Re: 8.1 memstick installation

[Aiza]

Friedemann Becker wrote:

Hello,

I have some questions about an installation on a memorystick.

I have (a few weeks still) a very poor internet connection at home
that's unusable for anything beyond email. I tried some hacking on
musescore (yes I know that it can't work, but that's not my problem
for now). Since I don't want to carry missing ports/packages/other
stuff around on a stick everytime I miss something - which takes one
day each - i would like to have a working system (not installation
image) on usb-stick.
Can i use fdimage with the memorystick installation image on windows,
or any hacked versions of it?
And how do turn this stick in a running system?
Or is there any kind of live-stick-images out there, and if it is, how
to move these on the stick (since windows is missing dd and nero
doesn't like burning sticks :-) )

Thanks in advance



http://www.daemonforums.org/showthread.php?t=4361

http://www.daemonforums.org/showthread.php?t=4389

https://launchpad.net/win32-image-writer/+download



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: problem mounting USB drive

[Aiza]

Adam Vande More wrote:

On Tue, Aug 10, 2010 at 1:13 PM, Ott Köstner  wrote:


2) After that...

# ntfsfix /dev/da0s1
Mounting volume... OK
Processing of $MFT and $MFTMirr completed successfully.
NTFS volume version is 3.1.
NTFS partition /dev/da0s1 was processed successfully.



All ntfsfix does is mark it dirty so windows with check the fs next time it
mounts it.  I suggest you follow ntfsmount's suggestion.





Try using /dev/da0
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

ports INDEX file layout?

[Aiza]

Where can I find the description of the /usr/ports/INDEX-8 file?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: searching INDEX in .sh

[Aiza]

b. f. wrote:

I'm looking for a snippet of .sh type shell code that searches the
/usr/ports/INDEX-8 file for dependents.

Just a pointer to a script in the ports system that has this would be
helpful


Do you mean that, given port A, you want to find all ports that need
port A in order to be fetched, extracted, patched, built or installed?
 Or do you want to find all ports that are needed to fetch, extract,
patch, build or install port A? If the former, you could look at the
parts of ports/Mk/bsd.port.mk that are used by running `make -C
$PORTSDIR search bdeps=
display=name,path`, and `make -C $PORTSDIR search rdeps=  display=name,path`.  If the latter, look at
the parts of ports/Mk/bsd.port.mk that are used by running `make -C
 pretty-print-run-depends
pretty-print-build-depends`.  Also, parts of the ports-mgmt/portmaster
script used with --index-only may have similar functionality.

And do you mean to only use the INDEX?  Or are you able to use parts
of the port tree?  Or the pkg_info utility?



I just found /usr/ports/Tools/scripts/postsearch which uses the 
/usr/ports/INDEX-8 file as its source to search. This is a perl script 
but can be used from within in .sh script.


Been playing with it and see a big inconsistence in how ports list 
build-deps and run-deps. Some ports list no build-deps just run-deps and 
vise-versa and some have same listed list in both.


Thinking I will have to take both the build and run deps lists and sort 
them together and drop dups to create a good list of dependents to allow 
for the lax enforcement of standards in the Makefile about how to list 
the ports dependents.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

searching INDEX in .sh

[Aiza]

I'm looking for a snippet of .sh type shell code that searches the 
/usr/ports/INDEX-8 file for dependents.


Just a pointer to a script in the ports system that has this would be 
helpful.


Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

8.1 is available

[Aiza]

Since the release team never makes a announcement on this list when a 
new RELEASE is published. I will let you all know that


RELEASE 8.1 has been published and is available for download.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Install Apache in qjail?

[Aiza]

Ed Flecko wrote:

Hi folks,
I'm using the new qjail, and I've created a new jail named
"webserver", but I don't see how you install a package (in this case,
Apache 2.2.15) inside the jail?

I know qjail is pretty new; is the best source of documentation at the
moment the "man" pages?




Read the qjail man page again and this time, "study" what its telling 
you. It's all explained in detail. BE SURE YOU UNDERSTAND what the 
create command ip address section is telling you.


The simplest method is
start the jail that you want to install apache in.
Open that jails console.
issue pkg_add -r apache

If this apache jail is going to use the standard port 80 to listen on, 
then the host and any other jails can not use that port number.


For your info. Being in the jails console you config your jail the same 
way you would config your host.




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: new jail utility is available. announcement.

[Aiza]

Valentin Bud wrote:

On Wed, Jul 21, 2010 at 12:52 PM, Aiza  wrote:


 Not yet, when I have a spare box I might, although I quite like using

zfs for jails as you can limit the disk usage dynamically per zfs
filesystem and I didnt see any support there yet, even basic support
like there is with ezjail would be nice.



Zfs was left out because its over kill. Sparse image jails gives the same
protection at a 10th of the overhead.



Hello community,

 ZFS shouldn't be left out. Besides limiting the disk usage dynamically per
zfs FS
you have another big advantage - snapshots. Suppose you want to upgrade
ports
is a jail and something goes kaboom you just revert to the previous working
snapshot.
 I agree you can copy the image back and forth but zfs snapshots are faster
and not
that space consuming.

 The layout that I plan to use is the following:

storage/jails
  |>storage/jails/group1
  | |
  |
|>storage/jails/group1/jail1
  |
|>storage/jails/group1/jail2
  |
  |>storage/jails/group2
  | |> ...
  |

Group can be any kind of characteristic you want to take into account
regarding
those jails (eg. group1 - mail servers, group2 - web servers, groupX -
companyY, etc.).
You can also go with more levels of depth but for me it's enough.

This way if your server doesn't handle all the jails you have running,
simply
buy new hardware, install FBSD (or just copy the ZFS root container over to
the new
system) and migrate the jails over.

I am waiting for network stack virtualization to come out and dreaming about
live jails
migration in the future of FBSD :).

I would like you to reconsider ZFS support and thanks for qjail :).

a great day,
v


What you are doing behind the jail system back using zfs, qjail does 
with the -z zone option right up front. And the archive and restore of 
qjail jails is less than 3 seconds right now. How much faster does it 
need to be?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: new jail utility is available. announcement.

[Aiza]

Not yet, when I have a spare box I might, although I quite like using
zfs for jails as you can limit the disk usage dynamically per zfs
filesystem and I didnt see any support there yet, even basic support
like there is with ezjail would be nice.



Zfs was left out because its over kill. Sparse image jails gives the 
same protection at a 10th of the overhead.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: new jail utility is available. announcement.

[Aiza]

i have only done preliminary tinkering and it looks ok so far (i did have to
pre bind the jail ip). Might have to find a box to put freebsd 9 on and see
how it works with the network stack virtualization.


Please explain what you mean by pre-bind the jail ip address. I think 
you skipped over the create command -n option.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: new jail utility is available. announcement.

[Aiza]

Jerry wrote:

On Wed, 21 Jul 2010 02:25:32 +0800
Aiza  articulated:


Like the announcement said the port is available at 
http://sourceforge.net/projects/qjail/


And if you have ever submitted a new port for inclusion into the freebsd 
ports system you would know that it takes months for it to show up in 
the collection.


Actually, I have submitted a few ports. I believe it averaged only
approximately 10 to 14 days before they were officially committed to
the ports tree. Updating them usually takes 10 days or less.

So you can wait till xmas or RELEASE 9.0 to come out for the port to be 
in the ports collection or just fetch it form the development project site.


I guess I was just lucky I did not have to wait 6 months. I am
assuming, perhaps incorrectly, that you might be the maintainer of this
new port. What is the PR #?

There has been the normal pre RELEASE freeze on since xmas, that is why 
no port activity is occurring right now.


 http://www.freebsd.org/cgi/query-pr.cgi?pr=148777


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Recommend ezjail.conf settings?

[Aiza]

Ed Flecko wrote:

Hi folks,
I'm looking at the ezjail.conf file, and it seems like SOME of the
settings might be mandatory, but they're all commented out.

For example, the:

# ezjail_mount_enable="YES"
# ezjail_devfs_enable="YES"
# ezjail_devfs_ruleset="devfsrules_jail"
# ezjail_procfs_enable="YES"
# ezjail_fdescfs_enable="YES"

should be uncommented because they're "Default options for newly
created jails", right?

Are there any of the other settings I might want to consider enabling?

Thank you,
Ed

Of course their commented out. Those are the default settings
hard coded in the ezjail-admin script.

You have no need to ever change those. Leave the conf file alone. 
Messing with it will only cause you problems.


And I suggest you leave that dinosaur ezjail to it death and move on to 
its replacement, qjail. Which is a complete rewrite of ezjail, fixing 
all of its long time bugs and adding many new features.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: new jail utility is available. announcement.

[Aiza]

Jerry wrote:

On Tue, 20 Jul 2010 12:29:56 +0800
Aiza  articulated:



This is a news announcement to inform people who have interest in jails,
that a new jail utility is available.

http://sourceforge.net/projects/qjail/

Has a file suitable for the pkg_add command or the port make files can 
be downloaded and a "make install" run.



Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot 
jail system that includes security and performance enhancements. Plus a 
new level of "user friendliness" enhancements dealing with deploying 
just a few jails or large jail environments consisting of 100's of 
jails. Qjail requires no knowledge of the jail command usage.


It uses "nullfs" for read-only system binaries, sharing one copy of
them with all the jails.

Uses "mdconfig" to create sparse image jails. Sparse image jails
provide a method to limit the total disk space a jail can consume,
while only occupying disk space of the sum size of the files in
the image jail.

Ability to assign ip address with their network device name,
so aliases are auto created on jail start and auto removed on jail stop.

Ability to create "ZONE"s of identical qjail systems, each with
their own group of jails.

Ability to designate a portion of the jail name as a group prefix so
the command being executed will apply to only those jail names
matching that prefix.

Qjail reduces the complexities of small and large jail deployments to 
the novice level. Qjail has a fully documented manpage written for easy 
comprehension. Details are given to felicitate the use of qjail's

capabilities to the fullest extent possible.


There presently does not exist a port for this, or at least I could not
find one. Is someone going to create a port?


Like the announcement said the port is available at 
http://sourceforge.net/projects/qjail/


And if you have ever submitted a new port for inclusion into the freebsd 
ports system you would know that it takes months for it to show up in 
the collection.


So you can wait till xmas or RELEASE 9.0 to come out for the port to be 
in the ports collection or just fetch it form the development project site.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipnat.conf - map and rdr won't work!

[Aiza]

alexus wrote:

 su-3.2# grep ^firewall /etc/rc.conf
 firewall_enable="YES"
 firewall_type="open"

 su-3.2# grep ^ip /etc/rc.conf
 ipfilter_enable="YES"
 ipmon_enable="YES"
 ipnat_enable="YES"
 ipnat_flags="-d"

This is not good.
You are running 2 different firewalls at the same time.
comment out
firewall_enable="YES"
firewall_type="open"

and reboot your system.




do you know that for a fact or you just guessing??

because first of all it worked before just fine with 2 firewalls
second i disabled firewall, so firewall is no longer an issue
third i have another system just like that that runs 2 firewall and
everything working just fine!

if you dont know the answer there is no need to throw just any answer
as its pretty clear that this isn't the right answer

Just because 2 firewalls at same time didn't blow up in your face 
before, sure don't mean they are working correctly. Thats one bad 
assumption to base debugging on.


Jumping in my face, questioning the free advice given, sure makes you 
look foolish. You should read the handbook firewall section before 
opening your month and sticking your foot into it.


People on this list will stop helping if you turn on them and bit the 
hand that feeds you.


And another thing. Network access for a jail is not controlled by the 
hosts firewall. You need to look else where for your jail network access 
solution.


If your attitude was not so XXX, I could have told you the solution, 
but now go learn it the hard way.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipnat.conf - map and rdr won't work!

[Aiza]

alexus wrote:

On Mon, Jul 19, 2010 at 12:38 PM, Erik Norgaard  wrote:

On 19/07/10 16.46, alexus wrote:

Use tcpdump, you should see if your rdr/map rules work as expected.
Also,
pfctl -ss and similar.

i don't know how to use tcpdump, can you provide exact syntax so i can
run
it?

The man-page is excelent.

tried that, unfortunately not really sure what am i doing.. still

Can't help you more, really, you need to investigate where packets are
dropped, tcpdump is a great tool and the man-page is excelent, can't explain
it better, if you don't like tcpdump then use any other packet sniffing tool
at hand, snort for example.


ipmon:

20/07/2010 10:22:00.123106 @2 NAT:RDR 172.16.172.16,22 <- ->
64.52.58.58,22 [69.10.67.106,6346 PR tcp]
20/07/2010 10:26:00.340436 @2 NAT:EXPIRE 172.16.172.16,22 <- ->
64.52.58.58,22 [69.10.67.106,6346 PR tcp] Pkts 11/0 Bytes 640/0

tcpdump:

tcpdump: listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
11:40:07.366519 IP (tos 0x0, ttl 49, id 48580, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc05d (correct), 208454974:208454974(0) win 65535 
11:40:08.346575 IP (tos 0x0, ttl 49, id 19079, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc054 (correct), 208454974:208454974(0) win 65535 
11:40:09.102442 IP (tos 0x0, ttl 49, id 28097, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc04a (correct), 208454974:208454974(0) win 65535 
11:40:10.108089 IP (tos 0x0, ttl 49, id 28130, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc040 (correct), 208454974:208454974(0) win 65535 
11:40:11.104669 IP (tos 0x0, ttl 49, id 27900, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc036 (correct), 208454974:208454974(0) win 65535 
11:40:12.110396 IP (tos 0x0, ttl 49, id 56214, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc02c (correct), 208454974:208454974(0) win 65535 
11:40:14.105642 IP (tos 0x0, ttl 49, id 41429, offset 0, flags [DF],
proto TCP (6), length 64) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0xc018 (correct), 208454974:208454974(0) win 65535 
11:40:18.114148 IP (tos 0x0, ttl 49, id 30423, offset 0, flags [DF],
proto TCP (6), length 48) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0x8b0d (correct), 208454974:208454974(0) win 65535 
11:40:21.899739 arp who-has 64.52.58.36 tell 64.52.58.33
11:40:24.830499 arp who-has 64.52.58.36 tell 64.52.58.33
11:40:26.125568 IP (tos 0x0, ttl 49, id 25515, offset 0, flags [DF],
proto TCP (6), length 48) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0x8b0d (correct), 208454974:208454974(0) win 65535 
11:40:42.157443 IP (tos 0x0, ttl 49, id 18773, offset 0, flags [DF],
proto TCP (6), length 48) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0x8b0d (correct), 208454974:208454974(0) win 65535 
11:41:14.193555 IP (tos 0x0, ttl 49, id 42007, offset 0, flags [DF],
proto TCP (6), length 48) 69.10.67.106.9408 > 64.52.58.58.22: S, cksum
0x8b0d (correct), 208454974:208454974(0) win 65535 
^C180 packets captured
182 packets received by filter
0 packets dropped by kernel


Do packets can get dropped because of your firewall default policy? For
stealth it may be set to simply drop packets which result in a connection
time-out rather than send a TCP-RST.


su-3.2# grep ^firewall /etc/rc.conf
firewall_enable="YES"
firewall_type="open"
su-3.2# ipfw show
00100   5478792380 allow ip from any to any via lo0
00200  0 0 deny ip from any to 127.0.0.0/8
00300  0 0 deny ip from 127.0.0.0/8 to any
65000 869903 554820708 allow ip from any to any
65535  0 0 deny ip from any to any
su-3.2# grep ^ip /etc/rc.conf
ipfilter_enable="YES"
ipmon_enable="YES"
ipnat_enable="YES"
ipnat_flags="-d"
su-3.2#

i even did this

su-3.2# /etc/rc.d/ipfw stop
net.inet.ip.fw.enable: 1 -> 0
su-3.2#


Do packets get dropped because of nat on the way in? or on the way out?


i tried disabling map rule and leave only rdr, that didn't help


What if you just disable ipnat? What if you flush the firewall rules?
(disconnect from the Internet first)


if i disable ipnat then map or rdr wont work as they simply disabled

i disabled ipfw, and i dont have any rules inside of ipfilter


Do you have any logs in the jail that indicate that the first packet is
actually received? Do your firewall log connections? If not, see how you can
enable logs on all rules to get more information.


nothing gets to jail there for no logs inside of jail


Can you connect out from the jail, to external servers? only to the jail
hosting server? Did the jail's ssh log tell anything?


no i can not connect out from jail, as map doesn't work either
nothing gets to


You wrote you can connect with ssh from the hosting server to the jail, but
it took a long time, did you investigate this? Is there 

new jail utility is available. announcement.

[Aiza]

This is a news announcement to inform people who have interest in jails,
that a new jail utility is available.

http://sourceforge.net/projects/qjail/

Has a file suitable for the pkg_add command or the port make files can 
be downloaded and a "make install" run.



Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot 
jail system that includes security and performance enhancements. Plus a 
new level of "user friendliness" enhancements dealing with deploying 
just a few jails or large jail environments consisting of 100's of 
jails. Qjail requires no knowledge of the jail command usage.


It uses "nullfs" for read-only system binaries, sharing one copy of
them with all the jails.

Uses "mdconfig" to create sparse image jails. Sparse image jails
provide a method to limit the total disk space a jail can consume,
while only occupying disk space of the sum size of the files in
the image jail.

Ability to assign ip address with their network device name,
so aliases are auto created on jail start and auto removed on jail stop.

Ability to create "ZONE"s of identical qjail systems, each with
their own group of jails.

Ability to designate a portion of the jail name as a group prefix so
the command being executed will apply to only those jail names
matching that prefix.

Qjail reduces the complexities of small and large jail deployments to 
the novice level. Qjail has a fully documented manpage written for easy 
comprehension. Details are given to felicitate the use of qjail's

capabilities to the fullest extent possible.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipfw nat and jails on loopback - is it possible?

[Aiza]

Michael wrote:

Hello.

Does anybody has a working configuration with ipfw nated jails on 
loopback interface?
It simply doesn't work on my system. I can not get any connections to 
outside world from within a jail.


FreeBSD 8.0-p3 amd64 laptop connected to internet via wlan0 (ath0) with 
192.168.1.111 address.

Jail with IP 127.127.127.1 aliased on lo0.

Host system configuration:
/etc/rc.conf
   ifconfig_wlan0="WPA DHCP"
   ifconfig_lo0_alias0="inet 127.127.127.1 netmask 255.255.255.255"
   gateway_enable="YES"
   firewall_enable="YES"
   firewall_script="/etc/ipfw.rules"
   firewall_nat_enable="YES"
   firewall_nat_interface="wlan0"
/etc/resolve.conf
   nameserver 208.67.222.222
   nameserver 208.67.220.220
/etc/ipfw.conf
   ipfw -q -f flush
   ipfw add 1 allow all from 127.0.0.1 to 127.0.0.1 via lo0
   ipfw add 2 nat 100 ip from 127.127.127.1 to any via wlan0 keep-state
   ipfw nat 100 config ip 192.168.1.111
   ipfw add 3 allow all from any to any

Jailed system configuration:
/etc/rc.conf
   network_interfaces=""
/etc/resolve.conf
   nameserver 208.67.222.222
   nameserver 208.67.220.220


Now I'm doing ssh into a jailed system (127.127.127.1). Then on jail 
system I'm trying to do for example:


host freebsd.org
;; connection timed out; no servers could be reached

And on host system:
ipfw -d show
1   0 0 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
2   4   228 nat 100 ip from 127.127.127.1 to any via wlan0 keep-state
3 182 24627 allow ip from any to any
65535   0 0 deny ip from any to any
## Dynamic rules (2):
2   157 (1s) STATE udp 127.127.127.1 58340 <-> 208.67.222.222 53
2   157 (2s) STATE udp 127.127.127.1 39870 <-> 208.67.220.220 53


So no packets got blocked but still it doesn't work properly. I'm trying 
to get it working for couple weeks now and I'm afraid I just run out of 
ideas so any help would be very appreciated.





you have to put your hosts /etc/resolve.conf  in each jail before you 
can get network connection.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Clarification: "Jail" -vs- "Chroot"

[Aiza]

Ed Flecko wrote:

Hi folks,
I'm reading about "jails" and "chroot", and I'm not clear about the
differences so I'm hoping someone can clarify this for me.

Here's what I "think" is correct:

1.) FreeBSD has both "chroot" capability as well as "jail" capability.

2.) Only FreeBSD has true, "jail" functionality? Yes?...No?

3.) When reading something (book, article, etc.), is there a way to
determine if the author is, in fact, talking about truly a "jail" or
are they really just referring to a "chroot" environment? For example,
I have a book ("Preventing web attacks with Apache") that says:

"Chroot is short for change root and essentially allows you to run
programs in a protected or jailed environment. The main benefit of a
chroot jail is that the jail will limit the portion of the file system
the daemon can see to the root directory of the jail. Additionally,
since the jail only needs to support Apache, the programs available in
the jail can be extremely limited."

4.) Jail is the more secure of the two options?

5.) When would you "typically" use a jail -vs- a chroot? The new, 2nd
edition of "Absolute FreeBSD" says:

"Chrooting is useful for web servers that have multiple clients on one
machine—that is, web servers with many virtual hosts."

Comments??? Suggestions???

Thank you!

Ed


Well let me take a shot at this. First of all we are only talking about 
the FreeBSD operating system. The ability to chroot a directory tree has 
been available since RELEASES 2.0. The jail utility first appeared in 
RELEASE 4.0. The jail utility is just a basic effort to automate the 
building and administration of an chrooted directory tree which is 
pretty much useless unless it contains a complete copy of the Freebsd 
operating system binaries. The major short coming of the jail command 
jail system is each jail has it's own copy of the hosts running system 
binaries. Freebsd reserves a limited number of control structures for 
storing files and directories, called inodes. Creating a few jails 
consumes many of these valuable inodes, eventually preventing the 
creation of new jails and new files on the host. Worst yet is each jail 
loads it's own copy of it's running binaries into memory which causes 
thrashing on the swap device as memory pages are swapped in and out as 
the limited memory is shared between the host and jails. Besides 
consuming resources and creating performance degradation, this also 
causes a major administration headache when wanting to update the host 
running system, because the host and the jails all have to be running 
the same RELEASE version.


Now with some considerable hand jobbing per the jail section of the 
handbook, a jail environment can be created where by a single copy of 
the jailed running binaries are shared among all the jails. But this 
still leaves you with an administration nightmare as the number of jails 
deployed grows past 5. Now there are some ports in the port system that 
are utility wrappers around the jail command that tries to address this 
administration nightmare. My experience with these are they are very 
poorly documented and you really need to have a good grasp on how jails 
work and network ip address usage before they are useful. Their easy of 
use quickly evaporates as the number of jails deployed reaches 10.


The next generation of a jail utility for the deployment of a large 
number of jails is in project phase right now. Keep checking the ports 
system for qjail.


Now about what to run in a jail. Well since each jail is like a complete 
stand-a-lone operating system, you can populate it with any application 
you want. The real limitation is how is that jail going to gain public 
internet access so the domain name of your apache website can be found 
and accessed. A static ip address is pretty much required, though with 
some creative ip address assignments this can be circumvented. Thats a 
whole other subject area.














___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh check for sufix g or m on size field

[Aiza]

Anonymous wrote:

Aiza  writes:


Have a .sh script that accepts an -s sparse file size.
Only 2 suffix's are valid m and g.

Been trying to get this line of code to strip out just the single
letter. But it strips the letter and every thing to the right of it.

Timagesize=`echo-n "${imagesize}" | sed 's/g.*$//'`


You didn't state what's your input. I guess smth like following will do

  strip() {
  local size=
  if printf >&- 2>&- %g ${size:=${1%[gm]}}; then
  echo "it's a \`$size' without suffix"
  else
  echo "$1 has invalid suffix"
  fi
  }

  $ strip 17m
  it's a `17' without suffix
  $ strip 33g
  it's a `33' without suffix
  $ strip 25gm
  25gm has invalid suffix



This is real close but it allows a numeric value through as valid which 
is not a valid condition. The $size value has to be suffixed with g or m 
to be valid. A numeric value only or a numeric value suffixed with 
anything else than m or g is invalid.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh check for sufix g or m on size field

[Aiza]

Sorry miss send, was not done yet.

Have a .sh script that accepts an -s sparse file size.
Only 2 suffix's are valid m and g.

Been trying to get this line of code to strip out just the single 
letter. But it strips the letter and every thing to the right of it.


Timagesize=`echo-n "${imagesize}" | sed 's/g.*$//'`

I plan to strip just the m or g if its there and the result should be 
numeric. If not numeric know invalid suffix.


Need help with the sed syntax. Or if there is better way I want to learn 
it.


Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh check for sufix g or m on size field

[Aiza]

Have a .sh script that accepts an -s sparse file size
Only 2 suffix's are valid m and g.

Been trying to get this line of code to just strip out just the single 
letter. But it strips the letter and every thing to the right of it.


Timagesize=`echo-n "${imagesize}" | sed 's/g.*$//'`

I plan to strip just the m or g if its there and the result shouls be j
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: how to setenv using Bourne .sh

[Aiza]

Polytropon wrote:

On Sat, 10 Jul 2010 11:43:13 +, "b. f."  wrote:

Polytropon wrote:
On Sat, 10 Jul 2010 10:53:17 +0800, Aiza  wrote:

Trying the set the pkg_add environment variable PKGDIR using this


setenv PKGDIR="/usr/packages"  and get this error message
setenv: Syntax Error.

Of course. The sh shell doesn't have setenv.

It looks like he is actually using csh, because in the Bourne shell
issuing that command usually yields "setenv: not found".  His problem
is that, unlike "export",  setenv doesn't take an "=" between the
variable and the value to be assigned to it.  See csh(1).


Yes, you're right of course, I didn't notice that. The correct
syntax for the setenv command in the C shell is

setenv VAR "value"




When you are directed to builtin(1), it usually means that you should
refer to the manpage(s) of the shell that you are using for the
information that you need.


That's why I suggested looking at csh's manpage. :-(




I am using root and have a pristine install on freebsd 8.0 so what ever 
the default shell for root is, is what I am using.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: how to setenv using Bourne .sh

[Aiza]

Polytropon wrote:

On Sat, 10 Jul 2010 10:53:17 +0800, Aiza  wrote:

Trying the set the pkg_add environment variable PKGDIR using this


setenv PKGDIR="/usr/packages"  and get this error message
setenv: Syntax Error.


Of course. The sh shell doesn't have setenv.




man setenv is useless.


The manual entry of setenv can be found in "man csh". :-)



The question is how do I set a environment variable using the default 
freebsd shell?


You mean: FreeBSD's default scripting shell. :-)

$ PKGDIR="/usr/packages"
$ export PKGDIR

or

$ export PKGDIR="/usr/packages"

Refer to "man sh" for details. The setenv command is a built-in for
the C Shell.




When I put export on the console command line I get this message
export: Command not found.

But I was able to get setenv and unsetenv to work this way

setenv PKGDIR "/usr/packages/"
unsetenv PKGDIR
and just setenv shows me everything already set.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

how to setenv using Bourne .sh

[Aiza]

Trying the set the pkg_add environment variable PKGDIR using this


setenv PKGDIR="/usr/packages"  and get this error message
setenv: Syntax Error.

man setenv is useless.

The question is how do I set a environment variable using the default 
freebsd shell?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

jls jail command

[Aiza]

what is jls command syntax to list all jails a path location?

jls -n shows path=/usr/jails/  thats my primary jail system.

I have secondary jail system at /usr/jails.sys2/

I tried jls -j /usr/jails.sys2/  and  jls -j /usr/jails.sys2/jailname 
and got core dump.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Booting FreeBSD from Compact Flash

[Aiza]

Graham Bentley wrote:

OK I confess that this is associated with FreeNAS however
it seems rather quiet over there on the support forums and I
know there are some knowledgeable BSD people on this
list who may be willing to help on this ...

Compact Flash: Kingston 4GB 45x Elite Pro [CF/4GB-S]
Target Mainboard: VIA EPIA-V1
* I D/L'ed FreeNAS-i386-embedded-0.7.2.5252.img
* I checksumed it with md5sum for WindowsXPP - it matched
* I used physdiskwrite v0.5.2 to write the image to CF on my desktop PC
* I hoooked up the CF to the target mainboard and booted the kernel
Now this is where things go awry  I end up at this prompt ;

mountroot>

I can see the Kinston is ID as ad0 a few lines above at ata0-master.
If I enter ? I get a list of boot devices as follows ; ad0c ad0a ad0
If I enter; mountroot> ufs:/dev/ad0a I get a 'panic: no init' message
and a reboot ; no other choice of boot device gives any such result.
CF boots perfectly hooked up to my desktop PC. On Via Mainboard
I have tried switching off all IDE 'modes' to zero etc but still no joy.
I tried using the verbose boot option and notice that following the CF
card being ID'ed I get the following ;

ad0 VIA check1 failed
ad0 Adaptec check1 failed
ad0 LSI (v3) check1 failed
ad0 LSI (v2) check1 failed
ado FreeBSD check1 failed

Would I be right in thinking that its chipset support for this baord is 
whats

preventing access to the root of the OS/FS?

And if it is, is it possible to add module support somehow?

Thanks in advance of any help :)



Maybe this will be helpful

http://forums.freebsd.org/showthread.php?t=11715
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

jail and uname

[Aiza]

From the console of a jail I issue uname –r and get 8.0-RELEASE-p3, 
which is the release level of the host. I know the jail is running a 
pristine minimum install of 8.0-RELEASE.


I would think issuing uname from within a jail environment should 
respond with the info of the jail environment. Is this not a security 
violation?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

freebsd-update and jails

[Aiza]

If I run freebsd-update on the host updating to 8.0-RELEASE-p3 and then 
run it again with the -b option pointing to the directory tree of the 
jail, I get message saying no update needed to update system to 
8.0-RELEASE-p3. I know the directory tree jail is at 8.0-RELEASE.


If I start a jail and login to its console, I can run freebsd-update 
fetch and it downloads stuff. So it knows the system is not at p3 level. 
But when I run the freebsd-update install, I get error saying all the 
files it wants to touch are read only permission. Just like the jail is 
suppose to do.


Looks like freebsd is inspecting the host to determine what RELEASE it's 
at and NOT the system at the -b option.


Am I doing some thing wrong?

Is this maybe a bug?

Help please.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Bourne .sh ?

[Aiza]

Chip Camden wrote:

On Jul 02 07:43, Aiza wrote:

I have a file containing this

drwxrwxr-x  14 89987  546  512 Jun  6  2009 7.2-RELEASE
drwxrwxr-x  14 89987  546  512 Mar 23 04:59 7.3-RELEASE
drwxrwxr-x  13 89987  546  512 Nov 23  2009 8.0-RELEASE
drwxrwxr-x  13 89987  546  512 Jul  1 04:56 8.1-RC2

I want to strip off everything to the left of the release
version so I end up with this.

7.2-RELEASE
7.3-RELEASE
8.0-RELEASE
8.1-RC2

How would I code to do this?


sed -e 's/.* //' < file

assuming there are no trailing spaces on each line.

Another alternative would be to create the list without all that detail:

ls -1



Wow do I feel stupid. You saw through my question to the underlying 
problem causing the need to strip off that stuff. I just changed the 
command from ls -l to ls -1 and got what I wanted in the first place.


Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Bourne .sh ?

[Aiza]

I have a file containing this

drwxrwxr-x  14 89987  546  512 Jun  6  2009 7.2-RELEASE
drwxrwxr-x  14 89987  546  512 Mar 23 04:59 7.3-RELEASE
drwxrwxr-x  13 89987  546  512 Nov 23  2009 8.0-RELEASE
drwxrwxr-x  13 89987  546  512 Jul  1 04:56 8.1-RC2

I want to strip off everything to the left of the release
version so I end up with this.

7.2-RELEASE
7.3-RELEASE
8.0-RELEASE
8.1-RC2

How would I code to do this?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sparse image

[Aiza]

Vincent Hoffman wrote:

On 23/06/2010 11:26, Aiza wrote:

Is there an equivalent of the MAC sparseimage on FreeBSD?

If you mean you would like to make a sparse file and attach it using
mdconfg then
dd if=/dev/zero of=/path/to/outfile bs=1M seek=1024 count=0
This will give you a sparse file that reports a gig in size, but only
uses whats actually in use.
you can then use mdconfig(8) to allow this to be partitioned formatted
and mounted.
Example below. see also
http://www.freebsd.org/doc/en/books/handbook/disks-virtual.html although
that example doesnt use a spare file.

[r...@ostracod /scratch/media]# dd if=/dev/zero of=foo.img bs=1M
seek=1024 count=0
0+0 records in
0+0 records out
0 bytes transferred in 0.66 secs (0 bytes/sec)
[r...@ostracod /scratch/media]# ls -lh foo.img
-rw-r--r--  1 root  wheel   1.0G Jun 23 11:45 foo.img
[r...@ostracod /scratch/media]# du -h foo.img
 48Kfoo.img
[r...@ostracod /scratch/media]# mdconfig -a -t vnode -f foo.img
md0
[r...@ostracod /scratch/media]# gpart create -s gpt md0
md0 created
[r...@ostracod /scratch/media]# gpart add -t freebsd-ufs md0
md0p1 added
[r...@ostracod /scratch/media]# newfs /dev/md0p1
/dev/md0p1: 1024.0MB (2097084 sectors) block size 16384, fragment size 2048
using 6 cylinder groups of 183.72MB, 11758 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 160, 376416, 752672, 1128928, 1505184, 1881440
[r...@ostracod /scratch/media]# !ls
ls -lh foo.img
-rw-r--r--  1 root  wheel   1.0G Jun 23 11:46 foo.img
[r...@ostracod /scratch/media]# !du
du -h foo.img
736Kfoo.img
[r...@ostracod /scratch/media]# mount /dev/md0p1 /mnt/foo/
[r...@ostracod /scratch/media]# df -h | grep foo
/dev/md0p1  989M4.0K910M 0%/mnt/foo
[r...@ostracod /scratch/media]#

Hope this is helpful.
Vince
 


Thanks Vince this was very helpful.
I was able to create a sparse image jail, but when I used cpio to 
duplicate the sparse file to other jails I lost the sparseness of the 
file. Is there a way to copy a sparse file and keep it intact?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh check for numeric content

[Aiza]

Jerry wrote:

On Thu, 24 Jun 2010 09:14:39 -0700
Chip Camden  articulated:

[snip]


That [[:digit:]] pattern only works if your shell supports POSIX
character classes in the case statement.


I use Bash myself. I am not sure what other shells support this
context. In any case, I simply supplied a possible solution. I leave it
up to the OP to determine if it is suitable for his/her environment.


The subject clearly tells you what shell the o/p is using.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh check for numeric content

[Aiza]

Aiza wrote:

Thomas wrote:

On Thu, Jun 24, 2010 at 09:24:39AM +0800, Aiza wrote:

Hello,


Receiving a variable from the command line that is suppose
to contain numeric values.

How do I code a test to verify the content is  numeric?


http://www.google.com/search?q=shell+test+if+variable+numeric

First link =>
http://www.unix.com/shell-programming-scripting/46276-check-variable-if-its-non-numeric.html 



Gosh, Google is full of answers these days..



yea but none of them are for freebsd style .sh shell


I'm, using

[ "${dup_times}" != [0-9] ] && exerr "value not numeric"

and get the errot messahe no mater what value is in dup_times.

What is wrong with this code?




Tried this suggestion from a reply and it worked.
Only valid numeric value is whole numbers.

if expr "${dup_times}" : "[0-9]*$"
then
   echo "value is numeric"
else
   echo "value is not numeric"
fi


But when I tried this format
[ expr "${dup_times}" : "[0-9]*$" ] || echo "value is not numeric"

I get the error message no mater what the value is.

What am I doing wrong?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh check for numeric content

[Aiza]

Thomas wrote:

On Thu, Jun 24, 2010 at 09:24:39AM +0800, Aiza wrote:

Hello,


Receiving a variable from the command line that is suppose
to contain numeric values.

How do I code a test to verify the content is  numeric?


http://www.google.com/search?q=shell+test+if+variable+numeric

First link =>
http://www.unix.com/shell-programming-scripting/46276-check-variable-if-its-non-numeric.html

Gosh, Google is full of answers these days..



yea but none of them are for freebsd style .sh shell


I'm, using

[ "${dup_times}" != [0-9] ] && exerr "value not numeric"

and get the errot messahe no mater what value is in dup_times.

What is wrong with this code?




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh check for numeric content

[Aiza]

Receiving a variable from the command line that is suppose
to contain numeric values.

How do I code a test to verify the content is  numeric?

Thanks for for help.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

sparse image

[Aiza]

Is there an equivalent of the MAC sparseimage on FreeBSD?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh & ip address

[Aiza]

I looking to take the last group number in a ip address and bump the 
number by 1.

BY the way is there some name for each group of numbers in the ip address?

Something like.

org_ip="10.0.10.2"
short_ip=need command to strip off the 2 so short_ip contains 10.0.10.
and ip_suffix= ends up holding the 2, then add 1 to the ip_suffix.
ip_suffix=$(( ${ip_suffix + 1 ))
org_ip="${short_ip}${ip_suffix}"

Thinking there must be some common way of manipulating ip addresses that 
I just don't know about.


Thanks for your help.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh for loop

[Aiza]

Samuel Martín Moro wrote:

for name in "${path}/${group}"*
do
path=/dev
group=ttypqfr
for name in "${path}/${group}"*
do
   test "$name" = "${path}/${group}*" && continue
   [ -z "${found_list}" ] && found_list="${name}" ||
found_list="${found_list} ${name}"
done
echo "found list: $found_list"


Thank You Samuel.
Using the 'test' command solved my problem.

I had not known about the 'test' command.
You have taught me something new.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh for loop

[Aiza]

Samuel Martín Moro wrote:

it seems to work

your main error is to use ${found_name} instead of ${name}.
also, you do not set ${group} in your example.
and, not essential, but test -z before adding useless spaces.
correcting that, I had it working perfectly.

h2g2:~# cat test
path=/dev
group=tty
for name in "${path}/${group}"*
do
[ -z "${found_list}" ] && found_list="${name}" || 
found_list="${found_list} ${name}"

done
echo "found list: $found_list"
h2g2:~# sh test
found list: /dev/ttyU0 /dev/ttyU0.init /dev/ttyU0.lock /dev/ttyd0 
/dev/ttyd0.init /dev/ttyd0.lock /dev/ttyp0 /dev/ttyp1 /dev/ttyp2 
/dev/ttyp3 /dev/ttyp4 /dev/ttyp5 /dev/ttyp6 /dev/ttyp7 /dev/ttyv0 
/dev/ttyv1 /dev/ttyv2 /dev/ttyv3 /dev/ttyv4 /dev/ttyv5 /dev/ttyv6 
/dev/ttyv7 /dev/ttyv8 /dev/ttyv9 /dev/ttyva /dev/ttyvb /dev/ttyvc 
/dev/ttyvd /dev/ttyve /dev/ttyvf

h2g2:~#



Ok lets say that group had a value in it that was not found.
How do i identify that condition?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh for loop

[Aiza]

In a script I have this code
path="/usr/namelist"
  for name in "${path}/${group}"*; do
 found_list="${found_list} ${found_name}"
  done

The "done" starts another loop. How do I code to know when the "for" has 
completed. I want to echo "results of for = ${found_list}" to see the 
accumulated contents. If I put the echo after the "done" I see it for 
each loop.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh and sed

[Aiza]

Matthew Seaman wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/06/2010 12:16:06, Aiza wrote:

Trying to use sed to remove the path from the file name.
Variable has complete path plus the file name
/usr/local/etc/filename
Need variable containing only the file name.
Is the sed utility the best thing to use?
Is there some other utility better suited for this task.
How would sed by coded to do this?


sh(1) can do this alone, without recourse to any external programs.

path='/usr/local/etc/filename'
fname=${path##*/}
echo $fname

There is also an external program basename(1)

The same trick with sed(1):

fname=$( echo $path | sed -e 's,^.*/,,' )

but the built-in prefix matching stuff is preferable since it is more
efficient.

Cheers,

Matthew

- -- 


Thanks for your help.

The fname=${path##*/} solution worked for.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: * wildcard in.sh script

[Aiza]

Polytropon wrote:

On Tue, 15 Jun 2010 09:25:05 -0700, Chip Camden  
wrote:

As others have mentioned, you need to quote or escape the * in the
command line:

admin "cell*"


The problem, for explaination purposes, is that the shell you
enter the command will already expand cell* to cell_A, cell_B
and so on. This means that inside your script $1 will be assigned
the first matching entry, $2 would be the second one, $3 a third
one and so on.

To avoid this, you need to directly communicate the * to your
script's parameter $1, which is done by escaping or quoting it.
In this case, $1 will contain a literal * inside the script.

In most cases when scripting, it's useful not to assume such a
complicated command line processing. You better let the shell
do the expansion of *, so your script gets a lot of parameters,
one for each match, and you then continue to process them.

Another option is to just provide a prefix pattern to your
script, and let IT then add the * to expand it internally
within the script (i. e. by the shell that processes the
script). So you won't have to give a * at the command line
of the calling dialog shell.




Since I needed a wildcard character that was not already defined with 
special function that didn't have the be " " on the command line, I 
experimented some and found the = sign. It works for me.


Thanks to everyone who replied.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh and sed

[Aiza]

Trying to use sed to remove the path from the file name.
Variable has complete path plus the file name
/usr/local/etc/filename
Need variable containing only the file name.
Is the sed utility the best thing to use?
Is there some other utility better suited for this task.
How would sed by coded to do this?

Thanks for your help in advance.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: * wildcard in.sh script

[Aiza]

Chip Camden wrote:

On Jun 15 2010 17:06, Aiza wrote:

Aiza wrote:
I have a directory with files in it. The first 3 letters of the file 
names is the group prefix. I'm trying to write a script to accept the 3 
letter of the group followed by a * to mean its a prefix lookup. But 
when I run it I get a message "NO match" that is not issued by the 
script. Its like * is not allowed as input.


Looking for sample .sh code for handling this standard type of lookup or 
some online tutorial that has sample code for bourne shell programming.





Here is the code

  prefix_name1=$1
  prefix_name2=`echo -n "${prefix_name1}" | sed 's/*.*$//'`
  echo "prefix_name1 = ${prefix_name1}"
  echo "prefix_name2 = ${prefix_name2}"


  if [ ${prefix_name1} -nq ${prefix_name2} ]; then
  echo "prefix_name2 = ${prefix_name2}"
  fi
exerr "hard stop"


Here is the test and out put
# >admin cell*
admin: No match.



As others have mentioned, you need to quote or escape the * in the
command line:

admin "cell*"

You've also botched your regex (/*.*$/) -- it can't begin with a *.  What 
exactly
are you trying to match?

As shown in the posted test results you can see that the * is removed 
from the input cell* and becomes cell and then cell* is compared to cell 
to determine if a search by prefix command was entered on the script 
command line. So the regex (/*.*$/) is working as coded as long as the 
script command line is coded like this "cell*".

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: * wildcard in.sh script

[Aiza]

This is the output. want to build list only containing
file names prefixed with job. Putting " " around the value on the 
command line worked. But before this can go to production will have to 
fix the code so no " " on the command value.


#  >admin  "job*"
prefix_name1 = job*
prefix_name2 = job
 if job* != job
 list all1 = pen2
pen1
job_3
job_2
job_1
cell_B
cell_A
loop  = pen2
pen1
job_3
job_2
job_1
cell_B
cell_A*
hard stop


This is the code. From the results above the "for" is not looping 
through the file name list.


  dir=/usr/local
  prefix_name1=$1
  prefix_name2=`echo -n "${prefix_name1}" | sed 's/*.*$//'`

  echo "prefix_name1 = ${prefix_name1}"
  echo "prefix_name2 = ${prefix_name2}"

  echo " if ${prefix_name1} != ${prefix_name2}"
  if [ "${prefix_name1}" != "${prefix_name2}" ]; then

[ -d "${dir}/etc/jail/" ] && \
  cd "${dir}/etc/jail/" && list=`ls | xargs rcorder`
echo " list all1 = ${list}"
# know this worked because see it in the o/p

for jail in "${list}"*; do
 echo "loop  = ${jail}"
 # this only shows first file name in the o/p
 # though the * on the for command would do globbing
done
  fi
exerr "hard stop"




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: * wildcard in.sh script

[Aiza]

Aiza wrote:
I have a directory with files in it. The first 3 letters of the file 
names is the group prefix. I'm trying to write a script to accept the 3 
letter of the group followed by a * to mean its a prefix lookup. But 
when I run it I get a message "NO match" that is not issued by the 
script. Its like * is not allowed as input.


Looking for sample .sh code for handling this standard type of lookup or 
some online tutorial that has sample code for bourne shell programming.






Here is the code

  prefix_name1=$1
  prefix_name2=`echo -n "${prefix_name1}" | sed 's/*.*$//'`
  echo "prefix_name1 = ${prefix_name1}"
  echo "prefix_name2 = ${prefix_name2}"


  if [ ${prefix_name1} -nq ${prefix_name2} ]; then
  echo "prefix_name2 = ${prefix_name2}"
  fi
exerr "hard stop"


Here is the test and out put
# >admin cell*
admin: No match.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

* wildcard in.sh script

[Aiza]

I have a directory with files in it. The first 3 letters of the file 
names is the group prefix. I'm trying to write a script to accept the 3 
letter of the group followed by a * to mean its a prefix lookup. But 
when I run it I get a message "NO match" that is not issued by the 
script. Its like * is not allowed as input.


Looking for sample .sh code for handling this standard type of lookup or 
some online tutorial that has sample code for bourne shell programming.


.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.cshrc usage

[Aiza]

I want to change the console prompt for all users that get accounts 
created. I added it to /etc/csh.cshrc which says it a system-wide .cshrc 
file. But after adding a new user with pw command with -m and logging in 
as the user name the prompt is still the old way. Do I have to add it to

/usr/share/skel/dot.cshrc to get the change to take effect?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

freebsd-update upgrade

[Aiza]

The upgrade function requires the -r newrelease flag.
The manpage does not state the formate of the newrelease value.

Is it just the release number like this 8.0 or is it like this 8.0-RELEASE?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

Matthew Seaman wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/06/2010 05:57:37, Aiza wrote:



i) action="installworld"; flag_count=$((flag_count+1));;


Try it like this instead:

i) action="installworld"; flag_count=$(( $flag_count + 1 ));;

(Obviously, apply the equivalent change to the other lines)

Cheers,

Matthew


Thank you that worked.

I have been looking for documentation on freebsd's sh shell programming.
Want to understand what is happening in that getopts I posted. Where can 
I find real explanations?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

Aiza wrote:

CyberLeo Kitsana wrote:

On 06/05/2010 10:56 PM, Aiza wrote:

   i) action="installworld"; $flag_count=$((flag_count+1));;
...
What is still wrong here


Bourne shell expands variables to their contents before evaluating.
Thus, the above assignment ends up expanding to '0=1'. Leave out the $
on the target variable, and it becomes 'flag_count=1', which is more
likely what you intended.



i) action="installworld"; flag_count=$((flag_count+1));;

But when tested it just put 1 into flag_count. it is not adding one to 
the value all ready in  flag_count.


Stilling missing the point here
I want to perform math here. if more than one flag is coded them I want 
the count to increase by 1 for each flag on the command, not change the 
contents of the count to 1.


Again take note this is .sh shell type.


shift; while getopts :ugr: arg; do case ${arg} in
   u) action="freebsd-update";;
   g) action="freebsd-upgrade";;
   r) action="freebsd-rollback";;
   ?) exerr ${cmd_usage};;
esac; done; shift $(( ${OPTION} -1 ))

doing more testing if found that the above $(( ${OPTION} -1 )) 
subtraction is not work either.


echo "OPTION = $OPTION" shows a value of 5, which is the 4 flags plus 
the leading parm. I thought $(( ${OPTION} -1 )) meant it was subtracting 
1 from the parm count which should make it 4 which is the number of 
flags i passed.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

CyberLeo Kitsana wrote:

On 06/05/2010 10:56 PM, Aiza wrote:

   i) action="installworld"; $flag_count=$((flag_count+1));;
...
What is still wrong here


Bourne shell expands variables to their contents before evaluating.
Thus, the above assignment ends up expanding to '0=1'. Leave out the $
on the target variable, and it becomes 'flag_count=1', which is more
likely what you intended.



i) action="installworld"; flag_count=$((flag_count+1));;

But when tested it just put 1 into flag_count. it is not adding one to 
the value all ready in  flag_count.


Stilling missing the point here
I want to perform math here. if more than one flag is coded them I want 
the count to increase by 1 for each flag on the command, not change the 
contents of the count to 1.


Again take note this is .sh shell type.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

/bin/sh can do math on its own:

flag_count=$((flag_count+1))




I want to know if more that one flag has been coded on the command.
So add 1 to counter if that flag was processed. After all the flags are 
processed and fall out of getopts, then check flag counter for value.


Ok I coded like this


  shift; while getopts biugrs: arg; do case ${arg} in
   b) action="buildworld"; $flag_count=$((flag_count+
   i) action="installworld"; $flag_count=$((flag_count+1));;
   u) action="freebsd-update"; $flag_count=$((flag_count+1));;
   g) action="freebsd-upgrade"; $flag_count=$((flag_count+1));;
   r) action="freebsd-rollback"; $flag_count=$((flag_count+1));;
   s) ezjail_sourcetree=${OPTARG}; $flag_count=$((flag_count+1));;
   ?) exerr ${usage_update};;
   esac; done; shift $(( ${OPTIND} - 1 ))


testing with 4 different flags on the command so should match here.
if $flag_count = 4; then
   echo "yes 4 count"
fi

 exerr "hard stop"



When it runs I get this

=1: not found
0=1: not found
0=1: not found
0=1: not found
0: not found
hard stop


What is still wrong here

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

Robert Bonomi wrote:

Date: Sat, 05 Jun 2010 20:51:28 +0800
From: Aiza 
To: Robert Bonomi 
Subject: Re: .sh & getopts

Robert Bonomi wrote:
 

From owner-freebsd-questi...@freebsd.org  Thu Jun  3 23:36:28 2010
Date: Fri, 04 Jun 2010 12:35:56 +0800
From: Aiza 
To: "questi...@freebsd.org" 
Cc: 
Subject: .sh & getopts


Have this code

shift; while getopts :ugr: arg; do case ${arg} in
u) action="freebsd-update";;
g) action="freebsd-upgrade";;
r) action="freebsd-rollback";;
?) exerr ${cmd_usage};;
esac; done; shift $(( ${OPTION} -1 ))


Command being executed looks like this, cmd action -flags  

Only a single -flag in allowed on the command.

$# gives a count of parms ie:  . in this example a count of 2.

I am looking for something to check that holds the number of flags on 
the command. so I can code. if flag_count gt 1 = error


Is there such a thing created by getopts?

Why bother??

 flag_count=0
 shift; while getopts :ugr: arg
   if flag_count = 1; then
 exerr ${cmd_usage}
   fi 
   flag_count=1;

   do case ${arg} in
   {{blah-blah}}


nope dont work.


Yup.  I was in a hurry, got the code mechanics wrong.  it needs to be: 


 flag_count=0
 shift; 
 while getopts :ugr: arg ; do

   if flag_count = 1; then
 exerr ${cmd_usage}
   fi 
   flag_count=1;

   case ${arg} in
 {{blah-blah}}
   ecas
 done




I think I see what your are saying. so to adapt it to my code


flag_count=0
shift; while getopts :ugr: arg; do
 flag_count + 1;
 case ${arg} in
 u) action="freebsd-update";;
 g) action="freebsd-upgrade";;
 r) action="freebsd-rollback";;
 ?) exerr ${cmd_usage};;
 esac; done; shift $(( ${OPTION} -1 ))


 if flag_count gt 3; then
exerr ${cmd_usage}
 fi


I think I got the concept correct, but the flag_count + 1 is not 
correct. I get "flag_count: not found" when I run it this way.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

Robert Bonomi wrote:

m

From owner-freebsd-questi...@freebsd.org  Thu Jun  3 23:36:28 2010
Date: Fri, 04 Jun 2010 12:35:56 +0800
From: Aiza 
To: "questi...@freebsd.org" 
Cc: 
Subject: .sh & getopts


Have this code

shift; while getopts :ugr: arg; do case ${arg} in
u) action="freebsd-update";;
g) action="freebsd-upgrade";;
r) action="freebsd-rollback";;
?) exerr ${cmd_usage};;
esac; done; shift $(( ${OPTION} -1 ))


Command being executed looks like this, cmd action -flags  

Only a single -flag in allowed on the command.

$# gives a count of parms ie:  . in this example a count of 2.

I am looking for something to check that holds the number of flags on 
the command. so I can code. if flag_count gt 1 = error


Is there such a thing created by getopts?


Why bother??

 flag_count=0
 shift; while getopts :ugr: arg
   if flag_count = 1; then
 exerr ${cmd_usage}
   fi 
   flag_count=1;

   do case ${arg} in
   {{blah-blah}}



nope dont work.

If the flags are counted at all it has to be a function of getopts

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: .sh & getopts

[Aiza]

Steve Bertrand wrote:

On 2010.06.04 00:35, Aiza wrote:

Have this code

shift; while getopts :ugr: arg; do case ${arg} in
   u) action="freebsd-update";;
   g) action="freebsd-upgrade";;
   r) action="freebsd-rollback";;
   ?) exerr ${cmd_usage};;
esac; done; shift $(( ${OPTION} -1 ))


Command being executed looks like this, cmd action -flags  

Only a single -flag in allowed on the command.


Here's my obligatory "use Perl;"

# it's a dirty hack out of a util script I use that calls
# methods out of a module. 99% of the code has been stripped,
# so forgive me, especially for the dirty arg count check ;)

# save file to test.pl
# chmod 755 test.pl
# Examples:

#  Help:
#  ./test.pl --help
#  ./test.pl -h

# Man page:
#  ./test.pl --man
#  ./test.pl -M

 copy/paste below this line, until _END_
#!/usr/bin/perl

use strict;
use warnings;

use Getopt::Long;
Getopt::Long::Configure qw( bundling );
use Pod::Usage;

if ( $#ARGV > 0 ) {

my $arg_num = $#ARGV +1 ;
print "\nYou supplied $arg_num args, when only one is allowed\n\n";

die "See $0 -h\n\n";
}

my ( $help, $man ) = 0;

my $result = GetOptions(
'update|u'  => \&update,
'upgrade|g' => \&upgrade,
'rollback|r'=> \&rollback,
'help|h'=> \$help,
'man|M' => \$man,
);

# begin pod2usage

pod2usage({ -verbose => 1 }) if $help;
pod2usage({ -verbose => 2 }) if $man;

sub update {

print "We're updating!\n";

# do something fancy here..
exit;
}

sub upgrade
{

print "We're upgrading!\n";
# more fancy stuff...
exit;
}

sub rollback {

print "Ensure you have a backup, we're rolling back!\n";
# uber fancy!!!
exit;
}



=head1 NAME

perform_maintenance - Do maintenance on FreeBSD

=head1 SYNOPSIS

  # Do update

  ./test.pl --update
  ./test.pl -u

  # Do upgrade

  ./test.pl --upgrade
  ./test.pl -g

  # Do a rollback

  ./test.pl --rollback
  ./test.pl -r

  # display help

  ./test.pl --help
  ./test.pl -h

  # display the manual page

  ./test.pl --man
  ./test.pl -M



=head1 OPTIONS

=over 1



=item --update | -u

Do an update... this example simply outputs 'Update' to STDOUT.



=item --upgrade | -g

Do an upgrade... this example simply outputs 'Upgrade' to STDOUT.



=item --rollback | -r

Perform a rollback... again, of course, we only print out jibberish



=back

=head1 DESCRIPTION

This is a copy/paste of a real-life Perl application that has been
cleared out of all useful code, so it could be used as an example.

It is however an extremely handy framework for accepting both the long
and short forms of parameters, and the perldoc inclusion allows one to
dump 'error' (or more favourably put) help pages onto STDOUT for the user.



Steve Bertrand  as the subject says .sh not perl.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh & getopts

[Aiza]

Have this code

shift; while getopts :ugr: arg; do case ${arg} in
   u) action="freebsd-update";;
   g) action="freebsd-upgrade";;
   r) action="freebsd-rollback";;
   ?) exerr ${cmd_usage};;
esac; done; shift $(( ${OPTION} -1 ))


Command being executed looks like this, cmd action -flags  

Only a single -flag in allowed on the command.

$# gives a count of parms ie:  . in this example a count of 2.

I am looking for something to check that holds the number of flags on 
the command. so I can code. if flag_count gt 1 = error


Is there such a thing created by getopts?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

.sh & tar

[Aiza]

When I exec tar from within a .sh shell script I get this message
tar: Removing leading '/' from member names
I have tar outputting to > /dev/null and still get this message.
With -v or without makes no difference.

How can I stop this
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

command to strip suffix in .sh script

[Aiza]

I have this code

archive_name=`echo -n "${fromarchive}" | tr -c '[:alnum:]' _`

` is the key under Esc key  and ' key is next to enter key.

fromarchive value is archivename-201006021514.34.tar.gz

I want to strip the suffix -201006021514.34.tar.gz from the archivename.

The archivename can be upper and lower case letters interspersed with _


Do I have syntax problem with the code? I get no error on it.

Do I have the tr command coded correctly?

Or should I be using something else instead of tr command?

Help please.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: unexpected operator .sh error

[Aiza]

Chris Hill wrote:

On Tue, 1 Jun 2010, Aiza wrote:


Added some code to a .sh script.
When I run the script works but issues this message
[: =: unexpected operator

No line number telling where to look.
I am not ever sure its talking about.

IS [: whats wrong or =:


I'd guess that what you added includes something like
  if [ x=y ]
  ...

The open-square-bracket, [, is another name for test. IIRC the equal 
sign is not valid in that context.


Can you post the 'before' and 'after' versions of that part of your 
script? It would help us in determining what the problem is.


--
Chris Hill   ch...@monochrome.org



That hint got me to the correct line

I hadif [$1 = "basejail" ]; then

I changed it to   if $1 = "basejail"; then
and got error msg =: not found






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

unexpected operator .sh error

[Aiza]

Added some code to a .sh script.
When I run the script works but issues this message
[: =: unexpected operator

No line number telling where to look.
I am not ever sure its talking about.

IS [: whats wrong or =:
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

how to debug .sh type script

[Aiza]

Is there way to single step through each line of code and see the real 
values of the variables?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this information obtainable?

[Aiza]

Anh Ky Huynh wrote:

On Mon, 31 May 2010 11:41:16 +0800
Aiza  wrote:


I trying to estimate the number of Freebsd computers.
To gauge a rough range size.


This may help: http://www.bsdstats.org/ :)


Number of subscribers to this question list.

Number of unique email address or ip address across all the Freebsd 
mailing lists.


Number of unique ip address hits to the cvsup & ftp servers since
Jan 2009.

Unique hits on the FreeBSD handbook since Jan 2009.


Why these numbers?



Trying to generate from other sources, numbers to compare to what is 
reported on bsdstats.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Is this information obtainable?

[Aiza]

I trying to estimate the number of Freebsd computers.
To gauge a rough range size.

Number of subscribers to this question list.

Number of unique email address or ip address across all the Freebsd 
mailing lists.


Number of unique ip address hits to the cvsup & ftp servers since Jan 2009.

Unique hits on the FreeBSD handbook since Jan 2009.



Is this information obtainable?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

command to rename a directory

[Aiza]

Is there a command to rename a directory in place.
Like mv does for a file name.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sh script writing help

[Aiza]

Anh Ky Huynh wrote:

On Sun, 30 May 2010 14:10:36 +0800
Aiza  wrote:


Dan Nelson wrote:

In the last episode (May 30), Aiza said:

In a .sh type script I have && exerr " very long message gt 250
char" all on the same line. This is a real pain to edit.

Is there some code a can use to continue this on the next line
so I can see it on the screen and still have the command
function? I tried \ with no luck.

\ should work just fine:

$ echo "long line \
split onto two"
long line split onto two
$



You example works only because the continuation starts at position
1.

$   [ -n "${test-name-fowarding}" -o -n "${test-noname}" ] || \
 exerr "\
"
this is for ease of reading the code but will display with a bunch
of spaces in the middle of the sentence. The \ works fine bypassing
all white space between code not so for white space between the "
".

Is there a coding method to get around this?


Do you try to read your expression from a file?
exerr `cat /path/to/data`

the contents of /path/to/data are your very long string.

Regards,



Thanks I never though of that solution.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sh script writing help

[Aiza]

Dan Nelson wrote:

In the last episode (May 30), Aiza said:
In a .sh type script I have && exerr " very long message gt 250 char" 
all on the same line. This is a real pain to edit.


Is there some code a can use to continue this on the next line so I can 
see it on the screen and still have the command function? I tried \ with 
no luck.


\ should work just fine:

$ echo "long line \
split onto two"
long line split onto two
$




You example works only because the continuation starts at position 1.

$   [ -n "${test-name-fowarding}" -o -n "${test-noname}" ] || \
exerr "\
   "
this is for ease of reading the code but will display with a bunch of 
spaces in the middle of the sentence. The \ works fine bypassing all 
white space between code not so for white space between the "  ".


Is there a coding method to get around this?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

sh script writing help

[Aiza]

In a .sh type script I have && exerr " very long message gt 250 char" 
all on the same line. This is a real pain to edit.


Is there some code a can use to continue this on the next line so I can 
see it on the screen and still have the command function? I tried \ with 
no luck.


thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

FreeBSD 8.1-BETA1 Available

[Aiza]

http://www.daemonforums.org/showthread.php?t=4797

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Apache web server being attacked

[Aiza]

Matthew Seaman wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 19/05/2010 04:55:26, Aiza wrote:

I take a totally different approach to this problem for my production
web sites. This is the result of people running scripts that roll
through a large block of ip address scanning each ip address for open
[STANDARD\] ports, and when they find port 80 open, they then attack the
web server. The simple solution is not to have your web server use the
standard port 80. Your web site is not know by it's ip address but by
it's url (ie; www.domain-name.com.). My domain name register has option
to associate my "www.domain-name.com" with any port number I want to use
at the specified ip address. This way my web site has total access by
anyone who knows it's URl, the URL is scanned by yahoo and google
indexing bot and becomes know to the public. Nobody knows or cares that
the web site is not using port 80. I then close inbound port 80 in my
firewall thus locking out all the script kiddies who run the port scan
on standard ports. This method has worked for me the last 10 years
without ever having my production web servers attacked. Sure some nay
sayers will counter by saying all the scanners have to do is scan all
the ports. Yah sure that can be done, but in 10 years it has never
occurred.


If the URL for your site is http://www.domain-name.com/ then any client
that attempts to access it will try to connect to port 80.  That's the
point of having well known ports.  Now, you can explicitly state a
different port in the URL:  http://www.domain-name.com:8080/ but this is
generally only useful amongst a closed group of users: the general
public will on the whole just get confused, so it's not often
encountered on general access websites.

Your domain registrar can't control anything to do with port numbers.
For some unknown reason this is a common misconception, particularly
among management types.  The DNS only associates hostnames with ip
numbers and vice versa[*].  Now, it may be the case that your server is
behind some sort of NAT/PAT gateway or HTTP reverse proxy, and that
locally you are running apache bound to some arbitrary port numbers.
Which is fine, but unless you are specifically telling people to use a
different port in your URLs, then the world at large is accessing your
site through port 80.  Which means that port scanners can certainly find
it and attempt to attack it.  Guess what?  Because the attacks are in
the form of valid HTTP queries, they'd go straight through any sort of
port address translation just like your normal traffic.

What I think you're actually doing is that all your web sites use name
based virtual hosts.  So a query to the IP number of your server gets
directed to a different bit of the apache config (and probably rejected)
compared to a query to a site by name.  That's actually a pretty good
design, and if you combine it with a reverse proxy which knows about
what hosts and URLs should be behind it, you can filter out a lot of bad
traffic very effectively before it gets anywhere near your real web server.

Cheers,

Matthew


Matthew
Nothing is worse than someone insinuating the original poster don't know 
what they are talking about. I find your remarks totally un-necessary. 
Your telling the poster they don't know what their doing when it's you 
who don't know what options are offered by their register. How can you 
say something is not available when you are not the one using or 
providing the register service. For you information port forwarding is 
common function when the domain name is specified to a dynamic ip 
address. Check out http://www.zoneedit.com/







___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Apache web server being attacked

[Aiza]

Matthew Seaman wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 18/05/2010 11:00:16, Aiza wrote:

I put apache13 in a jail and left inbound port 80 open in my firewall.
There is no domain name pointing to my web server. The content there is
a small apache web application that fools web
email address harvest programs into harvesting bogus email address from
web page.  http://www.monkeys.com/wpoison This is what I am doing.

Since setting this up I have not had any bots scan the site for email
address. But have had port 80 attacks that did not work. MY Apache
access and error logs follow.


[lots of logfile traces elided]

Yes.  Unfortunately this sort of thing is the norm on the web nowadays.
 It's all automated: first they program their botnets to scan for a web
server listening on port 80.  Then they use them to attempt to
compromise whatever they find -- in your case, most of what you're
seeing is an attempt to gather information on what PHP capabilities your
web server might have.

What they are doing is trying in turn a lot of the popular locations for
installing apps like phpmyadmin or phppgadmin.  Yes, they are doing this
in a particularly clueless fashion -- what exactly did you expect of the
sort of people that think creating botnets is a good idea?  They'll
probably grow out of it when they hit puberty.

In the mean time, as you don't have phpmyadmin or anything similar
installed, this is just an annoyance for you -- it clutters up your log
files but does nothing else.

If you did want to install phpmyadmin on that server, you should take
care to

  1) Keep it up to date -- there haven't been any PMA security
advisories for some months, but at one point they were coming out about
one a week.  PMA does have some very active developers though, and new
versions appear every month or two.

  2) Be sure to use access controls in your apache config to limit where
PMA can be accessed from.  Ideally, run it over HTTPS as well -- by its
nature, you will tend to send DB passwords etc. to this application, and
you want to avoid having them snooped.

  3) If you use the on-line phpmyadmin configurator, be sure to clean up
after yourself once you've generated a config file.  To use the on-line
configurator you have to create a directory
/usr/local/www/phpMyAdmin/config which you make read/write by the user
the webserver runs as.  Once you've created the config.inc.php in that
directory, you need to move it up one level in the directory heirarchy,
and then delete the config directory you created. (That's what your
attacker is so desperate to find -- because the directory is read-write
by the webserver process, they can use it to upload malware to your system.)

Cheers,

Matthew

- -- 


I take a totally different approach to this problem for my production 
web sites. This is the result of people running scripts that roll 
through a large block of ip address scanning each ip address for open 
[STANDARD\] ports, and when they find port 80 open, they then attack the 
web server. The simple solution is not to have your web server use the 
standard port 80. Your web site is not know by it's ip address but by 
it's url (ie; www.domain-name.com.). My domain name register has option 
to associate my "www.domain-name.com" with any port number I want to use 
at the specified ip address. This way my web site has total access by 
anyone who knows it's URl, the URL is scanned by yahoo and google 
indexing bot and becomes know to the public. Nobody knows or cares that 
the web site is not using port 80. I then close inbound port 80 in my 
firewall thus locking out all the script kiddies who run the port scan 
on standard ports. This method has worked for me the last 10 years 
without ever having my production web servers attacked. Sure some nay 
sayers will counter by saying all the scanners have to do is scan all 
the ports. Yah sure that can be done, but in 10 years it has never 
occurred.





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Apache web server being attacked

[Aiza]

Michael Powell wrote:

Aiza wrote:


I put apache13 in a jail and left inbound port 80 open in my firewall.
There is no domain name pointing to my web server. The content there is
a small apache web application that fools web
email address harvest programs into harvesting bogus email address from
web page.  http://www.monkeys.com/wpoison This is what I am doing.

Since setting this up I have not had any bots scan the site for email
address. But have had port 80 attacks that did not work. MY Apache
access and error logs follow.

[snip log content] 

As you can see looks like a script kiddy is running something they dont
understand. "/usr/local/www/data//phpmyadmin2/config.inc.php"
there should only be a single / between data/phpmyadmin2.

But beside that looks like php config.inc.php file is a target and
phpmyadmin also is a target. The apache return code 404 means not found
so no effect to me.

Has anyone seen this junk hitting their apache web servers or have any
different explanation of what this means?


Sorry to tell you this, but this kind of thing goes on all the time. You can 
fine tune mod_security for some control for SQL injection techniques, as 
well as many other generic forms of locking down the web server in general. 

Generally speaking, the bulk of this does nothing more than filling the logs 
- BUT - all it takes is for one app to let the attacker "leak" onto your 
hard drive and they're in. I see a lot of scans for roundcube and 
phpMyAdmin. Have also seen a lot of phpBB in the past. 

The attackers spew lots of requests but the needle in the haystack they are 
looking for is that one app that has a known vulnerability. In addition to 
securing the web server itself you should monitor any app running on it for 
reported security flaws and keep them updated to the latest "safe" versions.


You can also add to the hardening of your web server (if Apache) with 
various .htaccess + mod_rewrite tricks. Examples include:


# block all smarty templates (no reason to have these exposed)
RedirectMatch gone ^/.*\.tpl$

# block all .log (log files), .sql (sql dump/export) and .conf (config 
files) files in case some day these files move to another directory

RedirectMatch gone ^.*\.(sql|log|conf)$

# block access to the 'Smarty-*' directory
RedirectMatch gone ^.*Smarty.*$

# block common files present that you don't want served
RedirectMatch gone CHANGELOG.*
RedirectMatch gone COPYRIGHT.*
RedirectMatch gone INSTALL.*
RedirectMatch gone NEW.*
RedirectMatch gone README.*
RedirectMatch gone UPGRADE.*
RedirectMatch gone VERSION.*

# block access to directories
Redirect gone /upgrade
Redirect gone /tmp
Redirect gone /var
Redirect gone /sql

#Redirect pesky stuff based on referrer
Options -MultiViews -Indexes

RewriteEngine On
RewriteBase /

 RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} ^Toata [NC]
 RewriteRule .* - [F,L]

There is much and many more, just a couple of examples for ideas. :-)

-Mike

Where do I find documentation on how to enable and use apache mods 
rewrite and redirect?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Apache web server being attacked

[Aiza]

I put apache13 in a jail and left inbound port 80 open in my firewall. 
There is no domain name pointing to my web server. The content there is 
a small apache web application that fools web
email address harvest programs into harvesting bogus email address from 
web page.  http://www.monkeys.com/wpoison This is what I am doing.


Since setting this up I have not had any bots scan the site for email 
address. But have had port 80 attacks that did not work. MY Apache 
access and error logs follow.




access log
i97-173.shosting.systech.hu - - [06/May/2010:12:28:34 +0800] "GET 
//phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-"
i97-173.shosting.systech.hu - - [06/May/2010:12:28:35 +0800] "GET 
//phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-"
i97-173.shosting.systech.hu - - [06/May/2010:12:28:36 +0800] "GET 
//PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-"
i97-173.shosting.systech.hu - - [06/May/2010:12:28:36 +0800] "GET 
//pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-"


53.163.158.61.ha.cnc - - [10/May/2010:16:05:42 +0800] "GET 
http://www.baidu.com/ HTTP/1.1" 404 206 "-"


60.190.59.240 - - [11/May/2010:03:50:54 +0800] "GET 
http://www.sina.com.cn/ HTTP/1.1" 404 206 "-"


91.212.127.100 - - [13/May/2010:10:09:08 +0800] "GET 
http://allrequestsallowed.com/?PHPSESSID=5gh6ncjh00043SRQHP__FEG%5CUFT 
HTTP/1.1" 404 206 "-"


scanner-4.hacktory.cs.columbia.edu - - [15/May/2010:14:10:28 +0800] "GET 
/ HTTP/1.1" 404 206 "-" "-"


118.100.82.70 - - [15/May/2010:15:07:58 +0800] 
"|\xab\x1a\x06\xf5\xdd\x8a|\xfd\xde\xf9V\xf7\xf5\xaf\xe1\x8f\x0eF\xef\x18\xc8" 
501 - "-" "-"


110.rmaxonline.com - - [16/May/2010:11:07:21 +0800] "GET 
//phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-"
110.rmaxonline.com - - [16/May/2010:11:07:21 +0800] "GET 
//phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-"
110.rmaxonline.com - - [16/May/2010:11:07:22 +0800] "GET 
//PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-"
110.rmaxonline.com - - [16/May/2010:11:07:22 +0800] "GET 
//pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-"
110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET 
//phpmyadmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 233 "-"
110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET 
//phpMyAdmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 233 "-"
110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET 
//mysqladmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-"
110.rmaxonline.com - - [16/May/2010:11:07:24 +0800] "GET 
//myadmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-"
110.rmaxonline.com - - [16/May/2010:11:07:24 +0800] "GET 
//MyAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-"
110.rmaxonline.com - - [16/May/2010:11:07:25 +0800] "GET 
//myAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-"
110.rmaxonline.com - - [16/May/2010:11:07:25 +0800] "GET 
//phpAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 230 "-"
110.rmaxonline.com - - [16/May/2010:11:07:26 +0800] "GET 
//mysql/config.inc.php?p=phpinfo(); HTTP/1.1" 404 227 "-"
110.rmaxonline.com - - [16/May/2010:11:07:26 +0800] "GET 
//phpAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 230 "-"


net151.255.92-61.perm.ertelecom.ru - - [16/May/2010:13:43:05 +0800] "GET 
http://icqnums.freehostia.com/azenv.php HTTP/1.1" 404 215 "-" "


211.100.28.240 - - [17/May/2010:08:38:45 +0800] "GET 
/w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 335 "-" "-"


sd-17275.dedibox.fr - - [17/May/2010:11:27:02 +0800] "GET 
/roundcubemail/README HTTP/1.1" 404 226 "-" "Morfeus strikes again."
sd-17275.dedibox.fr - - [17/May/2010:11:27:03 +0800] "GET /rc/README 
HTTP/1.1" 404 215 "-" "Morfeus strikes again."
sd-17275.dedibox.fr - - [17/May/2010:11:27:04 +0800] "GET 
/webmail/README HTTP/1.1" 404 220 "-" "Morfeus strikes again."
sd-17275.dedibox.fr - - [17/May/2010:11:27:05 +0800] "GET 
/roundcube/README HTTP/1.1" 404 222 "-" "Morfeus strikes again."
sd-17275.dedibox.fr - - [17/May/2010:11:27:05 +0800] "GET /mail/README 
HTTP/1.1" 404 217 "-" "Morfeus strikes again."
sd-17275.dedibox.fr - - [17/May/2010:11:27:06 +0800] "GET /README 
HTTP/1.1" 404 212 "-" "Morfeus strikes again."


net151.255.92-61.perm.ertelecom.ru - - [17/May/2010:17:52:03 +0800] "GET 
http://icqnums.freehostia.com/azenv.php HTTP/1.1" 404 215 "-"


ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - 
[18/May/2010:06:35:22 +0800] "GET 
//phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-"
ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - 
[18/May/2010:06:35:23 +0800] "GET 
//pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-"
ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - 
[18/May/2010:06:35:23 +0800] "GET 
//admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 234 "-"
ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - 
[18/May/2010:06:35:24 +0800] "GET 
//dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 236 "-"
ec2-79-125-7-31.eu-west-1.compute.a

Re: freeBSD 8.0

[Aiza]

Chohwora wrote:

Hello,

I am trying to download freeBSD version 8.0 I would like to find out, for a 
complete installation of a freeBSD 8.0. how many disks does it contain? I mean 
does it have disk1, disk2, etc?

After downloading in ISO image, how do I burn it on a Cd so that it can be 
installed as a bootable cd?

Hoping to hear from you.

God bless.



  
___

freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"



All your questions are answered in the handbook.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FWIW, a datapoint.

[Aiza]

Gary Kline wrote:

Hopefully no one will face this, but the only way around getting
past pcbsd seems to be via an over-the-wire upgrade.  The
8.0-bootonly.iso for the i386 failed to boot.  About two hours
ago tho i was able to csup ports from its 07jan to 10may status. 
Next I will pull over the stable-cvsup stuff and see if I can
fire off a build.   hope this works.  the kybd is hard to use.  
[etc.]


gary


Last week I downloaded the PCBSD boot only cd and then did an over the 
network install. The first try the PCBSD server timed-out my install. On 
second try the over the network install worked. I had previously 
downloaded the PCBSD DVD .iso, but no matter what I tried I could not 
get it to burn to DVD correctly.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: BSDstats website displaying data incorrectly

[Aiza]

Bobby Walker wrote:



On Thu, 6 May 2010, Fbsd1 wrote:

Why does this page show PCBSD has count of 387
http://www.bsdstats.org/bt/home.html?os=
And this page shows PCBSD has count of 1307
http://www.bsdstats.org/bt/home.html?os=PC-BSD
Why is this? I would think both should show the same value, or you
better add explanation to the web page why the count is different.


This was a database setup problem, and I've updated the code to pull out of the 
proper database.   if anyone notices any other discrepancies please let me know.

Thanks,
Bobby___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"



Why does
http://www.bsdstats.org/
and
http://bsdstats.hub.org/bt/home.html?os=FreeBSD
still show different counts if you fixed this problem?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sata hdd issues, timeouts'n'failures

[Aiza]

Bogdan Webb wrote:

Hi .. i'll be straight to the point, yesterday morning i've experienced some
issues with my FreeBSD 7.2 p7  regarding HDD partition error messages.
It all started a week ago when out of the bloom a few phpBB3 database tables
got corupted and upon reading the messages in /var/log i've saw:
May  3 09:34:36 pgn kernel: ad10: WARNING - WRITE_DMA UDMA ICRC error
(retrying request) LBA=143694719
May  3 09:34:40 pgn kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry
left) LBA=234746399
May  3 09:35:20 pgn kernel: ad10: WARNING - WRITE_DMA UDMA ICRC error
(retrying request) LBA=17996279
May  3 09:35:27 pgn kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry
left) LBA=140791775
May  3 09:35:32 pgn kernel: ad10: TIMEOUT - WRITE_DMA retrying (1 retry
left) LBA=14029855

a whole bunch of those about 1 minute apart.

May  3 09:47:09 pgn kernel: swap_pager: indefinite wait buffer: bufobj: 0,
blkno: 5, size: 32768
[]
May  3 09:48:46 pgn kernel: ad10: FAILURE - WRITE_DMA timed out LBA=14741375
May  3 09:48:46 pgn kernel:
May  3 09:48:46 pgn kernel: g_vfs_done():ad10s1d[WRITE(offset=2715713536,
length=16384)]error = 5
[.]

until the sistem became very slow and hard to use i've rebooted a few times,
tryed to boot into single user mode and fun fsck but the issues still
occur..
Now the GEOM_LABEL renames the ufsids timeouts still occur, and today ended
up with
May  4 15:26:24 pgn kernel: fsync: giving up on dirty
May  4 15:26:24 pgn kernel: 0xff000395a7e0: tag devfs, type VCHR
May  4 15:26:24 pgn kernel: usecount 1, writecount 0, refcount 934
mountedhere 0xff0003879c00
May  4 15:26:24 pgn kernel: flags ()
May  4 15:26:24 pgn kernel: v_object 0xff0003923e58 ref 0 pages 3725
May  4 15:26:24 pgn kernel: lock type devfs: EXCL (count 1) by thread
0xff00117e6370 (pid 1181)
May  4 15:26:24 pgn kernel: dev ad10s1f
May  4 15:26:40 pgn fsck: /dev/ad10s1f: CANNOT CREATE SNAPSHOT
/usr/.snap/fsck_snapshot: Resource temporarily unavailable
May  4 15:26:40 pgn fsck:
May  4 15:26:40 pgn fsck: /dev/ad10s1f: UNEXPECTED INCONSISTENCY; RUN fsck
MANUALLY.


please advise it's pretty serious, i googled around but sincerly it's such a
big issue that it can't wait :( thanks!

p.s. whole /var/log/messages: http://pastebin.com/KcF3ziYu
sistem info (df -h, uname, fstab, etc.): http://pastebin.com/dK8UKfhT
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"





Replace the drive and restore from your back up dumps.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Wpoison?????

[Aiza]

Looking for comments on this small apache web application that fools web 
harvest programs into harvesting bogus email address from web page.

http://www.monkeys.com/wpoison

Anybody try this?
Is this a self-inflicted Trojan?
Since I don't have web server was thinking of creating jail for apache 
that only runs this wpoision perl script?
My firewall been blocking inbound port 80 and gets hit 100's of times a 
day. Just script kiddies rolling through a block of ip address hunting.

Play with them a little bit in return.

Comments please?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: no more possible to use any usb storage device/usb flash drive, when pluged or unpluged

[Aiza]

harvey dent wrote:

Hi everybody

I try to make a "functional" custom kernel for a i386 machine.
Here the uname -a:
*FreeBSD k 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan  5 16:02:27 UTC
2010 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
i386*

I maked, and I installed a new kernel.
But, there are several problems with it.
Under GNOME, any usb hard drive or usb flash drive are no more mounted
automaticaly, causing errors, unlike GENERIC kernel. So I have to use *mount
*command.
Further, when I connect up and disconnect any usb drive, or use
*umount *command,
it is no more possible to use any usb storage device/usb mass storage (usb
keyboard and usb mouse still work well).
The kernel doesn't detect any more any usb storage plugged or unplugged
(dmesg|tail doesn't return anything when I plug and unplug usb storage/flash
device).
So, I have to reboot for use again an usb storage/flash device.
But, the problem still here. So I have to reboot again and again when I use
*umount *command, plug, unplug usb storage device ...

here the kernel configuration file:

*#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
#
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server
(http://www.FreeBSD.org/)
for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.4.2.2 2009/11/09 23:48:01
kensmith Exp $

cpuI686_CPU
# CPU control pseudo-device. Provides access to MSRs, CPUID info and
# microcode update feature.
#
#devicecpuctl


identFREEBSD4

# Optional:
options MPTABLE_FORCE_HTT# Enable HTT CPUs with the MP Table
options IPI_PREEMPTION
options PERFMON
# The system memory devices; /dev/mem, /dev/kmem
#devicemem

# The kernel symbol table device; /dev/ksyms
deviceksyms



# To statically compile in device wiring instead of /boot/device.hints
#hints"GENERIC.hints"# Default places to look for devices.

# Use the following to compile in values accessible to the kernel
# through getenv() (or kenv(1) in userland). The format of the file
# is 'variable=value', see kenv(1)
#
# env"GENERIC.env"

makeoptionsDEBUG=-g# Build kernel with gdb(1) debug symbols

options SCHED_ULE# ULE scheduler
options PREEMPTION# Enable kernel thread preemption
options INET# InterNETworking
options INET6# IPv6 communications protocols
options SCTP# Stream Control Transmission Protocol
options FFS# Berkeley Fast Filesystem
options SOFTUPDATES# Enable FFS soft updates support
options UFS_ACL# Support for access control lists
options UFS_DIRHASH# Improve performance on big directories
options UFS_GJOURNAL# Enable gjournal-based UFS journaling
options MD_ROOT# MD is a potential root device
options NFSCLIENT# Network Filesystem Client
options NFSSERVER# Network Filesystem Server
options NFSLOCKD# Network Lock Manager
options NFS_ROOT# NFS usable as /, requires NFSCLIENT
options PROCFS# Process filesystem (requires PSEUDOFS)
options PSEUDOFS# Pseudo-filesystem framework
options GEOM_PART_GPT# GUID Partition Tables.
options GEOM_LABEL# Provides labelization
options COMPAT_43TTY# BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD4# Compatible with FreeBSD4

# Enable i386 a.out binary support
options COMPAT_AOUT


options COMPAT_FREEBSD5# Compatible with FreeBSD5
options COMPAT_FREEBSD6# Compatible with FreeBSD6
options COMPAT_FREEBSD7# Compatible with FreeBSD7
options SCSI_DELAY=5000# Delay (in ms) before probing SCSI
options KTRACE# ktrace(1) support
options STACK# stack(9) support
options SYSVSHM# SYSV-style shared memory
options SYSVMSG# SYSV-style message queues
options SYSVSEM# SYSV-style semaphores
options P1003_1B_SEMAPHORES# POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time
extensio

bsdstats error

[Aiza]

Some thing wrong with the bsdstats process. I am a retired American who 
is now living in the Philippines. All during RELEASE 7.0, 7.1, 7.2, and 
now 8.0 I have been running the bsdstats port on my single system. Some 
times I reboot the system a few times a week which fire off the bsdstat 
reports as well as running over the change of month which also fires off 
the bsdstat report. Yesterday I checked the http://bsdstats.org website 
by country and to my great surprise there are no Freebsd systems in the 
Philippines. Also the previous months reports are no longer shown on the 
website and the port stats don't show at all. This is not the results 
talked about on this list when the bsdstats project was trying to get 
Freebsd participation 3 years ago. Maybe the bsdstats website has been 
un-supported, un-updated for over 2 years now and nobody noticed until I 
 showed up in a country with out any Freebsd counts, but knowing I was 
reports regularly.


What good is participation if there are no real-time results.
Guess it's time to remove bsdstats from my system.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

bsdstats & country

[Aiza]

How does bsdstats know what country the PC posting its info is from?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Re : Display country selected during sysinstall

[Aiza]

De: Aiza 
Subject: Display country selected during sysinstall
"FreeBSD Questions" 
Date: Jeudi 22 avril 2010, 10h11
How do I display or change the
country selected at start of sysinstall?
___

>Alexandre L. wrote:
> I think this is what your are searching for 
>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-sysinstall.html

> Go to 'KEYMAP' and change it.
>
> If your system is already installed, you can edit /etc/rc.conf and 
see > what keymap is configured.

>
> --- En date de : Jeu 22.4.10, Aiza  a écrit :
>

The handbook is very out of date with the new sysinstall now part of 
8.0. I have no keymap in my rc.conf. The new 8.0 sysinstall shows a 
country selection menu even before the main sysinstall menu is shown.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Display country selected during sysinstall

[Aiza]

How do I display or change the country selected at start of sysinstall?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

porteasy usage

[Aiza]

Trying to use porteasy.
porteasy -u  keeps saying "No CVS root".
What does that mean?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: [SPURIOUS] Delivery Status Notification(Failure) (fwd)

[Aiza]

Matthew Seaman wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 20/04/2010 08:08:40, per...@pluto.rain.com wrote:

Ian Smith  wrote:


Has anyone (everyone?) else been receiving these DSNs a week or so
after having posted to freebsd-questions@ ?  Since around early
April?

I've had four such in the last three days ...

If it's 'just me' I can block their source, but if more widespread
I'll ask our esteemed postmaster (cc'd) to try hunting the errant
recipient.

cheers, Ian

-- Forwarded message --



Your message:
To: twelc...@mobileemail.vodafonesa.co.za
Subject: Re: reliable rs-232
Sent Date: 25:05 +
has not been delivered to the recipient's BlackBerry Handheld.

Now that you mention it, yes.  A posting to "freebsd-questions@"
about 01:00 (US Pacific) on Apr 06 did not get one of those, but
one about 01:10 on Apr 08 and three (one about 01:00, two about
19:10) on Apr 09 did.  The first notice turned up at 20:16 Apr 16,
and the other three between 20:13 and 20:15 on Apr 17.  All four
specify the same recipient address as yours.


I've seen exactly one bounco like this -- but only after grepping
through lots of mail logs and my junk folder.  One bounce is bad enough
if it goes back to the whole list -- but that could be excused as a
momentary aberration.  Any more than that is grounds for reporting the
message to postmas...@freebsd.org and having the sender blacklisted:
anyone that configures a mail server to send error notifications to an
entire mailing list needs a) to spend some quality time studying the
SMTP RFCs and b) to step away from the keyboard /now/ as they are
clearly not competent to run a mail server on the Internet.

Thoroughly recommend using relaydb(1) to teach your mail system where
you've received spam from in the past and make sure it doesn't happen
again.  I've a cron job that processes the contents of my Junk
mailfolder through relaydb on a daily basis.

Cheers,

Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard

  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW

 I also have been getting Delivery Status Notification(Failure)

about recipient's BlackBerry Handheld. But following that I also get

mail from the questions postmaster saying my emaill is spaming junk mail

and it has a zip file attached.

The email headers only have single hop to me. Looks like forged email.

Sender hoping i will unzip the file so it can install a Trojan. I just 
delete it.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Ping from jail not permitted error

[Aiza]

kurt seel wrote:

Aiza wrote:

My jail has public internet access because i can do pkg_add -r
unix2dos and the package does install. But when I enter ping -c 2
freebsd.org I get message "ping: socket: Operation not permitted" 
There is no firewall running in the jail.


Any ideas would be helpful.

Thanks


 ICMP is disallowed by defaut for jails, see the sysctl :
security.jail.allow_raw_sockets
 There are good reasons for this default, so if you test remember to set it
back when you are done.
 Also, on a point of style, jails in their current form (see VIMAGE)
do not get a network stack of their own so they don't have a firewall but
share the hosts' network and firewall, etc.



I don't have man vimage. Is this part of Freebsd?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Ping from jail not permitted error

[Aiza]

My jail has public internet access because i can do pkg_add -r unix2dos 
and the package does install. But when I enter ping -c 2 freebsd.org I 
get message "ping: socket: Operation not permitted"  There is no 
firewall running in the jail.


Any ideas would be helpful.

Thanks
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

perl links

[Aiza]

When installing perl i see 2 links between /usr/local/bin and /usr/bin. 
Is this still required or is it something left over from when perl was 
part of the base system?


symlinking /usr/local/bin/perl5.8.9 and /usr/bin/perl
symlinking /usr/local/bin/perl5.8.9 and /usr/bin/perl5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD 8 New USB Stack Issues

[Aiza]

Marcel Grandemange wrote:

Good Day.

I am really hopeing someone can assist me here.

I have a E620 Huawei PCMCIA 3G card in a PCMCIA-TO-PCI Converter in a
Freebsd server for a sms server i run.

Now it used to run without issues, however since the change over from 7.2 to
8.0REL it no longer works and there are no entries under /dev/cuaux and so
forth.

Regards
Marcel Grandemange




From the 8.0 release notes is the following
http://www.freebsd.org/releases/8.0R/relnotes-detailed.html

[amd64, i386] The uart(4) is now the default driver for serial port 
devices in

favor of the sio(4) driver. Note that the device nodes have been renamed
with /dev/cuauN and /dev/ttyuN.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: bizarre mount_nullfs issue with jails / ezjail

[Aiza]

Dan Naumov wrote:

An additional question: how come "sade" and "sysinstall" which are run
inside the jail can see (and I can only assume they can also operate
on and damage) the real underlying disks of the host?


Disks (as well as others you have in your host's /dev) aren't visible
inside jails.


Well, somehow they are on my system.

I guess I should've also clarified that the jail was installed using
ezjail and not completely manually


From /usr/local/etc/ezjail/semipublic


export jail_semipublic_devfs_enable="YES"
export jail_semipublic_devfs_ruleset="devfsrules_jail"

- Sincerely,
Dan Naumov


You are not in a jail but as the host. Use ezjail-admin console jailname 
and things will look alot different. What you are playing with are 
ezjails system control files.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Finding port dependants

[Aiza]

The ports make file tree is so very large now a days (21491 ports). 
Doing portsnap to download the complete ports system just to install 3 
ports is massive over kill. I have been doing package installs because 
the resources consumed in disk space (inodes used) and no compile time 
is such a time saver. But there are times when ports have no package or 
the package is not up to date. What I am looking for is a method to find 
the dependents and their dependents of the selected port. Then search 
the package system to determine which have no packages. Install all the 
packages and cvs only the make files for the ports lacking packages. I 
have script to fetch only the make files for the selected port.


So question is, does the ports index which I can download by it's self 
using portsnap contain the info to find all the dependents of a port?


Is there some software I can use to do this?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Custom Kernel to Memory Stick

[Aiza]

Jay Hall wrote:

Ladies and Gentlemen,

I have been asked to explore the possibility of booting FreeBSD from a 
memory stick.  This was not a problem; worked great when installed from 
the distribution CD.


What would be the best way to get our custom configuration onto the 
memory stick?




This is the procedure you want to follow.

http://forums.freebsd.org/showthread.php?t=11680


And for greater detail

http://forums.freebsd.org/showthread.php?t=11715
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

delete directory

[Aiza]

This directory named empty has read/exec permissions.
How do I delete it?

# /usr/jails/newjail/var >ls -l
total 2
dr-xr-xr-x  2 root  wheel  512 Nov 21 22:53 empty
# /usr/jails/newjail/var >cd empty
# /usr/jails/newjail/var/empty >ls -l
total 0
# /usr/jails/newjail/var/empty >cd ..
# /usr/jails/newjail/var >rmdir empty
rmdir: empty: Operation not permitted
# /usr/jails/newjail/var >rm -rf empty
rm: empty: Operation not permitted
# /usr/jails/newjail/var >chmod 777 empty
chmod: empty: Operation not permitted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ezjail

[Aiza]

Aiza wrote:

Ruben de Groot wrote:

On Mon, Mar 22, 2010 at 11:23:54AM +0100, Dh?nin Jean-Jacques typed:


on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to
10.0.20.30 the ftp jail gives me no connection error.



add

sysctl security.jail.allow_raw_sockets=1
or in /etc/sysctl.conf
on the host (not in in the jail)


This will enable him to ping another host from within the jail. I 
won't do anything for ftp.


OP: what exact error do you get? And does ftp work *within* the jail
(ftp localhost)?


with sysctl security.jail.allow_raw_sockets=1  done on the host. From 
within the jail did ping -c 2 10.0.10.6 which is a pc on the lan gives 
me socket: Operation not permitted mesg.


And ftp from 10.0.10.6 to 10.0.20.30 the ftp jail gives me no connection 
error.


Just how am i to determine if ftp work *within* the jail ftp localhost?



For the archives. This is the results from the original poster.
My original goal was to test jails on the gateway for access only from 
the lan users. To wanted a jailed ftp service for LAN users to upload 
and download stuff between them selfs. I already have a working lan 
users ftp setup on the gateway server so this jail setup is not really 
needed. So it's not a problem of knowing how to setup ftp. My main 
vehicle of jail management was ezjail. Did not play with the native jail 
command. The final outcome is I could not get jails to communicate over 
the private LAN. Seeing as jails design uses public ip address, it's 
little wonder it wont work with private LAN ip address. In time jails 
and ezjail will mature and maybe evolve into working with jails with 
private ip address. But for now jails don't serve my purposes.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ezjail

[Aiza]

Ruben de Groot wrote:

On Mon, Mar 22, 2010 at 11:23:54AM +0100, Dh?nin Jean-Jacques typed:


on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to
10.0.20.30 the ftp jail gives me no connection error.



add

sysctl security.jail.allow_raw_sockets=1
or in /etc/sysctl.conf
on the host (not in in the jail)


This will enable him to ping another host from within the jail. I won't 
do anything for ftp.


OP: what exact error do you get? And does ftp work *within* the jail
(ftp localhost)?


with sysctl security.jail.allow_raw_sockets=1  done on the host. From 
within the jail did ping -c 2 10.0.10.6 which is a pc on the lan gives 
me socket: Operation not permitted mesg.


And ftp from 10.0.10.6 to 10.0.20.30 the ftp jail gives me no connection 
error.


Just how am i to determine if ftp work *within* the jail ftp localhost?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ezjail

[Aiza]

Mark Shroyer wrote:

On 3/21/2010 8:21 PM, Aiza wrote:

Does the ip address notation for the jail include the port number?
Like 10.0.20.2:80 Nat port forwarding is the long way around just to get
the correct port number to the jail ip address.


Nope, jails are assigned one (or more) specific IP addresses, but not
specific port numbers.  So if you don't have a separate public IP for
your jail, you'll be relying on some sort of packet filter to redirect
traffic to its private IP address.

This isn't as big a deal as it may sound, especially if you're already
using PF, which has built-in packet redirection capabilities that do not
require you to run a separate NAT daemon.




My host 8.0 system is the gateway to the public internet.
I have ipfilter running blocking all inbound request for service.
I only allow out bound request from the LAN behind the gateway and use 
keep state to allow the packet conversation to continue. All this has 
worked fine for years across many releases of Freebsd.


Now comes playing with jails. I created 3 jails, www, ftp, telnet and 
used ip address of 10.0.20.20, 10.0.20.30, 10.0.20.40. The goal is to 
target those jails from other PC on the private LAN who are using ip 
address in the 10.0.10.2 through 10.0.10.8 range.


I used ezjail-admin onestart and all the jails start. Then did 
ezjail-admin console ftp.local.com and got logged into that jail. Edited 
/etc/inetd.conf and uncommented the ftp line. Edited /etc/rc.conf adding 
inetd_enable="YES" exited the ftp jail. Did ezjail-admin onestop 
followed by ezjail-admin onestart to cycle the ftp jail to activate the 
ftp function. ezjail-admin console ftp.local.com to get logged into that 
jail again. From within the jail did ping -c 2 10.0.10.6 which is a pc 
on the lan gives me no sockets mesg. And ftp from 10.0.10.6 to 
10.0.20.30 the ftp jail gives me no connection error.


What is the problem here?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ezjail

[Aiza]

I found the man ezjail-admin has this format
ezjail-admin install -h file://   Where -h file:// means get the
binaries from the host system the jails are running on.  Am I correct?


Yes, according to the man page.  I haven't tried it yet myself, since I
set up my basejail before this option was available.




Well I tried it. The man page does not explain it clearly. What the -h
really means is the -h file:// is the location for the release-8.0/base/ 
files.
These files are not part of the base release directory tree that are 
part of the running system. They are only on the .iso install image such 
as the disc1.iso.


I mounted the Release 8.0 disc1 install cd and changed into directory
cd /cdrom/8.0-RELEASE
and issued
ezjail-admin install -h file://
it ran creating 3 jails, /usr/jails/basejail, /usr/jails/newjail, 
/usr/jails/flavours.


This is not the same as copying the binaries from the host system.
Next step is to ID directory names in the basejail and recreate basejail 
using the cpdup command to copy the host binaries. I see 2 questionable 
directories in the basejail, boot and rescue. Can I remove them from the 
basejail?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ezjail

[Aiza]

Mark Shroyer wrote:

On 3/21/2010 1:10 AM, Aiza wrote:

I don't have sources installed on my system. Just use the binary
Freebsd-update function. At new releases I do a clean install.
I only have a single public IP address.

Now I would like to play with jails. One for postfix, apache, and ftp.
My reading of EZJAIL and the jails section of the handbook lead me to
believe I need a unique IP address for each jail. Is that correct?


Yes.  But if you have only one public IP address, you can give the jail
a loopback interface with an address in 127.0.0/24 or one of the RFC
1918 private blocks (there's some debate as to which is the more
"correct" type of address to use, but either will work), then use NAT if
you need your jail to be able to access the Internet.

If it helps you to reason about this, keep in mind that your jail does
*not* have its own virtualized network stack, like with Solaris Zones
for instance.  The best way to think about your jails is as a group of
processes running on the same operating system as the host, just with
the restriction that (among other things) they can only communicate with
the outside world using a limited subset of the IP addresses available
to non-jailed processes.


Does the ip address notation for the jail include the port number?
Like 10.0.20.2:80 Nat port forwarding is the long way around just to get 
the correct port number to the jail ip address.




I have no need to build world or install world because it does this from
/usr/src which i don't install. Is there some EZJAIL option to just copy
over the running system binaries instead of the sources?


Until recently, the method for creating ezjail's "basejail" was to issue
the "ezjail-admin update" command, which compiles the basejail from
/usr/src.  Just recently an "ezjail-admin install" command was added,
which downloads binaries from a FreeBSD FTP server instead.  So you
shouldn't need sources to get started, however I'm not sure what the
update mechanism is if you use the install command.



I found the man ezjail-admin has this format
ezjail-admin install -h file://   Where -h file:// means get the 
binaries from the host system the jails are running on.  Am I correct?




The handbook "15.4 Creating and Controlling Jails" talks about
“complete” jails, which resemble a real FreeBSD system, and “service”
jails, dedicated to one application or service. Section 15.4 is the
procedure for building a "complete jail" using the jail command.

The 15.6 Application of Jails (service jails) talks about creating a
root skeleton containing the host running files which are shared with
all the guest jails in read only mode. This eliminates the massive
duplication of running system files in each jail as in the complete jail
system talked about in handbook section "15.4 Creating and Controlling
Jails".

Now reading the ezjail man pages I see that ezjail also creates a base
template that is shared between all jails. Is this the same method
talked about in the handbook section 15.6 Application of Jails (service
jail)?


It's essentially the same approach.  (With ezjail you'll still be
duplicating binaries between the host system and the basejail, but I
wouldn't loose sleep over it.)



My understanding of handbook section 15.6 Application of Jails
(service jails)is a copy of the host binaries is populated into the 
basejail and all the other jails have read only access to it. Each guest 
jail also has a read/write space for installing ports/packages unique to 
that jail including /var /usr /etc.  Am I correct? Is this how ezjail is 
configured now?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

ezjail

[Aiza]

I don't have sources installed on my system. Just use the binary 
Freebsd-update function. At new releases I do a clean install.

I only have a single public IP address.

Now I would like to play with jails. One for postfix, apache, and ftp.
My reading of EZJAIL and the jails section of the handbook lead me to 
believe I need a unique IP address for each jail. Is that correct?


I have no need to build world or install world because it does this from 
/usr/src which i don't install. Is there some EZJAIL option to just copy 
over the running system binaries instead of the sources?


The handbook "15.4 Creating and Controlling Jails" talks about 
“complete” jails, which resemble a real FreeBSD system, and “service” 
jails, dedicated to one application or service. Section 15.4 is the 
procedure for building a "complete jail" using the jail command.


The 15.6 Application of Jails (service jails) talks about creating a 
root skeleton containing the host running files which are shared with 
all the guest jails in read only mode. This eliminates the massive 
duplication of running system files in each jail as in the complete jail 
system talked about in handbook section "15.4 Creating and Controlling 
Jails".



Now reading the ezjail man pages I see that ezjail also creates a base 
template that is shared between all jails. Is this the same method 
talked about in the handbook section 15.6 Application of Jails (service 
jail)?








___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

GBDE and fixit.iso

[Aiza]

Does the fixit.iso file include the GBDE application?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"