Archive for July, 2010

freebsd command

Posted: July 29, 2010 in Freebsd

System

Running kernel and system information

# uname -a # Get the kernel version (and BSD version)

# uptime # Show how long the system has been running + load

# hostname # system’s host name

# hostname -i # Display the IP address of the host. (Linux only)

# man hier # Description of the file system hierarchy

# last reboot # Show system reboot history

Hardware Informations

Kernel detected hardware

# sysctl hw.model # CPU model

# sysctl hw # Gives a lot of hardware information

# sysctl vm # Memory usage

# dmesg | grep “real mem” # Hardware memory

# sysctl -a | grep mem # Kernel memory settings and info

# sysctl dev # Configured devices

# pciconf -l -cv # Show PCI devices

# usbdevs -v # Show USB devices

# atacontrol list # Show ATA devices

# camcontrol devlist -v # Show SCSI devices

Load, statistics and messages

The following commands are useful to find out what is going on on the system.

# top # display and update the top cpu processes

# mpstat 1 # display processors related statistics

# vmstat 2 # display virtual memory statistics

# iostat 2 # display I/O statistics (2 s intervals)

# systat -vmstat 1 # BSD summary of system statistics (1 s intervals)

# systat -tcp 1 # BSD tcp connections (try also -ip)

# systat -netstat 1 # BSD active network connections

# systat -ifstat 1 # BSD network traffic through active interfaces

# systat -iostat 1 # BSD CPU and and disk throughput

# tail -n 500 /var/log/messages # Last 500 kernel/syslog messages

# tail /var/log/warn # System warnings messages see syslog.conf

Users

# id # Show the active user id with login and group

# last # Show last logins on the system

# who # Show who is logged on the system

# groupadd admin # Add group “admin” and user colin (Linux/Solaris)

# useradd -c “Colin Barschel” -g admin -m colin

# usermod -a -G <group> <user> # Add existing user to group (Debian)

# groupmod -A <user> <group> # Add existing user to group (SuSE)

# userdel colin # Delete user colin (Linux/Solaris)

# adduser joe # FreeBSD add user joe (interactive)

# rmuser joe # FreeBSD delete user joe (interactive)

# pw groupadd admin # Use pw on FreeBSD

# pw groupmod admin -m newmember # Add a new member to a group

# pw useradd colin -c “Colin Barschel” -g admin -m -s /bin/tcsh

# pw userdel colin; pw groupdel admin

add user to root

pw usermod XXXX -G wheel

No login

# echo “Sorry no login now” > /var/run/nologin # (FreeBSD)

Per user/process

Login users and applications can be configured in /etc/security/limits.conf. For example:

# cat /etc/security/limits.conf

* hard nproc 250 # Limit user processes

asterisk hard nofile 409600 # Limit application open files

System wide

Kernel limits are also set with sysctl. Permanent limits are set in /etc/sysctl.conf or /boot/loader.conf. The syntax is the same as Linux but the keys are different.

# sysctl -a # View all system limits

# sysctl kern.maxfiles=XXXX # maximum number of file descriptors

kern.ipc.nmbclusters=32768 # Permanent entry in /etc/sysctl.conf

kern.maxfiles=65536 # Typical values for Squid

kern.maxfilesperproc=32768

kern.ipc.somaxconn=8192 # TCP queue. Better for apache/sendmail

# sysctl kern.openfiles # How many file descriptors are in use

# sysctl kern.ipc.numopensockets # How many open sockets are in use

# sysctl -w net.inet.ip.portrange.last=50000 # Default is 1024-5000

# netstat -m # network memory buffers statistics

SysV

# /etc/rc.d/sshd status

sshd is running as pid 552.

# shutdown now # Go into single-user mode

# exit # Go back to multi-user mode

# shutdown -p now # Shutdown and halt the system

# shutdown -r now # Reboot

Reset root password

FreeBSD

On FreeBSD, boot in single user mode, remount / rw and use passwd. You can select the single user mode on the boot menu (option 4) which is displayed for 10 seconds at startup. The single user mode will give you a root shell on the / partition.

# mount -u /; mount -a # will mount / rw

# passwd

# reboot

Unixes and FreeBSD and Linux

Other Unixes might not let you go away with the simple init trick. The solution is to mount the root partition from an other OS (like a rescue CD) and change the password on the disk.

* Boot a live CD or installation CD into a rescue mode which will give you a shell.

* Find the root partition with fdisk e.g. fdisk /dev/sda

* Mount it and use chroot:

# mount -o rw /dev/ad4s3a /mnt

# chroot /mnt # chroot into /mnt

# passwd

# reboot

Kernel modules

# kldstat # List all modules loaded in the kernel

# kldload crypto # To load a module (here crypto)

Compile Kernel on FreeBSD

Posted: July 20, 2010 in Freebsd

I have to blog this;

How To Compile kernel on FreeBSD i386

bsd# cd /usr/src/sys/i386/conf/

bsd# cp GENERIC MYBSD

bsd# pico MYBSD

add this for new kernel

# Squid Enhance
options UFS_ACL
options MAC
options AUDIT
options DEVICE_POLLING
options HZ=1000
options MAXDSIZ=”(1380*1024*1024)”
options DFLDSIZ=”(1380*1024*1024)”
options MAXSSIZ=”(1024*1024*1024)”
# Firewall using pf
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ
options ALTQ_NOPCC
device pf
device pflog
device pfsync
# Firewall using ipf
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK

save MYBSD ctrl + o and ctrl + x

bsd# /usr/sbin/config MYBSD

bsd# cd ../../compile/MYBSD

bsd# make depend && make && make install

bsd# reboot

after reboot your new kernel will load

################################################################

If problem load new kernel and you want to load old kernel

just push the space bar when loading the time.

unload all

load /kernel.old or load /kernel.GENERIC/

boot

than it will boot on old kernel.

I have found problem with this message on sixcybercafe.

“This server/ firewall made by the most malaysian Freebsd otai MaUI.” <— sorry MaUI kawe kacau seber demo. ;p

Panic: ffs_mapsearch, “ffs_alloccg: map corrupted”

Search the solutions on internet and i found it.

I you get this problem than what you need to do is

boot on single mod or enter #4 and let the freebsd boot .

after that issude this command

# fsck -y -f

let it done his job.

boot the server and WALLA it’s done.

TmNet DNS servers

202.188.1.5
202.188.0.133
202.188.1.4
202.188.0.132

Jaring DNS servers

192.228.128.20
192.228.128.18
192.228.128.16
161.142.227.17
61.6.38.139
161.142.2.17
161.142.212.17

TimeNet DNS servers

203.121.16.85
203.121.16.120

Open DNS  Server (overseas)

208.67.222.222
208.67.220.220

add from

http://blog.datakl.com/2009/05/dns-isp/

Thanks to SiXtoSiX Cyber Cafe.

If some want to use this squid.conf please use you “BRAIN” to reconfigure

This script is for guide only.

# Transparent Proxy : Squid 2.7 use “transparent”, Squid 3 use “intercept”.
http_port 44445 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
memory_replacement_policy heap GDSF
#memory_replacement_policy lru
cache_replacement_policy lru
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
cache_dir ufs /maui1/squid_cache 2500 16 256
cache_access_log /var/log/squid.log
#cache_log /var/log/squid.log
#cache_store_log /var/log/squid.log
#cache_access_log /dev/null
cache_log /dev/null
cache_store_log /dev/null
log_ip_on_direct off
pid_filename /usr/local/squid/logs/squid.pid
client_netmask 255.255.255.0
ftp_user XXXXXX
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
dns_nameservers 127.0.0.1 83.170.64.2 8.8.8.8
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet0 src 192.168.1.0/255.255.255.0
acl acsnet0 src 63.87.170.71/255.255.255.255
acl acsnet1 src 58.26.12.35/255.255.255.255
acl tmnet0 src 60.0.0.0/255.0.0.0
acl tmnet1 src 203.0.0.0/255.0.0.0
acl tmnet2 src 124.0.0.0/255.0.0.0
acl tmnet3 src 118.0.0.0/255.0.0.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 82          # torrent
acl Safe_ports port 83          # webui
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access allow localnet0
http_access allow acsnet0
http_access allow acsnet1
#http_access allow tmnet0
#http_access allow tmnet1
#http_access allow tmnet2
#http_access allow tmnet3
http_access deny all
http_access allow Safe_ports
http_access deny !Safe_ports
http_access allow SSL_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all
reply_header_max_size 20 KB
reply_body_max_size 0 allow all
# —– user-agent spoofing
# —– bypass tmnet international torrent tracker/seeder block
header_access User-Agent deny all
# —– Firefox 3 on X11 FreeBSD user-agent string
#header_replace User-Agent Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.10) Gecko/2009060215 Firefox/3.0.11
# —– Firefox 3.5 on X11 FreeBSD user-agent string
#header_replace User-Agent Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.10) Gecko/20090624 Firefox/3.5
# —– Firefox 3.5.5 on X11 FreeBSD user-agent string
header_replace User-Agent Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
# —– Firefox 3 on Windows XP
#header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
# —– Firefox 3.5 on Windows XP
#header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
# —– Firefox 3.5 on Windows Vista
#header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
# —– IE7 on Windows XP
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
# —– IE7 on Windows Vista user-agent string
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
# —– IE8 on Windows Vista user-agent string
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
# —– IE8 on Windows 7 user-agent string
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
# —– end of user-agent spoofing
cache_mgr starbucks.mine.nu
cache_effective_user squid
cache_effective_group squid
client_db off
maximum_single_addr_tries 3
coredump_dir /usr/local/squid/cache
pipeline_prefetch off
request_entities off
request_body_max_size 0 KB
ie_refresh off
# to disable/bypass caching, only proxy.
# cache deny all

# Facebook cache { thanks to MaUi}

server_http11 on

thanks to Red Antigua

# Modify /etc/rc.conf
echo ‘# IPFILTER enabled’ >> /etc/rc.conf
echo ‘ipfilter_enable=”YES”‘ >> /etc/rc.conf
echo ‘ipfilter_program=”/sbin/ipf”‘ >> /etc/rc.conf
echo ‘ipfilter_rules=”/etc/ipf.rules”‘ >> /etc/rc.conf
echo ‘ipfilter_flags=””‘ >> /etc/rc.conf
echo ‘# IPNAT enabled’ >> /etc/rc.conf
echo ‘ipnat_enable=”YES”‘ >> /etc/rc.conf
echo ‘ipmon_enable=”/sbin/ipf”‘ >> /etc/rc.conf
echo ‘ipfs_enable=”/sbin/ipf”‘ >> /etc/rc.conf
# ipfilter rules for transparent cache (change fxp0 to whatever NIC you use)
echo ‘## Allow ALL , loopback’ > /etc/ipf.rules
echo ‘pass in on lo0 all’ >> /etc/ipf.rules
echo ‘pass out on lo0 all’ >> /etc/ipf.rules
echo ‘## Allow ALL, fxp0’ >> /etc/ipf.rules
echo ‘pass in on fxp0 all’ >> /etc/ipf.rules
echo ‘pass out on fxp0 all’ >> /etc/ipf.rules
# ipnat rule for transparent cache (change fxp0 to whatever NIC you use)
echo ‘## Redirect incoming TCP traffic port 80 on fxp0 to port 3128 (Squid)’ > /etc/ipnat.rules
echo ‘rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp’ >> /etc/ipnat.rules
# Recompile kernel with ipfilter support, increase the NMBCLUSTERS parameter
cd /sys/i386/conf
cp GENERIC IPFILTER
echo ‘options IPFILTER #ipfilter support’ >> IPFILTER
echo ‘options IPFILTER_LOG #ipfilter logging’ >> IPFILTER
echo ‘options NMBCLUSTERS=32768 #set max mbufs, check with netstat -m’ >> IPFILTER
/usr/sbin/config IPFILTER
cd ../../compile/IPFILTER
make depend
make
make install
reboot
# Squid as transparent cache
# Build
gunzip -c squid-2.5.STABLE6.tar.gz |tar -xf –
cd squid-2*
env CPPFLAGS=”-I/usr/src/sys/contrib/ipfilter/netinet” ./configure –prefix=/usr/local/squid –enable-ipf-transparent
# Build with WCCP support:
env CPPFLAGS=”-I/usr/src/sys/contrib/ipfilter/netinet” ./configure –prefix=/usr/local/squid –enable-ipf-transparent –enable-wccp
make all
make install
# Configure /usr/local/squid/etc/squid.conf:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Cache dir size (45000 = 45 GB in this example, don’t use more than half the partition size)
cache_dir ufs /usr/local/squid/var/cache 45000 16 256
#Max object size in memory
cache_mem 64 MB
#Max object size on disk
maximum_object_size 200000 KB
maximum_object_size_in_memory 128 KB
# Disable store.log
cache_store_log none
# The following line requires WCCP on your router redirecting the web traffic to Squid
wccp_router YOUR.ROUTER.IP.HERE
# Startup script
cp squid.sh /usr/local/etc/rc.d/squid.sh
chmod 755 /usr/local/etc/rc.d/squid.sh
# Log file permissions
chown -R nobody:nobody /usr/local/squid/var/logs
# Create cache
mkdir /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/cache
/usr/local/squid/sbin/squid -z
# If the following error:
# FATAL: Could not determine fully qualified hostname. Please set ‘visible_hostname’
# then edit squid.conf:
visible_hostname squid.YOURDOMAINHERE.com
# Start Squid
/usr/local/etc/rc.d/squid.sh start
# Web tools
– Install Apache, configure to run on port 8080
– Install rrdtool from ports, /usr/ports/net/rrdtool
– Install webalizer from ports, /usr/ports/www/webalizer, configure to use squid.conf and incremental log
# Cron jobs
# Run webalizer a quarter to midnight only, as during the day it affects the traffic
45 23 * * * /usr/local/bin/webalizer
# Rotate squid log file at 0:00 AM (midnight)
0 0 * * * /usr/local/squid/sbin/squid -k rotate

VIVA LA ESPANA !!!

Posted: July 8, 2010 in My live

German you make me sad… Argentina you make me cry…

VIVA LA ESPANA!!!