Re: mysql connection through ssl tunnel
On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: John Almberg wrote: I have two FreeBSD machines. One is a application server, the other a database server running mysql. These machines are in two different locations. I'd like to allow the application server to access mysql through an SSH tunnel. Being a newbie admin, I've never set up an SSH tunnel. I've been reading about them all morning and (as always) there seems to be more than one way to skin this cat. I'm looking for ease of set up and maintenance, as well as security (which I assume is a given.) I'd prefer NOT to have to recompile the kernels (pure cowardice... the application server is a production server that I don't want to experiment with.) Both servers have OpenSSL. Any recommendations, much appreciated. Thanks: John A very basic ssh tunnel is a simple as ssh -L3306:127.0.0.1:3306 [EMAIL PROTECTED] This will forward any connections to localhost on port 3306 through the ssh connection to remote.host then on to localhost at that end on port 3306. if you have mysql running on the app server as well then change -L3306:127.0.0.1:3306 to -L33006:127.0.0.1:3306 where 33006 is an unused tcp port on the application server. If you do use an ssh tunnel you may want to use security/autossh which will monitor the tunnel and re-establish it if it loses connection for some reason. After a few hours of work today, I have all this working perfectly. I'm using autossh to automatically create and monitor the ssh tunnel, and I can make mysql connections through the tunnel with no problems. Very cool. And that's through PF firewalls on both machines, which added flavor to the exercise ;-) One question... and maybe this is a general, philosophical question... If autossh watches over my ssh tunnel, who or what watches over autossh? As a related question, how can I make autossh start automatically after a reboot? At the moment, I start autossh from the command line, like so: autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] There doesn't seem to be an rc.d file for autossh... Do I have to figure out how to make one? Not that this machine gets rebooted more than once a year, but so far, everything running on this machine start automatically, and I'd like to keep it that way. Any tips much appreciated. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fwd: mysql connection through ssl tunnel
After a few hours of work today, I have all this working perfectly. I'm using autossh to automatically create and monitor the ssh tunnel, and I can make mysql connections through the tunnel with no problems. Very cool. And that's through PF firewalls on both machines, which added flavor to the exercise ;-) One question... and maybe this is a general, philosophical question... If autossh watches over my ssh tunnel, who or what watches over autossh? As a related question, how can I make autossh start automatically after a reboot? At the moment, I start autossh from the command line, like so: autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] There doesn't seem to be an rc.d file for autossh... Do I have to figure out how to make one? You can do this all by not using autossh at all: let init watch and re-establish your ssh tunnel: This is in my /etc/ttys (wrapped for readability): ttyv8 /usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306 remote.domain.tld /dev/null 21unknown on I let my central machine control the tunnel, not the sending one. H'mmm... This is new territory for me. I've just read some of the man pages and a few pages in Absolute BSD, and I guess I sort of understand what this does. I'm trying to grasp the connection between virtual terminals and this SSH tunnel... I guess my main question is, if I start the tunnel with this method, will I be able to access mysql in 'the usual way'? The following works with my autossh tunnel: mysql -h127.0.0.1 -P33006 -uuser -ppassword db So, if using the /etc/ttys file is equivalent, and I make the connection on the database server, rather than the client server, then I guess my ttys file should look like this (my ttyv8 is already used... I am guessing I should use the next one down): ttyv7 /usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006 example.com /dev/null 21unknown on Where 'admin' is the user I am logging into on the remote machine, and 'example.com' is the hostname of the remote machine. I guess equivalent to the following? ttyv7 /usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 [EMAIL PROTECTED] /dev/null 21unknown on Port 33006 is not a typo. There are databases running on both machines, so I need to use a different port for the tunnel. And as far as I can tell, I reload /etc/ttys with 'kill -1 1'. This looks dangerous... -- John Websites and Marketing for On-line Collectible Dealers Identry, LLC John Almberg (631) 546-5079 [EMAIL PROTECTED] www.identry.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
On Oct 20, 2008, at 4:50 PM, John Almberg wrote: After a few hours of work today, I have all this working perfectly. I'm using autossh to automatically create and monitor the ssh tunnel, and I can make mysql connections through the tunnel with no problems. Very cool. And that's through PF firewalls on both machines, which added flavor to the exercise ;-) One question... and maybe this is a general, philosophical question... If autossh watches over my ssh tunnel, who or what watches over autossh? As a related question, how can I make autossh start automatically after a reboot? At the moment, I start autossh from the command line, like so: autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] There doesn't seem to be an rc.d file for autossh... Do I have to figure out how to make one? You can do this all by not using autossh at all: let init watch and re-establish your ssh tunnel: This is in my /etc/ttys (wrapped for readability): ttyv8 /usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306 remote.domain.tld /dev/null 21unknown on I let my central machine control the tunnel, not the sending one. H'mmm... This is new territory for me. I've just read some of the man pages and a few pages in Absolute BSD, and I guess I sort of understand what this does. I'm trying to grasp the connection between virtual terminals and this SSH tunnel... I guess my main question is, if I start the tunnel with this method, will I be able to access mysql in 'the usual way'? The following works with my autossh tunnel: mysql -h127.0.0.1 -P33006 -uuser -ppassword db So, if using the /etc/ttys file is equivalent, and I make the connection on the database server, rather than the client server, then I guess my ttys file should look like this (my ttyv8 is already used... I am guessing I should use the next one down): ttyv7 /usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006 example.com /dev/null 21unknown on Where 'admin' is the user I am logging into on the remote machine, and 'example.com' is the hostname of the remote machine. I guess equivalent to the following? ttyv7 /usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 [EMAIL PROTECTED] /dev/null 21unknown on Port 33006 is not a typo. There are databases running on both machines, so I need to use a different port for the tunnel. And as far as I can tell, I reload /etc/ttys with 'kill -1 1'. This looks dangerous... -- John I tried this, and not surprisingly, it didn't work. Now I'm trying to debug it... Question... if I want to ssh from the database server to the application server (in the direction show -R), I need to use port 48444 (not the actual port, but something high). In other words, I need to do something like: ssh [EMAIL PROTECTED] -p 48444 Does this ssh port have anything to do with trying to start this ssh tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
On Oct 20, 2008, at 5:21 PM, Jeremy Chadwick wrote: On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote: On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: John Almberg wrote: I have two FreeBSD machines. One is a application server, the other a database server running mysql. These machines are in two different locations. I'd like to allow the application server to access mysql through an SSH tunnel. I'm somewhat amazed at the fact that everyone so far has gone completely wild with SSH to solve this problem. Has anyone made the OP aware that MySQL *does* in fact support SSL natively, and that it can be used between client and server, as well as between master and slave (for replication)? The SSH tunnelling idea is fine if you want to access a MySQL server behind a firewall or on a private network, but I'm a bit confused as to why everyone's going to great lengths to use SSH to accomplish something MySQL has support for natively. Please clue me in. :-) Hi Jeremy, There are two PF firewalls in the mix, one at each end. The two machines are in different data centers. Actually, that is motivation behind this exercise. The client wants the database in his own data center, since it contains information he needs to have physical control over. I do know that Mysql supports SSL... somehow this got discounted early in the discussion, perhaps mistakenly? Anyway, the autossh option works perfectly, so I think I will stick with that unless there's a good reason not to. I have Monit running on the remote server, so I can probably monitor/restart autossh with that (with another few hours reading, of course :-) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
On Oct 20, 2008, at 11:09 PM, Peter Boosten wrote: John Almberg wrote: I tried this, and not surprisingly, it didn't work. Now I'm trying to debug it... Maybe some mixup in the keys? In my example ssh tries to read the private key of root on the connecting server, so the server where the database is located, because init is run as root. If you need another key, then you need to specify this with the -i parameter. Ah... that makes sense. I had set up the keys for 'admin', but of course init is run by root. Duh. That raises another issue... I don't allow root logins on either server, for security reasons... Peter, I appreciate your ideas and help, but I think I will stick with autossh, probably by finally learning how to create an rc.d script (not sure the actual name for these, but you know what I mean.) I've actually got autossh working, and think it's a simpler solution for me. Thanks. Brgds: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
On Oct 21, 2008, at 3:44 AM, Matthew Seaman wrote: John Almberg wrote: I do know that Mysql supports SSL... somehow this got discounted early in the discussion, perhaps mistakenly? I believe the thinking was that although MySQL claims to support SSL, it does in fact make a pretty bodge of it, and a more effective approach is to pipe MySQL traffic through an encrypted tunnel. Personally I just use IPSec for this, but people might also like to consider stunnel (http://www.stunnel.org/) or OpenVPN (http:// openvpn.net/) Stunnel and OpenVPN are on my list, in case autossh has unexpected problems, but I figured I'd try the simplest approach first. Other than figuring out what holes to poke in the firewalls, autossh was pretty simple to set up. Now I just need to figure out how to start it on reboot, but that is something I've been meaning to learn, anyway, so I don't mind. I appreciate your help. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
Now I just need to figure out how to start it on reboot, but that is something I've been meaning to learn, anyway, so I don't mind. I hope you guys will bear with me just a little more... I have spent the day trying to figure out how to create an rc script for autossh. Very cool, and not as hard as I'd anticipated. It is attached below. The script works perfectly *iff* I run it from the command line as a non-root user, like so: /usr/local/etc/rc.d/autossh start However, it does NOT work when executed by root. Instead, I get the following error message in /var/log/messages messages:Oct 21 19:01:38 on autossh[89267]: ssh exited prematurely with status 255; autossh exiting So (my understanding), autossh is starting, and tries to create the tunnel, but the tunnel creation fails with the unhelpful 255 error message. But only when executed by root. That's the puzzling part. I don't allow root logins on this server, but don't see how that could cause this problem I'm stumped. Any hints, much appreciated. -- John -- #!/bin/sh # PROVIDE: autossh # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name=autossh rcvar=`set_rcvar` start_cmd=${name}_start stop_cmd=: load_rc_config $name eval ${rcvar}=\${${rcvar}:='NO'} command=/usr/local/bin/autossh command_args=-M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] #pidfile=/var/run/autossh.pid #AUTOSSH_PIDFILE=$pidfile; export AUTOSSH_PIDFILE autossh_start() { ${command} ${command_args} echo started autossh } run_rc_command $1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
Now I just need to figure out how to start it on reboot, but that is something I've been meaning to learn, anyway, so I don't mind. I hope you guys will bear with me just a little more... I have spent the day trying to figure out how to create an rc script for autossh. Very cool, and not as hard as I'd anticipated. It is attached below. The script works perfectly *iff* I run it from the command line as a non-root user, like so: /usr/local/etc/rc.d/autossh start However, it does NOT work when executed by root. Instead, I get the following error message in /var/log/messages messages:Oct 21 19:01:38 on autossh[89267]: ssh exited prematurely with status 255; autossh exiting So (my understanding), autossh is starting, and tries to create the tunnel, but the tunnel creation fails with the unhelpful 255 error message. But only when executed by root. That's the puzzling part. I don't allow root logins on this server, but don't see how that could cause this problem I'm stumped. Any hints, much appreciated. -- John -- #!/bin/sh # PROVIDE: autossh # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name=autossh rcvar=`set_rcvar` start_cmd=${name}_start stop_cmd=: load_rc_config $name eval ${rcvar}=\${${rcvar}:='NO'} command=/usr/local/bin/autossh command_args=-M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] #pidfile=/var/run/autossh.pid #AUTOSSH_PIDFILE=$pidfile; export AUTOSSH_PIDFILE autossh_start() { ${command} ${command_args} echo started autossh } run_rc_command $1 Answering my own question (probably the best way)... I solved this problem by figuring out how to execute the command inside the rc script as a non-root user. Like so: autossh_start() { echo ${command} ${command_args} su admin -c ${command} ${command_args} echo started autossh } This works beautifully, so I almost hesitate to ask, but is there anything wrong with this approach? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql connection through ssl tunnel
Answering my own question (probably the best way)... I solved this problem by figuring out how to execute the command inside the rc script as a non-root user. Like so: autossh_start() { echo ${command} ${command_args} su admin -c ${command} ${command_args} echo started autossh } This works beautifully, so I almost hesitate to ask, but is there anything wrong with this approach? Nothing, except you're re-inventing the wheel. rc.subr already has a mechanism for running commands as another user. Instead of defining a new start() function, simply add something like: : ${autossh_user:='admin'} towards the top of the script. (This also means you can override the setting by defining 'autossh_user=someoneelse' in /etc/rc.conf in the usual way) Ah, fascinating. Now that I know what I'm looking for, I can see that in the rc.subr man page. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question on creating a video server
On Nov 8, 2008, at 1:40 PM, Ted Mittelstaedt wrote: Hi All, OK, I'm just asking for opinions here on some application software. Like most people we have a nice big 21 TV set that will be obsolete in Feb. I have been thinking about replacing this with a big screen TV set but the prices on them are still way, way way out of my budget (I just can't see spending $500 for a TV set, sorry) Why not just get a digital converter and keep using your nice TV? https://www.dtv2009.gov/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disallowing ssl2
On Nov 11, 2008, at 8:50 AM, John Almberg wrote: My server got an audit for PCI compliance and was red-flagged for allowing SSL2 connections, which they have some problem with. They want the server to use SSL3 or TLS: Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/ paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http:// support.microsoft.com/kb/216482 for instructions on IIS. See http:// httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/ B:N) They want me to do this for https, imaps, and pop3s protocols... Before I dig into this, I was wondering, is this even possible? Will anything break as a result? Answering my own question (always the best way! :-) I've figured out how to do this on Apache... Replaced the default SSLCipherSuite directive with the following: SSLCipherSuite TLSv1:!ADH:!EXP:!NULL:!MD5:!LOW:+HIGH:+MEDIUM This seems to work, although I guess all those Netscape 4 users are going to have to shop else where... On to IMAPS and POP3S... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Disallowing ssl2
My server got an audit for PCI compliance and was red-flagged for allowing SSL2 connections, which they have some problem with. They want the server to use SSL3 or TLS: Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man- in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http://support.microsoft.com/ kb/216482 for instructions on IIS. See http://httpd.apache.org/docs/ 2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) They want me to do this for https, imaps, and pop3s protocols... Before I dig into this, I was wondering, is this even possible? Will anything break as a result? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disallowing ssl2
It's certainly possible to insist on SSLv3 or TLSv1 for SSL connections, and nothing[*] will break. The client and server will negotiate to find a mutually acceptable cipher and protocol level at the point of making the connection. This seems to be less painful than I was anticipating... Besides apache, I had to figure out how to boost the security on IMAP and POP 3 connections. I'm using Courier, so this was pretty simple... just added the following to the imap and pop ssl config files: TLS_CIPHER_LIST=HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH I'm going to resubmit the server... hopefully it will pass this time. But I wonder why the defaults for Apache and Courier are to accept SSL 2, if it is so problematical? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (no subject)
Perhaps you should try the linux distros first to get a bit of a feel of *nix variants? FreeBSD can be daunting to the first time user, but is one hell of a production system once you know how to handle it properly. Several people in this thread have made this recommendation... I disagree with it. #1. I don't think FreeBSD has a steeper learning curve than Linux... I'd argue the opposite, since with Linux you have the confusion of different distros doing things in different ways. That was one of the main beefs I had with Linux. Every Linux book is filled with statements like if you are using debian, do this; if redhat, do this; if etc., etc. And I've never met a Linux guy who stuck with his first distro... the grass is always greener. #2. If your goal is to use FreeBSD, why learn on Linux? Depending on the distro you choose, you may have to unlearn a whole bunch of stuff to use FreeBSD. Sorry... I've been burned by Windows and confused by Linux. As a true convert, I must say: start with the best. -- John Off topic and none of my business: - As a business person, I would also question the idea of trying to become an expert systems administrator, and an expert website builder, and an expert marketer/salesperson/product manager, all at the same time. These are all full-time jobs and no one has the time to do them all. You might want to think about focusing on the product/marketing/sales side (surely enough for one person!), and delegating all the technical bits to other people or companies. That way, you won't spend the next year or two spinning your wheels learning something that you could get for free or buy relatively inexpensively from a real expert. Building and operating a website is the easy part of building an online business. Don't underestimate the difficulty or time and money required for the business side, particularly marketing. You should reserve at least 50% of your cash for marketing, in my humble (but experienced) opinion. %80, if your cost of inventory will be low (writing your own how-to guides, for instance.) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
snmpd strangeness
I just noticed something odd and am looking for ideas... As you can see from the top snippet below, snmpd is getting hammered by something. As a comparison, the load averages for this quad-core box are usually close to zero. I'm not even sure I'm using snmpd for anything... not even sure what it is, precisely. I'm digging into docs at the moment, but any ideas much appreciated. -- John last pid: 38974; load averages: 1.24, 1.40, 1.58 342 processes: 6 running, 336 sleeping CPU states: 13.7% user, 0.0% nice, 13.9% system, 0.3% interrupt, 72.1% idle Mem: 5997M Active, 596M Inact, 420M Wired, 206M Cache, 214M Buf, 457M Free Swap: 16G Total, 123M Used, 16G Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 45136 root1 1040 2636M 2621M CPU5 4 254.1H 103.91% snmpd 37368 www 1 200 193M 46232K lockf 6 0:05 3.91% httpd 38819 identry 1 -320 7688K 2648K CPU0 0 0:02 1.61% top ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snmpd strangeness
On Nov 19, 2008, at 11:49 AM, Jeremy Chadwick wrote: On Wed, Nov 19, 2008 at 10:57:50AM -0500, John Almberg wrote: I just noticed something odd and am looking for ideas... As you can see from the top snippet below, snmpd is getting hammered by something. As a comparison, the load averages for this quad-core box are usually close to zero. I'm not even sure I'm using snmpd for anything... not even sure what it is, precisely. I'm digging into docs at the moment, but any ideas much appreciated. I'm greatly concerned by the fact that you have a process on your machine taking up 103% CPU time (possible on a quad-core machine), taking up 2621MBytes of memory (RSS), yet you have no idea what it is, what SNMP is, or why said process is running on your machine. :-) That's an easy one to answer... Someone else installed FreeBSD on this machine. I have figured out MOST of what is on this box, but I'm occasionally surprised, like in this case. However, now that I've read through the installer's notes, I see that he had exotic plans for snmp monitoring. From what I can tell, he never got it working properly. In the meantime, I killed off the process. I had to take a sledgehammer to it, since a normal stop didn't work: [EMAIL PROTECTED]:log] sudo /usr/local/etc/rc.d/snmpd stop Stopping snmpd. Waiting for PIDS: 45136t, 45136op, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136, 45136^C [EMAIL PROTECTED]:log] sudo kill -SIGKILL 45136 This makes me wonder if the process was just hung in some bad way, eating up cpu cycles? Out of curiosity, I then restarted it. It seemed to run without problem after the restart, but after watching it for awhile, I stopped it again. I don't think it's doing anything useful at the moment. Now I'm curious about snmp, so perhaps I'll try to figure out how to get it to something useful. This machine has 8 hard drives, and is located in Manhattan, so I would certainly like to be informed if one of the raid drives went on the blink. That was one of the things he was trying to get working. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snmpd strangeness
taking up 2621MBytes of memory (RSS), BTW, after restarting, the process was a much more reasonable size. Another indicator that something had gone seriously wrong with it. 41659 root1 960 23072K 6636K select 0 0:05 0.34% snmpd Luckily, Monit alerted me to the problem before it got completely out of hand. Love that program. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snmpd strangeness
Now I'm curious about snmp, so perhaps I'll try to figure out how to get it to something useful. This machine has 8 hard drives, and is located in Manhattan, so I would certainly like to be informed if one of the raid drives went on the blink. That was one of the things he was trying to get working. Net-SNMP won't give you the status of the RAID. Neither will bsnmpd (10. FreeBSD simply does not have the hooks to make this possible. Someone needs to write the code. I do not recommend relying on shell scripts tied into Net-SNMP to accomplish this either (for a lot of very good reasons); write the code in native C. It also greatly depends on what you're using for RAID. If a hardware controller, good luck getting the status out of an API natively (sans Areca, which I believe offers an API) -- you'll resort to shell scripts and CLI binaries, in which case you're *easily* better off with a cronjob, periodic(8), or a log monitor daemon. This machine has an Intel motherboard and a hardware raid controller. From what I can tell, there is some Intel software installed on the machine that makes hardware faults visible to snmp. That last sentence makes it sound like I know more than I do about this situation. I'm just reading from notes. :-) And I have an Intel disk that came with the motherboard that hints at the same type of thing. I've just scanned the docs on the disk... looks extraordinarily complicated. I think I'll leave this to a rainy day when I have nothing to do (ha!) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snmpd strangeness
This machine has an Intel motherboard and a hardware raid controller. From what I can tell, there is some Intel software installed on the machine that makes hardware faults visible to snmp. That would require Net-SNMP to be linked to that software (or library) directly. Two things can't just magically talk to one another. :-) As I said, I really have no idea. Now that I'm reading more deeply in the notes... the monitoring was supposed to be with IPMI. No idea what that is, either, but I thought I'd toss it into the mix. AFAIK, Intel does not provide such software on FreeBSD, but I could be complete wrong here. They primarily focus on Linux, like most companies do. That last sentence makes it sound like I know more than I do about this situation. I'm just reading from notes. :-) And I have an Intel disk that came with the motherboard that hints at the same type of thing. I've just scanned the docs on the disk... looks extraordinarily complicated. I don't know what controller it is, but Net-SNMP doesn't have any sort of out-of-the-box support for any kind of RAID card. See above for what's needed. I just hope the card is an actual RAID card and not BIOS-level RAID like Intel MatrixRAID. If it is MatrixRAID, I highly recommend you back the entire machine up and reinstall without MatrixRAID, otherwise when you lose a disk or need to rebuild your array, you'll find your array broken/gone, be completely unable to rebuild it, or kernel panics. Note that all of this stuff works just fine on Linux; the issues listed are with FreeBSD. Generally speaking, we (the open-source world) have gotten to the point with OS-based software RAID (e.g. Linux LVM, FreeBSD ccd/gvinum/ZFS, OpenSolaris ZFS) where it offers significant advantages over hardware RAID. There are good reasons to use hardware RAID, but in those scenarios admins should be looking at buying an actual filer, e.g. Network Appliance. Otherwise, for simple systems (even stuff like 2U or 3U boxes with many disks, e.g. a low-cost filer), stick with some form of OS-based software RAID if possible. That's good to know. I was told just the opposite by the guy selling the $650 RAID cards. Who'd have thunk? The card in the box is a Intel 18E PCI-Express x8 SAS/SATA2 Hardware ROMB RAID with 128MB Memory Module and 72 Hour Battery Backup Cache $625 as shown on the packing list, so I hope it's a good one. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snmpd strangeness
The card in the box is a Intel 18E PCI-Express x8 SAS/SATA2 Hardware ROMB RAID with 128MB Memory Module and 72 Hour Battery Backup Cache $625 as shown on the packing list, so I hope it's a good one. Ah, I think it's hardware RAID, and PCIe to boot. Yes, I would recommend keeping that! What does it show up as under FreeBSD? I'm curious what driver it uses, and what your disks show up as (daX or adX; probably daX). H'mmm... You are revealing great gaps in my knowledge today, Jeremy. Not that that's hard to do... I've been looking in dmesg.boot and fstab for clues... Not sure if that is where I should be looking, but I figured there would be mount messages in dmsg.boot. Unfortunately, there is a whole bunch of stuff in there I have no clue about. Fascinating reading, though! Does mf0/mf1 sound correct? If not, how would I find the driver info? Typical line in fstab: /dev/mfid0s1a / ufs rw 1 1 -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: snmpd strangeness
On Nov 19, 2008, at 4:09 PM, Ott Köstner wrote: John Almberg wrote: If not, how would I find the driver info? Typical line in fstab: /dev/mfid0s1a / ufs rw 1 1 Hey! # mount to see what is mounted I did this, but /dev/mfid0s1a didn't make much sense to me. # sysctl dev.mfi to see mfi information This I didn't know about. Thanks! I am using mfi in one of my systems. Mfi is LSI MegaSAS. Very good and fast raid controller, but unfortunatelly without management software for BSD. Thanks for the additional info! Brgds: John___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rsync throwing odd error
This is the week for strange problems... I use rsync to copy tinydns data files to backup name servers. This has been working for about a year with no problem. Suddenly, I am getting odd errors: /usr/local/bin/rsync -az -e 'ssh ' data.cdb [EMAIL PROTECTED]:/usr/ local/etc/tinydns/root/data.cdb channel 1: open failed: administratively prohibited: open failed The rsync does work. That is, the file is copied over. So this is actually a warning, I guess. On the other server, the one the file is being copied TO, the following is printed in /var/log/auth.log Nov 21 12:43:38 qu sshd[4604]: Address 67.111.0.194 maps to on.example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Nov 21 12:43:38 qu sshd[4604]: Accepted publickey for root from 67.111.0.194 port 55777 ssh2 I'm guessing this is some sort of DNS mis-match, but I don't quite grasp what the problem could be. Again, this did work without error or warning until recently. Something has changed, but not the DNS records. I'm stumped. Any ideas much appreciated. (I have changed the addresses in the examples above to protect the innocent (me!) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rsync throwing odd error
On Nov 21, 2008, at 12:50 PM, John Almberg wrote: This is the week for strange problems... I use rsync to copy tinydns data files to backup name servers. This has been working for about a year with no problem. Suddenly, I am getting odd errors: /usr/local/bin/rsync -az -e 'ssh ' data.cdb [EMAIL PROTECTED]:/ usr/local/etc/tinydns/root/data.cdb channel 1: open failed: administratively prohibited: open failed The rsync does work. That is, the file is copied over. So this is actually a warning, I guess. On the other server, the one the file is being copied TO, the following is printed in /var/log/auth.log Nov 21 12:43:38 qu sshd[4604]: Address 67.111.0.194 maps to on.example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Nov 21 12:43:38 qu sshd[4604]: Accepted publickey for root from 67.111.0.194 port 55777 ssh2 I'm guessing this is some sort of DNS mis-match, but I don't quite grasp what the problem could be. A... a reverse DNS problem! Sorry for the dumb question, but it's amazingly helpful to just write down the question clear enough for the group. It frequently clarifies the problem to the point where the answer becomes obvious, even to a newbie like me. DNS had been delegated to this server, but now that seems to be no longer working, so the reverse DNS look up is all wrong. That makes sense... an external change by the colo guys must have triggered this. Will get on to them, and that should short this problem out. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rsync throwing odd error
A... a reverse DNS problem! Nope... wasn't that. Reverse DNS was working fine. I just didn't know how to check it properly. Well, that was a good idea. Time to find another one! - John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD on a Mac Mini Intel?
On Nov 21, 2008, at 11:42 PM, Ian Jefferson wrote: Is anyone running FreeBSD on a Mac Mini Intel? I don't know the answer to your question, but don't think it's a crazy one. One of the most interesting things I've seen, lately, is a hosting company that uses stacks of Mac Minis running OS X Server. They may not be the thing for mission-critical services, but for day- to-day web hosting, they are far better (IMHO) than the typical WinTel or Linux white box systems that fill colo facilities. Need redundancy? Plunk down another $500 bucks! One of Apple's coolest products, I think. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to find files that are eating up disk space
Here is another newbie question that is driving me crazy, but is probably a laughable situation to an experienced admin... I've got a smallish server that is suddenly out of disk space in the '/' partition. Probably some log files have gotten out of hand. I am going to start looking for the culprits by hand... basically inspecting sub directories, but there must be a better way! Is there a command line tool that will help me figure out where the problem is? Even better, is there a way to proactively monitor the file system, so I can fix problems before I start getting 'out of disk space' errors? Any hints, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to find files that are eating up disk space
Is there a command line tool that will help me figure out where the problem is? I should probably have mentioned that what I currently do is run du -h -d0 / and gradually work my way down the tree, until I find the directory that is hogging disk space. This works, but is not exactly efficient. -d0 limits the search to the indicated directory; i.e. what you can see by doing ls -al /. Not superior to ls -al / and using the Mark I eyeball. sorry... I meant du -h -d1 directory What (I think) you want is du -x -h /: infinite depth, but do not cross filesystem mount-points. This is still broken in that it returns a list where the numbers are in a fixed-width fiend which are visually distinguished only by the last letter. Try this: du -x / and run the resu;ts through sort: sort -nr and those results through head: head -n 20 Thanks to everyone that suggested this. A much faster way to find the big offenders I have a cron job which does this for /usr and e-mails me the output every morning. After a few days, weeks at most, I know what should be on that list ... and what shouldn't and needs investigating. And this is a great proactive measure. Thanks -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to find files that are eating up disk space
Is there a command line tool that will help me figure out where the problem is? I should probably have mentioned that what I currently do is run du -h -d0 / and gradually work my way down the tree, until I find the directory that is hogging disk space. This works, but is not exactly efficient. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to find files that are eating up disk space
On Dec 17, 2008, at 1:53 PM, Karl Vogel wrote: On Wed, 17 Dec 2008 12:16:57 -0500, John Almberg jalmb...@identry.com said: J Is there a command line tool that will help me figure out where the [disk J space] problem is? I run a script every night to handle this. snip exit 0 -- Karl Vogel I don't speak for the USAF or my company Very helpful. Thanks, Karl. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suitability question
On Dec 18, 2008, at 4:25 PM, Patrick Baldwin wrote: Usually I'm asking questions for work related things. This one is more personal. My father has this tendency to end up wrecking his computer if he uses the Internet much. Computers are basically magic boxes to him, so education is of limited usefulness here. I'm thinking I might be best of trying to built him a really locked- down, high security box, almost an Internet appliance. All he really does is use the Web, and a little light word processing. What do people think of FreeBSD as the base OS for this idea? I like your idea of getting your father (or anyone, for that matter) off Windows, but I personally don't think Linux or FreeBSD are good desktop choices for 'normal' folk. A much better choice, in my humble opinion, is the inexpensive Apple Mac Mini. The way it works is you unplug the current cpu box and replace it with the Mini. You can use your current monitor, keyboard, printer, camera, etc. Unless some of these peripherals are ancient, it should be all plug and play (no hours of tinkering for you). Your father gets a nice computer that actually does what he wants it to do, and you get a box that you can turn into a FreeBSD *server* that you can use to learn all about running an unix box. I did this for my mom. All she wanted was Internet, email, and Word, but now she's doing all sorts of things that she would never have done with a *nix or Windows box, like getting an iPod for her morning walks, buying audio books from iTunes, taking photos and actually being able to download and print them(!), working on a family tree, etc. Best of all, it only took me a few minutes of work to set up and show her how it worked. If she wants to learn something new, she can take a lesson at the Apple Store. It's amazing how much a 'normal' person can do with a friendly computer. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How do I configure PHP to use curl?
I just ran into something that has me stumped. It's probably a real newbie question, but I can't figure it out... I'm trying to add curl support to my PHP installation, but when I run 'make config' in the /usr/ports/lang/php5 directory, curl is not one of the very small set of options given. PHP has a million options, so how do you set one that is not in the 'make config' box? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How do I configure PHP to use curl?
On Dec 30, 2008, at 1:26 PM, Michael Powell wrote: John Almberg wrote: I just ran into something that has me stumped. It's probably a real newbie question, but I can't figure it out... I'm trying to add curl support to my PHP installation, but when I run 'make config' in the /usr/ports/lang/php5 directory, curl is not one of the very small set of options given. PHP has a million options, so how do you set one that is not in the 'make config' box? -- John Try /usr/ports/lang/php5-extensions instead. This is where you add the million other options. Ah! I knew there was a simple answer. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How do I configure PHP to use curl?
On Dec 30, 2008, at 1:36 PM, Glen Barber wrote: On Tue, Dec 30, 2008 at 1:35 PM, Glen Barber glen.j.bar...@gmail.com wrote: On Tue, Dec 30, 2008 at 1:16 PM, John Almberg jalmb...@identry.com wrote: I just ran into something that has me stumped. It's probably a real newbie question, but I can't figure it out... I'm trying to add curl support to my PHP installation, but when I run 'make config' in the /usr/ports/lang/php5 directory, curl is not one of the very small set of options given. PHP has a million options, so how do you set one that is not in the 'make config' box? Have a look at lang/php5-extensions Whoops. My mailbox just updated; didn't realize this was answered. Sorry for that! This list is just t fast :-) It worked, by the way. And I upgraded to 5.2.8 while I was at it. I guess there were a couple of vulnerabilities with 5.2.7. Why does anyone use anything other than FreeBSD? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Web server password management
On Jan 2, 2009, at 2:36 AM, stan wrote: I am setting up an Aoache2 webserver, and I want to require authenticon for some of it's contents. I am thinking of using htaccess. Is there a package that I can install that will allow users to request that various account management tasks be done. What I have in mind is a page that let's people request accounts, allows me to approve these request, and updates the users for for htpassword? I don't use either of these, but have looked at them in the past. Maybe one will do what you need: http://www.syscp.org/ http://www.webmin.com/ -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Old user can't log in
Just ran into a strange problem... I have a long-standing user account on my FreeBSD box that no longer works. She can't ssh into the box, and I can't even su to her account. $ su jessica Password: su: setusercontext: Invalid argument Doing some googling, I did find people with similar problems, but I guess I don't understand the solutions :-) Someone suggested doing the following: # ktrace -di su jessica # kdump -f ktrace.out This produces tons of output... the last few lines contain the following: 59929 su NAMI /etc/nsswitch.conf 59929 su RET stat 0 59929 su CALL setgroups(0x11,0x7fffe5d0) 59929 su RET setgroups -1 errno 22 Invalid argument 59929 su CALL gettimeofday(0x7fffd810,0) 59929 su RET gettimeofday 0 59929 su CALL socket(0x1,0x2,0) 59929 su RET socket 3 59929 su CALL fcntl(0x3,0x2,0x1) 59929 su RET fcntl 0 59929 su CALL connect(0x3,0x7fffd7b0,0x6a) 59929 su NAMI /var/run/logpriv 59929 su RET connect 0 59929 su CALL sendto(0x3,0x7fffdd10,0x42,0,0,0) 59929 su GIO fd 3 wrote 66 bytes 35Feb 12 17:59:14 su: initgroups(jessica,1022): Invalid argument I guess this is a clue, but I have no idea what to do with it. All other users that I've tried work, so the problem seems to be tied to something in this particular user's account. The /etc/passwd and /etc/group files look fine. Any suggestions, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Old user can't log in
On Feb 12, 2009, at 7:19 PM, Chuck Swiger wrote: On Feb 12, 2009, at 3:14 PM, John Almberg wrote: Just ran into a strange problem... I have a long-standing user account on my FreeBSD box that no longer works. She can't ssh into the box, and I can't even su to her account. $ su jessica Password: su: setusercontext: Invalid argument Does group 1022 exist in /etc/groups? Yes Is the user a member of more than 16 groups? Actually, 15 plus it's own group, so yes, I guess exactly 16. I can guess what you're going to say next. Frack... Okay, I guess I can reorganize groups to eliminate this problem. Thanks for the hint (as they say, a hint to the wise is sufficient...) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Old user can't log in
On Feb 13, 2009, at 1:21 AM, Da Rock wrote: On Thu, 2009-02-12 at 21:52 -0800, Chuck Swiger wrote: On Feb 12, 2009, at 8:52 PM, Da Rock wrote: With reasonable organization, and appropriate use of sudo or setgid binaries for things like people who use SVN or CVS, there generally isn't reason or need for a user to be in so many groups. For the exceptional cases, switching to using a full ACL system rather than the traditional Unix permission model is probably going to be a better solution. Interesting. What would you suggest for full ACL? Well, it depends on what you're doing in terms of user requirements and systems (ie, are the FreeBSD boxes fileservers, clients, or both?), but the stuff which comes with FreeBSD is documented in acl(3), getfacl, setfacl, etc. Other choices might involve something like the Andrew File System / Transarc DFS stuff, or Windows Active Directory and Samba/CIFS on the FreeBSD boxes Regards, So you're talking in terms of the FS only? I thought you said the kernel wasn't capable? I'll have to look into this a more thoroughly, I'm intrigued to say the least. Not to say I'll ever probably use it, but it does present a limitation. I only ran up against the problem because I added this user to a bunch of other user's groups, so that she could edit those user's files. Easily refactored into something more sensible. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
tab-delimited to csv
Can anyone suggest a way to convert a tab-delimited file to csv using standard unix utilities? I could whip up a Ruby script to do it, but I hate to reinvent the wheel. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tab-delimited to csv
On Feb 16, 2009, at 12:16 PM, Adam Vande More wrote: John Almberg wrote: Can anyone suggest a way to convert a tab-delimited file to csv using standard unix utilities? I could whip up a Ruby script to do it, but I hate to reinvent the wheel. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- unsubscr...@freebsd.org if you just dealing with a few files, you could use thing like vi or and editor w/ regex capbilites to search and replace tabs w/ comma's. perl -pe ’s/\t/,/g’ table.tsv table.csv There's more to csv than commas, though. For example, if one of the fields contains commas, you need to wrap the field with quotes. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tab-delimited to csv
On Feb 16, 2009, at 12:55 PM, Roland Smith wrote: On Mon, Feb 16, 2009 at 11:55:50AM -0500, John Almberg wrote: Can anyone suggest a way to convert a tab-delimited file to csv using standard unix utilities? I could whip up a Ruby script to do it, but As long as the files don't contain commas themselves, Right, that's the tricky bit. I could use tr otherwise. I hate to reinvent the wheel. I'd whip up that script. There is a shareware tab2csv utility for windows for $49.95: http://www.download32.com/info-pack-com-tab2csv- i31827.html I'm working on it, right now. I also saw that windows utility, but doesn't help me much. OTOH, if you have a spreadsheet program like Gnumeric or OpenOffice installed, you might be able to script those to import from tab- delimited and export to CSV. Admittedly that is like using a nuke to kill a fly. Actually, the problem arises because I have a client who is exporting a 'database' file from Excel 2000 (don't ask), to .csv, and Excel is so stupid that it is not putting quotes around a field that contains commas. Duh. Excel seems to export to tab-delimited format without making any fatal errors, but I need a real .csv file for import. Thus my need to convert from tab to (real) csv. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tab-delimited to csv
On Feb 16, 2009, at 1:25 PM, Adam Vande More wrote: John Almberg wrote: On Feb 16, 2009, at 12:55 PM, Roland Smith wrote: On Mon, Feb 16, 2009 at 11:55:50AM -0500, John Almberg wrote: Can anyone suggest a way to convert a tab-delimited file to csv using standard unix utilities? I could whip up a Ruby script to do it, but As long as the files don't contain commas themselves, Right, that's the tricky bit. I could use tr otherwise. I hate to reinvent the wheel. I'd whip up that script. There is a shareware tab2csv utility for windows for $49.95: http://www.download32.com/info-pack-com- tab2csv-i31827.html I'm working on it, right now. I also saw that windows utility, but doesn't help me much. OTOH, if you have a spreadsheet program like Gnumeric or OpenOffice installed, you might be able to script those to import from tab- delimited and export to CSV. Admittedly that is like using a nuke to kill a fly. Actually, the problem arises because I have a client who is exporting a 'database' file from Excel 2000 (don't ask), to .csv, and Excel is so stupid that it is not putting quotes around a field that contains commas. Duh. Excel seems to export to tab-delimited format without making any fatal errors, but I need a real .csv file for import. Thus my need to convert from tab to (real) csv. -- John There is this: http://www.sat.dundee.ac.uk/arb/psion/ Have no idea if it complies or works as you want. But if you're dealing with just one so called database from Excel I would go with either checking the settings on the Excel export(in OO.org you can specify w/ or w/out quotes) as they may have missed the option. That was my first hope, but there doesn't seem to be a quote option in Excel 2000, hard as that is to believe... Unfortunately, they are a remote client, so I can't look at the 'Save As' options myself, but I spent a long time on the phone with them, trying to get them to look for such an 'advanced' option. No luck. It's either not there, or they are blind. Or simply get the original file, open it in OO.org and do it from there as was basically suggested earlier. That would be easy, but they upload this file frequently, and I need an automated solution. I would have thought something like would exist as it's certainly useful like dos2unix Me too. Weird. I've got a prototype working, but now I've discovered that even the tab delimited file is malformed... the Ruby CSV Library chokes on one of the data lines. Illegal use of quotes. Bummer... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Battery powered, SBC that can run BSD
Hope this isn't too off topic... And I'm not sure of my terminology... I'm looking for a small, single board computer that can run for a week or two on batteries (so very low power drain), topped up by solar cells when the sun is out, and that can run some sort of unix... preferably one of the BSDs. No hard drive, obviously, or any other power draining peripherals. The user interface would be a low powered LCD display plus some buttons. The application is for a custom measuring instrument that would run in a marine environment. I've been Googling for it for the last hour, but can't find what I'm looking for. Any ideas much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Battery powered, SBC that can run BSD
On Mar 5, 2009, at 9:12 AM, George Davidovich wrote: soekris.com Nice. Thanks. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / partition full
On Mar 13, 2009, at 8:46 AM, Bill Moran wrote: In response to Wojciech Puchar woj...@wojtek.tensor.gdynia.pl: good lesson to NOT make multiple partitions :) And when a rogue app fills up /var and kills 4 other apps that could have kept going ... are we then learning conflicting lessons? Enterprise-class servers should have many partitions to separate different functions and protect apps from each other. This newbie admin agrees with this. Having a separate /var partition, in particular, has saved my bacon several times, at least until I figured out how to turn mysql-bin files off. The /var partition was at 100%, but the server kept going so I could diagnose and find the problem. Whew! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
links vs real directories
I always thought that links to real directories were pretty much the same as real directories, but I've just discovered a situation where they are not and I'm wondering if I'm doing something wrong... I have a Ruby on Rails application running on a FreeBSD server. All Rails apps use the same directory structure, that consists of an application directory, plus a number of subdirectories. One of these sub directories is called 'config'. I would like to move this config directory out of the main Rails app directory, and then add a link from the app directory to the moved config directory. so: app -- config will become app -- config(link) -- config Basically, what I'm doing is: cd ~/app # now in directory with real 'config' dir mv config ~/shared/config ln -s ~/shared/config config That moves the directory and creates a functional link to it (I tested it), but Rails doesn't like it and refuses to run the app. The permissions are correct, I believe: [mas...@on:current] ls -l total 34 ... snip ... drwxrwxr-x 3 master master 512 Mar 16 11:06 bin drwxrwxr-x 3 master master 512 Mar 16 11:06 components lrwxr-xr-x 1 master master26 Mar 16 11:07 config - /home/ master/shared/config drwxr-xr-x 4 master master 512 Mar 16 11:06 db etc... So, I guess a link is NOT exactly equivalent to a directory. At least not the way I am doing it. I'm guessing I'm making a real newbie mistake, so if anyone can set me straight, I'd appreciate it. Thank: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: links vs real directories
On Mar 16, 2009, at 11:22 AM, John Almberg wrote: I always thought that links to real directories were pretty much the same as real directories, but I've just discovered a situation where they are not and I'm wondering if I'm doing something wrong... I have a Ruby on Rails application running on a FreeBSD server. All Rails apps use the same directory structure, that consists of an application directory, plus a number of subdirectories. One of these sub directories is called 'config'. I would like to move this config directory out of the main Rails app directory, and then add a link from the app directory to the moved config directory. so: app -- config will become app -- config(link) -- config Basically, what I'm doing is: cd ~/app # now in directory with real 'config' dir mv config ~/shared/config ln -s ~/shared/config config That moves the directory and creates a functional link to it (I tested it), but Rails doesn't like it and refuses to run the app. The permissions are correct, I believe: [mas...@on:current] ls -l total 34 ... snip ... drwxrwxr-x 3 master master 512 Mar 16 11:06 bin drwxrwxr-x 3 master master 512 Mar 16 11:06 components lrwxr-xr-x 1 master master26 Mar 16 11:07 config - /home/ master/shared/config drwxr-xr-x 4 master master 512 Mar 16 11:06 db etc... So, I guess a link is NOT exactly equivalent to a directory. At least not the way I am doing it. I'm guessing I'm making a real newbie mistake, so if anyone can set me straight, I'd appreciate it. Thank: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- unsubscr...@freebsd.org A little more information on this... from the Rails log, I can see that a Ruby script in the config directory cannot load ('require') a needed file because it can't find it: /usr/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require': no such file to load -- application (MissingSource File) It looks like this require statement is using a relative path, like '../path/to/file'. Does '..' not work properly with a soft link? In other words, '..', should mean ~/app, but since the config directory is really in '~/shared', perhaps '..' translates to '~/shared'? That would cause the problem finding the file. Is there a way around this problem? Digging in man ls, right now.. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: links vs real directories
On Mar 16, 2009, at 11:39 AM, Erik Trulsson wrote: On Mon, Mar 16, 2009 at 11:22:13AM -0400, John Almberg wrote: I always thought that links to real directories were pretty much the same as real directories, but I've just discovered a situation where they are not and I'm wondering if I'm doing something wrong... A *soft* link to a directory entry (be it a directory or a file or something else) is not quite equivalent to the original entry since they are easily distinguished and some programs do treat softlinks differently from other targets. I can see that, now... If I create a soft link to ~/shared/config, and then cd into the directory, when I type 'ls ..', I get the listing for ~/shared, not ~/app. Bummer... I've just dug through man ln, and don't see any obvious solution. Since this must be a problem for anyone who wants to do something like this, I guess I am taking the wrong approach, altogether. Will have to re-think this smell of burning rubber commences... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: links vs real directories
On Mar 16, 2009, at 11:47 AM, John Almberg wrote: On Mar 16, 2009, at 11:39 AM, Erik Trulsson wrote: On Mon, Mar 16, 2009 at 11:22:13AM -0400, John Almberg wrote: I always thought that links to real directories were pretty much the same as real directories, but I've just discovered a situation where they are not and I'm wondering if I'm doing something wrong... A *soft* link to a directory entry (be it a directory or a file or something else) is not quite equivalent to the original entry since they are easily distinguished and some programs do treat softlinks differently from other targets. I can see that, now... If I create a soft link to ~/shared/config, and then cd into the directory, when I type 'ls ..', I get the listing for ~/shared, not ~/app. Bummer... I've just dug through man ln, and don't see any obvious solution. Since this must be a problem for anyone who wants to do something like this, I guess I am taking the wrong approach, altogether. Will have to re-think this smell of burning rubber commences... Okay! I guess I wasn't the first to have this problem... lndir (in ports) solves the problem by creating a set of soft links for all the files in the 'linked' directory. Kinda kludgy, but it works. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
utility that scans lan for client?
I've tried googling for this, but I guess I don't know the name of a utility such as this... What I'm looking for is a utility that can scan a LAN for attached clients... i.e., computers that are attached to the LAN. I have one box (an appliance that I have no access to), that is on the LAN but I don't know what IP address it's using. I'd like to complete my network map, and that is the one empty box on my chart. Yes, I am obsessive :-) Any help, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: utility that scans lan for client?
On Mar 23, 2009, at 3:10 PM, Mel Flynn wrote: On Monday 23 March 2009 19:59:36 John Almberg wrote: I've tried googling for this, but I guess I don't know the name of a utility such as this... What I'm looking for is a utility that can scan a LAN for attached clients... i.e., computers that are attached to the LAN. I have one box (an appliance that I have no access to), that is on the LAN but I don't know what IP address it's using. I'd like to complete my network map, and that is the one empty box on my chart. security/nmap If the box pings, you can simply scan your LAN like: $ nmap -sP 192.168.2.0/24 Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-23 11:05 AKDT hosts snipped Nmap done: 256 IP addresses (18 hosts up) scanned in 1.11 seconds There's tons of options available (including OS fingerprinting), most of which will require root to run as it needs on-the-fly changes to IP packets. That did it. Beautiful. Thanks. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: utility that scans lan for client?
On Mar 23, 2009, at 3:19 PM, David Kelly wrote: On Mon, Mar 23, 2009 at 02:59:36PM -0400, John Almberg wrote: I've tried googling for this, but I guess I don't know the name of a utility such as this... What I'm looking for is a utility that can scan a LAN for attached clients... i.e., computers that are attached to the LAN. I have one box (an appliance that I have no access to), that is on the LAN but I don't know what IP address it's using. I'd like to complete my network map, and that is the one empty box on my chart. How about something as simple as arp -a? This lists the arp cache of machines recently heard by your machine. If you know the IP address of the machine in question and its not in your arp table, ping it. Then the MAC address will appear unless there is a router between here and there. No need to be root. H'mmm. This is also very interesting. nmap did not find this appliance, as it turns out. But arp -a did found something on 192.168.1.107 (see below) server1 (192.168.1.106) at 0:13:d4:45:45:31 on en1 [ethernet] server2 (192.168.1.107) at (incomplete) on en1 [ethernet] server3 (192.168.1.108) at 0:23:12:f8:5e:fd on en1 [ethernet] I'm guessing this appliance (a Vonage phone adapter) is doing something non-standard. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: utility that scans lan for client?
I suspect that you don't have a switch that can port 'mirror' or 'span'. If you do, let us know. Otherwise, if you *really* want to find out what is on your switched Ethernet network, and nmap/arp etc. isn't enough, then I'd recommend an application called 'ettercap'. It runs on the CLI, and a colleague also has a nice GUI for it (under Linux) as well. This will allow you to infiltrate the network at Layer-2 by arp poisoning all connected devices, and intercepting all traffic. Essentially, you perform a MitM, and you become the host (or in a small environment the default gw) that the device is trying to talk to. This way, you can find out not only what the host is, but what it is saying. Please understand that this approach has significant side effects. You can do extensive harm to your local network by using this approach, so read up on it, and be careful. Know what you are doing, and know the ramifications of simply disconnecting yourself from the network prior to stopping the procedure. Not only that, but if you don't own control of the switched environment, this is a very good way to get yourself blocked completely from it. This tactic, and port mirror/span/monitor are the easiest ways to know what is really going on with regards to the wire (if you don't have ACL's and other mitigation/protection strategies already in place). Thanks. This is probably overkill for this little LAN. There are only 8 machines on it, mainly servers and a big printer and this Vonage device. The clients are mainly wireless devices that come and go, depending on who is in the building. The network is just one Cisco router and an Apple Airport Extreme for wireless (the best wireless access point I've ever used.) The wireless network just extends the wired LAN, so all wired and wireless devices are in the same address space. We actually have a couple cheap Airport Express boxes spread around the building, but they are essentially repeaters for the Airport Extreme, to extend the range. All the machines are either FreeBSD servers or Apple laptops (with the occasional rogue Windows laptop that sneaks in :-) The whole network is simple and cheap, with a minimum of wires, but it works. It just bugged me that I didn't know the IP address of the Vonage box. - John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to recover after power outage
Blast... my beautiful FreeBSD servers were rudely switched off when my data had a power outage a couple hours ago. They restored power about 30 minutes later, and one box came up no problem. The other has a login prompt on the serial console, but my login does not work. I get a Login incorrect message, even though the username/ password is correct. When I try to SSH into the box, I get this (server name changed): $ ssh u...@example.com -p 48420 ssh: connect to host example.com port 48420: Connection refused In other words, I seem to be locked out. I don't want to do anything drastic without having a good idea what I'm doing. Any suggestions, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to recover after power outage
On Apr 5, 2009, at 4:41 AM, Glen Barber wrote: On Sun, Apr 5, 2009 at 2:59 AM, John Almberg jalmb...@identry.com wrote: Blast... my beautiful FreeBSD servers were rudely switched off when my data had a power outage a couple hours ago. They restored power about 30 minutes later, and one box came up no problem. The other has a login prompt on the serial console, but my login does not work. I get a Login incorrect message, even though the username/ password is correct. Can you log in as *any* user? Even root login fails? Can't log in at all. When I try to SSH into the box, I get this (server name changed): $ ssh u...@example.com -p 48420 ssh: connect to host example.com port 48420: Connection refused In other words, I seem to be locked out. I don't want to do anything drastic without having a good idea what I'm doing. Any suggestions, much appreciated. What was the previous (estimated) uptime on the machine? Several months, at least. In other words, did you change something and not/forget to restart the service? I don't believe so, but if I forgot it, then I guess anything is possible. Have you tried ssh-ing to port 22 to see if the setting was changed back to default? I can't at the moment, because the guys at NYI are working on the box. They have run fsck, which doesn't seem to have solved the problem. Are there any other services on this box? If so, are they running? The main app is MySQL. I don't think it is running, but can't really tell unless I can log in. I have backups, and while NYI is trying to get this box running, I'm setting up a new database server, just in case... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to recover after power outage
The main app is MySQL. I don't think it is running, but can't really tell unless I can log in. I have backups, and while NYI is trying to get this box running, I'm setting up a new database server, just in case... If you were lucky having the guys at NYI login to single user mode at the console and run fsck in an attempt to clear up minor file system damage would have squared things away. MySQL is not real happy if there has been fs damage to the underlying files and their .bin logs. However, not being able to log in to a basic service like SSH is not good. Whether or not MySQL wants to come up SSH should still be working. In the end the guys at NYI are probably going to have to do a full system load and restore the last backup, and/or replace defective hardware. I have seen old hard drives in RAID arrays that had perked along for years show no hint of any problem. Power down the machine to do something like blow the dust out or stick in some more memory sticks and it won't come up again. Had I not powered down it may have happily run a while longer. I have seen drives fail like this before, especially when they are fairly old. At this stage you can only emit SIGH and replace/rebuild. But if the NYI guys are responsible for providing you with a running system the onus is on them to get it going again, at least up to a certain point. After that you would need to pick up and carry the ball the rest of the way. Okay, so the machine is back online and I can log in again. The hardware is only 18 months old or so... good quality stuff, so hopefully nothing is physically damaged. We'll see... Unfortunately, mysql isn't working at the moment... will make a backup of data (I have the previous night's backup, of course, but would like the latest, if possible.) Then will try to figure out what's working and what's not. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to recover after power outage
On Apr 5, 2009, at 2:10 PM, Michael Powell wrote: John Almberg wrote: [snip] Okay, so the machine is back online and I can log in again. The hardware is only 18 months old or so... good quality stuff, so hopefully nothing is physically damaged. We'll see... Unfortunately, mysql isn't working at the moment... will make a backup of data (I have the previous night's backup, of course, but would like the latest, if possible.) Then will try to figure out what's working and what's not. Check the machine-hostname.err file when you manually try and start MySQL. Provided that you have mysql_enable=YES in /etc/rc.conf you should be able to manually attempt to start with /usr/local/etc/rc.d/mysql-server start (it seems to work reliably when you type out the entire command path- wise). Note that if somehow permissions on the my.cnf file got changed MySQL won't start if my.cnf is world writable. Check for stale PID and sockets. Normally these shouldn't be a problem as a startup will just overwrite them. Check these to eliminate any wonkiness, e.g. some permission change isn't allowing for MySQL to wipe the old ones. The whateverthehostname.err log and possibly /var/log/messages might give some clue for what's going on. If the database files are corrupt just clean them out and replace with a backup done with dump. Ensure the /var/ db/mysql tree is chowned mysql:mysql. If you had to install/reinstall from ports the install should have created the appropriate uid/gid accounts. Check and see if these are missing. At any rate I wish you the best of luck. Now that you can SSH in you can probably fix it up. Well, I had to give up, temporarily, on this server to get my clients back online. I took a nice machine I had laying around, loaded a fresh copy of FreeBSD on it, installed mysql, and loaded the Saturday morning database backup. I had to set up all the database permissions correctly, which took some time, but I'm happy to say that I've got all my clients back online with this new database server. Now I am going to catch a couple hours sleep (this has been going on since 2 am). Once I restore some brain cells, I'll see if I can figure out what's happening with the main database server. NYI has taken it off line, for some reason, and I can't log into it anyway, at the moment. Thanks for all the helpful advice. It's great to have this list to fall back on in a crisis. Brgds: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to recover after power outage
Check the machine-hostname.err file when you manually try and start MySQL. Provided that you have mysql_enable=YES in /etc/rc.conf you should be able to manually attempt to start with /usr/local/etc/rc.d/mysql-server start (it seems to work reliably when you type out the entire command path- wise). Note that if somehow permissions on the my.cnf file got changed MySQL won't start if my.cnf is world writable. Check for stale PID and sockets. Normally these shouldn't be a problem as a startup will just overwrite them. Check these to eliminate any wonkiness, e.g. some permission change isn't allowing for MySQL to wipe the old ones. The whateverthehostname.err log and possibly /var/log/messages might give some clue for what's going on. If the database files are corrupt just clean them out and replace with a backup done with dump. Ensure the /var/ db/mysql tree is chowned mysql:mysql. If you had to install/reinstall from ports the install should have created the appropriate uid/gid accounts. Check and see if these are missing. At any rate I wish you the best of luck. Now that you can SSH in you can probably fix it up. Okay, so my new database server is running with backup data and I am trying to salvage the old database, or what's left of it. Unfortunately, it seems like what's left of it, is not much. the /var/db/mysql directory tree is now a file: qu# ls -l /var/db/mysql -rwx-- 2 mysql wheel 1024 Jul 5 2008 /var/db/mysql The situation looks hopeless to me. Is it? Another question: given that the file system took a major hit, should I try to fix it, or just do a clean install? I'm leaning towards the clean install since I've been meaning to upgrade this machine to 7.1 anyway. Is there anyway to fix the file system, reliably? fsck doesn't seem to be able to solve all the problems. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to remove all files with a certain extension
This is a real newbie question, but I can't figure it out... I want to remove all .tar files from a directory tree. I think something like the following should work, but I must have something wrong, because it doesn't: find . -name *.tar -exec rm /dev/null {} \; What am I doing wrong? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to remove all files with a certain extension
On Apr 6, 2009, at 4:57 PM, John Almberg wrote: This is a real newbie question, but I can't figure it out... I want to remove all .tar files from a directory tree. I think something like the following should work, but I must have something wrong, because it doesn't: find . -name *.tar -exec rm /dev/null {} \; What am I doing wrong? Oh, duh... that /dev/null shouldn't be there. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to remove all files with a certain extension
On Apr 6, 2009, at 5:11 PM, Dan Nelson wrote: In the last episode (Apr 06), John Almberg said: This is a real newbie question, but I can't figure it out... I want to remove all .tar files from a directory tree. I think something like the following should work, but I must have something wrong, because it doesn't: find . -name *.tar -exec rm /dev/null {} \; find . -name *.tar -delete Make sure you quote your wildcards so the shell doesn't expand them, and use the -delete primary to save a fork/exec for each filename. Fantastic. I never noticed the -delete option before. Amazing what you can find in a man page if you know it's there :-) Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How big can a tar file get?
Because of a big problem I had this weekend, I need to do an emergency backup. I'm basically just creating a tar file of my /home directory. My question: how big can a file get on FreeBSD? This tar.gz file is already 5G. Hard drive space is no problem, but as I'm watching this file grow, I'm wondering if there is some file size limit that is going to make this long backup abort. Naturally, that will happen when the backup is almost complete :-) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How big can a tar file get?
On Apr 6, 2009, at 7:28 PM, Adam Vandemore wrote: John Almberg wrote: Because of a big problem I had this weekend, I need to do an emergency backup. I'm basically just creating a tar file of my / home directory. My question: how big can a file get on FreeBSD? This tar.gz file is already 5G. Hard drive space is no problem, but as I'm watching this file grow, I'm wondering if there is some file size limit that is going to make this long backup abort. Naturally, that will happen when the backup is almost complete :-) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- unsubscr...@freebsd.org http://en.wikipedia.org/wiki/Unix_File_System Max file size 2^73 bytes (8 ZiB http://en.wikipedia.org/wiki/Zebibyte) That should just about do it... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How big can a tar file get?
With the default blocksize (16384) UFS2 can deal with files up to 128TB. However traditional tar only supports up to 8GB while the newer ustar format goes up to 64GB. It seems that at least on 7.x tar creates ustar archives by default Well, I'm already past 10GB, so good thing I'm on 7.1. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: C programming question
On Apr 7, 2009, at 5:41 AM, Valentin Bud wrote: Hello community, I have built with a micro controller a system of power plugs that can be controlled through the serial port. I have 2 plugs that i can start/stop and check the status of them. This is accomplished by sending different letters (eg. A/W) to start/stop one of the plugs and another set of letter for the other plug and one letter to check the status. Taking into account the fact that my C skills are almost 0 how complicated would be to write a program so I can control that micro controller through the serial port. Or is there some kind of program that can read/write from/to the serial port from the command line. I don't want an interactive program like minicom, just a program that connects and send a command (a letter in my case) to the serial port. Why not minicom (or any other program like it)? My goal is to be able to start/stop the plugs using a web interface. I have tried using minicom and background it but when i log out minicom closes. If minicom is started i can send commands to ttyd0 with echo, but i can't read anything from serial. Now back to my original question, how hard/complicated will it be to write a C program to control the micro controller through the serial port. Of course on FreeBSD :). More complicated than you need. The last time I twiddled bits on a serial port, the choice was Assembler, or C, but today my choice would be Ruby. You can probably do whatever you want with a few lines of Ruby, rather than many lines of C. And since you don't know either language, you might as easily learn Ruby as C. Unless you are going to start writing low level code, a high level language like Ruby will let you write any program you need. I haven't needed to write a line of C code in probably 20 years. Check out the Ruby serial port library: http://ruby-serialport.rubyforge.org/ The standard Ruby book is Programming Ruby (http:// www.pragprog.com). If you don't know programming at all, they have a Learn to Program book that uses Ruby as a first language. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: low-level format before install?
On Apr 7, 2009, at 3:37 PM, Chuck Swiger wrote: On Apr 7, 2009, at 12:15 PM, John Almberg wrote: Well, I've got real problems with that database server that lost power over the weekend. We reloaded FreeBSD from scratch and then reinstalled mysql, and pf. I loaded up my database and switched over all my customer's websites. The database server ran fine for about 2 minutes, and then died. At the moment, I can't even ssh into the machine, although they can get into it using a keyboard/ monitor at the data center. In other words, sshd is not working. That sounds like either a hardware problem (ie CPU overheating or marginal PSU failing under production load), or less likely, some kind of software misconfiguration. System logs would be useful to see whether any signs of trouble are being mentioned. Apparently, power was fluctuating drastically before they decided to cut power, so a hardware problem is a definite possibility. A PSU failure would not surprise me in the circumstances. Assuming I can ever ssh in again, what log would hardware failures be reported to? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
low-level format before install?
Well, I've got real problems with that database server that lost power over the weekend. We reloaded FreeBSD from scratch and then reinstalled mysql, and pf. I loaded up my database and switched over all my customer's websites. The database server ran fine for about 2 minutes, and then died. At the moment, I can't even ssh into the machine, although they can get into it using a keyboard/monitor at the data center. In other words, sshd is not working. I am now wondering what kind of format the FreeBSD install process does by default, and if it is possible to do a low level format, first, to block out any bad sectors (not sure if this is the right terminology). I'm starting to get real depressed about this machine... You would think a top-tier data center could keep the power on... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: low-level format before install?
Thanks for all the tips. At least I have something to start with. The guys in the data center reinstalled FreeBSD (the filesystem was totally corrupted again), and then ran what they called SMART test, which might be smartctl, and said the hard drives look good. I am now able to get back in. So the system ran fine until I put a load on it with the database (many transactions a second). This corrupted the file system again. So I guess I need to load it enough to produce error messages (hopefully) but not enough to destroy the file system again. Sounds like fun :-( This is an Intel server, not a crummy white box, so hopefully it is smart enough to monitor its own hardware at least a bit. We'll see. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to diagnose hardware problem?
I have what looks like a hardware problem with an Intel 1U server, which I am using mainly as a mysql database server for some of my bigger website clients. The server went down last week with a badly corrupted file system. After spending a day trying to fix the file system, we gave up and did a fresh install of FreeBSD, PF, and mysql, using our daily backups to restore the database. It all seemed to work fine until I switched the websites from the temporary database server that I had been using, onto the restored server. The database ran well for about 2 minutes, then the server crashed again. The filesystem was again corrupted so badly that we could not even log in to look at the logs. We've reinstalled FreeBSD again, just to be able to SSH into the box. It looks like there is probably a hardware problem, like a bad power supply or overheating CPU that fails when the load of the database is applied. Problem is, I have no idea how to determine which bits are failing. Can anyone suggest a favorite book or website that focuses on how to troubleshoot hardware issues? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to diagnose hardware problem?
First things first; if the machine is still in warranty, don't mess with it but send it back to the manufacturer and demand a replacement. It is in warranty and I am following their process. I'm hoping to short-circuit that process by finding the problem on my own, if possible. Plus, I've never really had to deal with a hardware failure before, so it's a good learning process. If the machine is out of warranty, you might consider replacing it altogether. My employer's IT department ditches PC's and servers at the first failure after the warranty runs out. Accordinf to them it's cheaper than repairing them. But if you want to have a go, this might help: http://www.daileyint.com/hmdpc/manual.htm Basically, it's just a problem of elimination. First check if your machine is the only one having problems at the hosting site. Maybe they have unstable electrical power. Then make sure that all expansion cards and RAM are well-seated, and that all connectors are OK. Also check that there is no dust build- up on e.g. fans and heatsinks. If necessary, clean carefully with (dry, oil free) compressed air. Dust can lead to short circuits or reduced cooling. Next, look for capacitors that have leaked fluid, or have bulging metal end plates on the motherboard; those are dead or dying. It's a leading cause of motherboard failure. It is possible to replace them, but you'll need the right equipment: http://www.tomshardware.com/reviews/fixing-motherboard,1606.html Install a monitoring program like mbmon or healthd, and have it log to another machine or a USB stick mounted syncronously. Monitor CPU temperature, fan speeds and the different voltages. Not all power supplies are created equally. See the articles at tom's hardware: http://www.tomshardware.com/reviews/Components,1/Power-Supplies,6/ If you've found nothing so far, it's time to start swapping out components, starting with the power supply. This is all good stuff to try. Thanks. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: How to diagnose hardware problem?
On Apr 13, 2009, at 2:32 PM, Wojciech Puchar wrote: The database ran well for about 2 minutes, then the server crashed again. The filesystem was again corrupted so badly that we could not even log in to look at the logs. did memtest? it looks like it's fine until you stress your hardware I didn't, but I just installed it and am running it at the moment. So far, so good. The machine has 1G of memory, but I could not get an mlock unless I request 100 Meg or less. That is, I need to run something like: # memtest 100 Does this sound right? If I run with 125 Meg, I get the following: # memtest 125 memtester version 4.0.8 (64-bit) Copyright (C) 2007 Charles Cazabon. Licensed under the GNU General Public License version 2 (only). pagesize is 4096 pagesizemask is 0xf000 want 125MB (131072000 bytes) got 125MB (131072000 bytes), trying mlock ...failed for unknown reason. Continuing with unlocked memory; testing will be slower and less reliable. Loop 1: Stuck Address : ok Random Value: ok Compare XOR : ok Compare SUB : ok Compare MUL : ok etc... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
where to grab source tarball?
I'm trying to upgrade FreeBSD from source, but my /usr/src directory is empty. Absolute FreeBSD glibly says to grab the source tarball from a FreeBSD mirror. I found a list of mirrors here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors- ftp.html But it isn't clear to me which tarball I need to 'grab', or where it is on the mirror. Basically, I want to get to the point where I can type: cd /usr/src make buildworld And build FreeBSD 7.1-RELEASE I'd like to download the source to the server, rather than inserting a CD in the machine, since Im 2 hours away from the machine. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: where to grab source tarball?
On Apr 15, 2009, at 4:10 PM, John Almberg wrote: I'm trying to upgrade FreeBSD from source, but my /usr/src directory is empty. Absolute FreeBSD glibly says to grab the source tarball from a FreeBSD mirror. Never mind. I figured out how to do this using csup, which will help with later upgrades. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Upgrading from 6.3 to 7.1 -- how dangerous?
I need to upgrade a live, production server from 6.3 to 7.1. I can't afford to have any troubles with this server. I have Absolute FreeBSD and a few other BSD books, and the upgrade process looks fairly straightforward. That's the theory... Real world question: how scared should I be? I've thought about setting up a dummy server, just to practice on. Is this a good idea? Or am I just a nervous Nellie? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sorting out owner and group permissions...
I have a directory called 'scans' that is owned by 'master', but I want to allow 'customer' to FTP images to that directory. This is the way I have permissions set: # ls -l drwxrwxr-x 5 master customer 251904 Apr 20 10:29 scans The problem is that when customer ftp's a file to the directory, the permissions end up like this: -rw-r- 1 customer customer 772584 Apr 20 15:28 image.jpg When a process run by 'master' tries to copy this file to another directory (also owned by master), I get the following: # cp scans/image.jpg thumbs/image.jpg cp: scans/image.jpg: Permission denied The only solution that occurs to me smells like a newbie kludge: to have a root cron job periodically chown all the images to master:customer. This seems like the proverbial sledgehammer. There must be a better way? Any thoughts, much appreciated! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sorting out owner and group permissions...
On Apr 20, 2009, at 2:48 PM, John Almberg wrote: I have a directory called 'scans' that is owned by 'master', but I want to allow 'customer' to FTP images to that directory. This is the way I have permissions set: # ls -l drwxrwxr-x 5 master customer 251904 Apr 20 10:29 scans The problem is that when customer ftp's a file to the directory, the permissions end up like this: -rw-r- 1 customer customer 772584 Apr 20 15:28 image.jpg When a process run by 'master' tries to copy this file to another directory (also owned by master), I get the following: # cp scans/image.jpg thumbs/image.jpg cp: scans/image.jpg: Permission denied The only solution that occurs to me smells like a newbie kludge: to have a root cron job periodically chown all the images to master:customer. This seems like the proverbial sledgehammer. There must be a better way? Any thoughts, much appreciated! Well, I did figure out one way that seems reasonable... since I am using pureftpd, I changed the upload mask in the pureftpd configuration so new files are created with permissions like: -rw-r--r-- 1 customer customer 93177 Apr 20 20:12 image.jpg This seems like a pretty good approach, but if there's a better one, I'm all ears! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
cvsup blues
I am trying to update my ports collection on a new server using cvsup. I've added a mirror site to my ports-supfile, but keep getting the following error message: on# csup -g -L 2 /root/ports-supfile Parsing supfile /root/ports-supfile Connecting to cvsup7.us.FreeBSD.org Cannot connect to 64.215.216.140: Operation not permitted Will retry at 09:13:28 I've tried several different mirror sites, so the problem seems to be on my side (unless all the mirror sites are locked?) Any ideas? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cvsup blues
The csup servers do have a rate-limiting feature on them. However, I think it gives a different error message than that. Operating not permitted makes it seem more like a networking issue on the local machine. Can you ping the IP? Firewall blocking outgoing ports? I pinged a few of the mirror sites to choose the fastest one, so, yes I can ping them. I turned off PF temporarily to see if it could be a firewall problem. No difference. I'm also having problems installing ports. I wanted to get vim installed while trying to figure out this port upgrade problem. Vim uses lots of files and a bunch of them downloaded when I typed 'make install clean', but then I ran into a batch that give an error message like below. I can fetch the files manually, using wget (which installed with no problem), but I'm getting a lot of these problems, which means its going to take about 5 years to install all the ports I need. I've never had this problem, before... weird. -- John = Attempting to fetch from ftp://ftp1.freebsd.org/pub/FreeBSD/ports/distfiles/gnome2/. fetch: libxml2-2.7.3.tar.gz: local modification time does not match remote = Attempting to fetch from ftp://fr.rpmfind.net/pub/libxml/. fetch: libxml2-2.7.3.tar.gz: local modification time does not match remote = Attempting to fetch from ftp://gd.tuwien.ac.at/pub/libxml/. fetch: libxml2-2.7.3.tar.gz: local modification time does not match remote = Attempting to fetch from ftp://xmlsoft.org/libxml2/. fetch: libxml2-2.7.3.tar.gz: local modification time does not match remote = Attempting to fetch from ftp://ftp1.freebsd.org/pub/FreeBSD/ports/distfiles/gnome2/. fetch: libxml2-2.7.3.tar.gz: local modification time does not match remote = Couldn't fetch it - please try to retrieve this = port manually into /usr/ports/distfiles/gnome2 and try again. *** Error code 1 Stop in /usr/ports/textproc/libxml2. *** Error code 1 Stop in /usr/ports/textproc/libxml2. *** Error code 1 Stop in /usr/ports/textproc/libxslt. *** Error code 1 Stop in /usr/ports/textproc/libxslt. *** Error code 1 Stop in /usr/ports/x11/libxcb. *** Error code 1 Stop in /usr/ports/x11/libX11. *** Error code 1 Stop in /usr/ports/x11-toolkits/libXt. *** Error code 1 Stop in /usr/ports/editors/vim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cvsup blues
John Almberg wrote: I am trying to update my ports collection on a new server using cvsup. I've added a mirror site to my ports-supfile, but keep getting the following error message: on# csup -g -L 2 /root/ports-supfile Parsing supfile /root/ports-supfile Connecting to cvsup7.us.FreeBSD.org Cannot connect to 64.215.216.140: Operation not permitted Will retry at 09:13:28 I've tried several different mirror sites, so the problem seems to be on my side (unless all the mirror sites are locked?) Okay, well, it must have been a short-term problem on the mirror side. I tried it several times over the last 1/2 hr, and it suddenly started working... Computers! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
required apache22 modules
I'm installing Apache22 on a new server and for once, I'd like to install just the modules I need, instead of the default mess. I've been googling for this answer, but can't seem to find it: Are any apache modules *required*? Or can I just disable them all and then add them in as I need them? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Why does soft link in /var/log disappear?
I didn't make my /var partition big enough, way back when, and have had to move my /var/log/www directory to another partition. I did this by moving the directory, and then adding a soft link from /var/log to the moved directory, using something like: ln -s /home/wwwlog /var/log/www This works great, but something is deleting the soft link. Is there anything in the freebsd base that 'cleans up' the /var/log directory? Any hints on how I can discover what is doing this clean up, or a way to protect this link from being deleted? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IP Address not working?
I have a Freebsd box that has had just one IP address for a long time. I am trying to add another to run a website with it's own IP, ssl cert, etc. I've added IP addresses to boxes before without problem, but either this box has a problem, or I've forgotten something important (probably the latter.) on# uname -a FreeBSD on.identry.com 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 07:18:07 UTC 2009 r...@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 I have the new address (66.111.0.251) configured: on# ifconfig em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=19bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4 ether 00:0e:0c:ea:af:c2 inet 66.111.0.250 netmask 0xffc0 broadcast 66.111.0.255 inet 66.111.0.251 netmask 0x broadcast 66.111.0.251 media: Ethernet autoselect (100baseTX full-duplex) status: active The interface responds to pings: $ ping 66.111.0.251 PING 66.111.0.251 (66.111.0.251): 56 data bytes 64 bytes from 66.111.0.251: icmp_seq=0 ttl=20 time=16.474 ms And IFF I am logged into the server I can access the website using lynx, or by using telnet to access the page: on# telnet test.gradedstamps.com 80 Trying 66.111.0.251... Connected to test.gradedstamps.com. Escape character is '^]'. GET /test.html HTTP/1.1 host: test.gradedstamps.com HTTP/1.1 200 OK Date: Fri, 25 Mar 2011 12:25:40 GMT Server: Apache/2.2.14 (FreeBSD) mod_ssl/2.2.14 OpenSSL/0.9.8e PHP/5.2.12 with Suhosin-Patch Last-Modified: Fri, 25 Mar 2011 12:17:16 GMT ETag: 439155-63-49f4d93188b00 Accept-Ranges: bytes Content-Length: 99 Content-Type: text/html html head titleTest Page/title /head body Hello, world /body /html However, I cannot access the website from outside the box, even with PF turned off: ~ 510 $ telnet test.gradedstamps.com 80 Trying 66.111.0.251... telnet: connect to address 66.111.0.251: Connection refused telnet: Unable to connect to remote host ~ 511 $ I'm stumped. Can anyone give me a clue where to look next? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IP Address not working?
Well, I figured it out. There was another machine configured with the same address. I was pinging another machine, in other words. The address is in my address range, but it isn't one of my two machines in the rack, so I'm working with the colo guys to figure out what is sitting on my address. A nice way to waste a morning! Thanks for your help, guys. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Is it necessary to generate a new SSL request each year?
When buying a new SSL cert, I've been generating a new request each year... I am just about to buy another and it occurred to me that I'm entering the same info. Do I really need a new request file each year? Or can I just reuse the same one (presuming none of the info has changed.) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it necessary to generate a new SSL request each year?
You can reuse the old one. I'm not an expert on these, but it was my understanding that certificates carry in internal expiration date after which the application may respond as it pleases. Yes, but the *request* does not. Also, if using openssl, just set the defaults in /etc/ssl/ openssl.cnf to your values, so you can enter through the questions Cool... save a minute here and a minute there... at the end of a year, I might have enough saved up to take lunch! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [pure-ftpd] Security Scan question
On May 2, 2009, at 8:50 AM, Frank Denis wrote: Hello Josh, Le Fri, May 01, 2009 at 08:55:10AM -0500, Josh Trutwin ecrivait : Because I programmed a custom cart solution for one of my customers, their merchant account is doing a monthly server scan to check for known vulnerabilities. Great. I've had to endure these scans, myself, and I must say that they helped a lot. The scans are pretty thorough and they made me re-think some things I was doing... particularly limiting access to ports that I thought 'needed' to be open, but actually just needed to be open to a small number of outside addresses. Thank goodness for PF... would hate to try to pass one of those scans without a flexible firewall. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Backing up FreeBSD and other Unix systems securely
Is there any possibility of using your own media locally - such as tape or a large USB attached disk?If security is such a primary concern, I can't see sending the data to that type of offsite thing. Get a couple of large USB SATAs and use dump(8) to back the stuff up on them.Write them encrypted if you need. I'd have to agree with this... After looking at a lot of options, I ended up building a simple freebsd server and connected it to my main server on a separate ethernet port via a twisted ethernet cable. Thus, the server and backup server had a 'private', high speed connection and I can pump tons of data through that connection without paying my colo provider for that bandwidth. A whole server, rather than a USB drive might be overkill, but its a little more flexible, and I can use the backup server for a DNS server, and a few other things, as well. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What server hardware are you buying from the big companies these days?
Hi, I need to buy some new servers, and mgmt has decreed that we get them from someplace which will provide service contracts with on-site h/w suppport, which means HP, Dell, Sun, IBM, etc. I have two Intel servers that I like a lot. I don't have on-site support, but it might be available from one of Intel's official distributors. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PDF inventory software
On Jun 8, 2009, at 5:17 PM, Daniel Underwood wrote: I'm looking for a way to manage my personal collection of research articles. Ideally I'd like some way to keep records on authors, keywords, journals, and publication years of articles (PDF files) downloaded onto my local drive. In the course of reading literature for research, it often happens that I find myself wanted to return to something I have previously read, but I only recall a few things about the article, often the author and a keyword. Is there some inventory/database software (for local use only) that can be easily used for this purpose? (The closest things that comes to mind (conceptually) is image collection software.) What are some of my options here? I know this probably won't help pure FreeBSD users, but if, like me, you use FreeBSD for servers, and Macs for desktop, I can't resist recommending my favorite program of all time, Yojimbo: http://www.barebones.com/products/Yojimbo/ This is a general purpose 'Memory Bank'. You can throw all kinds of information into it, tag it with keywords, and retrieve it in an instant. It integrates with all Mac programs, so I use it all the time... Any time I get a pdf or web page I think I *might* want to reference someday, I throw it into Yojimbo. It's also great for documenting how to do things, so you don't have to relearn how to do a certain complicated thing 6 months after you figured it out the first time (I hate that). It's hard to explain how it works, but it is the most incredibly useful program. Wish there was something like it in ports. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Terminal / vim / shortcuts
I edit python code in vim using Terminal on xfce. I find myself, not surprisingly, having to exit insert mode and save changes frequently (when making code changes and wishing to test the immediate effects of the changes in a separate terminal). This requires pressing 4 keys: esc, :, w, and enter. How can I configure a shortcut (ideally using an F# key) that will perform this sequence of 4 key-presses? This would rather be a question for the Vim mailing list. imap F5 esc:wbarsleep 1crgi The purpose of the sleep is that you see the written message. It may be off topic, but also very cool! Thanks for the question and the answer. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Compact Freebsd 'appliance'
I have a client who has an application that he wants to deploy in his customer's offices as a headless 'appliance'. Basically, just a black box that you can plug into a Lan, turn it on, and it runs. No floppy disk or CD, no monitor/keyboard, just remotely managed. This application won't store any critical data, so it doesn't need redundancy. It just needs to be reasonably reliable, compact, and quiet. My first recommendation was to use a Mac Mini, but that excellent bit of hardware was deemed 'not professional enough'. So now I am looking for a compact pc that can run FreeBSD, of course. I think it probably just needs a power supply, tiny motherboard with onboard ethernet, usb, etc., and hard drive. If anyone has a recommendation (or if their are any vendors lurking), please shoot me an email off list. I'll compile a list of recommendations and post it all at once, in case anyone else is interested in this. Thanks: John -- jalmberg at identry dot com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Compact Freebsd 'appliance'
There was a discussion on this a few days ago. I happen to have one of these Atom based systems, a Shuttle X27D: CPU: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (1596.01-MHz 686-class CPU) Origin = GenuineIntel Id = 0x106c2 Stepping = 2 Features=0xbfe9fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,P GE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x40e31dSSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,b2 2 AMD Features=0x2010NX,LM AMD Features2=0x1LAHF Cores per package: 2 Logical CPUs per core: 2 real memory = 2137915392 (2038 MB) avail memory = 2086662144 (1989 MB) ACPI APIC Table: Shuttl Shuttle FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP/HT): APIC ID: 3 ioapic0: Changing APIC ID to 4 ioapic0 Version 2.0 irqs 0-23 This works nicely with FreeBSD (needs only a sysctl setting to hush some messages on absurd temperature measurements - all onboard devices work). One disappointing thing about it: the one and only fan in the system failed about after a week of continuous operation. I can't find the discussion you mentioned, but this Shuttle looks pretty nice. You can't beat the price of these little boards. Thanks. --- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Compact Freebsd 'appliance'
On Jun 18, 2009, at 7:59 PM, Charlie Kester wrote: On Thu 18 Jun 2009 at 14:18:21 PDT Tim Judd wrote: I've read reports (and forgotten it's source since then) that some Intel Atom processors work well, some don't with FreeBSD. This was something I read within a couple months, so I would see if anyone here can provide input on pros and cons on weather that particular Atom model number is well received and well tested. The only problems I've seen reported re Atoms was back in the days before the FreeBSD 7.2 release (or was it 7.1?) when there were problems with not recognizing the Realtek networking chip included on the Intel motherboards. FWIW, I'm running FreeBSD 7.2 on an Intel D945GCLF motherboard, which has an Atom 230 CPU. I got mine from http://www.mini-box.com. (I *am* using a Intel networking card rather than the builtin Realtek chip, but only because the Realtek recognition problems still existed when I first set up the machine. One of these days I should probably see if those problems are truly fixed, so I can recover the single PCI slot for some other use.) Since this is a home machine, I can't say it's the best test of whether FreeBSD runs OK on it. But I haven't had any problems with it. Sounds good. They are so inexpensive, I will just give it a whirl and see if it cuts the mustard. Speed isn't really an issue, since it's going to be twiddling it's thumbs most of the time. Doesn't really matter if it takes 10 seconds or 30 minutes to translate the videos. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Compact Freebsd 'appliance'
I have a couple of Via Artigo a2000 boxes, one running FreeBSD-STABLE (post 7.2) and the other running FreeNAS. Both work well. I've seen posts from one fellow who's tracking a bug with the vge interface under very heavy load, but both of mine stream music and do Time Machine backups via netatalk without any trouble. Logic Supply has a custom FreeNAS build that recognizes the disks as SATA and that adds support for Gb ethernet to the NIC (rolling in changes from -STABLE to the 6.x series on which the stable FreeNAS is based). http://www.logicsupply.com/blog/2009/05/11/custom-a2000-freenas- image/ They're not the cheapest place to buy the box, but they're close and they do good support (I'm just a happy customer and I helped with the FreeNAS image, no other association). They're not Living Room quiet, but they're about as unobtrusive as you can get in a little box w/out going fanless. Also very nice looking boxes. Thanks! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Should DNS be on same server as webserver?
The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. This makes sense to me, but I wonder if the performance difference is really that significant? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Jul 13, 2009, at 3:05 PM, Mel Flynn wrote: On Monday 13 July 2009 08:36:42 John Almberg wrote: The other day, a FreeBSD 'expert' told me that it is important to have the DNS server for a domain on the same server as the domain's web server. Supposedly, this saves doing tons of DNS look ups over the network. Instead, they are done locally. Bogus. A high-performance webserver should not be doing DNS lookups, other then application driven ones, like verification of email domains upon registration. If having hostnames in the live logs is mandatory by some weird company policy or the webserver does not provide a configuration setting to turn this behavior off, then more performance is gained by having the nameserver on the network gateway as the likeliness of cache hits and especially negative cache hits is increased. As others have mentioned, network overhead is negligible. Human noticeable delays are caused by upstream DNS servers slowly or not at all responding when a client IP is being resolved. Secondly, a named cache size depends on available memory. A high performance webserver uses plenty of that, so you wouldn't be able to grow the named cache to almost caching the entire net size, which you would be able to on a dedicated machine. Thanks for all the comments on this topic. Glad I put 'expert' in quotes. I had a feeling... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should DNS be on same server as webserver?
On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote: On Mon, 13 Jul 2009 13:03:24 -0400, Jon Radel j...@radel.com said: J Apache and Bind have both had their security issues over the years, and J there's something to be said for running them on different servers to J reduce both the all eggs in one basket factor and the ease of J spreading an attack. (Yes, I'm assuming what you're actually J running) You can fix the security problems by dumping Bind and using djbdns. It's very easy to set up a caching nameserver without using all the memory on your system. See http://www.lifewithdjbdns.com/ for more. I actually do use djbdns. Super easy to use, once you figure it out. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SSO solution in ports?
I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. Any tips or ideas, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSO solution in ports?
Well, after a week of looking, I think I am going to go with a CAS solution, rubycas-server and rubycas-client. This supports several methods of authentication, including SQL, ActiveDirectory, LDAP, and GoogleAccounts. SQL is probably good enough for my application at the moment, but the LDAP option might come in handy someday. And it integrates nicely with Rails apps, which is my target platform. I looked at OpenID, which Rails also has good support for, but to my mind, it's just too complicated for the average user to use. I remember the first time I had to set one up, it was quite difficult to understand what it was they were looking for. I think it would scare away the average, non-technical, website user. Thanks for the ideas! Brgds: John On Jul 16, 2009, at 1:03 PM, Mel Flynn wrote: On Thursday 16 July 2009 06:54:39 Bill Moran wrote: In response to John Almberg jalmb...@identry.com: I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. The most widely supported I know of is LDAP, and OpenLDAP works pretty well. That won't really work as LDAP can't read a browser cookie or maintain session information. LDAP is a good choice as storage backend. Your best bet is probably to use an OpenID based solution, as support for this sign on method is growing in web applications, so you lessen the chance of having to maintain your custom glue into the application. The security/phpmyid port is one implementation that allows you to run your own OpenID server. http://openid.net/ -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- unsubscr...@freebsd.org ~~ Websites and Marketing for On-line Collectible Dealers ~~ IDENTRY, LLC John Almberg - Managing Partner (631) 546-5079 jalmb...@identry.com www.identry.com ~~ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
limit to number of files seen by ls?
I seem to have run into an odd problem... A client has a directory with a big-ish number of jpgs... maybe 4000. Problem is, I can only see 2329 of them with ls, and I'm running into other problems, I think. Question: Is there some limit to the number of files that a directory can contain? Or rather, is there some number where things like ls start working incorrectly? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: limit to number of files seen by ls?
On Jul 26, 2009, at 4:45 AM, Mel Flynn wrote: On Saturday 25 July 2009 23:34:50 Matthew Seaman wrote: It's fairly rare to run into this as a practical limitation during most day to day use, and there are various tricks like using xargs(1) to extend the usable range. Even so, for really big applications that need to process long lists of data, you'ld have to code the whole thing to input the list via a file or pipe. ls itself is not glob(3) aware, but there are programs that are, like scp. So the fastest solution in those cases is to single quote the argument and let the program expand the glob. for loops are also a common work around: ls */* == for f in */*; do ls $f; done Point of it all being, that the cause of the OP's observed behavior is only indirectly related to the directory size. He will have the same problem if he divides the 4000 files over 4 directories and calls ls */* H'mmm... I haven't come back on this question, because I want my next question to be an intelligent one, but I'm having a hard time understanding what is going on. I'm reading up on this, and as soon as I know enough to either understand the issue, or ask an intelligent question, I will do so... Thanks for all the comments... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org