Re: Does anybody know a PeerGuardian like app?
Polytropon writes: Is this what you had in mind? I think a big component of what the OP asked for is and has frequently updated lists If there was such a list available then it would be possible to integrate it with one of the firewals available in FreeBSD. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Reversed (or previously applied) patch detected
I was doing some exercises to get familiar with diff/patch. Tried: cd mkdir tmp cd tmp mkdir original mkdir changed echo Line1 > original/File1 echo Line2 >>original/File1 echo Line4 >>original/File1 echo Line1 > changed/File1 echo Line2 >>changed/File1 echo Line3 >>changed/File1 echo Line4 >>changed/File1 echo 1 > original/File2 echo 2 >>original/File2 echo 4 >>original/File2 echo 1 > changed/File2 echo 2 >>changed/File2 echo 3 >>changed/File2 echo 4 >>changed/File2 diff -urN original changed > dir.diff Which produced: diff -ruN original/File1 changed/File1 --- original/File1 2010-12-26 23:07:41.0 -0500 +++ changed/File1 2010-12-26 23:08:26.0 -0500 @@ -1,3 +1,5 @@ Line1 Line2 +Line3 Line4 +Line5 diff -ruN original/File2 changed/File2 --- original/File2 2010-12-26 23:08:08.0 -0500 +++ changed/File2 2010-12-26 23:08:35.0 -0500 @@ -1,3 +1,8 @@ 1 2 +3 4 +5 +6 +7 +8 Then tried patch < dir.diff The patch command gives the warning: Reversed (or previously applied) patch detected Tried a few other variations like patch -p But that will make the "changed" files be like the original instead of patching the original files. Any ideas/hints? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
portsnap2.freebsd.org corrupt files
portsnap fetch Looking up portsnap.FreeBSD.org mirrors... 5 mirrors found. Fetching snapshot tag from portsnap2.freebsd.org... done. Fetching snapshot metadata... done. Updating from Mon Sep 20 21:17:39 EDT 2010 to Tue Sep 21 10:05:03 EDT 2010. Fetching 1 metadata patches. done. Applying metadata patches... done. Fetching 1 metadata files... gunzip: (stdin): unexpected end of file metadata is corrupt. If I change the server to portsnap1.freebsd.org it goes through without errors. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Global backup solution for FBSD & Ubuntu
krad writes: In my experience dedup requires a fairly large amount of juice so if your backups are large I hope you machines are big on ram The way tarsnap does it is not that intensive. I have used in an old 900Mhz machine with less than 640MB of RAM and it worked well. I think the program computes some sort of hash for blocks of data and then the server checks to see if it already has that block. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Global backup solution for FBSD & Ubuntu
bsd writes: I am trying to build a global backup solution for couple of strategic servers (7) based on two operating systems : Depending on how much data you are trying to backup and whether an internet backup solution would work, you may want to take a look at tarsnap: http://www.tarsnap.com/ Works on both FreeBSD and Linux. It has deduplication capabilities within a server. You can do several backups as "full" and the service will only store what has changed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Floppies on VMware workstation FreeBSD guest
Adam Vande More writes: Yes, you might be able to edit an existing image or use 'make release' to build your own. Or with pxe you can just put it on NFS. I was thinking of something perhaps even simpler. Mount a second CD image with just install.cfg. Will try that and see how it works. If I was going to do lots of install PXE may be the way to go, but wondering if it is worth the effort for the handfull of times I would use it. For physicall install I will try USB. Right now jus trying to solve the issue with VMware just to get familiar with the install.cfg syntax. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Floppies on VMware workstation FreeBSD guest
Adam Vande More writes: I'm not sure that floppies are still working in this fashion, but even if they are it may be easier for you to do this via pxe or optical media. You mean to create a CD image and put the install.cfg instead of using a floppy image? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Floppies on VMware workstation FreeBSD guest
Any has had any success with getting floppies to work on VMware desktop 7 on a FreeBSD guest? Did the following to prepare the floppy #Create empty floppy image dd if=/dev/zero bs=1k count=1440 of=/data/tmp/boot.flp #create md0 and point it to floppy mdconfig -a -t vnode -f /data/tmp/boot.flp -u 0 #newfs newfs /dev/md0 #mount mount /dev/md0 /mnt #copy data here #unmount umount /mnt #delete md0 mdconfig -d -u 0 I am trying to create a floppy image with an install.cfg to learn how sysinstall automation works. The floppy gives the following error: Error mounting floppy fd0 (/dev/fd0) on /dist : device not configured. Just as a test I found a floopy for an old PicoBSD floppy to see if it could be read. It failed too. However, if the PicoBSD floppy image is first in the boot order it actually boots of the floppy image. Search for this issue show some old messages of people having simmilar problems, but given that they were old I wondered if the issue had been resolved. I am aware that in VMware one can create one VM and make a template. I am trying to learn sysinstall automation for the times when I will need to install FreeBSD on a physical machine instead of a VM. Any pointers will be greately appreciated. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Disk Cloning
krad writes: On a side note. Anyone building new systems manually from the shell I would recommend using GPT labels if you can. Apart from not having the 8 fs limit (128 iirc) gpart is a dam sight nicer to use than bsdlabel, and scripting it Any links on GPT on 8? Found this tutorial for 7 http://www.daemonforums.org/showthread.php?t=2666 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Torrent for 8.0 RC1?
Looking for 8.0 RC1 torrents and so far only found this one http://www.legittorrents.info/index.php?page=torrent-details&id=28d9970704ce aedddec8873d21b34d57cbb0b58d Are RCs not officially distributed through torrents? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Install fails, but newfs worked
Trying to install FreeBSD in a machine with Adaptec 2120 SCSI controller. Newfs finished without errors, but when the installer tried to write the different parts it fails with "write failure". Have tried it twice. Wouldn't any/most errors have been caught by newfs? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Which FTPs are most used by ports?
I am about to install FreeBSD at a new job. They block ftp, along with most other ports. I may be able to get a whole open for the freebsd server to be able to ftp from some specific machines. Any suggestions what machines I should add to the list? For programs I know about I plan to do "make fetch-recursive" at home and then copy the /usr/ports/distfile directory. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Where is the next uid from adduser pulled from?
I have scripts to add new users. However, after that any port that installs a user creates it with a UID after the ones I made. For example I want all employees to have uids starting at 5000, but I would like too port installed uids to be 2000 and up. After I add some users (ie say last user is 5008), the next port that installs a user and doesn't specify uid.. then will get 5009. Tried looking for the adduser program, but could not find adduser.c Any pointers would be greatly appreciated. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: best way to run vista inside freebsd
Norberto Meijome writes: I do not have Windows on any of my machines but I have heard that Win4BSD is really good. It is not free! I believe it is about $45. $45 is far cheaper than EMC's VMWare workstation edition. Does it support Vista now? interesting..you can also try QEMu, on which Win4BSD is partly based . Win4BSD is not all that stable and the support is rather lacking. You see many posts in their forums with no answer.. and others with answers weeks/months later. As much I really wanted that software to work.. I don't see how people are going to use it, with such horrible support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: best way to run vista inside freebsd
Frank Jahnke writes: VMs in general are a problem on Free. There is an effort to port the most recent VMware Workstation by a very good man. VMware employee? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Cross compiling to amd64 in a i386 machine?
is there a way to cross compile to amd64 from i386? I see that "as" support a "--64" target but when I try to compile a program with that target it gives the error Fatal error: No compiled in support for x86_64 I am trying to cross compile FreePascal from i386 to amd64. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Exercising ATA disks in hopes of revealing errors
Bill Moran writes: Check with the vendors, though. Many drive manufacturers have utilities you can download specifically to check their drives. If the drives are somewhat recent you can try using SMART to check them. In particular you can use the smartmontools port. You may need to enable SMART on the motherboard. SMART = Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) http://en.wikipedia.org/wiki/Self-Monitoring%2C_Analysis%2C_and_Reporting_Te chnology Syntax is smartctl -t short /dev/ad0[1] smartctl -t long /dev/ad0[2] smartctl -l selftest /dev/ad0[3] [1] If the short fails you know there are problems. Still no guarantee. Still worth to do quick tests first. [2] If it fails, there is a good chance the drive has some sort of problems. [3] Use that to check the result. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.2 SCSI RAID controllers
Josef Grosch writes: What is the best SCSI/SATA/SAS RAID controller to use with 6.x? We have tried LSI for SAS and we are not that impressed with it. Catching up with the list.. and did not see an answer to your question. Have you tried adaptect? We have a couple of SCSI machines with it and they are working fine. the management utility does NOT work all that great (ie it hangs under some operations), but performance and stability of the machine has been great so far. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: "Realtime File System Replication On FreeBSD" How reliable is it?
Steve Bertrand writes: I have used vinum for quite a while, never, ever had a problem. In fact, in RAID-1, I had a motherboard and a disk fail simultaneously. I popped He is not asking about disk RAID. I found this site with instructions to setup what is basically a network RAID-1: http://phaq.phunsites.net/2006/08/11/realtime-file-system-replication-on-freebsd/ Looking at the link it seems he is actually asking about geom_gate. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to prevent a filesystem from getting checked by fsck?
Sahil Tandon writes: Francisco Reyes wrote: Have a server with 3 large filesystems. I would like to have only one checked by fsck and mounted. The other two I want to fsck and mount manually. Is it enough to change options to "rw,noauto" and pass to 0 for the two I don't want mounted or fscked? See "man 5 fstab": If the option ``noauto'' is specified, the file system will not be auto-matically mounted at system startup. and If the sixth field is not present or is zero, a value of zero is returned and fsck(8) will assume that the file system does not need to be checked. Thanks for the reply. I read both fsck and fstab pages.. I just wanted to make sure that I was reading the man pages correctly.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to prevent a filesystem from getting checked by fsck?
Have a server with 3 large filesystems. I would like to have only one checked by fsck and mounted. The other two I want to fsck and mount manually. Is it enough to change options to "rw,noauto" and pass to 0 for the two I don't want mounted or fscked? This is so in case of a crash, like we had today, the machine will be up sooner. The two filesystem that I will set to noauto, are used by cron jobs which can wait. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Making world doesn't change all ownerships?
I have a test machine where some users changed a number of directories to be owned by "www:www" by mistake. The machine was unusable. After rebuilding from sources the machine was usable, but I noticed that a number of files still were owned by "www". In particular I saw files in /usr/sbin, /usr/bin.. and likely other places. Shouldn't rebuilding from source fix the ownership? I followed the steps in "Common items" from /usr/src/UPDATING, like have done many times before... make buildworld make kernel KERNCONF=YOUR_KERNEL_HERE [1] [3] mergemaster -p [5] make installworld make delete-old mergemaster [4] Since it is a test machine, if there are still odd issues I may just re-do the whole machine.. and newfs.. but was puzzled that rebulding world would leave binarines with the wrong ownership. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.1 and NFS
Bill Moran writes: Have you tried contacting the Foundation? http://www.freebsdfoundation.org/ It's my understanding that they coordinate most of this money -> developers stuff ... I think I explored that route. It's been a month or so now.. but if memory serves me well that was not a viable option. Don't recall details, but I think someone told me they were not setup to find someone... or something along those lines. One of the Core developers offered to put me in contact with one or more people who did this type of work.. but after a few days with no response I sent a follow message and never heard back.. We ended up giving up on NFS and re-architecting what we were doing as to not use NFS. :-( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: 6.1 and NFS
Kris Kennaway writes: There are a number of PRs I filed, but those aren't all of the problems. It will require fairly major work to fix - the best hope would be if someone was funded to work on it. A couple of months back the place I work for had a number of issues with NFS. We tried to find someone to work with us and we were offering to pay. After weeks searching I was unable to find someone. A few weeks later We got in touch with Mohan Srinivasan who graciously spent time during his vacation to help us. Although I believe our problems were in a good deal related to our own network quality the state of the NFS server seems to need some considerable work. Also we found a couple of additional bugs with the client which made things even worse. So.. if there is someone who is willing to work on NFS.. as a contract there needs to be a way for companies willing to fund it to get in touch with such person(s). Perhaps there could be a list/forum where people familiar with internals such as NFS, can post their availability and willingness to do contract work so companies willing to fund development in a particular area can get in touch with the right people. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Status of bigdisk support?
Is the page http://www.freebsd.org/projects/bigdisk/ up to date with regards to bigdisk support in FreeBSD? That page mentions issues with filesystems over 1TB, but I have several machines with 5.X and 6.X that can see and work fine with 1TB+ filesystems. Currently going to setup soon a machine with 2TB+ of storage and wanting to find out what limitations exist. Any problems with fsck with 2TB+ This will be a database machine so the number of inodes will be few and will likely do newfs -i 256MB (with the proper syntax to represent 256MB). Any benefits to even go to 512MB? The database in question will be postgresql and it creates files up to 2GB in size. So with 2TB will have at most a handfull of thousands of files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Urgent: Downgrading from 6.X to 5.X?
Paul Chvostek writes: Apache logs daily). NFS seems to go away for a few seconds (the filer is unpingable), then return. I see this in 6.X too. Despite the 5.x branch's known problems, I had attributed this to the fact that I'm using bge NICs. Our problems seem to occur with other cards too including intel cards (em if I recall) moved most of this log processing to a 6.1-RELEASE box last week (on identical hardware), and I've seen none of the timeouts. Do you do mostly reading? Any writing? I'm using HP DL380-G4 servers (onboard bge, ciss RAID), with a BlueArc Titan for NFS. How much storage? How much? Looking at their site.. don't see pricing.. Did you buy from them or had to use a re-seller? Of course, I'm not running nfsd on the FreeBSD boxes, they're just clients. If you can do this test in a 6.X box. Disconnect the 6.X client from the NFS (ie plug the cable off the switch/card).. try "umount -f " ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Urgent: Downgrading from 6.X to 5.X?
Chad Leigh -- Shire.Net LLC writes: I don't remember general complaints about nfs in the 6.x series here in the list. Checkt he stable list. :-) Locking issues on server during heavy load. Background fsck + NFSD locking issues Clients freeze if server goes away.. soft mount option doesn help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Urgent: Downgrading from 6.X to 5.X?
Chad Leigh -- Shire.Net LLC writes: How can I downgrade from 6.1 Stable to 5.5 Stable? Having all type of problems with NFS. Both with the server and the client. You might have more luck with 6.1-RELEASE Really? Were changes introduced to 6.1 Stable that made NFS less stable than 6.1 Release? Are you talking from experience? It would be significantly easier if going to 6.1 Release fixed the problems.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Urgent: Downgrading from 6.X to 5.X?
How can I downgrade from 6.1 Stable to 5.5 Stable? Having all type of problems with NFS. Both with the server and the client. From what I read on the stable list others are having simmilar problems, but don't see any mention of fixes. I need to downgrade a number of machines from 6.1 Stable to 5.5 stable What do I need to do? cvsup to 5.5 stable? On the archives I see mention of a delete flag to cvsup. Do I need to do one run with "cvsup -D" and then a regular pass? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Nikolas Britton writes: Dont get me wrong.. I can get approval to go SCSI since our machines need at least 1T+ (the storage machines) err.. should have say "can't get approval" to go SCSI.. We are using SATA. Why? 1TB and up is a SATA niche. Correct.. that is what we use. You can buy 3 SATA arrays for the price of 1 SCSI array Yup. SCSI drives are 3 to 5 times more expensive than SATA. Also... gigabit Ethernet is only 125MB/s (Max) and and a single SATA drive can easily transfer at 50MB/s*. But RAID can possibly do more than 125MB/sec if doing large sequential files.. When I last tested on a 100Mb switch vs a 1000Mb switch, the performance difference in our case (rsyncing data from Maildir) was around 25% to 30% as measured over a week. And this is mostly lots and lots of small files. That tells me that even with SATA we are able to go over the 100Mb limit. 8 Disks in RAID 10, with 2 hot spares. limiting factor is probably going to be your bus with arrays/GigE so SCSI is pointless unless you can take advantage of SCSI's TCQ with high random access I/O loads If we could afford it I still think SCSI would be usefull. It is not only about raw throughput, but how quickly you can get the data to the apps or to disk. Specially in a database or Maildir enviroment where there is lots of I/O going on. *I just tested this with two Maxtor SATA drives the other day: dd if=/dev/disk1 of=/dev/disk2 bs=4m. It dropped off to about 30MB/s at the end but my average read/write was just over 50MB/s. But that is mostly sequential work.. I think for sequential work SATA is definitely the way to go.. is when you get into the random I/O that supposedly SCSI outshines SATA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Marc G. Fournier writes: The other selling point for me on HP was the 2.5" SAS drives ... our new servers have 4x72G SAS drives in a 1U space, which means I can do RAID1+0 How do those drives perform? They are too small for where I work. :-( At least for our "storage" servers.. Are those 10K RPM? Other point is leasability ... from an accounting perspective, its better for me to lease servers Good point. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Marc G. Fournier writes: the problem is that none of the Tier 1 hardware manufacturer's support FreeBSD, and a growing number of places (ie. Adaptec / Intel) appear to be dropping support for it as well ... But companies like 3Ware and Areca are supporting it and from what I see on the lists, people are voting with their money in their favor. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Ted Mittelstaedt writes: You have no guarentee that any piece of hardware you buy will be supported on any future revision of FreeBSD, or even Windows for that matter. True. I have lots of Intel gear in my basement that was supported on various Windows versions in the past, which cannot run today's Windows. Your being unrealistic. I am aware of their test drives. What doesn't seem "realistic" to me is that a vendor that dedicates the resources to have a test drive environment will not say that FreeBSD is "unoficially supported". If they didn't have the test drive and they were completely uninvolved with FreeBSD I would have no issue. It is the fact that they are involved with FreeBSD yet when asked about it, they don't simply state what is.. it is not officially supported, but we have the test drive.. and we have people working it in some way shape or form. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Atom Powers writes: Yes. All the servers I'm installing this year will have SATA drives (and 3ware RAID controllers). The Western Digital Raptor drives are every bit as good as the SCSI drives I used to get. Perhaps as the ones you used to get, but not as good as you can get. Dont get me wrong.. I can get approval to go SCSI since our machines need at least 1T+ (the storage machines), but looking at the benchmarks at storagereview (http://storagereview.com) shows there is still a significant performance difference between SCSI and SATA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Marc G. Fournier writes: settled on HP Proliant servers . The problem with HP, as I see it, is that they "officially" do not support freebsd.. I even sent an email to ask.. and the categorically stated that it is not supported. I would not want to standarize on something which is not guaranted will work in the future with FreeBSD. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Marc G. Fournier writes: b. are ppl actually using/promoting SATA drives in a server environment? I think for a small company there is little choice if you need serious capacity on a budget. 300GB SATA.. in the $150 and lower 300GB 10K RPM SCSI $650 and up $500 difference per drive. 2U with 8 drives: 4,000 Difference. Not to mention you can get 750GB SATA drives cheaper than 300GB SCSI. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Are hardware vendors starting to bail on FreeBSD ... ?
Marc G. Fournier writes: So, my question above, and a public call to -core, or anyone else: What can we, as a community, due to improve this situation? How about buying from vendors that specifically support FreeBSD. http://freebsdsystems.com http://ixsystems.com and surely others. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Motherboards
Andrew Pantyukhin writes: Well, I've heard that Google builds their newest servers almost exclusively on Opteron/Supermicro. Any public reference to that? What was the source? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Motherboards
Andrew Pantyukhin writes: Supermicro are also very good, but IMO they come second after Tyan. Coming late, ok way late :-), into the thread, but someone was mentioning that Supermicro motherboards had issues with Opterons. Anyone has experienced/read/heard about this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to increase memory for an application?
While trying to do a quiery in the postgresql client got an error "out of memory for query result". After checking the postgresql list I got this reply "Process memory allowed to the client; this is not a server-side error." How would I crease the memory allowed to a specific program? I looked at /etc/login.conf and there I see: :datasize=unlimited:\ :stacksize=unlimited:\ :memorylocked=unlimited:\ :memoryuse=unlimited:\ :filesize=unlimited:\ Is this a kernel setting? Looking at top, it seems the psql client got to 512MB before it reported the error. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
b column in vmstat includes NFS?
The 'b' column of vmstat shows pending transactions that require disk I/O. Does that include NFS connections? Have a machine with very high numbers in that column, yet when I do top and select 'm' to show disk activity, the numbers in top are fairly small. Wondering if the issue is the communication with the NFS servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: terrible performance in 6.1beta4
Kris Kennaway writes: Well there you go then..you're trying to access a file that is larger than RAM, so naturally you won't be able to fit it all in RAM, and with 1GB less RAM in your system you'll spend much more time reading bits of it from disk and later throwing them away. Not to mention the old system has SCSI and the new one has SATA. The poster didn't mention, but if the SCSI are 10K rpm or 15K rpm and the SATA are 7,200 rpm.. the SATA disks don't stand a chance.. specially with less memory. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix inside a jail
Vaaf writes: I'm trying to get FreeBSD 4.11-RELEASE, postfix-2.1.6,1 and mysql-5.0.16 working. I have a couple of postfix setups inside jails. The one thing you have to watch for is that, as far as I can tell, there is no 127.0.0.1.. inside the jail so you need to configure your filters to listen on the jail IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT - Scalable email server solution needed
Bill Moran writes: One advantage of Maildir over mbox and the Cyrus db (that, for some reason, I seldom see touted) is that you can make a safe backup of a Maildir without shutting down the SMTP, POP, or IMAP server. For a small/simple setup I think Maildir is most definitely the way to go. From what I have seen so far working with Cyrus.. and from what I read... Cyrus scales far beyond what can be easily done with most Maildir format. With both mbox and the Cyrus mail system, you have to shut the mail system down to back up the mail boxes. Although that is true, using a database such as in Cyrus can in theory be a big speed booster. it! With both mbox and Cyrus, if you back up without stopping the server, and entire mailbox will be corrupted if the file holding it's mail is in use during backup and restoring will be difficult or impossible. Maildir can also get corrupted. :-( At least with Courier.. I have seen several folders go bad and Courier did not have enough functionality to easily find which folders had problems. Once you've chosen to use Maildir, you can choose which softwares you want to use to get mail into and out of your Maildirs. Agree 100% that this is one great appeal of using Maildir. The ability to easily switch different alternatives. I recommend PostgreSQL for the DB. Until I started to work for an email provider I had never used Mysql, having used PostgreSQL for many, many years.. I must say that after using Mysql... I became to appreciate even more PostgreSQL. Coming from database administrator background I felt completely at home with PostgreSQL. For the SMTP system I recommend Postfix. I find postfix to be easy to use, easy to learn.. and highly stable and scalable. Great mailing list too. For the POP/IMAP system, I recommend Dovecot. I've been using it since it was beta and it just works. Does it scale better than Courier? In particular I find Courier's footprint is about 3 to 5 MB per connection. A bit on the high side when one has hundreds of connections per machine. over NFS, you can even run multiple computers all off the same backend. I can attest to that. :-) PostgreSQL is a little more of a commitment, but it seems as if support for PostgreSQL is growing It's a good choice. :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT - Scalable email server solution needed
Duane Whitty writes: My appologies in advance for the OT post. This probably more appropriately belongs on ISP@ but there doesn't seem to be much traffic there. Although there isn't much traffic, people to read it, and so far the advice I have gotten from that list is pretty good. business. Right now I have Sendmail configured and I was about to install Courier-IMAP. My concern is future scalability. What volume are you looking to handle? How many users? I'm not sure sendmail is the right back-end MTA. I am more of a Postfix kind of person, but can't imagine that you would have a performance issue because of using sendmail. However you need to give details such as how many machines you plan to use, what configuration in the machines, how many users, how many domains.. and anything you can specify. I'm considering Exim or POSFIX. I personally find Postfix easy to use, learn and very stable. Is there anyone on the list who might be serving many business customers each with many users who would be willing to share their insights or opinions on this? Until you give more info about your volume it's hard to give you any good information. I find Postfix to be very scalable, easy to use and maintain. I find Courier to be easy to use and maintain, but not necessary easy to scale.. HOWEVER, I am talking about THOUSANDS of email accounts.. so unless you reply saying that you will have large volumes.. in the thousands, performance may be a non issue. The hardware you use will also have a significant impact.. the architecture (ie single machine vs multiple machines splitting functions such as MX, outboud mail, webmail, mail storage.. ) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: /usr/local/etc/rc.d not running for jail
Philip Hallstrom writes: Put the following into the jail's /etc/rc.conf: early_late_divider="NETWORKING" Thanks! That worked. That worked for me. My memory is this isn't a *real* solution, but that it does the trick (going off some posts I found on the issue when this happened to me) It seems there is some transition going on right now (or recently). In particular I found this thread: http://tinyurl.com/nnpwy Or the long URL. http://groups.google.com/group/mailing.freebsd.stable/browse_thread/thread/8 6d957ae29383cea/5cef8e6ce113963a?lnk=st&q=early_late_divider%3D%22NETWORKING %22&rnum=1&hl=en#5cef8e6ce113963a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
/usr/local/etc/rc.d not running for jail
I have a jail, running in FreeBSD 6, which starts sshd and syslogd, but doesn't start any of the programs from /usr/local/etc/rc.d All the appropriate variables are in /etc/rc.conf for the various programs (postfix, spamd, clamsmtp, freshclam). I am able to run the programs manually by going to /usr/local/rc.d and doing "./
Re: atacontrol status for 3ware?
Mike Tancsa writes: Sorry for the delay.. ever since my HD crashed last weekend.. have been having problems with my home courier-imap setup. :-( On Wed, 01 Mar 2006 22:40:32 -0500, in sentex.lists.freebsd.questions you wrote: How does one do "atacontrol status" for a 3ware card in FreeBSD 6? Why not use the cli tool that you can download from the 3ware website? That is the next step, but I was wondering if it was possible to get basic status info from atacontrol. I didnt think atacontrol ever worked with 3ware cards ? I guess I will have to ask on the 3ware support system what they meant when they once wrote to me saying that "3ware cards were fully intregrated into FreeBSD 6" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
atacontrol status for 3ware?
How does one do "atacontrol status" for a 3ware card in FreeBSD 6? Tried atacontrol status 0 (like in previous versions) atacontrol status twe0 atacontrol status twed0 I rebuild an array and saw the controller display messages at the start of the rebuild and it showed "twe0" as the name of the array. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Zombie jail?
I have a jail that after running /etc/rc.d/jail seems to stay around. jls 1 but if I do "pgrep -lfj 1" nothing is listed. I am able to enter the jail by "jexec 1 chs", but once inside it doesn't seem like anything is working. Is this basically a Zombie jail? ie an entry claiming there is a jail even though there isn't one? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: /etc/rc.d/jail can't stop jail
Thanks to Valerio daelli for pointing out that the names I had in my rc.conf needed to be changed to match the actual jail name. The jail now starts, however trying to kill it still doesn't work. There is no error and running /etc/rc.d/jail mail stop shows Stopping jails: mail12. However the jail remains. It seems all processes inside the jail die, but the jail remains. In particular I notice ssh dies. Anything needs to be run from within the jail before running /etc/rc.d/jail stop? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large imap server.
Bill Campbell writes: Thanks much for sharing the info This server is the primary NFS server with 2GB of RAM, with dual 3GhZ Pentium IVs. While not a truly low-end box, it probably cost about $1,500USD. Ok... so 1 NFS server. This system as one publically accessible MX server that handles all incoming messages 1 MX machine. These four boxes What are the other 2? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
/etc/rc.d/jail can't stop jail
Doing my first jail. I am able to start the jail manually using the jail command and using /etc/rc.d/jail start, however I am unable to stop the jail using /etc/rc.d jail. I get the error Stopping jails:cannot stop jail mail. No jail id in /var/run The name of the jail is "mail". I also tried entering the jail and killing it.. jexec 4 csh kill -KILL -1 That doesn't produce any errors. My /etc/rc.conf is: # jail specific settings for jail "mail" jail_one_rootdir="/data/jail/" jail_one_hostname="" jail_one_ip="" jail_one_exec="/bin/sh /etc/rc" jail_one_devfs_enable="YES" Any suggestions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large imap server.
Foo Ji-Haw writes: I'm not sure what's the peak traffic like, but we were using a standard P3 800Mhz server h/w w/ 1GB RAM, and SCSI drives. How many of those? Also is that your front-end (ie POP/IMAP) machine or your storage (NFS server) machine? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large imap server.
Foo Ji-Haw writes: Specifically my mail server combo was: FreeBSD 4.1 + Qmail + Courier IMAP + MySQL 3.22 How many clients did each front end machine handled? What was the hardware of the front-end machines? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large imap server.
Foo Ji-Haw writes: I've been using FreeBSD + courier IMAP + MySQL (for user authentication). It's hardly a load issue for more than 200,000 users, and that was years ago. Would you mind sharing some info on the setup? First time I read about a courier setup of that size. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large imap server.
Bill Campbell writes: Cyrus scaling? We currently user Courier and so far I am far from impressed with it's scalability. We have NFS servers for the storage and then front end machines for the POP/IMAP connections. The footprint per connection is about 3MB to 5MB on the client. On a machine with 2GB that means about 600 connections... but the machines usually are dying around 400 connections. Perhaps on one mongo server. I have read totally the opposity that the only way to scale a mail setup beyond 10s of thousands is with Cyrus .. or some other propietary system. Have note read of any truly large Courier installation. imap from a central server housing home directories, and have seen essentially linear performance as servers are added. How many connections can you handle per "front-end" machine? What type of configuration? I inheritted the setup I am working with and little by little we are building things "right".. including better mail store machines. Also as part of the initial question was which sysctl/kernel settings are usefull in dedicated mail clients/servers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Cacti (Was: Re: "Load Balancing": How Busy are the servers?)
Marc G. Fournier writes: You can setup "Graph Trees", so you can group Graphs together .. ie. all the CPU Usage graphs for all (or groups of) servers, so that you can compare them ... Great report. Have you seen anything yet about disk performance? That would be very usefull too... specially for people who use rsync. I have found that rsync can do significant amount of disk I/O with very little CPU utilization. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: "Load Balancing": How Busy are the servers?
Marc G. Fournier writes: I just installed cacti, which seems fairly useful for 'long term views' of how a server is doing Have not played with it, but have read good/favorable comments about it. I would be nice if you did a mini report of your early impressions later.. In particular I think it would be good to know how easy it is to setup and what it covers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: "Load Balancing": How Busy are the servers?
Marc G. Fournier writes: For all the technology, I was kinda hoping for some 'scientific formula' :) There are.. Now, I really hate to ask, but how do you use vmstat to get a feel for how busy the disk subsystem is? For me, reading "Absolute BSD" by Michael Lucas was very helpfull. In particular Chapter 18, System performance. The three columns I look at are for vmstat "r" and "b" on the left, and "fault". "r" shows how many processes are waiting for CPU, "b" shows how many processes are waiting for disk. The fault column(s) show how badly your system is accesing swap. Quick example: r b w 2 5 0 1 5 0 2 4 0 2 5 0 3 4 0 1 5 0 1 5 0 That's from my home machine as I am doing some backups. The machine at this point is more disk bound than CPU bound with 4 to 5 disk operations at any point in time waiting for disk access I am also falling behind in CPU, but not as bad. On the far right of vmsat you also have CPU stats.. in my case the vmstat from the above lines showed 70% to 90% iddle which confirmed I was disk bound at that point. The fault column show you how actively you are using swap. The lines above had between 30 and 200 approximately. If you look at swapinfo and you have a large amount of swap in use and then you see a high number in vmstat for fault, the machine is short on RAM for the load you have on it. So far in my experience nothing hurts a machine as badly as hitting swap (given that you have adequate CPU/disks). Once you start to hit swap heavily you need to do something (if you can...) such as moving services to another machine or putting in more memory. Instead of looking for fixed number I think that relative figures are more important.. like looking at your machines at their lowest usage and then at their busiest.. or at spikes.. If at slow times of activity the machines are already falling behind on "b", "r" on vmstat.. then that machine is overloaded. One possible quick way to start benchmarking your machines, until you can do something better is to capture snapshots of vmstat every 15 to 30 minutes and take a look.. perhaps even write a short script to summarize it. On my list of things to do.. is to do a simple setup of that nature.. just because it would be easy to setup and can provide very valuable information until you setup something more feature rich. "top" in 5.X branch and up is also very userfull. If you hit "m" it shows you disk processes so you can see what programs are doing the most I/O. One thing to watch out for in top when using 'm' is if you see all low numbers ( hit 'o' to sort and then type 'total').. is that you may have lots of programs doing little I/O, but their combined load is a problem for your disk subsystem like having 200+ IMAP connections. Each single IMAP connection may not be doing more than a handfull of transactions per second, but all of them combined can give a disk subsystem a pretty good workout. The load averages from 'w' are also good figures to do comparative tests. I started to wokr on a script (but needs more work) that dumps 'w' and 'vmstat' .. next have to work on parsing them and giving summaries. In particular one wants to know peak times.. since that is the best time to determine if the machine can handle it's load.. and more importantly spikes. If a machine is usually under 2.. and it spikes at 5+.. that machine is possibly able to do "normal" loads, but may not be able to handle spikes in traffic (ie a customer doing a mailing list, or a site just got press.. and there are a larger number than usual of people going to their URL). I still thinkg I have MUCH, MUCH to learn.. but I would be glad to expand on anything mentioned above.. or anything else. Ultimately each machine/company is unique enough that absolute numbers from other people (ie what is a good value for 'r' and 'b' to be around most of the time) may be less important than learning what are the different figures for your different machines under "normal" operation. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: "Load Balancing": How Busy are the servers?
Marc G. Fournier writes: 1. What variables on a server should be monitored to determine how busy a server is? I am a fairly new sysadmin.. who inheritted nearly 20 machines, so take my comments with a gain of salt. Before that the most I ever had was 7, mostly DB, FreeBSD machines :-) .. and.. Hi Marc. :) I think it comes down to primarily 3 factors * RAM * CPU * DISK If you are hitting Swap, you are either running too many programs/services or too many users. Same for CPU Disk are different in that the same number of disks can perform different based on what raid controller and what type of RAID. I use top and load average to determine if a machine is up to capacity in memory/cpu. I use vmstat to determine if the disk subsystem is falling behind. BIG NOTE: The one thing that I have yet to really pay much attention is the network performance. Fortunately we just hired someone who has significantly more experience on that area. :-) 2. Are there any tools that I can run to give me a point in time "summary" of how busy a server is based on these several factors? I think there are lots of tools. Some vary from SNMP capture/graphing, to custom made tools done in-house. I think it's a combination of how difficult it is to setup vs what you need to monitor. At work we are just starting to roll out an SNMP tool. The new hire is leading the effort so I am not very familiar with the setups.. the one thing I see so far is that ultimately, there usually are things that one needs to monitor that is unique to your organization and you need to either integrate a program into the tool or do your own independant monitoring of that particular resource. I think the ISP list may be a good resource since the needs of the average user are different from ISPs/companies with numerous machines. Basically, I'd like to keep track of multiple servers and be able to say "this server is running >75% of capacity, time to upgrade or move things off of it" ... if its possible ... ? In my opinion, for the most part, the answer is yes. The problem is usually how long it's going to take you to setup the environment to monitor the servers. The program we went with was chosen because the new hire was familiar with it, but a search on the archives for "monitoring tools" will give you a long list of programs and opinions of which are easier. If I had the time, I think I would likely write my own tool. This way I will be able to measure exactly what I want. Right now I thik we will cover most basics with the tool we are going with, but will need to still do our own custom apps to monitor a number of resources and metrics. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Script in /usr/local/etc/rc.d doesn't run
I have one script in /usr/local/etc/rc.d that doesn't run. Any ideas why? It is marked as executable ls -l /usr/local/etc/rc.d/ -r-xr-xr-x 1 root wheel 441B Dec 30 20:36 start-program.sh The script is just: #!/bin/sh log="/var/log/program.log" echo ->>$log /bin/date >>$log echo Entering program.sh >>$log case "$1" in start) echo Starting program echo = >>$log echo Starting program >>$log /home/root/bin/archivec.pl >> $log echo beyond program call >> $log ;; stop) echo No Stopping procedure yet ;; *) echo Need parameter echo Valid parameter: start ;; esac A couple of times the log was written to.. although the script was not run.. but afterwards not even the log was changed.. as if the program did not get run at all. Any ideas? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to build package without installing it?
What parameter(s) one needs to use to make a package without installing it? I have some ports I installed on one machine and want to make packages to install in others. The default "make package" tries to install. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Bootloader Freezes with timer. Ok if press enter
My first 6.0 machine destined for production (not to worry.. will test thoroughly before it goes live ;-) and it freezes on the initial boot screen. If I press enter right away upon the boot menu appearing the machine boots fine. However, if I let the countdown start it freezes when there are either 8 or 7 seconds remaining (every single time). Any suggestions? This was after making the machine stable as of 12-4. Not sure if the problem existed from 6.0 Release on this machine since I usually press enter on the boot menu right away. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading to pgsql 8.1 via ports
Pat Maddox writes: Should I use postgresql81-server now instead? Yes. What do I need to do in order to upgrade my system to use pgsql 8.1? I believe you need to go a pg_dumpall all to copy data. Also keep a copy of your postgresql.conf and pg_hba.conf If you don't have any dependencies on the postgresql ports you can pg_dumpall, delete porst, install new ones. If you have dependencies you need to use portupgrade or something like it. As another poster suggested if using portupgrade you will need to use the "-o" flag. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: MX freebsd
dick hoogendijk writes: Any idea how long it takes until the MX freebsd mailservers know that my mail relay has changed? It's three days ago now that I changed my MX records and still mail for nagual.st is routed to my old mx mailservers. dig nagual.st mx ;;; QUESTION SECTION: ;nagual.st. IN MX ;; ANSWER SECTION: nagual.st. 86400 IN MX 10 mx1.mailhop.org. nagual.st. 86400 IN MX 20 mx2.mailhop.org. bc 86400/3600 24 Should only take a day based on the results above. The command to see your XM settings is dig mx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How do I chroot rsync like I chroot ftp ?
On Thu, 10 Nov 2005, user wrote: scponly is another restricted shell like rssh. It is under more active development, and seems to have more features. It's in the ports tree under shells. I was looking for it under security. Will try it this weekend.. Have you tried it yet? I am also leaning towards scponly because it supports both rsync and unison. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OpenAFS for FreeBSD...
Jack T wrote: RE:Performance, it seems to perform fine enough for me. YMMV. How many machines do you have connected using it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Backing up postgresql data
Pat Maddox wrote: I've got postgresql 8 running on my system, and want to do nightly backups of the database. I recommend 1- Nightly dumpall 2- More frequent backup of databases that change often. You can setup a script like: #!/bin/sh PGUSER= PGPASSWORD= export PGUSER export PGPASSWORD /usr/local/bin/pg_dumpall |/usr/bin/bzip2 -c > Of course you can change it to a "sh" script. :-) For the single DB ones you can use #!/bin/sh PGUSER= PGPASSWORD= export PGUSER export PGPASSWORD cd echo Dumping database to BACKUP directory pg_dump > db.sql echo Making tar file tar -cyvf `date "+%Y%m%d"`-db.tbz db.sql Hope that helps. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OpenAFS for FreeBSD...
Jack T wrote: On 10/23/05, Jack T <[EMAIL PROTECTED]> wrote: It's broken only for the reason that it overwrites files from security/heimdal. Otherwise, I believe it works just fine on FreeBSD 5.4. Is this something that needs to be fixed in the port? How stable is it? How about performance? I have been looking into AFS and Arla sounds interesting. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: possible breakin attempt?
dawnshade wrote: On Tuesday 18 October 2005 21:19, Anthony Philipp wrote: see man ssd_config for directive UseDNS or just block tcp/22 from not trusted hosts. Another helpfull thing to do is to limit what users can connect through SSH using the AllowUsers directive. In your /etc/sshd_config you put a line like AllowUsers You will need to restart sshd after making the change. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Basic FreeBSD firewall and patching questions.
Daniel Pittman wrote: It looks to me like either ipf or ipfilter are equally good, and have about the same capabilities, While you are getting started and to test rules you could use /etc/hosts.allow also. You may already be familiar with it from other OSs.. We use to keep a list of what IPs can ssh into our machines. Biggest drawback.. only works with apps that support it. I have, at the moment, 5.4-RELEASE #0 according to uname. I suspect that means the very first release of 5.4, correct? In which case, I need to update the FreeBSD core. You want to use cvsup to update the source. So: how can I bring this up to the latest stable release in the 5.4 series? My advice is to get cvsup installed, get latest source, recompile all. Specially now that you are not in production. Should have all the info, but whatever aspects are not clear you can ask here in the list. Once that is done, is there any equivalent to the 'portaudit' tool to check the system and warn me if there are outstanding changes on the release branch? There are several audit tools in the ports. I am not familiar with any, but until you find one you like you can use mtree. Also for machines that you have physical access to or have remote kvm you could also look at the security profiles. Basically you can set rights such that a number of changes can only be done in single user mode. I have never used it, but I think it could possibly help to make a machine more tamper resistant. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: If I want to hook FreeBSD to a SAN ...
Marc G. Fournier wrote: Pointers to any web pages that are good for this sort of thing, especially as concerns FreeBSD, would be greatly appreciated ... Not sure if is along the lines of what you need, but but a few years back I found a company that allowed multiple machines to connec to a box and all the machines would just see it as a SCSI device. You would allocate how much space each attached machine could see. What are you looking for? Share space amongst many machines? Likely a box that supports NFS. Have a single device where to store all the data, but not necessarily share data amongst machines? What I describe above may be a good choice. Also wouldn't a big raid connected to a FreeBSD machine do the trick? Would safe you lots of money. Anything that has the letters "SAN", "NAS" has a premiun. Also are you looking for SAN or NAS My understanding of those... SAN - multiple machines attached to a device. The device just appears as a disk. No info sharing. NAS - multiple machines see a device and can share information. The device supports different communication methods such as NFS, SMB, etc.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RAED_DMA timed out crap
On Sun, 7 Aug 2005, kalin mintchev wrote: can i just hook up a laptop hdd in a desktop machine? No. Another poster sent you comments on that. You need to get a Kit. Should not cost much though. Basically some mounting brackets and a cable... although for your case probably just the cable and you can do the work with the case open and the drive on the side. May also need some type of power convertor. I have never done it, but I am aware there are kits for it... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RAED_DMA timed out crap
On Sun, 7 Aug 2005, kalin mintchev wrote: yea.. that was my thought too but it's only one drive and i can't get it to boot all the way. and it's a laptop. is there a way to mount remotely a laptop hdd? Other than mounting the drive on another machine to see how much you can read, not much else I can suggest. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
(Solved) SSH not working for particular user
For the archives. Found the problem the rights for the .ssh directory were wrong. They need to be "700". Given that I used adduser to create that account I think umask or something else for the root user may be wrong or perhaps the adduser script. The other point worth mentioning for anyone having a simmilar problem (ie some IDs connect, but others don't) is a file /etc/login.access. Settings in that file may allow some users to connect, but not others. Obviously by the same token /etc/login.conf could also be an issue, but a less common one (ie the user has some type of time restriction). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH not working for particular user
On Sat, 6 Aug 2005, The WRS wrote: Hmm, are the password fields in /etc/master.passwd using the same hash type? They should ALL either start with $1 - md5 $2 - blowfish They are all the same $1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fw: DNS caching: Squid, BIND or anything else?
On Fri, 5 Aug 2005, B. Bonev wrote: I think that Squid have a internal DNS server. Now, as understand I must have configure Squid for HTTP req, and BIND or another DNS cache server for DNS req... As others have mentioned perhaps you are missunderstanding what those programs do. It will help if you tell us what you are trying to do. A mini review of the tools in question DNS server Answers DNS requests Squid and other proxies Caches data Let's say you have 3 users in a network and they all use common sites such as bsdnes.com or slashdot. A caching DNS server will cache the IP for the site. Nothing else. Bandwith/time saved.. minimal. A caching proxy like Squid will cache content (The actual pages) so there will be time/bandwith savings because only one user will have to actually wait to go to the actual site while the rest will get the data from the proxy cache. The more users using the same sites the better performance gains you will see from a proxy. For a single user there may be savings, but I think not as much. There are benchmarks out there that you could search, but the general rule is that the benefits of the cache are greater as the number of people using the same site increase. Hope that helps clarify a bit. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH not working for particular user
On Sat, 6 Aug 2005, The WRS wrote: Thanks for the feedback Check /var/log/auth.log and perhaps sshd[28883]: error: PAM: authentication error for fran from /var/log/messages for hints on why Same error on that file. /etc/hosts.allow may be the culprit The machines were setup with hosts.allow, but I am connecting from the same machine using a different user. Perhaps the uid in question has an invalid shell? That doesn't seem to be the problem either. From the user I was able to login I did su to my ID and that worked. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SSH not working for particular user
Besides the AllowUsers parameter in sshd_config is there is anything else that would allow certain users, but not others to ssh to a machine? Have a machine that one id can connect to, but not a second one.. I "inherited" the setup (about 20 machines) so don't know yet what setups each machine has yet. Have an ID I was given to login, but now going to each machine to create my own ID. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Dead disk? READ_DMA Failure
On Mon, 1 Aug 2005, [ISO-8859-1] Erik N??rgaard wrote: In my case I added to /usr/local/etc/rc.d a script with /sbin/atacontrol mode 1 udma66 pio4 Basically slowing down the channel to the drive.. the pio4 is for the CDrom and that was it's normal speed. Thanks! Well, I wish that I had known that before I tried reinstalling the system. If the problem is either a dying IDE drive or what I mention above re-installing won't help, so you still need to see what's going on. In my case I was getting the errors daily so it was easy to see if the slowdown helped.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Requires 'gettext-0.14.1', but 'gettext-0.14.5' is installed
Doing a set of packages so when building new machines can do the whole ports installations through packages. When I did pkg_add mc-4.6.0_15 got the warning requires 'gettext-0.14.1', but 'gettext-0.14.5' is installed Is it safe to ignore these type of errors? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fixed (Cron fails. Error in /var/log/maillog: No recipient)
On Wed, 29 Jun 2005, Francisco Reyes wrote: For the archives. Problem was crontab failing. first thing I noticed was postfix/sendmail[36590]: fatal: No recipient addresses found in message header In /var/log/maillog Then someone suggested to look at /var/log/cron There I saw errors like NSSWITCH(nss_method_lookup): nis, passwd_compat, endpwent, not found Some digging and found that if one takes off NIS from the system one needs to change /etc/nsswitch.conf to group: files hosts: files dns networks: files passwd: files shells: files That solved the problem. However, I find it very interesting that cron fails if it can not send out an email. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Cron fails. Error in /var/log/maillog: No recipient
Have a crontab 14 22 * * * /usr/home/hank/bin/tozoraida.sh which is not running When I try to research it the only thing I see is an error in maillog postfix/sendmail[36590]: fatal: No recipient addresses found in message header Have setup crontab on several other machines and never had any problems. Could this be a postfix setup error? Archives came up empty. Tried putting in crontab MAILTO=hank but did not help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: When does swap decreases
On Mon, 20 Jun 2005, Dan Nelson wrote: In the last episode (Jun 20), Francisco Reyes said: How wonder how the current method affects performance. Basically if there is a surge of memory usage and processes start that use the swap and these processes are long lived.. I wonder if performance will be affected. There may even be a performance gain, since if the system comes under memory pressure again, some of the in-memory pages of those long-lived processes previously copied to swap may still be clean, and the system won't even have to page them out; it can simply free the RAM. I can't think of any way for there to be a performance hit, unless you actually run out of swap. I must really be missing something here.. My case. 384MB of RAM For several days swap was 0. That to me means that everything was fitting nicely into memory. At one point in the last few days I must have opened too many windows/apps.. and the OS actually had to use swap. Once I closed programs (xpecially X, Opera, and other GUI apps) I expected the swap would go back to 0. Swap remained at 10MB.. Whatever processes are using the swap aren't they accessing the HD? Can there be swap usage, yet the OS doing all the work on memory? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: When does swap decreases
On Mon, 20 Jun 2005, Dan Nelson wrote: When the system is low on memory, it will force the least used blocks of memory to swap. It will not free the swap space until the process owning them exits Have not found any program to see what programs are using the swap, but as I think about it, the current method is not very "smart". I guess any other method is difficult to implement. How wonder how the current method affects performance. Basically if there is a surge of memory usage and processes start that use the swap and these processes are long lived.. I wonder if performance will be affected. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: When does swap decreases
On Mon, 20 Jun 2005, K. Greenwood wrote: Perhaps /sysutils/lsof? Desc. as follows. Checked both lsof and fstat. Neither lists programs that are using the swap. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: When does swap decreases
On Mon, 20 Jun 2005, Dan Nelson wrote: When the system is low on memory, it will force the least used blocks of memory to swap. It will not free the swap space until the process owning them exits (even if it pages that memory back into RAM), so at some point the system paged out 30MB of memory, some processes exited and freed up 20MB, and you probably have some long-lived processes that account for that remaining 10MB. Makes sense. Any way to find out which process is using the swap? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
When does swap decreases
My swap used to be 30MB+ I increased from 256MB to 384MB. For several days swap usage was zero. Then I saw it increase to a few hundred Kbs.. and now it's up to 10MB. I am wondering if it's because swap is not going down or there is now that many more programs running (which I doubt). Before the memory upgrade the swap was very steady at 30MB so after a 128MB memory increase I am a little surprised my swap seems to be staying around 10MB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for files older than n number of days?
On Mon, 6 Jun 2005, Dan Nelson wrote: OPERATORS The primaries may be combined using the following operators. The operators are listed in order of decreasing precedence. [...] expression -and expression expression expression The -and operator is the logical AND operator. As it is implied by the juxtaposition of two expressions it does not have to be specified. The expression evaluates to true if both expressions are true. The second expression is not evaluated if the first expression is false. Does that mean that "-ls" always evaluates to false? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for files older than n number of days?
On Mon, 6 Jun 2005, Jerry McAllister wrote: find . -mtime -5d -ls Shows correctly files modified less than 5 days old. in the wrong place - you can get all files in the system printed or none rather than just what you want. Possibly the man page needs to be updated to make the effect of parameter order clear. And that would probably be simpler too than changing the code too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for files older than n number of days?
On Sun, 5 Jun 2005, Dan Nelson wrote: I ran it on a directory and was surprised to find that both -5 AND +5 listed a file from February. :-( -5 definitely should not, and doesn't on my system. It should be interpreted as "less than 5 days from midnight tonight". I think I found a bug in find. If you add the '-ls' parameter before the -mtime it ignores mtime. Example: find . -ls -mtime -5d Shows all files in directory. find . -mtime -5d -ls Shows correctly files modified less than 5 days old. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for files older than n number of days?
On Sun, 5 Jun 2005, Dan Nelson wrote: "find . -mtime +5" , or "find . -mtime +5d", depending on whether you want 5 days as of the next midnight, or 5 days as of when find was started. How do those flags work? +5 = changed during last five days? -5 = newer than five days? I ran it on a directory and was surprised to find that both -5 AND +5 listed a file from February. :-( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Looking for files older than n number of days?
On Sun, 5 Jun 2005, Paul Schmehl wrote: Use negation. find ! -n 10 blah Could not get it to work with anything like that syntax. For starters I don't see "-n". I see newer but that seems to compare to another file.. Is this something you have done in the past? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Looking for files older than n number of days?
Looking at the man page for find I see several ways to look for files exactly N days old or newer than N days, but did not see a flag for files older than N number of days.. like files older than 90 days... Did I miss it? I actually have a perl script I wrote a while back but was wondering if find had any flag I missed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: securing SSH, FBSD systems
On Fri, 3 Jun 2005, fbsd_user wrote: I am running ipfilter firewall and I ran test to see who gets access to the packet first (IE: firewall or route command). Normally I have inbound FTP port 21 denied in my firewall. I changed that rule to allow and log so I could see all the packets flow through. I had buddy run FTP to my server over public internet. Pass-1. log shows passive ftp access to my server from public internet. Pass-2. First I issued route blackhole command on ip address of friends system. Then had friend run same FTP access request to my server. This time firewall log still shows inbound packet on port 21 passing in and out but friends FTP session says connection error. Pass-3. did route delete for ip address and had test rerun and ftp worked like expected. Conclusion. The route blackhole command gets control after being allowed through firewall. Since IPFW and PF access the packet the same way IPFilter does this hold true for all of them. This short answer is I don't know but it's possible it's the same. The use of the route blankhole command is a specific solution for circumstances where the stand public port number can not be changed to some port number so it's not attacked. I now understand why it's a perfect workaround for your ssh attack problem. Based on the feedback I got the route command uses a non linear type of database where as IPFW is just a linear list. My list of IPs to blackhole is around 400 and growing. That's why in my case I continue to use route/blackholing. PS. I have been using the abuse-reporting-scripts to report this kind of stuff to the ISP who owns the attackers IP address. This has resulted in many ISP's terminating the attackers account. You can download the abuse-reporting-scripts from http://www.unixguide.net/freebsd/fbsd_installguide/index.php Thanks for the link. Didn't know about those, however I often check the IP of the attacker to see where in the world they are coming from and a large number of IPs are coming from china. Not sure how responsive the ISPs there will be. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: securing SSH, FBSD systems
On Mon, 23 May 2005, fbsd_user wrote: These manual routes are stored in memory. Can you tell how much memory is used by your 300+ list? I don't know, but it probably is comparable to what it would take to put them in the firewall rules. Is there some command to display these user added route list? netstat -nr|grep 127 Is the a single IP address or can you say 62.0.0.0/8? The way I use it is a single IP, but a quick read of the man page it seems you can also indicate blocks. Man route and search for the phrase "For example" Also see my other poston this thread. In particular the URL to the small scripts I use. They could use lots of improvement, but they may be a good start for someone interested in automating the process. I believe there are also programs which can monitor the logs and automatically perform actions, but those are likely harder to learn and setup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: securing SSH, FBSD systems
On Mon, 23 May 2005, Tony Shadwick wrote: Is there an effective way to manage that list? I mean, it seems to me that you'd be adding mass routes to /etc/rc.conf. How are you going about this. See http://public.natserv.net/blackholing.tar.bz2 I put a shell script, an awk file and a mini readme. Otherwise, it sounds like very good advice. It is not without it's problems... In particular one needs to clean the sshd.log file every time one runs the program. I may improve it later. Of course, I tend to manage a hardware firewall in front of any of my machines, so the blackholing should really occur there. That would be one possible place. I wonder if that technique works under Linux as well? Don't know. If you have access to a Linux box you could man route and see. It possibly could exist there too. manage reading my firewall rules. ;) I found it got too messy to read firewall rules when I had blackholing there too. Also the feedback I got was that firewall rule was a flat list, while the route system used some type of tree. In all honesty my machine has so little traffic that I doubt either way would be much of an issue. I just found it simpler to manage having the blackholing outside the firewall rules. That way the firewall rules are "generic" to ports and few IPs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: securing SSH, FBSD systems
On Sun, 22 May 2005, Chris wrote: 5. (and my favorite) If running IPFW, use something like this if you don't need ssh open to the whole of the internet. narrow it down to a range of IP's you need. 6. Don't use passwords at all, but use keys. Not always possible though, but possibly one of the better methods. I personally use a combo 1- Use an AllowUsers clause 2- Every time I see script kiddies I black hole their IPs. I black hole them not only because of ssh, but because, just as they tried to attack ssh the same IPs may try other attacks. I try and stay up to date in patches, but it can not hurt to block known compromised/hacker machines. The IPs can be listed either in the firewall or using route add -host 127.0.0.1 -blackhole I was told that this method of blackholing was more efficient when using a long list of IPs becaues IPFW looks at a linear list while the route list was some sort of tree which is more efficient to search. Over time.. my list of blackholed IPs is 300+ and growing. Every week I add anywhere from 2 to 10 new IPs. :-( Besides ssh I also look for machines trying to attack the web server.. ie a machine looking for files in c:\winnt or any other window directory is a sure sign of a compromised wmachine ith a virus/worm trying to infect more machines. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: downloading entire directories
On Fri, 20 May 2005, Tony Shadwick wrote: There are two ways you could do this. The first is like so: I believe there may be a third way. Have not done it in a while, but some FTP servers allow you to specify a tar file from a directory. To be honest I don't recall syntax, but it was something like "get dirname.tar" and the FTP server would know to prepare a tar of the entire directory. Don't know which server(s) suppor(ed) this feature though. Long run something like rsync or unison are better options though. Although I think scp can download multiple files, but I don't know if it recurses. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
