Re: gpart, glabel and newfs -- what am I doing wrong
Hi, On Sun, 13 Jan 2013 01:36:21 -0500 kpn...@pobox.com wrote: On Sun, Jan 13, 2013 at 08:09:00AM +0700, Erich Dollansky wrote: For what is glabel then still good? It is still useful for partition schemes that don't have labels (eg, MBR) AND the filesystem used doesn't support labels itself AND the end of the partition does not get touched by the filesystem. Note that UFS in FreeBSD does support labels. I believe it is the '-L' option to newfs. ZFS does not in this sense, and ZFS touches the end of the partition. That's a long list of conditions. So, really, glabel should typically be avoided. thanks for the explaination. I am not able to use the labels outside gpart but if they work for me - as it currently looks like - I will stick with them. I will later report in more detail when I have finished my scripts. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart, glabel and newfs -- what am I doing wrong
On Sun, 13 Jan 2013, kpn...@pobox.com wrote: On Sun, Jan 13, 2013 at 08:09:00AM +0700, Erich Dollansky wrote: For what is glabel then still good? It is still useful for partition schemes that don't have labels (eg, MBR) AND the filesystem used doesn't support labels itself AND the end of the partition does not get touched by the filesystem. But it doesn't matter what the filesystem does. Access to the last block is not allowed by the label device. The filesystem does not even see it. See my reply in -fs: http://lists.freebsd.org/pipermail/freebsd-fs/2013-January/016113.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart, glabel and newfs -- what am I doing wrong
On Sun, 13 Jan 2013, Warren Block wrote: On Sun, 13 Jan 2013, kpn...@pobox.com wrote: On Sun, Jan 13, 2013 at 08:09:00AM +0700, Erich Dollansky wrote: For what is glabel then still good? It is still useful for partition schemes that don't have labels (eg, MBR) AND the filesystem used doesn't support labels itself AND the end of the partition does not get touched by the filesystem. But it doesn't matter what the filesystem does. Access to the last block is not allowed by the label device. The filesystem does not even see it. See my reply in -fs: http://lists.freebsd.org/pipermail/freebsd-fs/2013-January/016113.html Sorry, forgot to mention that one possible use for glabel is to label a swap partition on an MBR drive. # glabel label myswap /dev/ada0s1b And then in /etc/fstab: /dev/label/myswap noneswapsw 0 0 One block is used for metadata at the end of ada0s1b, but it's safe from overwriting because /dev/label/myswap does not include that block. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gpart, glabel and newfs -- what am I doing wrong
Hi, in general, I try to create the partitions with gpart, add a label with glabel and put a filesystem. I think that I am doing something very simple the wrong way but I cannot see the error. I try to do it in the following way: # gpart destroy -F da0 # gpart create -s GPT da0 # gpart add -t freebsd-boot -s 64k da0 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0 # gpart add -t freebsd-ufs -s 512m -a 4k -l Toshiba16GB2boot da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2root da0 # gpart add -t freebsd-swap -s 10m -a 4k -l Toshiba16GB2swap da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2var da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2tmp da0 # gpart add -t freebsd-ufs -a 4k -l Toshiba16GB2usr da0 Label the partitions: # glabel label Toshiba16GB2boot /dev/da0p2 # glabel label Toshiba16GB2root /dev/da0p3 # glabel label Toshiba16GB2swap /dev/da0p4 # glabel label Toshiba16GB2var /dev/da0p5 # glabel label Toshiba16GB2tmp /dev/da0p6 # glabel label Toshiba16GB2usr /dev/da0p7 And put a file system onto the partitions. # newfs /dev/label/Toshiba16GB2boo # newfs /dev/label/Toshiba16GB2roo # newfs /dev/label/Toshiba16GB2var # newfs /dev/label/Toshiba16GB2tmp # newfs /dev/label/Toshiba16GB2usr But newfs on the first partition results in this: Filesystem size 15 minimum size of 48 When I ran the newfs directly on the device, I get this: [X220]/home/erich (root) newfs /dev/da0p2 /dev/da0p2: 512.0MB (1048576 sectors) block size 32768, fragment size 4096 using 4 cylinder groups of 128.03MB, 4097 blks, 16512 inodes. super-block backups (for fsck -b #) at: 192, 262400, 524608, 786816 Of course, this is what I expect. I believe that it is something simple but I am not able to see my mistake. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart, glabel and newfs -- what am I doing wrong
FWIW I could not partition using the FreeBSD 9.0 amd64 install DVD. I partitioned with the PcBSD 8.2 DVD and then tried to install from 9.0, but it anyway caused partitioning issues. After that I partitioned using FreeBSD 8.3, installed 8.3 and then updated to 9.1. Regards, Ralf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart, glabel and newfs -- what am I doing wrong
On Sat, 12 Jan 2013, Erich Dollansky wrote: in general, I try to create the partitions with gpart, add a label with glabel and put a filesystem. I think that I am doing something very simple the wrong way but I cannot see the error. I try to do it in the following way: # gpart destroy -F da0 # gpart create -s GPT da0 # gpart add -t freebsd-boot -s 64k da0 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0 # gpart add -t freebsd-ufs -s 512m -a 4k -l Toshiba16GB2boot da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2root da0 # gpart add -t freebsd-swap -s 10m -a 4k -l Toshiba16GB2swap da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2var da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2tmp da0 # gpart add -t freebsd-ufs -a 4k -l Toshiba16GB2usr da0 Label the partitions: # glabel label Toshiba16GB2boot /dev/da0p2 # glabel label Toshiba16GB2root /dev/da0p3 # glabel label Toshiba16GB2swap /dev/da0p4 # glabel label Toshiba16GB2var /dev/da0p5 # glabel label Toshiba16GB2tmp /dev/da0p6 # glabel label Toshiba16GB2usr /dev/da0p7 There is no need for all this. You already created GPT labels with 'gpt -l' above. And those labels don't need extra metadata at the end of the partition. And put a file system onto the partitions. # newfs /dev/label/Toshiba16GB2boo # newfs /dev/label/Toshiba16GB2roo # newfs /dev/label/Toshiba16GB2var # newfs /dev/label/Toshiba16GB2tmp # newfs /dev/label/Toshiba16GB2usr Those look cut off. And there's surely a limit to the length of label names, but I'm not sure what it is. Anyway, use # newfs /dev/gpt/Toshiba16GB2boot And consider using -U with newfs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart, glabel and newfs -- what am I doing wrong
Hi, On Sat, 12 Jan 2013 09:56:39 -0700 (MST) Warren Block wbl...@wonkity.com wrote: On Sat, 12 Jan 2013, Erich Dollansky wrote: in general, I try to create the partitions with gpart, add a label with glabel and put a filesystem. I think that I am doing something very simple the wrong way but I cannot see the error. I try to do it in the following way: # gpart destroy -F da0 # gpart create -s GPT da0 # gpart add -t freebsd-boot -s 64k da0 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0 # gpart add -t freebsd-ufs -s 512m -a 4k -l Toshiba16GB2boot da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2root da0 # gpart add -t freebsd-swap -s 10m -a 4k -l Toshiba16GB2swap da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2var da0 # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2tmp da0 # gpart add -t freebsd-ufs -a 4k -l Toshiba16GB2usr da0 Label the partitions: # glabel label Toshiba16GB2boot /dev/da0p2 # glabel label Toshiba16GB2root /dev/da0p3 # glabel label Toshiba16GB2swap /dev/da0p4 # glabel label Toshiba16GB2var /dev/da0p5 # glabel label Toshiba16GB2tmp /dev/da0p6 # glabel label Toshiba16GB2usr /dev/da0p7 There is no need for all this. You already created GPT labels with 'gpt -l' above. And those labels don't need extra metadata at the end of the partition. For what is glabel then still good? And consider using -U with newfs. Do not worry, this was just for the test. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? (Solved!)
After instrumenting 'bruteblock' (and accidentally causing auth.log to explode), I discovered that the ssh.conf file that ships with it won't work on FreeBSD 6.1 (or at least my copy of it). The shipped regexp looks for illegal users. But 'sshd' on FreeBSD 6.1 records login attempts of invalid users. The patch appended below got it to work on my system. My thanks to everyone who chimed in with suggestions. They were greatly appreciated. Schwab --- ssh.conf.dist Mon Oct 30 21:17:34 2006 +++ ssh.confWed Nov 15 00:20:29 2006 @@ -6,16 +6,16 @@ # this regexp for the OpenSSH server matches lines like: # # comment: auth via key only -#sshd[72593]: Illegal user hacker from 1.2.3.4 +#sshd[72593]: Invalid user hacker from 1.2.3.4 # # comment: pwd auth, but no such user -#sshd[72593]: Failed password for illegal user sa from 1.2.3.4 +#sshd[72593]: Failed password for invalid user sa from 1.2.3.4 # # comment: correct user, but wrong password #sshd[72626]: Failed password for samm from 1.2.3.4 # -regexp = sshd.*Illegal user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) -regexp1= sshd.*Failed password for (?:illegal user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +regexp = sshd.*Invalid user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +regexp1= sshd.*Failed password for (?:invalid user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) # Number of failed login attempts within time before we block max_count = 4 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote: Honestly, I wouldn't worry about it: review your config and make some simple choices to reduce the noise, see this article: http://www.securityfocus.com/infocus/1876 But I rather thought that was the point of 'bruteblock' -- it reduces the noise by blackholing the offending IPs for an hour or so. This blackholing doesn't appear to be happening, and I don't understand why. Could it be a permission problem -- syslog doesn't have permission to change the firewall rules? Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
On Mon, Nov 13, 2006 at 10:10:58AM +0100, Frank Staals wrote: I had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. While FreeBSD and OpenSSH are very good, I'm not prepared to rely solely on that. I'd also prefer that the script kiddies not consume my gaming bandwidth by trying to crack my box, so best to just block them at the firewall and make them go somewhere else. Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Leo L. Schwab wrote: On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote: Honestly, I wouldn't worry about it: review your config and make some simple choices to reduce the noise, see this article: http://www.securityfocus.com/infocus/1876 But I rather thought that was the point of 'bruteblock' -- it reduces the noise by blackholing the offending IPs for an hour or so. This blackholing doesn't appear to be happening, and I don't understand why. Could it be a permission problem -- syslog doesn't have permission to change the firewall rules? I wouldn't worry about bruteblock - try create a perl script and see if you can see a system in the attacks: Do the same host come back? If so does it continue from where it left? The annoyance of these brute force attacks is that your log is larger that it would be without them. That is unless ofcourse you have made yourself vulnerable! - do you use bad passwords? - do you allow root login? - have you disabled system accounts? If the answers are no, no and yes, then you can largely ignore. For more on this - read the linked article, read the old thread. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Erik Norgaard wrote: Leo L. Schwab wrote: On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote: Honestly, I wouldn't worry about it: review your config and make some simple choices to reduce the noise, see this article: http://www.securityfocus.com/infocus/1876 But I rather thought that was the point of 'bruteblock' -- it reduces the noise by blackholing the offending IPs for an hour or so. This blackholing doesn't appear to be happening, and I don't understand why. Could it be a permission problem -- syslog doesn't have permission to change the firewall rules? I wouldn't worry about bruteblock - try create a perl script and see if you can see a system in the attacks: Do the same host come back? If so does it continue from where it left? The annoyance of these brute force attacks is that your log is larger that it would be without them. That is unless ofcourse you have made yourself vulnerable! - do you use bad passwords? - do you allow root login? - have you disabled system accounts? If the answers are no, no and yes, then you can largely ignore. For more on this - read the linked article, read the old thread. Cheers, Erik jumping into this thread late, but denyhosts works great and also does a distributed thing where, if you opt in, you can get updates from other people who run denyhosts. These are then added to your deny list and if your box is scanned the attempts will be blocked. think if it like a spamhaus list for SSH brute force attacks. it works well. in short: 1. use denyhosts 2. do not use password based authentication for ssh. rather, use keys that are password protected 3. never allow root ssh logins and everything should be swell Eric ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Peter N. M. Hansteen wrote: Erik Norgaard [EMAIL PROTECTED] writes: Honestly, I wouldn't worry about it: review your config and make some simple choices to reduce the noise, see this article: One other noise reduction method which is really easy to implement is to use pf and write arule set which to uses the overload feature, see eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my EuroBSDCon and other places tutorial). See http://home.nuug.no/~peter/pf/ for a choice of formats and languages. Neat! Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Leo L. Schwab wrote: I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf Any hints as to what I might be doing wrong? Thanks, Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. ( test test or something like that ) Allthough I thought it was annoying that my intire log was clouded with those brute force attacks so I just set sshd to listen at an other port then 22. Maybe that's a acceptable solusion for you ? You can change the ssd port in /etc/ssh/sshd_config Good luck, -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote: I had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. ( test test or something like that ) Allthough I thought it was annoying that my intire log was clouded with those brute force attacks so I just set sshd to listen at an other port then 22. Maybe that's a acceptable solusion for you ? You can change the ssd port in /etc/ssh/sshd_config Security through obscurity is a bad idea. Rather, use SSH key based authentication exclusively. Turn off all of the password stuff in sshd_config. Laugh at the poor fools trying to break in. -- Gerard Mail from '@gmail' is rejected and/or discarded here. Don't waste your time! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Leo L. Schwab writes: A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. There's also denyhosts. I found the configuration annoying (need to correctly modify too many files) but once it's running it works for me. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Hello ALL! You just must use the utility 'DenyHosts', and all Your problems will be solved! DenyHosts the remarkable utility! It's protects only service ssh, and anything more. It is easy in adjustments and very effective in work. You can find this utility in a collection of ports. http://denyhosts.net/ Best regards, Masyukevich Maksim SPIRIT DSP, www.spiritDSP.com/voip, Embedded Voice Experience SeeStorm, www.SeeStorm.com, Synthetic Video Conferencing TeamSpirit - Award-Winning Multi-Point Voice Conferencing Engine -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leo L. Schwab Sent: Monday, November 13, 2006 9:05 AM To: freebsd-questions@freebsd.org Subject: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf Any hints as to what I might be doing wrong? Thanks, Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
On 11/13/06, Gerard Seibert [EMAIL PROTECTED] wrote: On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote: I had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. ( test test or something like that ) Allthough I thought it was annoying that my intire log was clouded with those brute force attacks so I just set sshd to listen at an other port then 22. Maybe that's a acceptable solusion for you ? You can change the ssd port in /etc/ssh/sshd_config Security through obscurity is a bad idea. Rather, use SSH key based authentication exclusively. Turn off all of the password stuff in sshd_config. Laugh at the poor fools trying to break in. I second this notion. I had bruteforceblocker running and recently switched to key based auth only. The good news is no one is breaking in. the bad news is that my server is remote and difficult to get physical access to and the only key I uploaded initially was my work PC. Tried to get in from home over the weekend and found that I had locked myself out! doh! Just make sure that you have at least one PC you can get to from anywhere which has a key to get into your server. -- Gerard Mail from '@gmail' is rejected and/or discarded here. Don't waste your time! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I'm nerdy in the extreme and whiter than sour cream ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Quoting Andy Greenwood [EMAIL PROTECTED]: On 11/13/06, Gerard Seibert [EMAIL PROTECTED] wrote: On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote: I had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. ( test test or something like that ) Allthough I thought it was annoying that my intire log was clouded with those brute force attacks so I just set sshd to listen at an other port then 22. Maybe that's a acceptable solusion for you ? You can change the ssd port in /etc/ssh/sshd_config Security through obscurity is a bad idea. Rather, use SSH key based authentication exclusively. Turn off all of the password stuff in sshd_config. Laugh at the poor fools trying to break in. I second this notion. I had bruteforceblocker running and recently switched to key based auth only. The good news is no one is breaking in. the bad news is that my server is remote and difficult to get physical access to and the only key I uploaded initially was my work PC. Tried to get in from home over the weekend and found that I had locked myself out! doh! Just make sure that you have at least one PC you can get to from anywhere which has a key to get into your server. If you are using pf. A quick google search give you several differing versions of what I am using on the servers that I maintain. http://www.google.com.mx/search?hl=esq=%2Bmax-src-conn-rate+%2Bpf+brute+forcebtnG=B%C3%BAsqueda+en+Googlemeta= They are all max-src-conn-rate based and use the sysutils/expiretable port to clear the blocked IP's. An example that I haven't read is here: http://johan.fredin.info/openbsd/block_ssh_bruteforce.html I just took one and tweaked it over time and it works great. I only allow 3 login attempts in 30 minutes, so the brute who is trying to force his way in had better be a very good guesser;) I did a bit of restricting in sshd_config also but only remember MaxAuthTries, An unexpected side effect of this is that now I get only one or two attempts a day and before there were multiple, simultaneous attempts 24 horas a day. In my daily security report I see something like todays, everyday. Nov 12 10:22:15 HOME sshd[82578]: Invalid user staff from 203.152.218.209 Nov 12 10:22:22 HOME sshd[83191]: Invalid user sales from 203.152.218.209 Nov 12 10:22:29 HOME sshd[83489]: Invalid user recruit from 203.152.218.209 Nov 12 12:47:10 HOME sshd[18369]: Invalid user staff from 24.11.169.203 Nov 12 12:47:12 HOME sshd[18421]: Invalid user sales from 24.11.169.203 Nov 12 12:47:15 HOME sshd[18425]: Invalid user recruit from 24.11.169.203 Before there were pages and pages. If you aren't using PF there may be something similar to max-src-conn-rate in your firewall, if not, you may want to convert ;) Good luck, ed -- Gerard Mail from '@gmail' is rejected and/or discarded here. Don't waste your time! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I'm nerdy in the extreme and whiter than sour cream ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Gerard Seibert wrote: On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote: I had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. ( test test or something like that ) Allthough I thought it was annoying that my intire log was clouded with those brute force attacks so I just set sshd to listen at an other port then 22. Maybe that's a acceptable solusion for you ? You can change the ssd port in /etc/ssh/sshd_config Security through obscurity is a bad idea. Rather, use SSH key based authentication exclusively. Turn off all of the password stuff in sshd_config. Laugh at the poor fools trying to break in. The point is it isn't security through obscurity: as allready pointed out, FreeBSD sshd can withstand those brute force attacks without much of a problem so there is no security problem, the only thing is those brute force attacks are anoying since they cloud authd.log If those attacks WERE a problem, or if there was a system which you could log in without user pass if you would find out the correct port then, but only then, it is a bad idea -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
On Monday 13 November 2006 10:11, Frank Staals wrote: The point is it isn't security through obscurity: as allready pointed out, FreeBSD sshd can withstand those brute force attacks without much of a problem so there is no security problem, the only thing is those brute force attacks are anoying since they cloud authd.log If those attacks WERE a problem, or if there was a system which you could log in without user pass if you would find out the correct port then, but only then, it is a bad idea Given enough time, every user/password combination can be broken. Perhaps not in your lifetime, but it is still a real possibility. Given the relative ease of setting up keys and simply dispersing with user/passwords all together, I fail to see why more users do not avail themselves of this avenue of security. Then again, I don't know how San Diego came back to beat Cincinnati yesterday either. Anyway, each to his own! -- Gerard A word to the wise is often enough to start an argument. pgpbcMcYGCYZG.pgp Description: PGP signature
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Leo L. Schwab wrote: I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. Whichever service you have running, if you look in the log you will find attempts of attack, ssh is no different, it's a target. Honestly, I wouldn't worry about it: review your config and make some simple choices to reduce the noise, see this article: http://www.securityfocus.com/infocus/1876 Rather than reposting myself - this issue is regularly debated, I think last time (or last time I participated) was debated 19-09-2006. Check the archive. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
On Mon, Nov 13, 2006 at 12:19:27PM +0600, Bachilo Dmitry wrote: ? ? ?? ??? 13 ?? 2006 12:05 Leo L. Schwab ???(a): I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf Any hints as to what I might be doing wrong? Thanks, Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Why don't you just relax? :-) All my FreeBSD servers are bruteforced every second. So what? Now, granted this was with FreeBSD 6.0, but I've had systems panic when they got flooded with FTP attempts. No problem yet with sshd, but I'd deny password based authentication and stick to public key authentication with passphrases. -Damian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Erik Norgaard [EMAIL PROTECTED] writes: Honestly, I wouldn't worry about it: review your config and make some simple choices to reduce the noise, see this article: One other noise reduction method which is really easy to implement is to use pf and write arule set which to uses the overload feature, see eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my EuroBSDCon and other places tutorial). See http://home.nuug.no/~peter/pf/ for a choice of formats and languages. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf Any hints as to what I might be doing wrong? Thanks, Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
В сообщении от Понедельник 13 ноября 2006 12:05 Leo L. Schwab написал(a): I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf Any hints as to what I might be doing wrong? Thanks, Schwab ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Why don't you just relax? :-) All my FreeBSD servers are bruteforced every second. So what? -- С уважением, Бачило Дмитрий Best Regards, Bachilo Dmitry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what am I doing wrong with edquota ?
On 29 Jan 2006, at 22:56, Ensel Sharon wrote: edquota -u -e /mnt/fs1:810:900:81:90 test200 Looks fine. Things to check: Do any other quotas work? Is the filesystem mounted with the appropriate quota options? Do you have QUOTA support in your kernel? Does /mnt/fs1/quota.user or /mnt/fs1/quota.group exist? Does quotacheck -a fix it? Ceri -- That must be wonderful! I don't understand it at all. -- Moliere PGP.sig Description: This is a digitally signed message part
what am I doing wrong with edquota ?
(edquota man page has no examples) # edquota -u -e /mnt/fs1:810:900:81:90 test200 # # quota test200 Disk quotas for user test200 (uid 1002): none # # So I run the edquota command non-iunteractively, and it produces no errors, and it seems to follow the format specified in the man page, which is: edquota [-u] -e fspath[:bslim[:bhlim[:islim[:ihlim [-e ...] username and yet when I immediately check the quotas for that user, I get nothing. How should I rework that edquota command line ? thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what am i doing wrong?!
On Fri, Dec 23, 2005 at 10:07:21PM -0700, Warren Block wrote: On Fri, 23 Dec 2005, Gary Kline wrote: Do I need to have the device for USB 2.0 perhaps?? Only in the unlikely event that it's a USB 2 scanner. But I thought you were kldloading the uscanner module, and here you have it built in the kernel. Don't do both--although the system shouldn't permit that. Yep; kldload gives me grief so I deleted the line from /etc/rc.conf. That is the only thing that is still commented. I'll try that later on today. As root, yes, I am able to have sane test, not as a user. The scanner I am testing is recognized--HP ScanJet 4100C. What do you mean by this, exactly? You see a message on the root console? I checked the sane website and found the 4100c supported. I should not have said recognized; it isn't. Either the scanner or the transformer or the USB cable it shot. But it was sold AS-IS and may well be broken. My friend got a *second* 4100C for $1.00 [no, not kidding]; it works on his Windows box. ((I'll gladly let him scan things if he is willing.)) Have him test the first scanner on his system. Underway; he came back and picked everything up and will test to see what's shot. Once I've got a scanner and xsane working on FBSD I'm going to have a shot of Yukon Jack and sit by the fireplace. gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what am i doing wrong?!
Gary Kline wrote: So far, I've upgraded my second FBSD platform to 5.4. With # USB support device uhci# UHCI PCI-USB interface device ohci# OHCI PCI-USB interface #device ehci# EHCI PCI-USB interface (USB 2.0) device usb # USB Bus (required) [[ ... ]] device uscanner# Scanners builtin. I just tried xsane again; still no devices. I'm still minus /dev/uscanner[01]. How, pray tell, do I create these? Is your scanner supported or recognized? I recall having similar problems with an Epson 2480 scanner. It was not recognized as a scanner but using ugen0 worked. You should also check permissions on the usb devices, otherwise you have to scan as root. If the scanner is supported using the ugen device then it is a question of patching a few files to get it recognized. For the Epson 2480, I submitted this bug report: http://www.freebsd.org/cgi/query-pr.cgi?pr=usb/86094 this may give you an idea of what it's about. Cheers, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what am i doing wrong?!
On Fri, Dec 23, 2005 at 09:57:04AM +0100, Erik Norgaard wrote: Gary Kline wrote: So far, I've upgraded my second FBSD platform to 5.4. With # USB support device uhci# UHCI PCI-USB interface device ohci# OHCI PCI-USB interface #device ehci# EHCI PCI-USB interface (USB 2.0) device usb # USB Bus (required) [[ ... ]] device uscanner# Scanners builtin. I just tried xsane again; still no devices. I'm still minus /dev/uscanner[01]. How, pray tell, do I create these? Is your scanner supported or recognized? I recall having similar problems with an Epson 2480 scanner. It was not recognized as a scanner but using ugen0 worked. You should also check permissions on the usb devices, otherwise you have to scan as root. Do I need to have the device for USB 2.0 perhaps?? That is the only thing that is still commented. I'll try that later on today. As root, yes, I am able to have sane test, not as a user. The scanner I am testing is recognized--HP ScanJet 4100C. But it was sold AS-IS and may well be broken. My friend got a *second* 4100C for $1.00 [no, not kidding]; it works on his Windows box. ((I'll gladly let him scan things if he is willing.)) If the scanner is supported using the ugen device then it is a question of patching a few files to get it recognized. For the Epson 2480, I submitted this bug report: http://www.freebsd.org/cgi/query-pr.cgi?pr=usb/86094 this may give you an idea of what it's about. Cheers, Erik I'll check your PR, thnks. I've got some other question for you or the list---anyone who has successfully scanned books and OCR'd them into ASCII|iso_8859-1. Which USB model scanner Just-Works? Any? None? More to the point, is there any scanner that works with books using xsane to do OCR? thanks for any insights, gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what am i doing wrong?!
On Thu, 2005-12-22 at 19:12 -0800, Gary Kline wrote: So far, I've upgraded my second FBSD platform to 5.4. With # USB support device uhci# UHCI PCI-USB interface device ohci# OHCI PCI-USB interface #device ehci# EHCI PCI-USB interface (USB 2.0) device usb # USB Bus (required) [[ ... ]] device uscanner# Scanners builtin. I just tried xsane again; still no devices. I'm still minus /dev/uscanner[01]. How, pray tell, do I create these? gary I hope you have taken a look here already: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/scanners.html http://www.freebsd.org/cgi/man.cgi?query=uscannersektion=4manpath=FreeBSD+6.0-RELEASE http://www.sane-project.org/sane-supported-devices.html Merry Christmas Andreas -- GnuPG key : 0x2A573565 | http://cyb.websimplex.de/pubkey.asc Fingerprint: 925D 2089 0BF9 8DE5 9166 33BB F0FD CD37 2A57 3565 signature.asc Description: This is a digitally signed message part
Re: what am i doing wrong?!
On Fri, 23 Dec 2005, Gary Kline wrote: Do I need to have the device for USB 2.0 perhaps?? Only in the unlikely event that it's a USB 2 scanner. But I thought you were kldloading the uscanner module, and here you have it built in the kernel. Don't do both--although the system shouldn't permit that. That is the only thing that is still commented. I'll try that later on today. As root, yes, I am able to have sane test, not as a user. The scanner I am testing is recognized--HP ScanJet 4100C. What do you mean by this, exactly? You see a message on the root console? But it was sold AS-IS and may well be broken. My friend got a *second* 4100C for $1.00 [no, not kidding]; it works on his Windows box. ((I'll gladly let him scan things if he is willing.)) Have him test the first scanner on his system. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
what am i doing wrong?!
So far, I've upgraded my second FBSD platform to 5.4. With # USB support device uhci# UHCI PCI-USB interface device ohci# OHCI PCI-USB interface #device ehci# EHCI PCI-USB interface (USB 2.0) device usb # USB Bus (required) [[ ... ]] device uscanner# Scanners builtin. I just tried xsane again; still no devices. I'm still minus /dev/uscanner[01]. How, pray tell, do I create these? gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: What am I doing wrong with MOUNT?
Nathan Kinkade said... Here is quick rundown on how you could achieve your goal: 1) Mount the new disk at at /mnt with something like: # mount /dev/ad1s1a /mnt 2) Copy everything from your original /var partition to the new one: # cd /var tar cf - ./ | (cd /mnt tar xvpf -) 3) Edit /etc/fstab from something like: /dev/ad0s1e /varufs defaults 1 2 to: /dev/ad1s1a /varufs defaults 1 2 4) Unmount old partition from /var and mount new one at /var: # umount /var mount /var Also, you may want to reallocate the partition formerly mounted at /var for something else? Your advice was right on thank you very much. Actually step #4 was automatically handled by step #3. Regarding reallocation of space formerly occupied by /var on /dev/ad0s2d, is there a way to reallocate it back to one of the other existing partitions or do you mean only to use it as is for something else? Gerald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What am I doing wrong with MOUNT?
On Wed, Mar 02, 2005 at 01:42:40AM -0800, Gerald Lightsey wrote: Nathan Kinkade said... Here is quick rundown on how you could achieve your goal: 1) Mount the new disk at at /mnt with something like: # mount /dev/ad1s1a /mnt 2) Copy everything from your original /var partition to the new one: # cd /var tar cf - ./ | (cd /mnt tar xvpf -) 3) Edit /etc/fstab from something like: /dev/ad0s1e /varufs defaults 1 2 to: /dev/ad1s1a /varufs defaults 1 2 4) Unmount old partition from /var and mount new one at /var: # umount /var mount /var Also, you may want to reallocate the partition formerly mounted at /var for something else? Your advice was right on thank you very much. Actually step #4 was automatically handled by step #3. Regarding reallocation of space formerly occupied by /var on /dev/ad0s2d, is there a way to reallocate it back to one of the other existing partitions or do you mean only to use it as is for something else? Gerald I was actually suggesting that you could just mount the old partition at another mount point, but I suppose there is the possibility to have the old partition swallowed up by the one directly proceeding it on the physical disk. I have never done it and I don't know anything about it, but there is a utility called growfs(8) that might be of use. Nathan pgphiNyXMaNhM.pgp Description: PGP signature
What am I doing wrong with MOUNT?
Posted last night to newbies -(my mistake) I'm brand new to FreeBSD and Unix world in general. My son has an internet site supported by FreeBSD that uses MySQL. I have set up a FreeBSD version 5.3 system on my home network using an 80gb drive sliced and partitioned to the FreeBSD 5.3 defaults. I installed MySQL version 3.23 from the ports because that is the version on my son's server. I wanted to install a copy of his database that I had MySQL dump on his FreeBSD server and FTP'd it to my Windows PC and placed on a CD. After directing the .SQL dump back to a like named database on my newly installed box I originally received a message that I was out of disk space. I find that MySql is working in /var/db/mysql and that the default installation slice/partition of FreeBSD must be too small to handle the databases I want to play with. So I read up on the file system and thought I understood that one can graft another drive onto a mount point on the system to add space at the mount point. I purchased a 120gb drive for under $50 after rebates and partitioned it into one FreeBSD partition, (not dangerously dedicated). I expected, from what I read, that if I mounted it at the /var mount point everything in the original /var directory would become unreachable/invisible. I tried it and I got the results I expected. The reason I thought I would replace the ENTIRE /var directory was because if /var is too small for MySQL it would probably quickly be exposed to be too small for something else unexpected. I mounted the new drive 1 to a temporary mount point and used the cp command to copy each directory in /var to the drive. I looked in all the new/old directories at the temporary mount point using ls -F and everything appeared to be there at the file level. I used the umount command to unmount the new drive/partition from the temporary mount point and remounted it at /var. I opened MySQL and created the named database I wanted and again started to collect the data from the CD by directing the .SQL file data to my database. Again, just like it did originally, after several minutes of creating tables the system reported that it had run out of space. My surprise is that every indication I get after I regain control of the system is that the database tables are being built within the ORIGINAL /var directory structure rather than the 120gb drive mounted on the /var mountpoint. If I use the df command while drive 1 is mounted it shows that /var on disk 0 is full and /var on disk 1 just has whatever I copied onto the drive when it was mounted to a temporary mount point. Also by experimentation/confirmation I find that simply creating a couple of new databases within MySQL while drive 1 is mounted on /var shows that the databases have been created on the original /var on disk 0 as directories after disk 1 is unmounted. What am I doing wrong or what don't I understand about a drive being mounted on /var where data is being written underneath it to the original /var/db/mysql/mydatabasename on disk 0 rather than onto the mounted disk 1? Thanks, Gerald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What am I doing wrong with MOUNT?
On Mon, Feb 28, 2005 at 09:15:23AM -0800, Gerald Lightsey wrote: Posted last night to newbies -(my mistake) I'm brand new to FreeBSD and Unix world in general. My son has an internet site supported by FreeBSD that uses MySQL. I have set up a FreeBSD version 5.3 system on my home network using an 80gb drive sliced and partitioned to the FreeBSD 5.3 defaults. I installed MySQL version 3.23 from the ports because that is the version on my son's server. I wanted to install a copy of his database that I had MySQL dump on his FreeBSD server and FTP'd it to my Windows PC and placed on a CD. After directing the .SQL dump back to a like named database on my newly installed box I originally received a message that I was out of disk space. I find that MySql is working in /var/db/mysql and that the default installation slice/partition of FreeBSD must be too small to handle the databases I want to play with. So I read up on the file system and thought I understood that one can graft another drive onto a mount point on the system to add space at the mount point. I purchased a 120gb drive for under $50 after rebates and partitioned it into one FreeBSD partition, (not dangerously dedicated). I expected, from what I read, that if I mounted it at the /var mount point everything in the original /var directory would become unreachable/invisible. I tried it and I got the results I expected. The reason I thought I would replace the ENTIRE /var directory was because if /var is too small for MySQL it would probably quickly be exposed to be too small for something else unexpected. I mounted the new drive 1 to a temporary mount point and used the cp command to copy each directory in /var to the drive. I looked in all the new/old directories at the temporary mount point using ls -F and everything appeared to be there at the file level. I used the umount command to unmount the new drive/partition from the temporary mount point and remounted it at /var. I opened MySQL and created the named database I wanted and again started to collect the data from the CD by directing the .SQL file data to my database. Again, just like it did originally, after several minutes of creating tables the system reported that it had run out of space. My surprise is that every indication I get after I regain control of the system is that the database tables are being built within the ORIGINAL /var directory structure rather than the 120gb drive mounted on the /var mountpoint. If I use the df command while drive 1 is mounted it shows that /var on disk 0 is full and /var on disk 1 just has whatever I copied onto the drive when it was mounted to a temporary mount point. Also by experimentation/confirmation I find that simply creating a couple of new databases within MySQL while drive 1 is mounted on /var shows that the databases have been created on the original /var on disk 0 as directories after disk 1 is unmounted. What am I doing wrong or what don't I understand about a drive being mounted on /var where data is being written underneath it to the original /var/db/mysql/mydatabasename on disk 0 rather than onto the mounted disk 1? Just a thought - each time you mounted the new disk at /var, the system was already running in multi-user mode. That means that all network daemons etc have been started and are running /before/ you mount the disk. MySQL will continue to use the /original/ /var because it has open filehandles on that fs. Try stopping MySQL before mounting the new disk. Start MySQL again, and it should start up on the new fs. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp4TuZRVGX1V.pgp Description: PGP signature
Re: What am I doing wrong with MOUNT?
On Mon, Feb 28, 2005 at 09:15:23AM -0800, Gerald Lightsey wrote: snip My surprise is that every indication I get after I regain control of the system is that the database tables are being built within the ORIGINAL /var directory structure rather than the 120gb drive mounted on the /var mountpoint. If I use the df command while drive 1 is mounted it shows that /var on disk 0 is full and /var on disk 1 just has whatever I copied onto the drive when it was mounted to a temporary mount point. Also by experimentation/confirmation I find that simply creating a couple of new databases within MySQL while drive 1 is mounted on /var shows that the databases have been created on the original /var on disk 0 as directories after disk 1 is unmounted. What am I doing wrong or what don't I understand about a drive being mounted on /var where data is being written underneath it to the original /var/db/mysql/mydatabasename on disk 0 rather than onto the mounted disk 1? What are the outputs of the commands ``mount'' and ``df -h''? Are you sure that you are first unmounting the partition on disk 0 that is mounted at /var before you mount the new disk (1) at /var? Did you reboot at any point? Keep in mind that you will need to alter the file /etc/fstab to let the system know that it now needs to be mounting the single slice from the new disk at /var. Here is quick rundown on how you could achieve your goal: 1) Mount the new disk at at /mnt with something like: # mount /dev/ad1s1a /mnt 2) Copy everything from your original /var partition to the new one: # cd /var tar cf - ./ | (cd /mnt tar xvpf -) 3) Edit /etc/fstab from something like: /dev/ad0s1e /varufs defaults 1 2 to: /dev/ad1s1a /varufs defaults 1 2 4) Unmount old partition from /var and mount new one at /var: # umount /var mount /var There may be an error or two in this, but it should serve to give the general idea. Also, you may want to reallocate the partition formerly mounted at /var for something else? Nathan pgpmwK9QVusPc.pgp Description: PGP signature