Re: ZFS RAIDZ Controller Disk Order
On 29/12/2010 11:08 PM, Charlie Mason wrote: Hi All, I have an old "server" which has FreeBSD on it. It has a cheap PCI raid controller in it, with the disks just set to pass through to the OS. Then the OS had a RAIDZ configured array form the 6 x 250gig disks passed through from the raid controller. I decided to upgrade to an array of 4 2TB disks running on new hardware (using the same server case). The disks were in a separate chassis to the motherboard, its quite complicated! So I copied the data off the old array via NFS to a separate 2TB disk. Then built the new array. Unfortunately I have realised I forgot to copy my old photos off the old array. I would really like to recover the old photos although, I suppose its not the end of the world if they are lost. As a fail safe I had left the old array disks as they were so, that I can just plug them back in if anything went wrong. Or so I thought! On plugging them back in zpool is complaining that they are all corrupt, except the first 2. It seems fairly unlikely I have got that unlucky. So I was wondering, does the order they were in the controller matter. They are all being presented in the same range of addresses da0 through da5 but they are probably connected up to different ports, so da0 is now da2 and so on. Can anyone think of a way to get them back in the correct order if it does matter, other than trial and error. Can I find out what number each one was in the pool from the disk somehow? Thanks, Charlie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" Is it perhaps possible to disconnect the disks again, boot the system, and remove the ZFS pool cache (which location escapes me for the moment). Then you should be able to import the pool again using the -f switch (force). I think if you are using the cache, the order matters. If you're importing a fresh pool, the system simply needs to find enough member disks. I'm not a ZFS expert though... Dave. -- David Rawling Principal Consultant PD Consulting And Security 20 Goodin Road Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8.1 - boot failures (upgrades and clean installs) - root FS corrupt?
On 18/09/2010 6:19 PM, I wrote: Any suggestions on debugging what's going on? I'd really like to be able to get current. Dave. Hmm. Further diagnosis is even more interesting. The output from the installation (console 2 - Alt-F2) shows segmentation faults and core dumps for mv, rm and ln commands - and the list gets longer if I try to do anything on the emergency shell (Alt-F4). Adding a user doesn't auto-populate the UID nor the shell, then claims that the user already exists. I also neglected to say that I am installing the AMD64 version - perhaps this is useful information :) Dave. -- David Rawling Principal Consultant PD Consulting And Security 20 Goodin Road Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD 8.1 - boot failures (upgrades and clean installs) - root FS corrupt?
Hi all I'm striking some trouble attempting to upgrade (and also in building a clean replacement) for an existing 8.0-RELEASE-p3 system running in a virtual machine. The host is Hyper-V R2 and 8.0 has been just fine and dandy. Upgrades and installation generally appear to go fine - no error messages that I can see - but in each case on restarting the system I get only a black screen with a single hyphen on the second line, and the cursor flashing underneath it. Leaving the VM for many minutes does not improve matters - but a Ctrl+Alt+Del does restart it, so it's not "hung" per se. It just fails to start. This is the result of a clean installation: The VM configuration is simple enough - a 64GB disk on IDE 0/0, a DVD on IDE 1/0, an Intel 100Mbps network card (de0), 2 CPUs and 1GB of RAM. Booting the Fixit shell from the DVD - fdisk shows the disk partitioned, seemingly correctly. I've created partitions like so: ad0s1a = 2GB = / ad0s1b = 2GB = swap ad0s1d = 10GB = /var ad0s1e = 48GB = /usr ad0s1f = 2GB = /tmp Mounting them shows the root volume seemingly has data: Fixit# df Filesystem 1K-blocksUsedAvailCapacityMounted on /dev/md0395613051 900 77% / devfs 1 00 100% /dev /dev/acd0 2251930 22519300 100% /dist /dev/ad0s1a 2026030 272730 1591218 15% /mnt/root /dev/ad0s1d 10154158 194 93416320% /mnt/var /dev/ad0s1e 48745002 695558 441498442% /mnt/root Fixit# Yet the 15% of used space is ... well not used properly: Fixit# ls -la /mnt/root total 0 Fixit# fsck_ffs /dev/ad0s1a produces errors for many (all?) inodes - as if file writes were not properly completed / flushed. When fsck is completed, all contents are in lost+found as inode numbers. Any suggestions on debugging what's going on? I'd really like to be able to get current. Dave. -- David Rawling Principal Consultant PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Windows AD and ntpd sync problem
On 13/09/2010 4:45 PM, Omer Faruk SEN wrote: Hi, I am trying to sync my time against a ntp server on Active Directory but no matter what i do ntpd did not sync against AD's NTP server. ntpdate works perfectly against AD but not ntpd. I think you will have trouble doing this. AD's time service is not a true NTP service - it's SNTP with a dash of smarts around increasing frequency and backing off, plus automatic selection of masters / distribution hierarchy. I'd suggest setting up the NTP server to use the NTP Pool project (pool.ntp.org, or the appropriate country subdomain) and configuring AD to synchronise to the NTP server (that should work fine). Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ZFS Question
On 16/08/2010 8:56 AM, Depo Catcher wrote: Hi, I'm building a new file server. Right now I'm on FreeBSD 6.4/UFS2 and going to go to 8.1 with ZFS. Right now I have 3 disks, but one of them has data on it. I'd like to setup a RaidZ but have a question on how to do this: Basically, I need to setup a mirror with the two empty drives, copy the data over and then add the third. Is that even possible? That kind of expansion cannot be done with FreeBSD ZFS (yet - I believe it was being worked on in OpenSolaris and it would have filtered to FreeBSD). Once the pool uses a given RAID level, I believe that's set in stone. What might work is this - paraphrased because I'm not 100% sure of the specific commands: * Create a large (multiple GB) file on your existing disk - let's assume that's /disk1/file0 (dd if=/dev/zero of=/disk1/file0 bs=1024 count=104857600 would be 100GB) * Create a 3 disk RAIDZ1 pool using /dev/disk2, /dev/disk3 and /disk1/file0 (zpool create tank raidz1 ...) * Delete the file (the pool will be degraded) * Copy data to the degraded pool * Replace the missing disk file with /dev/disk1 (zpool replace?) * Scrub the pool for consistency checks (then reset the counters so you can track the current state. You'll want a backup just in case, though, so is there perhaps a case for getting 1 more disk and building the set clean? That way the old disk becomes a backup. Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: zfs question
On 9/08/2010 2:52 AM, krad wrote: On 8 August 2010 16:51, Adam Vande More wrote: On Sun, Aug 8, 2010 at 10:37 AM, Dick Hoogendijk wrote: On 8-8-2010 14:27, Matthew Seaman wrote: Yes. It works very well. On amd64 you'll get a pretty reasonable setup out of the box (so to speak) which will work fine for most purposes. One other thing comes to mind. I want a very robus, fast rockl solid *server* It will be a file- email and webserver mostly. Instead of using two ZFS mirrors I could also go for gmirror (I'm not familiar with it, but it's been around for quite some time so it should be very stable). I don't get the data integrity that way, but my files would be safe, no? Also, using gmirror I could use "normal" BSD UFS filesystems and normal swap files devided across all disks? Or am I wrong, thinking this way. I'm not into fancy stuff; it has to be robust, fast and safe. You do not *need* amd64, however it would the best choice. I wouldn't even mess around with gmirror. It's great and I love it, but it has some serious drawback's compared to zfs mirroring. One is there is no integrity checking, and two is a full resyc is required on an unclean disconnect. http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror -- Adam Vande More you could add a gjournal layer in there as well for better data integratity. I think you can do softupdates + journal as well now although I have never used it If you're after a rock solid server, then to be brutally honest it is less important to decide what you run than it is to choose something that you know well. Since you have 4 years of Solaris/OpenSolaris experience recently, you are likely to know ZFS better than gmirror. So I ask you to ponder - at four o'clock in the morning, with mail down, web servers down and all the disks holding your files failing to mount - which file system or disk structure would you prefer to try to troubleshoot? Dave. -- David Rawling Principal Consultant PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: 1 file system, 2 drives?
On 27/07/2010 6:54 AM, John Almberg wrote: John Almberg wrote: If you have hardware controller with RAID capabilities, using native RAID is better, otherwise look towards gvinum or maybe ccd; see also: I've just been reading up on RAID in my Absolute FreeBSD book, and it occurs to me that my client has a SCSI RAID drive chassis that he is using stupidly... It's a 14 bay drive, and he's currently got seven 32G drives stuck in it, configured with RAID-0. This is the original 200G drive I was talking about. It's a few years old. Over the next few years, this guy is going to need lots of storage for his videos. After a bit of reading, I'm wondering if the best idea might be to toss out those 32G drives and replace them with 3 big (say, 300G) drives configured with RAID-5. It sounds to me like a RAID-5 array can be expanded by adding new drives. QUESTION: is expansion normally a matter of just plugging in a new drive? Is the new drive automatically grafted onto the old drives? Or do you have to go through a process like, backing up the data, plugging in the new drive, reformatting the expanded array of drives, and restoring the data. I don't know the brand/model of the RAID drive chassis, but the client thinks it can be switched to use RAID 5. I'm waiting for the technical details, but assuming it can handle RAID-5 for now. Answering my own question... So its a HP 6402 / 128 RAID controller. From a quick skim of the manual, it looks like the controller has to go through an 'expansion' process when adding a new drive. This sounds time consuming, but more or less automatic -- i.e., handled by the controller. Sounds like this might be the best way to go. It's been a while since I dealt with HP SCSI RAID, but ISTR that you'd need to install and configure the 3 disks as a RAID 5 set, copy the data from the 7x36GB array to the new array, (using a temporary mount point, generally, and dump | restore) switch the mount points across so that the /videos tree is the new copy, then remove the RAID0 set from the controller. You may or may not find that the RAID controller changes LUN IDs after a cold start too, so LUN 1 (new RAID 5) suddenly becomes LUN 0 on the cold start after the old RAID set is decommissioned and pulled. This is often accompanied by a heart attack on the part of the person restarting the server. After that, though, expansion is a cinch - but it will be quite slow since it needs to read and write the entire content of all disks. I'd therefore go as many spindles as you can - 3 disks, 5 disks and 9 disks are what I recall as being optimal groups for RAID 5. Also consider that you can supplement the RAIDs with the BSD tools previously mentioned. Today is 3 x 300GB. Tomorrow add another 3 x 300 (assuming IOPS is OK) and concatenate them to be a 1.8TB "disk" - 2D+P + 2D+P. Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Would you recommend installing 8.1RC2?
On 28/06/2010 8:37 PM, Antonio Vieiro wrote: I'm brand new to FreeBSD. I've got 8.0-RELEASE up and running in my main workstation and I'm quite happy with it. Great job & congratulations. I'm eager to try out 8.1, and I was thinking of trying it out on my laptop for my daily work (I'm currently running OpenSolaris 2009.06). My question is: if I install 8.1 RC2 would it be very difficult to upgrade it to 8.1-RELEASE afterwards? Would you recommend installing 8.1-RC2 right now or would you wait until 8.1-RELEASE is out within a few days? Thanks in advance, Antonio Hmm. Well apart from the fact that I can't find an 8.1-RC2 release (8.1-RC1 is the most recent I can locate) - I'd probably wait a bit - especially if you're a newcomer like me. While upgrading should be easy in most cases (freebsd-update upgrade -r 8.1-RELEASE ; freebsd-update install) ... I am having trouble with my 8.1-RC1 x64 VM - fetching files is failing with size mismatches. To me it appears that either my firewall/proxy, or the web server/fetch client cannot agree on the transmission of compressed files. I get size mismatches because the file gets decompressed somewhere along the way. I suspect the proxy but I haven't been able to prove it yet. Still, building a test/practice machine on 8.1-RC1 is certainly a good plan. If nothing else you can validate your port set :) Dave. -- David Rawling Principal Consultant PD Consulting And Security 20 Goodin Road Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ziz a dumb question?
On 1/05/2010 11:55 PM, Polytropon wrote: On Sat, 01 May 2010 11:59:52 +0100, Chris Whitehouse wrote: Seriously? Or joking? How did you measure it? Well... erm... in fact... I didn't measure anything, I just utilized the numbers. :-) Modern PCs come with a 700 W power supply (and more), and the specs for my AS/400e 9406-170 say 654 W with expansion unit (326 W without), measured kVA values (according to manual) are similar. Weight is 70.5 kg, and size is two big towers side by side. You seem to be assuming that a desktop PC draws 100% of its rated current all the time, which I'm happy to say is not the case. Unlike the AS400, where the PSU is sized specifically for the system, a PC power supply is sized for a specific output. Vendors and assemblers are free to choose whatever PSU they wish. Also, CPUs and GPUs now lower their core voltage and clock speed if the extra performance is not required. The 45W (or 65W, 73W, 90W, 125W) quoted by CPU vendors is the amount of power they are reasonably expected to draw under heavy load, not the idle or average draw. My 2 year old desktop uses 60-100 watts depending on how hard it's working. Sounds like a notebook / laptop class computer. I can assure you it is not. I can show the following examples: Core 2 Duo E7400 (about 3GHz), single 7200rpm disk, embedded graphics and network - 44W to 60W depending on what's happening at the time. Adding a discrete GPU (I don't recall the model, but knowing me it's probably a low-end ATI 3000 series) adds 10-30W, again depending on load. Another Core 2 system, an E5200 I think, with 2 x 7200rpm notebook disks, 4GB, embedded graphics and network is also measured at around 45W. I have an overclocked E6300 (running at 2.66GHz, so a 25% overclock), 3GB of RAM, 2 x 7200rpm desktop drives, and a GeForce 7600 that pulls 140W. Note that overclocking generally disables power saving features and increases power use (linear with clock, square with voltage). Servers tend to be worse - I have a matched pair of Acer servers with single 3GHz P4 class Xeons, 2GB of RAM, 3 x 7200rpm disks and dual NICs. Those systems pull 220W and they're the next ones I'm ditching for something that uses less power! All the numbers above are measurements before the PSU input (using the Australian version of the "Kill-A-Watt") so include the losses due to the PSU itself. To go back to Gary's question, however, I would suggest that the new Core i3 series of processors, along with a new board, will use substantially less power than is marked on the PSU, especially if he is not continually encoding video, rendering animation or designing the next Sydney Harbour Bridge (replace with your own national monument if desired). I use this in my HTPC, and it's quite capable of supporting two XBox media extenders and encoding 576p video in close enough to real time, all simultaneously; while doing so it's probably using less than 110W of electricity. Dave. -- David Rawling Principal Consultant PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: powerd on 8.0, is it considered safe?
On 8/03/2010 9:47 PM, Dan Naumov wrote: Is powerd finally considered stable and safe to use on 8.0? At least on 7.2, it consistently caused panics when used on Atom systems with Hyper-Threading enabled, but I recall that Attilio Rao was looking into it. I can confirm I've been running it on an Atom 330 board, with HyperThreading, on 8.0-RELEASE-p2, for quite some time now: timeserver ~ 66> uptime 7:43AM up 11 days, 13:34, 1 user, load averages: 0.01, 0.01, 0.00 And /etc/rc.conf: powerd_flags="-i 85 -r 60 -p 100" Although now looking at it I don't know if it's working ... Dave. -- David Rawling Principal Consultant PD Consulting And Security 7 Virginia Ave Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: IBM DS4800 Storage
On 2/03/2010 2:40 AM, Dan Nelson wrote: In the last episode (Mar 01), Omer Faruk Sen said: (da0:isp1:0:0:6): Vendor Specific ASC (da0:isp1:0:0:6): Unretryable error (da0:isp1:0:0:6): READ(10). CDB: 28 0 0 0 0 10 0 0 1 0 (da0:isp1:0:0:6): CAM Status: SCSI Status Error (da0:isp1:0:0:6): SCSI Status: Check Condition (da0:isp1:0:0:6): ILLEGAL REQUEST asc:94,1 (da0:isp1:0:0:6): Vendor Specific ASC (da0:isp1:0:0:6): Unretryable error According to the "DS4000 Problem Determination Guide" at ftp://ftp.software.ibm.com/systems/support/system_x_pdf/gc27207600.pdf#page=104 , ASC/ASCQ 94/01 corresponds to "Invalid Request Due to Current Logical Unit Ownership". Maybe the DS4800 thinks that the lun has been assigned to a different host, and that's why it won't let the FreeBSD machine access it. Other web searches indicate that this may be an attempt to access the passive path of multipathed device on an active/passive RAID array. If that's the case, FreeBSD should have found another disk (da1 possibly?) that you should be able to use. That being the case, it's also possible that the LUN is accessible to the FreeBSD system, but another application or system has applied a SCSI-2 "reservation" or a SCSI-3 persistent reservation to the disk; that would prevent the FreeBSD system from accessing the LUN. Perhaps see what servers or devices the DS4800 thinks is connected to the LUN. Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Replacing base NTP with ports NTP
Greetings all and sundry About 3 months ago I built myself a time server using 8.0-RC3, IIRC, and I upgraded to 8.0-RELEASE (and now -p2). Naturally, as I want this server to provide time services, I've installed the net/ntp port, among others. Recently, for reasons that have become lost in the mists of time, I noticed that I wasn't running the port version of NTP (/usr/local/sbin/ntpd), but the version installed with the base system (/usr/sbin/ntpd). For the immediate term, I've renamed the base versions of the files in /usr/sbin, and then symlinked to the port version (in /usr/local) - ntpd is now the ports version, as are most of the tools. This does, however, seem like a rather silly way of getting the most current NTPd running. I cannot, for the life of me, figure out how to get the Ports version of NTP to overwrite the base system's NTP. Yet I'm sure (since there *is* a port of NTP) there must be a better way to do this. Can anyone point me in the direction of some documentation? Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Error after booting for second time
On 24/01/2010 2:35 AM, macondo wrote: I installed fbsd8 and after booting for the second time, got this error message: "acd1: FAILURE-unknown CMD (0x03) ILLEGAL REQUEST asc=0x20 asq=0x00" It won't allow me to continue booting... Any ideas? Thanks. I see that message or similar messages if I boot [many|most] of my FreeBSD systems with the FreeBSD disc in the drive still. Try pulling the DVD from the drive before you reboot. Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup FTP service on FreeBSD 2.0.5?
On 7/01/2010 2:35 AM, Jerry McAllister wrote: On Wed, Jan 06, 2010 at 06:20:53PM +0800, Paul Shi wrote: Hi Everyone, I am trying to find a way to setup a wireless network with a FreeBSD server machine running FTP service. The release of FreeBSD I intend to use is 2.0.5 but I could not find anything on how to setup FTP service on FreeBSD 2.0.5 in handbook. There are only howto on PPP and SLIP. Does anyone have a handbook on how to enable FTP service on FreeBSD 2.0.5? Millions thanks! I haven't followed your whole thread, but is there a good reason you want to use such an old version of FreeBSD? You would be very seriously better off installing the latest version -- especially if you plan to use the system on the internet. There have been many many security fixes since 2.0.5 was around. It should not be difficult to have access to the latest version in Hong Kong. There may even be a mirror site there. I definitely second this - unless there's an old application that doesn't work any more, it would certainly be easier and more secure to use the 7.2 or 8.0 releases of FreeBSD. After all, Internet or Intranet, it only takes one loathsome, dispicable, contemptible miscreant to find a security hole, and your entire server is toast. There appears to be a mirror site for FreeBSD in Hong Kong at ftp://ftp.hk.freebsd.org/pub/FreeBSD/ Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can't figure out recursion problem in bash/freebsd
On 8/01/2010 8:47 AM, Bernard T. Higonnet wrote: echo starting in `pwd` for hoo in * do echo $hoo if [ -d "$hoo" ] then echo pushing $hoo; cd $hoo $0 else echo processing $hoo fi; echo going to next item done cd .. I have tried various minor variations , all to no avail. I have no doubt I'm doing something very dumb, but I'm too locked into my vision to see it... All help appreciated Bernard Higonnet I am probably the last person you'd want debugging your scripts, but I can at least reproduce the problem. My test folder and file structure: /tmp/test dir0 dir00 file00 file0 dir1 dir11 file11 file1 Luckily, I think I have also derived the solution. The problem appears to be the directory stack. Specifically, the output of my revised version shows that it's not working in the right folders all the time. #! /bin/sh echo Starting in `pwd` for hoo in *; do echo $hoo if [ -d "$hoo" ]; then echo Pushing $hoo; cd $hoo ($0) else echo Processing file $hoo fi echo Going to next item done cd .. echo Finishing in `pwd` By moving the cd command into the if statement, we change back into the correct folder at the right time (otherwise the siblings to the first directory cannot be found in the for loop, perhaps because the current directory has changed mid-execution): test01# cat /root/recurse.sh #! /bin/sh echo Starting in `pwd` for hoo in *; do echo Found item $hoo if [ -d "$hoo" ]; then echo Pushing $hoo cd $hoo $0 cd .. else echo Processing file $hoo fi echo Going to next item done echo Finishing in `pwd` test01# I think it works - someone brighter than me can tell us both why :). Most of the changes you see there are stylistic (eg the placement of then/else and do/done) or were for my own clarity in figuring out what was being printed where. Dave. -- David Rawling Principal Consultant PD Consulting And Security 7 Virginia Ave Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Blocking a slow-burning SSH bruteforce
On 2/01/2010 2:24 AM, Jerry wrote: On Sat, 02 Jan 2010 01:56:17 +1100 David Rawling replied: Apart from switching away from user authentication to private/public keys ... is there anything I can do to mitigate these attacks? Any advice welcome. Is there a specific reason that you don't want to use keys? If we're being brutally honest - I'd probably lose them ... Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Blocking a slow-burning SSH bruteforce
On 2/01/2010 2:07 AM, J.D. Bronson wrote: Few options I can think of in random order...I use #1: 1. Run SSH on an obscure port. Seriously, thats one of the easiest things to do. Since I have done that, I have had ZERO attempts and it works perfectly as long as users know the odd port. In fact, I dont know anyone in our IT circle of friends that runs SSH on port 22. 2. Consider controlling/limiting access via 'pf' if your running 'pf'. Of course with your examples coming from all different IPs, thats not likely gonna help much. 3. Just ignore it - they aren't getting in...similar to spammers being rejected by RBLsits traffic, but cant be a whole lot. 4. Limit login time window too...I run a very narrow window of time to login and a LOW number of attempted logins per session. Darn. 1 is out because 22 is the one port that most organisations (including mine) allow out of their networks for administering routers. 2 is unfortunately not an option (as a consultant I do work from many networks) 4 - again I might have to log in any time ... 3 seems the best approach. Thanks for your thoughts, it's good to get second opinions. Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Blocking a slow-burning SSH bruteforce
I tend to think there's not much I can do about this, but I'll ask anyway. I've implemented sshguard to block the normal bruteforce attacks - which seems to be working reasonably well. However now I have the following: Jan 1 17:42:52 timeserver sshd[1755]: error: PAM: authentication error for illegal user but from 190.146.246.36 Jan 1 17:55:09 timeserver sshd[1788]: error: PAM: authentication error for illegal user byung from 212.243.41.9 Jan 1 18:07:38 timeserver sshd[1809]: error: PAM: authentication error for illegal user cac from 148.233.140.193 Jan 1 18:20:06 timeserver sshd[1832]: error: PAM: authentication error for illegal user cachou from 121.52.215.180 Jan 1 18:32:21 timeserver sshd[1851]: error: PAM: authentication error for illegal user calla from 212.243.41.9 Jan 1 18:44:35 timeserver sshd[1884]: error: PAM: authentication error for illegal user calube from 83.211.160.211 Jan 1 19:09:12 timeserver sshd[1923]: error: PAM: authentication error for illegal user cancy from 194.51.12.238 Jan 1 19:21:35 timeserver sshd[1946]: error: PAM: authentication error for illegal user candice from 82.106.226.77 Jan 1 19:46:12 timeserver sshd[1997]: error: PAM: authentication error for illegal user candyw from 116.55.226.131 Now this seems to me to be a dictionary attack on timeserver, and I'd guess that it's a botnet behind it. It's rather sophisticated since it's only attempting 1 user and password combination per source - so it's far too little to trigger the sshguard rules. Even if it did trigger, it wouldn't prevent the attacks. Apart from switching away from user authentication to private/public keys ... is there anything I can do to mitigate these attacks? Any advice welcome. Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Hardware virtualization
On 31/12/2009 9:00 AM, Nenad Mihajlovic wrote: Hello, For the Intel processors VT support, you can check up on http://ark.intel.com/VTList.aspx go for no less than dual-core 8400. and for the AMD desktop processors, here: http://products.amd.com/en-us/DesktopCPUResult.aspx and some of new X4 phenoms. Either AMD or Intel, both are good choice, we have run numerous environments here without any problem. For the serious application you might want to go for the Xeon or Opteron family, though. Regards, Nenad original message- from: "Mike Jeays" mike.je...@rogers.com to: "freebsd-questi...@freebsd. ORG" freebsd-questions@freebsd.org date: Wed, 30 Dec 2009 16:06:38 -0500 - I am about to buy a new desktop, and I want to make sure that hardware virtualization is included. In one or two local computer stores, I get a blank look when I ask about this. Intel seems provide it on only certain chip models and they don't seem be very forthcoming, Perhaps it is better to buy an AMD product? Any hints, please? ___ Intel processors are documented at http://processorfinder.intel.com/ - from what I can see, the following Intel processors have VT (Hardware Virtualization): * All E6xxx series Core 2 Duo * All Q6xxx series Core 2 Quad * All E8xxx series Core 2 Duo * All Q9xxx series Core 2 Quad * All Q8xxx series Core 2 Quad *except Q8200* * All Core i7 processors * All Core i5 processors * All Xeon 3000, 3200, 5000, 5500, 7000 series processors As far as I know, the following do not: * Core 2 Duo 4000, 5000, 7000 series processors * Pentium Dual Core E5000 and lower series processors * Celeron processors Even more critical than the CPU is the board - without BIOS support, there shall be weeping and gnashing of teeth. Dave. P.S. Happy New Year! -- David Rawling Principal Consultant PD Consulting And Security 7 Virginia Ave Baulkham Hills, NSW 2153 Australia Mob: +61 412 135 513 Email: d...@pdconsec.net Please note that whilst we take all care, neither PD Consulting and Security nor the sender accepts any responsibility for viruses and it is your responsibility to scan for viruses. The contents are intended only for use by the addressee and may contain confidential and/or privileged material and any use by other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: my slices are gone
-Original Message- From: Tom Worster [mailto:f...@thefsb.org] Subject: Re: my slices are gone On 12/3/09 4:34 PM, "David Rawling" wrote: >> I'm barely starting off in the FreeBSD world after a long hiatus, but might >> you perchance have been using Dangerously Dedicated disks? It doesn't seem to >> match the disk layout but you never know. >> >> Lots of people have had trouble since DD mode disappeared (it took me ages to >> figure out why my VMs with DD mode always broke). > >i don't really see why this should have been working and then stop working >on a freebsd-update. I should have clarified - FreeBSD 8.0 seems to have done away with DD disks completely. They are no longer configurable in sysinstall, for example, and I have seen reports of failure with the 8.0 kernels on existing DD systems, after freebsd-update. Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: my slices are gone
-Original Message- >From: owner-freebsd-questi...@freebsd.org on behalf of Tom Worster >Sent: Fri 4/12/2009 8:19 AM >To: freebsd-questions@freebsd.org >Subject: my slices are gone > >using sysinstall on the 8.0-RELEASE ISO Disk 1, i looked at the status of >the disks and found some alarming things: > >the label editor shows no labels on either disk. that seems pretty bad. > >and the slice editor says: > >Disk slicing warning: >chunk 'ad6p1' [40..409639] does not start on a track boundary >chunk 'ad6p2' [409640..1464784583] does not start on a track boundary > >which seems pretty bad in two different ways. > >would anyone disagree that freebsd-update -r 8.0-RELEASE upgrade has left >this system unusable and the only next step is reformat at reinstall (that >old windows routine)? I'm barely starting off in the FreeBSD world after a long hiatus, but might you perchance have been using Dangerously Dedicated disks? It doesn't seem to match the disk layout but you never know. Lots of people have had trouble since DD mode disappeared (it took me ages to figure out why my VMs with DD mode always broke). Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: binary upgrade 6.2
Alex Huth wrote: >I am trying to upgrade a 6.2-RELEASE to 6.4-RELEASE, but `freebsd-update -r >6.4-RELEASE upgrade` is not available in this version. Can i upgrade this or >do i have to go the old way? Unfortunately the `pkg_add -r cvsup` does not >find the package for it. Might it be possible to install the csup port from /usr/ports/net and use that instead of cvsup? IIRC it's compatible with cvsup and uses the same config, but does not require M3 etc. Another option might be pkg_add -r csup, or the cvsup-without-gui port. Dave. -- David Rawling PD Consulting and Security d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: Bootcamp?
Juan wrote: >Hello i´m a mac user since long ago, i just downloaded Freebsd 7.2 and >i will install it on a 2800+ amd athlon 64 bits , does freebsd has a >boot camp or virtual machine, so i can install a os x also? Hi Juan and welcome to the FreeBSD community. You might try VirtualBox, which is similar to VMWare Workstation but free and part of the ports tree. There's probably a package for it - try: pkg_add -r virtualbox However, you may struggle to install OS/X - Apple have some reasonable technical restrictions in place, and a licensing restriction also that prevents use on non Apple hardware. As a result you probably are not licensed to, and may not physically be able to, use OS/X on your new PC. Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: how to do a custom install?
-Original Message- From: Gary Kline Sent: Sun 15/11/2009 8:03 PM due to strange disk problems i was down for around 30 hours. i am currently wiping dos/win off in favor of 7.2-R and i have a question about doing a "custom" install that would let me slice the drive into more that four pieces. i am building, by default, /, /var SWAP, and /usr it has been years since my custom install where [[*some*]] technique let me slice something like, say, /, /var, /tmp, /usr/local/ SWAP, and /usr anybody remember what keys to hit in the installation procedure? tia, gary I can't say that I remember the keystrokes, but you can have multiple disk slices (aka Windows/DOS partitions) and within each slice, multiple BSD partitions (IIRC up to 8). I have mine partitioned into (generally) / - 1GB swap - 2x - 4x RAM /tmp - 4GB /var - 20GB /usr - 40% /backup - remainder I use the whole disk for BSD (single slice) and create the partitions as whatever size suits. Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: atom based servers
Jack Barnett opined: >Curious, how did you get it installed? I used the AMD64 MemStick image on a Corsair 2GB key. It's one I had lying around and that wasn't 8x larger than the image. >My motherboard doesn't have an IDE port (so, no IDE CD-ROM) and don't >think booting from USB-CDROM is supported > >Booting from USB Flash drive works? It did for me - I never had an intention of putting an optical drive in that server (none of my servers have opticals any more). Nothing strange in the BIOS - just the normal boot options. IME these things are finally getting to the "just works" stage. Thankfully! Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: atom based servers
Robin Becker opined: ... >I have one of the Acer ION gadgets running at home and that also uses the Atom >330. I cannot find any nice way to reduce the power consumption though as the >330 doesn't seem to support speedstep and my cpu is always running at 68C. Does >your board provide any power control opportunity? sysctl dev.cpu.0.freq reports that my CPU is running at 202 or 404MHz generally: timeserver ~ 127# sysctl dev.cpu.0.freq dev.cpu.0.freq: 404 timeserver ~ 128# sysctl dev.cpu.0.freq_levels dev.cpu.0.freq_levels: 1618/-1 1415/-1 1213/-1 1011/-1 809/-1 606/-1 404/-1 202/-1 I notice the only C states are C0 and C1, and that it's generally running in C1: timeserver ~ 136# sysctl dev.cpu.0 dev.cpu.0.%desc: ACPI CPU dev.cpu.0.%driver: cpu dev.cpu.0.%location: handle=\_PR_.CPU0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 dev.cpu.0.%parent: acpi0 dev.cpu.0.freq: 202 dev.cpu.0.freq_levels: 1618/-1 1415/-1 1213/-1 1011/-1 809/-1 606/-1 404/-1 202/-1 dev.cpu.0.cx_supported: C1/0 dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_usage: 100.00% last 500us lmmon is not particularly helpful for anything on this board, but that could be because I'm using the Generic kernel and /dev/smb0 is not present: timeserver ~ 134# lmmon -i Motherboard Temp Voltages 255C / 491F / 528KVcore1: +3.984V Vcore2: +3.984V Fan Speeds + 3.3V: +3.984V + 5.0V: +6.654V 1:0 rpm+12.0V: +15.938V 2:0 rpm-12.0V: -15.938V 3:0 rpm- 5.0V: -6.654V Do you have any other suggestions of tools I could use to help answer your question? Perhaps the lack of other C states is causing the excess power consumption (or perhaps your system is more heavily loaded)? I'm assuming for the sake of simplicity that powerd is already enabled (I'm running with powerd_flags="-i 85 -r 60 -p 100")? Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: atom based servers
-Original Message- >From: Brian Whalen >Sent: Thu 12/11/2009 9:26 AM > >I see supermicro and potentially others have atom servers available, >anyone tried these on freebsd with success? > >Brian Hi Brian Indeed, I have a FreeBSD 8.0RC1 system running as my primary time server for the home network. Since it's an Atom 330, it fully supports 64-bit mode (an opportunity I have grasped with both hands). The board I happen to be using is an Intel DG945GCLF2 - a clone board with just 1 DIMM slot and two SATA ports. Everything I need to have supported Just Worked out of the box. The server itself is running at a very low load level: timeserver ~ 15> uptime 1:00PM up 6 days, 12:38, 1 user, load averages: 0.00, 0.00, 0.00 I can provide the output of most any other commands if you'd like to see anything specific. I rather suspect that the Supermicro and other server-class Atoms will still be using the Intel 945 or similar chipsets. Dave. -- David Rawling PD Consulting And Security Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
