Groups problems
Hi, I seem to have a weird problem with groups, it seems like the system doesn't notice that I am in certain groups when it comes to file permissions, and if I run groups or id with no arguments it also has some groups missing from the list, but with my username as an argument it is complete. I've never encountered this before, does anyone know what the problem might be? [sh...@strange] ~ $ ls -lh /tmp/group_test -rw-rw-r-- 1 www mercurial 0B 4 May 14:08 /tmp/group_test [sh...@strange] ~ $ echo test /tmp/group_test bash: /tmp/group_test: Permission denied [sh...@strange] ~ $ whoami shaun [sh...@strange] ~ $ grep shaun /etc/group wheel:*:0:root,shaun www:*:80:shaun shaun:*:1002: svn:*:1004:svn,shaun mercurial:*:1006:shaun,www [sh...@strange] ~ $ groups shaun wheel svn [sh...@strange] ~ $ groups shaun shaun wheel www svn mercurial [sh...@strange] ~ $ id uid=1002(shaun) gid=1002(shaun) groups=1002(shaun),0(wheel),1004(svn) [sh...@strange] ~ $ id shaun uid=1002(shaun) gid=1002(shaun) groups=1002(shaun),0(wheel),80(www),1004(svn),1006(mercurial) -- Thanks, Shaun Friedle ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Upgrading gcc on FreeBSD 4.11
Hi all, One of my machines is running FreeBSD 4.11. It's a bit confused about its current incarnation of gcc: [sh...@agaliarept lang]$ pkg_info | grep gcc gcc-3.4.6_3,1 GNU Compiler Collection 3.4 [sh...@agaliarept lang]$ gcc -v Using builtin specs. gcc version 2.95.4 20020320 [FreeBSD] Another of my machines, which runs FreeBSD 6.4, has gcc 3.4.6: [sh...@falwell shaun]$ pkg_info | grep gcc [sh...@falwell shaun]$ gcc -v Using built-in specs. Configured with: FreeBSD/i386 system compiler Thread model: posix gcc version 3.4.6 [FreeBSD] 20060305 Is it safe to install one of the newer gcc ports on FreeBSD 4.11? I've had this machine for three years; I don't recall ever upgrading the compiler, although pkg_info seems to think that I did, or at least attempted to. I'm wondering if there are any risks involved in going from gcc 2.95 to, say, 3.4.6. Typically I'm happy to pull the latest stable of just about anything, but the compiler is a different story. Thanks, Shaun ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrading gcc on FreeBSD 4.11
Thanks Tim! I'm aware that 4.x has been EOL'd for a long time. This particular machine is tracking RELENG_4_11. Of course I'd love to upgrade, but I have no physical access. I've researched the potential paths from 4.11 to 5.x to 6.x, and while there are some success stories, there are horror stories as well. I'm not confident enough to attempt it remotely. I can get IPKVM, but this is a personal machine without any sort of HA requirements. It's not worth the hassle or expense to build out a new box and restore the backups until the current hardware fails. FWIW: The reason I was wanting to upgrade gcc was to get the /usr/ports/net-mgmt/darkstat package installed. Trying to install it on 4.11 gave me an error that stdint.h didn't exist. Since my original post, I have found a viable workaround, by symlinking inttypes.h to stdint.h. I appreciate your quick answer, and for anyone else following this thread, I no longer have a need to upgrade gcc. Sage, if you will. Thanks again, Tim! Shaun On Fri, 13 Feb 2009 23:58:38 -0700 Tim Judd taj...@gmail.com wrote: On Sat, 2009-02-14 at 00:00 -0600, Shaun wrote: Hi all, One of my machines is running FreeBSD 4.11. It's a bit confused about its current incarnation of gcc: [sh...@agaliarept lang]$ pkg_info | grep gcc gcc-3.4.6_3,1 GNU Compiler Collection 3.4 [sh...@agaliarept lang]$ gcc -v Using builtin specs. gcc version 2.95.4 20020320 [FreeBSD] Another of my machines, which runs FreeBSD 6.4, has gcc 3.4.6: [sh...@falwell shaun]$ pkg_info | grep gcc [sh...@falwell shaun]$ gcc -v Using built-in specs. Configured with: FreeBSD/i386 system compiler Thread model: posix gcc version 3.4.6 [FreeBSD] 20060305 Is it safe to install one of the newer gcc ports on FreeBSD 4.11? I've had this machine for three years; I don't recall ever upgrading the compiler, although pkg_info seems to think that I did, or at least attempted to. I'm wondering if there are any risks involved in going from gcc 2.95 to, say, 3.4.6. Typically I'm happy to pull the latest stable of just about anything, but the compiler is a different story. Thanks, Shaun FreeBSD 4.x has not been supported for ports for a long time. Ports are guaranteed to work for the current releases of freebsd and -CURRENT only. Using, or trying, to install anything on 4.x anymore is a gamble. You should upgrade. There was a tag you used to be able to use for 4.x port installs, but I bet that tag hasn't been updated in forever... tag=RELEASE_4_11_0 see: http://www.freebsd.org/releases/4.11R/schedule.html dated Jan/8/2005 With the above tag, and an updated ports tree, i can recommend installing packages (if the tarballs are still on the internet). Without that tag, i don't recommend it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Shaun Stevens / Virtual UpGrade - Senior Software Engineer - UNIX Kernel-FreeBSD
Hi FreeBSD SWE's, Would anyone be interested in exploring this position in an Internet Backbone company in San Jose, CA? Shaun Senior Software Engineer - UNIX Kernel-FreeBSD San Jose, CA Job description: The kernel team is responsible for maintaining a FreeBSD derived Operating system. Tasks include but not limited to design, develop, troubleshoot proprietary code in the IP stack, virtual filesystem, memory management subsystem and other areas as deemed necessary. Ensure high availability systems. Job requirements: At least 3 years **hands-on** coding experience doing *BSD kernel development. Strong understanding of TCP/IP protocols suite. Proficient in C. Good oral and written communication skills. 5+ years overall industry experience. To be considered for this position, candidate **must** have FreeBSD kernel experience. Experience with other BSD kernels is also acceptable. Education: BS/MS in CS, EE, or related area. General Requirements: - Ability to be creative, efficient, and productive with minimal supervision or guidance. - Must be able to work both alone and as an efficient, cooperative member of a team. - Must be able to give and receive constructive criticism. - Shaun Stevens Senior Technical Recruiter Office 408-229-9100 x11 Cell 408-728-2330 [EMAIL PROTECTED] http://www.linkedin.com/in/shaunstevens Virtual UpGrade Inc 5542 Monterey Rd. Suite 360 San Jose, CA 95138 No virus found in this outgoing message. Checked by AVG. Version: 7.5.549 / Virus Database: 270.9.10/1810 - Release Date: 11/24/2008 2:36 PM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Having problems with my ports configuration
On Fri, Feb 29, 2008 at 12:25:06PM -0800, Patrick Mahan wrote: One of the issues that came out of this was it seemed that the ports database (/var/db/pkg/pkgdb.db) was corrupt. So I tried to rebuild it by deleting it and setting PKG_DBDIR). I issued a 'portsdb -Uu' and it fails - Do you have anything left under /var/db/pkg (presumably not, unless you still have PKG_DBDIR set)? host# portsdb -Uu Updating the ports index ... Generating INDEX.tmp - please wait..p5-DateTime-Calendar-Japanese-0.06001: /usr/ports/japanese/p5-DateTime-Calendar-Japanese-Era non-existent -- dependency list incomplete === devel/p5-DateTime-Calendar-Japanese failed *** Error code 1 1 error Looks like you might have an old ports tree. Have you updated it lately? So, somehow, I have managed to seriously hammer my ports/package installation. Is there a way to recover this info? Is there any way of determing just what is installed (I know of a few: Perl, emacs, etc) from info stored under '/usr/ports'? If you just removed the portupgrade database (which is all you mentioned), you haven't lost anything important: it can be regenerated. If the whole of /var/db/pkg was obliterated, you'll have to reinstall everything. If you know what version of each port you had installed (plus the OPTIONS, etc., used), installing over the top of what you have now is probably the best you can do. -- Shaun Amott // PGP: 0x6B387A9A A foolish consistency is the hobgoblin of little minds. - Ralph Waldo Emerson pgpn7sShtcvzQ.pgp Description: PGP signature
Re: Can't do an make installworld
On Tue, July 17, 2007 4:14 pm, Paul Hoffman wrote: Any help would be appreciated here. I'm on a clean 6.1-RELEASE sysem. I created /home/pxe. I cd'd to /usr/src. I gave 'make installworld DESTDIR=/home/pxe'. It ends with: . . . Worked fine on my 6.2 just now. This isn't a permissions problem, is it? ~Shaun ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade refusin to upgrade a port .. when it shouldn't imho
On Thu, Dec 07, 2006 at 06:16:18PM +0100, mato wrote: Matthew, that is a great answer!! Thank you! :-) The last question would be how to make make(1) /portupgrade/portsystem to ignore FORBIDDEN. make -DNO_IGNORE will get around this. But bypassing FORBIDDEN is generally not wise. -- Shaun Amott // PGP: 0x6B387A9A A foolish consistency is the hobgoblin of little minds. - Ralph Waldo Emerson pgpxsYrzg80hW.pgp Description: PGP signature
Re: Has the port collection become to large to handle.
On Sat, May 13, 2006 at 02:28:49PM -0400, fbsd wrote: Users are consuming massive bandwidth to download and it consumes a very large chunk of disk space. Saying nothing about the wasted resources consumed to back it up repeatedly. cvsup uses a relatively tiny amount of bandwidth, since only changes are being sent. Personally, I have a local cvsup mirror from which my other machines get their updates, so really, there isn't any wastage. As for backing it up... well, that's just silly. The ports collection and its entire history is always available and mirrored to countless machines. If bandwidth really is a problem, then it is possible - but not necessarily a good idea - to check out individual ports via CVS. What are your thoughts about requesting the ports group to create a new category containing just the ports most commonly used including their dependents and making this general category the default used to download. This would be a much smaller sized download containing everything necessary to build the most used ports. Many of the dependents are used over and over by many different port applications. Exactly which ports are commonly used, and how do you track this? Apache? PHP? We have several versions of each; four or five versions of the big databases, and these all have dependencies, which have their own dependencies, and so on. The common category would have to be pretty large, catering for enough users to be worthy of its name, and containing all the possible dependencies. As soon as you need a port that isn't in the common category, you're out of luck: the rest of the tree needs to be downloaded. and say that only ports in this category will have packages built and keep up to date. All ports not in this special category will not have packages built at all. I think this Bad idea. Again, as soon as someone wants a package not in the special list, they lose out. Besides, building packages serves another purpose: quality assurance. Building packages ensures that the ports can be built correctly, and serves as a tool for testing the base system. Another idea I would like to throw out to the list is how about requesting the ports group to add a function to packages so the installer of the package can select what version of the dependent components should be included in the install. This would only work for runtime dependencies. Most software is compiled differently depending on what versions of things are available at the time of compilation. -- Shaun Amott [ PGP: 0x6B387A9A ] Scientia Est Potentia. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SNI RM300
Hi, I have the same machine, but my bios config. disks have become corrupted, can anybody help??? No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2006/02/24 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Compaq ProLiant 1600 server freezes when detecting keyboard
Wondering if you can give me any advice here... I'm having the same issues installing FreeBSD / 6.0 Is there any way I can install 6.0 by disabling usb probing? Did you first install 5.4-release and then cvsup to 6.0-release? Basically, I'm stuck after 2 days of Googling. Thanks for any info. Shaun ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Compaq ProLiant 1600 server freezes when detecting keyboard
I was given the suggestion to disable psm0 during install set hint.psm.0.disabled=1 The system booted up and I am now able to install So are you sure this is an issue with the usb? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
I am Newbie HELP
I have been trying to install freeBSD on a my system .I do not understand the installation Process , If someone can make a easy to follow setup ,I would be very HAPPY .I want a kde desktop .it will be on a 6 gig partition sharing the hard drive with xp pro and i would prefer a boot manager .It is not as easy as PcLinux or redhat and so on .If someone can help THANKYOU!!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hauppauge WinTV bt878 card
Aaron Peterson wrote: I tried: mplayer tv://4 -tv driver=bsdbt848:channel=4 but just got a big blue screen Try mplayer tv://4 -tv driver=bsdbt848:input=1:channel=4 That works for my card anyway. -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ati driver with Radeon 9800XT
Hi, My friend is trying out FreeBSD as a desktop OS, and I am aiding him since I have be using FreeBSD for about 10 months now and have successfully been using FreeBSD without many problems (that weren't my fault). Unfortunately he seems to be encountering more problems than I suspected he would, and now he has encountered one I am unable to solve - if he uses the ati driver then when he types startx he gets a hard lock, the monitor goes into standby and the machine will respond to no key combinations. If he uses vesa everything is fine. This is on 5.3 Beta 7. His motherboard is an MSI KT6 Delta-FIS2R. I encountered a similar thing with my nvidia card, which was solved by disabling ACPI and compiling my kernel without SMP, but this seems to have to effect on his problem. I can't seem to find any information on this problem with Google, so I hope someone can help or I think he will return to Windows. -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Asus P4S800D-E Deluxe
Hello, Does anyone know how well this motherboard works under FreeBSD 5.2.1? I currently have an Asus P4C800 Deluxe which is okay - until I turn off ACPI and then I get a Fatal trap 9: general protection fault while is kernel mode while booting. I need to be able to turn off ACPI as the nvidia driver doesn't work with it on. The P4S800D-E Deluxe is very similar is features to the P4C800 Deluxe and I want to make sure that it doesn't suffer from the same problem before I buy it. I don't think it should as from what I've read the problem is with the Intel 845/865/875 chipsets, whereas the P4S800D-E Deluxe uses the SiS 655TX chipset. Thanks -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Asus P4S800D-E Deluxe
On Sat, 2004-06-26 at 18:42, Doug Poland wrote: I currently have an Asus P4C800 Deluxe which is okay - until I turn off ACPI and then I get a Fatal trap 9: general protection fault while is kernel mode while booting. I need to be able to turn off ACPI as the nvidia driver doesn't work with it on. The P4S800D-E Deluxe is very similar is features to the P4C800 Deluxe and I want to make sure that it doesn't suffer from the same problem before I buy it. Sorry, it does suffer the same problem. I've got an nVidia 5700 that's running the XFree86 nv driver because of this issue. Hi, It's a good job I checked first then. Do you know of any boards that offer similar features, but don't have this problem? Thanks -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating OpenSSL ...
I'd like to install the OpenSSL port, and stay current with it in the future. It isn't clear to me what I have to do to have the system use the port, instead of what's in the base, and what I'll need to rebuild after installing the port. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.2.1: Wireless X questions
Ok. I installed 5.2.1 on a laptop last night, which went quite nicely. During the install, it detected my wireless card, just fine. It wanted to dhcp for it, but that (correctly) failed, as my net uses wep. So, it punted me to the manual interface configuration screen, where I was easily able to tell it everything it needed to successfully get me on the air. I was a happy camper. :) Questions: 1) How do I tell the system the ssid, wepmode, and key, and then have it get everything else via dhcp? 2) How do I *easily* handle multiple wireless nets? I will be using the laptop on a number of them. 3) How do I tell the system to cope, when I put a wired card in, instead of a wireless card, and I just want it to get me on the air with dhcp? 4) It's a Dell Lattitude CPx J. How do I configure X on it? That's really two questions ... I skipped the X setup during install, and don't know how to get back to that configuration screen, and I don't know anything about the video card and screen in the laptop. From the Dell support site's original configuration specs for this specific laptop, it says this about the screen: Part# 4564E, Description: Liquid Crystal Display, TFT, 14.1, CRNA, Samsung. TIA, -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to allow 'User-A' to burn CD
You will have to install the security/sudo port and read up on the sudoers(5) manual page and the visudo(8) application used to edit that file. What do these numbers (5) and (8) referring to. Page number? They refer to the section of the manual. To read them, issue these commands: man 5 sudoers man 8 visudo -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: Just give 777 permissions to /var/log/messages This is BAD advice, and you should NOT follow it. If you do, you will give anyone the ability to modify or delete your log entries, which yoou do NOT want. Find and fix the actual problem; don't bypass the symptom with something that reduces system security. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 4.7 Syslogs
Sunil Sunder Raj wrote: Hi, I did not mean to change the permissions to 777 permanently. Just to come to a conclusion on whether it is a permission problem. As 90% unix problems are related to permissions. Then you should have said so. But you did not - you simply told an admitted noob to set the permissions to 777, without any explanation. He might have done that, and if it had fixed his problem, he might have left it that way, thinking everything was solved - but with his logfile open to attack. Please think about the advice you give, and whom you are giving it to, before you give it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
chkrootkit says 'date' is infected
I just installed and ran the chkrootkit port on my 5.2.1-RELEASE-p5 system. It says my date command is infected. Nothing else, just that. How can I determine if this is a false positive or if I'm truly hacked? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need vinum info/advice, fast.
A client has hired me to do some work, part of which is replacing Red Hat 9, which is end-of-lifed at the end of this month. I'd convinced him to let me install FreeBSD, right up until I told him that - to my knowledge - you cannot trivially set up software raid on FreeBSD, during install, as you can with Red Hat Linux. I'm supposed to build the new server tomorrow. *Is* there any way I can set up software raid of two ide disks, during install, and for all partitions? This is just to mirror the system disk, so that we can avoid downtime, and going to backups in case of a disk failure. If it can be done, how do I do it? I've never used vinum before, and only know what it is, but nothing about it. I wish I had more than one night to figure this out, but I don't. If it isn't FreeBSD, he going to likely want me to install Fedora Core 2 Linux, instead. TIA, -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need vinum info/advice, fast.
Greg 'groggy' Lehey wrote: On Wednesday, 21 April 2004 at 18:28:47 -0400, Bill Moran wrote: I believe this is still valid: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum-root.html Thanks. I just read that chapter, and, while it makes some sense, it didn't tell me anything about how to do mirroring during install, or how to mirror an existing drive after installation of the OS. I don't see anything incorrect in it. You may find the description at http://www.vinumvm.org/cfbsd/vinum.pdf easier to understand. Thanks. Will read that now, and then post any questions I have. I appreciate the rapid responses, guys. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need vinum info/advice, fast.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum-root.html http://www.vinumvm.org/cfbsd/vinum.pdf Ok. I've read both documents, which were quite educational. Thanks. :) It seems that what I want to do is install to the first system disk, as normally, and then convert that disk to a vinum disk, using the method described starting on page 237 of the above vinum.pdf. The steps aren't entirely clear to me, after that, as to how to make the second disk a vinum drive that is a mirror of the first. Do I just partition it as normally, but saying that the partition types are type vinum? Then do I format those new partitions, and then describe the volume, plexes and subdisks in the configuration file, adding each subdisk to the existing setup so it will mirror? Do I ever even have to format thos partitions, or does vinum just recreate the filesystems bit by bit? I'm not sure I'm asking the right questions. Pointers are most welcome. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installed mysql/php/apache but there's no mysql.sock file
On Sat, 2004-04-17 at 18:42, chip wrote: I then created a file in /tmp called mysql.sock but mysql still gives the same error -[error 2002] cannot connect to local mysql server through /tmp/mysql.sock (2). I read the section in the mysql manual about the socket but don't see anything about creating this file. How do I fix this? I'm not an expert on mysql, but I believe you get that message if mysqld isn't running (and because it isn't running, it hasn't created the file). Have you checked if it is running (ps waux | grep mysqld)? If it isn't, run it (should be in the bin directory of mysql). -- Shaun Friedle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: perl script help
On Fri, 2004-04-16 at 17:05, JJB wrote: I know nothing about writing perl scripts. Can somebody show me how to add the : in the output of the date command in the simple following script? Try this: #!/usr/bin/perl $timezone=`date +\%z`; #Gets the offset in $timezone $timezone =~ s/(\+[0-9][0-9])/$1:/; #Replaces ±NN with ±NN: print $timezone;#Prints $timezone -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: timezone command
On Fri, 2004-04-16 at 17:17, Matthew Seaman wrote: You can do it very easily with perl: #!/usr/bin/perl -w use POSIX (strftime); ($d = strftime(%z, localtime)) =~ s/(\d\d)(\d\d)/$1:$2/; print $d\n; but it's probably a bit too heavyweight to use perl to format the string if you aren't already writing a whole script in perl. Instead, try: date +%z | sed -e 's,\([0-9][0-9]\)\([0-9][0-9]\),\1:\2,' Cheers, Matthew Oops, didn't notice this because it was in a different thread. Well now you have two Perl solutions :) -- Shaun Friedle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nslookup
Brian Henning wrote: is there a bsd tool that gives the domain name of an IP address? host? nslookup? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
GeForce FX 5800 Ultra with Nvidia Drivers on 5.2
pixmap format is 32 bpp (II) do I need RAC? No, I don't. (II) resource ranges after preInit: [0] 0 0 0xd000 - 0xdfff (0x1000) MX[B] [1] 0 0 0xfd00 - 0xfdff (0x100) MX[B] [2] -1 0 0xffe0 - 0x (0x20) MX[B](B) [3] -1 0 0x0010 - 0x3fff (0x3ff0) MX[B]E(B) [4] -1 0 0x000f - 0x000f (0x1) MX[B] [5] -1 0 0x000c - 0x000e (0x3) MX[B] [6] -1 0 0x - 0x0009 (0xa) MX[B] [7] -1 0 0xfeaf4000 - 0xfeaf7fff (0x4000) MX[B]E [8] -1 0 0xfeafd800 - 0xfeafdfff (0x800) MX[B]E [9] -1 0 0xfeaff400 - 0xfeaff7ff (0x400) MX[B]E [10] -1 0 0xfeaf8000 - 0xfeafbfff (0x4000) MX[B]E [11] -1 0 0xfeac - 0xfead (0x2) MX[B]E [12] -1 0 0xfeafe000 - 0xfeafefff (0x1000) MX[B]E [13] -1 0 0xfeaff800 - 0xfeaf (0x800) MX[B]E [14] -1 0 0xfebff400 - 0xfebff7ff (0x400) MX[B]E [15] -1 0 0xfebff800 - 0xfebffbff (0x400) MX[B]E [16] -1 0 0xfebffc00 - 0xfebf (0x400) MX[B]E [17] -1 0 0xf400 - 0xf3ff (0x0) MX[B]EO [18] -1 0 0xfe9e - 0xfe9f (0x2) MX[B](B) [19] -1 0 0xd000 - 0xdfff (0x1000) MX[B](B) [20] -1 0 0xfd00 - 0xfdff (0x100) MX[B](B) [21] 0 0 0x000a - 0x000a (0x1) MS[B](OprD) [22] 0 0 0x000b - 0x000b7fff (0x8000) MS[B](OprD) [23] 0 0 0x000b8000 - 0x000b (0x8000) MS[B](OprD) [24] -1 0 0x - 0x (0x1) IX[B] [25] -1 0 0x - 0x00ff (0x100) IX[B] [26] -1 0 0xdfe0 - 0xdfff (0x20) IX[B]E [27] -1 0 0xde80 - 0xdeff (0x80) IX[B]E [28] -1 0 0xd000 - 0xd0ff (0x100) IX[B]E [29] -1 0 0xdf98 - 0xdf9f (0x8) IX[B]E [30] -1 0 0xd400 - 0xd4ff (0x100) IX[B]E [31] -1 0 0xd880 - 0xd8ff (0x80) IX[B]E [32] -1 0 0xdfa0 - 0xdfbf (0x20) IX[B]E [33] -1 0 0xdf00 - 0xdf7f (0x80) IX[B]E [34] -1 0 0xdc00 - 0xdcff (0x100) IX[B]E [35] -1 0 0xee80 - 0xeeff (0x80) IX[B]E [36] -1 0 0xe800 - 0xe8ff (0x100) IX[B]E [37] -1 0 0x0400 - 0x04ff (0x100) IX[B]E [38] -1 0 0xef60 - 0xef7f (0x20) IX[B]E [39] -1 0 0xefa8 - 0xefab (0x4) IX[B]E [40] -1 0 0xefa0 - 0xefa7 (0x8) IX[B]E [41] -1 0 0xefac - 0xefaf (0x4) IX[B]E [42] -1 0 0xefe0 - 0xefff (0x20) IX[B]E [43] -1 0 0xfc00 - 0xfcff (0x100) IX[B]E [44] -1 0 0xef80 - 0xef9f (0x20) IX[B]E [45] -1 0 0xef40 - 0xef5f (0x20) IX[B]E [46] -1 0 0xef20 - 0xef3f (0x20) IX[B]E [47] -1 0 0xef00 - 0xef1f (0x20) IX[B]E [48] 0 0 0x03b0 - 0x03bb (0xc) IS[B](OprU) [49] 0 0 0x03c0 - 0x03df (0x20) IS[B](OprU) (==) NVIDIA(0): Write-combining range (0xa,0x1) was already clear (==) NVIDIA(0): Write-combining range (0xfd68,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd601000,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd681000,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd0c,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd001000,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd682000,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd603000,0x1000) was already clear (==) NVIDIA(0): Write-combining range (0xfd683000,0x1000) was already clear (II) NVIDIA(0): AGP 8X successfully initialized (II) NVIDIA(0): Setting mode 1280x1024 -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GeForce FX 5800 Ultra with Nvidia Drivers on 5.2
On Tue, 2004-04-13 at 17:14, Doug Poland wrote: I built a custom kernel but can't tell you if that was required as I did that before disabling ACPI. Well, if I disable SMP, I seem to be going in the right direction as the machine no longer locks up. Unfortunately, I cannot disable ACPI on this ASUS P4C800-E Deluxe board as the kernel dumps on errors 9 every time. Well, I'm obviously very unlucky since I have an Asus P4C800 Deluxe and get the same thing! The message is: Fatal trap 9: general protection fault while in kernel mode instruction pointer = 0x58: 0x2d5c stack pointer = 0x10: 0xf80 frame pointer = 0x10: 0x0 code segment= base 0xc00f000, limit 0x, type 0x1b = DPL 0, pres 1, def32 0, gran 0 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 0 (swapper) trap number = 0 panic: general protection fault So for me, ACPI was the key. If I could just get this bloody ASUS board to boot without ACPI I think I'd be in business. I think you're right. After searching on Google for a while (as I am sure you have done) I have found no solution. Good luck to you and I'd appreciate any info you have if successful. I don't think I'm going to be able to solve this. Hopefully it will be fixed soon, apparently the problem is 5.x has grown a regression in its handling of BIOS32 calls somehow. I found that in this thread: http://lists.freebsd.org/pipermail/freebsd-current/2004-March/023392.html -- Shaun Friedle [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/proc
One of the things I really miss from my Linux system, is the /proc directory structure, where I could easily find out so much about my system and, in some cases, modify it. Is there are way I can get such a thing under FreeBSD 5.2.1-RELEASE-p4? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How can I remove this file ?
Nick wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Supote Leelasupphakorn Sent: Friday, April 09, 2004 7:41 AM To: [EMAIL PROTECTED] Subject: How can I remove this file ? Hi lists How can I delete file named prefix with - ? TIA Pote rm ./-file rm -- -file -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OT: how do I get this to link?
I'm trying to port a program to FreeBSD 5.2.1-RELEASE-p4, from Linux. First, I haven't tried to do anything like this since college, which was a looong time ago, so please forgive my ignorance ... I can't get the program to link. In the output below, the things that c-client4.a is complaining about are found in the pam and ssl libs earlier in the line (I grep'd for a number of them, in /usr/lib/*.a, and they were found in those two libs). I have tried many different ways of ordering the libs, and this is the one that produces the least undefined references. I have all the libs found in /usr/lib first and the libs from /usr/local/lib second. I'm pulling my hair out trying to get this to work. Can someone help me figure this out please? Here's the output: peter# make gcc -c filtercmd.c -DSQUIRRELMAILCONFIGFILE='/usr/local/www/squirrelmail/config/config.php' gcc -c checkcreds_cclient.c -I/usr/local/include/c-client '-DMAIL_H=mail.h' '-DLINKAGE_C=linkage.c' -DIMAP_TIMEOUT=2 '-DMAILBOXFLAGS=/norsh/tls/novalidate-cert' gcc -o filtercmd filtercmd.o checkcreds_cclient.o -lpam -lssl -lcrypt -lkrb5 -lcom_err -lz -lcrypto -L/usr/local/lib -lc-client4 -lgssapi_krb5 -lk5crypto -static /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_onceonlyinit': osdep.o(.text+0x859d): warning: tmpnam() possibly used unsafely; consider using mkstemp() /usr/local/lib/libc-client4.a(osdep.o): In function `checkpw': osdep.o(.text+0x83f7): undefined reference to `pam_start' osdep.o(.text+0x8417): undefined reference to `pam_set_item' osdep.o(.text+0x842e): undefined reference to `pam_authenticate' osdep.o(.text+0x8445): undefined reference to `pam_acct_mgmt' osdep.o(.text+0x845c): undefined reference to `pam_setcred' osdep.o(.text+0x847f): undefined reference to `pam_setcred' osdep.o(.text+0x8492): undefined reference to `pam_end' osdep.o(.text+0x84ac): undefined reference to `pam_end' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_onceonlyinit': osdep.o(.text+0x8690): undefined reference to `RAND_seed' osdep.o(.text+0x86d9): undefined reference to `SSL_library_init' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_start_work': osdep.o(.text+0x899f): undefined reference to `TLSv1_client_method' osdep.o(.text+0x89a6): undefined reference to `SSLv23_client_method' osdep.o(.text+0x89ae): undefined reference to `SSL_CTX_new' osdep.o(.text+0x89e1): undefined reference to `SSL_CTX_ctrl' osdep.o(.text+0x8a17): undefined reference to `SSL_CTX_set_verify' osdep.o(.text+0x8a22): undefined reference to `SSL_CTX_set_default_verify_paths' osdep.o(.text+0x8a2d): undefined reference to `SSL_new' osdep.o(.text+0x8a52): undefined reference to `BIO_new_socket' osdep.o(.text+0x8a65): undefined reference to `SSL_set_bio' osdep.o(.text+0x8a70): undefined reference to `SSL_set_connect_state' osdep.o(.text+0x8a7b): undefined reference to `SSL_state' osdep.o(.text+0x8aa3): undefined reference to `SSL_ctrl' osdep.o(.text+0x8abe): undefined reference to `SSL_write' osdep.o(.text+0x8af0): undefined reference to `SSL_get_peer_certificate' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_open_verify': osdep.o(.text+0x8bf2): undefined reference to `X509_STORE_CTX_get_error' osdep.o(.text+0x8bfa): undefined reference to `X509_verify_cert_error_string' osdep.o(.text+0x8c08): undefined reference to `X509_STORE_CTX_get_current_cert' osdep.o(.text+0x8c10): undefined reference to `X509_get_subject_name' osdep.o(.text+0x8c2a): undefined reference to `X509_NAME_oneline' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_getdata': osdep.o(.text+0x90e4): undefined reference to `SSL_get_fd' osdep.o(.text+0x914e): undefined reference to `SSL_pending' osdep.o(.text+0x9306): undefined reference to `SSL_read' osdep.o(.text+0x9325): undefined reference to `SSL_get_error' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_sout': osdep.o(.text+0x942f): undefined reference to `SSL_write' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_abort': osdep.o(.text+0x94ca): undefined reference to `SSL_shutdown' osdep.o(.text+0x94d5): undefined reference to `SSL_free' osdep.o(.text+0x94ed): undefined reference to `SSL_CTX_free' /usr/local/lib/libc-client4.a(osdep.o): In function `ssl_server_init': osdep.o(.text+0x96eb): undefined reference to `ERR_load_crypto_strings' osdep.o(.text+0x96f0): undefined reference to `SSL_load_error_strings' osdep.o(.text+0x976a): undefined reference to `TLSv1_server_method' osdep.o(.text+0x9771): undefined reference to `SSLv23_server_method' osdep.o(.text+0x9779): undefined reference to `SSL_CTX_new' osdep.o(.text+0x97bf): undefined reference to `SSL_CTX_ctrl' osdep.o(.text+0x97d2): undefined reference to `SSL_CTX_set_cipher_list' osdep.o(.text+0x9806): undefined reference to `SSL_CTX_use_certificate_chain_file' osdep.o(.text+0x983e): undefined reference to `SSL_CTX_use_RSAPrivateKey_file' osdep.o(.text+0x988b): undefined reference to `SSL_CTX_ctrl' osdep.o(.text+0x98a2): undefined
Re: OT: how do I get this to link?
I wrote: I can't get the program to link. In the output below, the things that c-client4.a is complaining about are found in the pam and ssl libs earlier in the line (I grep'd for a number of them, in /usr/lib/*.a, and they were found in those two libs). I have tried many different ways of ordering the libs, and this is the one that produces the least undefined references. I have all the libs found in /usr/lib first and the libs from /usr/local/lib second. I'm pulling my hair out trying to get this to work. Can someone help me figure this out please? I'm at my wits end with this. I've continued to try reordering the libs or adding them more than once, as 'man ld' says I can do (that only led to even more undefined references), and even tried to tell ld to search the libs multiple times, via the -( -) construct, but make barfed on that. Any programmers out there that would be able to help me sort this out, off list, please? TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OT: how do I get this to link?
Malcolm Kay wrote: Maybe it is OK but to me the -static option at the end of the command looks strange. And I know the documentation says that mostly the command line order doesn't matter; but try it near the beginning. Several of us tried and failed to get it to link statically in various ways, so we gave up, dropped -static, and went dynamic instead. It even required fewer libraries that way. My thanks to Matt Emmerton for the final solution that worked. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dircmp?
Dan Nelson wrote: In the last episode (Mar 28), Kris Kennaway said: On Sun, Mar 28, 2004 at 08:28:31PM -0500, Shaun T. Erickson wrote: Is there a dircmp command for 5.2.1-RELEASE-p3? I can't find one ... Not in the base system. Maybe it's available in a port with a different name. What does it do? It compares two directory trees and tells you which files exist in one or both, and tells you which files are the same in both. SUSv2 deprecated it and recommended people use diff -r instead. SUSv3 doesn't mention it at all. I tried diff -r and didn't really like it at all. The output isn't anywhere near as nice as dircmp's. Shaun: if you have access to a Tru64 or Solaris system, you can use their dircmp commands, since they are shell scripts. Unfortunately, I don't, or I'd lift a copy. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where is fortune on 5.2.1-RELEASE?
Doug Poland wrote: Hello, I've googled for this but came up empty. I cannot find the fortune program on this recently installed box. On 4.9-STABLE it lives in /usr/games/fortune. /usr/games/fortune on my 5.2.1-RELEASE-p3 box. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dircmp?
Is there a dircmp command for 5.2.1-RELEASE-p3? I can't find one ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: log off with process running
I'm surprised this hasn't been mentioned, but why not try screen? It's made for precisely this reason. Screen is your friend. Screen is probably the tool I use most, as a SysAdmin. I couldn't live without it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Enabling linux compatibility
When I installed my system, it asked if I wanted to enable linux compatibility, and I said no. Now I think I may need it, and am wondering if I need to do anything special to enable it, other than setting linux_enable=YES in /etc/rc.conf. You will need to install one of the linux-base packages from ports. the plain vanilla one is the most stable in my experience... Thanks! -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trying to run a Linux binary ...
I installed linux_base, which turned on linux emulation: # kldstat Id Refs AddressSize Name 17 0xc040 5b570c kernel 21 0xc09b6000 51ac8acpi.ko 31 0xc462 19000linux.ko # When I run the file, I get: ELF binary type 0 not known. # file filtercmd filtercmd: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, statically linked, not stripped # I'm not sure what to do now ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Trying to run a Linux binary ...
Lowell Gilbert wrote: Shaun T. Erickson [EMAIL PROTECTED] writes: I installed linux_base, which turned on linux emulation: # kldstat Id Refs AddressSize Name 17 0xc040 5b570c kernel 21 0xc09b6000 51ac8acpi.ko 31 0xc462 19000linux.ko # That installs the kernel support, but it doesn't turn it on. Run linux(8) (at the command line). I don't have any such command on my system. I looked at the package list for linux_base, and it doesn't install anything named that ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Enabling linux compatibility
When I installed my system, it asked if I wanted to enable linux compatibility, and I said no. Now I think I may need it, and am wondering if I need to do anything special to enable it, other than setting linux_enable=YES in /etc/rc.conf. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: disconnecting keyboard: big trouble !?!
Steve Ireland wrote: This is a PS/2 thing, not an operating system thing. You really can fry your motherboard plugging and unplugging PS/2 devices while the system is powered up. I suppose it's possible, but I know I 've never fry'd one. I'm always unplugging and pluging mine back in. The key to getting the keyboard re-initialized, when you plug it back in - at least under 5.2.1-RELEASE-p3 - is to change hint.atkbd.0.flags=0x1 to hint.atkbd.0.flags=0x0 in /boot/device.hints and reboot. After that, you can plug and unplug to your heart's content. I'm told this setting may have to be made in the kernel, requiring a custom kernel, in 4.x releases. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
phpmyadmin forbidden?
I wanted to install this on my 5.2.1-p3, but it's forbidden. Emailing the maintainer got no response. Does anyone know what's up with this? I'm told it will make my life much easier -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Top posting
... both top and bottom ... All this talk of top and bottom is making me blush and breathe heavy, LOL (j/k). :-) Perhaps this dead horse has been sufficiently beaten, that we can let it Rest In Peace, and move on? :-) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
I messed up my system, please help. library missing
I went to rebuild the mod_php4 port with openssl support (btw, is the correct way to do that this: make -DWITH_OPENSSL ?). During the build, it wanted to upgrade expat, but said there was an older version installed and that if I wanted it upgraded that I should to a 'make deinstall' and a 'make reinstall' to do so, then come back to the mod_php4 build. So I did that. Now my system is missing an apparently important library 'libexpat.so.4' and things are broken that need it - notably, my web server is down. How do I get the old version reinstalled, and have the new version as well, for things that need it? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I messed up my system, please help. library missing
Jorn Argelo wrote: I guess the best thing to do is to deinstall Apache as well, and recompile it from the ports tree. (make sure to sync your ports-tree first) Make sure you backup your website content, since I don't know if the make deinstall will delete your content as well. Then recompile PHP as well. correct way to do that this: make -DWITH_OPENSSL ?). I believe it was yes, though correct me if I am wrong. What got me going again, was making a symbolic link from libexpat.so.5 to libexpat.so.4. That got my webserver running, and allowed me to rebuild mod_php4 (and yes, that *was* the right way to get ssl support into it). I probably should make the time to upgrade anything that relies on expat and remove that link though. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I messed up my system, please help. library missing
Kirk Strauser wrote: From /usr/ports/UPDATING: 20040313: AFFECTS: users of textproc/expat2 Sigh. I'm still new to FreeBSD. I *really* need to get in the habit of checking that file. Thanks. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openSSL certificate key's
Matthew Seaman wrote: On Thu, Mar 18, 2004 at 09:15:28AM +, Matthew Seaman wrote: NB. Verb. Sap. Some applications (*cough* Outlook *cough*) get upset when the OU in the certificate is the same as the OU of your certificate authority. Ahem. The CN or Common Name is what I should have said there. Ooops. Or, spend $49.00 and get a real SSL Cert from InstantSSL, like I did. Works like a charm. No, I don't work for them, and am not associated with them in any way, other than as a happy customer. Their cert was cheap enough to make getting a real one worth it. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Downgrading 4.9-stable to 4.9-release-p3
Kent Stewart wrote: How are you going to include the changed libraries in modules you don't rebuild? The advisory was even more specific, i.e., rebuild all ports that use OpenSSL. That's not exactly what it said. It said to rebuild all statically linked ports and 3rd-party apps: Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled. Dynamically linked programs do not have to be rebuilt. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rc script timing issues?
Peter Risdon wrote: From man 8 rc.d: The scripts within each directory are executed in lexicographical order. If a specific order is required, numbers may be used as a prefix to the existing filenames, so for example 100.foo would be executed before 200.bar; without the numeric prefixes the opposite would be true. You might be able to see this if you've installed, say, mysql-client which uses a script in /usr/local/etc/rc.d called 000.mysql-client.sh - the 000. forces an early startup. So I suggest you're better off moving the scripts back to /usr/local/etc/rc.d and prefixing them with numerals to get the startup order correct. This was exactly the solution I needed and, per your later email, I also made sure the client script runs first. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd question
Matthew Seaman wrote: Unfortuately if you're going to run ntpd, you can't get rid of these: ntpd(8) will automatically bind to all interfaces on the system, and there are no controls within ntpd to control that. Darn. Thanks for the suggestions! I was already controlling access to the port with my ipfilter firewall, and will continue to do so. I just believe in not letting anything bind to a port, that isn't required to. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sasl2--saslauthd--pam--mysql issue
Aaron Peterson wrote: If you have plain text passwords in your MySQL database, you don't need PAM to look them up. SASL2 has this ability natively. I'm going through PAM because I don't want to store passwords in plain text. I have everything set up right, as near as I can tell. It's just that saslauthd isn't passing the realm. I'm told, on another list, that this is a feature of saslauthd from the latest version of sasl, which I'm using. I'm told there is supposed to be a patch out there, somewhere, to restore this behavior. I haven't been able to find it yet. :( -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I add a local patch to a port?
I have generated a patch that I want to apply to a port. I don't know how to tell the port to use it though. Just putting it in the files directory didn't seem to do the trick. What else do I need to do to? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Shaun T. Erickson wrote: I have generated a patch that I want to apply to a port. I don't know how to tell the port to use it though. Just putting it in the files directory didn't seem to do the trick. What else do I need to do to? I looked at the porter's handbook, and it says that simply dropping the patch into the files directory should get it automatically applied, but it's not. The patch is named patch-aa and is relative to the WRKSRC directory. Suggestions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Alexander Haderer wrote: At 13:04 09.03.2004 -0500, Shaun T. Erickson wrote: Shaun T. Erickson wrote: ... I looked at the porter's handbook, and it says that simply dropping the patch into the files directory should get it automatically applied, but it's not. The patch is named patch-aa and is relative to the WRKSRC directory. Suggestions? Patching the wrong file? Patching an already patched file? Patching in wrong direction: old --- new exchanged by accident? directory for patch ok? shouldn't it be relative to extracted sources dir within WRKSRC? Well, cd'ing into the work directory and then into the source directory and saying: patch patchfile correctly patches the file ./dir/file2bepatched So, if patchfile is in the files directory, it ough to just work, yes? But it isn't. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Alexander Haderer wrote: Just another guess: Probably it makes a difference if the patchfile patches ./dir/tobepatched and dir/tobepatched. A brief look into other ports shows me that the latter is used. I don't know if it have to be this way or not. Ok. I'm trying to patch /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.17/saslauthd/auth_pam.c. The patchfile is named patch-aa and is located in /usr/ports/security/cyrus-sasl2-saslauthd/files. Here is the contents of the patchfile that works manually, when I cd to /usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.17 and run patch /usr/ports/security/cyrus-sasl2-saslauthd/files/patch-aa: Index: saslauthd/auth_pam.c diff -u saslauthd/auth_pam.c.orig saslauthd/auth_pam.c --- saslauthd/auth_pam.c.orig Sat May 31 13:00:24 2003 +++ saslauthd/auth_pam.cTue Mar 9 11:53:44 2004 @@ -178,7 +178,7 @@ const char *login, /* I: plaintext authenticator */ const char *password,/* I: plaintext password */ const char *service, /* I: service name */ - const char *realm __attribute__((unused)) + const char *realm /* END PARAMETERS */ ) { @@ -186,17 +186,25 @@ pam_appdata my_appdata;/* application specific data */ struct pam_conv my_conv; /* pam conversion data */ pam_handle_t *pamh;/* pointer to PAM handle */ +char user[256]; int rc;/* return code holder */ /* END VARIABLES */ -my_appdata.login = login; +strlcpy(user, login, 256); + +if (realm) { +strlcat(user, @, 256); +strlcat(user, realm, 256); +} + +my_appdata.login = user; my_appdata.password = password; my_appdata.pamh = NULL; my_conv.conv = saslauthd_pam_conv; my_conv.appdata_ptr = my_appdata; -rc = pam_start(service, login, my_conv, pamh); +rc = pam_start(service, user, my_conv, pamh); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, DEBUG: auth_pam: pam_start failed: %s, pam_strerror(pamh, rc)); It all looks right to me, but when I do a make clean follwed by a make, the file does not get patched. What am I doing wrong? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I add a local patch to a port?
Dancho Penev wrote: Put the patch in security/cyrus-sasl2/files directory. Take a look in port's Makefile where ${PATCHDIR} is set to different location. Aha! That solved it. Thanks. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pam question
I have pam configured so that when my virtual email users (well, the *users* aren't virtual, hehe) send email, they have to use smtpauth. I created a file in /etc/pam.d, called smtp. It has in it: auth required pam_mysql.so user=postfix passwd=apassword host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 account sufficient pam_mysql.so user=postfix passwd=apassword host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 Everything works fine ... almost. Remote users, in the system's local domain, also have to auth in order to relay. But their password is being looked up in my mysql database, instead of in the password file. How can I modify pam's smtp file to allow for both conditions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ntpd question
I run ntpd to keep my server's time in sync with a remote server. In my netstat -a output, I see: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 localhost.ntp *.* udp4 0 0 peter.ntp *.* udp4 0 0 *.ntp *.* I'm not running an ntp server, and would like these entries to go away. I've looked at the ntpd man page and haven't been able to find any option to tell it not to attach to ports. How can I do this? TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rc script timing issues?
On 5.2.1-RELEASE-p1, in /usr/local/etc/rc.d, I have scripts that start my MySQL database, and that start my Courier-IMAP daemons. When the scripts for courier run, one of the first things they do is start authdaemond, which should fire up several authdaemond.mysql processes and then they start the imap daemons. On reboot, the imap daemons are running, but the authdaemond.mysql processes aren't. If I stop the imap script, and re-run it, everything starts up just fine. I suspect that the database isn't getting started before the imap scripts are run. So, I moved the database startup script to /etc/rc.d, but on reboot, the database wasn't started. I had hoped moving it to /etc/rc.d might start it earlier in the boot process. Suggestions? TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installation - More user friendly
JJB wrote: WD My web spider robot found this web site which is not on any of the search engines yet. www.a1poweruser.com Looks like it offers what you want in the way of user-friendly step-by-step instructions to installing FBSD. 1) Surreptitiously plugging your own site, is crass, at best. 2) Not telling him you charge for everything there, is devious. Perhaps you should also tell him that when you respond to posts for help, on this list, that you frequently ignore the person's questions and instead rant on about the evils of whatever it is they are trying to do/use. Perhaps you should tell him that, at least in the area of networking, you haven't got a clue about what you are talking about (I specifically refer you to the completely inaccurate information you gave me regarding, for instance, the generation of fragments.) Based on the many posts of yours that I've seen, on this list and another, I've concluded that you do know some things and have some usefull information to impart, but that your ranting and mis-information obscure them to such a degree that you're comments are not worth paying much attention too. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Missing pam_mysql.so
I seem to be missing pam_mysql.so on my 5.2.1-RELEASE_p1 system, and this is causing me problems, as I need pam to authenticate against a mysql 4.0.18 database. I have no clue what provides that file. Can anyone help me, please. TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Missing pam_mysql.so
Shaun T. Erickson wrote: I seem to be missing pam_mysql.so ... I guess I'm tired, as I found it in /usr/ports/security/pam_mysql. Sorry for the noise. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sasl2--saslauthd--pam--mysql issue
If I set pwcheck_method to auxprop and authenticate against sasldb2 which has a single user of [EMAIL PROTECTED] in it, along with it's password, I can auth just fine from mozilla, where I told it my user name was [EMAIL PROTECTED]. However, if I change it from auxprop to saslauthd, which calls pam, which does a mysql lookup instead, it fails. It opens the correct database and table, and selects the right fields, but it asks for a username of ste, instead of [EMAIL PROTECTED], so it doesn't find the password, and fails. Why is it only asking for ste, and how do I get it to ask for the right value? TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portsdb issues
When I run portsdb -Uu on my 5.2.1-RELEASE-p1 system, I get: Updating the ports index ... Generating INDEX.tmp - please wait.. followed by over 10,000 entries similar to this: make_index: gnomemag-0.10.7: no entry for /usr/ports/textproc/libxml2 followed by: Warning: Duplicate INDEX entry: Done. done [Updating the portsdb format:bdb1_btree in /usr/ports ... - 3795 port entries found /usr/ports/INDEX-5:1:Port info line must consist of 10 fields. /usr/ports/INDEX-5:2:Port info line must consist of 10 fields. /usr/ports/INDEX-5:3:Port info line must consist of 10 fields. /usr/ports/INDEX-5:4:Port info line must consist of 10 fields. /usr/ports/INDEX-5:5:Port info line must consist of 10 fields. .1000.2000.3000... . done] There was only one duplicate entry reported. So, how do I get my system back into a happy state? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb issues
Kent Stewart wrote: There was a problem like this a couple of days ago but I haven't seen any problem generating INDEX today. I would re-cvsup and see if it goes away. I have been diligently keeping my system cvsup'd every day. It dawned on me that I haven't been running portsdb -Uu after every cvsup though, so I ran it, and that's what I got. So what do I do now? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb issues
Kent Stewart wrote: Did you recvsup ... Apparently I'm new enough to FreeBSD that I don't understand you. I ran cvsup on my docs, my system source and my ports, and ran portsdb -Uu afterwards. When I run them again, there is nothing to download. That tells me I have everything. I guess I don't know what you want me to do. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb issues
Kent Stewart wrote: The mirrors mostly update on the hour. Cvsuping less than an hour apart may be using the same old data. You need to wait until 15-20 minutes after the hour for the mirror to be updated. I mirror most of the data and it takes around 8 minutes for a mirror update to finish. I waited a bit, then ran cvsup on the ports, once more, and this time there was more to download, including a new INDEX-5 file. I ran portsdb -Uu once more, and it worked perfectly. I guess my ports tree was out of sync somehow. Thanks for the suggestions! :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
'pkg_delete port' vs 'cd /usr/ports/port;make deinstall'
'pkg_delete port' vs 'cd /usr/ports/port;make deinstall' What's the difference between these? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mysql woes (self-inflicted)
I was having trouble getting mysql40 running, so I removed the server and client packages. I then manually cleaned out the files under /var/db/mysql. Then I rebuilt the server and client. Sadly, when I try to start the server, it complains that mysql.host - one of the files I deleted - doesn't exist. How do I get all that stuff under var/db/mysql back, that I deleted? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql woes (self-inflicted) SOLVED
Shaun T. Erickson wrote: I was having trouble getting mysql40 running, so I removed the server and client packages. I then manually cleaned out the files under /var/db/mysql. Then I rebuilt the server and client. Sadly, when I try to start the server, it complains that mysql.host - one of the files I deleted - doesn't exist. How do I get all that stuff under var/db/mysql back, that I deleted? I had to rebuild the server with OVERWRITE_DB=yes. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My ipfilter rules.
In order to be a good netizen, I applied the bogon list to my outbound traffic, too. I also moved the bad packet checks to the head of the incoming rules, as they make more sense there - no point in letting them use any more cpu than needed, if they are junk. At least 35 people have looked at my rules (http://www.ste-land.com/rules.html). I've updated the page, so be sure to hit refresh/reload, if you go to look at it again. So far, two people have responded. I took the suggestions of one. Anyone else? I'm putting the server on the Internet tonight, and would like the firewall done by then. Two questions: 1) Should I be performing the bad packet checks on the outbound path, too? 2) I looked at using groups to keep outbound packets from traversing rules for inbound packets, and vice versa, but I still don't understand them well enough to set them up. Suggestions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter 'keep frags' question
Are only tcp packets subject to fragmentation, or are udp and icmp, as well? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
My ipfilter rules.
I've ported my iptables firewall rules to ipfilter. Since I'm new to firewalling under any *BSD, and because it never hurts to get a review, I was wondering if some of you, who are good at, would critique my rules. Rather than include the file here, I give a link to it, below. Feel free to critique both content and form. Note that I obfuscated my server's IP address in the one place it shows up. The firewall is to harden a stand-alone server, with a single interface. Policy is to let anything out, but be cautious about what is allowed in. Here's the file: http://www.ste-land.com/rules.html I'm sure I'll learn more, based on your responses. TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: My ipfilter rules.
I wrote: I was wondering if some of you, who are good at, would critique my rules. Here's the file: http://www.ste-land.com/rules.html So far, I've gotten these suggestions: Apply the bogon list to the outbound path. Compress my blocking of netbios junk to one rule. Move bad options flags check to head of list. Any other suggestions? Question: Is there some way I can have all outbound packets skip being tested by rules for inbound packets, and vice versa? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I test for NO tcp flags being set, in ipfilter?
See subject. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I test for NO tcp flags being set, in ipfilter?
Jerry McAllister wrote: See subject. :) A note: That is impolite and unhelpful. You should put your information including the auestion in the body of the message. My sincere apologys. I was trying to be helpful by not repeating myself, and wasting bandwidth when my entire question was framed in the subject. I won't do it again though, if it's considered impolite. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How do I test for NO tcp flags being set, in ipfilter? (repost)
How do I test for NO tcp flags being set, in ipfilter? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How do I test for NO tcp flags being set, in ipfilter? (repost)
Danny Pansters wrote: On Tuesday 02 March 2004 18:27, Shaun T. Erickson wrote: How do I test for NO tcp flags being set, in ipfilter? You can filter on TCP flags but seems to me what you really mean is how to check for no TCP options (nop) rather than no flags: 'with opt nop' is a syntax that should work. WRT flags, it's my understanding that every TCP packet has at least the A or S flag set. Actually, I do mean no flags set. Nmap's null scan uses packets with all tcp flags turned off. On linux, with iptables, I would say -tcp-flags ALL NONE to test for this (the bits to test and the mask are in reverse order to how we specify them in ipfilter). The closest ipfilter statement would be flags /FSRPAU, specifying no flags to be set, out of all flags. I don't believe this is legal syntax though. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter frags question
Having given up on ipfw and switching to ipfilter (much nicer!), I nearly have my firewall set up. Then I ran into a problem ... On my Linux box, I can force all fragments to be re-assembled into whole packets before being presented to the firewall, and that's what I've done. However, as near as I can tell, FreeBSD (5.2.1-RELEASE) doesn't have that feature. So what do I do with fragments? They are a valid part of a tcp conversation, so dropping them isn't good, but neither is just accepting them willy-nilly, either. Suggestions, please, and TIA. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfilter tcp flags question
How do I test that none out of all flags are set? flags /FSRPAU isn't legal, I'm sure. Is ! flags FSRPAU or flags ! FSRPAU? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfilter tcp flags question
Remko Lodder wrote: i do it like this: block in log quick proto tcp all flags FUP block in log quick proto tcp all flags SAFRU/SAFRU block in log quick proto tcp all flags SF/SF block in log quick proto tcp all flags SR/SR I'll have to scratch my head over that one for a bit, before I understand it, but I guess you're saying that the above 4 rules imply a fifth in that if none were set, it couldn't get through them, right? I really dislike implied rules, and avoid them if at all possible, as they are hard to maintain. :) Is there no way to explicitly test for no flags being set? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel compile errors - but how do I get the output
Tadimeti Keshav wrote: Hi all I have problems compiling my kernel. I have enabled: device udbp# USB Double Bulk Pipe devices I get errors at link time with udbp.o. I am not able to copy from aterm and paste to nedit. make /home/abcd/make_log.log only says stop... But is does not contain the error output. I would appreciate any help. Thanks Use the script command. Type, for example: script /var/tmp/make.out then go ahead and run your make. When it's finished, tyoe a Control-D and then vi /var/tmp/make.out to look at all the output of the make run. :) HTH :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw ruleset traversal question
I'm trying to port my linux netfilter/iptables firewall to 5.2.1-RESLEASE. Iptables has the concept of chains. There are three defined by the system: INPUT, FORWARD OUTPUT. Packets coming into the system that are destined for a local process traverse the INPUT chain only, packet generated by the system, and leaving it, traverse the OUTPUT chain only, and packets that are simply passing through the system traverse the FORWARD chain only. One nice benefit of this, is that inbound packets don't have to traverse rules for outbound packets and vice-versa. This allows efficient grouping of rules and reduces the performance hit of packets having to be checked by all rules. How can I set up my ipfw ruleset so that I can achieve that same benefit? TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw ruleset traversal question
Shaun T. Erickson wrote: Iptables has the concept of chains. Please forgive me for following up my own post. I know it's bad form ... In addition to the system defined chains, iptables lets me create user defined chains, that I can jump to based on criteria I set, so as to further refine my rules such that packets only traverse the rules they must. So, I'm trying to figure out how to simulate everything I've said about chains, in ipfw ... -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
LINT file?
If I understand correctly, in previous releases there used to be a file /usr/src/sys/i386/conf/LINT, that listed all the things one could put in their kernel conf file. I can't find any such file on 5.2.1-RELEASE. Can someone please tell me where I can find it or it's replacement please? TIA -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LINT file?
Matt Emmerton wrote: cd /usr/src/sys/i386/conf make LINT Note that the LINT kernel is _strictly_ a list of all the possible things to put in your kernel config -- there are no explanatory comments anymore. That's a shame. I was counting on the comments to educate me. Can you point me to any other documentation that might cover what I find in that file? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LINT file?
Rowdy wrote: You would be looking for the NOTES file in /usr/src/sys/arch/conf? There is also a NOTES file in, erm, /usr/src/sys/conf IIRC. Thank you. That's exactly what I was looking for. I should have known to simply look for it under another name, instead of just giving up early when the ls for LINT turned up nothing. Mea culpa. -ste P.S.: Looking at it, I discovered that there is a ste device driver and man page, lol. When I pointed it out to my roommate, he said he wants to get in touch with the author. He says there's a few feature enhancements he'd like, and several nasty bugs he'd like worked out. :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firewall enabling confusion.
I put 'firewall_enable=YES' in /etc/rc.conf, in anticipation of rebuilding my kernel with the following options turned on: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 I rebooted, for unrelated reasons, and now see in the messages file that ipfw2 has been enabled and, indeed, since I have no rules in place, my system is cut off from the network. I haven't yet rebuilt my kernel, so I don't understand why this kicked in. Did adding that line in rc.conf suck in a kernel module that obsoletes the need for those kernel options? How do I check (I'd do an lsmod, on Linux - don't know what the equivalent FreeBSD command is)? If it is a module, how do I enable logging, as adding 'firewall_logging=YES' to /etc/rc.conf didn't turn it on, according to the messages file. Likewise for divert (though I don't currently need it). Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall enabling confusion.
Remko Lodder wrote: kldstat is the program you are looking for (like lsmod) It can indeed be that the module is loaded with it's default settings {block all} Hope this solves your lsmod question, the rest i cannot help you with since i don't understand ipfw :) {yet} Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to know how to enable things like divert and logging. -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel modules question.
In linux, I'd use /etc/modules.conf to list and configure any kernel modules I want loaded at boot time. How is that done in FreeBSD? I see that there are a *lot* of kernel modules in /boot/kernel. How do I find out what each one is for and what their configuration options are? Sorry for newbie questions. I'm trying to learn FreeBSD as fast as I can. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall enabling confusion.
Warren Block wrote: On Fri, 27 Feb 2004, Shaun T. Erickson wrote: Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to know how to enable things like divert and logging. /etc/rc.firewall has examples. I looked at that. That's not what I mean. :) I mean, if I do not have to build a new kernel to enable firewalling, logging and divert, then how do I enable them, such that the following line from my messages file would show that they have been enabled? Adding firewall_enable=YES to rc.conf caused the ipfw module to be loaded, enabling firewalling. Adding firewall_logging=YES did *not* enable logging in the message file line shown below. How do I do that? How would I get that line to show divert as being enabled? I may be wrong (correct me if I am, please), but doesn't that line have to show them as enabled, before I can successfully make use of them in ipfw commands like those you pointed me to in rc.firewall? What if I want that line to report that the default is open, instead of deny? Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel modules question.
Warren Block wrote: On Fri, 27 Feb 2004, Shaun T. Erickson wrote: In linux, I'd use /etc/modules.conf to list and configure any kernel modules I want loaded at boot time. How is that done in FreeBSD? It's /boot/loader.conf. See 'man 5 loader.conf'. Ah. Thank you. :) Where do I find documentation for the 341 or so modules? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall enabling confusion.
Ion-Mihai Tetcu wrote: hint: sysctl -a | grep ip.fw for logging do: sysctl -w net.inet.ip.fw.verbose: 1 sysctl -w net.inet.ip.fw.verbose_limit: 5 Ah. see also man ipfw, it will answer your questions. I'm still wading through it - it's quite a long read. I'll finish before asking anything else. ;) AFAIK recompile with IPFW_DEFAUL_TO_ACCEPT, but it would be a bad thing. I don't disagree - I just wanted to know how. It helps me to understand the system better. ;) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Quick newbie portupgrade question.
Kevin D. Kinsey, DaleCo, S.P. wrote: Shaun T. Erickson wrote: I understand that 'portupgrade -arR' will upgrade everything. Some are packages and some are ports. Will portupgrade upgrade packages with packages, and ports with ports, or do packages get replaced with ports, so that all are ports after it's run? Check out the -P and -PP CLI switches to portupgrade(1). If I read them correctly, I cannot have packages replaced with packages, and ports with ports. That is, unless I can figure out which are which, ahead of time, and select the right switches for the right things. Is there an easy way to determine which are which? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for ipfw info.
JJB wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shaun T. Erickson Sent: Thursday, February 26, 2004 2:08 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Looking for ipfw info. JJB wrote: The problem with all those links is that what they write about is outdated and complete mis-directs the reader into using IPFW's legacy stateless rules when only stateful rules should be used to get the max level of protection. The rules she gives in her second article most certainly describe creating a stateful firewall. Yes for an firewall without an lan behind it Which is exactly what I'm trying to set up. www.a1poweruser.com Is where you can purchase the complete results of my in-depth research, as soon as I complete the buy now button function. Check back in a week. Can someone who isn't trying to sell me something, corroborate anything he's said? It would be nice to hear from someone else, too. :) -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ruby ( final answer )
Michael Sharp wrote: pkgdb is still looking for /usr/local/bin/ruby which after the upgrade dosent exist. Its now /usr/local/bin/ruby16 ln -s /usr/local/bin/ruby16 /usr/local/bin/ruby fixes pkgdb and portsdb I'm setting up a new 5.2.1-RELEASE system and was concerned about this, as I was about to install portupgrade, which would also install ruby. With all ports up to date, I crossed my fingers and did a make install clean. Everything installed and works fine. I got a ruby18 (yes, 18) that was linked to ruby. Are you sure you have the latest portupgrade and ruby installed? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]