install IDS from port , but can not find the Ports security/acid
hi everyone : i want use the snort like IDS in my network , google the document from internet . there is ACID (analyst center) used provided web UI , can install from security/acid . but after i fetch port (portsnap fetch ; portsnap extract ) , i can not find the ports security/acid OS version: freebsd 8.2 so , i want to know how can i install ACID ?? anybody can help me ? BR PstreeM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: install IDS from port , but can not find the Ports security/acid
On Wed, 11 Apr 2012 15:41:10 +0800, PstreeM China wrote: hi everyone : i want use the snort like IDS in my network , google the document from internet . there is ACID (analyst center) used provided web UI , can install from security/acid . but after i fetch port (portsnap fetch ; portsnap extract ) , i can not find the ports security/acid There is an entry in /usr/ports/MOVED: security/acid||2008-04-04|Has expired: development has ceased, use security/base From base's description: BASE is the Basic Analysis and Security Engine. It is based on the code from the ACID project. This application provides a PHP-based web front-end to query and analyze the alerts coming from a Snort IDS system. BASE is a web interface to perform analysis of intrusions that Snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly. Maybe you can check this one in relation to your requirements? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: install IDS from port , but can not find the Ports security/acid
On Wed, Apr 11, 2012 at 4:04 PM, ufs u...@poniki.net wrote: On 11.04.2012 11:41, PstreeM China wrote: hi everyone : i want use the snort like IDS in my network , google the document from internet . there is ACID (analyst center) used provided web UI , can install from security/acid . but after i fetch port (portsnap fetch ; portsnap extract ) , i can not find the ports security/acid OS version: freebsd 8.2 so , i want to know how can i install ACID ?? anybody can help me ? BR PstreeM __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org #more /usr/ports/security/base/pkg-**descr BASE is the Basic Analysis and Security Engine. It is based on the code from the ACID project. This application provides a PHP-based web front-end to query and analyze the alerts coming from a Snort IDS system. BASE is a web interface to perform analysis of intrusions that Snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly. Use ../security/base/ i think this is what i want . thanks very much . i will have a test . ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
At 05:27 10/04/2012, you wrote: Hello all. Thanks in advance for your time and comments. Perhaps this app may help you: http://sourceforge.net/projects/teachercp/ There are commercial apps too that do the same and more. HTH Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
On Tue, 10 Apr 2012 at 05:27:24, Jorge Biquez wrote: Hello all. I am sorry if this is kind OFF Topic. I am looking for help from more experienced people in these areas. Please let me know if this question should be moved to FREEBSD-CHAT list. As I have mentioned before I am helping a school , non profit with their IT issues. As always there are some experts that controls everything and do not let you change anything because is their kingdom. Anyway, there we have Internet service from a cable company and they have some cisco routers to receive the access and from there some Cisco Switches. In the classrooms we have very old PCs running XP. In some of my classes I am using Freebsd and Ubuntu running on a USB. So each student have one USB and they work that way booting from their 4GB USB stick. (it is slow but it has worked until now). One of the managers asked me for help to block some web sites were some students in the other lab and people that helps there waste bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and spend lot of time on facebook also. Our bandwidth is only 4Mb and you understand that with a few that are seeing movies and videos the rest of us can not work at all. Thing is that other manager (you know how those things are sometimes) do not want us to do that since his guru and expert is the one that controls all the Network. So the best we could get until now is that we can do all we can without touching the Cisco routers and until now not administrative password for change anything on the PCs (that could change one we prove that we can have the solution and show it to the board of people that runs the place). The Internet provider gives the DNS servers to use and one of the routers gives the DHCP service. First thing I thought was to change the DNS servers and use the one from my small office (running Freebsd 7.3) using Bind there and simply block there pointing the sites to nothing in the Apache configuration. It does not work. Once changed the DNS values the PC does not resolve anything. It was a quick test but that does not work. Not sure if Internet provider is blocking in some way that we can not use other DNS server but theirs. Other solution I was thinking while coming home was to convert one machine there to a freebsd server and use it as a router (if they let me) so that way I can control from there and do filtering. Issue is that maybe they do not let me but connect the server as an extra machine without replacing the main router so in that case I would have 2 DHCP servers doing the same service in the same lan and could be conflicts I guess. Another solution a friend suggested was to buy one small router (from my money for sure) and let that small router to receive the internet (RJ45) and from that with the small 4 port switch included to provide the internet to the switches to feed the labs , library and administrative offices. I have never use one of those and I am short on money so I would like to explore other alternatives before if possible. Finally another solution would be to install in each PC a kind of Nanny software but only if free, otherwise is not a solution (I do not know of any yet but will do searching the following hours). I know all can be solved if the guru-expert guy would let me have passwords from PC's, router, etc but that won't be an option since they think we would try to take the control of those services (we do not want that) so the burocracy could be a problem there. He have told them that to block is not possible (they have been working that way for years). So, in this kind of schema. Do you think FreeBSD (even linux) could be of help if we do not have access to routers, switches and can not install new software on the PCs( the ones running XP)? Any comments you have that could help me to solve this challenge? You could ask the guru-expert guy to implement traffic shaping like weighted fair queuing and prioritizing SYN's etc. That way people can watch all the videos they want without it affecting the work of others. You can also implement it yourself transparently with a FreeBSD box with two adapters bridged and something like ipfw+dummynet, you'd just need to insert it somewhere in the route (before any masquerading is performed though). -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence. smime.p7s Description: S/MIME cryptographic signature
Re: FreeBSD's backwards webdesign / corporate identity
Polytropon free...@edvax.de wrote: On Tue, 10 Apr 2012 15:29:42 +1000, Da Rock wrote: On 04/10/12 21:32, per...@pluto.rain.com wrote: Mark Felderf...@feld.me wrote: Python on Planes is the future, mn. Shouldn't that be spelled plains, as in the places where the snake-containing grass grows? :-) Ha! One would think so, but with ruby on rails one would think that python on plains wouldn't sound anywhere near as exciting or appear too quick. That and a shaded reference to a certain similarly titled movie with Samuel L Jackson- corny! :D Should we modernize programming languages by putting them on something? Like awk on a anchor, C on a chimney or Java on Jambalaya? :-) Sather on sabattical? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ipfw FreeBSD 10
building kernel with this options: options IPFIREWALL #enable ipfw options IPFIREWALL_VERBOSE #enable log options IPFIREWALL_FORWARD #enable fwd options IPDIVERT options LIBALIAS options IPFIREWALL_NAT #enable nat do not enable IPFW When doing ipfw show it shows 000 93874234 23402394820384 any to any and stops ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
portupgrade not preserving shared libs as documented?
Portupgrade man page says By default, portupgrade preserves shared libraries on uninstallation for safety. I ran i in the form of: portupgrade -b pcre Now /usr/local/lib/libpcre.so.0 does not exist anymore, only the new /usr/local/lib/libpcre.so.1 is there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
Jorge Biquez wrote: Hello all. snip In the classrooms we have very old PCs running XP. In some of my classes I am using Freebsd and Ubuntu running on a USB. So each student have one USB and they work that way booting from their 4GB USB stick. (it is slow but it has worked until now). One of the managers asked me for help to block some web sites were some students in the other lab and people that helps there waste bandwithd seeing videos, movies (youtube, cuevana, serieid, etc) and spend lot of time on facebook also. Our bandwidth is only 4Mb and you understand that with a few that are seeing movies and videos the rest of us can not work at all. snip Other solution I was thinking while coming home was to convert one machine there to a freebsd server and use it as a router (if they let me) so that way I can control from there and do filtering. Issue is that maybe they do not let me but connect the server as an extra machine without replacing the main router so in that case I would have 2 DHCP servers doing the same service in the same lan and could be conflicts I guess. This method is very common. You have 2 methods here. Both methods will give you a central location to control both windows and Freebsd PC's on the local LAN as to what ip address they can access. Replace the main router with your Freebsd gateway box or just cable your main router to the Freebsd gateway box running ipfilter or pf firewall and dhcp. Then from second nic on the Freebsd gateway box to your existing switch. Configure dhcp on the Freebsd gateway box to issue ip address in the 10.0.10.0 range and specify the ip addresses of the dns servers of the ISP. Enable NAT (network address translation) function of the firewall. If you replace the main router with the Freebsd gateway box, then the Freebsd gateway box will get the public routable ip address assigned by the ISP. If you place the Freebsd gateway box down stream of the main router then it will get 192.168.x.x ip address from the main router. This is ok and will work fine. You did not say, but some ISP modems have built in routers, if that is what you are calling the main router then you can not replace it. Your Freebsd gateway box has to be down stream in this case. Here is a good resource for you to review Freebsd Install Guide at www.a1poweruser.com snip Finally another solution would be to install in each PC a kind of Nanny software but only if free, otherwise is not a solution (I do not know of any yet but will do searching the following hours). snip On each Freebsd pc blocking selected ip addresses can be done using the routed blackhole command. Example: To Add use route add -host attacker_ip 127.0.0.1 -blackhole To Delete use route delete -host attacker_ip 127.0.0.1 -blackhole To List use netstat -nr|grep 127 This is executed in the IP stack and is faster than in the firewall when you have over 20 of those special deny this IP address rules in the firewall. In your case the attacker_ip is found by using the dig command, dig www.facebook.com returns the ip address of 69.171.228.40 You can create a script (route_blackholed_ip.sh) containing route commands for all the IP address that you want to block and save it to /usr/local/etc/rc.d/ so it will be run at boot time from the USB thumb drives your students use to boot Freebsd from. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP oddness, over SSH session.
On Wednesday 11 April 2012, Dave B wrote: I just found however, that though I can reliably send a file to the FTP server and it get's saved just fine, that's not true when connecting this way using a SSH tunnel. Would it not be simpler just to use sftp directly rather than tunnelling ftp through ssh? -- Mike Clarke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Token Ring (really)
There's some reasons that approach doesn't work, per IBM's protocol. Jay West EZwind.net PO Box 460474 Saint Louis, MO 63146 Voice: (314) 262-4143 ext 1000 Toll Free: (866) 343-2589 Fax: (314) 558-9284 jw...@ezwind.net This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Bill Tillman Sent: Wednesday, April 11, 2012 9:33 AM To: freebsd-questions@freebsd.org Subject: Re: Token Ring (really) From: Nikos Vassiliadis nv...@gmx.com To: Jay West jw...@ezwind.net Cc: 'Adam Vande More' amvandem...@gmail.com; 'mikel king' mikel.k...@olivent.com; freebsd-questions@freebsd.org Sent: Sunday, April 8, 2012 7:03 PM Subject: Re: Token Ring (really) On 4/8/2012 4:41 PM, Jay West wrote: Adam wrote... Otherwise, it's time to abandon steamships for airplanes. Sounds like you have a primed business opportunity just waiting to be exploited. --- Actually, this is for a historical re-creation project. Airplanes would be entirely inappropriate for a historical display, so steamships it is. Last I checked, there was no primed business opportunity in doing something for non-profits (museums, etc.) :) I guess I'll have to see how tough it would be to yank the TR code from 7x and get it running under 9x. Probably above my skillset, but I'll have a looksee. J Hi, You could try finding an ethernet to token ring translating bridge, though I am not aware of the budget will need - or if you'll find one anyways. Just a thought, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Sorry to jump in on this one so late but here is my 2 cents on this one: Madge cards were all the rage back in 1996 thru 1999. I was IT Mgr for a financial services company which ran token ringring in-ring out and pass the MAU-e-wau-e pipe please. Back then, Madge cards ran $300 or more. These days you can buy a 1000mbs ethernet card for $5. So I vote for swapping out the NIC and get on with life. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD's backwards webdesign / corporate identity
On Sun, Apr 8, 2012 at 2:40 PM, Tony ableton...@gmail.com wrote: The current design is an uneven mix of various styles, and seems more forced than well thought out. First you have the shiny Satanic 3D-lookalike logo (yes, despite what y'all say, it's still Satanic) that might look cool the first few times one looks at it. Now though it's more like what the hell *is* that thing anyway? (...) Last time, a redesign brought us the sex toy logo to appease the anti-Beastie fraction. So, please, not again. Let's concentrate on improving FreeBSD itself. There's more than enough work to do in this department before we even consider letting ourselves be distracted by design issues again. Thank you, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem with Xorg
2012-04-10 16:50, Da Rock skrev: It gives a black screen. Vesa or not. Is that with the retro option? No it was not. Now I have fixed it, wife on my back so I had to fix it quickly. Pkg_delete \* cd x11-wm/xfce4 so now it starts up without errors. Thank you all for your input. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re[2]: fsck problem FreeBSD 8.3
Здравствуйте, Eugene. Вы писали 10 апреля 2012 г., 0:39:52: EG 10.04.2012 01:36, Коньков Евгений пишет: Hi. Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY, CANNOT RUN FAST FSCK Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. Apr 9 19:51:58 fsck: /dev/ad8s1e: CANNOT SET FS_NEEDSFSCK FLAG Apr 9 20:09:22 kernel: running manually: # fsck -y /dev/ad8s1e ** /dev/ad8s1e (NO WRITE) EG You cannot run fsck on mounted filesystem, unmount it first. Why not? fsck can do its job at background, on mounted FS. So I also can run it on mounted FS. in this case (as I have showed) it do not find any errors. In any case I have run fsck on this FS when it was dismounted. There is no any errors. I think here is only one problem. problem to 'RUN FAST FSCK' -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fsck problem FreeBSD 8.3
12.04.2012 00:05, Коньков Евгений пишет: Здравствуйте, Eugene. Вы писали 10 апреля 2012 г., 0:39:52: EG 10.04.2012 01:36, Коньков Евгений пишет: Hi. Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY, CANNOT RUN FAST FSCK Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. Apr 9 19:51:58 fsck: /dev/ad8s1e: CANNOT SET FS_NEEDSFSCK FLAG Apr 9 20:09:22 kernel: running manually: # fsck -y /dev/ad8s1e ** /dev/ad8s1e (NO WRITE) EG You cannot run fsck on mounted filesystem, unmount it first. Why not? fsck can do its job at background, on mounted FS. It is run in special mode then, you run fsck not that way. So I also can run it on mounted FS. NO WRITE signals you that it will not be able to fix any problem it encounters. in this case (as I have showed) it do not find any errors. And if it finds any error on mounted live file system, that would not mean the error really exists. Do NOT run fsck on mounted file system, period. In any case I have run fsck on this FS when it was dismounted. There is no any errors. So, you need not bother, your file system has been already fixed. I think here is only one problem. problem to 'RUN FAST FSCK' No need to, already. Eugene Grosbein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problem with vlans on igb (was: fsck problem FreeBSD 8.3)
Пересылаемое сообщение 11.04.2012, 13:14, KES kes-...@yandex.ua: 10.04.2012, 08:50, Da Rock freebsd-questi...@herveybayaustralia.com.au: On 04/10/12 05:02, Коньков Евгений wrote: Yes, I have tested. and on this hardware on this OS it works from Fri Feb 24 17:07:48 UTC 2012 but last two days: reboot ~ Mon Apr 9 19:50 reboot ~ Mon Apr 9 18:30 reboot ~ Sun Apr 8 20:55 reboot ~ Sun Apr 8 20:00 reboot ~ Sun Apr 8 19:49 reboot ~ Sun Apr 8 17:43 reboot ~ Sun Apr 8 10:58 reboot ~ Sat Apr 7 21:13 reboot ~ Sat Apr 7 16:37 reboot ~ Sat Apr 7 16:07 I remembered. One thing changed. I add vlans to igb2, but no traffic flow on that devices yet. Perhaps you should test removing the vlans and see if things improve? I have removed vlans, two day server works without reboots Before this I have use: igb0, igb1, igb3 igb0@pci0:1:0:0: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb1@pci0:1:0:1: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb2@pci0:1:0:2: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb3@pci0:1:0:3: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet ifconfig_vlan100=inet 192.168.0.1 netmask 255.255.255.0 vlan 100 vlandev igb2 #nALL ifconfig_vlan101=inet 192.168.1.1 netmask 255.255.255.0 vlan 101 vlandev igb2 #n2 p24 ifconfig_vlan102=inet 192.168.2.1 netmask 255.255.255.0 vlan 102 vlandev igb2 #n1 p23 ifconfig_vlan103=inet 192.168.3.1 netmask 255.255.255.0 vlan 103 vlandev igb2 #n3 p22 ifconfig_vlan104=inet 192.168.4.1 netmask 255.255.255.0 vlan 104 vlandev igb2 #n7,9 p21 ifconfig_vlan105=inet 192.168.5.1 netmask 255.255.255.0 vlan 105 vlandev igb2 #n11 p20 ifconfig_vlan106=inet 192.168.6.1 netmask 255.255.255.0 vlan 106 vlandev igb2 #n13 p19 ifconfig_vlan107=inet 192.168.7.1 netmask 255.255.255.0 vlan 107 vlandev igb2 #n223 p18 ifconfig_vlan108=inet 192.168.8.1 netmask 255.255.255.0 vlan 108 vlandev igb2 #n225 p17 ifconfig_vlan109=inet 192.168.9.1 netmask 255.255.255.0 vlan 109 vlandev igb2 #n221 p16 ifconfig_vlan110=inet 192.168.10.1 netmask 255.255.255.0 vlan 110 vlandev igb2 #n229 p15 ifconfig_vlan111=inet 192.168.11.1 netmask 255.255.255.0 vlan 111 vlandev igb2 #n233 p14 ifconfig_vlan112=inet 192.168.12.1 netmask 255.255.255.0 vlan 112 vlandev igb2 #n231 p13 ifconfig_vlan113=inet 192.168.13.1 netmask 255.255.255.0 vlan 113 vlandev igb2 #n237 p12 ifconfig_vlan114=inet 192.168.14.1 netmask 255.255.255.0 vlan 114 vlandev igb2 #n424 p11 ifconfig_vlan115=inet 192.168.15.1 netmask 255.255.255.0 vlan 115 vlandev igb2 # PAP Nothing logged in /var/log/* or crashes that exist in /var/crash PAP would indicate to me some sort of hardware related problem. PAP Have you tested your hardware lately and know that it is in operational order? PAP ~Paul PAP On Mon, Apr 09, 2012 at 09:36:54PM +0300, ??? ??? wrote: Hi. Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY, CANNOT RUN FAST FSCK Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. Apr 9 19:51:58 fsck: /dev/ad8s1e: CANNOT SET FS_NEEDSFSCK FLAG Apr 9 20:09:22 kernel: running manually: # fsck -y /dev/ad8s1e ** /dev/ad8s1e (NO WRITE) ** Last Mounted on /tmp ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 99 files, 10 used, 506477 free (45 frags, 63304 blocks, 0.0% fragmentation) Server reboot two or three time per day # uname -a FreeBSD flux 8.3-PRERELEASE FreeBSD 8.3-PRERELEASE #3 r231881: Fri Feb 24 17:07:48 UTC 2012 adm@flux:/usr/obj/usr/src/sys/KES_KERN_v8 amd64 before this it works about month without problems /var/crash - empty, in /var/log/messages there is no any messages before crash. Can any help to fix problem? ___ freebsd-questions@freebsd.org mailing list
How to successfully enable HP LaserJet Professional m1212nf MFP,
hpcups 3.12.2, requires proprietary plugin that seems to not be available in the HP site. I have tried to get it using hplip-3.12.2 with no success. I have tried with both cups and hplip and can't get it going. Any suggestions appreciated. Maybe the official hplip-3.12.4 might work but hasn't been updated yet.I tried to compile it but wasn't able to adapt the patches. Thanks, ed P.D. Is there a better way to use hp equipment than cups? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
LD_TRACE_LOADED_OBJECTS and Linux binaries
What's the explanation for this: $ ldd /usr/compat/linux/bin/pwd /usr/compat/linux/bin/pwd: /tmp $ LD_TRACE_LOADED_OBJECTS=1 /usr/compat/linux/bin/pwd libc.so.6 = /lib/libc.so.6 (0x28076000) /lib/ld-linux.so.2 (0x2805) From what I've read ldd works through setting LD_TRACE_LOADED_OBJECTS, and neither form should work on a linux binary. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Intel turbo mode support
Hi, I've stumbled upon http://goo.gl/Aq6Vd in the freebsd-current mailling list and started investigating if turbo mode is working on my i7 860 here. The CPU stock frequency is 2.8GHZ which is the maximum that dev.cpu.0.freq_levels reports (powerd is enabled). According to the link above, freq_levels should show a maximum frequency of 2801 if turbo mode is working. The patch above was MFC'ed quite a while ago. I updated to 9-stable yesterday and it looks like the turbo is not working. dev.cpu.0.freq is at max. 2.8GHz, even if I am using some CPU stress testing utilities (like burnP6). I'm really thankful for any input on this matter. Florian. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
On 10/04/2012 05:27, Jorge Biquez wrote: Hello all. I am sorry if this is kind OFF Topic. I am looking for help from more experienced people in these areas. Please let me know if this question should be moved to FREEBSD-CHAT list. As I have mentioned before I am helping a school , non profit with their IT issues. As always there are some experts that controls everything and do not let you change anything because is their kingdom. Anyway, there we have Internet service from a cable company and they have some cisco routers to receive the access and from there some Cisco Switches. They won't let you do things not because it is their kingdom, but because they certainly have a contract with prices for services and penalties for lack of services. As IT professional they want to make their lives simpler and have whoever benefits from a service pay for it. This is a logical and sane attitude to have. Now if you want to meddle with the stuff they are legally responsible for you need to prove them a few things : 1 - Nothing you do will impact them in terms of workload. You might be working for free (and it is very noble of you), but they are trying to earn their lives here. So more work for the same price is not an option. 2 - You can be trusted and you have good skills. This start by explaining fully what you want to achieve, how you will do it and (most important point) how fast anything you do can be undone. No matter what solution you choose it is likely to have side effects, especially since you have no knowledge of what is installed and how it is set-up, except what you can guess probing here and there without administrative rights. No matter how simple and innocuous you solution may seem, it might break the first rule, for example a FreeBSD Gateway might prevent patches from a WSUS server to be applied, it might prevent remote control, it might prevent alert mails to be sent or received and so on. 3 - You have to right the full documentation of what you are going to do, give all the administrative password of your solution to the experts, complete with a good deal of explanation on how to use, remove or change the system. It is also important that they know they can remove your own rights on your own solution if need be. The reason are you may not always be available and you may not always be lucid or in good terms with the school. If a problem arise they have to be able to take full control back, on way or another. 4 - You will find a way to pay them for your solution. Even if you do everything yourself, and have enough skill to do it right without them helping at any point (which is extremely unlikely), the time needed for the experts to review, test, validate and potentially maintain your solution will have to be paid. The closer the solution is to what they already know and have a staff trained for, the lighter the price. But do not expect them accept a solution that might bring them troubles but won't bring them money. The main problem you might have is that you do not seem to have any respect for the guys in charge. True I do not know your history with them, and they may not deserve respect, but as an IT manager for quite a lot of companies both large and small I can tell you one thing : We positively loathe the smart guy with a (most of the time very small) IT background that springs out of nowhere to bring simple solutions to complex problems. 99.9 % of the time they end up giving up with the job half done or they disappear just as suddenly as they appeared taking all their knowledge with them. From the director 13 years old nephew who can have the thing running in minutes (or so the director seems to think) to the junior analyst that will replace a behemoth of ETL processed files and Excel sheets with a single Access app because he has read the first three chapter of VBA for Brain Damaged last week, we see them coming from miles away and needless to say that there are no warms welcome when they finally arrive. The only way to get anywhere is to be humble and then impress the experts with your professional and exhaustive approach of the problem. Anything else will lead to the experts telling you that to achieve the result you want you will need to purchase the solution they know (probably a Checkpoint/Baracuda/Blue Coat/what else appliance) and then pay monthly for maintenance. There are literally thousands of solutions to your problem, ranging from simply installing K9 on every computer to a complex set up with QOS, LDAP/KERBEROS auth and rights delegation going to a redundant active proxy with cache and filtering. Given the small size of the lan, an old and small computer with two ethernet cards and PFSense could probably do the trick, but you will need insight from the guys in charge to be sure. Dans Guardian can offer content filtering, but will require more RAM and CPU power. Cheap commercial appliances will do
Sendmail recommended permissions for apache/php server
Hi, I am trying to use sendmail to send emails from a php script (I tried phpmailer and mail function with the same result). I always got messages like Could not execute: /usr/sbin/sendmail Sendmail is World executable: # ls -l /usr/sbin/sendmail lrwxr-xr-x 1 root wheel 21 Jan 3 02:57 /usr/sbin/sendmail - /usr/sbin/mailwrapper So I've checked into /var/log/messages and found this: Apr 11 18:09:44 dev sendmail[38340]: NOQUEUE: SYSERR(www): can not chdir(/var/spool/clientmqueue/): Permission denied I've checked permissions on the /var/spool/clientmqueue/ directory # ls -al /var/spool/clientmqueue/ drwxrwx--- 2 smmsp smmsp 3 Apr 11 19:01 . So I saw that only the user and group smmsp could write to this directory. I presumed the apache user should have access to it so I added www to the smmsp directory. I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, I can now send emails, but I wonder if this is the way to fix the issue correctly. Is that the official fix or did I missed some configuration somewhere ? Sending emails from php using mail or sendmail should be something working out of the box I guess, I doubt we're supposed to change permissions to make it work Any help would be appreciated. Regards ~~ Ian Lord MSD Informatique 143 Rue des Fauvettes St-Colomban (Québec) J5K 0E2 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.cahttp://www.msdi.ca/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem with Xorg
On 04/12/12 02:28, Bernt Hansson wrote: 2012-04-10 16:50, Da Rock skrev: It gives a black screen. Vesa or not. Is that with the retro option? No it was not. Now I have fixed it, wife on my back so I had to fix it quickly. Pkg_delete \* cd x11-wm/xfce4 so now it starts up without errors. Thank you all for your input. Good to hear. Wives have a way of getting things done quickly, don't they? :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
pf firewall rule numbers
In the pf log I see the rule number of the rule used to create the log file entry. pfctl -sr command does not list the rule number of each rule it lists. So my question is how do I relate the rule number shown in the log listing back to the text rule file rules? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf firewall rule numbers
On 4/11/2012 8:34 PM, Fbsd8 wrote: In the pf log I see the rule number of the rule used to create the log file entry. pfctl -sr command does not list the rule number of each rule it lists. Hi, Try pfctl -sr -vv ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to successfully enable HP LaserJet Professional m1212nf MFP,
On Wed, 11 Apr 2012 14:17:01 -0500, Edwin L. Culp W. wrote: hpcups 3.12.2, requires proprietary plugin that seems to not be available in the HP site. I have tried to get it using hplip-3.12.2 with no success. I have tried with both cups and hplip and can't get it going. Any suggestions appreciated. Maybe the official hplip-3.12.4 might work but hasn't been updated yet.I tried to compile it but wasn't able to adapt the patches. I have checked the printer's specification, but I can't find any mentioning about if it supports one of the standard languages PS or PCL (as one would assume for a product that HP markets as Pro(fessional)). However, the documentation states that it accepts PDF - so maybe you can try to feed a PDF file to the printer directly? You can use nc (netcat) to do this, I assume you already have the printer networked. I'm not sure how the other functionality relates to the network connection (or maybe it is only availabe for the local USB connection?), check the documentation that came with the printer to find out more. For example, my Samsung color laser printer (MFC) has no networking functionality, but is represented by /dev/ugen0 for the scanner part and /dev/u(n)lpt0 for the printer part. Maybe something similar is possible with your printer? I'm using that kind of setup with my HP Laserjet 4000 duplex, a _real_ professional (office-class working horse) printer. It's accessed per its IP and fed PS, which is the default output format of any application that wants to print something. The printer spooler is inside the printer and can be queried via CUPS (and also by its command line tools). P.D. Is there a better way to use hp equipment than cups? Yes, base system's printer spooler (lpr) that simply hands the print jobs to the printer and manages them remotely. This assumes the printer has its internal print server (which should be normal for anything professional). CUPS can also deal with that if needed, as more and more applications rely on its presence. Finally I _assume_ the printer sadly is not that professional and doesn't support a lot of standards, depending on what I found on this page: http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/18972-18972-3328064-12004-3328083-3965847.html?dnr=1 Good luck anyway! :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. See the error message above: can not write to queue directory /var/spool/clientmqueue/ Check: % ls -ld /var/spool/clientmqueue drwxrwx--- 2 smmsp smmsp 512 Apr 12 03:12 /var/spool/clientmqueue/ ^^^ This directory can be read, written and entered/searched by _members_ of the smmsp group. Back to the error message: (RunAsGid=0, required=25) It is indicated that group #25 (smmsp) is the required GID, not 0. And: Permission denied which is the logical conclusion. Conclusion: You must make sure that whatever needs to access this directory is in the smmsp group (25). Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, I can now send emails, but I wonder if this is the way to fix the issue correctly. You souldn't need to do that. Now this directory can be modified by anyone, that's not good. Is that the official fix or did I missed some configuration somewhere ? Sending emails from php using mail or sendmail should be something working out of the box I guess, I doubt we're supposed to change permissions to make it work Correct. In regards of _security_, it's required to _allow_ the corresponding program / functionality / part of apache / mailer or whatever the access to the mail queue. This is something that is _not_ possible out of the box because there are many possi- bilities and security considerations. Any help would be appreciated. Try to add apache (or whatever part of it, or PHP subsystem called by it that needs to access the mail queue) to the required group to give it the proper permission to do so. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to successfully enable HP LaserJet Professional m1212nf MFP,
On 04/12/12 11:14, Polytropon wrote: On Wed, 11 Apr 2012 14:17:01 -0500, Edwin L. Culp W. wrote: hpcups 3.12.2, requires proprietary plugin that seems to not be available in the HP site. I have tried to get it using hplip-3.12.2 with no success. I have tried with both cups and hplip and can't get it going. Any suggestions appreciated. Maybe the official hplip-3.12.4 might work but hasn't been updated yet.I tried to compile it but wasn't able to adapt the patches. I have checked the printer's specification, but I can't find any mentioning about if it supports one of the standard languages PS or PCL (as one would assume for a product that HP markets as Pro(fessional)). However, the documentation states that it accepts PDF - so maybe you can try to feed a PDF file to the printer directly? You can use nc (netcat) to do this, I assume you already have the printer networked. I'd try PCL first; the pdf reference I saw was the for the fax function, which allows you to send and receive faxes using pdf over email. The odd man in this equation is an ability to email to print (pdf I'd assume), which is handy and may be how the hpcups thing works, however that means the pdf printing would only work via email and not just a netcat (security?). May still be worth trying, but try with PCL first as it is tried and true and has been a HP standard for god knows how long :) I'm not sure how the other functionality relates to the network connection (or maybe it is only availabe for the local USB connection?), check the documentation that came with the printer to find out more. For example, my Samsung color laser printer (MFC) has no networking functionality, but is represented by /dev/ugen0 for the scanner part and /dev/u(n)lpt0 for the printer part. Maybe something similar is possible with your printer? I'm using that kind of setup with my HP Laserjet 4000 duplex, a _real_ professional (office-class working horse) printer. It's accessed per its IP and fed PS, which is the default output format of any application that wants to print something. The printer spooler is inside the printer and can be queried via CUPS (and also by its command line tools). P.D. Is there a better way to use hp equipment than cups? Yes, base system's printer spooler (lpr) that simply hands the print jobs to the printer and manages them remotely. This assumes the printer has its internal print server (which should be normal for anything professional). CUPS can also deal with that if needed, as more and more applications rely on its presence. Finally I _assume_ the printer sadly is not that professional and doesn't support a lot of standards, depending on what I found on this page: http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/18972-18972-3328064-12004-3328083-3965847.html?dnr=1 Good luck anyway! :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP oddness, over SSH session.
On 04/11/12 21:51, Dave B wrote: FreeBSD FBSD.67MK181QZ 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Wed Apr 14 22:55:09 BST 2010 root@FBSD.67MK181QZ:/usr/obj/usr/src/sys/PPSGENERIC i386 Hi. I have a small FreeBSD 8.0 system (above, yes I know, not current, but it works.) That is mainly used for timekeeping with an attached PPS equipped GPS. No problems with that. It also has a small web server (Hiawatha) FTP server and SSH portal, for my own use. The FTP server is the built-in OS based ftpd implementation, and works well for all that I need. Anyway... I found a while ago, that I can tunnel connections into my home LAN via a SSH session to my FreeBSD box, from outside the LAN using PuTTY (on Windows XP) from wherever I am. It's been a useful dodge for me to do that so as to VNC to other boxes that are there. The needed SSH working port, is not the usual suspect, it's way up high, well away from script kiddies etc. I just found however, that though I can reliably send a file to the FTP server and it get's saved just fine, that's not true when connecting this way using a SSH tunnel. Over the SSH session, (using Passive Mode, with all needed ports forwarded, plus the FTP daemon's data port usage restricted to the same range as those tunneled.) Though the FTP process appears to work OK, with no errors, the file sent to and deposited on the server ends up as name only, and zero bytes in length. Oddly, I can successfully create a new folder on the FTP server over the SSH session using the FTP client, and that works just fine. The FTP client I'm using, is the same FileZilla both times. (V3.1.0.1 I may go look for any updates, just in case.) Downloading works fine regardless of how I connect, it's just uploading that's screwey. I suspect (as usual) it's a rights issue, but even if I su - root after the initial SSH login, it changes nothing. I'd check the ports you are forwarding over ssh. Two ports are required for ftp and it sounds like one is blocking for some reason- the control channel seems to be working fine though :) The FTP user is a different name from who I'm logged in as by SSH, is that the issue?But what confuses me, is that it works from this same PC, if it's on the home LAN, using the same FTP user credentials. I'm obviously lacking in my understanding of something, but what? I may not get to see any replies for a day or three, as I've got to head off across country for work later, and it's not yet known if tonight's hotel even has WiFi, or if there is decent mobile coverage where I'm going. (Out in the Wiltshire sticks. UK, and I'm stuck with Orange.) Thanks in advance. Dave B -- Help for Hero's European Rally 2012 participant. Please help by visiting:- http://www.bmycharity.com/TeamSnowball For any/all donations, all 100% goes to H4H. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org