Re: Polling and kern.hz
2009/9/20 Pieter de Goeje : > On Saturday 19 September 2009, Agus wrote: >> Hi guys... >> >> Im reading ant playing with polling and kernel. I read that >> polling increase net performance and i plan on using it... Now the >> question that arises is.. is polling and performance in general >> affected by the value of kern.hz? i have put in /boot.loader.con >> kern.hz=50 and was wondering if this number affects the number i >> choose for the polling options >> >> I wanna recompile kernel using >> >> options DEVICE_POLLING >> options HZ=1000 >> >> So that 1000hz how affects the system? if it affects it at all >> >> thanks for anyone who can give me a hint >> >> Cheers, >> A > > To quote polling(4): > "Device polling disables interrupts by polling devices at appropriate > times, i.e., on clock interrupts and within the idle loop. This way, the > context switch overhead is removed. Furthermore, the operating system > can control accurately how much work to spend in handling device events, > and thus prevent livelock by reserving some amount of CPU to other tasks." > > HZ affects how often the device is polled. For high bandwidth situations, it > is important that the latency is kept as low as possible. That means that you > must poll the device as often as possible. So generally people use very high > HZ values for polling, for example 1. HZ=50 leads to latencies of about > 20ms, way too high for normal network I/O. > > Note that you can change HZ without recompiling by specifying kern.hz="###" in > loader.conf. > > -- > Pieter de Goeje > Thanks for the answer... I've been reading and find that i was confused... i thought that those hz where only for polling but i found that they are actually for the whole system clock... so now my doubt is if it will be better to activate polling and leave hz in 1000, or download hz to lets say 50 so i dont have too many context switches due to clock interrupts... I will try to test load changing only those parameters and come back with my results. If u guys know any perf tester suitable for this please share..hehe... i will use iperf and will look for a web perf app. Cheers, A ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Polling and kern.hz
Hi guys... Im reading ant playing with polling and kernel. I read that polling increase net performance and i plan on using it... Now the question that arises is.. is polling and performance in general affected by the value of kern.hz? i have put in /boot.loader.con kern.hz=50 and was wondering if this number affects the number i choose for the polling options I wanna recompile kernel using options DEVICE_POLLING options HZ=1000 So that 1000hz how affects the system? if it affects it at all thanks for anyone who can give me a hint Cheers, A ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Reverse Proxy /Proxy Pass
2009/9/5 Mel Flynn : > On Saturday 05 September 2009 09:55:54 Agus wrote: >> 2009/9/3 Mel Flynn : >> > On Friday 04 September 2009 01:20:46 Agus wrote: >> >> What server, application do u know/recommend me for using as a >> >> ProxyPass / Reverse Proxy... >> >> >> >> The idea is to forward all requests to port 80 to this server and then >> >> from here according to the vhost send it to the actual server... For >> >> now i only need proxying.. dont think cacheing will be possible so im >> >> just looking for a pretty fast, light and stable app to do this on a >> >> freebsd 7... >> >> >> >> Thanks and ihope to hear some cool recommendations.. hehe >> > >> > If lightweight, go with www/nginx. Features, go with www/squid or >> > apache+mod_proxy. >> > -- >> > Mel >> > ___ >> > freebsd-questions@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to >> > "freebsd-questions-unsubscr...@freebsd.org" >> >> Thanks Mel... Now i've been reading a little and found that cherokee >> maybe a very good alternative also I also found that the >> performance will variate according to the syscall the server uses... i >> read about poll,etc how to know which syscalls does the servers >> support and which one is better/fastest? > > kqueue is preferred on *BSD, since it's able to aggregate multiple filter > matches into one event if they happen to occur in a close time frame. This > reduces copyout from kernel to userland. It also used to be true that poll is > a busywait, but I think that has been corrected. > > If you're interested, the original design document for kqueue is available > here: > http://people.freebsd.org/~jlemon/papers/kqueue.pdf > -- > Mel > Greatt.. sorry for the late response.. i was on vacations in a place with no internet... hehe... on the second day i was cryinggg.. haha thanks so much for the explanation and link... will read that and try to understand a bit ... hehe Cheers, AR ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Reverse Proxy /Proxy Pass
2009/9/3 Mel Flynn : > On Friday 04 September 2009 01:20:46 Agus wrote: > >> What server, application do u know/recommend me for using as a >> ProxyPass / Reverse Proxy... >> >> The idea is to forward all requests to port 80 to this server and then >> from here according to the vhost send it to the actual server... For >> now i only need proxying.. dont think cacheing will be possible so im >> just looking for a pretty fast, light and stable app to do this on a >> freebsd 7... >> >> Thanks and ihope to hear some cool recommendations.. hehe > > If lightweight, go with www/nginx. Features, go with www/squid or > apache+mod_proxy. > -- > Mel > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > Thanks Mel... Now i've been reading a little and found that cherokee maybe a very good alternative also I also found that the performance will variate according to the syscall the server uses... i read about poll,etc how to know which syscalls does the servers support and which one is better/fastest? I will continue looking for this... Thanks a lot, Agusitn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Reverse Proxy /Proxy Pass
2009/9/3 Mel Flynn : > On Friday 04 September 2009 01:20:46 Agus wrote: > >> What server, application do u know/recommend me for using as a >> ProxyPass / Reverse Proxy... >> >> The idea is to forward all requests to port 80 to this server and then >> from here according to the vhost send it to the actual server... For >> now i only need proxying.. dont think cacheing will be possible so im >> just looking for a pretty fast, light and stable app to do this on a >> freebsd 7... >> >> Thanks and ihope to hear some cool recommendations.. hehe > > If lightweight, go with www/nginx. Features, go with www/squid or > apache+mod_proxy. > -- > Mel > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > Thanks Mel Yes im looking for a light, fast one for now. no need to cache and weird redirections... so.. will follow your reco i think Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Reverse Proxy /Proxy Pass
Hi guys, What server, application do u know/recommend me for using as a ProxyPass / Reverse Proxy... The idea is to forward all requests to port 80 to this server and then from here according to the vhost send it to the actual server... For now i only need proxying.. dont think cacheing will be possible so im just looking for a pretty fast, light and stable app to do this on a freebsd 7... Thanks and ihope to hear some cool recommendations.. hehe Cheers, A ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Problem with edquotas
Hi guys, Im having an issue while trying to use edquota I've been using it for months with no problemss... but now when i use it the quota aint assigned.. adn i get no error soo.. i sunno where to start looking 6.3-RELEASE-p5 FreeBSD 6.3-RELEASE-p5 #0: In /home -rw-r--r-- 1 root operator29G May 5 21:37 quota.user if i use edquota net1 i can add the quotas.. save and then #quota net1 Disk quotas for user net1 (uid 10889): none Any hints appreciatte Thanks guys ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sudden /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by errors
Thanks a lot guys Really dunno what happened with those files... They were 444 perms not modified for long... but well now i reinstalled bash form ports and went ok. Thanks guys for your time... 2009/4/21 Michael Powell : > Agus wrote: > > [snip] >>> What is the output of "ldconfig -r" ? >>> >>> >> >> Sorry for the delay.. was too busyy... >> >> No output... just this >> >> ldconfig -r >> /var/run/ld-elf.so.hints: >> search directories: >> > > Sounds like the hints file is missing or damaged. These live here: > /var/run/ld.so.hints for a.out and /var/run/ld-elf.so.hints for elf format. > Look and see if these are present, and possibly consider deleting them and > regenerating due to the possibility they are damaged. As root the command > ldconfig -aout will do the first (probably not needed as that format is > deprecated) and ldconfig -elf will do the second. > > -Mike > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sudden /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by errors
2009/4/14 Ruben de Groot : > On Fri, Apr 10, 2009 at 08:40:51PM -0300, Agus typed: >> Hi guys, >> >> Yesterday i suddenly start receiving this errors... first i noticed it >> cause i couldnt login and bash threw it.. then su... >> >> /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by >> "-su" >> >> Then i remove bash and change to tcsh and was "ok"... but then again, >> this one when using sendmail.. >> >> /libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, >> required by "send-mail" >> >> >> I didnt update anything... and it was all running fine for months... >> what can it be? the files i have are.. >> >> -rwxr-xr-x 1 root wheel 92K Mar 11 15:26 libsasl2.so.2 >> lrwxr-xr-x 1 root wheel 13B Mar 11 15:26 libsasl2.so -> libsasl2.so.2 >> >> -r--r--r-- 1 root wheel 39K Aug 23 2008 libintl.so.8 >> lrwxr-xr-x 1 root wheel 12B Aug 23 2008 libintl.so -> libintl.so.8 > > What is the output of "ldconfig -r" ? > > Sorry for the delay.. was too busyy... No output... just this ldconfig -r /var/run/ld-elf.so.hints: search directories: Thanksss, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sudden /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by errors
2009/4/11 gabe g : > > > On Fri, Apr 10, 2009 at 7:40 PM, Agus wrote: >> >> Hi guys, >> >> Yesterday i suddenly start receiving this errors... first i noticed it >> cause i couldnt login and bash threw it.. then su... >> >> /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by >> "-su" >> >> Then i remove bash and change to tcsh and was "ok"... but then again, >> this one when using sendmail.. >> >> /libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, >> required by "send-mail" >> >> >> I didnt update anything... and it was all running fine for months... >> what can it be? the files i have are.. >> >> -rwxr-xr-x 1 root wheel 92K Mar 11 15:26 libsasl2.so.2 >> lrwxr-xr-x 1 root wheel 13B Mar 11 15:26 libsasl2.so -> libsasl2.so.2 >> >> -r--r--r-- 1 root wheel 39K Aug 23 2008 libintl.so.8 >> lrwxr-xr-x 1 root wheel 12B Aug 23 2008 libintl.so -> libintl.so.8 >> >> >> >> I really dont know what is happening thanks to anyone who can >> clariffy this... I really dont know what /libexec/ld-elf.so.1 is >> doing? >> I figure that the binarys complaining arent findind this libs... i >> really dunno... >> >> Thanks a lot in advance... >> >> Also i mention that this is a public server where i offer free shell >> services i dont think a normal/unprivileged user could have done >> mess with it right? >> >> Cheers, >> Agustin >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscr...@freebsd.org" > > Don't clog your system with symlinks, look at the manpage for "libmap.conf" > (man libmap.conf) or > http://www.freebsd.org/cgi/man.cgi?query=libmap.conf&manpath=FreeBSD+7.1-RELEASE > . > > Good luck, > Gabe > Will read that... thanks :) Yes.. i remember i had forgotten the version of the OS once i sent it... im running FreeBSD everest 6.3-RELEASE-p5 FreeBSD 6.3-RELEASE-p5 #0: Thu Oct 9 13:54:44 ART 2008 :/usr/obj/usr/src/sys/KEVEREST-6.3 i386 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Sudden /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by errors
Hi guys, Yesterday i suddenly start receiving this errors... first i noticed it cause i couldnt login and bash threw it.. then su... /libexec/ld-elf.so.1: Shared object "libintl.so.8" not found, required by "-su" Then i remove bash and change to tcsh and was "ok"... but then again, this one when using sendmail.. /libexec/ld-elf.so.1: Shared object "libsasl2.so.2" not found, required by "send-mail" I didnt update anything... and it was all running fine for months... what can it be? the files i have are.. -rwxr-xr-x 1 root wheel92K Mar 11 15:26 libsasl2.so.2 lrwxr-xr-x 1 root wheel13B Mar 11 15:26 libsasl2.so -> libsasl2.so.2 -r--r--r-- 1 root wheel39K Aug 23 2008 libintl.so.8 lrwxr-xr-x 1 root wheel12B Aug 23 2008 libintl.so -> libintl.so.8 I really dont know what is happening thanks to anyone who can clariffy this... I really dont know what /libexec/ld-elf.so.1 is doing? I figure that the binarys complaining arent findind this libs... i really dunno... Thanks a lot in advance... Also i mention that this is a public server where i offer free shell services i dont think a normal/unprivileged user could have done mess with it right? Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Mailman moderator against ldap....
Hi guys... I have a question regarding mailman We have it installed in our freebsd and we have lots of lists for which all we (admins) are owners and the person who requests the list is the moderator...So our implementation is using phpchain and creating password for moderator...send it to him/her and save the random admin pass for us in phpchain I was wondering if there is a way to include ldap in this...so we can remove this phpchain and moderator pass...Instead use the ldap credentials Any hints, suggestions appreciated Cheers, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Update System from 6.1 to last 6 Release with NOT generic Kernel...
2008/10/10 Agus <[EMAIL PROTECTED]>: > 2008/10/9 Agus <[EMAIL PROTECTED]>: >> 2008/10/9 RW <[EMAIL PROTECTED]>: >>> On Wed, 8 Oct 2008 19:08:42 -0300 >>> Agus <[EMAIL PROTECTED]> wrote: >>> >>>> Hi guys... >>>> >>>> Just wanted to check a few things before crapping my system..hehehe >>>> >>>> I am planning on updating the system from 6.1 to the last 6.3-RELEASE >>>> p5 i think it isaccording to the freebsd-update.sh... >>>> >>>> I am plannin on doing it with this tool...but my main concern is the >>>> modified kernel and the ports... >>> >>> You can't use freebsd-update on a modified kernel. >>> >>> Ports can be left unchanged unless you change the major version and go >>> to 7. >>> ___ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "[EMAIL PROTECTED]" >>> >> >> Ohhthanks... >> >> But in the middle of freebsd-update it says to update the kernel and >> rebuild it.how should i update the kernelor when it reboots >> and the /usr/src files have changed; i can see the new GENERIC >> filei have to rebuild it from that new modified GENERIC, so that i >> custom it, and build the kernel from there? >> >> Thanks mate! >> Cheers, >> Agustin >> OK... I think i managed to do itat least the uname is showing the 6.3-RELEASE p5, running my custom kernel I think i am missing to update the installed ports, but they are working ok, so i will do it later The thing was that after the freebsd-update install it wasnt taking the new rel it was cause i rebuild the kernel earlier than when the /usr/src files have been updated by the update when i rebooted they were updated so i rebuild my kernel according to the new GENERIC and reboot and all was OK :) Cheers and any doubrs just ask Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Update System from 6.1 to last 6 Release with NOT generic Kernel...
2008/10/9 RW <[EMAIL PROTECTED]>: > On Wed, 8 Oct 2008 19:08:42 -0300 > Agus <[EMAIL PROTECTED]> wrote: > >> Hi guys... >> >> Just wanted to check a few things before crapping my system..hehehe >> >> I am planning on updating the system from 6.1 to the last 6.3-RELEASE >> p5 i think it isaccording to the freebsd-update.sh... >> >> I am plannin on doing it with this tool...but my main concern is the >> modified kernel and the ports... > > You can't use freebsd-update on a modified kernel. > > Ports can be left unchanged unless you change the major version and go > to 7. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > Ohhthanks... But in the middle of freebsd-update it says to update the kernel and rebuild it.how should i update the kernelor when it reboots and the /usr/src files have changed; i can see the new GENERIC filei have to rebuild it from that new modified GENERIC, so that i custom it, and build the kernel from there? Thanks mate! Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Update System from 6.1 to last 6 Release with NOT generic Kernel...
Hi guys... Just wanted to check a few things before crapping my system..hehehe I am planning on updating the system from 6.1 to the last 6.3-RELEASE p5 i think it isaccording to the freebsd-update.sh... I am plannin on doing it with this tool...but my main concern is the modified kernel and the ports... If anyone, by own experience can give me the steps how you did it, i ll be really happy..hehe =D my concern is the kernel and the ports... Thanks guys.for anything you can help me with. I am checking the list but there a quite a few things about updateshehe Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Identd question...
2008/9/26 Eric <[EMAIL PROTECTED]>: > Agus wrote: >> >> Hi guys, >> >> Just wondering if i can have like a "central" ident server on my >> LANthats cause my boxes are behind A NAT so i can only forward >> identd requests to oneand i mean like a fake one..cause the >> process may be on one of the other boxes that require de ident, is >> clear?...i read about fakeidentdjust wanted to ask your opinion or >> experience on this >> > > > i found liedent to work the best for me. i used it primarily for irc servers > that wanted an ident response. just forward the port to your bsd box behind > the firewall and it should work > Cool... Exactly that will be the main use...IRC serversi will redirect the port to one box where i will keep that liedent server... Sahil, The problem is that i have few boxes behind a NAT so IRC servers asking for identd are blocke in the FWand i cant redirect/forward port 113 to all boxes...i can only to one...so i need an identd that would fake the response cause the process being asked by the identd will not be in that box...So if its a common identd it will respond with ERROR-USER UNKNOWN or sthg similar... Thanks for sharing, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Identd question...
Hi guys, Just wondering if i can have like a "central" ident server on my LANthats cause my boxes are behind A NAT so i can only forward identd requests to oneand i mean like a fake one..cause the process may be on one of the other boxes that require de ident, is clear?...i read about fakeidentdjust wanted to ask your opinion or experience on this Thanks and cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Auto blacklist ssh connections ...
2008/9/17 Mel <[EMAIL PROTECTED]>:
> On Thursday 18 September 2008 01:15:45 Marc G. Fournier wrote:
>> Does anyone know of a utility that I can use with sshd to auto-block by IP
>> if there are more then N failed attempts in a row?
>
> # crontab -l
> @reboot /usr/sbin/daemon -p /var/run/grok-ssh.pid /usr/local/bin/grok -f
> /etc/pf/grok-ssh.conf
>
> # grep -- -0F /usr/local/bin/grok
> my $TAIL = "/usr/bin/tail -0F";
>
> so that newsyslog doesn't interfere.
>
> $ cat /etc/pf/grok-ssh.conf
> file "/var/log/auth.log" {
>type "ssh-illegal-user" {
>match = "Invalid user %USERNAME% from %IP%";
>threshold = 5; # 5 hits ...
>key = "%IP%";# from a single ip ...
>interval = 60; # in 1 minutes
>reaction = "/root/bin/pfscanners %IP%"; # permanent
>};
>
>type "ssh-scan-possible" {
>match = "Did not receive identification string from %IP%";
>threshold = 3;
>interval = 60;
>reaction = "/sbin/pfctl -t scanners -Tadd %IP%"; #temporary
>};
> };
>
> $ cat /root/bin/pfscanners
> #!/bin/sh
>
> while( test ! -z "$1" ); do
>/sbin/pfctl -t scanners -Tadd $1
>echo $1 >> /etc/pf/scanners.table
>shift
> done
>
> $ grep scanners /etc/pf.conf
> table persist file "/etc/pf/scanners.table"
> block in log on $ext_if from
>
> --
> Mel
>
> Problem with today's modular software: they start with the modules
>and never get to the software part.
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
Cool utilities..:)
Also you may consider if you want to watch another logs and alert you
about that...you should try sec.plits in the ports...
Very configurable and helps you with all your logs you want
>From there you could add it to the hosts.allow or you could lunch a
script or a FW rule...
Cheers,
Agustin
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Login Shells /SSHd causing high CPU load....
Hi guys... I've been experiencing a weird increase in the percentage of CPU Load... It was weird cause after i logged in..just that second the load begins to decreaseso i assumed there was maybe some backup or cron running...And as i was busy i didnt have the time to investigate Now i took a little depth look and found that whenever someone Logs in or when i su - to root the load goes up to 3.5..when the avg load on the server is 0.4 it happens with all shells.i thought it was a tcsh thing cause is the one i use..so i change my login shell to bash and the samethen i noticed that sshd also increases pretty bad the load...so the question is how can i fix this...or how can i at least try to trace this... Cheers and thanks in advance for any answer, hint you can give me Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Having issues whith limit.conf, limitsession capability...
Hi guysJust as the subject says I am testing this and when setting a new class, it doesnt seem to respond... limit1 class added to user test1 using vipw... added to login.conf limit1|Limit for test1 account:\ :sessionlimit=2:\ :tc=default: cap_mkdb login.conf after this i login locally and from lan via ssh as many times as i want...:/ Am i missing something? Thanks and cheers guys, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tcpdump question
2008/8/29 Olivier Nicole <[EMAIL PROTECTED]>: > Edward, > >> I want to know what's meaning of 'S','.','P','F'? > > You should learn a bit about TCP protocol. > > S is for SYN (synchronize) > P is for PUSH > F is for FIN > . is for nothing > > Pakets are: > > 3 way hand shake initiate TCP connection > client > server SYN > sever > client SYN ACK > client > server ACK > > client > server send data > server > client ACK and send data > client > server ACK > > tTermination > client > server FIN > server > client ACK > server > cient FIN > client > server ACK > > ACk means acknowledge. > > Olivier > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > Hi, Not too much to add...exept that yes..you need to have a look at TCP/IP to understand what those flags and packets mean The SYN flag is used to initiate a "conversation"...like they put..synchronize, is also the first part of the three way handshacke which is the complete negotation for the transmission to begin...you will see sequence and acck numbers also... Then the PUSH flag is to push data..so it probably means that that packet is for the app layer..or something similar... Then the FIN which is the polite way to finish the conversationsee taht it usses 4 ways instead of the three to establish...that is cause FIN probably consumes ACKs while SYN and ACKs doesnt. Theres also another flag to end the communication that is the R - RESET- Usually sent back to app trying to talk to other's box with close port.. Very highly recommende the TCP Illustrated Vol 1 by Richard Stevens... Sorry if i missed or probably have something wrong... Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
BSD Process, etc Limits....
Hi guys I've been googleing regarding this subject - Limiting users in mem, proc and more- for a while now and think that the best and more documented or at least the one that came in all my search results is using login.conf... Just wanted to ask if there is something in particular i should take care, or maybe if theres another way to limit users taht is worth commenting me please feel free to do it... I will appreciate any feedback regarding thisthanks a lot Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Weird Processes on my server from user....
Hi guys, Checking my server i found this processessThe user doesnt appear doing w..so its like if he was doing an scp or something like that...though in this case its sftp... But i read the man and doesnt have much information..so i dont understand what is going in the background with this proccesess or how can i check it... the user is deamon and is a registered user... here is the pstree output: | |-+= 74888 root sshd: deamon [priv] (sshd) | | \-+- 74891 deamon sshd: [EMAIL PROTECTED] (sshd) | | \-+= 74892 deamon csh -c /usr/libexec/sftp-server | | \--- 74893 deamon /usr/libexec/sftp-server | |-+= 75613 root sshd: deamon [priv] (sshd) | | \-+- 75616 deamon sshd: [EMAIL PROTECTED] (sshd) | | \-+= 75617 deamon csh -c /usr/libexec/sftp-server | | \--- 75618 deamon /usr/libexec/sftp-server | \-+= 78566 root sshd: deamon [priv] (sshd) | \-+- 78569 deamon sshd: [EMAIL PROTECTED] (sshd) | \--= 78570 deamon -csh (csh) Thanks and cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Imposible to update/upgrade ports....
2008/7/30 Gerard <[EMAIL PROTECTED]> > On Wed, 30 Jul 2008 12:53:21 -0300 > Agus <[EMAIL PROTECTED]> wrote: > > >Hi guys, > > > >I'v been delaying the installed ports upgrade cause i was testing my > >server and now that it it in production i wanted to upgrade them and > >find it impossible... > > > >I am running > > uname -a > >FreeBSD everest.himalaya.network 6.1-RELEASE FreeBSD 6.1-RELEASE #0: > >Mon May 21 19:48:05 ART 2007 > > > >I did a cvsup to update all ports which did it successfully...then > >installed portmanager and portsaudit > > > >did a pkg_version -v and find the outdated ports, like sec, mysql and > >more > > > >Now while trying to update with > > > >portmanager sysutils/rsync -l -ui -f > >#Then also tried without the f > > > >get this errors: > >- > > > >portmanager 0.4.1_9 > > > > perl-5.8.8_1/lang/perl5.8 > >make Strike 2 > > > >it gets like its looping while updating perl > >For what i saw, portmanager seems to try to update all dependencies > >too..and is failing in that > > > >Something similar happened while trying to update apache22 > > > >Its my first try updating/upgrading ports...and it was hard to find a > >doc explaining thisi mean..there are lots of docs but each with > >different methods... > > > >Well, hope you can give me a jhand.. > > I use portmanager myself occasionally. They this: > > 1) Update your ports tree > 2) Run: portmanager -u -l -y -p > > If it fails again, look in the log file (/var/log/portmanager.log) and > see what it says. You can post the error message back here. > > > -- > Gerard > [EMAIL PROTECTED] > > Convention is the ruler of all. > >Pindar > Hi mate, I update the ports tree with cvsup ports-file... all ok but when i did portmanager -u -l -y -p i starts, but then it has to remove some ports and one of that ports is portmanager itself so it cores.:( so weird...Its really difficult to update the portsi dont even wanna know to pass to rel 7 Dunno how to do it really... Will have to remove all ports installed and then update ports and reinstall them? what would happen to my confs...? Thanks, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Imposible to update/upgrade ports....
2008/7/30 Gerard <[EMAIL PROTECTED]> > On Wed, 30 Jul 2008 12:53:21 -0300 > Agus <[EMAIL PROTECTED]> wrote: > > >Hi guys, > > > >I'v been delaying the installed ports upgrade cause i was testing my > >server and now that it it in production i wanted to upgrade them and > >find it impossible... > > > >I am running > > uname -a > >FreeBSD everest.himalaya.network 6.1-RELEASE FreeBSD 6.1-RELEASE #0: > >Mon May 21 19:48:05 ART 2007 > > > >I did a cvsup to update all ports which did it successfully...then > >installed portmanager and portsaudit > > > >did a pkg_version -v and find the outdated ports, like sec, mysql and > >more > > > >Now while trying to update with > > > >portmanager sysutils/rsync -l -ui -f > >#Then also tried without the f > > > >get this errors: > >- > > > >portmanager 0.4.1_9 > > > > perl-5.8.8_1/lang/perl5.8 > >make Strike 2 > > > >it gets like its looping while updating perl > >For what i saw, portmanager seems to try to update all dependencies > >too..and is failing in that > > > >Something similar happened while trying to update apache22 > > > >Its my first try updating/upgrading ports...and it was hard to find a > >doc explaining thisi mean..there are lots of docs but each with > >different methods... > > > >Well, hope you can give me a jhand.. > > I use portmanager myself occasionally. They this: > > 1) Update your ports tree > 2) Run: portmanager -u -l -y -p > > If it fails again, look in the log file (/var/log/portmanager.log) and > see what it says. You can post the error message back here. > > > -- > Gerard > [EMAIL PROTECTED] > > Convention is the ruler of all. > >Pindar > OK...I ll try it. Thanks :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Imposible to update/upgrade ports....
Hi guys, I'v been delaying the installed ports upgrade cause i was testing my server and now that it it in production i wanted to upgrade them and find it impossible... I am running uname -a FreeBSD everest.himalaya.network 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Mon May 21 19:48:05 ART 2007 I did a cvsup to update all ports which did it successfully...then installed portmanager and portsaudit did a pkg_version -v and find the outdated ports, like sec, mysql and more Now while trying to update with portmanager sysutils/rsync -l -ui -f #Then also tried without the f get this errors: - portmanager 0.4.1_9 perl-5.8.8_1/lang/perl5.8 make Strike 2 it gets like its looping while updating perl For what i saw, portmanager seems to try to update all dependencies too..and is failing in that Something similar happened while trying to update apache22 Its my first try updating/upgrading ports...and it was hard to find a doc explaining thisi mean..there are lots of docs but each with different methods... Well, hope you can give me a jhand.. Thanks and Cheers, Agus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Update Single Port tree due MOVED....
Hi guys, Yesterday while updating my ports...I don't use all-ports, i instead choose the ones i use from the ports-supfile, i realized that when i wanted to install portaudit and some other ports management utils, they weren't anymore on sysutils...i looked at MOVED and swa that they are now in ports-mgmtBut i dont have that dir...so i was wondering how can i update this changes on ports tree without using ports-all Is there a way to update de ports-supfile o r something to update and bring the entire ports-mgmt for instance to my ports colection? i assume using cvsup directly i can checkout..but i wanted to check it woith you first..and how can i do this... Thanks in advance, Agus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
VLAN vs Virtual IPs(Alias)....
Hi guys, I have a doubt while planning my network enlargement... I have a router where i created 3 Virtual ips(alias)...eth0:1, eth0:2, etcso i have 3 subnets with only one eth interface192.168.[0-3].0 subnets...this connected to a switch, a simple one which doesnt support 802.1q and 4 bsds connected to the switch, 2 in one subnet and the otheres in each subnet, thus the 3 subnets(alias) in my routerI was reading and wanted to know which is the difference, which one is better, can i implement any of this two options (Vlan or Alias) in my network? do i need to recompile my kernel? i have 6.2? Thanks in advance, Have a nice weekend, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Top display pri and renice questions...
Hi guys, Have a question regarding top PRI and the renice command extract from top PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 17269 brahama 1 960 5932K 5300K select 30:55 0.00% perl5.8.8 Ok...what are the values of PRI? for instance if i renice this pid 10, it will go to 106...where can i find relevant info about this...I benn lookint and couldnt find any clear explanation... Ok..and the renice question is regarding this parameters.. on man it says that by doing this: renice +1 987 -u daemon root -p 32 would change the priority of process ID's 987 and 32, and all processes owned by users daemon and root. but i cannot seem to make it worki want to renice peoples group processes to 10 but i get renice: Bad pid argument: people like its getting people as a PID...people is a group from /etc/group.. Can this be done? Thanks and cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Change email header .....
2008/7/14 Bill Campbell <[EMAIL PROTECTED]>: > On Mon, Jul 14, 2008, Agus wrote: > >Hi guys, > > > >All i wanna do this time is change the mail from: header to another > >address...As my system is named after an internal network name and doesnt > >resolv from outside my LAN..when i send an email, for instance when a user > >registers, they received it with the systems internal address and they > cant > >reply it cause of course it will get bouncedSo i wanna change the from > >header to an address where i have a mail redirection accountI know how > >to do it from telnet for instance..its simple..but as i send emails from a > >script using the mail program.. > > > >I basically do cat welcome_msg|mail -s "Welcome..." [EMAIL PROTECTED] > > > >So i was wondering if there is a way to send this automated emails > changing > >the header from: > >Perhaps theres another program or way...Im open to suggestions... > > Mutt allows one to specify any headers you like, even being able > to tailor them to the recipient. > > One could also contruct your own headers, and feed it through > sendmail: > > cat << DONE > From: [EMAIL PROTECTED] > Subject: anything you like > Reply-To: [EMAIL PROTECTED] > > There is a blank line separating this message body from the > headers above. > > Bill > DONE || /usr/lib/sendmail [EMAIL PROTECTED] > > Substitute the appropriate path for sendmail if necessary. > > Bill > -- > INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC > URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way > Voice: (206) 236-1676 Mercer Island, WA 98040-0820 > Fax:(206) 232-9186 > > Government spending? I don't know what it's all about. I don't know > any more about this thing than an economist does, and, God knows, he > doesn't know much. -- Will Rogers > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > Hi guys...thankss...it seems thats exactly what i need...i ll try it now... Yes..sorry..i am using Sendmailforgot that.. Thank u very much guys C ya... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Change email header .....
Hi guys, All i wanna do this time is change the mail from: header to another address...As my system is named after an internal network name and doesnt resolv from outside my LAN..when i send an email, for instance when a user registers, they received it with the systems internal address and they cant reply it cause of course it will get bouncedSo i wanna change the from header to an address where i have a mail redirection accountI know how to do it from telnet for instance..its simple..but as i send emails from a script using the mail program.. I basically do cat welcome_msg|mail -s "Welcome..." [EMAIL PROTECTED] So i was wondering if there is a way to send this automated emails changing the header from: Perhaps theres another program or way...Im open to suggestions... Thanks and cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Deny access from localhost to internet.....
2007/9/29 RW <[EMAIL PROTECTED]>: > On Sun, 30 Sep 2007 02:22:42 +0200 > Sten Daniel Soersdal <[EMAIL PROTECTED]> wrote: > > > Agus wrote: > > > Hi guys, > > > > > > How are you today? > > > The question is this..I want to restrict external access, that is > > > from my BSD to the internet, to some groups of users. Other groups > > > i want to access internet normally. I dont want this group of users > > > to be able to establish connections to the internet but yes to the > > > internal systems on the LAN... > > > > > > Is this possible without hacking the kernel? > > > > > > Thanks and salutes for all > > > > > > > You want to restrict internet, but not LAN, access for certain users > > logged into your BSD box? > > > > man ipfw ( look for "uid" and "gid" ) > > man pf( look for "user" and "group" ) > > > > Danger Will Robinson! > > Don't do that unless you've read the bugs sections of the ipfw > and pf.conf man pages. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > OK...cool...i am using pf as firewall...arent any issues in using both? i mean pf and ipfw? Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSHD Config questions
2008/6/25 Mark Price <[EMAIL PROTECTED]>: > On Wed, Jun 25, 2008 at 12:04 AM, Agus <[EMAIL PROTECTED]> wrote: > > Hi fellows, > > > > I am trying to configure sshd on my bsd and wanted to ask if the opitons > > there, in case i enable them are "resource intensive"; > > Let me give u an example, > > > > For instance, the Options > > #ClientAliveInterval 0 > > #ClientAliveCountMax 3 > > You can enable these options and they should have very little impact > on your RAM usage. I dont think you will see any difference with > 192MB RAM. > > What is it that you are trying to accomplish? It is good to set > ClientAliveInterval if your clients are behind NAT routers, to keep > the NAT sessions from timing out. > > Regards, > > Mark > > -- > Mark Price > RootBSD > http://www.rootbsd.net > Thanks for your answers guysMark, clients would be users from wherever..so i really dunno if they are coming from NAT routers...I dont have the site translated yet so i cant show u..its in spanish... But per your advise guys i wil enable all this checks and see... Thanks again... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SSHD Config questions
Hi fellows, I am trying to configure sshd on my bsd and wanted to ask if the opitons there, in case i enable them are "resource intensive"; Let me give u an example, For instance, the Options #ClientAliveInterval 0 #ClientAliveCountMax 3 In case i enable them, would my server, which is very small(Very little RAM,192MB i think)..its just for educational purposes; could my server cope with it if for instance tehre were quite a few clients connected? I dont know how to put this question...sorry.. What would be better. To enable them or keep them disabled. Cause there might be lots of users and what if a few connections keep there alive wasting resources while not being used, instead if the options enabled, they would be disconnected, but would this options interfere in sshd performance? I put those options only as an example; if you know of others that i should enable please dont hesitate to share it ;) Hope you guys get the concept... Thanks a lot as always and have a nice one... Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
2008/6/20 David Robillard <[EMAIL PROTECTED]>: > >> Thank u all very much guysi will see if i do a graceful or simply a > >> restart cause i dont think the apache will be getting too many > connections > >> all the timebut that clarifications was quite good Davidand > thank u > >> for the examplethat is always the best way to understand > things...much > >> appreciated... > >> > >> Will try bothjust a question about compression...What i understood > >> from your mail is that as apache takes some time to let his children > close > >> all connections i shouldn zip those logs cause, newsyslog wont wait till > >> apache finishes and probably will xip logs that are still being access > by > >> the children? if htat is the case using a HUP will close all and allow > me to > >> use compresion? > > Yes it would. But if you go this route, you might loose some logs from > the childrens. If you don't run a busy server with lots of hits and > lots of VirtualHosts, then that might not be a problem for you. Like > Ruben said, YMMV. > > IMHO, if the Apache Best Practices and documentation say you should > use USR1 and not compress the logs automatically via newsyslog(8) or > logrotate(8), then that's what I do. > > Of course, you can compress the logs at a later time once the files > have been rotated of course. But with today's disk sizes and SAN > storage, I'd be surprised that a few Apache log files can pose a disk > space problem. > > Think of it another way. If today you run a single very small site, > then you might want be tempted to use HUP and compression simply > because it's easier and, well, it works. Agreed that using USR1 seems > a little more complicated (a little) and might seem like an overkill > setup for a single small site. > > But tomorrow you might end up working for a very large site that runs > a huge number of VirtualHosts with thousands of hits per seconds on a > three-tier web platform that has a cluster of web servers, application > servers and backend databases. If you've learned and used the Best > Practices back in the days when you had your single little web site, > then it won't be a secret to you and you'll be ready to tackle the > demands of a bigger site. Besides, it's not like using USR1 is some > form of arcane black sysadmin magic, right? :) > > If you need more info on this topic, check out the official > documentation (i.e. RTFM ;-) > > Apache 1.3 > http://httpd.apache.org/docs/1.3/stopping.html > > Apache 2.0 > http://httpd.apache.org/docs/2.0/stopping.html > > Apache 2.2 > http://httpd.apache.org/docs/2.2/stopping.html > > > > Sorry guys...got one more doubtWhy do u use B (binary) if apache logs > > are simple text? any particular reason? > > From the newsyslog.conf(5) man page: > > B indicates that the log file is a binary file, or has > some > special format. Usually newsyslog(8) inserts an ASCII > message into a log file during rotation. This message > is > used to indicate when, and sometimes why the log file > was > rotated. If B is specified, then that informational > mes- > sage will not be inserted into the log file. > > Indeed, the Apache logs are ASCII files. I use the B flag in > newsyslog.conf(5) simply because I don't want to have newsyslog(8) to > write anything in the Apache logs. Why? Because it confuses our Apache > log file analyzers. That's all. I mean, I know the reasons why the > logs are rotated and I know that it's newsyslog(8) that did it (I > should know, I'm the one who configured it). So I don't need a > reminder inside the logs about it. Once again, YMMV. > > HTH, > > David > -- > David Robillard > UNIX systems administrator & Oracle DBA > CISSP, RHCE & Sun Certified Security Administrator > Montreal: +1 514 966 0122 > Greatthanks again...I'll be using B and no HUP...i will follow apache's doc and your advice...hehe.. Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
2008/6/20 Agus <[EMAIL PROTECTED]>: > 2008/6/19 David Robillard <[EMAIL PROTECTED]>: > >> > Well yes, this is precisely the reason why we use a SIGHUP (equivalent >> to >> > "apachectl restart") instead of a SIGUSR1 (apachectl graceful). We don't >> > really care about a few broken client connections since the logs are >> rotated >> > at a quiet time. >> > >> > Of course, YMMV. >> >> Yes, of course :) >> >> > regards, >> > Ruben >> >> Cheers, >> >> DA+ >> -- >> David Robillard >> UNIX systems administrator & Oracle DBA >> CISSP, RHCE & Sun Certified Security Administrator >> Montreal: +1 514 966 0122 >> > > > Thank u all very much guysi will see if i do a graceful or simply a > restart cause i dont think the apache will be getting too many connections > all the timebut that clarifications was quite good Davidand thank u > for the examplethat is always the best way to understand things...much > appreciated... > > Will try bothjust a question about compression...What i understood from > your mail is that as apache takes some time to let his children close all > connections i shouldn zip those logs cause, newsyslog wont wait till apache > finishes and probably will xip logs that are still being access by the > children? if htat is the case using a HUP will close all and allow me to use > compresion? > > Cheers, > Agustin > Sorry guys...got one more doubtWhy do u use B (binary) if apache logs are simple text? any particular reason? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Vsftpd rotate logs with newsyslog...
2008/6/19 David Robillard <[EMAIL PROTECTED]>: > > Well yes, this is precisely the reason why we use a SIGHUP (equivalent to > > "apachectl restart") instead of a SIGUSR1 (apachectl graceful). We don't > > really care about a few broken client connections since the logs are > rotated > > at a quiet time. > > > > Of course, YMMV. > > Yes, of course :) > > > regards, > > Ruben > > Cheers, > > DA+ > -- > David Robillard > UNIX systems administrator & Oracle DBA > CISSP, RHCE & Sun Certified Security Administrator > Montreal: +1 514 966 0122 > Thank u all very much guysi will see if i do a graceful or simply a restart cause i dont think the apache will be getting too many connections all the timebut that clarifications was quite good Davidand thank u for the examplethat is always the best way to understand things...much appreciated... Will try bothjust a question about compression...What i understood from your mail is that as apache takes some time to let his children close all connections i shouldn zip those logs cause, newsyslog wont wait till apache finishes and probably will xip logs that are still being access by the children? if htat is the case using a HUP will close all and allow me to use compresion? Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Vsftpd rotate logs with newsyslog...
Hi fellows... I am wanting to rotate logs for vsftpd using newsyslog...My question is, does vsftpd needs to get the HUP or any signal after rotation? I run it from inetd so i guess the HUP should be sent to inetd.pid right? Well, i take this opportunity also to ask about Apache toowhich signal should i send? Thank guys in advance, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Doubt about hanged ESTABLISHED connections on netstat...
Hi guys, Today i was on my Freebsd6.1 logged from my notebook through SSH...somehow i lost my Internet connection on my laptop; i realized that, cause i couldnt type anything on ssh so i checked and i had lost internet connectionI reset my router..connect through Internet, now working, to my BSD again and i can see the old connections as ESTABLISHED.They are hanged there cause of the loss of my connection i guessSo my doubt and question was; Is this normal behaviour, who is "in charge" of managing this? the TCP stack, or can i config SSH...If someone who's got the time and willing to explain, share thoughts about this, i ll be grateful... Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to delete One line on tcsh history....??
2008/5/15 Pietro Cerutti <[EMAIL PROTECTED]>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > Agus wrote: > | Hi guys, > | > | I've been trying to delete one line from my user tcsh history cause i > made a > | su and it seems didnt hit enter very well so i typed the password on the > | console...Now anyone that can look my history will see my pass... > | > | I tried to edit and delete a few lines but it all comes againtried > | history clear but when i login again it apperas all again..hehe... > | Its so secure and cool tcsh taht i have no idea how to do it...been a > bash > | user... > > You can clear your history (the whole history will be lost!!) by > | history -c > > No clue whether you can remove a single line.. > > | Cheers and thanks, > | Agustin > > - -- > Pietro Cerutti > [EMAIL PROTECTED] > > PGP Public Key: > http://gahr.ch/pgp > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.9 (FreeBSD) > > iEYEAREKAAYFAkgssGYACgkQwMJqmJVx944nJwCeNA0pEAxNW2MAa+p09T61ZIuy > LnEAoJSvP23/4hTq3iDW0xf/tGmfNfTS > =xmcm > -END PGP SIGNATURE- > Cool, thanks guys.I used the history command and worked; weird, i had tried that...maybe i used it in another place... Thanks guys. Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to delete One line on tcsh history....??
Hi guys, I've been trying to delete one line from my user tcsh history cause i made a su and it seems didnt hit enter very well so i typed the password on the console...Now anyone that can look my history will see my pass... I tried to edit and delete a few lines but it all comes againtried history clear but when i login again it apperas all again..hehe... Its so secure and cool tcsh taht i have no idea how to do it...been a bash user... Cheers and thanks, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail local only.....
2008/1/23, Zbigniew Szalbot <[EMAIL PROTECTED]>: > > Hello, > > 2008/1/23, Rob <[EMAIL PROTECTED]>: > > Agus wrote: > > > Just trying to make sendmail work locally only.And by that i mean, > i > > > dont want sendmail to be able to relay or send mail to any other > machine > > > except for localhost > > > > I like to avoid sendmail all together. > > > > Install ports/mail/ssmtp > > > > Turn off sendmail: > > sendmail_enable="NONE" # Run the sendmail inbound daemon > (YES/NO/NONE). > > sendmail_outbound_enable="NO" # Dequeue stuck mail (YES/NO). > > sendmail_submit_enable="NO" # Start a localhost-only MTA for mail > submission > > > > >From pkg-descr: > > "A secure, effective and simple way of getting mail off a system to your > > mail hub. It contains no suid-binaries or other dangerous things - no > mail > > spool to poke around in, and no daemons running in the background. Mail > is > > simply forwarded to the configured mailhost. Extremely easy > configuration. > > > > WARNING: the above is all it does; it does not receive mail, expand > aliases > > or manage a queue. That belongs on a mail hub with a system > administrator. > > > > WWW: http://packages.debian.org/testing/mail/ssmtp.html > > But this is not what OP has asked for! > > Zbigniew Szalbot > Right, this seems to be pretty cool if you want to relay mail with just four lines...but i want to deliver locally only... I think i will go like Mathew says... Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail local only.....
2008/1/23, Agus <[EMAIL PROTECTED]>: > > 2008/1/22, Lowell Gilbert <[EMAIL PROTECTED]>: > > > > Agus <[EMAIL PROTECTED]> writes: > > > > > Just trying to make sendmail work locally only.And by that i mean, > > i > > > dont want sendmail to be able to relay or send mail to any other > > machine > > > except for localhost > > > > > > How can i do this? I mean is there a way on rc.conf or i need to touch > > the > > > cf?? > > > > This is a very standard thing to do. See "man 8 sendmail.conf" > > (as recommended by the rc.conf(8) manual). > > > > > There is no man for sendmail.conf, nor sendmail.cf. > The rc.conf only mentions the rc.sendmail... > > Giorgos, question...is it needed to put the > sendmail_submit_enable="YES" > sendmail_msp_queue_enable="YES" > Although they are the default ones? > > Cheers, > Agustin Maybe i wasnt clear...but with the options you gave me Giorgos i still can send email from localhost to external servers like hotmail for instance, through telnet.I want to disable this, so it can only send mails to local accounts This is because this will be an open server with ssh access, so anyone with access will be able to send mails to everywhere, so i dont want this to happen Cheers and thanks for everyone that can help me... Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail local only.....
2008/1/22, Lowell Gilbert <[EMAIL PROTECTED]>: > > Agus <[EMAIL PROTECTED]> writes: > > > Just trying to make sendmail work locally only.And by that i mean, i > > dont want sendmail to be able to relay or send mail to any other machine > > except for localhost > > > > How can i do this? I mean is there a way on rc.conf or i need to touch > the > > cf?? > > This is a very standard thing to do. See "man 8 sendmail.conf" > (as recommended by the rc.conf(8) manual). > There is no man for sendmail.conf, nor sendmail.cf. The rc.conf only mentions the rc.sendmail... Giorgos, question...is it needed to put the sendmail_submit_enable="YES" sendmail_msp_queue_enable="YES" Although they are the default ones? Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail local only.....
2008/1/22, Giorgos Keramidas <[EMAIL PROTECTED]>: > > On 2008-01-22 16:28, Schiz0 <[EMAIL PROTECTED]> wrote: > >On Jan 22, 2008 4:25 PM, Agus <[EMAIL PROTECTED]> wrote: > >> Hi guys, > >> Just trying to make sendmail work locally only.And by that i > >> mean, i dont want sendmail to be able to relay or send mail to any > >> other machine except for localhost > >> > >> How can i do this? I mean is there a way on rc.conf or i need to > >> touch the cf?? > > > > Search the file /etc/defaults/rc.conf for "sendmail" > > It has a bunch of options and explains what they do. > > NOTE: do not edit /etc/defaults/rc.conf - that's just the "Default > > settings" file. > > Make any changes in the /etc/rc.conf file instead. > > > > Basically, you want > > > > sendmail_enable="NO" > > > > And the rest of the sendmail options enabled. > > Not all of them, mind you. I use the following on my laptop: > > sendmail_enable="NO" > sendmail_outbound_enable="NO" > sendmail_submit_enable="YES" > sendmail_msp_queue_enable="YES" > > A fairly good explanation of why this setup works only as a 'local MTA', > and doesn't accept incoming SMTP connections from the world can be found > in the manpage of rc.sendmail: > > % man rc.sendmail > > To the original poster: > > Feel free to use the above sendmail_xxx settings in your `/etc/rc.conf' > file, but please make sure that you also: > > ... understand why these settings make Sendmail only forward locally > generated email messages, by reading the rc.sendmail manpage. > > ... have configured properly your local `/etc/mail/sendmail.cf' and > `/etc/mail/submit.cf' files. > > ... read the Handbook section about Sendmail, and let us know if you > find it difficult to understand, or you would like to see more stuff > documented. > > Cheers, > Giorgos > > Well thank you very much Giorgos and allwill use this but first will read all the mans you suggested me. Very much appreciated... Cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Sendmail local only.....
Hi guys, Just trying to make sendmail work locally only.And by that i mean, i dont want sendmail to be able to relay or send mail to any other machine except for localhost How can i do this? I mean is there a way on rc.conf or i need to touch the cf?? Thanks in advance and cheers, Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: check processes started by inetd
2008/1/20, Warren Block <[EMAIL PROTECTED]>: > > On Sun, 20 Jan 2008, Jonathan Horne wrote: > > > how can i check to see the processes that have been started by inetd? i > mean > > other than reading the inetd.conf file... but something like top or > something > > that shows me the processes that are actually running? > > Kind of depends on what you're looking for, but ps ax, or enable inetd > logging, or maybe sockstat. If you're new to FreeBSD, remember that > inetd isn't enabled by default, and a lot of the daemons it's used to > start on other systems can be run on their own. > > -Warren Block * Rapid City, South Dakota USA > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > Try netstat. That way you will see which ports are listenning...Acording to that you will see if inetd is actually running..And as Warren says, it is disabled by default Cheers, Brahama ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Cant send email using mail but it works telnetting...
2007/9/29, Christer Hermansson <[EMAIL PROTECTED]>: > > Agus wrote: > >> You want the mail to be delivered to the file /var/mail/username ? > >> > >> I just typed at my machine (running freebsd and sendmail) > >> > >> mail -s "Testing" [EMAIL PROTECTED] > >> hello > >> . > >> > >> and the mail got delivered to the file /var/mail/cat > >> > >> How is your sendmail configuration, I guess you have done some changes > >> and not using the default ? > >> > >> -- > >> > >> Christer Hermansson > >> > >> > >> > >> Hi Christer, > >> > > > > Thanks for the replyexactly that...i want the mail to be delivered > to > > [EMAIL PROTECTED] is i say...i got it stucked in the queue > deferred > > > > I didn't touch the sendmail conf..as far as i remember..also i dont know > > much about sendmail conf so it would be difficult that i had modified > > it...I'll check though > > > > thanks...and have a nice weekend all > > > > > This is just a guess: > > Maybe you have changed the line > > # root: [EMAIL PROTECTED] > > in the file /etc/mail/aliases > > -- > > Christer Hermansson > > > No Christerthe line is the same as the one you put...it is also commented... Thanks again.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Cant send email using mail but it works telnetting...
2007/9/29, Christer Hermansson <[EMAIL PROTECTED]>:
>
> Agus wrote:
> > Hi list...
> >
> > I gound a problem while trying to send an email with a script using mail
> -s
> > "Subject" [EMAIL PROTECTED]
> > Then i entered the data...finished with . but it gets stuck in the queue
> > with this...
> >
> > V8
> > T1191019178
> > K1191020151
> > N2
> > P120418
> > I0/80/47582
> > MDeferred: Connection refused by himalaya.free-shells.com.ar.
> > Fbs
> > $_localhost [127.0.0.1]
> > $rESMTP
> > $severest.free-shells.com.ar
> > ${daemon_flags}
> > ${if_addr}127.0.0.1
> > S<[EMAIL PROTECTED]>
> > MDeferred: Connection refused by himalaya.free-shells.com.ar.
> > rRFC822; [EMAIL PROTECTED]
> > RPFD:<[EMAIL PROTECTED]>
> > H?P?Return-Path: <<81>g>
> > H??Received: from everest.free-shells.com.ar (localhost [127.0.0.1])
> > by everest.free-shells.com.ar (8.13.6/8.13.6) with ESMTP id
> > l8SMdc7L021779
> > for <[EMAIL PROTECTED]>; Fri, 28 Sep 2007 19:39:38
> > -0300 (ART)
> > (envelope-from [EMAIL PROTECTED])
> > H??Received: (from [EMAIL PROTECTED])
> > by everest.free-shells.com.ar (8.13.6/8.13.6/Submit) id
> > l8SMdc3P021778
> > for [EMAIL PROTECTED]; Fri, 28 Sep 2007 19:39:38 -0300 (ART)
> > (envelope-from brahama)
> > H??Date: Fri, 28 Sep 2007 19:39:38 -0300 (ART)
> > H??From: User Brahama <[EMAIL PROTECTED]>
> > H??Message-Id: <[EMAIL PROTECTED]>
> > H??To: [EMAIL PROTECTED]
> > H??Subject: subjet
> > .
> >
> >
> >
> > My hostname is everestmy firewall/router name is himalaya
> >
> > I think the problem is that is trying to resolve to
> > himalaya.free-shells.com.ar which is the FQDN in my NS
> > could it be that? how can i bypass local mail to go directly to
> localhost
> > sendmail...?
> >
> > Thanks...
> >
> > PS: While telneting localhost 25 and sending it manually works
> >
> You want the mail to be delivered to the file /var/mail/username ?
>
> I just typed at my machine (running freebsd and sendmail)
>
> mail -s "Testing" [EMAIL PROTECTED]
> hello
> .
>
> and the mail got delivered to the file /var/mail/cat
>
> How is your sendmail configuration, I guess you have done some changes
> and not using the default ?
>
> --
>
> Christer Hermansson
>
>
>
> Hi Christer,
Thanks for the replyexactly that...i want the mail to be delivered to
[EMAIL PROTECTED] is i say...i got it stucked in the queue deferred
I didn't touch the sendmail conf..as far as i remember..also i dont know
much about sendmail conf so it would be difficult that i had modified
it...I'll check though
thanks...and have a nice weekend all
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Cant send email using mail but it works telnetting...
Hi list...
I gound a problem while trying to send an email with a script using mail -s
"Subject" [EMAIL PROTECTED]
Then i entered the data...finished with . but it gets stuck in the queue
with this...
V8
T1191019178
K1191020151
N2
P120418
I0/80/47582
MDeferred: Connection refused by himalaya.free-shells.com.ar.
Fbs
$_localhost [127.0.0.1]
$rESMTP
$severest.free-shells.com.ar
${daemon_flags}
${if_addr}127.0.0.1
S<[EMAIL PROTECTED]>
MDeferred: Connection refused by himalaya.free-shells.com.ar.
rRFC822; [EMAIL PROTECTED]
RPFD:<[EMAIL PROTECTED]>
H?P?Return-Path: <<81>g>
H??Received: from everest.free-shells.com.ar (localhost [127.0.0.1])
by everest.free-shells.com.ar (8.13.6/8.13.6) with ESMTP id
l8SMdc7L021779
for <[EMAIL PROTECTED]>; Fri, 28 Sep 2007 19:39:38
-0300 (ART)
(envelope-from [EMAIL PROTECTED])
H??Received: (from [EMAIL PROTECTED])
by everest.free-shells.com.ar (8.13.6/8.13.6/Submit) id
l8SMdc3P021778
for [EMAIL PROTECTED]; Fri, 28 Sep 2007 19:39:38 -0300 (ART)
(envelope-from brahama)
H??Date: Fri, 28 Sep 2007 19:39:38 -0300 (ART)
H??From: User Brahama <[EMAIL PROTECTED]>
H??Message-Id: <[EMAIL PROTECTED]>
H??To: [EMAIL PROTECTED]
H??Subject: subjet
.
My hostname is everestmy firewall/router name is himalaya
I think the problem is that is trying to resolve to
himalaya.free-shells.com.ar which is the FQDN in my NS
could it be that? how can i bypass local mail to go directly to localhost
sendmail...?
Thanks...
PS: While telneting localhost 25 and sending it manually works
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Deny access from localhost to internet.....
Hi guys, How are you today? The question is this..I want to restrict external access, that is from my BSD to the internet, to some groups of users. Other groups i want to access internet normally. I dont want this group of users to be able to establish connections to the internet but yes to the internal systems on the LAN... Is this possible without hacking the kernel? Thanks and salutes for all Agusitn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to add rule with pfctl...
2007/9/18, Agus <[EMAIL PROTECTED]>:
>
> 2007/9/18, Erik Osterholm <[EMAIL PROTECTED]>:
> >
> > On Mon, Sep 17, 2007 at 11:30:03PM -0300, Agus wrote:
> > > Agus wrote:
> > > >
> > > > 2007/9/15, Mel <[EMAIL PROTECTED]> <[EMAIL PROTECTED]
> > >:
> > > >
> > > > On Saturday 15 September 2007 23:18:17 Agus wrote:
> > > >
> > > > I am trying to figure out how to add a firewall rule with
> > pfctl...
> > > > This is what i'm trying to do...
> > > >
> > > > I've got SEC that matches certain pattern and takes the IP from that
> > and
> > > > want to trigger a firewall rule to block that IP
> > > > Then after a couple of hours SEC will trigger the command to
> > un-block
> > > >
> > > > the
> > > >
> > > > IP...
> > > > So what i need is the command to block an IP address from command
> > line,
> > > >
> > > > not
> > > >
> > > > touching any pf.conf
> > > >
> > > > If you don't need to add a rule but an IP, then tables are your
> > friend.
> > > > Example for /etc/pf.conf:
> > > > # Placeholder for spammers table, non-routable network IP.
> > > > table persist { 192.168.111.111 }
> > > > # Block this traffic
> > > > block return-rst in log on $ext_if proto tcp from port
> > smtp
> > > >
> > > > Then on the command line:
> > > > /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> > > > And to delete:
> > > > /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
> > > >
> > > > --
> > > > Mel
> > > > ___
> > > > freebsd-questions@freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > > To unsubscribe, send any mail to "
> > [EMAIL PROTECTED]"
> > > >
> > > > Hi,
> > > > I put this on /etc/pf.conf
> > > > external_addr="192.168.1.11" which is the address of the only
> > interface.
> > > > This machine isn't a router.
> > > >
> > > > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> > > > $external_addr port ssh
> > > >
> > > > but when i try to connect from 192.168.0.1 i connect with no
> > problems...this
> > > > rule is to block access..
> > > > What am i doing wrong..is my first time with pf...
> > > >
> > > > Thankss...
> > > > ___
> > > > freebsd-questions@freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > > To unsubscribe, send any mail to "
> > [EMAIL PROTECTED]" <[EMAIL PROTECTED]
> > >
> > > >
> > > > 2007/9/17, Goltsios Theodore <[EMAIL PROTECTED]>:
> > > Well I think that you mean to add this:
> > >
> > > ext_if="rl0" # Or whatever your interface is ifconfig helps to find
> > out
> > > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> > $ext_if
> > > port ssh
> > >
> > > or even:
> > > ext_if="rl0"
> > > external_addr="192.168.1.11"
> > > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> > > $external_addr port ssh
> > >
> > > Think of macros as variables. As long as you don't define them they
> > don't
> > > exist (are empty).
> > >
> > >
> > >
> > > I knowTheodore, i've done it exactly like u put itfirst declare
> > macros
> > > and then the rule
> > > but i couldn't block access to the machinethis rule is supposed to
> > block
> > > all access to port 22 on the machine coming from 192.168.0.1but I
> > can
> > > access from there...
> > >
> > > i checked pfctl -e
> > > pfctl -sa
> > >
> > > and everything seems to be loaded...
> > >
> > > Thanks...
> >
> > Are you sure that you're trying to block only from a specific host?
> > The source address shouldn't change, even if you're doing nat. I
> > would assume that you'd want an 'any' keyword there, rather than
Re: How to add rule with pfctl...
2007/9/18, Erik Osterholm <[EMAIL PROTECTED]>:
>
> On Mon, Sep 17, 2007 at 11:30:03PM -0300, Agus wrote:
> > Agus wrote:
> > >
> > > 2007/9/15, Mel <[EMAIL PROTECTED]> <
> [EMAIL PROTECTED]>:
> > >
> > > On Saturday 15 September 2007 23:18:17 Agus wrote:
> > >
> > > I am trying to figure out how to add a firewall rule with
> pfctl...
> > > This is what i'm trying to do...
> > >
> > > I've got SEC that matches certain pattern and takes the IP from that
> and
> > > want to trigger a firewall rule to block that IP
> > > Then after a couple of hours SEC will trigger the command to un-block
> > >
> > > the
> > >
> > > IP...
> > > So what i need is the command to block an IP address from command
> line,
> > >
> > > not
> > >
> > > touching any pf.conf
> > >
> > > If you don't need to add a rule but an IP, then tables are your
> friend.
> > > Example for /etc/pf.conf:
> > > # Placeholder for spammers table, non-routable network IP.
> > > table persist { 192.168.111.111 }
> > > # Block this traffic
> > > block return-rst in log on $ext_if proto tcp from port smtp
> > >
> > > Then on the command line:
> > > /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> > > And to delete:
> > > /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
> > >
> > > --
> > > Mel
> > > ___
> > > freebsd-questions@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
> > >
> > > Hi,
> > > I put this on /etc/pf.conf
> > > external_addr="192.168.1.11" which is the address of the only
> interface.
> > > This machine isn't a router.
> > >
> > > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> > > $external_addr port ssh
> > >
> > > but when i try to connect from 192.168.0.1 i connect with no
> problems...this
> > > rule is to block access..
> > > What am i doing wrong..is my first time with pf...
> > >
> > > Thankss...
> > > ___
> > > freebsd-questions@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to "
> [EMAIL PROTECTED]" <
> [EMAIL PROTECTED]>
> > >
> > > 2007/9/17, Goltsios Theodore <[EMAIL PROTECTED]>:
> > Well I think that you mean to add this:
> >
> > ext_if="rl0" # Or whatever your interface is ifconfig helps to find out
> > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> $ext_if
> > port ssh
> >
> > or even:
> > ext_if="rl0"
> > external_addr="192.168.1.11"
> > block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> > $external_addr port ssh
> >
> > Think of macros as variables. As long as you don't define them they
> don't
> > exist (are empty).
> >
> >
> >
> > I knowTheodore, i've done it exactly like u put itfirst declare
> macros
> > and then the rule
> > but i couldn't block access to the machinethis rule is supposed to
> block
> > all access to port 22 on the machine coming from 192.168.0.1but I
> can
> > access from there...
> >
> > i checked pfctl -e
> > pfctl -sa
> >
> > and everything seems to be loaded...
> >
> > Thanks...
>
> Are you sure that you're trying to block only from a specific host?
> The source address shouldn't change, even if you're doing nat. I
> would assume that you'd want an 'any' keyword there, rather than a
> specific IP address.
>
> Also, you can add hosts to the table automatically based on number of
> connections over a given period of time:
>
> block quick from
> pass on $ext_if inet proto tcp from any to $myip port 22 flags S/SA keep
> state (max-src-conn-rate 5/30, overload flush global)
>
> The first rule blocks hosts from the blackhole table. The second adds
> hosts to the blackhole table and kills their state if they connect
> more than 5 times in 30 seconds. This is obviously tunable-- 3/30
> would be 3 connections in 30 seconds, and 8/60 would be 8 connections
> in 60 sec
Re: How to add rule with pfctl...
Agus wrote:
>
> 2007/9/15, Mel <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>:
>
> On Saturday 15 September 2007 23:18:17 Agus wrote:
>
> I am trying to figure out how to add a firewall rule with pfctl...
> This is what i'm trying to do...
>
> I've got SEC that matches certain pattern and takes the IP from that and
> want to trigger a firewall rule to block that IP
> Then after a couple of hours SEC will trigger the command to un-block
>
> the
>
> IP...
> So what i need is the command to block an IP address from command line,
>
> not
>
> touching any pf.conf
>
> If you don't need to add a rule but an IP, then tables are your friend.
> Example for /etc/pf.conf:
> # Placeholder for spammers table, non-routable network IP.
> table persist { 192.168.111.111 }
> # Block this traffic
> block return-rst in log on $ext_if proto tcp from port smtp
>
> Then on the command line:
> /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> And to delete:
> /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
>
> --
> Mel
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
> Hi,
> I put this on /etc/pf.conf
> external_addr="192.168.1.11" which is the address of the only interface.
> This machine isn't a router.
>
> block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> $external_addr port ssh
>
> but when i try to connect from 192.168.0.1 i connect with no problems...this
> rule is to block access..
> What am i doing wrong..is my first time with pf...
>
> Thankss...
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>
> 2007/9/17, Goltsios Theodore <[EMAIL PROTECTED]>:
Well I think that you mean to add this:
ext_if="rl0" # Or whatever your interface is ifconfig helps to find out
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to $ext_if
port ssh
or even:
ext_if="rl0"
external_addr="192.168.1.11"
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
$external_addr port ssh
Think of macros as variables. As long as you don't define them they don't
exist (are empty).
I knowTheodore, i've done it exactly like u put itfirst declare macros
and then the rule
but i couldn't block access to the machinethis rule is supposed to block
all access to port 22 on the machine coming from 192.168.0.1but I can
access from there...
i checked pfctl -e
pfctl -sa
and everything seems to be loaded...
Thanks...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to add rule with pfctl...
2007/9/15, Mel <[EMAIL PROTECTED]>:
>
> On Saturday 15 September 2007 23:18:17 Agus wrote:
>
> > I am trying to figure out how to add a firewall rule with pfctl...
> > This is what i'm trying to do...
> >
> > I've got SEC that matches certain pattern and takes the IP from that and
> > want to trigger a firewall rule to block that IP
> > Then after a couple of hours SEC will trigger the command to un-block
> the
> > IP...
> > So what i need is the command to block an IP address from command line,
> not
> > touching any pf.conf
>
> If you don't need to add a rule but an IP, then tables are your friend.
> Example for /etc/pf.conf:
> # Placeholder for spammers table, non-routable network IP.
> table persist { 192.168.111.111 }
> # Block this traffic
> block return-rst in log on $ext_if proto tcp from port smtp
>
> Then on the command line:
> /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> And to delete:
> /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
>
> --
> Mel
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
>
Hi,
I put this on /etc/pf.conf
external_addr="192.168.1.11" which is the address of the only interface.
This machine isn't a router.
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
$external_addr port ssh
but when i try to connect from 192.168.0.1 i connect with no problems...this
rule is to block access..
What am i doing wrong..is my first time with pf...
Thankss...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to add rule with pfctl...
2007/9/15, Mel <[EMAIL PROTECTED]>:
>
> On Saturday 15 September 2007 23:18:17 Agus wrote:
>
> > I am trying to figure out how to add a firewall rule with pfctl...
> > This is what i'm trying to do...
> >
> > I've got SEC that matches certain pattern and takes the IP from that and
> > want to trigger a firewall rule to block that IP
> > Then after a couple of hours SEC will trigger the command to un-block
> the
> > IP...
> > So what i need is the command to block an IP address from command line,
> not
> > touching any pf.conf
>
> If you don't need to add a rule but an IP, then tables are your friend.
> Example for /etc/pf.conf:
> # Placeholder for spammers table, non-routable network IP.
> table persist { 192.168.111.111 }
> # Block this traffic
> block return-rst in log on $ext_if proto tcp from port smtp
>
> Then on the command line:
> /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> And to delete:
> /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
>
> --
> Mel
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
>
Great...Thanks Mel, this was what i was looking...although not fot spammers
but for ssh brute-force attacks detected by SEC
Very nice...
See ya
PS: Question...Is there a log where i can look if pf is down, so i can check
with SEC...?
thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to add rule with pfctl...
Hi list, I am trying to figure out how to add a firewall rule with pfctl... This is what i'm trying to do... I've got SEC that matches certain pattern and takes the IP from that and want to trigger a firewall rule to block that IP Then after a couple of hours SEC will trigger the command to un-block the IP... So what i need is the command to block an IP address from command line, not touching any pf.conf I've done it with iptables but i can't get it with pf.Hope u understand what i am trying to say... Thanks and have a nice weekend... Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Which versioning system is the simplest to use??
Wow...Thanks a lot guys for your very nice responsesI will investigate a litlle all the choices u gave mebut i think i will go for cvs, as i dont need anything "fancy"...just to keep it simple. Very much appreciated Thanks and we 'll probably see again on another topichaha C ya... Agustin 2007/9/12, Tom Huppi <[EMAIL PROTECTED]>: > > On 22:44 Tue 11 Sep , David Christensen wrote: > > Agus wrote: > > > I am doing a little bit of security and log watching with sec.pl and > > > was trying to mantain de secconf files organized... So whenever one > > > is changed it keeps track of the change and can rollback > > > O that is what i am going to use de versioning sytem for... > > This is just my experiance on this stuff. There are no right or > wrong ways to do it, and happily, all kinds of altrnatives. > > > If you only have a file or two, I'd suggest RCS. "man rcs" should get > you going. > > An earlier version of this book helped me understand RCS well enough to > write > > custom scripts that used RCS on sets of files: > > > > http://www.oreilly.com/catalog/rcs/index.html > > I've use RCS pretty religiously for system administration...but > in fact rarely do I actually refer back to older revisions in > practice. I've always just refered to this document: > > http://www.samag.com/documents/s=9367/sam9812a/9812a.htm > > which has been enough to get me by. The biggest hassle is the > $LOGNAME deal which can different depending on how one gets a root > shell. > > > > Then I heard about CVS, which uses RCS format archive files (so you can > use > > either tool) and provides the set functionality I needed plus > more. "info cvs" > > is the online resource, but I did better with an earlier version of the > book: > > > > http://cvsbook.red-bean.com/cvsbook.html > > > > > > I now use CVS to maintain version control of the configuration files on > my > > various systems. I build a CVS tree which is a sparse mirror of the > root file > > system. Whenever I want to change a configuration file in the "live" > tree, I > > copy the intervening directories and/or file into the CVS tree, check > everything > > in, make my changes, copy the changed filed back to the original > location, test, > > and repeat the edit/ copy/ test sequence as necessary. When all is > well, I check > > in the file to CVS. As a variation on a theme, I sometimes move the > "live" file > > and replace it with a symbolic link into the CVS tree. But this > approach can be > > messier when you make a mistake and destabilize the > system. YMMV. Using CVS in > > this way provides for the use cases you've identified, and it also > allows me to > > check out the trees from other machines to compare/ contrast. Best yet > is when I > > rebuild a machine -- restoring configuration is a matter of installing > CVS, check > > out the system configuration file tree, and copying/linking. > > I tend to use revision control for (software) systems I > create or maintain installations of, but find it worthwhile > to create a Makefile to actually install the files (and often > the system itself.) I find this more flexible in that I can > create different targets to do different things, structure my > repository differently than the destination, ensure proper > ownership and modes of the files, etc. A script would work to, > but I happen to know gmake reasonably well. > > CVS is pretty easy to set up and maintain, and works fine for > reasonable source trees in my experiance. CVS is simple enough > so that all kinds of games can be played, but often these games > (like moving thing in the repository) invalidate revision > control at a basic level. My experiance is that people figure > out what is possible some time before they figure out what > exactly they have done...but also that in practice, it rarely > matters. > > > I suspect that there is are open-source projects that already do much or > all of > > what I'm doing with CVS. You might want to look or ask around -- try > "tripwire". > > > > > > SVN is supposed to be a "better CVS", etc.. But as I understand it, SVN > assigns > > a the same version number to every file in a set whenever any one of > them > > changes. I prefer the RCS and CVS approach of numbering each file > independently, > > so I can easily determine which files in a set have changed and which > haven't. > > This ability was critical for me when I was doing k
Re: Which versioning system is the simplest to use??
> 2007/9/12, Tom Huppi <[EMAIL PROTECTED] >: > > > > On 22:44 Tue 11 Sep , David Christensen wrote: > > > Agus wrote: > > > > I am doing a little bit of security and log watching with sec.pl and > > > > was trying to mantain de secconf files organized... So whenever one > > > > is changed it keeps track of the change and can rollback > > > > O that is what i am going to use de versioning sytem for... > > > > This is just my experiance on this stuff. There are no right or > > wrong ways to do it, and happily, all kinds of altrnatives. > > > > > If you only have a file or two, I'd suggest RCS. "man rcs" should get > > you going. > > > An earlier version of this book helped me understand RCS well enough > > to write > > > custom scripts that used RCS on sets of files: > > > > > > http://www.oreilly.com/catalog/rcs/index.html > > > > I've use RCS pretty religiously for system administration...but > > in fact rarely do I actually refer back to older revisions in > > practice. I've always just refered to this document: > > > > http://www.samag.com/documents/s=9367/sam9812a/9812a.htm > > > > which has been enough to get me by. The biggest hassle is the > > $LOGNAME deal which can different depending on how one gets a root > > shell. > > > > > > > Then I heard about CVS, which uses RCS format archive files (so you > > can use > > > either tool) and provides the set functionality I needed plus > > more. "info cvs" > > > is the online resource, but I did better with an earlier version of > > the book: > > > > > > http://cvsbook.red-bean.com/cvsbook.html > > > > > > > > > I now use CVS to maintain version control of the configuration files > > on my > > > various systems. I build a CVS tree which is a sparse mirror of the > > root file > > > system. Whenever I want to change a configuration file in the "live" > > tree, I > > > copy the intervening directories and/or file into the CVS tree, check > > everything > > > in, make my changes, copy the changed filed back to the original > > location, test, > > > and repeat the edit/ copy/ test sequence as necessary. When all is > > well, I check > > > in the file to CVS. As a variation on a theme, I sometimes move the > > "live" file > > > and replace it with a symbolic link into the CVS tree. But this > > approach can be > > > messier when you make a mistake and destabilize the > > system. YMMV. Using CVS in > > > this way provides for the use cases you've identified, and it also > > allows me to > > > check out the trees from other machines to compare/ contrast. Best > > yet is when I > > > rebuild a machine -- restoring configuration is a matter of installing > > CVS, check > > > out the system configuration file tree, and copying/linking. > > > > I tend to use revision control for (software) systems I > > create or maintain installations of, but find it worthwhile > > to create a Makefile to actually install the files (and often > > the system itself.) I find this more flexible in that I can > > create different targets to do different things, structure my > > repository differently than the destination, ensure proper > > ownership and modes of the files, etc. A script would work to, > > but I happen to know gmake reasonably well. > > > > CVS is pretty easy to set up and maintain, and works fine for > > reasonable source trees in my experiance. CVS is simple enough > > so that all kinds of games can be played, but often these games > > (like moving thing in the repository) invalidate revision > > control at a basic level. My experiance is that people figure > > out what is possible some time before they figure out what > > exactly they have done...but also that in practice, it rarely > > matters. > > > > > I suspect that there is are open-source projects that already do much > > or all of > > > what I'm doing with CVS. You might want to look or ask around -- try > > "tripwire". > > > > > > > > > SVN is supposed to be a "better CVS", etc.. But as I understand it, > > SVN assigns > > > a the same version number to every file in a set whenever any one of > > them > > > changes. I prefer the RCS and CVS approach of numbering each file > > independently,
Which versioning system is the simplest to use??
Hi List, I am doing a little bit of security and log watching with sec.pl and was trying to mantain de secconf files organized... So whenever one is changed it keeps track of the change and can rollback O that is what i am going to use de versioning sytem for... I will appreciate your tips very much have a nice day/night... Cheers Agustin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Network Monitor?
2007/8/31, Agus <[EMAIL PROTECTED]>: > > Try Munin also for monitoring a great deal of system functionality as > Load, Apache, Disk, Network, etc.. > > is in the ports, under sysutils i think... > > Try it, its very very easyand u get web graphic reports > > Luck > > brahama > > 2007/8/13, Graham Bentley <[EMAIL PROTECTED]>: > > > > > > /usr/ports/net/trafshow ? > > > > -- > > [EMAIL PROTECTED] > > www.cpcnw.co.uk > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > [EMAIL PROTECTED]" > > > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fwd: grep question
-- Forwarded message -- From: Agus <[EMAIL PROTECTED]> Date: 05-jul-2007 10:09 Subject: Re: grep question To: Paul procacci <[EMAIL PROTECTED]> 2007/7/4, Paul procacci <[EMAIL PROTECTED]>: ann kok wrote: > Hi all > > how can I use grep to have the output as 60.40.2.x > > eg: > 60.40.2.5 > 60.40.2.3 > 60.40.2.7 > > except 60.40.2x.x > > eg: > 60.40.20.5 > 60.40.23.6 > 60.40.25.7 > > Thank you > > > > > > Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. > http://autos.yahoo.com/green_center/ > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED] " > > Sorry, after re-reading the question, I must admit I think I misunderstood. Pieter de Goeje's response seems to be more along the lines of what you were looking for. ;P ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" I think only with, grep '60\.40\.2\.' will suffice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What System Logs analysis tool to use.....?
2007/6/22, magikman <[EMAIL PROTECTED]>: Agus wrote: > 2007/6/22, Garrett Cooper <[EMAIL PROTECTED]>: >> >> Agus wrote: >> > Hi list, how r u doing? >> > >> > Today i was going to install swatch in my freeBSD 6.1. but googling >> > around i >> > found that there are more logs analyzers...so i was wondering if u >> could >> > recommend me one which is light in resources... >> > >> > Thanks to everyone and i hear your opinions and suggestions >> > >> > salutes, >> And what info do you want to analyze? 'Log analysis' seems like a >> trivial problem for Perl.. >> -Garrett >> > > OK...good question > I would be analysing syslogs and trying to find failed logins, passwd, > panic, file system full, su...and probably some others that doesnt > come to > me now... > > Thanks... > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" I like logwatch. It will parse and display information on many different logs. OK...thanksi was reading about logwatchthanks for sharing... salutes, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: What System Logs analysis tool to use.....?
2007/6/22, Garrett Cooper <[EMAIL PROTECTED]>: Agus wrote: > Hi list, how r u doing? > > Today i was going to install swatch in my freeBSD 6.1. but googling > around i > found that there are more logs analyzers...so i was wondering if u could > recommend me one which is light in resources... > > Thanks to everyone and i hear your opinions and suggestions > > salutes, And what info do you want to analyze? 'Log analysis' seems like a trivial problem for Perl.. -Garrett OK...good question I would be analysing syslogs and trying to find failed logins, passwd, panic, file system full, su...and probably some others that doesnt come to me now... Thanks... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
What System Logs analysis tool to use.....?
Hi list, how r u doing? Today i was going to install swatch in my freeBSD 6.1. but googling around i found that there are more logs analyzers...so i was wondering if u could recommend me one which is light in resources... Thanks to everyone and i hear your opinions and suggestions salutes, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [SOLVED] sendmail local problem...
2007/6/19, Agus <[EMAIL PROTECTED]>: 2007/6/18, Jonathan Horne <[EMAIL PROTECTED]>: > > On Monday 18 June 2007 09:57:27 Agus wrote: > > Hi all, > > > > I am having trouble with my mailI only want it configured to > deliver > > locally, which in one of my bsd did it by default...but in this bsd i > am > > gettint messages deferred... > > Connection refused by himalaya.x.x which is my router. It seems like > > sendmail is trying to relay it to my router...but is local mail > > > > any help will be great... > > my rc.conf doesnt mention sendmail... > > ps shows sendmail running... > > and messages to root for example get stuck in queue with deferred, > cant > > connect himalaya... > > > > thankss > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > if you do a 'host [yourdomain]', what does it say your MX record > is. you need > this server to be able to find "itself" as the MX for the domain, > internally. > > hth, > -- > Jonathan Horne > http://dfwlpiki.dfwlp.org > [EMAIL PROTECTED] > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > OKI see where you are going...great tip, thank you very much As i have dynamic IP i have zoneedit as my DNS and mail How can i add myself as MX? can i do it in my bsd or i have to change my zoneedit records?? Thanks again... OKthanks to Jonathan i started changing config and saw that /etc/hosts had this: 127.0.0.1 localhost.my-domain.com 192.x.x.x machine.my-domain.com So when i tried to send mails to localusers i got them stuck in queue with deferred Now i changed my /etc/hosts to this: 127.0.0.1 localhost 192.x.x.x machine and thats it Now it works Is this ok? thanksss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sendmail local problem...
2007/6/18, Jonathan Horne <[EMAIL PROTECTED]>: On Monday 18 June 2007 09:57:27 Agus wrote: > Hi all, > > I am having trouble with my mailI only want it configured to deliver > locally, which in one of my bsd did it by default...but in this bsd i am > gettint messages deferred... > Connection refused by himalaya.x.x which is my router. It seems like > sendmail is trying to relay it to my router...but is local mail > > any help will be great... > my rc.conf doesnt mention sendmail... > ps shows sendmail running... > and messages to root for example get stuck in queue with deferred, cant > connect himalaya... > > thankss > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" if you do a 'host [yourdomain]', what does it say your MX record is. you need this server to be able to find "itself" as the MX for the domain, internally. hth, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" OKI see where you are going...great tip, thank you very much As i have dynamic IP i have zoneedit as my DNS and mail How can i add myself as MX? can i do it in my bsd or i have to change my zoneedit records?? Thanks again... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sendmail local problem...
Hi all, I am having trouble with my mailI only want it configured to deliver locally, which in one of my bsd did it by default...but in this bsd i am gettint messages deferred... Connection refused by himalaya.x.x which is my router. It seems like sendmail is trying to relay it to my router...but is local mail any help will be great... my rc.conf doesnt mention sendmail... ps shows sendmail running... and messages to root for example get stuck in queue with deferred, cant connect himalaya... thankss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rsync and perms...
2007/6/16, Bill Campbell <[EMAIL PROTECTED]>: On Sat, Jun 16, 2007, Agus wrote: >Hi all, >Trying to use rsync to update my home page in my freebsd, i am not able to >keep the owner,group and perms of the files... >I do all the updates in my ubntu. when everything is ready I run from my >ubuntu: >rsync -uav --delete --rsh=ssh /home/user/web/ [EMAIL PROTECTED]:/root/web/ > >I tried also with -pog and same results... > >Files are updated but the perms and owner and group changes to the ones in >my ubuntu > >I want to keep the bsd existing perms and users...How can i do that?? If the users and groups are the same on the system, the -a option to rsync should preserve owner, group, and permissions. One can also use rsync modules in the rsyncd.conf file to specify user and group. Using rsync modules also has the advantages of restricting access to the directory specified in the module, and can also restrict access based on IP addresses. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 http://www.celestial.com/ You need only reflect that one of the best ways to get yourself a reputation as a dangerous citizen these days is to go about repeating the very phrases which our founding fathers used in the struggle for independence. -- Charles A. Beard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" OK...so i should first create a group an user with same ids on both machines? or only the names will suffice? And about the modules, i should be running the rsunc daemon which i am not, so i think i ll do the first... Thanks a lot for your help... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
rsync and perms...
Hi all, Trying to use rsync to update my home page in my freebsd, i am not able to keep the owner,group and perms of the files... I do all the updates in my ubntu. when everything is ready I run from my ubuntu: rsync -uav --delete --rsh=ssh /home/user/web/ [EMAIL PROTECTED]:/root/web/ I tried also with -pog and same results... Files are updated but the perms and owner and group changes to the ones in my ubuntu I want to keep the bsd existing perms and users...How can i do that?? thanksss guys, Salutes, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rsync install md5 error
Great...thanks a lot.. Greetz 2007/6/8, Beech Rintoul <[EMAIL PROTECTED]>: > 2007/6/8, Beech Rintoul <[EMAIL PROTECTED]>: > > On Friday 08 June 2007, Agus said: > > > Hi all, > > > I am trying to install /usr/ports/net/rsync and i am getting > > > MD5 checksum mismatch for rsync-2.6.6.tar.gz > > > > > > then it says if u are sure u want to override this check, type > > > make NO_CHECKSUM=yes > > > > > > What does it mean that the MD5 and sha256 checksums are wrong? > > > > > > How can i solve it?? > > > > Try "make distclean" then "make install clean". > > > > Cheers, > > > > Beech >On Friday 08 June 2007, Agus said: > I see that in samba.org the version is 2.6.9...so my bsd tries to > download it from another place > is there a way to make install version 2.6.9 instead of the default > that is trying?? 2.6.9 is the current version. You need to update your ports tree. See the handbook for details. Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.freebsd.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rsync install md5 error
I see that in samba.org the version is 2.6.9...so my bsd tries to download it from another place is there a way to make install version 2.6.9 instead of the default that is trying?? thanksss 2007/6/8, Beech Rintoul <[EMAIL PROTECTED]>: On Friday 08 June 2007, Agus said: > Hi all, > I am trying to install /usr/ports/net/rsync and i am getting MD5 > checksum mismatch for rsync-2.6.6.tar.gz > > then it says if u are sure u want to override this check, type make > NO_CHECKSUM=yes > > What does it mean that the MD5 and sha256 checksums are wrong? > > How can i solve it?? Try "make distclean" then "make install clean". Cheers, Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.freebsd.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
rsync install md5 error
Hi all, I am trying to install /usr/ports/net/rsync and i am getting MD5 checksum mismatch for rsync-2.6.6.tar.gz then it says if u are sure u want to override this check, type make NO_CHECKSUM=yes What does it mean that the MD5 and sha256 checksums are wrong? How can i solve it?? thankss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS and apache...
2007/5/30, Jonathan Horne <[EMAIL PROTECTED]>: On Wednesday 30 May 2007 17:45:42 Agus wrote: > 2007/5/30, Christopher Hilton <[EMAIL PROTECTED]>: > > Erik Norgaard wrote: > > >> How can i do this? I am trying but im getting permission > > >> denied...while trying to create a file... > > > > > > NFS is insecure (No File Security) since there is no authentication. > > > You get access with the user id of your current user. > > > > I didn't want to touch the security problems with this as I assumed that > > the original poster knows about them. Just the same I'm assuming that > > webserver:/etc/exports has a line like: > > > > /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 > > > > which would tighten down the mount to just the one machine. As a > > developer, without even looking at security I think that direct access > > to the webroot tree is a bad idea. However I'm giving the original > > poster the benefit of the doubt. Perhaps he's just trying to learn HTML > > and PHP. > > > > [snip] > > > > > One security measure is implemented though: root user on client is > > > treated as nobody on the server. There is an option you can add to the > > > exports file (forgot which), to override this see the exports manpage. > > > > > >> Also if you have a different solution for updating the site..they are > > >> welcome.. > > > > > > Unless you have problems with diskspace, why not just use rsync? Do it > > > manually and you get time to correct blunders before they become > > > public, or do it as a cronjob. > > > > rsync > > scp, > > dav, > > *** cvs *** > > > > When I work on a website I tend to start with the site directory in cvs > > to protect me from the damage caused by fat fingers. I'm an old C > > programmer and CVS and Make are tools that I'm used to so I usually add > > a really simple make file to the web tree... > > > > * Typical Makefile for web project * > > -- cut from here -- > > > > update: > > cvs -PAd . > > > > MYWEBUSER = www > > MYHOST =webserver.example.com > > MYWEBROOT = /usr/local/www/data/webserver.example.com/ > > > > publish: > > rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) > > > > -- to here -- > > > > Then running: > > > > $ make update > > > > on the webserver from within the webtree will refresh the site from the > > latest copy in CVS. In my opinion this is the best way because with a > > little CVS knowledge you can back out any mistakes. This is also nice > > since it only depends on the ability for both your development machine > > and webserver to be able to reach the cvs server. A final nicety is that > > there are CVS clients for FreeBSD, Windows, and Mac OS X. On the > > downside you do have to setup a cvs server. > > > > Add a little magic with ssh-keygen and the command: > > > > $ make publish > > > > will push the current state of the web project, N.B. whatever it may be, > > onto the webserver. This is a lower overhead way of publishing that has > > the danger of no fallback position in case something is screwed up. > > Honestly I think that the publish tag is better used for testing than > > production but not every is willing to go to the overhead of using > > revision control (CVS, SVN, what have you) on this stuff. > > > > -- Chris > > > > -- > >__o "All I was doing was trying to get home from work." > > _`\<,_ -Rosa Parks > > ___(*)/_(*)___ > > Christopher Sean Hilton > > pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 > > Great.thanks a lot guysyou've been very kind. > I will begin reading about rsync and CVS thenit also seems a lot more > interesting than NFS > > Thanks again... > Greetz > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" im a kde user, and i like to access my web server via sftp using the konqueror file manager. just open your home, open another tab, put in sftp://yourserver in the address bar... and drag and drop the files where they go! -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" Greatthat should be easy..jajathanksvery simple and practical great tip, greetz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS and apache...
2007/5/30, Christopher Hilton <[EMAIL PROTECTED]>: Erik Norgaard wrote: >> How can i do this? I am trying but im getting permission denied...while >> trying to create a file... > > NFS is insecure (No File Security) since there is no authentication. You > get access with the user id of your current user. > I didn't want to touch the security problems with this as I assumed that the original poster knows about them. Just the same I'm assuming that webserver:/etc/exports has a line like: /usr/local/www/data/mysite -maproot=nobody:nogroup 192.168.233.17 which would tighten down the mount to just the one machine. As a developer, without even looking at security I think that direct access to the webroot tree is a bad idea. However I'm giving the original poster the benefit of the doubt. Perhaps he's just trying to learn HTML and PHP. [snip] > > One security measure is implemented though: root user on client is > treated as nobody on the server. There is an option you can add to the > exports file (forgot which), to override this see the exports manpage. > >> Also if you have a different solution for updating the site..they are >> welcome.. > > Unless you have problems with diskspace, why not just use rsync? Do it > manually and you get time to correct blunders before they become public, > or do it as a cronjob. > rsync scp, dav, *** cvs *** When I work on a website I tend to start with the site directory in cvs to protect me from the damage caused by fat fingers. I'm an old C programmer and CVS and Make are tools that I'm used to so I usually add a really simple make file to the web tree... * Typical Makefile for web project * -- cut from here -- update: cvs -PAd . MYWEBUSER = www MYHOST =webserver.example.com MYWEBROOT = /usr/local/www/data/webserver.example.com/ publish: rsync -auv ./ $(MYWEBUSER)@$(MYHOST):$(MYWEBROOT) -- to here -- Then running: $ make update on the webserver from within the webtree will refresh the site from the latest copy in CVS. In my opinion this is the best way because with a little CVS knowledge you can back out any mistakes. This is also nice since it only depends on the ability for both your development machine and webserver to be able to reach the cvs server. A final nicety is that there are CVS clients for FreeBSD, Windows, and Mac OS X. On the downside you do have to setup a cvs server. Add a little magic with ssh-keygen and the command: $ make publish will push the current state of the web project, N.B. whatever it may be, onto the webserver. This is a lower overhead way of publishing that has the danger of no fallback position in case something is screwed up. Honestly I think that the publish tag is better used for testing than production but not every is willing to go to the overhead of using revision control (CVS, SVN, what have you) on this stuff. -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 Great.thanks a lot guysyou've been very kind. I will begin reading about rsync and CVS thenit also seems a lot more interesting than NFS Thanks again... Greetz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NFS and apache...
Hi all, I got the following scenario. Freebsd with Apache22 and NFS. I want to export the /usr/local/www/apache22/data/site so that the content of that site can be modified from my personal machine. The permissions on site/ are rwx for root and group webadm, and rx for others... How can i do this? I am trying but im getting permission denied...while trying to create a file... thanks... Also if you have a different solution for updating the site..they are welcome.. thanks again, greetz Agustin. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mysqld-server errors starting...
2007/5/20, Bob <[EMAIL PROTECTED]>: Here are the things you have to do to activate MySql after installing the port. To autostart mysql at boot add this to /etc/rc.conf mysql_enable="YES" To start or stop mysql server do this /usr/local/share/mysql/mysql.server start /usr/local/share/mysql/mysql.server stop You have to tell mysql to create its internel control db by running this command. mysql_install_db --user=mysql To verify mysql is operational issue these commands mysqladmin version mysqladmin variables To start command line session with mysql server to create a DB enter mysql -u root The online mysql manual is at http://dev.mysql.com/doc/refman/5.0/en/index.html The mysql databases and log files are written here /var/db/mysql -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Agus Sent: Friday, May 18, 2007 11:19 PM To: freebsd-questions Subject: Mysqld-server errors starting... Hi all... I got a problem starting the server /usr/local/libexec/mysqld: cant read dir or '/tmp/' (Errcode: 13) and a few more lines i read sthg about permitions, but i checked /tmp perms and everybody con write there... thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" Thanks for the answer...i did all that and it was working fine for about a monthNow suddenly i got this errors thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Mysqld-server errors starting...
Hi all... I got a problem starting the server /usr/local/libexec/mysqld: cant read dir or '/tmp/' (Errcode: 13) and a few more lines i read sthg about permitions, but i checked /tmp perms and everybody con write there... thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fwd: mysql start error...
-- Forwarded message -- From: Agus <[EMAIL PROTECTED]> Date: 18-may-2007 19:14 Subject: Re: mysql start error... To: Hanatsu Tori <[EMAIL PROTECTED]> 2007/5/17, Hanatsu Tori <[EMAIL PROTECTED]>: Hi! Please id ls -la /bin/csh ls -la /usr/local/etc/rc.d/mysql-server Dmitry 2007/5/17, Agus <[EMAIL PROTECTED]>: > > Hi, > I am getting an error while trying to run mysql-server... > Wired thing is that it was running ok for a month.suddenly i got > this > error.. > > su: /bin/csh: Permission denied > > > thanks for any hints you could give > > see ya > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED] > " > Here it is Dimitry uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator) -r-xr-xr-x 2 root wheel 293060 May 7 2006 /bin/csh -r-xr-xr-x 1 root wheel 1659 Jan 10 16:47 /usr/local/etc/rc.d/mysql-server thanks... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Startup errors....su:/bin/csh Perm denied..
2007/5/17, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: On Wed, 16 May 2007, Agus wrote: > 2007/5/16, Agus <[EMAIL PROTECTED]>: >> >> 2007/5/16, Oliver Peter <[EMAIL PROTECTED]>: >> > >> > On Tue, May 15, 2007 at 07:24:27PM -0300, Agus wrote: >> > > ... >> > > Here is part of the boot.. >> > > Updating motd >> > > Starting mysql. >> > > su: /bin/csh: Permission denied >> > > Configuring syscons: keymap blanktime. >> > > Starting sshd. >> > > can not chdir(/var/spool/clientmqueue/): Permission denied >> > > Program mode requires special privileges... >> > > Starting cron. >> > > Local package initializations... >> > > Starting inetd. >> > >> > Interesting. >> > Do you see the same when you start/stop it manually? >> > >> > # /usr/local/etc/rc.d/mysql-server restart >> > >> > -- >> > Oliver PETER, email: [EMAIL PROTECTED] , ICQ# 113969174 >> > "Worker bees can leave. Even drones can fly away. The Queen is their >> > slave." >> > >> > yesthats how i realized that the problem was with mysqlfirst i >> checked netstat and didnt see the port so i started up manually and get >> that >> error >> >> Thanks.. >> > > Still the same error.any hint where to look?? There are at least two things going on and one at least has nothing to do with mysql. /var/spool/clientmqueue is used by sendmail which you have running. If you have not, or did not mean to configure sendmail add 'sendmail_enable="NO"' to rc.conf and see what happens. AFAIK nothing in the startup scripts uses csh. So there is also something 'funny' there. grep for csh in /etc and /usr/local/etc and see what you get. You could also do a 'verbose' boot and see if the additional messages point to anything Yes ...i am aware of thati have already disable sendmail.thanks... but as i put previouslytrying to start manually mysql-server comes up this error /bin/csh... Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
mysql start error...
Hi, I am getting an error while trying to run mysql-server... Wired thing is that it was running ok for a month.suddenly i got this error.. su: /bin/csh: Permission denied thanks for any hints you could give see ya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Startup errors....su:/bin/csh Perm denied..
2007/5/16, Agus <[EMAIL PROTECTED]>: 2007/5/16, Oliver Peter <[EMAIL PROTECTED]>: > > On Tue, May 15, 2007 at 07:24:27PM -0300, Agus wrote: > > ... > > Here is part of the boot.. > > Updating motd > > Starting mysql. > > su: /bin/csh: Permission denied > > Configuring syscons: keymap blanktime. > > Starting sshd. > > can not chdir(/var/spool/clientmqueue/): Permission denied > > Program mode requires special privileges... > > Starting cron. > > Local package initializations... > > Starting inetd. > > Interesting. > Do you see the same when you start/stop it manually? > > # /usr/local/etc/rc.d/mysql-server restart > > -- > Oliver PETER, email: [EMAIL PROTECTED] , ICQ# 113969174 > "Worker bees can leave. Even drones can fly away. The Queen is their > slave." > > yesthats how i realized that the problem was with mysqlfirst i checked netstat and didnt see the port so i started up manually and get that error Thanks.. Still the same error.any hint where to look?? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Find out startup programs execution order..
2007/5/16, Lowell Gilbert <[EMAIL PROTECTED]>: Agus <[EMAIL PROTECTED]> writes: > 2007/5/16, Jack Barnett <[EMAIL PROTECTED]>: >> >> Look before and after the error messages >> What other messages you see? That'll give you a general idea on where >> it's at in the startup process when you get that error. >> >> On 5/15/07, Agus <[EMAIL PROTECTED]> wrote: >> > Hi... >> > i am trying to solve a problem with an error message during startup.. >> > su: /bin/csh : Permission Denied >> > >> > so i am trying to find the way the programs start during boot >> > >> > thats it >> > >> > Thanxsss >> > ___ >> > freebsd-questions@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to " >> [EMAIL PROTECTED]" >> > >> > > Yes..thats the way i found that the error was from mysql-server... > but i thought that there might be a way to see the order programs boot...and > maybe change it... Sure. The documentation for this is under "man rc.d". Great...thanks for everyonei will begin reading. thankks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Find out startup programs execution order..
2007/5/16, Jack Barnett <[EMAIL PROTECTED]>: Look before and after the error messages What other messages you see? That'll give you a general idea on where it's at in the startup process when you get that error. On 5/15/07, Agus <[EMAIL PROTECTED]> wrote: > Hi... > i am trying to solve a problem with an error message during startup.. > su: /bin/csh : Permission Denied > > so i am trying to find the way the programs start during boot > > thats it > > Thanxsss > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " [EMAIL PROTECTED]" > Yes..thats the way i found that the error was from mysql-server... but i thought that there might be a way to see the order programs boot...and maybe change it... Thanks... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Startup errors....su:/bin/csh Perm denied..
2007/5/16, Oliver Peter <[EMAIL PROTECTED]>: On Tue, May 15, 2007 at 07:24:27PM -0300, Agus wrote: > ... > Here is part of the boot.. > Updating motd > Starting mysql. > su: /bin/csh: Permission denied > Configuring syscons: keymap blanktime. > Starting sshd. > can not chdir(/var/spool/clientmqueue/): Permission denied > Program mode requires special privileges... > Starting cron. > Local package initializations... > Starting inetd. Interesting. Do you see the same when you start/stop it manually? # /usr/local/etc/rc.d/mysql-server restart -- Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174 "Worker bees can leave. Even drones can fly away. The Queen is their slave." yesthats how i realized that the problem was with mysqlfirst i checked netstat and didnt see the port so i started up manually and get that error Thanks.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Find out startup programs execution order..
Hi... i am trying to solve a problem with an error message during startup.. su: /bin/csh : Permission Denied so i am trying to find the way the programs start during boot thats it Thanxsss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Startup errors....su:/bin/csh Perm denied..
2007/5/15, Oliver Peter <[EMAIL PROTECTED]>: On Mon, May 14, 2007 at 08:50:13PM -0300, Agus wrote: > Hi everybody...i was starting up my bsd when i noticed some errors.. > The first one is right after Starting mysql finishes. > it says su: /bin/csh: Permission Denied > Then it loads sshd and right after it finishes loading sshd it says > can not chdir(/var/spool/clientmqueue/): Permission denied > Program mode requires special privileges... > then it finishes loading cron > inetd... > > i didnt install anything,,,i dont know where to look to finde where or which > program is causing this... > thanks for your time.. Since mysql is not part of the default installation it seems that you DID install some additional software and modified your /etc/rc.conf. Please provide us your rc.conf for further help. Bye. -- Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174 "Worker bees can leave. Even drones can fly away. The Queen is their slave." OK...what i ment was tha it was working fine for days after all the installations i made, and suddenly the error appeared... here it is my rc.conf # -- sysinstall generated deltas -- # Wed Jan 10 12:29:02 2007 # Created: Wed Jan 10 12:29:02 2007 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter="192.168.1.1" hostname="everest.x.x.x" ifconfig_sis0="inet 192.168.1.11 netmask 255.255.255.0" keymap="spanish.iso.acc" linux_enable="YES" syslogd_flags="-ss" inetd_enable="YES" sshd_enable="YES" #usbd_enable="YES" mysql_enable="YES" apache22_enable="YES" # -- Agregamos Quotas -- # 16/01/07 # enable_quotas="YES" # -- Agregamos Firewall y QoS -- # 16/01/07 pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags="" # -- Agregamos NFS Server -- # 06/05/07 # rpcbind_enable="YES" nfs_server_enable="YES" mountd_flags="-r" i looked for logs in /var/log/messages and nothingI cant find where or what program is causing this Here is part of the boot.. Updating motd Starting mysql. su: /bin/csh: Permission denied Configuring syscons: keymap blanktime. Starting sshd. can not chdir(/var/spool/clientmqueue/): Permission denied Program mode requires special privileges... Starting cron. Local package initializations... Starting inetd. im running 6.1-RELEASE FreeBSD 6.1-RELEASE #0 Thanks. Hope this helps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Startup errors....su:/bin/csh Perm denied..
Hi everybody...i was starting up my bsd when i noticed some errors.. The first one is right after Starting mysql finishes. it says su: /bin/csh: Permission Denied Then it loads sshd and right after it finishes loading sshd it says can not chdir(/var/spool/clientmqueue/): Permission denied Program mode requires special privileges... then it finishes loading cron inetd... i didnt install anything,,,i dont know where to look to finde where or which program is causing this... thanks for your time.. Greetz, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Non Interactive passwd change via script....
2007/4/4, Vince <[EMAIL PROTECTED]>: Agus wrote: > > > OK..thanks for the heads up about responding > > The problem isnt adding the useri ve done that..the problem is > creating the password for the user as i tried to say in the first email... > Assuming you dont mean actually generating the password maybe you need the -h fd flag to pw or more specificly (from the manpage) pw will prompt for the user's password if -h 0 is given, nominating stdin as the file descriptor on which to read the password. Note that this password will be read only once and is intended for use by a script rather than for interactive use. so something like echo PASSWD | pw add user wibble -h 0 will create a user wibble with password of PASSWD or echo $PASSWORD | pw add user $USERNAME -h 0 setting $PASSWORD and $USERNAME as needed. Vince > thanks kevin, > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" Thanks Vince, that was exactly what i was looking for.i read the man page and saw the -h or th -H ir it is encrypted.but i copuldnt make it work, didnt know how your example lightens up everythinggrea thanks alot i will try it as sonn as i get home... thanksss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Non Interactive passwd change via script....
2007/4/3, Kevin Kinsey <[EMAIL PROTECTED]>: Agus wrote: >>> Hi everybody >>> its been a few days now, since im trying to do a tcsh script to automatize >>> the process of creating users in my system >>> Users register via web, and info is saved in a MySQL DB and in a >>> file. the >>> script reads from the file and begins adding users with pw. >>> but im stuck on how to create the password for the users. the >>> only solution >>> that worked was the use of expect, but it consumes a lot of resources >>> (7.8%System). Now that isnt a problem cause the users are few. but if >>> it has to >>> add a lot of users?? it will kill my server >>> >>> any hints will be apreciated. > >> pw(8) ?? > > I cant find the way to do it with pw > > thanks Please keep the list in the TO: or CC: field on your replies ... thanks! Works fine here as described in pw(8): [EMAIL PROTECTED] $ id test id: test: no such user [EMAIL PROTECTED] $ pw useradd -n test [EMAIL PROTECTED] $ id test uid=1020(test) gid=1026(test) groups=1026(test) [EMAIL PROTECTED] $ finger test Login: test Name: User Test Directory: /home/test Shell: /bin/sh Never logged in. No Mail. No Plan. HTH, Kevin Kinsey -- It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley OK..thanks for the heads up about responding The problem isnt adding the useri ve done that..the problem is creating the password for the user as i tried to say in the first email... thanks kevin, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Non Interactive passwd change via script....
Hi everybody its been a few days now, since im trying to do a tcsh script to automatize the process of creating users in my system Users register via web, and info is saved in a MySQL DB and in a file. the script reads from the file and begins adding users with pw. but im stuck on how to create the password for the users. the only solution that worked was the use of expect, but it consumes a lot of resources (7.8%System). Now that isnt a problem cause the users are few. but if it has to add a lot of users?? it will kill my server any hints will be apreciated. thanks a lot... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
bash or bash2
Hi...just that questionwhich one is better for an open server enviroment? are there big diferences?? thanxsss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Disable syslogd 514..
Hi doing a netstat -an i see that syslog is listening in UDP port 514.i am trying to disable it, but no luck i checked the rc.conf but there is nothing there.what do u recommend? to disable it or to leave it? I do not use the machine as a remote syslog server so i cant see the use.but who knows.. thanxsss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Reread rc.conf....
Hi folks. I did some configs in my freebsd and realiza that i didnt have the inetd running. So i addesd inetd_enable="YES" to rc.conf. Now im trying to reread the rc.conf to make the changes active without restarting Is there a way to do it? or i have to start each server it from rc.dmanually, in these case only inetd; but what if i added a lot of lines to rc.conf? i've read this... On the console do: # shutdown now (Note: without -r or -h) # return # exit Is this the only way to do it? Thanxsss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: fsck report after crash...
Ok..done it.now, can u explain me or point me a link to the why i have to doit in single mode and what this does?? i've done it and now when i restart in normal mode i got the same UNREF erros plus some Phase 5 - Check Cyl Groups errors. FREE BLK COUNT WRONG IN SUPERBLK Salvage? no BLK MISSING IN BIT MAPS Salvage?no then i did a fsck in normal mode and this last errors disappear but still get the first ones thanx. 2007/1/9, Beech Rintoul <[EMAIL PROTECTED]>: On Tuesday 09 January 2007 14:53, Agus wrote: > Hi, all.i suffer a blackout today when my freebsd was running, and when > i start up again i run fsck and it reports that 5 files areUNREF..this > happens during > Phase 4 - Check Reference Count > > UNREF FILE I=94324 OWNER=mysql MODE=100600 > SIZE=0 MTIME=Jan 9 20:30 2007 > CLEAR? no > > and a few more with same owner and mode; the only thing that changes is the > I,(inode, i guess) > > Is there a way to fix this?!? Boot into single-user and run "fsck -y". Cheers, Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | Alaska Paradise Travel \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
fsck report after crash...
Hi, all.i suffer a blackout today when my freebsd was running, and when i start up again i run fsck and it reports that 5 files areUNREF..this happens during Phase 4 - Check Reference Count UNREF FILE I=94324 OWNER=mysql MODE=100600 SIZE=0 MTIME=Jan 9 20:30 2007 CLEAR? no and a few more with same owner and mode; the only thing that changes is the I,(inode, i guess) Is there a way to fix this?!? thanxs and greetzz to all ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Advice on which FreeBSD firewall package to choose.
It seems is unanimousPF it isremember u have to compile the Kernel to activate this, i´ve done it for the first time, yesterday and its very simplealso checkout the ALTQ for QoS, good luck 2007/1/5, Matthew Seaman <[EMAIL PROTECTED]>: Atom Powers wrote: > On 1/4/07, Eric <[EMAIL PROTECTED]> wrote: >> Brett Davidson wrote: >> > Before I start, I'm familiar with IPTables from Linux but am wanting to >> > use FreeBSD as a firewalling router after seeing it in action on a >> > heavily-loaded webserver. I like the efficiency of the TCP stack. >> > >> > Upon reading the handbook I found that I can have my choice of three >> > firewalls; pf, iptables and ipfw. >> > > ... >> > >> > Against prudence, they wish to allow torrent connections to the inside >> > lan and ICQ connections to both the Inside LAN and the Wireless DMZ. >> The >> > torrent and ICQ connections will need to be bandwidth-managed so >> that is >> > a major consideration for the choice of which firewall to use. Is there >> > an equivalent to HTB on FreeBSD? >> > >> > >> i believe pf is the most modern and cleanest/easiest syntax to use. it >> is actively developed and lots of people use it. You can set up priority >> on bandwidth in pf as well, so it should meet all your requirements >> nicely. > > pf will also do the bandwidth management you want. I've used ipfw, > ipf, iptables, and pf; pf is by far the most powerful and easy to use. > I also heartily endorse the use of pf. However be aware that if you want to use the QoS and other bandwidth management features you will need to compile yourself a custom kernel with the appropriate ALTQ stuff turned on. Unfortunately ALTQ is not currently available as a loadable module. Compiling a new kernel is not particularly difficult though. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: remove suid files question....
Of course u can get an account..when i get the system connected and upno problemm the web will be www.free-shells.com.ar; i'm still testing localywhen i start testing access with friends and people i know, i'll create an account for u, to test the system thanxs.Happy Holidays 2006/12/23, Armin Arh <[EMAIL PROTECTED]>: On Sat, Dec 23, 2006 at 05:41:29PM -0300, Agus wrote: > Hi all.i installed a freebsd 6 and i am going to use it as a server with > apache, ssh, ftp and other servicesit is going to be of free accessu > register in my page your account (free) and i create an account for u in the > systemso i am trying to make it secure.which setuid files should i > take the setuid bit off??? Sounds interesting. Can i get an account? :) btw: do you care for a real email address? (see below) Giving the users shell access without a chroot environment is a potential danger, possible though. A plain BSD installation has several suid- bits set like for the 'passwd' program, 'su' and other. These can't be used to corrupt the system, so you should be safe. Nevertheless, special care has to be taken for all third party software, e.g. via the ports system. On my box i can't afford giving users shell access, because cpu cycles are a rare resource (OSes can be even freeze with naughty users). And then i have no expirience about enforcing resource limits... Another important point is: You may trust your users, but unauthorized access (someone else logs in) can arise if they do something wrong. Restricting them to cryptgraphically authenticated entrance is a good countermeasure. Armin -- PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
remove suid files question....
Hi all.i installed a freebsd 6 and i am going to use it as a server with apache, ssh, ftp and other servicesit is going to be of free accessu register in my page your account (free) and i create an account for u in the systemso i am trying to make it secure.which setuid files should i take the setuid bit off??? thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Find how much disk is in use..
Hi, i was wondering if there is a correct or better way to find out how much space a dir occupies. i am using du -hd 0 ports to find out the space of the ports dir... thanxss ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
