A celebration of the tweaks and customizations that make life easier at the CLI.
it appears that ${name}_umask will do the job. i.e. in my case syncthing_umask="0002" set in /etc/rc.conf (or /usr/local/etc/rc.conf).
FreeBSD can play not only one but three firewalls. Networking is complicated by itself and firewalls can be complex too. So when they mix together your brain may collapse. Pick up one and then learn how the networks function and later how to manipulate the firewall. One of those three firewalls in FreeBSD is IPFW. The minimal configuration for IPFW is the one written on this article. Don’t think of this firewall as a dumb, too simple firewall solution. Mac OS X, for example, uses it and puts a nice interface in the System Settings so any noob can use it. Although nowadays it’s using another firewall PFCTL I guess it’s from the OpenBSD, it has had IPFW for many years as the default firewall. And quite frankly it has served many users pretty well.
We will edit the main os configuration file with nano.
As always under FreeBSD the /etc/rc.conf file is the one in charge to activate OS level features as well as some other important software. Type this command to set the firewall configuration into the right file:
sudo nano /etc/rc.conf
Now edit the rules so they look as follows.
firewall_enable="YES"
firewall_quiet="YES"
firewall_type="workstation"
firewall_myservices="22 80 443 10000"
firewall_allowservices="any"
firewall_logdeny="YES"Now you must start up the service in order for the firewall to start working. Type the following order at the terminal prompt.
sudo service ipfw onestart
The numbers appearing in the line firewall_myservices=”22 80…” are the ports the firewall leaves open. The rest of the ports to your server or workstation will remain closed.
The opened ones are the basic to run a web server. Port number 22 is used for remote connections through SSH (secure shell). The number 80 is used by the HTTP protocol and since we are setting up a web server this is mandatory. Something similar happens with the port number 443 but this is the one for the https, which is the http protocol surrounded by an TLS encryption so no one can read the content in it.
Fail2ban is a complementary tool to your firewall. It works by scanning log files and bans IPs which present suspicious activity such as failed logins. It is compatible with many UNIX-like systems and is a security tool to have in your arsenal. It can filter not only ssh logins, but other services too, for example CMS web sites as WordPress or Drupal, repositories such as your own GitLab, and even your Postfix (or other) mail server.
For existing users, use the chsh command (“change shell”):
chsh -s SHELL USER
chsh -s /usr/local/bin/bash root
For future users:
Edit "/etc/pw.conf" defaultshell keywords
When use adduser(), choose necessary shell
This entry is intended to replace the default FreeBSD MTA agent with one that is easier to manage. Because of its simplicity we are going to use SSMTP as it takes very few configuration lines.
To list all installed packages in FreeBSD, you can use pkg info command.
To list all installed packages in FreeBSD that are outdated, you can use pkg version -vL=
To clean package cache in FreeBSD, you can use pkg clean command. This will remove all old and unused packages from cache.
To remove orphaned packages in FreeBSD, you can use pkg autoremove command. This will remove all packages that are no longer required by any other package.
Unix system administration commonly consists of repeating common and similar operations on different sets of targets. The notion of using, and stringing together, building block primitives such as cat, sort, strings, wc, sed and awk is a core tenet of Unix philosophy. //
By incorporating the data into the script itself, one can create powerful system administration tools, in the form of simple shell scripts, that consist merely of a single file.
The basic organization of such a script is a set of one or more data items which are commented out, as they are not actual commands, but commented in such a way that they can be distinguished from normal comments:
01: #!/bin/sh
02: #
03: # Here is the data set, and perhaps we will add some other comments here
04: #
05: ##DATA var1 var2 var3
06: ##DATA var1 var2 var3
07: ##DATA var1 var2 var3As you can see, normal comments are commented out with one # character, but data items are commented with ##. Not only does this allow us the ability to parse through the script and easily identify which lines are data lines (as opposed to normal comments), but it also allows us to quickly disable a data line that we temporarily do not wish to use. Simply remove one of the # characters from the data line that is not to be used - it will not be parsed because it has no leading ##, but it still starts with #, and thus does not affect the script as it is still commented out.
The body of the script consists of a variable defining the path of the script itself (obviously the script needs to know the path to itself if it is to parse itself), and then a while loop that reads in every line of the script, but filters out (using grep) only those lines that are data lines, which begin with ##DATA :
08: myself=/usr/local/bin/script.sh
09:
10: while read line
11: do
12:
13: if echo $line | grep "^##DATA"
14: then
15:
16: var1=`echo $line | awk '{print $2}'`
17: var2=`echo $line | awk '{print $3}'`
18: var3=`echo $line | awk '{print $4}'`
19:
20: diff $var1 $var2 >> $var3
21:
22: fi
23:
24: done < $myselfWhat is happening here is that the script, in line 08, defines the path to itself, and uses a "while read line" construct, the end of which in line 24 takes as input the name of the script itself. ...
The Depenguinator, version 2.0
In December 2003, I wrote a script for remotely upgrading a linux system to FreeBSD. I gave it a catchy name ("depenguinator", inspired by the "Antichickenator" in Baldur's Gate), announced it on a FreeBSD mailing list and on slashdot, and before long it was famous. Unfortunately, it didn't take long for changes in the layout of FreeBSD releases to make the depenguination script stop working; so for the past three years I have been receiving emails asking me to update it to work with newer FreeBSD releases.
A few weeks ago, Richard Bejtlich came forward with an offer to pay me to make the necessary improvements (money doesn't solve everything, but offering money certainly helps break the "I'll do it when I have some free time" / "I never have any free time" deadlock). In the end I asked him to arrange for a donation to the FreeBSD Foundation instead of paying me, but his offer was enough of a prompt for me to spend ten hours revising and testing the depenguinator.
Many computer systems around the world have been possessed by penguins; some have even been possessed by dead rats. In light of this, it is desireable to exorcize these evil spirits, and replace them with a nice, friendly daemon.
(More to the point, there are a number of dedicated server hosting companies which only offer Linux (or, in some cases, Linux and Windows); being able to remotely replace Linux with FreeBSD makes the (typically very low cost) offerings from these companies available to those who want to run FreeBSD.
I've put together some code for building a FreeBSD disk image which will boot into memory, configure the network, set a root password, and enable SSH. This can be used to "depenguinate" a Linux box, without requiring any access beyond a network connection.
The remainder of this page relates to the original (December 2003) version of my depenguinator. For a more recent version (which works with FreeBSD 7.0) see my blog post about my depenguinator version 2.0.
Welcome to the Mirror Services infrastruction site by BOINC Team Belgium. On here, you will find software mirrors of various Linux® and UNIX®-like operating systems distributions. The mirrors sync once an hour (or once per 2 hours for ISO mirros) using rsync with a Tier 0 or Tier 1 mirror
You can check the installation date of a FreeBSD server by looking at the /var/log/bsdinstall_log file, which typically contains a line indicating when the installation began.
Alternatively, you can use the command stat -f '%SB %N' / to see when the root filesystem was created, but this may not reflect the actual installation date if the system was modified later.
In tcsh, you can do:
(ls $argv > filelist) >& /dev/nullNote that >& redirects both stdout and stderr, but since stdout has already been redirected elsewhere only the stderr will make it through to /dev/null
Check Listening Ports with netstat
netstat is a command-line tool that can provide information about network connections.
To list all TCP or UDP ports that are being listened on, including the services using the ports and the socket status use the following command:
sudo netstat -tunlpThe options used in this command have the following meaning:
-t - Show TCP ports.
-u - Show UDP ports.
-n - Show numerical addresses instead of resolving hosts.
-l - Show only listening ports.
-p - Show the PID and name of the listener’s process. This information is shown only if you run the command as root or sudo user.
To check the CPU temperature on FreeBSD, you can use the command sysctl -a | grep temperature after loading the appropriate driver for your CPU type with kldload coretemp for Intel or kldload amdtemp for AMD processors. Make sure to add the driver to /boot/loader.conf for automatic loading at boot time.
You can list devices on FreeBSD using commands like geom disk list, camcontrol devlist, orgpart show to display information about the disks and their partitions.
geom part list shows the partitions in FreeBSD. Similarly geom md list will get you the "memory disk" devices
You can list devices on FreeBSD using commands like geom disk list, camcontrol devlist, or gpart show to display information about the disks and their partitions.
- The Linux screen command is a versatile tool that allows you to run terminal applications in the background and switch back to them when needed.
- It supports split-screen displays and can be used over SSH connections, even after disconnecting and reconnecting.
- With screen, you can create new windows, run multiple processes, detach and reattach sessions, and share sessions between multiple users in real-time.
With the Linux screen command, you can push running terminal applications to the background and pull them forward when you want to see them. It also supports split-screen displays and works over SSH connections, even after you disconnect and reconnect!
Here is another reverse lookups done using dig command:
$ dig -x ip-address-here
$ dig -x 75.126.153.206FreeBSD uses try the drill command:
drill -Qx 54.184.50.208Any number of unwanted or troublesome behaviours may ensue.
mark_j said:
… possibly is a bug. Even if the file system is junk, the driver should time out and allow the process to be killed. …
Depending on the context of an error, it's not unusual for an operating system halt to fail in response to shutdown -p now.
shutdown(8)
Ideally: things should be more graceful.
Realistically: it's sometimes necessary to force off the power.