How do I launch Calligra?
I've installed Calligra Suite from package, but I'm struggling to figure out how to launch any of its programs??? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
pkg_version says my ports need to be updated?
Clearly, I'm doing something wrong. :-) I thought I was using svn to keep my ports, src and docs up to date, but pkg_version seems to disagree. I'm running 9.1 and I've installed ports, src, and docs as part of my install. After that, I use subversion to (I thought) make sure everything was up to date. I ran these commands: /usr/local/bin/svn up /usr/src /usr/local/bin/svn up /usr/ports /usr/local/bin/svn up /usr/doc and then I ran: pkg_version -vIL = and it says needs updating (index has ...) on about 1 dozen items. So my index is out of sync with my ports??? What did I screw up and how do I correct it? Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pkg_version says my ports need to be updated?
Thank you both! Since I want to know the correct way (or one of I'm sure many correct ways) of initially installing the OS and then getting it up to date (and staying up to date), can you tell me what I did wrong and/or what I might want to do differently? Ed On Mon, May 27, 2013 at 11:16 AM, Matthew Seaman matt...@freebsd.orgwrote: On 27/05/2013 19:00, Ed Flecko wrote: Clearly, I'm doing something wrong. :-) I thought I was using svn to keep my ports, src and docs up to date, but pkg_version seems to disagree. I'm running 9.1 and I've installed ports, src, and docs as part of my install. After that, I use subversion to (I thought) make sure everything was up to date. I ran these commands: /usr/local/bin/svn up /usr/src /usr/local/bin/svn up /usr/ports /usr/local/bin/svn up /usr/doc and then I ran: pkg_version -vIL = and it says needs updating (index has ...) on about 1 dozen items. So my index is out of sync with my ports??? What did I screw up and how do I correct it? You seem to have updated the ports tree, which is a collection of recipes for how to build ported software, but not actually updated by rebuilding any of the ported software that has become out of date. Try installing ports-mgmt/portmaster and then running portmaster -a Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Keeping my system up to date with CTM or subversion?
I'm confused about an effective way to keep my system patched and up-to-date, and I'm hoping someone can clarify what seems like a lot of options. I'll be running a production server (so security and stability are most important) with a custom kernel and I want it to have all of the latest security patches applied. I'll install from DVD and I'll chose the option to install both the ports and the source. After this, it sure seems like the best way, in terms of speed to download any updated files, is to use CTM as a cron job, but I think the FBSD handbook recommends subversion? Also, I think I read that CTM won't update documentation? Is that right? I also see some people say they use portsnap, portaudit and portupgrade. For example, I came across this command: portsnap fetch /usr/sbin/portsnap update /usr/local/sbin/portaudit -F /usr/local/sbin/portupgrade –aR however these utilities are used more for keeping your ports collection up-to-date (if you install software from ports), and not so much for keeping your system patched from a security perspective - isn't that right? Hopefully, someone can clarify my confusion. Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Keeping my system up to date with CTM or subversion?
Alexandre, Yes, that helps - thank you. So once you have a system up and running, how do you monitor if and when you need to upgrade your ports tree? By the way, your ports tree is different than installed software packages, right? In other words, the only reason people even bother to upgrade their ports tree is so that IF you install a package from source - the source is current? Is that correct? When security vulnerabilities are discovered and patches released by FBSD, the patch will tell you what steps you need to take to apply the patch and stay up to date, won't it? Ed On Wed, May 22, 2013 at 1:00 PM, Alexandre axel...@ymail.com wrote: On Wed, May 22, 2013 at 8:26 PM, Ed Flecko edfle...@gmail.com wrote: I'm confused about an effective way to keep my system patched and up-to-date, and I'm hoping someone can clarify what seems like a lot of options. I'll be running a production server (so security and stability are most important) with a custom kernel and I want it to have all of the latest security patches applied. I'll install from DVD and I'll chose the option to install both the ports and the source. After this, it sure seems like the best way, in terms of speed to download any updated files, is to use CTM as a cron job, but I think the FBSD handbook recommends subversion? Also, I think I read that CTM won't update documentation? Is that right? I also see some people say they use portsnap, portaudit and portupgrade. For example, I came across this command: portsnap fetch /usr/sbin/portsnap update /usr/local/sbin/portaudit -F /usr/local/sbin/portupgrade –aR however these utilities are used more for keeping your ports collection up-to-date (if you install software from ports), and not so much for keeping your system patched from a security perspective - isn't that right? Hopefully, someone can clarify my confusion. Thank you! Ed Hi Ed, To update my ports tree, I use portsnap tool. To install ports (or upgrade them) I use portmaster. More information here: http://www.freebsd.org/doc/en/books/handbook/ports-using.html To update my sources tree, I use subversion tool. Then I rebuild world. More information here: http://www.freebsd.org/doc/en/books/handbook/svn.html http://www.freebsd.org/doc/en/books/handbook/makeworld.html I use subversion to update my sources tree because I am running 9-STABLE. If you are running 9.x-RELEASE (or 8.x-RELEASE) you can use freebsd-update to sync sources and install binary patchs. As you are using custom kernel, you will have to recompile it. More information here: http://www.freebsd.org/doc/en/books/handbook/updating-upgrading-freebsdupdate.html I hope this help you. Kind regards, Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
Excellent! Thank you all. :-) So, for ME...does this look right? This will track the latest release that has the patches applied? svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src svn co svn://svn.freebsd.org/ports/releng/9.1 /usr/ports svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc (I too, only need English docs) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
David - I'd like to, but every time I try that it prompts me for a password...and I don't know what password it wants??? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
make print-index error: Generating INDEX-9 - please wait..perl: not found
I've done a clean install of FBSD 9, installed subversion from package, and then I have: svn co svn://svn.freebsd.org/ports/head/ /usr/ports svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc which all went just fine. Then I: cd /usr/ports make print-index and this is my result: Generating INDEX-9 - please wait..perl: not found Makefile, line 31: warning: perl -V:archname returned non-zero status perl: not found Done. O.K., I'm stumped...what's wrong? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Subversion output: Node remains in conflict ???
When I ran the following command using subversion, here's what I get: fbsd# svn up /usr/src Updating '.': Skipped 'lib' -- Node remains in conflict Skipped 'sys' -- Node remains in conflict At revision 240997. Summary of conflicts: Skipped paths: 2 fbsd# svn up /usr/ports Skipped '/usr/ports' Summary of conflicts: Skipped paths: 1 fbsd# cd /usr/ports fbsd# make fetchindex /usr/ports/INDEX-9.bz2100% of 1623 kB 4569 kBps fbsd# pkg_version -l '' subversion fbsd# Can someone tell me what Node remains in conflict means and how to I correct this...or do I need to worry about it at all??? Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to use subversion to keep source, system and doc files up to date?
Thank you all! I'm a little confused by Trond's reply, Make sure your /usr/src and /usr/ports directories does not contain files and directories served by Subversion, they will hinder extraction/updating when checking out a Subversion working copy on top of the existing hierarchy. Simply delete all non-local files, rename /usr/src/sys to, say /usr/src/sys0, do the Subversion check out, and move your local files back into place. 1.) What is meant by deleting all non-local files? What files is he referring to? 2.) If I rename /usr/src/sys to, say /usr/src/sys0, do the Subversion check out, and move your local files back into place, won't that be replacing new files with the older files? 3.) These steps are just meant for the initial check out, aren't they??? Once I've checked out (i.e., downloaded, right?) the current files, I'll only need to: svn update /usr/ports..., etc. from that point forward and not delete all non-local files, rename /usr/src/sys to, say /usr/src/sys0, do the Subversion check out, and move your local files back into place...Is that right? Thank you again, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
svn checkout head or stable
My goal is to simply have a production server that's fully patched, but I will be running custom kernels (which is why I'm not using freebsd-update). I've seen a lot of subversion references to checking out the head branch and the stable branch. I understand the head branch is the most current, so that's the same as the current branch, right? If I understand correctly, most people will not follow the current branch for production servers. My goal is to have all of the files I need to rebuild my kernel and my system after security updates have been released, therefore I should do something like: svn co svn://svn.freebsd.org/base/stable/9 /usr/src svn co svn://svn.freebsd.org/ports/stable/9 /usr/ports svn co svn://svn.freebsd.org/doc/stable/9 /usr/doc This will give me everything I need to recompile and have a fully patched system, right? I do not make changes to the src, ports, or doc directories. From that point forward, as new security patches are released, I can simply: svn up /usr/src svn up /usr/ports svn up /usr/doc and once again rebuild my kernel and system. Does this sound correct? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
Cool...thank you Trond. Is that true of the docs branch as well, in other words... svn co svn://svn.freebsd.org/doc/head /usr/doc works just fine? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to use subversion to keep source, system and doc files up to date?
I see that CVS is being phased out in favor of subversion. I follow the documentation to keep my system up to date by doing: # cd /usr/src # make buildworld # make buildkernel # make installkernel # shutdown -r now and then... # mount -u / # mount -a -t ufs # adjkerntz -i # mergemaster -p # cd /usr/src # make installworld # mergemaster # reboot I've pre-populated my /usr/ports, /usr/src and /usr/src/sys directories when I installed my system. I've installed subversion from package, I want to follow the Stable (same as Patch, right?) branch, and I'm struggling how to best use subversion to update my kernel source, system files, documentation, etc., so I can keep my system up to date. Can someone tell me how to use subversion to keep my /usr/ports, /usr/src and /usr/src/sys directories up to date? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to use subversion to keep source, system and doc files up to date?
Thank you. I am using a custom kernel, but you're right - I should have said so. :-) Do you have any feedback using subversion? I know I can still use csup; I'm basically trying to figure out how to subversion to achieve the same result. Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to change Fluxbox resolution?
Hi folks, I've installed FBSD 8.2 and Fluxbox. Fluxbox works just fine, but I can't figure out how to change my resolution to 1024x768 (my monitor is a 19 - but the square format, not widescreen format). When Fluxbox runs...it's too wide for my monitor. Here's what I've done: 1. pkg_add –r xorg 2. pkg_add –r fluxbox 3. # Xorg -configure 4. # cp /root/xorg.conf.new /etc/X11/xorg.conf 5. # echo hald_enable=\”YES\ /etc/rc.conf 6. # echo dbus_enable=\”YES\ /etc/rc.conf 7. reboot 8. # echo “/usr/local/bin/startfluxbox” ~/.xinitrc 9. startx I've edited xorg.conf and added a 1024x768 entry, but apparently something's not right. Comments? Suggestions? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to change Fluxbox resolution?
Thank you both. I'm sorry, I forgot to mention that I have FBSD running inside VMware. xvidtune says Video modes are not tunable on this chip and the only entry I have made in xorg.conf if under the Screen section where I have a SubSection Display that has: Modes 1024x768 entry Suggestions? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Best practices on upgrading, etc.
Hi folks, I'm trying to fully understand the whole FBSD version thing and when, if , and why you should consider upgrading. I have a production server running FBSD 8.1 (and I'm following the errata branch) that works just fine, with no problems. I see that the Production Release of 8.2 is available. Obviously, 8.2 has features that 8.1 does not, but I guess my primary questions is: 1.) If you have a production server that's running well (and is fully patched, i.e. following the errata branch), is there a compelling reason to upgrade or do most people do it because there are features in the new release that you want/need? I guess what I'm really asking is if it makes more sense to take the if it aint broke - don't fix it mindset or should you really consider upgrading when a new version is released??? 2.) If I DO upgrade, I can simply change my supfile to RELENG_8_2 and then: run csup upgrade the ports make buildworld make buildkernel make installkernel make installworld is that right? Is my sequence wrong? 3.) How do I upgrade any installed software (I CAN use portmaster for that, right?)? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
portmaster -a command fails - *** Error code 1
Hi folks, I see I have some ports that need to be updated, so I'm using portmaster (portmaster -a to be specific), and it fails with the following - === Starting check for build dependencies === Gathering dependency list for textproc/docproj-nojadetex from ports === No dependencies for textproc/docproj-nojadetex === Cleaning for docproj-nojadetex-1.17_4 === /usr/ports/textproc/docproj-nojadetex/work not writable, skipping touch: /usr/ports/textproc/docproj-nojadetex/work/.build_done.docproj._usr_local: Operation not permitted *** Error code 1 Stop in /usr/ports/textproc/docproj-nojadetex. === make failed for textproc/docproj-nojadetex === Aborting update === Update for textproc/docproj-nojadetex failed === Aborting update === Update for misc/freebsd-doc-en failed === Aborting update === You can restart from the point of failure with this command line: portmaster flags misc/freebsd-doc-en textproc/docproj-nojadetex graphics/netpbm graphics/jasper graphics/libglut x11-toolkits/libXmu x11-toolkits/libXt x11/libSM devel/automake x11/libICE x11/libXi graphics/jbigkit graphics/png graphics/tiff graphics/peps print/ghostscript8 graphics/jbig2dec print/cups-image print/cups-client security/gnutls print/gsfonts x11-fonts/fontconfig print/freetype2 graphics/scr2png textproc/docbook-410 textproc/iso8879 textproc/xmlcatmgr textproc/docbook-xml textproc/docbook-xsl textproc/docbook textproc/docbook-420 textproc/docbook-430 textproc/docbook-440 textproc/docbook-450 textproc/docbook-500 textproc/xmlcharent textproc/docbook-sk textproc/docbook-xml-430 textproc/docbook-xml-440 textproc/docbook-xml-450 textproc/dsssl-docbook-modular textproc/fixrtf textproc/html textproc/html2text textproc/jade textproc/linuxdoc textproc/p5-XML-Parser textproc/scr2txt textproc/xhtml www/links1 www/tidy devel/libtool security/ca_root_nss devel/libsigsegv net/openldap24-client devel/pcre devel/apr1 devel/autoconf ftp/curl www/apache22 www/privoxy www/sarg sysutils/webmin Any ideas on what my problem(s) is and how to solve it??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
Thanks gentlemen; I was not running portmaster as root. When I re-run portmaster -a as root, I get the following: === Starting check for runtime dependencies === Gathering dependency list for devel/automake from ports === Dependency check complete for devel/automake en-freebsd-doc-20100625 textproc/docproj-nojadetex graphics/netpbm graphics/jasper graphics/libglut x11-toolkits/libXmu x11-toolkits/libXt x11/libSM devel/automake === Installing for automake-1.11.1 === Generating temporary packing list === Checking if devel/automake already installed === automake-1.11.1 is already installed You may wish to ``make deinstall'' and install this port again by ``make reinstall'' to upgrade it properly. If you really wish to overwrite the old port of devel/automake without deleting it first, set the variable FORCE_PKG_REGISTER in your environment or the make install command line. *** Error code 1 Stop in /usr/ports/devel/automake. Suggestions? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
Thanks Aurthur. :-) It's funny...I DID what it asks and it still didn't work (make deinstall, etc.). Apparently, I installed it from a package, so I did a pkg_delete automake and then started my portmaster -a again and it seems to be running fine. :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Do you have to install Apache to use sarg (and squid) with Webmin?
Hi folks, I'm trying to put a simple proxy server together, and I have installed Squid, Sarg and Webmin, all of which are working fine. When I go into webmin to add a sarg module, I don't see it anywhere as an option. Is that because I have to install Apache first? If so, how do I then add the sarg module? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Finish upgrading remote server without physically being there?
Hi folks, If I understand the process of upgrading FreeeBSD correctly, after running: make buildworld make buildkernel make installkernel I then need to reboot into single user mode (which can only be done if I'm physically standing at the machine, right?), and then finally: adjkerntz -i mount -a -t ufs mergemaster -p cd /usr/src make installworld mergemaster and then one final reboot. Is there a way to finish the upgrade process without actually being in front of the server??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Finish upgrading remote server without physically being there?
Thanks Damien. :-) Two questions - 1.) If rebooting into single user mode isn't obviously a requirement...I wonder why so many tutorials, books, etc. tell you to do this? 2.) How do I rebuild the ports? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
portmaster -afv -no-confirm --clean-distfiles-all command - too much automation???
Hi folks, I'm looking at using portmaster to rebuild my ports collection and I'm wondering if using the command: portmaster -afv --no-confirm --clean-distfiles-all (-a - check all ports, update as necessary, -f - always rebuild ports, -v - verbose output, --no-confirm - do not ask the user to confirm the list of ports to be installed and/or updated before proceeding, --clean-distfiles-all - recurse through the installed ports to get a list of distinfo files, then recurse through all files in /usr/ports/distfiles to make sure that they are still associated with an installed port, delete all files without prompting) Do you think that's a little too much automation, or do you think that would be pretty safe to run without screwing things up? :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Finish upgrading remote server without physically being there?
Patrick, It's my understanding that if you have a custom kernel, you can't use the binary update method. Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -afv -no-confirm --clean-distfiles-all command - too much automation???
Hmmm...I'll check that out Bruce. I saw the command listed on: http://www.freebsd.org/doc/handbook/ports-using.html but it doesn't give any cautions against using it. Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fastest way to get an entire FBSD system back online?
Hi folks, I confess I'm more familiar with Windows and for years I have Ghosted PCs as a very fast way to get an entire PC back online in the event of a drive failure. I can easily get a PC back online within the hour using ghost (or some drive imaging software). Is there something similar in the FBSD arena?...some form of backing up a server so that if a drive fails, upon replacement of the drive(s), the OS can be very quickly recovered from a backup (of some sort), or from an image, etc.? What options are available??? Suggestions??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to push privoxy traffic through squid?
Hi folks, I have squid installed and working fine using its default settings; if I set my browser proxy to the server address:3128 , everything works fine. I've edited the Privoxy config file and commented out: debug 1 # Log the destination for each request Privoxy let through. debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. debug 4096 # Startup banner and warnings debug 8192 # Non-fatal errors and I've added: listen-address 127.0.0.1:8118 and forward / 127.0.0.1:3128 to try and push the content through squid...but it doesn't work. When I change my browser proxy settings to server address:8118 I can't reach the internet. I managed to make this work once before...but darned if I can remember how I did it! Suggestions??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to push privoxy traffic through squid?
Thanks Berk, Nope...no dice, that won't work either. More suggestions??? :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to push privoxy traffic through squid?
Gentlemen, I think I have it! https://www.antagonism.org/web/squid-proxy.shtml The key is to add: cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange never_direct allow all to the squid.conf file (/usr/local/etc/squid/squid.conf) and have squid re-read its .conf file (squid -k reconfigure) RW: You're 100% correct; you need to connect to squid which will then push traffic through Privoxy Thank you for your input. :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Install Squid on FBSD with different configure options?
Hi folks, I want to install squid from the ports package (i.e., /usr/ports/www/squid) instead of installing from source (which, it's my understanding, would force me to create a squid user, squid group, etc. manually). However, I want squid to be installed with the ability to restrict end users internet access based upon their PCs MAC address, which means I need the --enable-arp-acl option when installing squid. I have modified the Makefile (/usr/ports/www/squid/Makefile) to include this option, but now I'm a little confused - if I use the standard pkg_add squid command, won't that just fetch the package from the internet? How do I install squid from the ports package that's on my hard drive? I am correct in that when I install the package from my local hard drive, it will automatically create the necessary users/groups for me, right? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should I use the standard-supfile or stable-supfile?
Excellent! Thank you gentlemen! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Should I use the standard-supfile or stable-supfile?
Hi everyone, I've installed Production Release 8.1 on a production server and I want to just track the errata branch, so should I use the standard-supfile or stable-supfile? Also, I want my supfile to read: tag=RELENG_8_1 right? Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should I use the standard-supfile or stable-supfile?
Thank you Nerius! Would it be smart to run this daily via cron? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Confused about keeping system up to date
Hi folks, I'm running Production Release 8.1 on a production server. For a variety of reasons, I've decided to keep my system up to date via building it from source code. 1.) I want to follow the 8.1 errata branch, which (after rebuilding) pretty much just applies any released patches, right? 2.) I want the entry in my supfile to read: tag=RELENG_8_1_0 - or tag=RELENG_8.1_0 ? 3.) As a general rule, the only time you really NEED to update, rebuild your system, etc., is after there's been a security patch release, right? 4.) Is RELENG_8_1 the same thing as 8.1-RELEASE ??? 5.) If I'm just trying to keep my system up to date as far as applying security patches, should I just follow the directions in the security patch notes to apply it, or should I update via cvsup (or csup, etc.) and rebuild the system? I guess what I'm asking is: when, if ever (?) should you just apply patches or should you always update, rebuild, etc.??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Confused about keeping system up to date
Thanks Patrick! :-) 1.) How do you know if a patch applies just to the kernel? For example, I'm looking at the security advisory 2010-09-20 FreeBSD-SA-10:08.bzip2 ( http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ), but it isn't clear to me if it applies to just the kernel or...??? 2.) If the problem IS just related to the kernel, I just do: csup + make buildkernel + make installkernel, right? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Will FBSD Squid port create squid user and group?
Hi folks, I guess this is a two-faceted question: 1.) If I install Squid from a port, will in create the recommended squid user and group for me, or will I need to pre-create a squid user and group prior to Squid running? I like the idea of modifying SQUID_CONFIGURE_ARGS in the squid port Makefile to customize the software before I compile and install it, but if it doesn't create the user and group for you...what advantage do you gain to install from a port -vs- downloading the tarball and building from source? :-) 2.) As a general rule, when you install software that needs a special user/group, will those users/groups be created when you install from ports, or only from packages? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [squid-users] One slow Website Through Proxy
What about running a packet sniffer, like Wireshark, and looking at the trace file? Start a trace file before trying to access the web site, then took at the Delta time (time between packets) and see where the delay is? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 8.1 Squid suggestions?
Hi folks, I have a small group of people in my office (less than 20), and I want to set up a FBSD/Squid server, and I'm hoping someone might have some suggestions for the install. It's a clean install of FBSD 8.1, and the sole purpose of the server is a Squid server. The server has a 500Gb SATA hard drive, and 8Gb of RAM. I've installed Squid before (on an OpenBSD server), so I'm a comfortable with Squid. I'll install from a package (to make my life easy), but I'm not sure if there are any FBSD specific changes I should make? Are there any kernel customizations you might recommend I need? Are there any suggestions you might make to improve performance? Suggestions? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Software to SEND log files only?
According to the FreeBSD website (http://www.freebsd.org/doc/handbook/outgoing-only.html), the easiest way to send mail only is to install the mail/ssmtp port. Does anyone have an example of a script or other method (maybe a cron script?) that would e-mail my log files to me daily? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: printcap
Dick, I'm not sure if this will help you, but here's what I did on my network to print directly to an HP LaserJet on my LAN. Pick a name (and a few convenient aliases) for the printer, and put them in the /etc/printcap file. hp|officehp:\ :sh:\ :rm=192.168.1.50:\ :sd=/var/spool/lpd/officehp:\ :mx#0:\ :lf=/var/log/officehp:\ :if=/usr/local/libexec/if-simple: hp and officehp - what I have named my printer (two names) sh- disables a banner from printing rm - I.P. address of the remote printer sd- my spool directory mx- max file size (o=unlimited) lf- error file if- input filter # mkdir /var/spool/lpd/officehp # touch /var/log/officehp # chown daemon:daemon /var/spool/lpd/officehp # chmod 770 /var/spool/lpd/officehp # touch /usr/local/libexec/if-simple # vi /usr/local/libexec/if-simple #!/bin/sh # # if-simple - Simple text input filter for lpd # Installed in /usr/local/libexec/if-simple # # Simply copies stdin to stdout. Ignores all filter arguments. /bin/cat exit 0 exit 2 Now make the file executable: # chmod 555 /usr/local/libexec/if-simple Note: A copy of the if-simple script can be found in the /usr/share/examples/printing directory. Let's try and print! lpd is run from /etc/rc, controlled by the lpd_enable variable. This variable defaults to NO. If you have not done so already, add the line: lpd_enable=YES to /etc/rc.conf, and then either restart your machine, or just run lpd # lpd lptest 20 20 | lpr -Pofficehp Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1 Squid suggestions?
Thanks Dennis! These are config options you've changed within the squid.conf file??? Can you give me some specifics as to what you changed and why you changed it? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should a squid user have a shell?
Excellent! Thanks for the tips! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Which specific version will be installed via pkg_add or via the port?
Hi folks, When you're installing software via the pkg_add command or building from source, how do you what specific version you'll be installing BEFORE you actually install it? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Should a squid user have a shell?
Hi folks, I'm looking in some documentation for Squid, which I'm installing on a FBSD 8.1 server, and it says I need to create a squid user and a squid group because I'm building/installing from source. I see to create the squid user, I user the (of course) adduser command (there isn't a default squid user with the base install, is there?). 1.) When I use the adduser command, from a security perspective, should the squid user have a shell? What should it be? 2.) How do I create a squid group and add the squid user to it? 3.) Since the squid user needs full access to the squid directory and all of its files, what the easiest way to give the appropriate permissions? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Should a squid user have a shell?
Thank you Jerry. The only reason I'm not using the squid port is because I found a website ( http://teklimbu.wordpress.com/2007/10/03/enterprise-freebsd-squid-proxy-server/ ) that has detailed instructions on installing squid for an Enterprise environment claiming the performance is very good. Since I'm new to using squid and using squid on FreeBSD, I'm simply trying to duplicate his setup. It's quite possible that I could achieve the same performance results from using the port install of squid...but maybe I wouldn't. :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Advantage -vs- Disadvantage: SFTP -vs- SCP
Hi folks, I have a server I'm building that is internet accessible and I'm wondering if there's any advantages/disadvantages of using either SFTP -vs- SCP? My primary concern is overall security of the server (even if that means inconveniencing the end users), and I'm wondering if one method might be better than the other? Comments??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Advantage -vs- Disadvantage: SFTP -vs- SCP
Gary, I agree...but I HAVE to give them access! :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Why is the FreeBSD TCP/IP stack the best?
Hi folks, I have several networking books (TCP/IP, Network Security, etc., etc.) and it seems that several of them discuss TCP/IP in different scenarios. One of the common discussions of different OSes are their own implementations of the TCP/IP stack. Most of the authors seem to agree that while different OSes have their pros and cons, most seem to agree that in terms of pure, network performance, no OS is better that FreeBSD! O.K., now you've got my curiosity... 1.) Do you agree? 2.) What makes the FreeBSD TCP/IP stack so much better and or different than other OSes??? 3.) Are there any good resources (URLs, books, etc.) that highlight the differences??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why is the FreeBSD TCP/IP stack the best?
Thanks Roland, The books that I have refer to the efficiency of the stack. Perhaps that's what the authors are referring to as you've referenced being able to saturate a link with traffic and there's little, if any, dropped packets? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Favorite terminal software?
In the past, I've used TeraTerm Pro with SSH (since it's free and seems to work just fine), but I wanted to see if anyone had any other recommendations for terminal software they like. I'd like it to be free, but if you've got something you really like that costs a few bucks, I'm O.K. with that too. Suggestions??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS practical application?
Thanks David...I appreciate your input. :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFS practical application?
Hi folks, I've been reading about the ZFS file system, and I'm having a hard time understanding maybe the most practical business application(s)? I think I understand a little bit about it (from a conceptual perspective) that it's a self-healing 128 bit filesystem, better data integrity checking, etc. I have a small business ( 50 end users) and I'm wondering perhaps some examples that you might think would be most applicable for a FreeBSD server(s) and the ZFS filesystem? One of the things that seems like might be a detriment as well as an asset, is it's ability to expand as necessary, but then I'm wondering what prevents the filesystem from just running away? Are there any sites out there with perhaps a more laymen's explanation of ZFS? Comments? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD equivalent of Microsoft DFS
Is there a FreeBSD equivalent to Microsoft DFS, i.e., software that will replicate delta level file changes of network shares among multiple servers in real time? Would that be rsync with just a frequently scheduled cron task? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to confirm/deny ntp is working?
Hi folks, I've read several different sources on setting up ntp on FreeBSD (I'm using 8.1), and they seem to vary a little, so I'm confused about how DO you set this up, and how do you confirm/deny that it's working? I've modified my /etc/ntp.conf file by commenting out: #server 0.freebsd.pool.ntp.org iburst maxpoll 9 #server 1.freebsd.pool.ntp.org iburst maxpoll 9 #server 2.freebsd.pool.ntp.org iburst maxpoll 9 #server 3.freebsd.pool.ntp.org iburst maxpoll 9 and changing them to read (I'm in the U.S.): server 0.US.pool.ntp.org iburst maxpoll 9 server 1.US.pool.ntp.org iburst maxpoll 9 server 2.US.pool.ntp.org iburst maxpoll 9 I have confirmed that I can ping these servers. I've added ntpd_enable=YES and ntpd_sync_on_start=YES to /etc/rc.conf and rebooted the server. 1.) Do I need to manually create the driftfile (/var/db/ntpd.drift)? 2.) Do I need to manually create the logfile (/var/log/ntp.log)? 3.) How do you confirm that FreeeBSD is, in fact, keeping time? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Correct syntax of supfile to keep ports upgraded?
Hi folks, I'm trying to learn how to keep my FreeBSD 8.0 updated (patched with security updates) the correct (I know that's subjective) way. Here's what my supfile looks like now: # If you add any of the ports or doc collections to this file, be sure to # specify them with a tag value set to ., like this: # # ports-all tag=. # doc-all tag=. *default host=cvsup10.us.freebsd.org *default base=/var/db *default prefix=/usr # The following line is for 8-stable. If you want 7-stable, 6-stable, # 5-stable, 4-stable, 3-stable, or 2.2-stable, change to RELENG_7, # RELENG_6, RELENG_5, RELENG_4, RELENG_3, or RELENG_2_2 # respectively. *default release=cvs tag=RELENG_8_0 *default delete use-rel-suffix ## Main Source Tree. # # The easiest way to get the main source tree is to use the src-all # mega-collection. It includes all of the individual src-* collections. # Please note: If you want to track -STABLE, leave this uncommented. src-all To keep my ports up to date, do I simply need to add: ports-all tag=. to this file before running csup or cvsup? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Correct syntax of supfile to keep ports upgraded?
Thank you Roland; I didn't know portsnap is part of the base install. :-) From a book that I have (Absolute FreeBSD - 2nd Edition), it says PORTSNAP VS. CSUP Use either portsnap(8) or csup(1) to update the Ports Collection, but not both. The two tools are incompatible. csup is most useful if you are tracking -stable or -current, while portsnap is best for production systems where you use binary updates. You can make either portsnap(8) or csup(1) work in either situation, but you must pick one and stick with it! Does this apply to me, since I'm following the errata branch (*default release=cvs tag=RELENG_8_0) and up update, I use the following command: csup -4 /etc/stable-supfile Maybe I should use cvsup (cvsup -g -L 2 /etc/stable-supfile) instead so I can use portsnap??? What do you think? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Install Apache in qjail?
Gentlemen, Since the ONLY instance of Apache on this box will BE the one I'm installing in the jail, I should just be able to connect to it by its IP address...just like any other web server. Yes? No? Am I missing something? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How do you automatically start Apache, Bind, etc. in a jail?
Hi folks, I have Apache installed in a qjail named webserver (I.P. address 192.168.225.130) using the pkg_add -r apache22 command, but how do you get Apache (or Bind, etc.) to automatically start upon boot? I got the jail to start by adding qjail_enable=YES to hosts' /etc/rc.conf and I also added apache22_enable=YES, but that doesn't seem to work. Suggestions? Also, when I console into the jail, and issue an apachectl start command, I get the following error: httpd: apr_sockaddr_info_get() failed for webserver httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName I figured out if I add the IP address of the jail as well as webserver to the jails' hosts file, I can start Apache, but I still get this error: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.225.130 for ServerName What am I doing wrong? Finally, rather than installing Apache using the typical pkg_add -r apache22 command, is there a way to install Apache using the ./configure script? In MY case, I know the EXACT parameters I want to pass to the ./configure script (like enabling SSL, etc), but I don't know how to do this in a jail. From the jail console, I tried: cd /usr/ports/www/apache22 ./configure --enable-ssl...etc., etc., etc.??? but this doesn't work. Do I need to do the opposite, i.e., from the HOST console: ./configure --prefix=/PathToJail --enable-ssl...etc., etc., etc??? Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How do you automatically start Apache, Bind, etc. in a jail?
Thanks Glen. :-) I'm not clear how I get the 'make config' to show the configuration screen or the 'make install' to compile and install??? That might allow me to install Apache (with a limited number of modules) like I want, but I don't understand what you're suggesting. Also, do you know for sure that compiling from source and specifying the install target (i.e., ./configure --prefix=/PathToJail --enable-ssl...etc., etc., etc???) won't work? Thank you again! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How do you automatically start Apache, Bind, etc. in a jail?
Oh, O.K., so I CAN just download the tarball (from http://httpd.apache.org/), unpack and install it (just like any other source install) and specify the jail as the target or did I misinterpret you? Sorry if I've missed your point! :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Install Apache in qjail?
Hi folks, I'm using the new qjail, and I've created a new jail named webserver, but I don't see how you install a package (in this case, Apache 2.2.15) inside the jail? I know qjail is pretty new; is the best source of documentation at the moment the man pages? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Recommend ezjail.conf settings?
Hi folks, I'm looking at the ezjail.conf file, and it seems like SOME of the settings might be mandatory, but they're all commented out. For example, the: # ezjail_mount_enable=YES # ezjail_devfs_enable=YES # ezjail_devfs_ruleset=devfsrules_jail # ezjail_procfs_enable=YES # ezjail_fdescfs_enable=YES should be uncommented because they're Default options for newly created jails, right? Are there any of the other settings I might want to consider enabling? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Help with ezjail-admin create command
Hi folks, I've found a website ( http://wiki.freebsd.org/AppserverJailsHOWTO ) with a tutorial that steps me through most if what I'm trying to set-up; I'm trying to use ezjail to set up the latest version of Apache with my website. I've carefully followed the steps, and the only step that I've found that seems to be wrong is the author's reference to default which doesn't seem to exist; it's actually example so I've changed my commands accordingly. I'm confused about the ezjail-admin create command. When I installed FreeBSD, I set up a partition called www, because I thought it might be easier for me to backup all of my web sites, etc., and it's easier for me to remember where I installed Apache. I've modified my ezjail.conf file and the ezjail_jaildir line to read: ezjail_jaildir=/www/jails When I issue this command: ezjail-admin create -f example apache 192.168.225.128 I get this error: find: /www/jails/apache/pkg/: no such file or directory Note: Shell scripts for flavour example installed, flavourizing on jails first startup. It also throws an error about some services already seem to be listening on IP 192.168.225.128 1.) What did I screw up? This isn't normal, is it? 2.) When using the ezjail-admin create command, the IP address that I'm passing is supposed to be the IP address of the HOST machine (because it has the basejail, right?), isn't it? 3.) When I type: find / -name apache I get: /usr/local/etc/ezjail/apache and /www/jails/apache Does the ezjail program create TWO instances of what will be my jailed Apache? Why does it do that? Did I goof something else up, or is that normal? Suggestions??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with ezjail-admin create command
Peter, I don't quite understand what you mean I think you're better off creating a fresh jail, and install apache via the ports collection. for the templates to work you need to specify all dependencies by hand. Are you suggesting NOT using ezjail? Or do you mean just install Apache into a jail (created by ezjail) and don't worry about creating a template like this website shows? How would I do that? I'm new to the whole jail thing so it's a little confusing. I like the idea of using the ezjail, because is seems more idiot proof for a relative newbie. :-) Also, what do you mean for the templates to work you need to specify all dependencies by hand? I'm not stuck on following this website, but IF the steps are fairly accurate, it seems to be a good roadmap and it doesn't mention anything about specifying any dependencies by hand. Comments? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with ezjail-admin create command
Thank you. :-) What services are you referring to on the host that need to be reconfigured??? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with ezjail-admin create command
Thank you Peter! Well in MY case, I'm not planning on running anything on this server (at least at the moment) other than Apache, so I shouldn't have any difficulties (I hope). Also, what's the ezjail-admin update -P -i command? I've tried googling it, but I don't see much. Is it similar to the ezjail-admin install command somehow? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Clarification: Jail -vs- Chroot
Hi folks, I'm reading about jails and chroot, and I'm not clear about the differences so I'm hoping someone can clarify this for me. Here's what I think is correct: 1.) FreeBSD has both chroot capability as well as jail capability. 2.) Only FreeBSD has true, jail functionality? Yes?...No? 3.) When reading something (book, article, etc.), is there a way to determine if the author is, in fact, talking about truly a jail or are they really just referring to a chroot environment? For example, I have a book (Preventing web attacks with Apache) that says: Chroot is short for change root and essentially allows you to run programs in a protected or jailed environment. The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited. 4.) Jail is the more secure of the two options? 5.) When would you typically use a jail -vs- a chroot? The new, 2nd edition of Absolute FreeBSD says: Chrooting is useful for web servers that have multiple clients on one machine—that is, web servers with many virtual hosts. Comments??? Suggestions??? Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ezjail -vs- Do it yourself jail?
I'm trying to set up a FreeBSD 8.0 server to run Apache that will be facing the nasty and unforgiving WWW. I have several good books on Apache that describe how to set up the jail, when I came across several websites that reference the ezjail package. Are there some caveats or downsides to using the ezjail route for setting up my server with Apache? It sure sounds like an easier way to go and less goof-proof, but as we all know, easier is not always better! Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Staying up to date with security patches
Hi folks, I've carefully read many different sources about keeping FreeBSD up to date, and I'm not quite crystal-clear. I'm building a server with 8.0, and because it's a server, it will have very little software installed on it (probably Apache, maybe BIND, etc.), and my primary concern is that it's stable and secure from a patching perspective (I'll work on hardening the OS later). Since I will be doing a custom kernel at some point, I won't use freebsd-update, I'm using cvsup instead. If I understand the docs correctly, I want my supfile (in my case, I'm simply modifying stable-supfile) file to have an entry like: *default release=cvs tag=RELENG_8_0 1.) The _0 will keep me up to date with the security patches, which is what I'm after, right? 2.) How often should one synchronize your server (PC, etc.)? You don't need to do it daily with cron, do you? I've subscribed to the FreeBSD security update list, so that's probably the only time one really needs to synchronize, rebuild, etc., isn't it? 3.) What's the smartest way to keep your installed applications updated (i.e., Apache, BIND, etc.)? 4.) Finally, where's the best URL to scour past FreeBSD posts/answers? Thank you! Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: Staying up to date with security patches
Thanks Bill! :-) How will I know if there have been security updates that have been released (which means I need to sync rebuild) since I've installed the O.S.? For example, I'm running 8.0, and I'll bet there's been security releases since I first installed. Or...should you just get in the habit of syncing / updating after you install any particular release? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: Staying up to date with security patches
Thank you again. After doing a sync/rebuild, does FreeBSD keep a log (somewhere) that actually shows which security patches have been applied? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
/boot is full after running make installkernel on FreeBSD 8.0
Hi folks, I'm running FreeBSD 8.0, and I'm trying to simple stay current with all security patches. It's a clean install of FreeBSD 8.0 on a 50G drive, and I let sysinstall select the default partition configuration when I did the install. I've taken the following steps: # csup -4 /etc/stable-supfile # cd /usr/src # make buildworld # make buildkernel # make installkernel After the make installkernel command, the / partition shows 106% capacity (and it started as 500M). Here's my before and after running make installkernel Before: Filesystem SizeUsed Avail Capacity Mounted on /dev/da0s1a496M253M203M55%/ devfs 1.0K1.0K 0B 100%/dev /dev/da0s1e496M 12K456M 0%/tmp /dev/da0s1f 44G3.0G 37G 8%/usr /dev/da0s1d1.9G 10M1.8G 1%/var After: Filesystem SizeUsed Avail Capacity Mounted on /dev/da0s1a496M485M-29M 106%/ devfs 1.0K1.0K 0B 100%/dev /dev/da0s1e496M 12K456M 0%/tmp /dev/da0s1f 44G3.0G 37G 8%/usr /dev/da0s1d1.9G 10M1.8G 1%/var # cd / # du -h -d2 | grep M 2.0K./tmp/.XIM-unix 33M./usr/bin 18M./usr/include 37M./usr/lib 20M./usr/libexec 267M ./usr/local 20M./usr/sbin 37M./usr/share 511M ./usr/src 450M ./usr/ports 10M./var/db 10M./var 1.7M./etc 1.1M./bin 233M ./boot/kernel 233M ./boot/kernel.old 466M ./boot 7.4M./lib 4.3M./rescue 4.4M./sbin It looks like the both kernels are eating up the entire / Right? What am I doing wrong? The isn't normal, is it? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /boot is full after running make installkernel on FreeBSD 8.0
Thanks guys. :-) Doesn't that seem odd that the default partition size for root (512M) isn't quite big enough? Should I make the partition size slightly larger (on future installs) to eliminate this problem? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /boot is full after running make installkernel on FreeBSD 8.0
Chip, That sounds like a smart thing to do; can you tell me more about how to do that (or point me to a www resource; I'm happy to read more about that). :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /boot is full after running make installkernel on FreeBSD 8.0
Since it would be smart to have at least one known, good kernel, why not make the / partition maybe 1G? I know the smaller the / partition, the better the performance (since it's the first partition of the drive), but I can't imagine a slightly larger / partition would impact performance that much, do you think? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /boot is full after running make installkernel on FreeBSD 8.0
Henrik, When I FIRST installed 8.0, I did create a separate /home partition. When I installed the kernel and starting running out of space in / , I thought O.K...I'll let FreeBSD make the partition sizes IT wants to and see if I have the same problem, and I did. Apparently, 512M is just, not, quite big enough so I think I'll try 1G to give me plenty of room. Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org