Archive for August, 2010

rkhunter {freebsd}

Posted: August 18, 2010 in Freebsd

Install rootkit hunter on freebsd

bsd# pkg_add -r rkhunter

It will install rkhunter and issued this command

bsd# echo ‘daily_rkhunter_check_enable=”YES”‘ >> /etc/periodic.conf

bsd# echo ‘daily_rkhunter_update_enable=”YES”‘ >> /etc/periodic.conf

it should run as a deamon..

Advertisements

Forward root mail from localhost to your gmail or whatever …

*nix server always sent email about cron or anything than you have to read it. but how …

ssh and issued this command

bsd# mail

than you can read your email. but if you wanna forward your email to gmail or yahoo or whatever.

bsd# cd /etc

bsd# pico aliases

put you email on..

# Pretty much everything else in this file points to “root”, so
# you would do well in either reading root’s mailbox or forwarding
# root’s email from here.
# root: YOUREMAILHERE@gmail.com
than issued this command
bsd# /usr/bin/newaliases
* than you will get your copy of root email.

Install phpmyadmin {freebsd}

Posted: August 5, 2010 in Freebsd

How to install phpmyAdmin on freebsd?

1. Install apache & mysql-server

ko cari sendiri lah .. dont play2..!!

mat salleh cakap..

ask my uncle G.. here GGG

https://panaharjuna.wordpress.com/2009/12/10/freebsd-install-apache2-php5-mysql/

2. install phpmyadmin

bsd# cd /usr/ports/databases/phpmyadmin/

bsd# make install clean

3. phpmyadmin and apache

bsd# pico /app/apache22/httpd.conf

{i always make /usr/local/etc/ symlick to /app <– ln -s /usr/local/etc/ /app}

add this

####################################

Alias /phpmyadmin /usr/local/www/phpMyAdmin

<Directory “/usr/local/www/phpMyAdmin”>

Order allow,deny

Allow from all

</Directory>

####################################

4. Config.inc.php

bsd# pico /usr/local/www/phpMyAdmin/config.inc.php

########################################

<?php

/*

* Generated configuration file

* Generated by: phpMyAdmin 3.3.5 setup script by Piotr Przybylski <piotrprz@gmail.com>

* Date: Fri, 06 Aug 2010 01:19:44 +0800

*/

/* Servers configuration */

$i = 0;

/* Server: localhost [1] */

$i++;

$cfg[‘Servers’][$i][‘verbose’] = ”;

$cfg[‘Servers’][$i][‘host’] = ‘localhost’;

$cfg[‘Servers’][$i][‘port’] = ”;

$cfg[‘Servers’][$i][‘socket’] = ”;

$cfg[‘Servers’][$i][‘connect_type’] = ‘tcp’;

$cfg[‘Servers’][$i][‘extension’] = ‘mysqli’;

$cfg[‘Servers’][$i][‘auth_type’] = ‘cookie’;

$cfg[‘Servers’][$i][‘user’] = ”;

$cfg[‘Servers’][$i][‘password’] = ”;

/* End of servers configuration */

$cfg[‘DefaultLang’] = ‘en-utf-8’;

$cfg[‘blowfish_secret’] = ‘bilamanaWindowSe7enjadiFIREwall’;

$cfg[‘ServerDefault’] = 1;

$cfg[‘UploadDir’] = ”;

$cfg[‘SaveDir’] = ”;

?>

########################################

5. Restart apache22 !!!

pandai2 lah ko nak restart!!!

bsd# /app/rc.d/apache22 restart

6. ABIS DAHH!!!!

Enable home directory on apache2

This guide is based on apache22 freebsd

bsd#cd  /usr/local/etc/apache22/

bsd# pico httpd.conf

search for # User home directories and remove #

before

#—————————————————————

# User home directories
#Include etc/apache22/extra/httpd-userdir.conf
#—————————————————————

After

#—————————————————————

# User home directories
Include etc/apache22/extra/httpd-userdir.conf
#—————————————————————

and configure the httpd-userdir.conf

bsd# cd  /usr/local/etc/apache22/extra/

bsd# pico httpd-userdir.conf

#############################################

<Directory “/home/change_me/public_html”>

AllowOverride FileInfo AuthConfig Limit Indexes

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

<Limit GET POST OPTIONS>

Order allow,deny

Allow from all

</Limit>

<LimitExcept GET POST OPTIONS>

Order deny,allow

Deny from all

</LimitExcept>

</Directory>

## cgi-bin

<Directory “/home/change_me/cgi-bin”>

Options +ExecCGI

</Directory>

#############################################

bsd# cd /home/change_me/

make folder for web

bsd# mkdir public_html

bsd# mkdir cgi-bin

add user to group www

bsd# pw useradd change_me -G www

chown folder to new user and group

bsd# chown change_me:www public_html/  cgi-bin/

bsd# /usr/local/etc/rc.d/apache22 restart

test your web using

http://your_domain.com/~change_me/

if your dont trust your friend “change_me” than please use freebsd_ jail

Freebsd pppoe server + gateways

I have been searching and asking my uncle big “G”…. there is no proper tutorial about pppoe on freebsd.

And for that i have to note this for me and for anybody there who needed.

No kernel configuration is necessary for PPPoE any longer ( freebsd 7 and 8)

1. Setting up ppp.conf

bsd# pico ppp.conf

##################################################################
# ——————————
# This script base on MaUi^ http://staff.MyBSD.org.my/maui
# ——————————
default:
# ——————————
# to allow user menu dial the connection
# allow users menu
# ——————————
# add default gateway when connected
add default HISADDR
# ——————————
# to enable NAT for sharing internet with other pc
nat enable yes
# ——————————
# enable dcc send from client behind the gateway
nat same_ports yes
nat use_sockets yes
# ——————————
# to see connection error/link/speed : tail -f /var/log/ppp.log
set log phase tun connect
# ——————————
# redirect port from otherside to local machine,
# nat port tcp <target ip:port> <port on tun0>
# nat port tcp 192.168.1.1:80 8080
# nat port tcp 192.168.1.1:21 2121
# ——————————
# auto update with the isp nameserver in /etc/resolv.conf
# enable dns
# or define disable dns
disable dns
# or used other dns server
# set dns 127.0.0.1
# ——————————
# Other, not really needed
# enable pap
# disable lqr
# deny lqr
# disable pred1
# deny pred1
# ——————————
# ADSL Connection label (ppp over ethernet/PPPoE)
adsl:
# ——————————
# rl1 is a network interface for ppp over ethernet, change to your network device.
# if you get unstable connection or always disconnected,
# put a dummy ip on rl1 (on-fly change, temp!) : ifconfig rl1 0.0.0.0 mtu 1492
# put in rc.conf to save : ifconfig_rl1=”0.0.0.0 mtu 1492
set device PPPoE:rl1 # <—– change to your interface
# ——————————
enable lqr
set cd 5
set dial
set login
set redial 0 0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
# ——————————
# enter your login name and password!
set authname loginname@isp
set authkey yourpassword
# ——————————
##################################################################

2. Running ppp

bsd# ppp -ddial label  ##(exp : ppp -ddial adsl)

3. Starting ppp on boot

bsd# pico /etc/rc.conf

##########################################

# User ppp configuration.

ppp_enable=”YES” # Start user-ppp (or NO).

ppp_program=”/usr/sbin/ppp” # Path to user-ppp program.

ppp_mode=”ddial” # Choice of “auto”, “ddial”, “direct” or “dedicated”.

ppp_nat=”YES” # Use PPP’s internal network address translation or NO.

ppp_profile=”change me” # Which profile to use from /etc/ppp/ppp.conf.

##########################################

4. Install squid

bsd# pkg_add -r squid

please see squid.conf on https://panaharjuna.wordpress.com/2010/07/17/squid-for-freebsd-thanks-to-maui/

5. Set up ipnat.rules

bsd# pico /etc/ipnat.rules

#############################

# RDR RULES!!

# Transparent proxy:

# change nfe0 to your interface

rdr nfe0 0/0 port 80 -> 127.0.0.1 port 31288 tcp

#######################################

6. Set up ipf firewall

bsd# pico /etc/ipf.rulse

#######################################

# ipfilter rules for transparent cache (change nfe0 to whatever NIC you use)

## Allow ALL , loopback

pass in on lo0 all

pass out on lo0 all

## Allow ALL, nfe0

pass in on nfe0 all

pass out on nfe0 all

#######################################

7. Boot time

bsd# pico /etc/rc.conf

######################

#IPFILTER enabled

ipfilter_enable=”YES”

ipfilter_program=”/sbin/ipf”

ipfilter_rules=”/etc/ipf.rules”

ipfilter_flags=””

#IPNAT enabled

ipnat_enable=”YES”‘

ipnat_rules=”/etc/ipnat.rules”

ipmon_enable=”/sbin/ipf”

ipfs_enable=”/sbin/ipf”

######################

last thing to do is

REBOOT!!!!

bsd# reboot

Extreme Performance freebsd

Posted: August 1, 2010 in Freebsd

These tunings may not be appropriate for all situations, so use your head.

put in /etc/sysctl.conf

############### Common ###############
net.inet.ip.ttl=255
security.bsd.see_other_uids=0
# net.inet.icmp.icmplim=50
# net.inet.tcp.msl=7500
kern.ipc.somaxconn=32768
# kern.ipc.somaxconn=1024
kern.maxfiles=65536
net.inet.ip.forwarding=1
#net.inet.ip.fastforwarding=1
#kern.ipc.nmbclusters=51200
kern.coredump=0
# Device Polling sysctl options
# kern.polling.enable=1
# kern.polling.user_frac=50
# net.inet.icmp.drop_redirect=1
# net.inet.icmp.log_redirect=1
# net.inet.ip.redirect=0
# net.inet.ip.sourceroute=0
# net.inet.ip.accept_sourceroute=0
# net.inet.icmp.bmcastecho=0
# net.inet.icmp.maskrepl=0
# net.inet.ip.portrange.first=10024
#######################################
#######################################
#### Extreme speed!!! beware!! ####
# net.inet.tcp.sendspace=196605
# net.inet.tcp.recvspace=196605
# Normal Value #
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
# net.inet.tcp.recvspace=64240

#######################################

# Disable sending back RST packet for unopened port #

#net.inet.tcp.blackhole=2

#net.inet.udp.blackhole=1

#######################################