Category Archives: Unix

Unix

Setting time in FreeBSD with date()

December 14, 2007 – 7:11 am

doh, installing perl returning error

when I see it’s message, principally tell about time

let’s check :

pctjambi# date

Tue Jan  1 16:03:23 WIT 2002

need quick action to fix it.

pctjambi# date 0712141357

Fri Dec 14 13:57:00 WIT 2007

explanation :

date yymmddhhss

07 = year 2007

mm = month 12

dd = day 14

hh = hour 13

ss = minute 57

try again installing and it work smoothly icon smile Setting time in FreeBSD with date()

 

Tags | Permalink | Comments Off
Unix

INDEX-6 and FreeBSD

December 13, 2007 – 2:38 pm

I’m FreeBSD addict, use ports everyday and can’t live without port icon smile INDEX 6 and FreeBSD

Today, one of our server don’t seem hit firewall restriction and I nothing I can do .

I see INDEX-6 everytime I try to issue command : make fetchindex but nothing show up.

After scp INDEX-6 from other server I can update the ports.

ftp# cd /usr/ports
ftp# make fetchindex

^Cfetch: transfer interrupted

ftp# portversion -v | grep ‘<’

Fetching the ports index …
^Cfetch: transfer interrupted
failed to fetch INDEX!
Updating the ports index … failed to generate INDEX!
index generation error
database file error

mail# scp /usr/ports/INDEX-6 mother@172.88.1.3:/home/mother

Password:
INDEX-6
                100%   22MB  21.8MB/s   00:00

ftp# pwd

/usr/ports

ftp# mv /home/mother/INDEX-6 /usr/ports/
ftp# portversion -v | grep ‘<’

[Updating the portsdb <format:bdb_btree> in /usr/ports ... - 17745 port
entries found
.........1000.........2000....

.....3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........

11000.........12000.........13000.........14000.........15000.........16000.........17000.......
..... done]
mysql-client-5.0.45_1       <  needs updating (port has 5.0.51)
mysql-server-5.0.45_1       <  needs updating (port has 5.0.51)
phpMyAdmin-2.11.2.1         <  needs updating (port has 2.11.2.2)
png-1.2.22                  <  needs updating (port has 1.2.23)
rsync-2.6.9_1               <  needs updating (port has 2.6.9_2)
ruby-1.8.6.111,1            <  needs updating (port has 1.8.6.111_1,1)
squid-2.6.16                <  needs updating (port has 2.6.17)
ftp#

great, I can see listing ports needed to update icon smile INDEX 6 and FreeBSD

Tags | Permalink | Comments Off
Linux Unix Web Server

Learning .htaccess : 101 way

November 22, 2007 – 12:57 pm

My friend got suprised when he see login page on phpmyadmin. It’s not usual form for login as he used to login for.

Well, another postfixadmin admin page also show login page. He ask  me to list all tutorial around .htaccess to show for his learning study.

Like I did in Cisco Lab Topology, Cisco Resources or Ipfw Resources , I think I search google too for existing tutorial, Learning On Demand rules icon smile Learning .htaccess : 101 way

Here’s what I found so far :

  1. .htaccess Tips and Tricks  part I creating this hidden file in the root folder (or any sub folder) of your website, it is possible to set/unset almost all the server directives that can be set in the apache main configuration file. And these changes will take effect only for the root folder in which you created the file and its sub folders. Thus .htaccess file plays an important role in providing fine-grained control to an individual managing a website without giving blanket control of the web server.
  2. .htaccess Tips and Tricks  part II, the arcane mysteries of URL rewriting.
  3. Hotlink test for image, find out if your .htaccess protect your images.
  4. Setting Up .htaccess, htaccess can be used in co-ordination with the Apache web server to password protect certain files and directories on your web server.
  5. .htaccess file generator, create .htaccess file online.
  6. How to Configure Your Website Using Htaccess in Linux with Apache, .htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.
  7. HOWTO php.ini overrides with .htaccess,
    in smaller environments where there are only a few developers and a single product there is seldom a need for different values of a php.ini setting. however, depending on how esoteric some of the developers in your group are, or how many projects you have going simultaneously, or how many devs you have working on the same box or you have production and development running on the same box or whatever; you may at some point find a need to have different values for certain php.ini settings for different environments hosted on a single server. the good news is, if youre running apache, php has integrated support for this need.
    .htaccess overrides are especially attractive in shared hosting environments where there is a high likelihood different clients will want different settings for php.ini directives.
  8.  .htaccess Based Authentication On Subdirectories.

 

last update :  November 22 2007

Tags , | Permalink | Comments Off
Unix

101 FreeBSD Ipfw resources

November 18, 2007 – 3:47 am

"Which firewall do you like most in FreeBSD?", my friend ask me.

Hmmm….

Not sure, at first time I use ipfw and already put some collection of useful link, in my bookmark icon smile 101 FreeBSD Ipfw resources

Since pfsense use pf and freebsd itself include pf in native make me think to recall the link into of ipfw for this blog icon wink 101 FreeBSD Ipfw resources

  1. Ipfw FreeBSD handbook. More than enough, start from configuring, command, rule sets, examples.
  2. Firewall setup, howto secure and share a internet connection on FreeBSD with a stateful ipfw firewall rules, network address translation (NAT) daemon (natd) with a traffic shaping using dummynet to divide the bandwidth evenly betwain all clients.
  3. Invisible Bridging Firewalls Using ipfw and FreeBSD 4.x, this document is NOT an ipfw tutorial – it is simply a step by step guide to the installation of an invisible bridging
    firewall on the FreeBSD 4.x operating system.  Also included are methods to use this firewall in a non-invisible setting and
    some sample ipfw rules.
  4. FreeBSD Firewall Explained, howto setup a ipfw stateful firewall on FreeBSD with a simple ruleset and explain certain details, including natd interaction.
  5. Setting up a FreeBSD Wireless Access Point, this article describes how to set up an open wireless access point on FreeBSD 4.9 including the creation of a "captive portal" and bandwidth limiting using IPFIREWALL.
  6.  FreeBSD snort IDS installation, the steps for installing an IDS sensor on FreeBSD 5.4. This document contains the small differences between
    FreeBSD 5.4 and FreeBSD 6.0
  7. Walled Garden: FreeBSD + natd + ipfw + squid , overview of the steps it takes to create a Walled Garden using FreeBSD, natd, ipfw and squid.
  8. Mini tutorial: FreeBSD ipfw bandwidth rate limiting,
  9. Armoring FreeBSD, ipfw section.
  10. Asterisk firewall rules, This is an example on how to configure a FreeBSD IPFW firewall for Asterisk.
  11. WIPFW, WIPFW is a MS Windows operable version of IPFW for FreeBSD OS. You can use the same functionality and configure it as only you work with IPFW. IPFW is a packet filtering and accounting system which resides in the kernelmode, and has a user-land control utility, ipfw. Together, they allow you to define and query the rules used by the kernel in its routing decisions. There are two related parts to ipfw. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the router, based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the router is getting from a certain machine, or how much WWW traffic it is forwarding, for example.
  12. FreeBSD Dummynet, especially as a transparent bridge network impairment
  13. Ipfw-Advanced-Supplement-HOWTO
  14. Some Basic IPFW Rules to get you Started, This should cover basic IPFW rules. It will be enough to get your server running. #Only log 1000 lines, this is incase of DDoS so your machine is not
  15. Implementing Pushback: Router-Based Defense Against DDoS Attacks …
  16. ipfw Rules, a set of ipfw rules to customize for your own Macs or FreeBSD systems
  17. Help Build The Best IPFW Firewall Rules Sets Ever
  18. IPFW Configuration Help, The following is a ‘short list’ of the things that need to be accomplished to get ipfw running on your computer 
  19. Router with ipfw, Configure a router with FreeBSD.
  20. Firewall Builder, Object-oriented GUI and set of compilers for various firewall platforms. Currently implemented compilers for iptables, ipfilter, OpenBSD pf, ipfw, Cisco PIX firewall and routers access lists.
  21. A bare bones home firewall, this is a bare bones, protect-this-machine-only firewall and will work fine if you have no network behind your FreeBSD machine and no special needs.
  22. A fancy home firewall, If you’ve got a home network or are running any sort of network server that you want open to the internet.

I’ll add more link, maybe you can share your fav

Updated : November 22 2007

Tags , | Permalink | Comments (6)
Unix

zombie and defunct

November 16, 2007 – 2:59 pm

tp# top
last pid: 23639;  load averages:  0.00,  0.00,  0.00
                             up 13+06:57:13  13:53:54
65 processes:  1 running, 63 sleeping, 1 zombie
CPU states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Mem: 181M Active, 1535M Inact, 199M Wired, 79M Cache, 112M Buf, 4008K Free
Swap: 4096M Total, 88K Used, 4096M Free

wow, 1 zombie

first time I see this ‘zombie’

further work to see that zombie

ftp# ps -aux | grep Z
USER      PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root    24487  0.0  0.0     0     0  ??  Z     2:00PM   0:00.00 <defunct>

<defunct>

what was thta?

from here :

http://www.cts.wustl.edu/~allen/kill-defunct-process.html

Defunct processes are processes that have become corrupted in such a
way the no long can communicate (not really the right word, like
signal each other) with their parent or child process. So kill the
parent or child and 99% of the time (around here at least) the defunct
process will go away! No parent or child, your out of luck, or look
for a stuck automount.

Hmm….

Tags , | Permalink | Comment (1)
Unix

Problem with cvsup12, use other server

November 15, 2007 – 1:57 pm

When doing updating ports every 3 days I see this in this morning :

ftp# cvsup -g -L2 ports-supfile
Parsing supfile "ports-supfile"
Connecting to cvsup12.FreeBSD.org
Connected to cvsup12.FreeBSD.org
Server software version: SNAP_16_1h
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection ports-all/cvs
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/README,v": No such file or directory
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/delete,v": No such file or directory
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/dirlist,v": No such file or directory
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/files/usr/bin/uname,v": No such file or directory
……………………

Wow, after see my ports-supfile nothing changed :

*default host=cvsup12.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix

*default compress

ports-all

 

Hmmm….

Ok, try another server

ftp# cvsup -g -L2 ports-supfile -h cvsup10.freebsd.org
Parsing supfile "ports-supfile"
Connecting to cvsup10.freebsd.org
Connected to cvsup10.freebsd.org
Server software version: SNAP_16_1h
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection ports-all/cvs
 Checkout ports/audio/xmms2/files/patch-src_clients_lib_python_xmmsapi.pyx
 Edit ports/databases/mysql-query-browser/Makefile
  Add delta 1.10 2007.11.12.23.43.33 pav
 Edit ports/databases/oracle8-client/Makefile
  Add delta 1.4 2007.11.13.20.25.46 fjoe
 Edit ports/databases/oracle8-client/distinfo
  Add delta 1.3 2007.11.13.20.25.46 fjoe
 Edit ports/databases/py-tada/Makefile
  Add delta 1.5 2007.11.14.22.53.57 pav
…………………….

Fiuh, it seem problem occur in cvsup12.freebsd.org

I hope it will fix immediately

 

Tags , | Permalink | Comments Off
Unix

Pfsense : 1.2 Release Candidate 3 released!

November 8, 2007 – 3:09 pm

Pfsense 1.2-RC3 has been released! Here are just a few of the new improvements and features that have made their way into this new version:

  • IPSEC Carp rules cleanup
  • IPSEC stability worksarounds for > 150 tunnels
  • Only reload webConfiguration from System -> Advanced when cert changes
  • Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
  • Do not allow sticky connection bit to be set if pppoe is enabled. Ticket #1319
  • Disable firmware upgrade for embedded and cdrom and suggest using the console option to upgrade. Ticket #1433
  • Recompile MPD with MSS/dial-on-demand patches (also fixes idle timeout bug) Obtained-from: http://svn.m0n0.ch/wall/tags/release-1.3b3/build/patches/packages/mpd.patch
  • Fix CP not sending Acct-Session-Time to Radius during accounting update Ticket #1434
  • Work around heavy network activity issues. [20070116, update 20070212] Systems with very heavy network activity have been observed to have some problems with the kernel memory allocator. Symptoms are processes that get stuck in zonelimit state, or system livelocks. One partial workaround for this problem is to add the following line to /boot/loader.conf and reboot: kern.ipc.nmbclusters=”0″
  • Bump lighttpd to 1.4.18
  • Show wireless nodes regardless if we can deterimine BSS value.
  • IPSEC tunnel endpoint highlighting in system logs
  • Show the IPSEC interface as a option for the traffic graph.
  • Add RRD Settings page.
  • Make it possible to disable RRD graphs. Bump config so it’s on by default if it wasn’t already.
  • Correctly set reflection timeout for all protocols.
  • Restart snmp services after LAN IP changes Ticket #1453
  • Bump miniupnpd version to RC9 -add multiple interface support
  • Speedup ARP page by using diag_dhcp_leases.php page code for parsing the dhcpd.leases file
  • Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless card and a ethernet card on a laptop to share the same ip address
  • Do not allow DHCP server to be enabled when DHCP relay is enabled, and vice versa Ticket #1488
  • IPSEC keep alive pinger using the wrong source IP address Ticket #1482
  • Failover DHCP Server in 10 seconds as opposed to 60 seconds

1.2-RC3 will appear at a mirror near you very soon. Please let us know what you think on the forum or mailing list.

Update: more than half of the mirrors have these files now, if you try one that doesn’t have the files, try another. They’ll all be updated within 24 hours.

Location for download : Loquefaltaba

Permalink | Comments Off
Unix

ClamAV-clamd av-scanner FAILED

November 7, 2007 – 4:47 pm

Recent electric failure result make my mail server down. After reboot, doing fsck -y and so on. Restart again email still down.

After see the log, action taken to make mail server up as fast as I can.

mail# tail -f /var/log/maillog

Nov  7 08:01:18 mail postfix/smtpd[6714]: lost connection after RCPT from 125-26-188-139.adsl.totbb.net[125.26.188.139]
Nov  7 08:01:18 mail postfix/smtpd[6714]: disconnect from 125-26-188-139.adsl.totbb.net[125.26.188.139]

Nov  7 08:01:19 mail postfix/smtpd[6693]: disconnect from mx42.publicitycountry.com[66.90.82.42]
Nov  7 08:01:20 mail amavis[6519]: (06519-02) ClamAV-clamd av-scanner FAILED: Too many retries to talk to

/var/run/clamav/clamd (Can’t connect to UNIX socket

/var/run/clamav/clamd: Permission denied) at (eval 56) line 257.
Nov  7 08:01:20 mail amavis[6519]: (06519-02) WARN: all primary virus scanners failed,

considering backups
Nov  7 08:01:20 mail postfix/smtpd[6647]: connect from

mx42.publicitycountry.com[66.90.82.42]
Nov  7 08:01:21 mail postfix/smtpd[6711]: warning: 133.23.189.81.list.dsbl.org: RBL lookup

error: Host or domain name not found. Name service error for

name=133.23.189.81.list.dsbl.org type=A: Host not found, try again
Nov  7 08:01:21 mail amavis[6544]: (06544-02) ClamAV-clamd av-scanner FAILED: Too many

retries to talk to /var/run/clamav/clamd (Can’t connect to UNIX socket

/var/run/clamav/clamd: Permission denied) at (eval 56) line 257.
Nov  7 08:01:21 mail amavis[6544]: (06544-02) WARN: all primary virus scanners failed,

considering backups
Nov  7 08:01:22 mail postfix/smtpd[6711]: DC0E24112DF:

client=dsl-23-133.utaonline.at[ 81.189.23.133]
Nov  7 08:01:22 mail postfix/smtpd[6711]: lost connection after RCPT from

dsl-23-133.utaonline.at[81.189.23.133]
Nov  7 08:01:22 mail postfix/smtpd[6711]: disconnect from

dsl-23-133.utaonline.at[81.189.23.133]

try to start manually.

mail# /usr/local/etc/rc.d/clamav-clamd restart

clamav_clamd not running? (check /var/run/clamav/clamd.pid).
Starting clamav_clamd.

mail# /usr/local/etc/rc.d/clamav-clamd restart
clamav_clamd not running? (check /var/run/clamav/clamd.pid).
Starting clamav_clamd.

Change ownership of clamav to vscan


mail# chown vscan:vscan clamav
mail# ls -l
total 36
-rw——-  1 root   wheel       0 Nov  7 04:11 accept.lock.967
drwxr-x—  2 vscan  vscan     512 Nov  7 07:59 clamav

mail# /usr/local/etc/rc.d/clamav-clamd restart

clamav_clamd not running? (check /var/run/clamav/clamd.pid).
Starting clamav_clamd.

testing

mail# /usr/local/etc/rc.d/clamav-clamd restart
Stopping clamav_clamd.
Waiting for PIDS: 7074.
Starting clamav_clamd.

mail# chown vscan:vscan /var/log/clamav/clamd.log
mail# chown vscan:vscan /var/log/clamav/freshclam.log
mail# /usr/local/etc/rc.d/clamav-clamd restart
Stopping clamav_clamd.
Waiting for PIDS: 7092.
Starting clamav_clamd.
mail# /usr/local/etc/rc.d/clamav-freshclam restart
clamav_freshclam not running? (check /var/run/clamav/freshclam.pid).
Starting clamav_freshclam.

mail# /usr/local/sbin/amavisd start

Done, permission error.

Once again in server icon smile ClamAV clamd av scanner FAILED

Log is your friend.

Permalink | Comments Off
Unix

FreeBSD 7.0 beta2 and 6.3 Beta1

November 4, 2007 – 3:50 pm

The 7.0-BETA2 builds have completed and are on many of the FreeBSD
mirror sites. If you want to update an existing machine using cvsup use
RELENG_7 as the branch tag. Instructions on using FreeBSD Update to
perform a binary upgrade from FreeBSD 6.x to 7.0-BETA2 will be provided
via the freebsd-stable list when available.
Download for i386 :

7.0 Beta2

Tags | Permalink | Comments Off
Unix

In Memoriam: Jun-ichiro Hagino

October 31, 2007 – 12:35 pm

Subject: In Memoriam: Jun-ichiro Hagino
Date: Tue, 30 Oct 2007 14:10:58 -0700
From: Dragos Ruiu <dr@kyx.net>
Organization: All Terrain Ninjas
To: bugtraq@securityfocus.com

With great sadness, I regret to inform you that Itojun
will not be presenting his great knowledge of IPv6 at
PacSec. I have been informed by several sources
that he passed away yesterday.

Funeral services will be held on Nov 7th at Rinkai-Saijo
in Tokyo. There aren’t many details of his passing,
so please let his family and relatives mourn in peace
for now. My heartfelt condolances go out to them,
and all of his many friends.

I knew Itojun as one of the smartest and kindest people
I have ever met. He helped everyone around him. He
graciously hosted and assisted many foreigners new
to Japan at the PacSec conferences, and was a good
friend to all. He would go to extraordinary lengths to
help anyone around him. We will all miss him – and
his work on IPv6 will continue to help us for a long
time..

He once said to me, "When a professional race car
driver races, his pulse gets lower and he relaxes.
When I code it is the same thing." I’ll miss him
driving around in his prized Fiat 500… and I hope
we can all proceed to help fix our V6 networks
without his gentle and insistent coaching.

We will announce a replacement talk shortly.

If you knew or respected him, he would have
wanted any energy you put towards grief to
be spent on speeding the adoption and the
robustness of the version 6 internet which
he devoted so much of his extraordinary
life to.

Some more information in Japanese
at http://www.hoge.org/~koyama/itojun.txt

May he rest in peace,
–dr


World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 29/30 – 2007 http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

Permalink | Comments Off
Unix

sysctl: kern.ipc.nmbclusters: Invalid argument

October 30, 2007 – 11:28 am

After read this article I try to practice in other server that has gigabit ethernet card .

I have download opensuse 10.3 in Gnome and KDE version and use it as sample stuff for sending via scp.

sending before tuning :

monitor# scp openSUSE-10.3-GM-GNOME-i386.iso mother@172.88.1.3:/home/mother
Password:
openSUSE-10.3-GM-GNOME-i386.iso                                                             100%  665MB  10.2MB/s   01:05

ftp# sysctl kern.ipc.maxsockbuf=262144

ftp# sysctl net.inet.tcp.sendspace=65536

ftp# sysctl net.inet.tcp.recvspace=65536

ftp# sysctl net.inet.tcp.rfc1323=1

monitor# scp openSUSE-10.3-GM-GNOME-i386.iso mother@172.88.1.3:/home/mother
Password:
openSUSE-10.3-GM-GNOME-i386.iso                                                             100%  665MB  10.4MB/s   01:04

tuning the values in ‘mother’

====================================================
testing transfer data to ‘mother’

monitor# ls
openSUSE-10.3-GM-GNOME-i386.iso openSUSE-10.3-GM-KDE-i386.iso
monitor# scp openSUSE-10.3-GM-GNOME-i386.iso mother@172.88.1.3:/home/mother
Password:
openSUSE-10.3-GM-GNOME-i386.iso                                                             100%  665MB  10.4MB/s   01:04

====================================================

tuning the values to monitor
monitor# sysctl kern.ipc.maxsockbuf=262144
kern.ipc.maxsockbuf: 262144 -> 262144
monitor# sysctl net.inet.tcp.sendspace=65536
net.inet.tcp.sendspace: 32768 -> 65536
monitor# sysctl net.inet.tcp.recvspace=65536
net.inet.tcp.recvspace: 65536 -> 65536

testing again ::

monitor# scp openSUSE-10.3-GM-GNOME-i386.iso mother@172.88.1.3:/home/mother
Password:
openSUSE-10.3-GM-GNOME-i386.iso                                                             100%  665MB  10.2MB/s   01:05o

speed decrease? from 10.4 to 10.2  MB/s with same time.

when I try this

ftp# sysctl kern.ipc.nmbclusters=32768
kern.ipc.nmbclusters: 33792
sysctl: kern.ipc.nmbclusters: Invalid argument

Gee, I must read sysctl manual first before try again icon smile sysctl: kern.ipc.nmbclusters: Invalid argument

Permalink | Comments Off

« Previous PageNext Page »

« Previous PageNext Page »