Re: gpart, glabel and newfs -- what am I doing wrong

[Erich Dollansky]

Hi,

On Sun, 13 Jan 2013 01:36:21 -0500
kpn...@pobox.com wrote:

 On Sun, Jan 13, 2013 at 08:09:00AM +0700, Erich Dollansky wrote:
  For what is glabel then still good?
 
 It is still useful for partition schemes that don't have labels (eg,
 MBR) AND the filesystem used doesn't support labels itself AND the
 end of the partition does not get touched by the filesystem.
 
 Note that UFS in FreeBSD does support labels. I believe it is the '-L'
 option to newfs. ZFS does not in this sense, and ZFS touches the end
 of the partition.
 
 That's a long list of conditions. So, really, glabel should typically
 be avoided.
 

thanks for the explaination. I am not able to use the labels outside
gpart but if they work for me - as it currently looks like - I will
stick with them.

I will later report in more detail when I have finished my scripts.

Erich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: gpart, glabel and newfs -- what am I doing wrong

[Warren Block]

On Sun, 13 Jan 2013, kpn...@pobox.com wrote:


On Sun, Jan 13, 2013 at 08:09:00AM +0700, Erich Dollansky wrote:

For what is glabel then still good?


It is still useful for partition schemes that don't have labels (eg, MBR)
AND the filesystem used doesn't support labels itself AND the end of the
partition does not get touched by the filesystem.


But it doesn't matter what the filesystem does.  Access to the last 
block is not allowed by the label device.  The filesystem does not even 
see it.  See my reply in -fs:

http://lists.freebsd.org/pipermail/freebsd-fs/2013-January/016113.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: gpart, glabel and newfs -- what am I doing wrong

[Warren Block]

On Sun, 13 Jan 2013, Warren Block wrote:


On Sun, 13 Jan 2013, kpn...@pobox.com wrote:


On Sun, Jan 13, 2013 at 08:09:00AM +0700, Erich Dollansky wrote:

For what is glabel then still good?


It is still useful for partition schemes that don't have labels (eg, MBR)
AND the filesystem used doesn't support labels itself AND the end of the
partition does not get touched by the filesystem.


But it doesn't matter what the filesystem does.  Access to the last block is 
not allowed by the label device.  The filesystem does not even see it.  See 
my reply in -fs:

http://lists.freebsd.org/pipermail/freebsd-fs/2013-January/016113.html


Sorry, forgot to mention that one possible use for glabel is to label a 
swap partition on an MBR drive.


  # glabel label myswap /dev/ada0s1b

And then in /etc/fstab:

  /dev/label/myswap noneswapsw  0   0

One block is used for metadata at the end of ada0s1b, but it's safe from 
overwriting because /dev/label/myswap does not include that block.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

gpart, glabel and newfs -- what am I doing wrong

[Erich Dollansky]

Hi,

in general, I try to create the partitions with gpart, add a label with
glabel and put a filesystem. I think that I am doing something very
simple the wrong way but I cannot see the error.

I try to do it in the following way:

# gpart destroy -F da0
# gpart create -s GPT da0
# gpart add -t freebsd-boot -s 64k da0
# gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0
# gpart add -t freebsd-ufs -s 512m -a 4k -l Toshiba16GB2boot da0
# gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2root da0
# gpart add -t freebsd-swap -s 10m -a 4k -l Toshiba16GB2swap da0
# gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2var da0
# gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2tmp da0
# gpart add -t freebsd-ufs -a 4k -l Toshiba16GB2usr da0

Label the partitions:

# glabel label Toshiba16GB2boot /dev/da0p2
# glabel label Toshiba16GB2root /dev/da0p3
# glabel label Toshiba16GB2swap /dev/da0p4
# glabel label Toshiba16GB2var /dev/da0p5
# glabel label Toshiba16GB2tmp /dev/da0p6
# glabel label Toshiba16GB2usr /dev/da0p7

And put a file system onto the partitions.

# newfs /dev/label/Toshiba16GB2boo
# newfs /dev/label/Toshiba16GB2roo
# newfs /dev/label/Toshiba16GB2var
# newfs /dev/label/Toshiba16GB2tmp
# newfs /dev/label/Toshiba16GB2usr

But newfs on the first partition results in this:

Filesystem size 15  minimum size of 48

When I ran the newfs directly on the device, I get this:

[X220]/home/erich (root)  newfs /dev/da0p2
/dev/da0p2: 512.0MB (1048576 sectors) block size 32768, fragment size
4096 using 4 cylinder groups of 128.03MB, 4097 blks, 16512 inodes.
super-block backups (for fsck -b #) at:
 192, 262400, 524608, 786816

Of course, this is what I expect.

I believe that it is something simple but I am not able to see my
mistake.

Erich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: gpart, glabel and newfs -- what am I doing wrong

[Mardorf Ralf]

FWIW I could not partition using the FreeBSD 9.0 amd64 install DVD. I 
partitioned with the PcBSD  8.2 DVD and then tried to install from 9.0, but it 
anyway caused partitioning issues.
After that I partitioned using FreeBSD 8.3, installed 8.3 and then updated to 
9.1.

Regards,
Ralf

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: gpart, glabel and newfs -- what am I doing wrong

[Warren Block]

On Sat, 12 Jan 2013, Erich Dollansky wrote:


in general, I try to create the partitions with gpart, add a label with
glabel and put a filesystem. I think that I am doing something very
simple the wrong way but I cannot see the error.

I try to do it in the following way:

# gpart destroy -F da0
# gpart create -s GPT da0
# gpart add -t freebsd-boot -s 64k da0
# gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0
# gpart add -t freebsd-ufs -s 512m -a 4k -l Toshiba16GB2boot da0
# gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2root da0
# gpart add -t freebsd-swap -s 10m -a 4k -l Toshiba16GB2swap da0
# gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2var da0
# gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2tmp da0
# gpart add -t freebsd-ufs -a 4k -l Toshiba16GB2usr da0

Label the partitions:

# glabel label Toshiba16GB2boot /dev/da0p2
# glabel label Toshiba16GB2root /dev/da0p3
# glabel label Toshiba16GB2swap /dev/da0p4
# glabel label Toshiba16GB2var /dev/da0p5
# glabel label Toshiba16GB2tmp /dev/da0p6
# glabel label Toshiba16GB2usr /dev/da0p7


There is no need for all this.  You already created GPT labels with
'gpt -l' above.  And those labels don't need extra metadata at the end 
of the partition.



And put a file system onto the partitions.

# newfs /dev/label/Toshiba16GB2boo
# newfs /dev/label/Toshiba16GB2roo
# newfs /dev/label/Toshiba16GB2var
# newfs /dev/label/Toshiba16GB2tmp
# newfs /dev/label/Toshiba16GB2usr


Those look cut off.  And there's surely a limit to the length of label 
names, but I'm not sure what it is.  Anyway, use


  # newfs /dev/gpt/Toshiba16GB2boot

And consider using -U with newfs.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: gpart, glabel and newfs -- what am I doing wrong

[Erich Dollansky]

Hi,

On Sat, 12 Jan 2013 09:56:39 -0700 (MST)
Warren Block wbl...@wonkity.com wrote:

 On Sat, 12 Jan 2013, Erich Dollansky wrote:
 
  in general, I try to create the partitions with gpart, add a label
  with glabel and put a filesystem. I think that I am doing something
  very simple the wrong way but I cannot see the error.
 
  I try to do it in the following way:
 
  # gpart destroy -F da0
  # gpart create -s GPT da0
  # gpart add -t freebsd-boot -s 64k da0
  # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0
  # gpart add -t freebsd-ufs -s 512m -a 4k -l Toshiba16GB2boot da0
  # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2root da0
  # gpart add -t freebsd-swap -s 10m -a 4k -l Toshiba16GB2swap da0
  # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2var da0
  # gpart add -t freebsd-ufs -s 10m -a 4k -l Toshiba16GB2tmp da0
  # gpart add -t freebsd-ufs -a 4k -l Toshiba16GB2usr da0
 
  Label the partitions:
 
  # glabel label Toshiba16GB2boot /dev/da0p2
  # glabel label Toshiba16GB2root /dev/da0p3
  # glabel label Toshiba16GB2swap /dev/da0p4
  # glabel label Toshiba16GB2var /dev/da0p5
  # glabel label Toshiba16GB2tmp /dev/da0p6
  # glabel label Toshiba16GB2usr /dev/da0p7
 
 There is no need for all this.  You already created GPT labels with
 'gpt -l' above.  And those labels don't need extra metadata at the
 end of the partition.
 
For what is glabel then still good?

 And consider using -U with newfs.

Do not worry, this was just for the test.

Erich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? (Solved!)

[Leo L. Schwab]

After instrumenting 'bruteblock' (and accidentally causing auth.log
to explode), I discovered that the ssh.conf file that ships with it won't
work on FreeBSD 6.1 (or at least my copy of it).

The shipped regexp looks for illegal users.  But 'sshd' on FreeBSD
6.1 records login attempts of invalid users.

The patch appended below got it to work on my system.

My thanks to everyone who chimed in with suggestions.  They were
greatly appreciated.

Schwab

--- ssh.conf.dist   Mon Oct 30 21:17:34 2006
+++ ssh.confWed Nov 15 00:20:29 2006
@@ -6,16 +6,16 @@
 # this regexp for the OpenSSH server matches lines like:
 #
 # comment: auth via key only
-#sshd[72593]: Illegal user hacker from 1.2.3.4
+#sshd[72593]: Invalid user hacker from 1.2.3.4
 #
 # comment: pwd auth, but no such user
-#sshd[72593]: Failed password for illegal user sa from 1.2.3.4
+#sshd[72593]: Failed password for invalid user sa from 1.2.3.4
 #
 # comment: correct user, but wrong password
 #sshd[72626]: Failed password for samm from 1.2.3.4
 #
-regexp = sshd.*Illegal user \S+ from 
(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
-regexp1= sshd.*Failed password for (?:illegal user )?\S+ from 
(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
+regexp = sshd.*Invalid user \S+ from 
(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
+regexp1= sshd.*Failed password for (?:invalid user )?\S+ from 
(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
 
 # Number of failed login attempts within time before we block
 max_count   = 4
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Leo L. Schwab]

On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote:
 Honestly, I wouldn't worry about it: review your config and make some 
 simple choices to reduce the noise, see this article:
 
   http://www.securityfocus.com/infocus/1876

But I rather thought that was the point of 'bruteblock' -- it
reduces the noise by blackholing the offending IPs for an hour or so.  This
blackholing doesn't appear to be happening, and I don't understand why.

Could it be a permission problem -- syslog doesn't have permission
to change the firewall rules?

Schwab
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Leo L. Schwab]

On Mon, Nov 13, 2006 at 10:10:58AM +0100, Frank Staals wrote:
 I had the same 'problem'. As said it's not realy a problem since FreeBSD 
 will hold just fine if you don't have any rather stupid user + pass 
 combinations.

While FreeBSD and OpenSSH are very good, I'm not prepared to rely
solely on that.  I'd also prefer that the script kiddies not consume my
gaming bandwidth by trying to crack my box, so best to just block them at
the firewall and make them go somewhere else.

Schwab
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Erik Norgaard]

Leo L. Schwab wrote:

On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote:
Honestly, I wouldn't worry about it: review your config and make some 
simple choices to reduce the noise, see this article:


  http://www.securityfocus.com/infocus/1876


But I rather thought that was the point of 'bruteblock' -- it
reduces the noise by blackholing the offending IPs for an hour or so.  This
blackholing doesn't appear to be happening, and I don't understand why.

Could it be a permission problem -- syslog doesn't have permission
to change the firewall rules?


I wouldn't worry about bruteblock - try create a perl script and see 
if you can see a system in the attacks: Do the same host come back? If 
so does it continue from where it left?


The annoyance of these brute force attacks is that your log is larger 
that it would be without them.


That is unless ofcourse you have made yourself vulnerable!

- do you use bad passwords?
- do you allow root login?
- have you disabled system accounts?

If the answers are no, no and yes, then you can largely ignore. For more 
on this - read the linked article, read the old thread.


Cheers, Erik

--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Eric]

Erik Norgaard wrote:

Leo L. Schwab wrote:

On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote:
Honestly, I wouldn't worry about it: review your config and make some 
simple choices to reduce the noise, see this article:


  http://www.securityfocus.com/infocus/1876


But I rather thought that was the point of 'bruteblock' -- it
reduces the noise by blackholing the offending IPs for an hour or so.  
This

blackholing doesn't appear to be happening, and I don't understand why.

Could it be a permission problem -- syslog doesn't have permission
to change the firewall rules?


I wouldn't worry about bruteblock - try create a perl script and see 
if you can see a system in the attacks: Do the same host come back? If 
so does it continue from where it left?


The annoyance of these brute force attacks is that your log is larger 
that it would be without them.


That is unless ofcourse you have made yourself vulnerable!

- do you use bad passwords?
- do you allow root login?
- have you disabled system accounts?

If the answers are no, no and yes, then you can largely ignore. For more 
on this - read the linked article, read the old thread.


Cheers, Erik



jumping into this thread late, but denyhosts works great and also does a 
distributed thing where, if you opt in, you can get updates from other 
people who run denyhosts. These are then added to your deny list and if 
your box is scanned the attempts will be blocked.  think if it like a 
spamhaus list for SSH brute force attacks. it works well.


in short:

1. use denyhosts
2. do not use password based authentication for ssh. rather, use keys 
that are password protected

3. never allow root ssh logins

and everything should be swell

Eric
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Erik Norgaard]

Peter N. M. Hansteen wrote:

Erik Norgaard [EMAIL PROTECTED] writes:

Honestly, I wouldn't worry about it: review your config and make some 
simple choices to reduce the noise, see this article:


One other noise reduction method which is really easy to implement is
to use pf and write arule set which to uses the overload feature, see
eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my
EuroBSDCon and other places tutorial).

See http://home.nuug.no/~peter/pf/ for a choice of formats and languages.


Neat!

Thanks, Erik

--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Frank Staals]

Leo L. Schwab wrote:

I recently installed FreeBSD 6.1 on my gateway.  It replaced an
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-) ), I
thought I'd leave the server on, and am somewhat dismayed to discover that I
now get occasional brute-force/dictionary attacks on the port.

A little Googling revealed a couple of potentially useful tools:
'sshit' and 'bruteblock', both of which notice repeated login attempts from
a given IP address and blackhole it in the firewall.  I first tried 'sshit',
but after a couple days, I noticed in my daily reports that I was still
getting lengthy bruteforce attempts, suggesting the 'sshit' was not working.

So I uninstalled 'sshit' and installed 'bruteblock'.  But again a
couple days later, the logs showed lengthy bruteforce attempts going
unblocked.

The relevant lines from my /etc/syslog.conf file are:


auth.info;authpriv.info /var/log/auth.log
auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f 
/usr/local/etc/bruteblock/ssh.conf


Any hints as to what I might be doing wrong?

Thanks,
Schwab
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


  
I had the same 'problem'. As said it's not realy a problem since FreeBSD 
will hold just fine if you don't have any rather stupid user + pass 
combinations. ( test test or something like that ) Allthough I thought 
it was annoying that my intire log was clouded with those brute force 
attacks so I just set sshd to listen at an other port then 22. Maybe 
that's a acceptable solusion for you ? You can change the ssd port in 
/etc/ssh/sshd_config


Good luck,

--
-Frank Staals


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Gerard Seibert]

On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote:


 I had the same 'problem'. As said it's not realy a problem since FreeBSD 
 will hold just fine if you don't have any rather stupid user + pass 
 combinations. ( test test or something like that ) Allthough I thought 
 it was annoying that my intire log was clouded with those brute force 
 attacks so I just set sshd to listen at an other port then 22. Maybe 
 that's a acceptable solusion for you ? You can change the ssd port in 
 /etc/ssh/sshd_config

Security through obscurity is a bad idea. Rather, use SSH key based
authentication exclusively.  Turn off all of the password stuff in
sshd_config.  Laugh at the poor fools trying to break in.


-- 
Gerard

 Mail from '@gmail' is rejected and/or discarded here. Don't waste
 your time!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Robert Huff]

Leo L. Schwab writes:

   A little Googling revealed a couple of potentially useful
  tools: 'sshit' and 'bruteblock', both of which notice repeated
  login attempts from a given IP address and blackhole it in the
  firewall.

There's also denyhosts.  I found the configuration annoying
(need to correctly modify too many files) but once it's running it
works for me.



Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Maxim Masyukevich]

Hello ALL!

You just must use the utility 'DenyHosts', and all Your problems will be
solved!
DenyHosts the remarkable utility! It's protects only service ssh, and
anything more.
It is easy in adjustments and very effective in work.

You can find this utility in a collection of ports.

http://denyhosts.net/ 


Best regards,
Masyukevich Maksim
SPIRIT DSP, www.spiritDSP.com/voip, Embedded Voice Experience
SeeStorm, www.SeeStorm.com, Synthetic Video Conferencing
TeamSpirit - Award-Winning Multi-Point Voice Conferencing Engine

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Leo L. Schwab
Sent: Monday, November 13, 2006 9:05 AM
To: freebsd-questions@freebsd.org
Subject: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

I recently installed FreeBSD 6.1 on my gateway.  It replaced an
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I
had disabled the SSH server.  Since all the bugs in SSH are fixed now (
:-) ), I thought I'd leave the server on, and am somewhat dismayed to
discover that I now get occasional brute-force/dictionary attacks on the
port.

A little Googling revealed a couple of potentially useful tools:
'sshit' and 'bruteblock', both of which notice repeated login attempts
from a given IP address and blackhole it in the firewall.  I first tried
'sshit', but after a couple days, I noticed in my daily reports that I
was still getting lengthy bruteforce attempts, suggesting the 'sshit'
was not working.

So I uninstalled 'sshit' and installed 'bruteblock'.  But again
a couple days later, the logs showed lengthy bruteforce attempts going
unblocked.

The relevant lines from my /etc/syslog.conf file are:


auth.info;authpriv.info /var/log/auth.log
auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f
/usr/local/etc/bruteblock/ssh.conf


Any hints as to what I might be doing wrong?

Thanks,
Schwab
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Andy Greenwood]

On 11/13/06, Gerard Seibert [EMAIL PROTECTED] wrote:

On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote:


 I had the same 'problem'. As said it's not realy a problem since FreeBSD
 will hold just fine if you don't have any rather stupid user + pass
 combinations. ( test test or something like that ) Allthough I thought
 it was annoying that my intire log was clouded with those brute force
 attacks so I just set sshd to listen at an other port then 22. Maybe
 that's a acceptable solusion for you ? You can change the ssd port in
 /etc/ssh/sshd_config

Security through obscurity is a bad idea. Rather, use SSH key based
authentication exclusively.  Turn off all of the password stuff in
sshd_config.  Laugh at the poor fools trying to break in.


I second this notion. I had bruteforceblocker running and recently
switched to key based auth only. The good news is no one is breaking
in. the bad news is that my server is remote and difficult to get
physical access to and the only key I uploaded initially was my work
PC. Tried to get in from home over the weekend and found that I had
locked myself out! doh! Just make sure that you have at least one PC
you can get to from anywhere which has a key to get into your server.




--
Gerard

 Mail from '@gmail' is rejected and/or discarded here. Don't waste
 your time!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]




--
I'm nerdy in the extreme and whiter than sour cream
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[[EMAIL PROTECTED]]

Quoting Andy Greenwood [EMAIL PROTECTED]:


On 11/13/06, Gerard Seibert [EMAIL PROTECTED] wrote:

On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote:



I had the same 'problem'. As said it's not realy a problem since FreeBSD
will hold just fine if you don't have any rather stupid user + pass
combinations. ( test test or something like that ) Allthough I thought
it was annoying that my intire log was clouded with those brute force
attacks so I just set sshd to listen at an other port then 22. Maybe
that's a acceptable solusion for you ? You can change the ssd port in
/etc/ssh/sshd_config


Security through obscurity is a bad idea. Rather, use SSH key based
authentication exclusively.  Turn off all of the password stuff in
sshd_config.  Laugh at the poor fools trying to break in.


I second this notion. I had bruteforceblocker running and recently
switched to key based auth only. The good news is no one is breaking
in. the bad news is that my server is remote and difficult to get
physical access to and the only key I uploaded initially was my work
PC. Tried to get in from home over the weekend and found that I had
locked myself out! doh! Just make sure that you have at least one PC
you can get to from anywhere which has a key to get into your server.


If you are using pf.  A quick google search give you several differing  
versions of what I am using on the servers that I maintain.


http://www.google.com.mx/search?hl=esq=%2Bmax-src-conn-rate+%2Bpf+brute+forcebtnG=B%C3%BAsqueda+en+Googlemeta=

They are all max-src-conn-rate based and use the sysutils/expiretable  
port to clear the blocked IP's.


An example that I haven't read is here:

http://johan.fredin.info/openbsd/block_ssh_bruteforce.html

I just took one and tweaked it over time and it works great.

I only allow 3 login attempts in 30 minutes, so the brute who is  
trying to force his way in had better be a very good guesser;)


I did a bit of restricting in sshd_config also but only remember MaxAuthTries,

An unexpected side effect of this is that now I get only one or two  
attempts a day and before there were multiple, simultaneous attempts  
24 horas a day.


In my daily security report I see something like todays, everyday.

Nov 12 10:22:15 HOME sshd[82578]: Invalid user staff from 203.152.218.209
Nov 12 10:22:22 HOME sshd[83191]: Invalid user sales from 203.152.218.209
Nov 12 10:22:29 HOME sshd[83489]: Invalid user recruit from 203.152.218.209
Nov 12 12:47:10 HOME sshd[18369]: Invalid user staff from 24.11.169.203
Nov 12 12:47:12 HOME sshd[18421]: Invalid user sales from 24.11.169.203
Nov 12 12:47:15 HOME sshd[18425]: Invalid user recruit from 24.11.169.203

Before there were pages and pages.  If you aren't using PF there may  
be something similar to max-src-conn-rate in your firewall, if not,  
you may want to convert ;)


Good luck,

ed




--
Gerard

Mail from '@gmail' is rejected and/or discarded here. Don't waste
your time!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]




--
I'm nerdy in the extreme and whiter than sour cream
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Frank Staals]

Gerard Seibert wrote:

On Monday November 13, 2006 at 04:10:58 (AM) Frank Staals wrote:


  
I had the same 'problem'. As said it's not realy a problem since FreeBSD 
will hold just fine if you don't have any rather stupid user + pass 
combinations. ( test test or something like that ) Allthough I thought 
it was annoying that my intire log was clouded with those brute force 
attacks so I just set sshd to listen at an other port then 22. Maybe 
that's a acceptable solusion for you ? You can change the ssd port in 
/etc/ssh/sshd_config



Security through obscurity is a bad idea. Rather, use SSH key based
authentication exclusively.  Turn off all of the password stuff in
sshd_config.  Laugh at the poor fools trying to break in.


  
The point is it isn't security through obscurity: as allready pointed 
out, FreeBSD  sshd can withstand those brute force attacks without much 
of a problem so there is no security problem, the only thing is those 
brute force attacks are anoying since they cloud authd.log If those 
attacks WERE a problem, or if there was a system which you could log in 
without user  pass if you would find out the correct port then, but 
only then, it is a bad idea 


--
-Frank Staals


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Gerard Seibert]

On Monday 13 November 2006 10:11, Frank Staals wrote:

 The point is it isn't security through obscurity: as allready pointed
 out, FreeBSD  sshd can withstand those brute force attacks without much
 of a problem so there is no security problem, the only thing is those
 brute force attacks are anoying since they cloud authd.log If those
 attacks WERE a problem, or if there was a system which you could log in
 without user  pass if you would find out the correct port then, but
 only then, it is a bad idea 


Given enough time, every user/password combination can be broken. Perhaps 
not in your lifetime, but it is still a real possibility. Given the 
relative ease of setting up keys and simply dispersing with user/passwords 
all together, I fail to see why more users do not avail themselves of this 
avenue of security. Then again, I don't know how San Diego came back to 
beat Cincinnati yesterday either.

Anyway, each to his own!

-- 
Gerard

A word to the wise is often enough to start an argument.


pgpbcMcYGCYZG.pgp
Description: PGP signature

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Erik Norgaard]

Leo L. Schwab wrote:

I recently installed FreeBSD 6.1 on my gateway.  It replaced an
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-) ), I
thought I'd leave the server on, and am somewhat dismayed to discover that I
now get occasional brute-force/dictionary attacks on the port.


Whichever service you have running, if you look in the log you will find 
attempts of attack, ssh is no different, it's a target.


Honestly, I wouldn't worry about it: review your config and make some 
simple choices to reduce the noise, see this article:


  http://www.securityfocus.com/infocus/1876

Rather than reposting myself - this issue is regularly debated, I think 
last time (or last time I participated) was debated 19-09-2006. Check 
the archive.


Cheers, Erik

--
Ph: +34.666334818  web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Damian Wiest]

On Mon, Nov 13, 2006 at 12:19:27PM +0600, Bachilo Dmitry wrote:
 ? ? ?? ??? 13 ?? 2006 12:05 Leo L. Schwab ???(a):
  I recently installed FreeBSD 6.1 on my gateway.  It replaced an
  installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I
  had disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-)
  ), I thought I'd leave the server on, and am somewhat dismayed to discover
  that I now get occasional brute-force/dictionary attacks on the port.
 
  A little Googling revealed a couple of potentially useful tools:
  'sshit' and 'bruteblock', both of which notice repeated login attempts from
  a given IP address and blackhole it in the firewall.  I first tried
  'sshit', but after a couple days, I noticed in my daily reports that I was
  still getting lengthy bruteforce attempts, suggesting the 'sshit' was not
  working.
 
  So I uninstalled 'sshit' and installed 'bruteblock'.  But again a
  couple days later, the logs showed lengthy bruteforce attempts going
  unblocked.
 
  The relevant lines from my /etc/syslog.conf file are:
 
  
  auth.info;authpriv.info /var/log/auth.log
  auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f
  /usr/local/etc/bruteblock/ssh.conf 
 
  Any hints as to what I might be doing wrong?
 
  Thanks,
  Schwab
  ___
  freebsd-questions@freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to
  [EMAIL PROTECTED]
 
 Why don't you just relax? :-) All my FreeBSD servers are bruteforced every 
 second. So what? 

Now, granted this was with FreeBSD 6.0, but I've had systems panic when 
they got flooded with FTP attempts.  No problem yet with sshd, but I'd 
deny password based authentication and stick to public key 
authentication with passphrases.

-Damian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Peter N. M. Hansteen]

Erik Norgaard [EMAIL PROTECTED] writes:

 Honestly, I wouldn't worry about it: review your config and make some 
 simple choices to reduce the noise, see this article:

One other noise reduction method which is really easy to implement is
to use pf and write arule set which to uses the overload feature, see
eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my
EuroBSDCon and other places tutorial).

See http://home.nuug.no/~peter/pf/ for a choice of formats and languages.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Leo L. Schwab]

I recently installed FreeBSD 6.1 on my gateway.  It replaced an
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-) ), I
thought I'd leave the server on, and am somewhat dismayed to discover that I
now get occasional brute-force/dictionary attacks on the port.

A little Googling revealed a couple of potentially useful tools:
'sshit' and 'bruteblock', both of which notice repeated login attempts from
a given IP address and blackhole it in the firewall.  I first tried 'sshit',
but after a couple days, I noticed in my daily reports that I was still
getting lengthy bruteforce attempts, suggesting the 'sshit' was not working.

So I uninstalled 'sshit' and installed 'bruteblock'.  But again a
couple days later, the logs showed lengthy bruteforce attempts going
unblocked.

The relevant lines from my /etc/syslog.conf file are:


auth.info;authpriv.info /var/log/auth.log
auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f 
/usr/local/etc/bruteblock/ssh.conf


Any hints as to what I might be doing wrong?

Thanks,
Schwab
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?

[Bachilo Dmitry]

В сообщении от Понедельник 13 ноября 2006 12:05 Leo L. Schwab написал(a):
   I recently installed FreeBSD 6.1 on my gateway.  It replaced an
 installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I
 had disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-)
 ), I thought I'd leave the server on, and am somewhat dismayed to discover
 that I now get occasional brute-force/dictionary attacks on the port.

   A little Googling revealed a couple of potentially useful tools:
 'sshit' and 'bruteblock', both of which notice repeated login attempts from
 a given IP address and blackhole it in the firewall.  I first tried
 'sshit', but after a couple days, I noticed in my daily reports that I was
 still getting lengthy bruteforce attempts, suggesting the 'sshit' was not
 working.

   So I uninstalled 'sshit' and installed 'bruteblock'.  But again a
 couple days later, the logs showed lengthy bruteforce attempts going
 unblocked.

   The relevant lines from my /etc/syslog.conf file are:

 
 auth.info;authpriv.info   /var/log/auth.log
 auth.info;authpriv.info   | exec /usr/local/sbin/bruteblock -f
 /usr/local/etc/bruteblock/ssh.conf 

   Any hints as to what I might be doing wrong?

   Thanks,
   Schwab
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]

Why don't you just relax? :-) All my FreeBSD servers are bruteforced every 
second. So what? 

-- 

С уважением, Бачило Дмитрий
Best Regards, Bachilo Dmitry
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: what am I doing wrong with edquota ?

[Ceri Davies]

On 29 Jan 2006, at 22:56, Ensel Sharon wrote:


edquota -u -e /mnt/fs1:810:900:81:90 test200


Looks fine.  Things to check:

Do any other quotas work?
Is the filesystem mounted with the appropriate quota options?
Do you have QUOTA support in your kernel?
Does /mnt/fs1/quota.user or /mnt/fs1/quota.group exist?
Does quotacheck -a fix it?

Ceri
--
That must be wonderful!  I don't understand it at all.
  -- Moliere





PGP.sig
Description: This is a digitally signed message part

what am I doing wrong with edquota ?

[Ensel Sharon]

(edquota man page has no examples)

# edquota -u -e /mnt/fs1:810:900:81:90 test200
# 
# quota test200
Disk quotas for user test200 (uid 1002): none
# 
#


So I run the edquota command non-iunteractively, and it produces no
errors, and it seems to follow the format specified in the man page, which
is:

edquota [-u] -e fspath[:bslim[:bhlim[:islim[:ihlim [-e ...] username

and yet when I immediately check the quotas for that user, I get nothing.

How should I rework that edquota command line ?

thanks.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: what am i doing wrong?!

[Gary Kline]

On Fri, Dec 23, 2005 at 10:07:21PM -0700, Warren Block wrote:
 On Fri, 23 Dec 2005, Gary Kline wrote:
 
 Do I need to have the device for USB 2.0 perhaps??
 
 Only in the unlikely event that it's a USB 2 scanner.  But I thought you 
 were kldloading the uscanner module, and here you have it built in the 
 kernel.  Don't do both--although the system shouldn't permit that.
 

Yep; kldload gives me grief so I deleted the line from
/etc/rc.conf.


  That is the only thing that is still commented.  I'll
  try that later on today.  As root, yes, I am able to
  have sane test, not as a user.  The scanner I am testing
  is recognized--HP ScanJet 4100C.
 
 What do you mean by this, exactly?  You see a message on the root 
 console?

I checked the sane website and found the 4100c supported.
I should not have said recognized; it isn't.  Either the
scanner or the transformer or the USB cable it shot.

 
 But it was sold AS-IS and may well be broken.  My friend got a 
 *second* 4100C for $1.00 [no, not kidding]; it works on his Windows 
 box.  ((I'll gladly let him scan things if he is willing.))
 
 Have him test the first scanner on his system.
 
Underway; he came back and picked everything up and will
test to see what's shot.  Once I've got a scanner and xsane
working on FBSD I'm going to have a shot of Yukon Jack
and sit by the fireplace.  

gary


-- 
   Gary Kline [EMAIL PROTECTED]   www.thought.org Public service Unix

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: what am i doing wrong?!

[Erik Norgaard]

Gary Kline wrote:
	So far, I've upgraded my second FBSD platform to 5.4.  With 


# USB support
device  uhci# UHCI PCI-USB interface
device  ohci# OHCI PCI-USB interface
#device ehci# EHCI PCI-USB interface (USB 2.0)
device  usb # USB Bus (required)
[[ ... ]]

device  uscanner# Scanners

builtin.  I just tried xsane again; still no devices.  I'm
	still minus /dev/uscanner[01].  How, pray tell,  do I create 
	these?


Is your scanner supported or recognized? I recall having similar 
problems with an Epson 2480 scanner. It was not recognized as a scanner 
but using ugen0 worked. You should also check permissions on the usb 
devices, otherwise you have to scan as root.


If the scanner is supported using the ugen device then it is a question 
of patching a few files to get it recognized. For the Epson 2480, I 
submitted this bug report:


  http://www.freebsd.org/cgi/query-pr.cgi?pr=usb/86094

this may give you an idea of what it's about.

Cheers, Erik
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: what am i doing wrong?!

[Gary Kline]

On Fri, Dec 23, 2005 at 09:57:04AM +0100, Erik Norgaard wrote:
 Gary Kline wrote:
  So far, I've upgraded my second FBSD platform to 5.4.  With 
 
 # USB support
 device  uhci# UHCI PCI-USB interface
 device  ohci# OHCI PCI-USB interface
 #device ehci# EHCI PCI-USB interface (USB 2.0)
 device  usb # USB Bus (required)
  [[ ... ]]
 
 device  uscanner# Scanners
 
  builtin.  I just tried xsane again; still no devices.  I'm
  still minus /dev/uscanner[01].  How, pray tell,  do I create 
  these?
 
 Is your scanner supported or recognized? I recall having similar 
 problems with an Epson 2480 scanner. It was not recognized as a scanner 
 but using ugen0 worked. You should also check permissions on the usb 
 devices, otherwise you have to scan as root.

Do I need to have the device for USB 2.0 perhaps??
That is the only thing that is still commented.  I'll
try that later on today.  As root, yes, I am able to 
have sane test, not as a user.  The scanner I am testing
is recognized--HP ScanJet 4100C.  But it was sold AS-IS
and may well be broken.  My friend got a *second* 4100C
for $1.00 [no, not kidding]; it works on his Windows 
box.   ((I'll gladly let him scan things if he is willing.))


 
 If the scanner is supported using the ugen device then it is a question 
 of patching a few files to get it recognized. For the Epson 2480, I 
 submitted this bug report:
 
   http://www.freebsd.org/cgi/query-pr.cgi?pr=usb/86094
 
 this may give you an idea of what it's about.
 
 Cheers, Erik

I'll check your PR, thnks.  I've got some other question 
for you or the list---anyone who has successfully scanned 
books and OCR'd them into ASCII|iso_8859-1.

Which USB model scanner Just-Works? Any? None?  More to the
point, is there any scanner that works with books using 
xsane to do OCR? 

thanks for any insights,

gary





-- 
   Gary Kline [EMAIL PROTECTED]   www.thought.org Public service Unix

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: what am i doing wrong?!

[Andreas Rudisch]

On Thu, 2005-12-22 at 19:12 -0800, Gary Kline wrote:
   So far, I've upgraded my second FBSD platform to 5.4.  With 
 
 # USB support
 device  uhci# UHCI PCI-USB interface
 device  ohci# OHCI PCI-USB interface
 #device ehci# EHCI PCI-USB interface (USB 2.0)
 device  usb # USB Bus (required)
   [[ ... ]]
 
 device  uscanner# Scanners
 
   builtin.  I just tried xsane again; still no devices.  I'm
   still minus /dev/uscanner[01].  How, pray tell,  do I create 
   these?
 
   gary

I hope you have taken a look here already:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/scanners.html
http://www.freebsd.org/cgi/man.cgi?query=uscannersektion=4manpath=FreeBSD+6.0-RELEASE
http://www.sane-project.org/sane-supported-devices.html

Merry Christmas
Andreas

-- 
GnuPG key  : 0x2A573565  |  http://cyb.websimplex.de/pubkey.asc
Fingerprint: 925D 2089 0BF9 8DE5 9166  33BB F0FD CD37 2A57 3565


signature.asc
Description: This is a digitally signed message part

Re: what am i doing wrong?!

[Warren Block]

On Fri, 23 Dec 2005, Gary Kline wrote:


Do I need to have the device for USB 2.0 perhaps??


Only in the unlikely event that it's a USB 2 scanner.  But I thought you 
were kldloading the uscanner module, and here you have it built in the 
kernel.  Don't do both--although the system shouldn't permit that.



That is the only thing that is still commented.  I'll
try that later on today.  As root, yes, I am able to
have sane test, not as a user.  The scanner I am testing
is recognized--HP ScanJet 4100C.


What do you mean by this, exactly?  You see a message on the root 
console?


But it was sold AS-IS and may well be broken.  My friend got a 
*second* 4100C for $1.00 [no, not kidding]; it works on his Windows 
box.  ((I'll gladly let him scan things if he is willing.))


Have him test the first scanner on his system.

-Warren Block * Rapid City, South Dakota USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

what am i doing wrong?!

[Gary Kline]

So far, I've upgraded my second FBSD platform to 5.4.  With 

# USB support
device  uhci# UHCI PCI-USB interface
device  ohci# OHCI PCI-USB interface
#device ehci# EHCI PCI-USB interface (USB 2.0)
device  usb # USB Bus (required)
[[ ... ]]

device  uscanner# Scanners

builtin.  I just tried xsane again; still no devices.  I'm
still minus /dev/uscanner[01].  How, pray tell,  do I create 
these?

gary

-- 
   Gary Kline [EMAIL PROTECTED]   www.thought.org Public service Unix

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: What am I doing wrong with MOUNT?

[Gerald Lightsey]

Nathan Kinkade said...
 Here is quick rundown on how you could achieve your goal:
 
 1) Mount the new disk at at /mnt with something like:
   # mount /dev/ad1s1a /mnt
 2) Copy everything from your original /var partition to the new one:
   # cd /var  tar cf - ./ | (cd /mnt  tar xvpf -)
 3) Edit /etc/fstab from something like:
   /dev/ad0s1e /varufs defaults
1 2
   to:
   /dev/ad1s1a /varufs defaults
1 2
 4) Unmount old partition from /var and mount new one at /var:
   # umount /var  mount /var
 
 Also, you may want to reallocate the partition formerly mounted at /var
for something else?

Your advice was right on thank you very much.  Actually step #4 was
automatically handled by step #3.

Regarding reallocation of space formerly occupied by /var on /dev/ad0s2d, is
there a way to reallocate it back to one of the other existing partitions or
do you mean only to use it as is for something else?

Gerald



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: What am I doing wrong with MOUNT?

[Nathan Kinkade]

On Wed, Mar 02, 2005 at 01:42:40AM -0800, Gerald Lightsey wrote:
 Nathan Kinkade said...
  Here is quick rundown on how you could achieve your goal:
  
  1) Mount the new disk at at /mnt with something like:
  # mount /dev/ad1s1a /mnt
  2) Copy everything from your original /var partition to the new one:
  # cd /var  tar cf - ./ | (cd /mnt  tar xvpf -)
  3) Edit /etc/fstab from something like:
  /dev/ad0s1e /varufs defaults
 1 2
  to:
  /dev/ad1s1a /varufs defaults
 1 2
  4) Unmount old partition from /var and mount new one at /var:
  # umount /var  mount /var
  
  Also, you may want to reallocate the partition formerly mounted at /var
 for something else?
 
 Your advice was right on thank you very much.  Actually step #4 was
 automatically handled by step #3.
 
 Regarding reallocation of space formerly occupied by /var on /dev/ad0s2d, is
 there a way to reallocate it back to one of the other existing partitions or
 do you mean only to use it as is for something else?
 
 Gerald

I was actually suggesting that you could just mount the old partition at
another mount point, but I suppose there is the possibility to have the
old partition swallowed up by the one directly proceeding it on the
physical disk.  I have never done it and I don't know anything about it,
but there is a utility called growfs(8) that might be of use.

Nathan


pgphiNyXMaNhM.pgp
Description: PGP signature

What am I doing wrong with MOUNT?

[Gerald Lightsey]

Posted last night to newbies -(my mistake)

I'm brand new to FreeBSD and Unix world in general.  My son has an internet
site supported by FreeBSD that uses MySQL.  I have set up a FreeBSD  version
5.3 system on my home network using an 80gb drive sliced and partitioned to
the FreeBSD 5.3 defaults.  I installed MySQL version 3.23 from the ports
because that is the version on my son's server.  I wanted to install a copy
of his database that I had MySQL dump on his FreeBSD server and FTP'd it to
my Windows PC and placed on a CD.  After directing the .SQL dump back to a
like named database on my newly installed box I originally received a
message that I was out of disk space.

I find that MySql is working in /var/db/mysql and that the default
installation slice/partition of FreeBSD must be too small to handle the
databases I want to play with.  So I read up on the file system and thought
I understood that one can graft another drive onto a mount point on the
system to add space at the mount point.  I purchased a 120gb drive for under
$50 after rebates and partitioned it into one FreeBSD partition, (not
dangerously dedicated).  I expected, from what I read, that if I mounted it
at the /var mount point everything in the original /var directory would
become unreachable/invisible.  I tried it and I got the results I expected.
The reason I thought I would replace the ENTIRE /var directory was because
if /var is too small for MySQL it would probably quickly be exposed to be
too small for something else unexpected.  

I mounted the new drive 1 to a temporary mount point and used the cp command
to copy each directory in /var to the drive.  I looked in all the new/old
directories at the temporary mount point using ls -F and everything appeared
to be there at the file level.  I used the umount command to unmount the new
drive/partition from the temporary mount point and remounted it at /var.  I
opened MySQL and created the named database I wanted and again started to
collect the data from the CD by directing the .SQL file data to my database.
Again, just like it did originally, after several minutes of creating tables
the system reported that it had run out of space.

My surprise is that every indication I get after I regain control of the
system is that the database tables are being built within the ORIGINAL /var
directory structure rather than the 120gb drive mounted on the /var
mountpoint.  If I use the df command while drive 1 is mounted it shows that
/var on disk 0 is full and /var on disk 1 just has whatever I copied onto
the drive when it was mounted to a temporary mount point.  Also by
experimentation/confirmation  I find that simply creating a couple of new
databases within MySQL while drive 1 is mounted on /var shows that the
databases have been created on the original /var on disk 0 as directories
after disk 1 is unmounted. 

What am I doing wrong or what don't I understand about a drive being mounted
on /var where data is being written underneath it to the original
/var/db/mysql/mydatabasename on disk 0 rather than onto the mounted disk 1?

Thanks,

Gerald


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: What am I doing wrong with MOUNT?

[Daniel Bye]

On Mon, Feb 28, 2005 at 09:15:23AM -0800, Gerald Lightsey wrote:
 Posted last night to newbies -(my mistake)
 
 I'm brand new to FreeBSD and Unix world in general.  My son has an internet
 site supported by FreeBSD that uses MySQL.  I have set up a FreeBSD  version
 5.3 system on my home network using an 80gb drive sliced and partitioned to
 the FreeBSD 5.3 defaults.  I installed MySQL version 3.23 from the ports
 because that is the version on my son's server.  I wanted to install a copy
 of his database that I had MySQL dump on his FreeBSD server and FTP'd it to
 my Windows PC and placed on a CD.  After directing the .SQL dump back to a
 like named database on my newly installed box I originally received a
 message that I was out of disk space.
 
 I find that MySql is working in /var/db/mysql and that the default
 installation slice/partition of FreeBSD must be too small to handle the
 databases I want to play with.  So I read up on the file system and thought
 I understood that one can graft another drive onto a mount point on the
 system to add space at the mount point.  I purchased a 120gb drive for under
 $50 after rebates and partitioned it into one FreeBSD partition, (not
 dangerously dedicated).  I expected, from what I read, that if I mounted it
 at the /var mount point everything in the original /var directory would
 become unreachable/invisible.  I tried it and I got the results I expected.
 The reason I thought I would replace the ENTIRE /var directory was because
 if /var is too small for MySQL it would probably quickly be exposed to be
 too small for something else unexpected.  
 
 I mounted the new drive 1 to a temporary mount point and used the cp command
 to copy each directory in /var to the drive.  I looked in all the new/old
 directories at the temporary mount point using ls -F and everything appeared
 to be there at the file level.  I used the umount command to unmount the new
 drive/partition from the temporary mount point and remounted it at /var.  I
 opened MySQL and created the named database I wanted and again started to
 collect the data from the CD by directing the .SQL file data to my database.
 Again, just like it did originally, after several minutes of creating tables
 the system reported that it had run out of space.
 
 My surprise is that every indication I get after I regain control of the
 system is that the database tables are being built within the ORIGINAL /var
 directory structure rather than the 120gb drive mounted on the /var
 mountpoint.  If I use the df command while drive 1 is mounted it shows that
 /var on disk 0 is full and /var on disk 1 just has whatever I copied onto
 the drive when it was mounted to a temporary mount point.  Also by
 experimentation/confirmation  I find that simply creating a couple of new
 databases within MySQL while drive 1 is mounted on /var shows that the
 databases have been created on the original /var on disk 0 as directories
 after disk 1 is unmounted. 
 
 What am I doing wrong or what don't I understand about a drive being mounted
 on /var where data is being written underneath it to the original
 /var/db/mysql/mydatabasename on disk 0 rather than onto the mounted disk 1?

Just a thought - each time you mounted the new disk at /var, the system
was already running in multi-user mode.  That means that all network
daemons etc have been started and are running /before/ you mount the
disk.  MySQL will continue to use the /original/ /var because it has open
filehandles on that fs.

Try stopping MySQL before mounting the new disk.  Start MySQL again, and
it should start up on the new fs.

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
 _
  ASCII ribbon campaign ( )
 - against HTML, vCards and  X
- proprietary attachments in e-mail / \


pgp4TuZRVGX1V.pgp
Description: PGP signature

Re: What am I doing wrong with MOUNT?

[Nathan Kinkade]

On Mon, Feb 28, 2005 at 09:15:23AM -0800, Gerald Lightsey wrote:
snip
 My surprise is that every indication I get after I regain control of the
 system is that the database tables are being built within the ORIGINAL /var
 directory structure rather than the 120gb drive mounted on the /var
 mountpoint.  If I use the df command while drive 1 is mounted it shows that
 /var on disk 0 is full and /var on disk 1 just has whatever I copied onto
 the drive when it was mounted to a temporary mount point.  Also by
 experimentation/confirmation  I find that simply creating a couple of new
 databases within MySQL while drive 1 is mounted on /var shows that the
 databases have been created on the original /var on disk 0 as directories
 after disk 1 is unmounted. 
 
 What am I doing wrong or what don't I understand about a drive being mounted
 on /var where data is being written underneath it to the original
 /var/db/mysql/mydatabasename on disk 0 rather than onto the mounted disk 1?

What are the outputs of the commands ``mount'' and ``df -h''?  Are you
sure that you are first unmounting the partition on disk 0 that is
mounted at /var before you mount the new disk (1) at /var?  Did you
reboot at any point?  Keep in mind that you will need to alter the file
/etc/fstab to let the system know that it now needs to be mounting the
single slice from the new disk at /var.

Here is quick rundown on how you could achieve your goal:

1) Mount the new disk at at /mnt with something like:
# mount /dev/ad1s1a /mnt
2) Copy everything from your original /var partition to the new one:
# cd /var  tar cf - ./ | (cd /mnt  tar xvpf -)
3) Edit /etc/fstab from something like:
/dev/ad0s1e /varufs defaults
1 2
to:
/dev/ad1s1a /varufs defaults
1 2
4) Unmount old partition from /var and mount new one at /var:
# umount /var  mount /var

There may be an error or two in this, but it should serve to give the
general idea.  Also, you may want to reallocate the partition formerly
mounted at /var for something else?

Nathan


pgpmwK9QVusPc.pgp
Description: PGP signature