Serial: Java .Net Mono FreeBSD Erlang: freeBSD Archives

February 22, 2005

Installing AWStats

Please add the following to your apache config, and restart.

#
# Directives to allow use of AWStats as a CGI
#
Alias /awstatsclasses "/usr/local/www/awstats/classes/"
Alias /awstatscss "/usr/local/www/awstats/css/"
Alias /awstatsicons "/usr/local/www/awstats/icons/"
ScriptAlias /awstats/ "/usr/local/www/awstats/cgi-bin/"

#
# This is to permit URL access to scripts/files in AWStats directory.
#

Options None
AllowOverride None
Order allow,deny
Allow from all

*****************************************************************
===> Registering installation for awstats-6.3
===> Cleaning for p5-Storable-2.13
===> Cleaning for p5-Net-XWhois-0.90_2
===> Cleaning for sed_inplace-2002.10.19
===> Cleaning for awstats-6.3

Posted by 0xFF3300 at 03:13 PM | Comments (0) | TrackBack

February 01, 2005

Relief at last...

With a little trimming of the fat my file system is all better now. I cleaned out /root (/).

su-2.05b# df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s1a 128990 58450 60222 49% /
/dev/ad0s1h 18149236 3585312 13111986 21% /home
/dev/ad0s1f 1032142 891656 57916 94% /usr
/dev/ad0s1g 17942382 2674610 13832382 16% /usr2
/dev/ad0s1e 2064302 1009996 889162 53% /var
procfs 4 4 0 100% /proc

Posted by 0xFF3300 at 09:09 PM | Comments (0) | TrackBack

du -h -d 1

Today the /usr drive became full, preventing many apps from functioning. du is your friend.

850K ./www
12K ./makesite
78M ./bin
4.5M ./etc
11M ./include
7.2M ./info
285M ./lib
82K ./libdata
6.4M ./libexec
15M ./man
1.9M ./sbin
102M ./share
2.0K ./doc
26K ./src
56M ./linux-sun-jdk1.3.1
61M ./jdk1.3.1
57M ./jakarta-tomcat4.1
400K ./jakarta-ant-1.5.1
44K ./openssl
25M ./ant
6.9M ./usermin-0.970
7.3M ./usermin-1.000
1.5M ./mod_mono
3.8M ./jakarta-struts-1.0.2
23M ./mailman
8.8M ./squirrelmail
4.0K ./xsp
650K ./viewcvs-0.9.2
767M .

Posted by 0xFF3300 at 08:39 PM | Comments (0) | TrackBack

January 18, 2005

Hardened Security

As for Linux, a correctly-configured hardened box should come close to VMS in security. The sorts of things that you could configure to do this are as follows:

* Configure iptables to block ports that should not be visible from the outside. Either that, or get it to return spurious data, to confuse scanners.
* Use one (or preferably two) of SE-Linux, GRSecurity and RSBAC, to make it hard to actually use any exploits that are found.
* Disable insecure protocols where possible. If you have to use them, run them over IPSec.
* If a server isn't time-sensitive, then use a bounds-checker such as ElectricFence to reduce the risks.
* Use a pro-active NIDS to block suspicious traffic (usually an indicator of a scan).
* Verify file permissions with a utility such as TARA, although that one might be a little old these days.
* Scan for weaknesses with the latest Nessus and -at least- one other independent security scanner.

The reason for so many steps is that Linux is flexible. Flexibility, if used well, can make for an extremely tough system. If used badly, it can make for a highly vulnerable system. Mistakes are not always easy to catch, so it's better to have enough independent redundancy that a failure isn't catastrophic.

Posted by 0xFF3300 at 07:24 AM | Comments (0) | TrackBack

December 31, 2004

Managing /tmp

"When you install any operating system, it's important to allocate sufficient disk space to hold temporary and swap files. Ideally, you already know the optimum sizes for your system so you can partition your disk accordingly during the install. However, if your needs change or you wish to optimize your initial choices, your solution doesn't have to be as drastic as a repartition - and reinstall - of the system."

:Link:

Posted by 0xFF3300 at 01:13 PM | Comments (0) | TrackBack

December 30, 2004

RE: mod_php4 and portupgrade

Ok, so, apparently I'm a miserable failure... I changed my MAKEARGS
section accordingly:
'lang/php4' => 'BATCH=YES WITH_CTYPE=yes WITH_CURL=yes WITH_EXIF=yes
WITH_FTP=yes WITH_GD=yes WITH_MYSQL=yes WITH_OPENSSL
=yes WITH_OVERLOAD=yes WITH_PCRE=yes WITH_POSIX=yes WITH_POSTGRESQL=yes
WITH_SESSION=yes WITH_TOKENIZER=yes WITH_XML=yes WITH_ZLIB=yes',

However, after running "portinstall php4", this comes up:
In file included from
/usr/ports/lang/php4/work/php-4.3.4/ext/gd/libgd/gdft.c:63:
/usr/local/include/freetype2/freetype/freetype.h:20: #error
"`ft2build.h' hasn't been included yet!"
/usr/local/include/freetype2/freetype/freetype.h:21: #error "Please
always use macros to include FreeType header files."
/usr/local/include/freetype2/freetype/freetype.h:22: #error "Example:"
/usr/local/include/freetype2/freetype/freetype.h:23: #error " #include
"
/usr/local/include/freetype2/freetype/freetype.h:24: #error " #include
FT_FREETYPE_H"
*** Error code 1

Stop in /usr/ports/lang/php4/work/php-4.3.4.
*** Error code 1

Stop in /usr/ports/lang/php4.
*** Error code 1

Stop in /usr/ports/lang/php4.
** Command failed [exit code 1]: /usr/bin/script -qa
/tmp/portinstall70434.0 make BATCH=YES WITH_CTYPE=yes WITH_CURL=yes
WITH_EXIF=yes WITH_FTP=yes WITH_GD=yes WITH_MYSQL=yes WITH_OPENSSL=yes
WITH_OVERLOAD=yes WITH_PCRE=yes WITH_POSIX=yes WITH_POSTGRESQL=yes
WITH_SESSION=yes WITH_TOKENIZER=yes WITH_XML=yes WITH_ZLIB=yes
** Fix the problem and try again.
** The following packages were not installed or upgraded (*:skipped /
!:failed)
! lang/php4 (unknown build error)

I assume if I take out GD support it would work, however, for my online
picture gallery, I need this support. I even tried a couple other
things: "portinstall mod_php4" with lang/php4 in pkgtools.conf, and also
tried both with www/mod_php4 in pkgtools.conf... neither worked. This
seems very odd to me that I'm having all these problems soon as I try to
futz with it, especially since I've never run into problems with the
mod_php4 port... Oh well. Any ideas?

-Kyle Mott

-----Original Message-----
From: Jared ''Danger'' Earle [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 4:20 PM
To: kyle
Cc: [EMAIL PROTECTED]
Subject: Re: mod_php4 and portupgrade

On 17 Mar 2004, at 22:37, kyle wrote:
> Ok. When I do "portinstall mod_php4" (or make install/make
> reinstall/portupgrade), it still comes up with that gui for me to
> choose
> which options I want... I don't want this gui to come up... I want to
> be
> able to use make install/reinstall, portinstall/portupgrade w/o having
> to always specify which options I want to use. Isn't there a way to do
> this? I believe I was closer before, in setting up pkgtools.conf...
Any
> ideas?

Set 'BATCH=YES' in /usr/local/etc/pkgtools.conf to remove the GUI
thing. Oh, and use lang/php4 and not mod_php4 these days. The port of
www/mod_php4 is a placeholder for lang/php4.

[EMAIL PROTECTED] grep lang /usr/ports/www/mod_php4/Makefile
# Makefile of the master port (lang/php4).
MASTERDIR= ${.CURDIR}/../../lang/php4

[EMAIL PROTECTED] grep -A10 'lang/php4' /usr/local/etc/pkgtools.conf
'lang/php4' => 'WITH_APACHE2=YES BATCH=YES WITH_GD=YES
WITH_ZLIB=YES WITH_BZIP2=YES WITH_MCRYPT=YES WITH_MHASH=YES
WITH_PDFLIB=YES WITH_IMAP=YES WITH_MYSQL=YES WITH_XML=YES
WITH_XMLRPC=YES WITH_XSLT=YES WITH_WDDX=YES WITH_DOMXML=YES
WITH_FTP=YES WITH_CURL=YES WITH_GETTEXT=YES WITH_ICONV=YES
WITH_PSPELL=YES WITH_MIME=YES WITH_MBSTRING=YES WITH_YP=YES
WITH_BCMATH=YES WITH_HYPERWAVE=YES WITH_MCVE=YES WITH_MING=YES
WITH_MCAL=YES WITH_SOCKETS=YES WITH_SYSVSEM=YES
WITH_SYSVSHM=YES
WITH_ZIP=YES WITH_DOMXSLT=YES WITH_CTYPE=YES WITH_DOMXML=YES
WITH_CALENDAR=YES WITH_SESSION=YES
WITH_PCRE=YES WITH_POSIX=YES WITH_TOKENIZER=YES',

I hope this helps.

--
Jared Earle, Nightfall Games, [EMAIL PROTECTED] - http://www.23x.net
"Watashi-wa shin no SUPORUKU desu"

Posted by 0xFF3300 at 12:48 PM | Comments (0) | TrackBack

php_mod4: Found saved configuration

To prevent the previous port configuration, cd to the mod_php4 directory and 'make rmconfig'. This will remove the cached version.

Posted by 0xFF3300 at 11:02 AM | Comments (0) | TrackBack

October 30, 2004

Installing Clam Anti-Virus on FreeBSD

"The open-source ClamAV (Clam Anti-Virus) virus scanner can be invoked in a variety of ways. This document describes my experience in installing it as a sendmail milter from the FreeBSD ports. The setup I describe doesn't require the MIMEDefang (or other milter) wrapper..."

Posted by 0xFF3300 at 12:46 PM | Comments (0) | TrackBack

September 04, 2004

Disk Cloning with dd and netcat

I'm coming up with a solution to clone my root hard drive and I came across this article . Although dd is primitive, it defintley gets the job done and can copy across the network.

GNU utilities for Win32. http://unxutils.sourceforge.net/
netcat for Windows. http://www.l0pht.com/~weld/netcat
First Attempt at Creating a Bootable Live Filesystem on a CDROM http://www.linuxgazette.com/issue54/nielsen.html
Good Site for Windows utilities such as newsid.exe: http://www.sysinternals.com
Modifying ISO image http://www.winiso.com
Solaris Bootable CD creation: http://www.lka.ch/projects/solcdburn/solcdburn.html
Sun Blueprint: http://www.sun.com/software/solutions/blueprints/0301/BuildBoot.pdf
Linux on Floppy: http://www.toms.net/rb/
Static binaries for Linux.

Posted by 0xFF3300 at 01:21 PM | Comments (0) | TrackBack

July 20, 2004

HOWTO: Transparent Packet Filtering with OpenBSD

Check this article out by Nate Underwood: "In this article we are going to build a robust, stateful packet filter that uses no IP addresses. Thankfully, OpenBSD provides built-in support for this "invisible firewall" via the bridge interface and the new packet filter, pf."

View

Posted by 0xFF3300 at 09:38 PM | Comments (2) | TrackBack

April 07, 2004

TextMaker: FreeBSD Word Processor

I haven't tried it out yet, but it sure looks nice!

Posted by 0xFF3300 at 07:29 PM | Comments (2) | TrackBack

March 23, 2004

sendmail relaying on FreeBSD

Since setting up and configuring sendmail can be pure hell for a system administrator, I have found a very well summarized article on setting up proper relayaing configurations, on one my favorite sites, FreeBSD Diary. Check out 'Using smtp from remote locations'.

Posted by 0xFF3300 at 01:02 PM | Comments (1) | TrackBack

March 03, 2004

/usr/local/etc/pkgtools.conf

In order to have the mod_php4 port build with the same settings everytime the port is upgraded, the solution is quite simple.

Open /usr/local/etc/pkgtools.conf with your text editor, 'ee' works fine for me.

Go to the MAKE_ARGS section and add the following to the MAKE_ARGS hash. Of course you will want to adjust it to the option you will usually compile.

MAKE_ARGS = { 'www/mod_php4' => 'WITH_BZIP2=yes WITH_CALENDAR=yes WITH_CTYPE=yes WITH_CURL=yes WITH_GDBM=yes WITH_INIFILE=yes WITH_MCRYPT=yes WITH_MYSQL=yes WITH_OP }

The next time you execute /usr/local/sbin/portupgrade mod_php4 the above parameters will be used to build php4, instead of the configuration screen. Yeah!

This was a follow-up post to my previous rant and is actually a much cleaner solution.

Posted by 0xFF3300 at 04:48 PM | Comments (0) | TrackBack

Storing Previous Compilation Options: mod_php4 and make

This drives me nuts. Everytime I upgrade my mod_php4 port, the config screen pops up and I have to remember what compilation options to check off. I want it to have the same options every time, so when I upgrade I don't need to remember how the port is currently configured. Is there some way to accomplish this?

Location: Kamloops, BC, Canada
You can do this using portupgrade. Read through the configuration files in /usr/local/etc/pkg* and related man pages (portupgrade, pkgtools.conf, and the like).

You need to create an entry for PHP in the pkgtools conf file. portupgrade will check that config file and grab the options from there.

if you have global options that you want to use for everything, you can add them to /etc/make.conf.. like NO_X11=yes is what I use on servers.

If you feel you have to avoid portupgrade (it's a wonderful tool, but
it doesn't work on new machines until you have built it), you can
create a /usr/ports/../Makefile.inc and have it include your own
make.conf.

It would seem that using /usr/ports/Makefile.local would be a good way
to do this; but it is only included during the pre-makefile period of
the build and consequently, won't quite work if the flags you want to
set have to be individual for each port
(e.g. ${CONFIGURE_ARGS}). /usr/ports/../Makefile.inc is included
during both the pre-makefile and post-makefile phases.

Caveat: I have no idea why the ports gurus are including
${MASTERDIR}/../Makefile.inc in /usr/ports/Mk/bsd.port.mk; so I can't
intelligently promise that this mechanism will continue to work.

# -*- makefile -*- # $Id: Makefile.inc,v 1.2 2002/08/28 15:51:12 ericx Exp $ # # $Log: Makefile.inc,v $ # Revision 1.2 2002/08/28 15:51:12 ericx # Check-in for ASC # Also added comments and emacs directive # # Revision 1.1 2002/03/19 15:07:59 asc # Initial revision #



# file is loaded up via what may be an oddity in the Mk configuration

# files in /usr/ports/Mk/bsd.port.mk AFTER all the variables are set

# in the various Makefiles.  Unlike /etc/make.conf, this gives an

# opportunity to override settings in port Makefiles.

# This requires a flag be set in /etc/make.conf

.if defined(VNIAFTERPORTMK) && ${VNIAFTERPORTMK} == YES

.if exists(/etc/make.conf.vni)

# But if the flag is set, and the file exists, pull it in.

.include 

.endif

.undef VNIAFTERPORTMK

.endif

# -*- makefile -*-

# File:         make.conf.vni

# Author:       Charlie Root, ericx at vineyard.net

# Date:         Thu Jan  3 00:34:51 2002

# Time-stamp:   <2003-05-18 10:44:51 ericx>

# Description:  Setting variable in /etc/make.conf is not optimal

#               because those variables are read very early in the

#               compilation process and anything can be overridden in

#               the various Makefiles embedded in the ports

#               system. Nor can variables in /etc/make.conf be set on

#               a per-port basis, because at the time it is read

#               ${PORTNAME} has not been set.

#

#               This file is read in at the END of make's parsing phase

#               after all other Makefiles have been

#               included. Conditional variables can be can be set

#               based on ${PORTNAME} and decisions made by the port's

#               maintainer can be overridden.

#

#               See also: /etc/make.conf, /usr/Makfile.inc, /usr/ports/Mk

#

#

# $Id: make.conf.vni,v 1.11 2003/05/18 14:56:07 ericx Exp $

# $Log: make.conf.vni,v $

# Revision 1.11  2003/05/18 14:56:07  ericx

# Removed redundant php4 entry.

# Adjusted php4 entry to use port's configure mechanism.

# Removed OpenLDAP2 option because it causes httpd to core dump.  No

#    idea why.

#

# Revision 1.10  2003/05/14 18:50:04  ericx

# Please be careful.  This makefile is NOT exclusive to the ports tree;

# but is used system wide by all compiles including buildworld.

#

# Patched conditionals for mod_php4 and imp3 so they won't barf for

# non-ports compiles.

#

# Revision 1.9  2003/04/23 14:56:22  asc

# Added bugzilla entry.

#

# Revision 1.8  2003/04/18 16:04:18  theqblas

# Added imp3 flags

#

# Revision 1.7  2003/04/18 16:02:44  theqblas

# Added mod_php4 configure args.

#



.if defined(VNIAFTERPORTMK)

HOSTNAME?=              /bin/hostname

.if defined(PORTNAME) && ${PORTNAME} == perl

#                                                                                                              Updating Ports on Production Servers (p3 of 5)

# Per the INSTALL docs this needs to be a colon-separated

# list of paths. If someone else knows how to do that spanning

# multiple lines, please go nuts.

# Note we are only including the site_perl directories to

# try and prevent any weirdness with the core libraries.

# Note also that we are *not* including the ${PERL_ARCH}

# directory which gets automagically included. Dunno.

CONFIGURE_ARGS+=        -Dotherlibdirs=${PREFIX}/lib/perl5/site_perl/5.005

.endif

# End of perl port configs

.if defined(PORTNAME) && ${PORTNAME} == bugzilla

# Need to find some way to patch the default

# patch for checksetup.pl to set webservergroup

# as 'http'. I don't know how to do this; there

# is an entry in bugzilla...

.endif

# End of 'bugzilla'

.if defined(PORTNAME) && ${PORTNAME} == apache+mod_ssl

# We disable the use of apache's built-in expat-lite because it makes

# using anything that uses the XML::Parser package in a mod_perl

# context impossible.

CONFIGURE_ARGS+=        --disable-rule=EXPAT

.endif

# End of apache+mod_ssl port configs



.if defined(PORTNAME) && ${PORTNAME} == mod_dav

CONFIGURE_ARGS+= --with-expat=/usr/local

.endif

# End of mod_dav



.if defined(PORTNAME) && ${PORTNAME} == mod_php4

# This is to preempt the interactive menu normally used by the php

# port.

# The mod_php4 port uses PHP4_OPTIONS to set a number of compile

# options (including dependencies). Only setting CONFIGURE_ARGS for

# these skips the dependencies and other make linkages; so unless you

# want to look them all up and do them by hand too, just set

# PHP4_OPTIONS above.  The code that runs all this is found in

# /usr/ports/www/mod_php4/scripts/configure.php.  No, I don't really

# grok the need for the escaped quotes...

SCRIPTS_ENV+=   BATCH=yes

# as of mod_php4 4.3.1, the compile with openldap 2.0 builds ok; but

# the resultant httpd won't run (no errors; just a core)

PHP4_OPTIONS=                   \

                \"zlib\"        \

                \"mcrypt\"      \

                \"IMAP\"        \

                \"IMAP-SSL\"    \

                \"MySQL\"       \

                \"OpenSSL\"     \

                \"XML\"         \

                \"DOMXML\"      \

                \"FTP\"         \

                \"gettext\"     \

                \"MCAL\"

#               \"OpenLDAP2\"   \

CONFIGURE_ARGS+=                                \

                   --enable-memory-limit        \

                   --enable-safe-mode

# mod_php4

.endif

## IMP flags

.if defined(PORTNAME) && ${PORTNAME} == imp3

# Don't require an IMAP server to exist on this machine

WITHOUT_IMAPSERVER=yes

# imp3

.endif



.if defined(PKGNAMEPREFIX) && ${PKGNAMEPREFIX} == p5-

# this is a context for (hopefully) all perl5 modules

MAKE_ARGS+= UNINST=1

#.error the var = ${CONFIGURE_ENV}

.endif

# p5- modules

.endif # End of VNIAFTERPORTMK

Posted by 0xFF3300 at 01:13 PM | Comments (2) | TrackBack

February 08, 2004

Bacula: Cross-Platform Client-Server Backups

When looking for a decent backup solution for my FreeBSD server I came across Bacula: Cross-Platform Client-Server Backups by Dan Langille -- Bacula may not be the first name that comes to mind when you think of open source backup software. Dan Langille claims it's effective and useful, despite the odd name. He describes configuration and usage across multiple platforms and hardwares.

Posted by 0xFF3300 at 07:09 PM | Comments (1) | TrackBack

February 01, 2004

Installing MIMEDefang from FreeBSD Ports

MIMEDefang is a milter ("mail filter") that can be used with sendmail to filter incoming e-mail during the SMTP conversation. It's installation and configuration are well documented at the MIMEDefang web site(http://www.mimedefang.org/), and includes a very helpful HOWTO. This document consists primarily of notes and observations from installing MIMEDefang on FreeBSD.

Notes on Installing MIMEDefang from the FreeBSD Ports Collection

Posted by 0xFF3300 at 07:21 PM | Comments (0) | TrackBack

SpamAssassin + sendmail

With Sendmail, Spamassassin can be called for every user by editing /etc/procmailrc . More details at http://www.stearns.org/doc/spamassassin-setup.current.html#sitewide
An alternative is to use the smtp-vilter high-performance content filter using the sendmail milter API which has a backend for Spamassassins spamd. More details at http://www.etc.msys.ch/software/smtp-vilter/

IntegratedInMta - SpamAssassin Wiki

Posted by 0xFF3300 at 07:15 PM | Comments (2) | TrackBack

January 16, 2004

Upgrading FreeBSD Ports with portupgrade

Most new and novice FreeBSD users do not yet take advantage of portupgrade. Here's 3 good articles to tell you how:

Got ports? Here is THE way to upgrade them!

portupgrade by Dru Lavigne -- One of FreeBSD's biggest benefits is its ports collection. Perhaps the most important ports utility is portupgrade. Dru Lavigne demonstrates how you can get the most out of your ports collection.

From the good 'ol manual Installing Applications: Packages and Ports

Posted by 0xFF3300 at 07:30 AM | Comments (1) | TrackBack

December 24, 2003

Upcoming FreeBSD 5.2 Release

"[FreeBSD].org on Tuesday offered Release Candidate 5.2. The group is prepping a final candidate due in January. A new test version of the FreeBSD open-source Unix operating system was announced on Tuesday by Scott Long of the FreeBSD Release Engineering Team. "

Still running rock-solid FreeBSD 4.6 (Yes, the text you are reading is being served via FreeBSD), until there's reason, a way will also become apparent for the upgrade. For more information, view the Serial FreeBSDReleaseInfo Wiki

Posted by 0xFF3300 at 11:51 PM | Comments (2)

Serial: Java .Net Mono FreeBSD Erlang

Covering Java and .Net software development, FreeBSD and other fun nerdy stuff. On a technical documentation mission.