beginning. Several of us tried and failed to get it to link statically in various ways, so we gave up, dropped -static, and went dynamic instead. It even required fewer libraries that way. My thanks to Matt Emmerton for the final solution that worked. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dircmp?
Dan Nelson wrote: In the last episode (Mar 28), Kris Kennaway said: On Sun, Mar 28, 2004 at 08:28:31PM -0500, Shaun T. Erickson wrote: Is there a dircmp command for 5.2.1-RELEASE-p3? I can't find one ... Not in the base system. Maybe it's available in a port with a different name. What does it do? It compares two directory trees and tells you which files exist in one or both, and tells you which files are the same in both. SUSv2 deprecated it and recommended people use diff -r instead. SUSv3 doesn't mention it at all. I tried diff -r and didn't really like it at all. The output isn't anywhere near as nice as dircmp's. Shaun: if you have access to a Tru64 or Solaris system, you can use their dircmp commands, since they are shell scripts. Unfortunately, I don't, or I'd lift a copy. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where is fortune on 5.2.1-RELEASE?
Doug Poland wrote: Hello, I've googled for this but came up empty. I cannot find the fortune program on this recently installed box. On 4.9-STABLE it lives in /usr/games/fortune. /usr/games/fortune on my 5.2.1-RELEASE-p3 box. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dircmp?
Is there a dircmp command for 5.2.1-RELEASE-p3? I can't find one ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: log off with process running
I'm surprised this hasn't been mentioned, but why not try screen? It's made for precisely this reason. Screen is your friend. Screen is probably the tool I use most, as a SysAdmin. I couldn't live without it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Enabling linux compatibility
When I installed my system, it asked if I wanted to enable linux compatibility, and I said no. Now I think I may need it, and am wondering if I need to do anything special to enable it, other than setting linux_enable=YES in /etc/rc.conf. You will need to install one of the linux-base packages from ports. the plain vanilla one is the most stable in my experience... Thanks! -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trying to run a Linux binary ...
I installed linux_base, which turned on linux emulation: # kldstat Id Refs AddressSize Name 17 0xc040 5b570c kernel 21 0xc09b6000 51ac8acpi.ko 31 0xc462 19000linux.ko # When I run the file, I get: ELF binary type 0 not known. # file filtercmd filtercmd: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, statically linked, not stripped # I'm not sure what to do now ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Trying to run a Linux binary ...
Lowell Gilbert wrote: Shaun T. Erickson [EMAIL PROTECTED] writes: I installed linux_base, which turned on linux emulation: # kldstat Id Refs AddressSize Name 17 0xc040 5b570c kernel 21 0xc09b6000 51ac8acpi.ko 31 0xc462 19000linux.ko # That installs the kernel support, but it doesn't turn it on. Run linux(8) (at the command line). I don't have any such command on my system. I looked at the package list for linux_base, and it doesn't install anything named that ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Enabling linux compatibility
When I installed my system, it asked if I wanted to enable linux compatibility, and I said no. Now I think I may need it, and am wondering if I need to do anything special to enable it, other than setting linux_enable=YES in /etc/rc.conf. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: disconnecting keyboard: big trouble !?!
Steve Ireland wrote: This is a PS/2 thing, not an operating system thing. You really can fry your motherboard plugging and unplugging PS/2 devices while the system is powered up. I suppose it's possible, but I know I 've never fry'd one. I'm always unplugging and pluging mine back in. The key to getting the keyboard re-initialized, when you plug it back in - at least under 5.2.1-RELEASE-p3 - is to change hint.atkbd.0.flags=0x1 to hint.atkbd.0.flags=0x0 in /boot/device.hints and reboot. After that, you can plug and unplug to your heart's content. I'm told this setting may have to be made in the kernel, requiring a custom kernel, in 4.x releases. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
phpmyadmin forbidden?
I wanted to install this on my 5.2.1-p3, but it's forbidden. Emailing the maintainer got no response. Does anyone know what's up with this? I'm told it will make my life much easier -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Top posting
... both top and bottom ... All this talk of top and bottom is making me blush and breathe heavy, LOL (j/k). :-) Perhaps this dead horse has been sufficiently beaten, that we can let it Rest In Peace, and move on? :-) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
I messed up my system, please help. library missing
I went to rebuild the mod_php4 port with openssl support (btw, is the correct way to do that this: make -DWITH_OPENSSL ?). During the build, it wanted to upgrade expat, but said there was an older version installed and that if I wanted it upgraded that I should to a 'make deinstall' and a 'make reinstall' to do so, then come back to the mod_php4 build. So I did that. Now my system is missing an apparently important library 'libexpat.so.4' and things are broken that need it - notably, my web server is down. How do I get the old version reinstalled, and have the new version as well, for things that need it? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I messed up my system, please help. library missing
Jorn Argelo wrote: I guess the best thing to do is to deinstall Apache as well, and recompile it from the ports tree. (make sure to sync your ports-tree first) Make sure you backup your website content, since I don't know if the make deinstall will delete your content as well. Then recompile PHP as well. correct way to do that this: make -DWITH_OPENSSL ?). I believe it was yes, though correct me if I am wrong. What got me going again, was making a symbolic link from libexpat.so.5 to libexpat.so.4. That got my webserver running, and allowed me to rebuild mod_php4 (and yes, that *was* the right way to get ssl support into it). I probably should make the time to upgrade anything that relies on expat and remove that link though. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I messed up my system, please help. library missing
Kirk Strauser wrote: From /usr/ports/UPDATING: 20040313: AFFECTS: users of textproc/expat2 Sigh. I'm still new to FreeBSD. I *really* need to get in the habit of checking that file. Thanks. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openSSL certificate key's
Matthew Seaman wrote: On Thu, Mar 18, 2004 at 09:15:28AM +, Matthew Seaman wrote: NB. Verb. Sap. Some applications (*cough* Outlook *cough*) get upset when the OU in the certificate is the same as the OU of your certificate authority. Ahem. The CN or Common Name is what I should have said there. Ooops. Or, spend $49.00 and get a real SSL Cert from InstantSSL, like I did. Works like a charm. No, I don't work for them, and am not associated with them in any way, other than as a happy customer. Their cert was cheap enough to make getting a real one worth it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Downgrading 4.9-stable to 4.9-release-p3
Kent Stewart wrote: How are you going to include the changed libraries in modules you don't rebuild? The advisory was even more specific, i.e., rebuild all ports that use OpenSSL. That's not exactly what it said. It said to rebuild all statically linked ports and 3rd-party apps: Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled. Dynamically linked programs do not have to be rebuilt. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rc script timing issues?
Peter Risdon wrote: From man 8 rc.d: The scripts within each directory are executed in lexicographical order. If a specific order is required, numbers may be used as a prefix to the existing filenames, so for example 100.foo would be executed before 200.bar; without the numeric prefixes the opposite would be true. You might be able to see this if you've installed, say, mysql-client which uses a script in /usr/local/etc/rc.d called 000.mysql-client.sh - the 000. forces an early startup. So I suggest you're better off moving the scripts back to /usr/local/etc/rc.d and prefixing them with numerals to get the startup order correct. This was exactly the solution I needed and, per your later email, I also made sure the client script runs first. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd question
Matthew Seaman wrote: Unfortuately if you're going to run ntpd, you can't get rid of these: ntpd(8) will automatically bind to all interfaces on the system, and there are no controls within ntpd to control that. Darn. Thanks for the suggestions! I was already controlling access to the port with my ipfilter firewall, and will continue to do so. I just believe in not letting anything bind to a port, that isn't required to. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sasl2--saslauthd--pam--mysql issue
Aaron Peterson wrote: If you have plain text passwords in your MySQL database, you don't need PAM to look them up. SASL2 has this ability natively. I'm going through PAM because I don't want to store passwords in plain text. I have everything set up right, as near as I can tell. It's just that saslauthd isn't passing the realm. I'm told, on another list, that this is a feature of saslauthd from the latest version of sasl, which I'm using. I'm told there is supposed to be a patch out there, somewhere, to restore this behavior. I haven't been able to find it yet. :( -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I add a local patch to a port?
I have generated a patch that I want to apply to a port. I don't know how to tell the port to use it though. Just putting it in the files directory didn't seem to do the trick. What else do I need to do to? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Shaun T. Erickson wrote: I have generated a patch that I want to apply to a port. I don't know how to tell the port to use it though. Just putting it in the files directory didn't seem to do the trick. What else do I need to do to? I looked at the porter's handbook, and it says that simply dropping the patch into the files directory should get it automatically applied, but it's not. The patch is named patch-aa and is relative to the WRKSRC directory. Suggestions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Alexander Haderer wrote: At 13:04 09.03.2004 -0500, Shaun T. Erickson wrote: Shaun T. Erickson wrote: ... I looked at the porter's handbook, and it says that simply dropping the patch into the files directory should get it automatically applied, but it's not. The patch is named patch-aa and is relative to the WRKSRC directory. Suggestions? Patching the wrong file? Patching an already patched file? Patching in wrong direction: old --- new exchanged by accident? directory for patch ok? shouldn't it be relative to extracted sources dir within WRKSRC? Well, cd'ing into the work directory and then into the source directory and saying: patch patchfile correctly patches the file ./dir/file2bepatched So, if patchfile is in the files directory, it ough to just work, yes? But it isn't. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Alexander Haderer wrote: Just another guess: Probably it makes a difference if the patchfile patches ./dir/tobepatched and dir/tobepatched. A brief look into other ports shows me that the latter is used. I don't know if it have to be this way or not. Ok. I'm trying to patch /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.17/saslauthd/auth_pam.c. The patchfile is named patch-aa and is located in /usr/ports/security/cyrus-sasl2-saslauthd/files. Here is the contents of the patchfile that works manually, when I cd to /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.17 and run patch /usr/ports/security/cyrus-sasl2-saslauthd/files/patch-aa: Index: saslauthd/auth_pam.c diff -u saslauthd/auth_pam.c.orig saslauthd/auth_pam.c --- saslauthd/auth_pam.c.orig Sat May 31 13:00:24 2003 +++ saslauthd/auth_pam.cTue Mar 9 11:53:44 2004 @@ -178,7 +178,7 @@ const char *login, /* I: plaintext authenticator */ const char *password,/* I: plaintext password */ const char *service, /* I: service name */ - const char *realm __attribute__((unused)) + const char *realm /* END PARAMETERS */ ) { @@ -186,17 +186,25 @@ pam_appdata my_appdata;/* application specific data */ struct pam_conv my_conv; /* pam conversion data */ pam_handle_t *pamh;/* pointer to PAM handle */ +char user[256]; int rc;/* return code holder */ /* END VARIABLES */ -my_appdata.login = login; +strlcpy(user, login, 256); + +if (realm) { +strlcat(user, @, 256); +strlcat(user, realm, 256); +} + +my_appdata.login = user; my_appdata.password = password; my_appdata.pamh = NULL; my_conv.conv = saslauthd_pam_conv; my_conv.appdata_ptr = my_appdata; -rc = pam_start(service, login, my_conv, pamh); +rc = pam_start(service, user, my_conv, pamh); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, DEBUG: auth_pam: pam_start failed: %s, pam_strerror(pamh, rc)); It all looks right to me, but when I do a make clean follwed by a make, the file does not get patched. What am I doing wrong? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Dancho Penev wrote: Put the patch in security/cyrus-sasl2/files directory. Take a look in port's Makefile where ${PATCHDIR} is set to different location. Aha! That solved it. Thanks. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pam question
I have pam configured so that when my virtual email users (well, the *users* aren't virtual, hehe) send email, they have to use smtpauth. I created a file in /etc/pam.d, called smtp. It has in it: auth required pam_mysql.so user=postfix passwd=apassword host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 account sufficient pam_mysql.so user=postfix passwd=apassword host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 Everything works fine ... almost. Remote users, in the system's local domain, also have to auth in order to relay. But their password is being looked up in my mysql database, instead of in the password file. How can I modify pam's smtp file to allow for both conditions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ntpd question
I run ntpd to keep my server's time in sync with a remote server. In my netstat -a output, I see: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 localhost.ntp *.* udp4 0 0 peter.ntp *.* udp4 0 0 *.ntp *.* I'm not running an ntp server, and would like these entries to go away. I've looked at the ntpd man page and haven't been able to find any option to tell it not to attach to ports. How can I do this? TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rc script timing issues?
On 5.2.1-RELEASE-p1, in /usr/local/etc/rc.d, I have scripts that start my MySQL database, and that start my Courier-IMAP daemons. When the scripts for courier run, one of the first things they do is start authdaemond, which should fire up several authdaemond.mysql processes and then they start the imap daemons. On reboot, the imap daemons are running, but the authdaemond.mysql processes aren't. If I stop the imap script, and re-run it, everything starts up just fine. I suspect that the database isn't getting started before the imap scripts are run. So, I moved the database startup script to /etc/rc.d, but on reboot, the database wasn't started. I had hoped moving it to /etc/rc.d might start it earlier in the boot process. Suggestions? TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installation - More user friendly
JJB wrote: WD My web spider robot found this web site which is not on any of the search engines yet. www.a1poweruser.com Looks like it offers what you want in the way of user-friendly step-by-step instructions to installing FBSD. 1) Surreptitiously plugging your own site, is crass, at best. 2) Not telling him you charge for everything there, is devious. Perhaps you should also tell him that when you respond to posts for help, on this list, that you frequently ignore the person's questions and instead rant on about the evils of whatever it is they are trying to do/use. Perhaps you should tell him that, at least in the area of networking, you haven't got a clue about what you are talking about (I specifically refer you to the completely inaccurate information you gave me regarding, for instance, the generation of fragments.) Based on the many posts of yours that I've seen, on this list and another, I've concluded that you do know some things and have some usefull information to impart, but that your ranting and mis-information obscure them to such a degree that you're comments are not worth paying much attention too. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Missing pam_mysql.so
I seem to be missing pam_mysql.so on my 5.2.1-RELEASE_p1 system, and this is causing me problems, as I need pam to authenticate against a mysql 4.0.18 database. I have no clue what provides that file. Can anyone help me, please. TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Missing pam_mysql.so
Shaun T. Erickson wrote: I seem to be missing pam_mysql.so ... I guess I'm tired, as I found it in /usr/ports/security/pam_mysql. Sorry for the noise. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sasl2--saslauthd--pam--mysql issue
If I set pwcheck_method to auxprop and authenticate against sasldb2 which has a single user of [EMAIL PROTECTED] in it, along with it's password, I can auth just fine from mozilla, where I told it my user name was [EMAIL PROTECTED]. However, if I change it from auxprop to saslauthd, which calls pam, which does a mysql lookup instead, it fails. It opens the correct database and table, and selects the right fields, but it asks for a username of ste, instead of [EMAIL PROTECTED], so it doesn't find the password, and fails. Why is it only asking for ste, and how do I get it to ask for the right value? TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portsdb issues
When I run portsdb -Uu on my 5.2.1-RELEASE-p1 system, I get: Updating the ports index ... Generating INDEX.tmp - please wait.. followed by over 10,000 entries similar to this: make_index: gnomemag-0.10.7: no entry for /usr/ports/textproc/libxml2 followed by: Warning: Duplicate INDEX entry: Done. done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 3795 port entries found /usr/ports/INDEX-5:1:Port info line must consist of 10 fields. /usr/ports/INDEX-5:2:Port info line must consist of 10 fields. /usr/ports/INDEX-5:3:Port info line must consist of 10 fields. /usr/ports/INDEX-5:4:Port info line must consist of 10 fields. /usr/ports/INDEX-5:5:Port info line must consist of 10 fields. .1000.2000.3000... . done] There was only one duplicate entry reported. So, how do I get my system back into a happy state? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb issues
Kent Stewart wrote: There was a problem like this a couple of days ago but I haven't seen any problem generating INDEX today. I would re-cvsup and see if it goes away. I have been diligently keeping my system cvsup'd every day. It dawned on me that I haven't been running portsdb -Uu after every cvsup though, so I ran it, and that's what I got. So what do I do now? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb issues
Kent Stewart wrote: Did you recvsup ... Apparently I'm new enough to FreeBSD that I don't understand you. I ran cvsup on my docs, my system source and my ports, and ran portsdb -Uu afterwards. When I run them again, there is nothing to download. That tells me I have everything. I guess I don't know what you want me to do. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb issues
Kent Stewart wrote: The mirrors mostly update on the hour. Cvsuping less than an hour apart may be using the same old data. You need to wait until 15-20 minutes after the hour for the mirror to be updated. I mirror most of the data and it takes around 8 minutes for a mirror update to finish. I waited a bit, then ran cvsup on the ports, once more, and this time there was more to download, including a new INDEX-5 file. I ran portsdb -Uu once more, and it worked perfectly. I guess my ports tree was out of sync somehow. Thanks for the suggestions! :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
'pkg_delete port' vs 'cd /usr/ports/port;make deinstall'
'pkg_delete port' vs 'cd /usr/ports/port;make deinstall' What's the difference between these? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mysql woes (self-inflicted)
I was having trouble getting mysql40 running, so I removed the server and client packages. I then manually cleaned out the files under /var/db/mysql. Then I rebuilt the server and client. Sadly, when I try to start the server, it complains that mysql.host - one of the files I deleted - doesn't exist. How do I get all that stuff under var/db/mysql back, that I deleted? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql woes (self-inflicted) SOLVED
Shaun T. Erickson wrote: I was having trouble getting mysql40 running, so I removed the server and client packages. I then manually cleaned out the files under /var/db/mysql. Then I rebuilt the server and client. Sadly, when I try to start the server, it complains that mysql.host - one of the files I deleted - doesn't exist. How do I get all that stuff under var/db/mysql back, that I deleted? I had to rebuild the server with OVERWRITE_DB=yes. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My ipfilter rules.
In order to be a good netizen, I applied the bogon list to my outbound traffic, too. I also moved the bad packet checks to the head of the incoming rules, as they make more sense there - no point in letting them use any more cpu than needed, if they are junk. At least 35 people have looked at my rules (http://www.ste-land.com/rules.html). I've updated the page, so be sure to hit refresh/reload, if you go to look at it again. So far, two people have responded. I took the suggestions of one. Anyone else? I'm putting the server on the Internet tonight, and would like the firewall done by then. Two questions: 1) Should I be performing the bad packet checks on the outbound path, too? 2) I looked at using groups to keep outbound packets from traversing rules for inbound packets, and vice versa, but I still don't understand them well enough to set them up. Suggestions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter 'keep frags' question
Are only tcp packets subject to fragmentation, or are udp and icmp, as well? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
My ipfilter rules.
I've ported my iptables firewall rules to ipfilter. Since I'm new to firewalling under any *BSD, and because it never hurts to get a review, I was wondering if some of you, who are good at, would critique my rules. Rather than include the file here, I give a link to it, below. Feel free to critique both content and form. Note that I obfuscated my server's IP address in the one place it shows up. The firewall is to harden a stand-alone server, with a single interface. Policy is to let anything out, but be cautious about what is allowed in. Here's the file: http://www.ste-land.com/rules.html I'm sure I'll learn more, based on your responses. TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My ipfilter rules.
I wrote: I was wondering if some of you, who are good at, would critique my rules. Here's the file: http://www.ste-land.com/rules.html So far, I've gotten these suggestions: Apply the bogon list to the outbound path. Compress my blocking of netbios junk to one rule. Move bad options flags check to head of list. Any other suggestions? Question: Is there some way I can have all outbound packets skip being tested by rules for inbound packets, and vice versa? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I test for NO tcp flags being set, in ipfilter?
See subject. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I test for NO tcp flags being set, in ipfilter?
Jerry McAllister wrote: See subject. :) A note: That is impolite and unhelpful. You should put your information including the auestion in the body of the message. My sincere apologys. I was trying to be helpful by not repeating myself, and wasting bandwidth when my entire question was framed in the subject. I won't do it again though, if it's considered impolite. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I test for NO tcp flags being set, in ipfilter? (repost)
How do I test for NO tcp flags being set, in ipfilter? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I test for NO tcp flags being set, in ipfilter? (repost)
Danny Pansters wrote: On Tuesday 02 March 2004 18:27, Shaun T. Erickson wrote: How do I test for NO tcp flags being set, in ipfilter? You can filter on TCP flags but seems to me what you really mean is how to check for no TCP options (nop) rather than no flags: 'with opt nop' is a syntax that should work. WRT flags, it's my understanding that every TCP packet has at least the A or S flag set. Actually, I do mean no flags set. Nmap's null scan uses packets with all tcp flags turned off. On linux, with iptables, I would say -tcp-flags ALL NONE to test for this (the bits to test and the mask are in reverse order to how we specify them in ipfilter). The closest ipfilter statement would be flags /FSRPAU, specifying no flags to be set, out of all flags. I don't believe this is legal syntax though. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter frags question
Having given up on ipfw and switching to ipfilter (much nicer!), I nearly have my firewall set up. Then I ran into a problem ... On my Linux box, I can force all fragments to be re-assembled into whole packets before being presented to the firewall, and that's what I've done. However, as near as I can tell, FreeBSD (5.2.1-RELEASE) doesn't have that feature. So what do I do with fragments? They are a valid part of a tcp conversation, so dropping them isn't good, but neither is just accepting them willy-nilly, either. Suggestions, please, and TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter tcp flags question
How do I test that none out of all flags are set? flags /FSRPAU isn't legal, I'm sure. Is ! flags FSRPAU or flags ! FSRPAU? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter tcp flags question
Remko Lodder wrote: i do it like this: block in log quick proto tcp all flags FUP block in log quick proto tcp all flags SAFRU/SAFRU block in log quick proto tcp all flags SF/SF block in log quick proto tcp all flags SR/SR I'll have to scratch my head over that one for a bit, before I understand it, but I guess you're saying that the above 4 rules imply a fifth in that if none were set, it couldn't get through them, right? I really dislike implied rules, and avoid them if at all possible, as they are hard to maintain. :) Is there no way to explicitly test for no flags being set? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel compile errors - but how do I get the output
Tadimeti Keshav wrote: Hi all I have problems compiling my kernel. I have enabled: device udbp# USB Double Bulk Pipe devices I get errors at link time with udbp.o. I am not able to copy from aterm and paste to nedit. make /home/abcd/make_log.log only says stop... But is does not contain the error output. I would appreciate any help. Thanks Use the script command. Type, for example: script /var/tmp/make.out then go ahead and run your make. When it's finished, tyoe a Control-D and then vi /var/tmp/make.out to look at all the output of the make run. :) HTH :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw ruleset traversal question
I'm trying to port my linux netfilter/iptables firewall to 5.2.1-RESLEASE. Iptables has the concept of chains. There are three defined by the system: INPUT, FORWARD OUTPUT. Packets coming into the system that are destined for a local process traverse the INPUT chain only, packet generated by the system, and leaving it, traverse the OUTPUT chain only, and packets that are simply passing through the system traverse the FORWARD chain only. One nice benefit of this, is that inbound packets don't have to traverse rules for outbound packets and vice-versa. This allows efficient grouping of rules and reduces the performance hit of packets having to be checked by all rules. How can I set up my ipfw ruleset so that I can achieve that same benefit? TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw ruleset traversal question
Shaun T. Erickson wrote: Iptables has the concept of chains. Please forgive me for following up my own post. I know it's bad form ... In addition to the system defined chains, iptables lets me create user defined chains, that I can jump to based on criteria I set, so as to further refine my rules such that packets only traverse the rules they must. So, I'm trying to figure out how to simulate everything I've said about chains, in ipfw ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
LINT file?
If I understand correctly, in previous releases there used to be a file /usr/src/sys/i386/conf/LINT, that listed all the things one could put in their kernel conf file. I can't find any such file on 5.2.1-RELEASE. Can someone please tell me where I can find it or it's replacement please? TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LINT file?
Matt Emmerton wrote: cd /usr/src/sys/i386/conf make LINT Note that the LINT kernel is _strictly_ a list of all the possible things to put in your kernel config -- there are no explanatory comments anymore. That's a shame. I was counting on the comments to educate me. Can you point me to any other documentation that might cover what I find in that file? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LINT file?
Rowdy wrote: You would be looking for the NOTES file in /usr/src/sys/arch/conf? There is also a NOTES file in, erm, /usr/src/sys/conf IIRC. Thank you. That's exactly what I was looking for. I should have known to simply look for it under another name, instead of just giving up early when the ls for LINT turned up nothing. Mea culpa. -ste P.S.: Looking at it, I discovered that there is a ste device driver and man page, lol. When I pointed it out to my roommate, he said he wants to get in touch with the author. He says there's a few feature enhancements he'd like, and several nasty bugs he'd like worked out. :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firewall enabling confusion.
I put 'firewall_enable=YES' in /etc/rc.conf, in anticipation of rebuilding my kernel with the following options turned on: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 I rebooted, for unrelated reasons, and now see in the messages file that ipfw2 has been enabled and, indeed, since I have no rules in place, my system is cut off from the network. I haven't yet rebuilt my kernel, so I don't understand why this kicked in. Did adding that line in rc.conf suck in a kernel module that obsoletes the need for those kernel options? How do I check (I'd do an lsmod, on Linux - don't know what the equivalent FreeBSD command is)? If it is a module, how do I enable logging, as adding 'firewall_logging=YES' to /etc/rc.conf didn't turn it on, according to the messages file. Likewise for divert (though I don't currently need it). Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall enabling confusion.
Remko Lodder wrote: kldstat is the program you are looking for (like lsmod) It can indeed be that the module is loaded with it's default settings {block all} Hope this solves your lsmod question, the rest i cannot help you with since i don't understand ipfw :) {yet} Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to know how to enable things like divert and logging. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel modules question.
In linux, I'd use /etc/modules.conf to list and configure any kernel modules I want loaded at boot time. How is that done in FreeBSD? I see that there are a *lot* of kernel modules in /boot/kernel. How do I find out what each one is for and what their configuration options are? Sorry for newbie questions. I'm trying to learn FreeBSD as fast as I can. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall enabling confusion.
Warren Block wrote: On Fri, 27 Feb 2004, Shaun T. Erickson wrote: Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to know how to enable things like divert and logging. /etc/rc.firewall has examples. I looked at that. That's not what I mean. :) I mean, if I do not have to build a new kernel to enable firewalling, logging and divert, then how do I enable them, such that the following line from my messages file would show that they have been enabled? Adding firewall_enable=YES to rc.conf caused the ipfw module to be loaded, enabling firewalling. Adding firewall_logging=YES did *not* enable logging in the message file line shown below. How do I do that? How would I get that line to show divert as being enabled? I may be wrong (correct me if I am, please), but doesn't that line have to show them as enabled, before I can successfully make use of them in ipfw commands like those you pointed me to in rc.firewall? What if I want that line to report that the default is open, instead of deny? Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel modules question.
Warren Block wrote: On Fri, 27 Feb 2004, Shaun T. Erickson wrote: In linux, I'd use /etc/modules.conf to list and configure any kernel modules I want loaded at boot time. How is that done in FreeBSD? It's /boot/loader.conf. See 'man 5 loader.conf'. Ah. Thank you. :) Where do I find documentation for the 341 or so modules? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall enabling confusion.
Ion-Mihai Tetcu wrote: hint: sysctl -a | grep ip.fw for logging do: sysctl -w net.inet.ip.fw.verbose: 1 sysctl -w net.inet.ip.fw.verbose_limit: 5 Ah. see also man ipfw, it will answer your questions. I'm still wading through it - it's quite a long read. I'll finish before asking anything else. ;) AFAIK recompile with IPFW_DEFAUL_TO_ACCEPT, but it would be a bad thing. I don't disagree - I just wanted to know how. It helps me to understand the system better. ;) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick newbie portupgrade question.
Kevin D. Kinsey, DaleCo, S.P. wrote: Shaun T. Erickson wrote: I understand that 'portupgrade -arR' will upgrade everything. Some are packages and some are ports. Will portupgrade upgrade packages with packages, and ports with ports, or do packages get replaced with ports, so that all are ports after it's run? Check out the -P and -PP CLI switches to portupgrade(1). If I read them correctly, I cannot have packages replaced with packages, and ports with ports. That is, unless I can figure out which are which, ahead of time, and select the right switches for the right things. Is there an easy way to determine which are which? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for ipfw info.
JJB wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shaun T. Erickson Sent: Thursday, February 26, 2004 2:08 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Looking for ipfw info. JJB wrote: The problem with all those links is that what they write about is outdated and complete mis-directs the reader into using IPFW's legacy stateless rules when only stateful rules should be used to get the max level of protection. The rules she gives in her second article most certainly describe creating a stateful firewall. Yes for an firewall without an lan behind it Which is exactly what I'm trying to set up. www.a1poweruser.com Is where you can purchase the complete results of my in-depth research, as soon as I complete the buy now button function. Check back in a week. Can someone who isn't trying to sell me something, corroborate anything he's said? It would be nice to hear from someone else, too. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ruby ( final answer )
Michael Sharp wrote: pkgdb is still looking for /usr/local/bin/ruby which after the upgrade dosent exist. Its now /usr/local/bin/ruby16 ln -s /usr/local/bin/ruby16 /usr/local/bin/ruby fixes pkgdb and portsdb I'm setting up a new 5.2.1-RELEASE system and was concerned about this, as I was about to install portupgrade, which would also install ruby. With all ports up to date, I crossed my fingers and did a make install clean. Everything installed and works fine. I got a ruby18 (yes, 18) that was linked to ruby. Are you sure you have the latest portupgrade and ruby installed? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Quick newbie portupgrade question.
I understand that 'portupgrade -arR' will upgrade everything. Some are packages and some are ports. Will portupgrade upgrade packages with packages, and ports with ports, or do packages get replaced with ports, so that all are ports after it's run? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for ipfw info.
JJB wrote: The problem with all those links is that what they write about is outdated and complete mis-directs the reader into using IPFW's legacy stateless rules when only stateful rules should be used to get the max level of protection. The rules she gives in her second article most certainly describe creating a stateful firewall. They also completely ignore the problem ipfw has with stateful rules not working when the divert/naded subroutine call is used. IPFW has major legacy stateful/NAT bug and ipfilter does not. Can you provide me with links to information that documents this? Ipfilter provides an much higher level of protection in an LAN environment than IPFW can ever do in it's current state. Even the openbsd pf port is an better firewall solution for a firewall with an LAN behind it then IPFW. Please provide me with links to documentation that objectively compares them, so that I can weigh the merits of what you say. Please don't continue the FBSD's handbook mis-information about IPFW being the only FBSD firewall solution or that it's the best solution. The handbook is also way behind in it's content being current and up to date. As a new FreeBSD user, there's no way I could possibly know that, now is there? I simply passed along what I have found to be useful. I still need to know the answer to my question about what changes I need to make to my kernel to support a firewall on my server. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for ipfw info.
I wrote: I have read the following 5 excellent articles on ipfw, by Dru Lavigne. I forgot to include the links. Here they are: BSD Firewalls: IPFW http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html BSD Firewalls: IPFW Rulesets http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html BSD Firewalls: Fine-Tuning Rulesets http://www.onlamp.com/pub/a/bsd/2001/06/01/FreeBSD_Basics.html IPFW Logging http://www.onlamp.com/pub/a/bsd/2001/06/21/FreeBSD_Basics.html Monitoring IPFW Logs http://www.onlamp.com/pub/a/bsd/2001/07/05/FreeBSD_Basics.html -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for ipfw info.
Thanks for the resources. A couple of questions (because I'm new to FreeBSD): The ipfw man page in 5.2.1-RELEASE says that ipfw in CURRENT is ipfw2 and that ipfw in STABLE is ipfw1. I still don't understand the releationship between RELEASE and the other two, so I am not sure which ipfw I have in 5.2.1-RELEASE. I have read the following 5 excellent articles on ipfw, by Dru Lavigne. Even though they were written in 2001, and thus pre-date ipfw2, I found them to be a great crash course in ipfw, and the ipfw manpage in 5.2.1-RELEASE just adds to it. In Dru's first article, she(?) discusses how the kernel must be modified to support a firewall. She looks into /usr/src/sys/i386/conf/LINT to find the relevant information that needs to be added to my kernel conf file. I cannot find a LINT file on my 5.2.1-RELEASE system. Where can I find complete information on what I need to do to my kernel? TIA -ste P.S.: I find that ipfw rules are far more human-readable than I thought, and when comparing my linux server's ipchains rules to /etc/rc.firewall's simple firewall rules, I found them to be very similar. :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cvsupfile question
I installed 5.2 from ISOs, then wanted to keep it up to date with the latest security fixes and to keep my ports doc trees up to date as well. I tried the following cvsupfile, and got two thirds of what I wanted, so I must not quite understand it yet. My ports docs are up to date, but instead of just getting security fixes to 5.2, my system source jumped to 5.2.1rc2. I don't want to go to 5.2.1 until it's officially released. I'm reinstalling from scratch, and want to do it right this time. Can someone help me correct my cvsupfile, please? TIA peter# cat /etc/cvsupfile *default tag=RELENG_5_2 *default host=cvsup12.us.freebsd.org *default prefix=/usr *default base=/usr/local/etc/cvsup *default release=cvs delete use-rel-suffix compress src-all *default tag=. ports-all doc-all peter# -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I turn this off?
When I login, I get a UNIX tip by Dru, printed on the screen. I'd like to turn that off, but haven't located where to do that ... TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Looking for ipfw info.
Can someone point me to a good, current ipfw HOW-TO? I'm very good with linux's ipchains/iptables firewall commands, but am replacing that server with a FreeBSD server and need to translate my firewall ... TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring a Linux machine as a dynamic router
CHANDANA S wrote: Hello, I am trying to configure my Linux machine I believe you are on the wrong list. This list is for the FreeBSD operating system, not the Linux operating system. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: imap question
Louis LeBlanc wrote: Might as well use POP, correct? Yes and no. POP is fine if you only ever check mail from one system. Otherwise, imap is more appropriate. Security is a separate issue altogether when you look at it this way. Well, you also have to take into consideration where you want your email stored. If you want it on the server, use IMAP, if you want it on your local system (where it's more likely to get blown away), use POP. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]