Re: Update /usr/src with subversion
On 8/5/13, David Noel wrote: > Thanks, guys! > > On 8/5/13, Matthew Seaman wrote: >> On 05/08/2013 14:22, Warren Block wrote: >>>> Your solution looks a bit cleaner than the one proposed there: "rm -r >>>> /usr/src/.svn, and then check out the new branch". >>>> >>>> I'll check out the man for svn switch. >>> >>> The new form is just 'svn relocate': >>> http://forums.freebsd.org/showpost.php?p=224243&postcount=5 >> >> Just to be clear: >> >> 'svn relocate' is the new form for 'svn switch --relocate', used to >>change the servers or the protocol (or both) used to access the >>repository. >> >> 'svn switch' (without the --relocate argument) is still valid and is >>used to switch between branches within the repo. >> >> It's just 'svn switch --relocate' which is deprecated. Ooops. Top-posted. I always forget. Does anyone know how to change the default "reply" behavior of gmail? Last I searched the only way to do it was with a greasemonkey script... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Update /usr/src with subversion
Thanks, guys! On 8/5/13, Matthew Seaman wrote: > On 05/08/2013 14:22, Warren Block wrote: >>> Your solution looks a bit cleaner than the one proposed there: "rm -r >>> /usr/src/.svn, and then check out the new branch". >>> >>> I'll check out the man for svn switch. >> >> The new form is just 'svn relocate': >> http://forums.freebsd.org/showpost.php?p=224243&postcount=5 > > Just to be clear: > > 'svn relocate' is the new form for 'svn switch --relocate', used to >change the servers or the protocol (or both) used to access the >repository. > > 'svn switch' (without the --relocate argument) is still valid and is >used to switch between branches within the repo. > > It's just 'svn switch --relocate' which is deprecated. > > Cheers, > > Matthew > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Update /usr/src with subversion
Ok great, thanks Matthew. I tried a different search query and actually found a similar question on the forums: http://forums.freebsd.org/showthread.php?t=35014 Your solution looks a bit cleaner than the one proposed there: "rm -r /usr/src/.svn, and then check out the new branch". I'll check out the man for svn switch. Thanks again, -David On 8/5/13, Matthew Seaman wrote: > On 05/08/2013 09:00, David Noel wrote: >> Does anyone know how a workaround for having to rm -rf /usr/src every >> time the source URL changes? I'm updating from 8.3 to 8.4 with >> subversion and got a message along the lines of "Error: /usr/src/ >> contains files from a different URL". -David > > You need 'svn switch' -- so, if you've got some other branch checked > out, and you want to have 8.4-RELEASE instead, then it's something like: > ># svn switch ^/base/releng/8.4 > > This will speedily change your checked out tree with minimal network IO. > > You can also use 'svn switch --relocate' to change which svn servers you > have the tree checked out from or the protocol (svn://, https:// etc) > used. See the output of 'svn help switch' for details. > > Cheers, > > Matthew > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Update /usr/src with subversion
Does anyone know how a workaround for having to rm -rf /usr/src every time the source URL changes? I'm updating from 8.3 to 8.4 with subversion and got a message along the lines of "Error: /usr/src/ contains files from a different URL". -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
Ok folks, thanks again for all the help. Using the feedback I submitted a PR (#180894) -- http://www.freebsd.org/cgi/query-pr.cgi?pr=180894. I also submitted a follow-up to it with Frank's code and notes. What next? I don't really know what happens from here, but I'm guessing/hoping that someone's monitoring the PR system and will move this forward. Crossing my fingers, though if anyone knows any better methods of getting PR's addressed I'm all ears. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
> I was going to raise an issue when the discussion had died down to a
> concensus. I also don't think it's reasonable for the kernel to bomb
> when it encounters corruption on a disk.
>
> If you want to patch it yourself, edit sys/ufs/ufs/ufs_vnops.c at around
> line 2791 change:
>
> if (dp->i_effnlink < 3)
> panic("ufs_dirrem: Bad link count %d on parent",
> dp->i_effnlink);
>
> To
>
> if (dp->i_effnlink < 3) {
> error = EINVAL;
> goto out;
> }
>
> The ufs_link() call has a similar issue.
>
> I can't see why my mod will break anything, but there's always
> unintended consequences. By returning invalid argument, any code above
> it should already be handling that condition although the user will be
> scratching their head wondering what's wrong with it. Returning ENOENT
> or EACCES or ENOTDIR may be better ("No such directory", "Access denied"
> or "Not a valid directory").
>
> The trouble is that it's tricky to test properly without finding a good
> way to corrupt the link count :-)
>
> Regards, Frank.
Cool. Thanks for the patch!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
> So the system panics in ufs_rmdir(). Maybe the filesystem is > corrupt? Have you tried to fsck(8) it manually? fsck worked, though I had to boot from a USB image because I couldn't get into single user.. for some odd reason. > Even if the filesystem is corrupt, ufs_rmdir() shouldn't > panic(), IMHO, but fail gracefully. Hmmm... Yeah, I was pretty surprised. I think I tried it like 3 times to be sure... and yeah, each time... kaboom! Who'd have thought. Do I just post this to the mailing list and hope some benevolent developer stumbles upon it and takes it upon him/herself to "fix" this, or where do I find the FreeBSD Suggestion Box? I guess I should file a Problem Report and see what happens from there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
> You may want to look into running fsck(8) and its myriad of options fsck did the trick > Also make sure you have soft updates enabled on your filesystem and > preferably journaled soft updates ..pretty sure I do but I'll double check, thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
> I'm taking a guess here - the effective link count when it came to > removing the parent directory was only two and it should have been three > or more. This gets sanity checked this before proceeding, and panics if > it is not. Why an effective link count of three? We're talking about the > parent of the directory you're trying to zap, right? There's the link to > the directory from its parent, and the '.' link and the ".." link from > the directory you're trying to remove. There may be more if it contains > other directories, but there can't be less. > > Anyway - if you only had a link count of just two effective links at the > start of the delete process it suggests that the link count was messed > up - either a link never existed or its count was wrong. Should the > kernel panic? Well it's a situation that can never happen - it could > simply remove the directory and pretend everything was okay but guess > it was decided it was likely to be a symptom of impending disaster. > Other anomalies return an error. > > In over ten years with FreeBSD systems I can't say I've ever seen this > "cannot happen" situation arise. I'd guess you had an interrupted (by > power failure) inode operation at some time which caused the corruption. > removing a directory is a PITA as it can lead to a race - a context swap > could create a file it it mid-way through the process. > > Regards, Frank. Interesting. Thanks for the analysis. I'm not a systems guy (Java, mostly), so I don't really have the context to make much sense of kgdb output. What you're saying though makes sense and sounds about right -- it's a laptop and I've inadvertently run the battery down to nothing a few times in the past. All the same, it was a very strange experience. I would not have expected a kernel panic from a simple rm -rf! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
> Post the stack trace of the core and maybe someone can help you. panic: ufs_dirrem: Bad link count 2 on parent cpuid = 0 KDB: stack backtrace: #0 0x808680fe at kdb_backtrace+0x5e #1 0x80832cb7 at panic+0x187 #2 0x80a700e3 at ufs_rmdir+0x1c3 #3 0x80b7d484 at VOP_RMDIR_APV+0x34 #4 0x808ca32a at kern_rmdirat+0x21a #5 0x80b17cf0 at amd64_syscall+0x450 #6 0x80b03427 at Xfast_syscall+0xf7 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Delete a directory, crash the system
Yes On 7/27/13, Fernando Apesteguía wrote: > El 27/07/2013 13:49, "David Noel" escribió: >> >> I had a strange experience on my laptop yesterday. I was deleting a >> directory and the system crashed. It spat out a message along the >> lines of "ufs_dirrem bad link count 2 on parent". I thought it was so >> strange I repeated the process several times, and each time it >> crashed. Is this behavior EXPECTED? I can't for the life of me think >> of a time or operating system I've run where I've ever had a system >> crash on me from doing something as basic as deleting a file. Anyway I >> couldn't boot into single user for some reason so I booted from a USB >> image, ran fsck, and then everything was fine. > > Was it a kernel crash? Did you get a core? > >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Delete a directory, crash the system
I had a strange experience on my laptop yesterday. I was deleting a directory and the system crashed. It spat out a message along the lines of "ufs_dirrem bad link count 2 on parent". I thought it was so strange I repeated the process several times, and each time it crashed. Is this behavior EXPECTED? I can't for the life of me think of a time or operating system I've run where I've ever had a system crash on me from doing something as basic as deleting a file. Anyway I couldn't boot into single user for some reason so I booted from a USB image, ran fsck, and then everything was fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [Bulk] FreeBSD upgrade woes (8.3 -> 8.4)
> It's possible. But again, I've been using -j >1 for years on a variety > of processors, mostly Intel, without problems. That's with buildworld > and kernel (which is buildkernel plus installkernel), but not with > installworld. > > Are you using clang instead of gcc? That could be very different. These are Intel's too. I'm using the default compiler for 8.4. I believe that's gcc? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [Bulk] FreeBSD upgrade woes (8.3 -> 8.4)
> Perhaps make buildkernel was compiled with -j >1, it's known to create a > buggy kernel. Check your make configuration. Adding a -B, like make -B -j N > buildkernel may work and is fast if -j is set to number or processors, but > it's safer do a make -j 1 buildkernel, same for buildworld. I replaced the kernel with the one on the 8.4 memstick and it booted just fine. I then built and installed a kernel without using the j flag to test Eduardo's theory. It booted without problem. Maybe there's something to this -j >1 causing buggy kernels rumor. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [Bulk] FreeBSD upgrade woes (8.3 -> 8.4)
On 7/11/13, Mark Felder wrote: > On Thu, 11 Jul 2013 05:00:39 -0500, Eduardo Morras > wrote: > >> Perhaps make buildkernel was compiled with -j >1, it's known to create a >> >> buggy kernel. > > This is not true to my knowledge. If buildkernel produced bad kernels with > > -j>1 we'd not allow you to do that without jumping through hoops. > If this is the case replacing the kernel should have no effect. But what then? Any thoughts? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [Bulk] FreeBSD upgrade woes (8.3 -> 8.4)
Ah. That very well might be it. I did call buildkernel with j > 1. I'll boot an 8.4 memstick and replace the kernel. Thanks, -David On 7/11/13, Eduardo Morras wrote: > On Thu, 11 Jul 2013 04:40:38 -0500 > David Noel wrote: >> >> I didn't include the make buildworld or make buildkernel for the sake >> of brevity but yes, I executed them prior to installworld and >> installkernel. > > Perhaps make buildkernel was compiled with -j >1, it's known to create a > buggy kernel. Check your make configuration. Adding a -B, like make -B -j N > buildkernel may work and is fast if -j is set to number or processors, but > it's safer do a make -j 1 buildkernel, same for buildworld. > > HTH > > --- --- > Eduardo Morras > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [Bulk] FreeBSD upgrade woes (8.3 -> 8.4)
On 7/11/13, Alexandre wrote: > On Thu, Jul 11, 2013 at 11:04 AM, David Noel > wrote: > >> I have 4 servers I'm upgrading from 8.3 to 8.4. Two of them went >> without a hitch, two of them blew up in my face. The only difference >> between the two is the ones that worked have a 2-disk ZFS mirror and >> the ones that didn't have a 4-disk ZFS striped mirror configuration >> (RAID10). They both use the GPT. >> >> After installworld && installkernel they made it through boot, but >> right before the login prompt I'm getting a panic and stack dump. The >> backtrace looks something like this (roughly): >> >> 0 kdb_backtrace >> 1 panic >> 2 trap_fatal >> 3 trap_pfault >> 4 trap >> 5 calltrap >> 6 vdev_mirror_child_select >> 7 vdev_mirror_io_start >> 8 zio_vdev_io_start >> 9 zio_execute >> 10 arc_read >> 11 dbuf_read >> 12 dbuf_findbp >> 13 dbuf_hold_impl >> 14 dbuf_hold >> 15 dnode_hold_impl >> 16 dmu_buf_hold >> 17 zap_lockdir >> >> Does anyone have any idea what went wrong? >> >> Does anyone have any suggestions on how to get past this? >> >> Many thanks, >> >> -David > > Hi David, > > You wrote you execute the commands "make installworld && make > installkernel" but the first command is wrong. You must execute first "make > buildworld". > All the steps are explained in /usr/src/Makefile > > Regards, > Alexandre > I didn't include the make buildworld or make buildkernel for the sake of brevity but yes, I executed them prior to installworld and installkernel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD upgrade woes (8.3 -> 8.4)
I have 4 servers I'm upgrading from 8.3 to 8.4. Two of them went without a hitch, two of them blew up in my face. The only difference between the two is the ones that worked have a 2-disk ZFS mirror and the ones that didn't have a 4-disk ZFS striped mirror configuration (RAID10). They both use the GPT. After installworld && installkernel they made it through boot, but right before the login prompt I'm getting a panic and stack dump. The backtrace looks something like this (roughly): 0 kdb_backtrace 1 panic 2 trap_fatal 3 trap_pfault 4 trap 5 calltrap 6 vdev_mirror_child_select 7 vdev_mirror_io_start 8 zio_vdev_io_start 9 zio_execute 10 arc_read 11 dbuf_read 12 dbuf_findbp 13 dbuf_hold_impl 14 dbuf_hold 15 dnode_hold_impl 16 dmu_buf_hold 17 zap_lockdir Does anyone have any idea what went wrong? Does anyone have any suggestions on how to get past this? Many thanks, -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UEFI Secure Boot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/8/2013 6:28 PM, Teske, Devin wrote: Not entirely correct. Microsoft licensing requires UEFI Secure boot for PCs sold with preinstalled Win8 and the "Windows 8" logo. Win8 itself boots and runs fine on legacy hardware without UEFI (and often outperforms XP or Win7 on the same hardware). But the real-world end result is the vast majority of future computers will be sold with UEFI secure boot enabled as the default. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR21sLAAoJEHIluGOd3V4FmG0H/3a8yfrZOs0hhZmD2koIOBks ELNfNqvktBICX+7lhHFVQM9i10LIHWR2Vgb+0BZSYavGQ+TmE6tds3iIprDXzGF9 fKO1OHsD/5rCWPraus9uOBoeLrD9wQMirB3JV9f5p0hNLHqtiWYr1p0wsC9/vDYN q92JINJe80Aqznq746JIbIEibmCDDjVTrTgDB2xidi3ZlkD6nN3RKNJ+DDnj/O19 sHDCmRU/Daw+3OisjaVwmaJpksPJxSmNxIlFqWlbZ8nMgjwbB/2YxkELVaRnLJZG rBSeyxiOA7Y1m9OLGRZXCeraFedk8ccE2JXDbv7OBR/mC7066PZkNq/bpjZjlEA= =ZZRj -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UEFI Secure Boot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/8/2013 6:28 PM, Teske, Devin wrote: > On Jul 8, 2013, at 3:24 PM, Sergio de Almeida Lenzi wrote: > > [snip] > >> >> So the question: >> Why or when will I need an secure UEFI boot??? >> > > From what I've read of UEFI Secure boot, I've parceled out into these nuggets: > > (correct any nuggets I got wrong) > > 1. UEFI Secure boot is actually UEFI + Secure boot. You can disable Secure boot and still have UEFI. > > 2. Windows 8 requires UEFI Secure boot to ... boot. Not entirely correct. Microsoft licensing requires UEFI Secure boot for PCs sold with preinstalled Win8 and the "Windows 8" logo. Win8 itself boots and runs fine on legacy hardware without UEFI (and often outperforms XP or Win7 on the same hardware). But the real-world end result is the vast majority of future computers will be sold with UEFI secure boot enabled as the default. > > > 3. Any OS can work with UEFI Secure boot... you just have to sign your drivers (which puts a burden on development, testing, etc.) > > 4. FreeBSD today can work on a machine if you disable UEFI (implied disabling of Secure boot sub-feature) > > 5. FreeBSD could eventually support UEFI. > > 6. Don't know if we want to support secure-boot... but I think we should. It's really up to how the end-user wants FreeBSD to function. If they want FreeBSD to reject module-loads for custom-compiled modules, secure boot seems to be a way to go. But for me at least, I won't be enabling it (even if we support it). However, I know customers that might think it's a great idea (think financial institutions running FreeBSD on bare metal both as workstations and servers). > > Now, I must admit, when the conversation of UEFI and Secure boot starts turning toward involving M$, I get confused. > > To my understanding, it's a methodology to allow a customer to secure his/her box against root-kit. The OS does this by communicating with the UEFI framework the keys of modules to load. That's between the BIOS and the OS (whatever OS you may be running). -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR21sPAAoJEHIluGOd3V4FGmgH/2vcwWP5juy7txU7pS5oTPdA MXc29tAIpPcLuGILyFICKtjlZ3isINX8kwBA9xZKoSjiDSCng/I+90+dIjpukAt2 DwLuek6+7oC9dYaBDxobjhhoogw5txcKnqwVhC4LjpBdQMuTiJSIunQOOzqqEybU kvedi5nlmmso6GYVYEKLRS7NrbgMW9W+2TvwrYOcBJw3yTeN4XRcpk7rQRi/U0+/ oRqxy1W9z51T6sGdO5UrkdxQEcNT6UgJedIo/0QLNUPOPEzGbapqak1QCbDSpxDc G8GOPLZnSrTM/FnM8KMzFaM2C6yoMyJHqsCs4tsbu1sRGxpLbs3HUJF984HTRDw= =vozW -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
signal vs. sigaction and SIGCHLD
I have a small test program which simply forks and execs
its command line arguments, but after the fork and before
the exec, it sends a SIGSTOP to the child. The parent then
sleeps for 3 seconds before exiting. However, a signal
handler for SIGCHLD has been installed and I was expecting
the parent to be notified of the SIGSTOP sent to the child,
but with the `signal' interface this doesn't appear to work.
If I change the code to use `sigaction' and `sigprocmask'
(to unblock any blocked SIGCHLD), this program works the
way intended, that is, the signal handler is called:
1 #include
2 #include
3 #include
4 #include
5 #include
6 #include
7 #include
8 #include
9
10 #define SIGACTION
11
12 static void waithandler(int i){
13 int pid, cursig;
14 int tstat;
15
16 #ifdef SIGACTION
17 pid = waitpid(-1, &tstat, WUNTRACED);
18 #else
19 pid = wait(&tstat);
20 signal(SIGCHLD, waithandler);
21 #endif
22 if (pid < 0)
23 return;
24
25 printf("waithandler: child (%d)", pid);
26 if (WIFSTOPPED(tstat)) {
27 printf(" received");
28 cursig = WSTOPSIG(tstat);
29 if (cursig == SIGSTOP)
30 printf(" SIGSTOP\n");
31 else if (cursig == SIGTRAP)
32 printf(" SIGTRAP\n");
33 else
34 printf(" %d\n", cursig);
35 } else {
36 printf(" exited status=%d\n", WEXITSTATUS(tstat));
37 }
38 }
39
40 main(int argc, char **argv){
41 int i, j;
42 int fd, hangpid;
43 FILE *ttyerr;
44 char ctl[16];
45 #ifdef SIGACTION
46 sigset_t sigmask[2];
47 struct sigaction sa;
48
49 sa.sa_flags = 0;
50 sigemptyset(&sa.sa_mask);
51 sa.sa_handler = waithandler;
52 sigaction(SIGCHLD, &sa, NULL);
53 sigemptyset(&sigmask[0]);
54 sigaddset(&sigmask[0], SIGCHLD);
55 sigprocmask(SIG_UNBLOCK, &sigmask[0], &sigmask[1]);
56 #else
57
58 signal(SIGCHLD, waithandler);
59 #endif
60 ttyerr = fopen("/dev/tty", "w");
61 if (argc <= 1) {
62 if( ttyerr )
63 fprintf(ttyerr,"Usage: %s cmd [args...]\n",argv[0],*argv);
64 exit(1);
65 }
66 if( (hangpid=fork())==0 ){
67 kill(getpid(), SIGSTOP);
68 execvp(argv[1], argv+1);
69 perror(argv[1]);
70 exit(1);
71 }
72 if(hangpid==-1){
73 perror("fork");
74 exit(1);
75 }
76 if( ttyerr ){
77 fprintf(ttyerr,"/proc/%d\n",hangpid);
78 fclose(ttyerr);
79 }
80 sleep(3);
81 }
The file is `hang.c'. I compile and run it like this:
% ./hang echo foo bar baz
waithandler: child (2280) received SIGSTOP
/proc/2280
If I recompile with `#undef SIGACTION', waithandler is not
called.
I should add that even with the sigaction(2) interface, without
the `sigprocmask' call, it still doesn't work, which suggests
that SIGCHLD is being blocked.
Can anyone explain why?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Strange console behavior - hangs every few minutes until a key is pressed
I'm experiencing something odd from a few new servers I've been setting up today. I'll do something at the console that takes some amount of time and produces lots of output such as fetching the ports tree, svn updating /usr/src/, or building world, and the console will hang. The console ceases to produce any additional output until a key is pressed. It doesn't seem to be the case that program execution is affected, the source tree continues to checkout, for example, but the console is 'frozen' and produces no additional output. Has anyone run into this before? Any thoughts as to what's going wrong or how to fix this? I'm running 8.2 and am in the process of updating to 8.3 (buildworld is running at the moment on several of them at the moment, with these hiccups every few minutes.. it's very odd). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: day light saving time happened today
On 3/11/2013 7:49 AM, Fbsd8 wrote: > > Even though the system is now on DST the date command still > displays EDT. Does the date command ever show DST? EDT = Eastern Daylight Time timezone not to be confused with EST = Eastern Standard Time timezone not to be confused with DST = daylight savings time, not a timezone, never shown on a computer. Your system correctly switched to daylight savings time, as verified by the EDT timezone indicator. Most likely the clock was already an hour slow before the time change. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: installworld strangeness
On 11/22/12, David Noel wrote: > On 11/22/12, Paul Schmehl wrote: >> --On November 22, 2012 7:14:35 AM -0600 David Noel >> >> >> wrote: >> >>> Updating from 8.2 to 8.3 I'm running into the following: >>> >>> ===> include (install) >>> creating osreldate.h from newvers.sh >>> dirname: not found >>> *** Error code 127 >>> >>> Stop in /usr/src/include. >>> *** Error code 1 >>> >>> Stop in /usr/src. >>> *** Error code 1 >>> >>> Stop in /usr/src. >>> *** Error code 1 >>> >>> Stop in /usr/src. >>> *** Error code 1 >>> >>> Stop in /usr/src. >>> >>> Has anyone managed to work past this error message? >> >> I just upgraded a system from 8.2 to 8.3 without a problem. World build >> find as did kernel. >> >> It sounds like you're missing source files. >> >> Try fetching the source from svn and starting over. >> >> svn co svn://svn.freebsd.org/base/releng/8.3/ /usr/src >> >> Paul Schmehl, Senior Infosec Analyst >> > > I pulled with `svn co https://svn0.us-west.FreeBSD.org/base/releng/8.3 > /usr/src`, so everything should be in order there. > Out of frustration I resorted to the last measure of a clean install. I was afraid that I'd forgotten to record other filesystem changes and that they were causing the error so I figured it would be the easiest way to be sure. There was one mention of this error message on the questions mailing list that I'd missed earlier. In it the theory that file dates were causing the error message was discussed. Prior to reinstallation I ran `make -d A installworld` and in the verbose output was given a message supporting that theory: that the error was caused by sys/param.h being newer than osreldate.h, so it seems safe to say that was the cause. In retrospect though it seems strange. If that really was the case it makes little sense that a clean install would fix things. I built off of the exact same code so it stands to reason that error message should have presented itself again were the dates truly the cause. So I'm not entirely certain, unfortunately. At any rate, the problem has been resolved. For future readers struggling with a similar problem I'd suggest fiddling with the date-stamps to see if it resolves the error. Thanks, all. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Unexepected results when piping syslog to a fifo
On 11/29/2012 1:30 PM, Paul Schmehl wrote: > I'm working on a project which requires that I pipe a remote > syslog to a fifo so a daemon can parse the results. After some > googling I *thought* that I had figured out how to configure > syslog to do this. Here's the syslog.conf entry: > > + hostname.utdallas.edu > *.* | cat > /var/run/program/program.fifo > > This seems to work for one syslog message. The rest go to > /var/log/messages. > > So I tried this: > + hostname.utdallas.edu > *.* | tail -f > /var/run/program/program.fifo > > But that seems to do the same thing. > > I want these messages to be piped to the fifo *only* and not show > up in local logs. What's the secret sauce for this? > I've used this in the past ... !* +host.example.com *.* | /path/to/fifo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: installworld strangeness
On 11/22/12, Paul Schmehl wrote: > --On November 22, 2012 7:14:35 AM -0600 David Noel > > wrote: > >> Updating from 8.2 to 8.3 I'm running into the following: >> >> ===> include (install) >> creating osreldate.h from newvers.sh >> dirname: not found >> *** Error code 127 >> >> Stop in /usr/src/include. >> *** Error code 1 >> >> Stop in /usr/src. >> *** Error code 1 >> >> Stop in /usr/src. >> *** Error code 1 >> >> Stop in /usr/src. >> *** Error code 1 >> >> Stop in /usr/src. >> >> Has anyone managed to work past this error message? > > I just upgraded a system from 8.2 to 8.3 without a problem. World build > find as did kernel. > > It sounds like you're missing source files. > > Try fetching the source from svn and starting over. > > svn co svn://svn.freebsd.org/base/releng/8.3/ /usr/src > > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > *** > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > "There are some ideas so wrong that only a very > intelligent person could believe in them." George Orwell > I pulled with `svn co https://svn0.us-west.FreeBSD.org/base/releng/8.3 /usr/src`, so everything should be in order there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: installworld strangeness
On 11/22/12, Markus Hoenicka wrote: > David Noel was heard to say: > >> I tried upgrading to 9.1 also but ran into a wall there as well: >> >> ===> usr.sbin/lpr/filters.ru (install) >> install -o root -g wheel -m 444 >> /usr/src9.1/usr.sbin/lpr/filters.ru/bjc-240.sh.sample >> /usr/libexec/lpr/ru >> ===> usr.sbin/lpr/filters.ru/koi2alt (install) >> install -s -o root -g wheel -m 555 koi2alt /usr/libexec/lpr/ru >> strip: could not create temporary file to hold stripped copy of >> /usr/libexec/lpr/ru/koi2alt >> *** [_proginstall] Error code 70 >> >> Stop in /usr/src9.1/usr.sbin/lpr/filters.ru/koi2alt. >> *** [realinstall] Error code 1 >> >> Stop in /usr/src9.1/usr.sbin/lpr/filters.ru. >> *** [realinstall] Error code 1 >> >> Stop in /usr/src9.1/usr.sbin/lpr. >> *** [realinstall] Error code 1 >> >> Stop in /usr/src9.1/usr.sbin. >> *** [realinstall] Error code 1 >> >> Stop in /usr/src9.1. >> *** [reinstall] Error code 1 >> >> Stop in /usr/src9.1. >> *** [installworld] Error code 1 >> >> Stop in /usr/src9.1. >> *** [installworld] Error code 1 >> >> Stop in /usr/src9.1. >> >> Google points me to information that suggests the failure is caused by >> a lack of disk space, but that doesn't seem applicable to my case as I >> have plenty. >> >> Could anyone offer insight into either of these errors? > > > Total disk space may not be an issue here, but I faintly recall that > the default disk layout before 8.2 created too small a root partition. > Rebuilding a kernel on 8.1 required more disk space on / than the > default 500 MB. If that hits you here as well, you may need to resize > partitions. > > regards, > Markus > > -- > Markus Hoenicka > http://www.mhoenicka.de > AQ score 38 > I have 1GB allocated for / and there's plenty of space for the kernel -- it installs with no trouble. Would installworld be affected by my / allocation? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: installworld strangeness
On 11/22/12, Christer Solskogen wrote: > On Thu, Nov 22, 2012 at 2:14 PM, David Noel wrote: >> Updating from 8.2 to 8.3 I'm running into the following: >> >> ===> include (install) >> creating osreldate.h from newvers.sh >> dirname: not found >> *** Error code 127 > > > Check your time/date. > > -- > chs, > Clock is ntp-synch'd and adjkerntz was run prior. "dirname: not found" makes no sense to me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: svn checkout "head" or "stable"
On 9/28/12, David Noel wrote: > On 9/28/12, Matthew Seaman wrote: >> On 28/09/2012 20:41, Ed Flecko wrote: >>> David - I'd like to, but every time I try that it prompts me for a >>> password...and I don't know what password it wants??? >> >> That would be the password to a freebsd.org account, which isn't going >> to work for most people on two counts: >> >>* freebsd.org uses SSH keys for authentication, not passwords. >> >>* even if you've got a SSH key, not being a FreeBSD committer you >> probably don't have a freebsd.org account. >> >> For anonymous access, you can use http or svn. Given that anonymous >> access is read-only, there's really not much to be gained from SSH or >> other means of encrypting the connection, either for you, or for the >> FreeBSD servers. It's anonymous, so you don't care about >> authentication. FreeBSD sources are publicly available, so you don't >> care about anyone eavesdropping on the traffic. About the only thing >> you're still exposed to is a man-in-the-middle attack, where someone >> could pose as a FreeBSD server and feed you a trojanned set of sources >> -- but then, you'ld still be exposed in exactly the same way even using >> svn+ssh. In practice, attacks of this type are very (pretty much >> vanishingly) rare. If they do concern you, then use portsnap(8) / >> freebsd-update(8) which has specific cryptographic protection against >> such things. The portsnap and freebsd-update build systems also have >> special access to the master FreeBSD repositories to minimize the >> chances that they themselves could be fed trojanned sources. >> >> Cheers, >> >> Matthew >> >> -- >> Dr Matthew J Seaman MA, D.Phil. >> PGP: http://www.infracaninophile.co.uk/pgpkey > > > MITM-based attacks--and subsequent corrupted sources--are my concern. > It was my understanding that anonymous svn+ssh would prevent this > assuming the host key was properly verified against > http://www.freebsd.org/internal/ssh-keys.asc. > > Recently I've installed from an iso and then manually updated with > pgp-signed security patches. It would certainly be nice to have some > secure source update mechanism though. > Apologies for the spam and the hastily written closing paragraph. I was hoping to end with a heartwarming anecdote that would leave the reader with no choice but to agree that anonymous ssh+svn access would benefit us all. AnonCVS is still of course an option, but with its eventual retirement the addition of an anonymous svn+ssh account would seem fitting, or at least consistent. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: svn checkout "head" or "stable"
On 9/28/12, Matthew Seaman wrote: > On 28/09/2012 20:41, Ed Flecko wrote: >> David - I'd like to, but every time I try that it prompts me for a >> password...and I don't know what password it wants??? > > That would be the password to a freebsd.org account, which isn't going > to work for most people on two counts: > >* freebsd.org uses SSH keys for authentication, not passwords. > >* even if you've got a SSH key, not being a FreeBSD committer you > probably don't have a freebsd.org account. > > For anonymous access, you can use http or svn. Given that anonymous > access is read-only, there's really not much to be gained from SSH or > other means of encrypting the connection, either for you, or for the > FreeBSD servers. It's anonymous, so you don't care about > authentication. FreeBSD sources are publicly available, so you don't > care about anyone eavesdropping on the traffic. About the only thing > you're still exposed to is a man-in-the-middle attack, where someone > could pose as a FreeBSD server and feed you a trojanned set of sources > -- but then, you'ld still be exposed in exactly the same way even using > svn+ssh. In practice, attacks of this type are very (pretty much > vanishingly) rare. If they do concern you, then use portsnap(8) / > freebsd-update(8) which has specific cryptographic protection against > such things. The portsnap and freebsd-update build systems also have > special access to the master FreeBSD repositories to minimize the > chances that they themselves could be fed trojanned sources. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey MITM-based attacks--and subsequent corrupted sources--are my concern. It was my understanding that anonymous svn+ssh would prevent this assuming the host key was properly verified against http://www.freebsd.org/internal/ssh-keys.asc. Recently I've installed from an iso and then manually updated with pgp-signed security patches. It would certainly be nice to have some secure source update mechanism though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: svn checkout "head" or "stable"
On 9/28/12, Ed Flecko wrote: > David - I'd like to, but every time I try that it prompts me for a > password...and I don't know what password it wants??? > > Ed Great question. I'm running into the same issue. I guessed around a bit with no luck: svn/anonsvn... Would anyone on the list be able to set up anonymous svn+ssh access for us? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: svn checkout "head" or "stable"
On 9/28/12, Ed Flecko wrote: > Excellent! Thank you all. > > :-) > > So, for ME...does this look right? This will track the latest release > that has the patches applied? > > > svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src > > svn co svn://svn.freebsd.org/ports/releng/9.1 /usr/ports > > svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc > > (I too, only need English docs) > > > > Ed > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscr...@freebsd.org" > For something as fundamental as source and ports tree updates I'd suggest taking advantage of the available SSH2-wrapper for subversion and securing your line of communication with the repository: svn co svn+ssh://svn.freebsd.org/base/releng/9.1 /usr/src etc.. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: cksum entire dir??
On 9/11/2012 7:48 PM, Polytropon wrote: > > I think I tried something like your second example last night. > I think I did > > % cksum foodir/* > That lets the shell expand * to the content of foodir, making > a final command line like "cksum foodir/file1 foodir/file2" > and so on. If you omit the /* part, the directory will be > checksummed entirely. If you then remove a file or change > it, a different checksum will be printed. At least that is > my interpretation of what I've tested. I think that command checksums the *directory block*, not the same as a combined checksum of all the files, and probably not useful for verifying if all files have been copied/moved correctly to a different directory. > The Midnight Commander has a function to compare directories > which will also identify _which_ files have changed (unlike Yes, much more promising. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Adding a Static Route to rc.conf?
On 5/3/2012 1:54 PM, Michael Sierchio wrote: > > > On Thu, May 3, 2012 at 11:17 AM, Noel <mailto:noeld...@gmail.com>> wrote: > > > > Indeed, I should have mentioned that if you have freebsd-8x or > earlier, this feature isn't built-in but can be easily added: > > http://freebsd.1045724.n5.nabble.com/Re-rc-8-script-waiting-for-the-network-to-become-usable-td4242157.html > Or the earlier discussion: > http://lists.freebsd.org/pipermail/freebsd-stable/2010-April/056521.html > > > The link to the script in this thread is dead. > > > Then use the second thread, which includes the script in-line. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Adding a Static Route to rc.conf?
On 5/3/2012 1:08 PM, Michael Sierchio wrote: > > > On Thu, May 3, 2012 at 10:34 AM, Noel <mailto:noeld...@gmail.com>> wrote: > > On 5/3/2012 11:45 AM, Chris Maness wrote: > > On Tue, May 1, 2012 at 8:31 AM, Chris Maness chrismaness.com <http://chrismaness.com>> wrote: > >> How do add a static route to rc.conf? > >> > >> Thanks, > >> Chris Maness > > > > http://www.freebsd.org/doc/handbook/network-routing.html > > > > see section 32.2.5.2 Persistent Configuration > > > > -- Noel Jones > > I added: > > > > # Add Internal Net 2 as a static route > > static_routes="internalnet2" > > route_internalnet2="-net 44.18.44.0/24 > <http://44.18.44.0/24> 192.168.1.33" > > > > to rc.conf per the section above. I rebooted and it was a > no go. Did > > I miss something? > > Looks OK, and works for me. Wild guess is you need to enable > netwait in rc.conf > http://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5 > <http://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5> > (near the bottom) > > > This is 9.X-specific advice, and this option doesn't exist in 8- > or prior. Indeed, I should have mentioned that if you have freebsd-8x or earlier, this feature isn't built-in but can be easily added: http://freebsd.1045724.n5.nabble.com/Re-rc-8-script-waiting-for-the-network-to-become-usable-td4242157.html Or the earlier discussion: http://lists.freebsd.org/pipermail/freebsd-stable/2010-April/056521.html -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Adding a Static Route to rc.conf?
On 5/3/2012 11:45 AM, Chris Maness wrote: > On Tue, May 1, 2012 at 8:31 AM, Chris Maness wrote: >> How do add a static route to rc.conf? >> >> Thanks, >> Chris Maness > > http://www.freebsd.org/doc/handbook/network-routing.html > > see section 32.2.5.2 Persistent Configuration > > -- Noel Jones > I added: > > # Add Internal Net 2 as a static route > static_routes="internalnet2" > route_internalnet2="-net 44.18.44.0/24 192.168.1.33" > > to rc.conf per the section above. I rebooted and it was a no go. Did > I miss something? Looks OK, and works for me. Wild guess is you need to enable netwait in rc.conf http://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5 (near the bottom) -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Adding a Static Route to rc.conf?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5/1/2012 10:31 AM, Chris Maness wrote: > How do add a static route to rc.conf? > > Thanks, > Chris Maness > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" http://www.freebsd.org/doc/handbook/network-routing.html see section 32.2.5.2 Persistent Configuration -- Noel Jones -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPoAWnAAoJEHIluGOd3V4F/U8H/i+OnN2OKmKxEPYjK7TKovie iXQX2AD8ddvUWsxrsoeJX03clg6sjzS+yF3pIGqC/IvhX+dwkpu8+55ZnzXNCQmW chVQs2uUixUxBugUSK79bR0pXJfBvnfgEXD42Fgxd8C4Yb+b9nrscFOmOzStt5XX FssudAAS2G+mHJlAUT+q8SJqI4ebQQsSXID3O2CrTx9081gqQEyvSrhJI5JhlOl8 IB6Q+pQ9rcO3bsXTF0THTWMYPbu9wxLaU0uqyCGLwAn6w3d26dfrbAFMxeIHDOi1 YrgeIVsVHtwiuMqcvvhW0iZN4ijbSkr+zchzzY38TUJ3aGL7I+Nu+C6sgMK1XiM= =as2f -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: Slackware: Starting Servers at Boot
On 2/2/2012 2:22 PM, Chris Maness wrote: > I have been using FreeBSD for so long I forgot how to configure > services and startup. I now also have a Slack box. What file do I > edit to so that services like named start automagically? I am aware > lines can be uncommented in inetd.conf, but I want the service running > without spawning from inetd. http://www.freebsd.org/cgi/man.cgi?query=rc.conf&sektion=5 # /etc/rc.conf named_enable="YES" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Installing free bsd
On 12/12/2011 5:05 PM, Jerry McAllister wrote: On Mon, Dec 12, 2011 at 04:26:06PM -0600, Daniel Lewis wrote: >> do direct ftp to disk? And what do you mean by fixate? > No. You ftp the file down to the local machine and then use a CD burning > utility to burn file to the CD. Daniel, An ISO file is basically a "snapshot" of a CD (or DVD or BlueRay) disc. You need special software to burn the image to a CD. Do NOT open the ISO file and copy the contents to a CD; that won't work. Windows 7 includes the ability to burn an iso; right-click the .iso file and pick "Burn disc image". For WinXP/Vista (or if you want a little more control in Win7), you need an iso burner program. Here's a free one I've used this in the past: http://www.ntfs.com/iso_burner_free.htm -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Broadcom BCM5780 Link-UP before auto-negotiation completes
On 8/25/2011 4:26 PM, Devin Teske wrote: > Hi All, > > I've got three different workstations each with a Broadcom Gigabit Ethernet > card > (slightly different models, but all running the bge(4) device driver) on > FreeBSD-8.1 RELEASE. > > We've having a strange problem where each/every single reboot ends up in > dropping to single-user mode because the NFS mounts fail in-turn because the > bge0 interface claims to be up but hasn't completed auto-negotation of the > link-speed yet (and states "no carrier"). > > After being dropped to single-user mode, you can press ENTER to accept the > default shell of /bin/sh and then type ^D to exit -- machine continues booting > just fine. > > I've tried back-porting the recent changes from bge(4) in the > RELENG_8_2_0_RELEASE branch and even the RELENG_8 branch to no avail. > > I was really disappointed because I could have sworn that one of these two SVN > revs (both published for RELENG_8_2_0_RELEASE) would have fixed the problem: > > http://svnweb.freebsd.org/base?view=revision&revision=213808 > Add more checks for resolved link speed in bge_miibus_statchg(). > Link UP state could be reported first before actual completion of > auto-negotiation. This change makes bge(4) reprogram BGE_MAC_MODE, > BGE_TX_MODE and BGE_RX_MODE register only after controller got a > valid link. > > http://svnweb.freebsd.org/base?view=revision&revision=213711 > The IFF_DRV_RUNNING flag is set at the end of bge_init_locked. But > before setting the flag, interrupt was already enabled such that > interrupt handler could be run before setting IFF_DRV_RUNNING flag. > This can lose initial link state change interrupt which in turn > make bge(4) think that it still does not have valid link. Fix this > race by protecting the taskqueue with a driver lock. > While I'm here move reenabling interrupt code after handling of link > state change. > > I'm afraid that our next recourse is going to be (in order of preference): > > 1. Try back-porting from an even further target (HEAD -> RELENG_8_1_0_RELEASE; > RELENG_8 wasn't high enough and bug still occurred). > 2. Try firmware upgrade of the Broadcom controller > 3. Write a custom rc.d script to detect when bge(4) is in use and sleep for a > few seconds before proceeding to NFS mounts > > And if none of those work... > > 4. Unceremoniously rip bge(4) from our kernels to prevent usage in production > -- > requiring the installation of a PCI or PCI-e or PCI-X network card that > doesn't > suffer this issue. > > Suggestions welcome. I've found this workaround useful with my bge cards: http://lists.freebsd.org/pipermail/freebsd-stable/2010-April/056400.html -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problems with sshd
On 7/15/2011 10:12 PM, Paul Schmehl wrote: > I manage a small hobby website for some friends. The system has been running fine for quite a while, but suddenly the owners are having problems using WinSCP to transfer files to the server. The only thing that has changed recently is their internet service, and I'm inclined to think that's the cause. They are using a Verizon hotspot, whatever that is. (They live in the country, and options for internet service are limited.) mobile hotspot - cellphone data connection rebroadcast on local wifi (google mifi). I've used Verizon's. Quality of the connection depends on the quality of the cellphone signal, and can range from very good to "connected but unusable". > But I'm the thorough sort, so I've enabled verbose logging and been googling for possible causes. One thing I've noticed is that their IP address changes quite frequently, but this snippet from the log shows that it also happens with the same IP. (I changed the username to protect their privacy.) They will get a new IP every time the device disconnects/reconnects. If they aren't turning it off and back on, this is an indicator of the connection dropping completely. > Checking the archived logs, which go back several months, the "error: ssh_msg_send: write" entry appears occasionally whenever they login using WinSCP, so I assume it's some incompatibility about the program that rears its ugly head from time to time. I suspect it has no significance wrt this particular problem. We use winscp (occasionally over cellular) and get no such errors. I'm guessing the message means it couldn't write to the socket because the connection dropped. > Any thoughts on possible things to check for would be most welcome. I think it's an inadequate data connection. Sometimes repositioning the mifi will help -- try the other side of the house or near a window. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD Questions off line?
The archives show 30+ messages yesterday and today. http://lists.freebsd.org/pipermail/freebsd-questions/2011-June/date.html Check your mail server, your subscription, etc. -- Noel Jones On 6/2/2011 3:01 PM, Al Plant wrote: Aloha, I havent seen any FreeBSD questions on line for 2 days. Any body have any knowledge about this? ~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740 + http://hawaiidakine.com + http://freebsdinfo.org + + http://aloha50.net - Supporting - FreeBSD 7.2 - 8.0 - 9* + < email: n...@hdk5.net > "All that's really worth doing is what we do for others."- Lewis Carrol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Newbie Needing Help
On 5/8/2011 7:17 PM, John or Judy Hixson wrote: At the risk of being told to get out of here and never come back (until you know enough to not need to come back), I need help on some very elementary stuff. I haven't found anywhere else to ask these questions and am therefore taking my chances. Welcome. I'm trying to learn some FreeBSD in anticipation of eventually admining a FBSD server for my church office network. I've installed FreeBSD 7.4 on an old PC and am trying to follow along while reading Unless you have some specific need for a legacy version, I would strongly suggest installing the latest production version. Right now that's 8.2. Michael Lucas' book (2nd ed.). Right now my problem is with the command line. Lucas make a statement as follows: "If you want to see a comprehensive list of loader variables, check the default configuration file." Since there is no command "check", I have no idea what to use. What command will He means to view the contents of the file with "cat" or "more". The shell or command line is where most of the action happens in FreeBSD and other unix-like operating systems. While it might look primitive to a newcomer, once you lean it you find it to be more powerful and you can imagine. I would probably help to read some books or websites on "basic unix operation" or "unix shell basics". No, I don't have any specific ones to recommend, but I'll bet there's a great one within the first 5 google responses. Good luck! -- Noel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: change hostname
On 3/27/2011 9:18 PM, Tim Dunphy wrote: hey guys, I setup a FreeBSD 8.2 box to server as an LDAP server. I forgot that I had a TLS cert with a different hostname than the one I selected. So I edited /etc/rc.conf to change the name there defaultrouter="192.168.1.1" hostname="LBSD2.summitnjhome.com" ##< -- used to be LBSD1.summitnjhome.com ifconfig_bge0="inet 192.168.1.44 netmask 255.255.255.0" nfs_client_enable="YES" sshd_enable="YES" named_enable="YES" slapd_enable="YES" And then edited /etc/hosts ::1 localhost localhost.summitnjhome.com 127.0.0.1 localhost localhost.summitnjhome.com 192.168.1.44LBSD2.summitnjhome.com LBSD2 ##<-- used to be LBSD1.summitnjhome.com 192.168.1.44LBSD2.summitnjhome.com. ##<<-- Same then i restarted the network LBSD2# /etc/rc.d/netif restart Stopping Network: lo0 bge0 plip0. lo0: flags=8048 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 nd6 options=3 bge0: flags=8802 metric 0 mtu 1500 options=8009b ether 00:14:22:38:9e:eb media: Ethernet autoselect (1000baseT) status: active plip0: flags=8810 metric 0 mtu 1500 Starting Network: lo0 bge0. lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 nd6 options=3 bge0: flags=8843 metric 0 mtu 1500 options=8009b ether 00:14:22:38:9e:eb inet 192.168.1.44 netmask 0xff00 broadcast 192.168.1.255 media: Ethernet autoselect (none) status: no carrier However when I issue the hostname -f command it does not reflect the change. It doesn't even show the fqdn LBSD2# hostname -f LBSD2 What am I doing wrong, here? thanks Try typing the command: # hostname LBSD2.summitnjhome.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Open Mail Relay
On Sat, Aug 14, 2010 at 8:29 AM, wrote: > > I have a machine running FreeBSD, sendmail and majordomo. I have someone who > is on one of those majordomo lists complaining that they are receiving spam > from me. The complainer says I have an open mail relay that I need to fix. Insufficient data. The person reporting the spam needs to provide you with a copy of the mail, including all headers, so you can see if it came from your server, or who sent it through your server. Most likely suspects are another list member's infected machine sending out spam to the list, or an outright forgery that never went through your server. > > I went to <http://www.abuse.net/relay.html>http://www.abuse.net/relay.html to > test the machine using its IP address. Abuse.net gives a clean bill of > health, saying relaying was denied in 17 separate tests. Then it's unlikely your server is an open relay. But you may need to add some spam filtering to your lists, or at least restrict posting to members only. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup Fail2Ban on FreeBSD
On Fri, Apr 23, 2010 at 12:49 PM, Bauer, Aaron J. wrote: > I am currently using FreeNAS 0.7 for a file server. I have multiple SSH > bruteforce attacks each week, and wish to use fail2ban to prevent this. > > I don't have much experience with BSD, and am having trouble getting > everything to work. I ran pkg_add -r python25 and pkg_add -r py25-fail2ban. > I now have all the files for Fail2Ban, and did the cp jail.conf jail.local as > the other distro's for linux use. > > However, how do I start using fail2ban? I have configured it for CentOS and > Ubuntu, and it starts in init.d. I don't know how to add it to /etc/rc.d to > get it to work correctly.. > add the line: fail2ban_enable="YES" to /etc/rc.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8: Postfix policyd-weight not working!!!
On Thu, Apr 8, 2010 at 9:29 AM, perikillo wrote: > Hi people. > > I'm working in my first spam gateway, using Postfix + policyd-weight. > > I have 2 jails for this, the jail-A is the mail server, where the mailboxes > exist, they are on each user home directory: > > /home/user-1 > /home/user-2 > /home/user-3 > ... > /home/user-N > > This jail-A have samba+ldap=PDC, nss_ldap+pam_ldap working + > dovecot+postfix working to. > > id test > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) > id root > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator),512(Domain Admins) > > I can add users without a issue using smbldap-tools. > > I have test dovecot+postfix and I can send emails with that jail. > > Now I want to setup my spam gateway, is another jail called jail-B, I have > setup nss_ldap+pam_ldap to contact my PDC(jail-A) and is working: > > id user1 > uid=10002(user1) gid=513(Domain Users) groups=513(Domain Users) > id test > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) > > Now, the part is the one is not working is postfix+ policyd-weight. > > Went I test with other machine in the network using telnet, for some reason > once postfix accept the mail wants to send the email to the outside not > internally. I have setup transport to send the email jail-A but I don't see > any task doing this, check: > > Apr 8 07:02:01 filtro postfix/qmgr[6723]: 97002BB47C2: from=, > size=409, nrcpt=1 (queue active) > Apr 8 07:02:04 filtro postfix/smtpd[6727]: connect from filtro.X.org > [192.168.49.7] > Apr 8 07:02:31 filtro postfix/smtp[6725]: connect to X.org[X.Y.Z.W]:25: > Operation timed out > Apr 8 07:02:31 filtro postfix/smtp[6725]: 97002BB47C2: to=, > relay=none, delay=869, delays=839/0.03/30/0, dsn=4.4.1, status=deferred > (connect to X.org[X.Y.Z.W]:25: Operation timed out) You say that X.org should be delivered locally. Postfix doesn't think X.org is a local domain. > Apr 8 07:10:00 filtro postfix/sendmail[6763]: fatal: root(0): No recipient > addresses found in message header This appears that you've used "sendmail -t" to inject some mail, and there was no To: header. Don't rely on headers for mail routing. > > X.Y.Z.W --> Public address. > > My postfix settings are this: > > alias_maps = hash:/etc/aliases > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix > inet_interfaces = all > local_destination_concurrency_limit = 2 > mail_owner = postfix > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > mydomain = X.org > myhostname = filtro.X.org You might want to add mydestination = $mydomain $myhostname localhost > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > relay_domains = $transport_maps Bad idea. If you add a transport for eg. hotmail, you become an instant open relay. Don't reuse transport_maps this way. If mail is delivered locally on this box, relay_domains should be explicitly set empty. relay_domains = > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtpd_delay_reject = yes > smtpd_helo_required = yes > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, reject_non_fqdn_recipient, > reject_invalid_helo_hostname, check_policy_service > inet:[192.168.49.7]:12525 > soft_bounce = no > transport_maps = hash:/usr/local/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > > Now, my transport file is: > > nis.X.org smtp:[192.168.49.6] ----->jail-A > > Is created: transport.db > > Another think, in the log I don't see went is touching "policyd-weight: > 12525" or this is just for the outside connections? Mail that's permitted by "permit_mynetworks" or submitted via the sendmail(1) interface won't trigger the policy server in your config. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
Add your client IP to the postfix debug peer list and follow up o the postfix users list On Mar 9, 2010 5:02 PM, "Jerry" wrote: On Tue, 9 Mar 2010 12:36:31 -0600 Noel Jones articulated: > Maybe you didn't have TLS enabled before? > > Anyway, this message caused by the other end disco... Hi Noel, I always had TLS enabled and it has always worked. I use Dovecot with TLS and it is not logging any errors. This whole thing started after I updated to FreeBSD-7.3 pre-release from version 7.2 last week. Every sending attempt produces this error although the mail does go through whether it is to someone on the same network or to an entirely different domain. Do you have any good idea how I can debug this? -- Jerry ges...@yahoo.com |=== |=== |=== |=== | The important thing is not to stop questioning. ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
On Tue, Mar 9, 2010 at 5:11 AM, Jerry wrote: > Since updating to FreeBSD 7.3-PRERELEASE, I am having problems with my > mail server. I have Postfix (2.7-20100117) installed. When sending, this > warning message appears in the mail log: > > warning: network_biopair_interop: error reading 5 bytes from the > network: Connection reset by peer > > When I posted this on the Postfix forum, Wietse Venema, the author of > Postfix, replied: > > Connection reset by peer (or error code ECONNRESET) means that the > other party hung up. > > This never happened prior to updating FreeBSD to FreeBSD > 7.3-PRERELEASE. Has anyone else experienced this or have a solution? > > -- > Jerry > ges...@yahoo.com Maybe you didn't have TLS enabled before? Anyway, this message caused by the other end disconnecting abruptly. If you just get it once in a while, it can be safely ignored. If you get it on every connection, your TLS is broken. If you get it fairly consistently with some specific client, maybe that client has a busted TLS implementation. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [OT] ssh security
On Sun, Mar 7, 2010 at 3:25 PM, Angelin Lalev wrote: > Greetings, > > I'm doing some research into ssh and its underlying cryptographic > methods and I have questions. I don't know whom else to ask and humbly > ask for forgiveness if I'm way OT. > > So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. > These algorithms can defeat any attempts on eavesdropping, but cannot > defeat man-in-the-middle attacks. To defeat them, some pre-shared > information is needed - key fingerprint. > > If hypothetically someone uses instead of the plain text > authentication some challenge-response scheme, based on user's > password or even a hash of user's password would ssh be able to avoid > the need the user to have key fingerprints of the server prior the > first connection? Hypothetically, SSH could use a zero-knowledge authentication method such as SRP[1]. Until new code is written for ssh to take advantage of something like this, we're stuck with what's available. -- Noel Jones [1] http://srp.stanford.edu/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Supressing dd output
On Wed, Dec 23, 2009 at 10:19 PM, Rolf Nielsen wrote: > Hello everyone, > > I'm wondering if there's a way to supress the summary output from dd. I'm > working on a backup script, that encrypts the backups, and after encrypting > overwrites the unencrypted file several times using dd. I've tried to > redirect the output with 2>&1 > /dev/null but it doesn't work. Since I run > the script from the daily_local variable in periodic.conf, and the script > backs up 11 filsystems (ZFS) to separate files, the mail from periodic daily > gets ridiculously long, and most of it being dd summaries. > > I guess I could hack the source code of dd, but I'd prefer not to have to. > Has anyone got any ideas? > > Thanks in advance and Merry Christmas to all of you, > > Rolf Nielsen Order matters. dd ... >/dev/null 2>&1 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Simple Monitoring Of TCP/IP Question
On Wed, Dec 16, 2009 at 4:21 PM, Michael Goodell wrote: > Hello . . . > > Looking for a *simple* protocol monitoring solution to test connectivity of > various facets of a system, i.e. HTTP / HTTPS / POP3 / SMTP etc. I am not > looking, and don't want to install a *heavy* application like Nagios etc, > but rather something much more simple. > > I have seen checkservice (/usr/ports/sysutils/checkservice) in the past and > that looked quite simple to implement. Another question is there anything > more preferred that checkservice that anyone knows about? > > Thank you in advance for any direction. For a simple service/system monitor, monit may suit your needs. http://mmonit.com/monit/ ports/sysutils/monit -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tailing logs
On Sat, Aug 23, 2008 at 10:07 AM, Chuck Robey <[EMAIL PROTECTED]> wrote: > DAve wrote: > >> DAve wrote: >> >>> I would love to have a way to tail a log, like piping to grep, except I >>> see every line and the lines I would normally grep for are highlighted. That >>> would be cool. Anyone know of a bash command or tool that will do this? >>> >>> Side note, I am tailing sendmail after changes to my outbound queue >>> runners. I want to highlight my sm-mta-out lines but still see all lines. >>> >>> DAve >>> >> >> Thank you all, I got what I needed! >> >> DAve >> >> I do this commonly to catch the lines with the word "Building" in them, > from a file "build.out: > > tail -F build.out | grep --color=always Building > > > When I get a free moment, I need to see about making that --color-always > the default. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > Look at ports/sysutils/multitail -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hopefully an easy header rewriting problem for Postfix
On Dec 7, 2007 12:23 PM, Clint Olsen <[EMAIL PROTECTED]> wrote: > I essentially want to rewrite all envelope senders of the form: > > @host.my.domain > > to just > > @my.domain http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade Looks like exactly what you describe. Just set in main.cf: masquerade_domains = my.domain and then run "postfix reload" -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: telnet mydomain.ild 465 : connection closed
On 10/30/07, dhaneshk k <[EMAIL PROTECTED]> wrote: > > Hi all , pls hepl me to fix this issue > > > I followed this DOC > > > http://www.purplehat.org/?page_id=8 > > > Here while I am testing postfix setup at this point > > telnet localhost 25 : the OutPut obtained as described as in the > tutorial in the above link (This test SUCCESSFULL) > > BUT for telnet loclhost 465 I cant get the o/p as in tutorial > > > Here what I am able to getfor telnet localhost 465 > When you specify "-o smtpd_tls_wrappermode=yes" port 465 is tunneled through SSL and cannot be tested with telnet. The website you are looking at faked their test results. This automatically makes me suspicious of the rest of their how-to, but I didn't check anything else for accuracy. To test wrappermode TLS, use the "openssl s_client" command, which you can think of as an encrypted telnet for testing TLS connections. Try: $ openssl s_client -connect localhost:465 You will be presented with a couple screens of TLS handshake info, and then presented with the postfix 220 greeting banner. Also note that after you issue an EHLO command on port 465, the STARTTLS option won't be offered since TLS is already active. You can also test that TLS is working on port 25 (which requires the STARTTLS command) with: $ openssl s_client -connect localhost:25 -starttls smtp The above command issues the STARTTLS command for you and establishes an encrypted connection. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: telnet mydomain.tld 465 ERROR : connection closed
On 10/30/07, dhaneshk k <[EMAIL PROTECTED]> wrote: > > > Hi all , pls hepl me to fix this issue > > > I followed this DOC > > > http://www.purplehat.org/?page_id=8 > > > Here while I am testing postfix setup at this point > > telnet localhost 25 : the OutPut obtained as described as in the > tutorial in the above link (This test SUCCESSFULL) > > BUT for telnet loclhost 465 I cant get the o/p as in tutorial > > > Here what I am able to getfor telnet localhost 465 When you specify "-o smtpd_tls_wrappermode=yes" port 465 is tunneled through SSL and cannot be tested with telnet. The website you are looking at faked their test results. This automatically makes me suspicious of the rest of their how-to, but I didn't check anything else for accuracy. To test wrappermode TLS, use the "openssl s_client" command, which you can think of as an encrypted telnet for testing TLS connections. Try: $ openssl s_client -connect localhost:465 You will be presented with a couple screens of TLS handshake info, and then presented with the postfix 220 greeting banner. Also note that after you issue an EHLO command on port 465, the STARTTLS option won't be offered since TLS is already active. You can also test that TLS is working on port 25 (which requires the STARTTLS command) with: $ openssl s_client -connect localhost:25 -starttls smtp The above command issues the STARTTLS command for you and establishes an encrypted connection. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Named
On 8/25/07, Narek Gharibyan <[EMAIL PROTECTED]> wrote: > Has Anyone tried to use Named under windows? What are results? > I used bind on windows a couple years ago. Seemed to work as expected. Official binary packages for Windows are available from isc.org -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix/SpamAssassin Guru?
On 8/25/07, Eric Crist <[EMAIL PROTECTED]> wrote: > > On Aug 24, 2007, at 11:26 PMAug 24, 2007, Noel Jones wrote: > > [snip] > > > an easier way is to run spamassassin under the control of amavisd-new > > and let amavisd-new add address extensions such as user+spam and to > > let dovecot file the mail in a spam folder. > > Noel, > > Are you saying I just need amavisd-new installed and properly > configured? Is there something I need to tell dovecot? > > A bit more information in regards to where I can look for > documentation would be appreciated! > look in the amavisd-new, dovecot, and postfix docs for "recipient delimiter". Followup questions should go to the list for one of those projects. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix/SpamAssassin Guru?
On 8/24/07, Peter Boosten <[EMAIL PROTECTED]> wrote: > > > Eric Crist wrote: > > On Aug 24, 2007, at 9:05 AMAug 24, 2007, Gerard wrote: > > > >> On August 24, 2007 at 09:32AM Eric Crist wrote: > >> > >> > > > > I've got Postfix with Dovecot and virtual users setup. What I'm looking > > for is some filtering based on the flags SpamAssassin sets, so that I > > can route any messages tagged as Spam to a Spam directory with a users > > maildir. > > Assuming you got SA running: > In my main.cf: > header_checks = regexp:/etc/postfix/header_checks > > > This is in my header_checks: > > /^X-Spam-Flag: YES/ REDIRECT [EMAIL PROTECTED] > > > Peter Note that REDIRECT acts on all recipients of a message, and cannot be customized per-user. In the above example, *all* tagged spam would be delivered to a single mailbox. OK if that's what you want. an easier way is to run spamassassin under the control of amavisd-new and let amavisd-new add address extensions such as user+spam and to let dovecot file the mail in a spam folder. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail question
On 7/26/07, Matthew Seaman <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Dylan Smith wrote: > > Eric Crist wrote: > >> On Jul 26, 2007, at 4:54 AMJul 26, 2007, Dylan Smith wrote: > >> > >>> I am currently on the last stages of setting up a FreeBSD 6.2-STABLE > >>> File and Network Application Server. One of my last tasks is to > >>> simple forward all mail from root out through my isp's SMTP(requires > >>> authentication) server and to an email account i have elsewhere. That > >>> is to say i have no purpose for a mail server other than to handle > >>> mail from things like periodic and to move that mail elsewhere. > >>> > >>> Can this be easily accomplished? If so are there any guides/how-to's? > >>> I have done a search around my usual BSD sites and books and found > >>> nothing that is easily modified to my circumstances. > > >> It can be done, but it's a PITA with Sendmail. Look into > >> /usr/ports/mail/ssmtp. We use it on our systems here where we need to > >> simply get root's email off the box. Simple configuration file, works > >> well. > > > Thanks for that little suggestion. > > Would this mean that i could just disable sendmail > > totally(sendmail_enable="none")? > > Hmmm... no one seems to have cottoned onto the 'requires > authentication' statement in the original message. As far as I can > tell, ssmtp only allows authentication via the use of cryptographic > certificates -- which is probably the most secure way of doing > authentication but also tends not to be supported on many mail > systems. a fairly simple mail client that supports authentication: http://msmtp.sourceforge.net/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DomainsKeys/DKIM with Postfix - Questions
On 5/7/07, PeterPluta <[EMAIL PROTECTED]> wrote: I'm currently running FreeBSD 6.2, Postfix, Amavisd-new, Spamassasin, Dovecot, and ClamAV for my mail setup. I've been meaning to add Domain Keys/DKIM for a while now, but I don't really know where to start. I understand the basic concept, but it seems a bit confusing as you get into it. Has anyone here sucessfully set it up? I've been following this guide http://www.ijs.si/software/amavisd/a...docs.html#dkim and found the confusion to start when they recommend using both Domainkeys and DKIM. I thought DKIM is a replacement for the older Domain Keys? I've noticed Gmail has both Domainkey and DKIM headers. What the point of using both? Also, can I send mail from virtual domains I have without the DNS check being invalid? Say I send mail with a TO: [EMAIL PROTECTED] and my mailserver's hostname/domain is mail.mydomain2500.com, will that be rejected? The port for DKIM seems to be broken too! :( I'd appreciate someone chiming in. Cheers, Ferrarislave I have a similar setup to yours, I use both DKIM and DomainKeys with my postfix installation. I just followed the MILTER_README included with postfix and the INSTALL instructions that came with dkim-miler, but I've read the instructions you mention and they are correct also. I use both DKIM and DomainKeys because many providers still only recognize DomainKeys. As more folks move to DKIM, I'll eventually be able to drop DomainKeys. As for virtual domains, you can define for each domain if it is to use DKIM. They can all share the same private/public key files, but each domain must have its own DNS entry defining DKIM/DomainKeys usage and public key. Start with one domain using DKIM as a test, then add more as you get familiar with it. It won't cause problems to have a subset of your domains using DKIM. When I built mine a few months ago, I built both dkim-miler and dk-milter from source downloaded from sourceforge since the ports were a few versions behind at the time and the ports packages seemed very sendmail-specific - no surprise there. Haven't looked at the ports status of these two lately. I do know that dk-milter-0.5.0 and dkim-milter-0.6.6 both built easily from source and don't require any patching to work correctly with postfix (older versions needed some minor patches). I notice dkim-milter-0.7.0 was just released yesterday, haven't tried it yet. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: completly remove (or modify) a port
On 4/18/07, Ray <[EMAIL PROTECTED]> wrote: Hello all, I have been trying to work with postfix from the ports collection. I need to rebuild it to include mysql support. I tried #make deinstall but a subsequent #make install doesn't give me the options screen. try "make config" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: export nfs to a host with dynamic IP address
On 3/18/07, Zhang Weiwu <[EMAIL PROTECTED]> wrote: Maybe this is not possible, but can I export NFS share to a host that have dynamic IP address? My office server export an NFS share folder to several local desktop computers. I often need to access these NFS share from my home computer, which have dynamic IP address. I do have a fixed domain name, myhome.ods.org always have a "A" dns record pointing to my home computer. Having dynamic IP address never caused a problem for me because, as I said I have fixed domain name (updated with ez-ipupdate) but when it comes to NFS it is a problem. If I write my fixed domain name in /etc/export I wouldn't be able to mount that share. NFS server seems to check the IP address that wish to connect to it, reverse lookup its domain name, and compare it with what's written in /etc/exports. For me it doesn't work because my dynamic IP address cannot reverse resolve to my fixed domain address. So, is there a network file system that can work for my case? I never tried NFS SSL authentication things because after a google search it looks quit complex to install and configure: but if that's the only way to go I'll start to learn it. I also know samba can provide authentication so I don't have to rely on IP address to control access. However I never set up samba server before: also I would do it if that's the only way to go. Any suggestions? Thanks a lot in advance. Set up OpenVPN from ports/security/openvpn and export NFS to the VPN tunnel address. OpenVPN is secure, fairly easy to configure, and works well with dynamic IP. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh public key authentification
On 1/18/07, Christian Baer <[EMAIL PROTECTED]> wrote: The whole thing should be pretty trivial: I created a key using PuTTY, copied the public key to ~/.ssh/authorized_keys (everthing in one line), chose the private key in PuTTY and tried to log in. All I got in response was: "Server refused out key." Did you copy the displayed "Public key for pasting into OpenSSH" from PuttyGEN, or did you paste the actual contents of the public key? Putty's on-disk format for public keys is not compatible with OpenSSH. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Load balancing outgoing mail relay
On 1/17/07, Charles Trevor <[EMAIL PROTECTED]> wrote: What happens if you do multiple dig/nslookups for smarthost.domain.tld. Are the records returned in a different order each time? If not the problem may be at the NS. Nope. Postfix shuffles equal-weight MX records internally, so it doesn't matter what order the NS presents them. Multiple A records without an MX record (or when MX lookups are suppressed) are treated as equal-weight MX records per RFC. This is likely a postfix configuration problem. The original poster should seek further help on the postfix-users list. http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Load balancing outgoing mail relay
FreeBSD 6.2 with Sendmail (initially) and now postfix. MS DNS with round robin (and TTL set to 0 on the records). Resolving with nslookup gives something like: smarthost.domain.tld 192.168.0.1, 192.168.0.2, 192.168.0.3 If I kill 192.168.0.1 then it goes on the second one. But this is failover, and I need (approximately) load balancing. Postfix will always internally shuffle equal-weight MX records (or multiple A records if there is no MX). I think sendmail does this also. This will not give strict round-robin use of the smarthosts, but over thousands of messages will give an equal share to each host. It sounds as if the host has primary/secondary MX records and you haven't disabled MX lookups for the relayhost. Use in main.cf relayhost = [smarthost.domain.tld] As documented, the brackets are required to disable MX lookups. You may want to adjust initial_destination_concurrency_limit and default_destination_concurrency_limit if your smarthosts will allow more than the default 20 connections. If sending small amounts of mail, postfix connection caching may interfere with observed load sharing. You may want to turn off smtp_connection_cache_on_demand if sending small amounts of mail, but leave it on if sending thousands of messages at a time. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: a bit OT - VPN+Windows
On 1/8/07, Rob Hurle <[EMAIL PROTECTED]> wrote: On Mon, 8 Jan 2007, Wojciech Puchar wrote: > could You put me to some manual about configuring any king of VPN (with > encryption at least, preferable compression too) with windows machines as > clients and FreeBSD as servers. > OpenVPN gets my vote as an easy to use cross-platform VPN. Runs on just about everything. Compression is available, password or certificate based authentication, high level encryption, NAT and firewall friendly. The add-on windows GUI makes installation and setup easy for non-unix types. /usr/ports/security/openvpn docs and good sample configs: http://openvpn.net/ windows gui: http://openvpn.se/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to prevent users from receiving email
On 8/19/06, Giorgos Keramidas <[EMAIL PROTECTED]> wrote: On 2006-08-19 19:21, Bill Moran <[EMAIL PROTECTED]> wrote: > > Apparently my memory is useless and I've lost the ability to use > google as well. > > I just added a user account to a mail server, but I don't want that > user to receive mail on that server. It's running Postfix. > > I seem to remember a canonical method for preventing certain users > from receiving email. But my memory has failed, and I can't seem > to find anything on google. > > Is it an /etc/aliases trick? You can use the Postfix `access' map for this. You can enable an `access' map in Postfix by setting in your `main.cf' file: smtpd_client_restrictions = \ check_client_access hash:/usr/local/etc/postfix/access Then, in `/usr/local/etc/postfix/access' put: [EMAIL PROTECTED] REJECT and run `postmap' on the `access' file: # postmap /usr/local/etc/postfix/access Reload Postfix and off you go :-) There are other reject options too, which offer more fine-grained control of the SMTP error codes and the text of the error messages Postfix will return. See, for example: http://www.postfix.org/access.5.html Close. But check_client_access is unlikely to be effective matching a recipient address. Use check_recipient_access instead. There are lots of examples on the postfix-users list. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: vacation for postfix
On 4/27/06, albi <[EMAIL PROTECTED]> wrote: > > hi, > > i'm running a few mail-servers and 1 of my users asked for a vacation-option > > after some searching it looks like the vacation is part of the default > sendmail-install on FreeBSD 5.4, i'm using postfix however (and don't > have sendmail installed), will it work fine with postfix ? Yes, it will work fine as long as these are local (not virtual) users each with their own home directory. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: chown confusion
On 4/27/06, Huy Ton That <[EMAIL PROTECTED]> wrote: > Okay I'm feeling like an idiot now, if i chowned a directory such that > > user 'x' had the ownership of a given directory and was in group 'alpha' > > user 'b' needed to add files to the said directory and was in group 'alpha' > > now I know usually you do chown :groupname or chown > user:groupname to change ownership however... > > I can limit a directory to only a user, but I want to limit it not at a user > level, but at a group level such that all users in a group can write to a > file. > > An option to remove ownership perhaps chown -:groupname does this make > sense? Sounds as if you want to change the permissions to allow group read/write of the directory, at which point the owner won't matter. You probably want something like: # chgrp groupname dirname # chmod ug+rwx dirname http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/permissions.html -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: AND COBOL
On 3/7/06, Bob Hall <[EMAIL PROTECTED]> wrote: > ... > I couldn't figure out how to fit ALGOL in there. Ain't life a PISTOL? > After that, I need a Tylenol... -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: awk question
On 3/6/06, Bart Silverstrim <[EMAIL PROTECTED]> wrote: > I'm totally drawing a blank on where to start out on this. > > If I have a list of URLs like > http://www.happymountain.com/archive/digest.gif > > How could I use Awk or Sed to strip everything after the .com? Or is > there a "better" way to do it? I'd like to just pipe the information > from the logs to this mini-script and end up with a list of URLs > consisting of just the domain (http://www.happymountain.com). > | cut -d / -f 1-3 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: switching timezone within crontab?
On 3/3/06, Danny Howard <[EMAIL PROTECTED]> wrote: > Hey, > > So, we have systems running in Eastern and Pacific time zones as their > local time, not to mention DST. So, we like to schedule a few things > with UTC to save our sanity. > > If a system is not running UTC as its locale, but I want to schedule a > UTC cron job in crontab, is it sufficient to put a little: > TZ=UTC > Right before the job? > Pretty sure the above will only set the timezone for your job, and not alter the schedule time. But I don't know a solution to your problem. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Redirecting Traffic with PF
On 2/24/06, Frank Staals <[EMAIL PROTECTED]> wrote: > Hey, > > I have an FreeBSD server/firewall running 5-Stable with PF. I want to > redirect all udp traffic on port 27902 from the internet to a computer > in my network. I used this rule but I have some problem with it: > sometimes connections on that port are refused and I can't connect with > other players ( it's for a online game ) : > > rdr on $extif inet proto udp from any port 27902 -> 192.168.2.11 port 27902 > > I think the problem might have something to do with the different > network interfaces since the traffic is comming in on $extif and has to > go to an computer connected to $intif ? And how can I do that ? Can I > change it to: > > rdr on $extif inet proto udp from any port 27902 -> $intif 192.168.2.11 > port 27902 > > ? Or what do I have to do to fix it. > > Thanks in advance, > > -- > -Frank Staals > > I think you want something like rdr on $extif inet proto udp from any to self port 27902 -> 192.168.2.11 port 27902 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Syslog
On 2/15/06, Peter Ankerstål <[EMAIL PROTECTED]> wrote: > Hello, > > I'm trying to get syslog to log on a remote host. This part is really > not a problem, but when I try to define at the "loghost" to which files > i want to log my incoming logs I don't get anything to work. I cant find > anything in the manual either. > > I've tried this: > +sphere > *.* /var/log/sphere/messages > Read the syslog.conf and syslogd man pages carefully, they contain all the info you need. You probably need to adjust the syslogd entry in /etc/rc.conf to remove the -s option, and add -a RemoteIP. Then stop and restart syslogd before continuing your test. You also likely need to clear the "program specification" in syslog.conf by using: !* +sphere *.* /var/log/sphere/messages -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshd possible breakin attempt messages
On 2/6/06, Brad Gilmer <[EMAIL PROTECTED]> wrote: > Hello all, > > I guess one of the banes of our existance as Sys Admins is that people are > always pounding away at our systems trying to break in. Lately, I have been > getting hit with several hundred of the messages below per dayin my security > report output... > > gilmer.org login failures: > Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for > 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! > Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for > 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! > Feb 5 11:18:20 gilmer sshd[78082]: reverse mapping checking getaddrinfo for > 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! > > I am running FreeBSD 5.4 RELEASE, and right now this box is not a production > machine, but I am going to be taking it live fairly soon. Questions: > > 1) Is there anything I should be doing to thwart this particular attack? The POSSIBLE BREAKIN ATTEMPT message is caused by a failed reverse DNS lookup, and will happen with legit logins too if you have no reverse DNS. You can silence this particular message by adding to your /etc/ssh/sshd_config: UseDNS no To prevent attackers from hammering away at your server, try ports/security/bruteforceblocker Bruteforceblocker by default adds an abusive IP to the a pf firewall blacklist, but can be very easily modified for IPFW or adding a null route. > 2) Given that I am on 5.4, should I upgrade my sshd or do anything else at > this point to make sure my machine is as secure as possible? Just keep up with the version 5 security patches. > 3) (Meta-question) - Should I upgrade to 6.0 before I go live to be sure I > am in the best possible security situation going forward? Should I wait > until 6.1 for bug fixes (generally I am opposed to n.0 anything). Your call. Base your decision on what features you need. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RAM check
On 1/26/06, Philip Juels <[EMAIL PROTECTED]> wrote: > I'm running into random seg faults during KDE and Gnome compilation, and > I and others on the list suspect faulty RAM. Are there any utils out > there that can test/diagnose RAM (aside from the laughable BIOS POST). > http://www.memtest86.com/ http://www.memtest.org/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to have sshd log IP numbers instead of reverse lookups
On 11/24/05, James Long <[EMAIL PROTECTED]> wrote: > I was looking at /var/log/auth.log and saw an entry of the form: > > Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for username > from example.com > > I wish to have an IP number logged where sshd has instead logged > 'example.com' > > Reading sshd's man page and sshd_config's man page, I don't find any > way to control this. > > Since 'example.com' could have multiple IP numbers, how can I change > sshd's configuration to log the IP number from whence the > authentication error originated? > > I believe adding UseDNS no to sshd_config will do what you want. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is there a Data Communications Program Native to FreeBSD?
On 10/22/05, Bob Perry <[EMAIL PROTECTED]> wrote: > Hello, > > I'm running FreeBSD 5.4 and just installed HylaFAX. I'm just curious if > there is a data communications program native to FreeBSD that I could > easily install and run that would facilitate configuration of my > modem? > tip and cu are part of the base system and should work for manually setting modem parameters. If you want something more sophisticated, ports/comms has several. I've used ecu and kermit for various projects in the past. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bruteforceblocker + PF
On 10/6/05, Enrique Ayesta Perojo <[EMAIL PROTECTED]> wrote: > El Miércoles, 5 de Octubre de 2005 21:53, Noel Jones escribió: > > > I'm going to assume this is just a small part of your pf.conf, because > > the part you show doesn't allow any internet access. Maybe you should > > show us your entire pf.conf. > This simple pf config should work. > No, i don't see any of these messages, the only message i see is the start of > the log: > > !!! log started at Wed Oct 5 18:53:23 2005 !!! > I manually installed bruteforceblocker 1.1 (later noticed it's in ports/security) and when it starts, it looks like: --- log started at Wed Oct 5 13:13:01 2005 --- So it appears that your software is different from mine. Are you also seeing sshd logging information about failed and accepted login attempts? One thing I did notice was that all the lines in the bruteforceblocker.pl script ended with ^M. So I used vi to remove them. I don't know if that is part of your problem or not, but it's something you might check. FWIW, after making the suggested change to my syslog.conf file and editing the file locations in the bruteforceblocker.pl script, it worked first try here. The only other suggestion I have is to check your /etc/syslog.conf changes. Find the line that looks like: auth.info;authpriv.info/var/log/auth.log and change it to: auth.info;authpriv.info | exec /usr/local/sbin/bruteforceblocker.pl -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bruteforceblocker + PF
On 10/5/05, Enrique Ayesta Perojo <[EMAIL PROTECTED]> wrote: > Hello, i'm trying to install the bruteforceblocker script to stop ssh attacks, > but i'm having a problem with PF because it seems not to block the attacker > ip. > > The machine is connected to internet and has some needed services for the LAN, > so i want to log and block only outside attacks. > > The bruteforceblocker script seems to be working, because i can read the > initial time of it at /var/log/auth.log, so i think the problem may be at my > pf configuration. > > Any help? > > Thanks a lot > > /etc/pf.conf > table persist file "/var/log/bruteforce" > > # options > set block-policy return > set loginterface $ext_if > > # scrub > scrub in all > > # filter rules > block all > > pass quick on lo0 all > > pass in on bge0 from 10.200.62.0/24 to 10.200.62.17 > pass out on bge0 from 10.200.62.17 to 10.200.62.0/24 > > block in log quick inet proto tcp from to any port ssh I'm going to assume this is just a small part of your pf.conf, because the part you show doesn't allow any internet access. Maybe you should show us your entire pf.conf. Do your rules display as expected? # pfctl -s rules Did you reload pf after you edited pf.conf? # pfctl -f /etc/pf.conf Are you testing this from outside the 10.200.x.x network? In your auth.log do you see bruteforceblocker messages such as: 220.92.126.217 was logged with total count of 1. when an ssh login fails? And then after $max_attempts is exceeded you should see: IP 202.92.126.217 reached the maximum number of failed attempts!!! Adding IP to the firewall... -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ntp problem :(
> > Hmm, pinging from here I see that ntp.imag.fr = imag.imag.fr = > 129.80.30.1 so if you can ping that address then you have low level > connectivity. One possibility is that something in the middle is Apparently ntpdate is trying to use the IPv6 address that ntp.imag.fr publishes. I don't know how to tell ntpdate to use only IPv4 addresses, so a workaround is to use the IPv4 address directly. ntpdate -v 129.88.30.1 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: script advice
On 9/14/05, John Williams <[EMAIL PROTECTED]> wrote:
> Dear List,
> I have a requirement for a maximum of one user logged in at any given time.
> Following is a .profile script I wrote to enforce the requirement. The
> problem is that when the script runs, sometimes the user trying to login is
> identified as logged in and sometimes he/she is not identified as logged in.
> I.e., there is a race condition between script execution and login
> completion. Any advice for how to make it work properly? The brute force
> way is to loop on waiting for the user to be logged in, as identified by the
> who command, and then check the time of the login so as not to be confused if
> the user is already logged in. Is there a better way? Thanks!
>
Exclude the users own tty.
TTYDEV=`/usr/bin/tty`
TTY=`/usr/bin/basename $TTYDEV`
USERS=`/usr/bin/who | /usr/bin/grep -v "$TTY"`
[ -z "$USERS" ] && {
echo Other users logged on!
echo $USERS
echo logging out...
logout
}
--
Noel Jones
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with email...
On 8/31/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello, > > Thank you in advance for your help. My name is Karen Donathan and I am the > Computer Science teacher at George Washington High School in Charleston, WV. > (http://gwhs.kana.k12.wv.us). We have been running FreeBSD on our webserver > for abuot 5 years. > > Over the summer, I recently began getting "fake" email messages from [EMAIL > PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], etc. etc. > etc. The subject line is always something like "YOUR ACCOUNT IS > SUSPENDED", "You have successfully updated your password", etc. > Each of these contain an attachment, so I know that a virus is trying to get > into our server. I need some suggestions on what to do to make this stop. > The general answers are: - add a virus scanner to your mail server (clamav works well) - reject mail with invalid local sender addresses - add some spam controls to your mail server Specific answers depend on what mail software (sendmail? postfix? exim? qmail? something else?) you are using and how strict rules you can apply. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postgrey question
On 6/1/05, Kirk Strauser <[EMAIL PROTECTED]> wrote: > On Wednesday 01 June 2005 12:44 pm, Bart Silverstrim wrote: > > > That's where I was a little confused (kirk? Insight, clarification?) > > because I thought that line would have it pass the message to another > > queue on port 10023 of the localhost, like the way Amavis runs. > > That's correct. > > > I didn't know if that meant it would be running three postfix queues now > > or if it is just a misunderstanding on my part. > > Sort of, in a way, except that in theory any MTA (or other process) could use > the amavis or postgrey ports, so they're not exactly Postfix-specific. > -- > Kirk Strauser > > > The above is wrong. The postfix policy service only passes the envelope information (client IP, HELO, MAIL FROM, RCPT TO) to the policy daemon (postgrey in this instance), not the message itself, and expects a standard postfix access table action in reply, such as DEFER, REJECT, DUNNO, etc. No queue is involved. The postfix policy service is postfix-specific and not likely useful with other MTAs unless/until they specifically add support for this type of access map. This is very different from amavisd-new which expects to receive the entire message via SMTP from postfix. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to find files less than a day old?
> > > FreeBSD box that I am connected to. I think it may be a Solaris 9 box.
> > > Is there any way to get this to work in Solaris?
> > >
> >
> > Maybe the solaris find command supports the -newer option. I think
> > -newer is more widely supported, and likely to be available on
> > Solaris.
> >
> > If necessary, you could then create a reference file using touch with
> > the proper time stamp on it. You can do this automatically within a
> > script, using the date command to figure out the current time. You
> > can calculate the time one hour ago by using a command something like
> > TZ={your timezone 1} date
> >
> >
> > --
> > Noel Jones
> >
> Is there a way that I could do this without using find? I basically just
> need a listing of files to pipe to cat. Is there any easier way to do
> this? If there isn't, could you explain in more explicit email how to
> this?
>
> /Brian
>
Here's some commands that should be pretty portable.
touch `TZ=CST7CDT date "+%m%d%H%M"` /path/to/file
find . -newer /path/to/file -type f | xargs cat > tmp.txt
Adjust the value of TZ to give the proper time in your locale. I'm in
Central Standard Time, which is normally expressed as CST6CDT, so I
added one to get "CST7CDT". This creates a file stamped exactly one
hour ago that find can use as a reference.
An alternative would be to write something in perl or your programming
language of choice.
HTH...
--
Noel Jones
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to find files less than a day old?
On Tue, 29 Mar 2005 14:11:45 -0600 (CST), Brian John
<[EMAIL PROTECTED]> wrote:
> > On Tue, 29 Mar 2005 13:02:37 -0600 (CST), Brian John
> > <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > > I'm trying to write a script to concatenate a bunch of files.
> Basically I
> > > want to grab a bunch of files out of a directory that are less than an
> > > hour or so old and put them in one file.
> > >
> > > This is what I am using so far:
> > >
> > > find . -mtime -1 -type f | xargs cat > temp.txt
> > >
> > > However, this only grabs files that are less than a day old, so I get
> some
> > > files returned that I don't want. I tried using -0.5 instead of -1
> and it
> > > didn't work. How can I accomplish this?
> > >
> >
> >
> > find . -mtime -1h -type f
> >
> > man find
> >
> >
> > --
> > Noel Jones
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> >
> >
> I read the man page and didn't see that. It doesn't appear to work on the
> box that I am ssh-ing to. Sorry, I should have mentioned that it is not a
> FreeBSD box that I am connected to. I think it may be a Solaris 9 box.
> Is there any way to get this to work in Solaris?
>
Maybe the solaris find command supports the -newer option. I think
-newer is more widely supported, and likely to be available on
Solaris.
If necessary, you could then create a reference file using touch with
the proper time stamp on it. You can do this automatically within a
script, using the date command to figure out the current time. You
can calculate the time one hour ago by using a command something like
TZ={your timezone + 1} date
--
Noel Jones
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to find files less than a day old?
On Tue, 29 Mar 2005 13:02:37 -0600 (CST), Brian John <[EMAIL PROTECTED]> wrote: > Hello, > I'm trying to write a script to concatenate a bunch of files. Basically I > want to grab a bunch of files out of a directory that are less than an > hour or so old and put them in one file. > > This is what I am using so far: > > find . -mtime -1 -type f | xargs cat > temp.txt > > However, this only grabs files that are less than a day old, so I get some > files returned that I don't want. I tried using -0.5 instead of -1 and it > didn't work. How can I accomplish this? > find . -mtime -1h -type f man find -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postfix on FreeBSD
On Wed, 9 Mar 2005 17:45:34 + (UTC), Christopher Nehren <[EMAIL PROTECTED]> wrote: > On 2005-03-09, Paul Schmehl scribbled these > curious markings: > > Should be: > > postmap hash:/usr/local/etc/postfix/access > > Really? I've updated hash files (not access, but canonical and > transport) without the hash: prefix and they've worked fine. Taking a > look at the top of those files even shows the usage without the hash: > prefix (access included). > > Best Regards, > Christopher Nehren If you don't specify the database type, postfix will use the defined default_database_type Unless you are using multiple database types, you don't need to specify this. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postfix restrictions error
- Original Message - From: "dave" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 25, 2003 9:59 PM Subject: postfix restrictions error > Hello, > I'm trying to implement the below restrictions on my postfix 2.0.16 > system. I am getting the error: > "Missing '=' after attribute 'permit_mynetworks'" on a line number > I copied these verbatum from a site, i do not understand what is up. > Thanks for any help, it's probably just the late hour. > Thanks a lot. > Dave. > > # uce values > strict_rfc821_envelopes = yes > smtpd_etrn_restrictions = permit_mynetworks > smtpd_helo_required = yes > smtpd_helo_restrictions = > permit_mynetworks, > reject_unauth_pipelining, > reject_invalid_hostname > reject_maps_rbl > maps_rbl_domains = > sbl.spamhaus.org, > relays.ordb.org, > opm.blitzed.org, > dun.dnsrbl.net, > spam.dnsrbl.net > smtpd_sender_restrictions = > reject_non_fqdn_sender, > reject_unknown_sender_domain > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, > reject_non_fqdn_recipient > Lines to be included in a parameter must be either all on the same line or indented with spaces. The comma is optional. examples: smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_invalid_hostname reject_maps_rbl maps_rbl_domains = sbl.spamhaus.org relays.ordb.org opm.blitzed.org dun.dnsrbl.net spam.dnsrbl.net -- Noel Jones ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Tape drive suggestion (IDE)
Hi, I'm currently in the market for a reasonably inexpensive tape drive, I was looking at the Seagate Hornet 40GB IDE drive? Does anyone have any experience with this? Or any recommendation as regards a drive. I'm looking to spend less than 500 euros/dollars. I'm looking to back up 30-40Gb per week. Obvious point it must work with FreeBSD and I'd prefer to use IDE/ATAPI rather than scsi. Thanks in advance. Regards, Noel. pgp0.pgp Description: PGP signature
missing startkde
hi all. i recently installed kde3 via ports, but it seems that make forgot to install startkde. i thought that it was just a problem with cvsupping in between updates, so i deinstalled kde3, cvsupped again this morning, and reinstalled kde3 via ports. same problem. is it possible to just create a startkde script? if so, can anyone give me a copy of the contents? i dunno what startkde should contain :-). tnx in advance. __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how do i invoke the command "ee" ... problem solved.
hey all, thanks for all the tips. problem is system won't let me run fsck -p, but i was able to mount the partition where my /usr is, so i was able to edit /ect/fstab and make the system look in the right places. thanks a lot to all of you. i really appreciate it. --- Mike Meyer <[EMAIL PROTECTED]> wrote: > In <[EMAIL PROTECTED]>, Giorgos > Keramidas <[EMAIL PROTECTED]> typed: > > Nah. It's not a good idea to use "mount -a" > before fsck. The safest > > thing you can do if you haven't tinkered with the > sizes and/or order > > of the partitions is to run: > > > > # fsck -p && mount -u / && mount -va > > I disagree. If the file systems were dismounted > cleanly, then "fsck -p" > just verifies that, and does nothing. If they > haven't dismounted > cleanly, then mount won't mount the file systems. > Running "fsck -p" > just insures that the file systems will mount - > unless they are really > badly damaged. You won't hurt anything if you skip > the "fsck -p", you > just may have to run it then rerun the mount. > >-- > Mike Meyer <[EMAIL PROTECTED]> > http://www.mired.org/consulting.html > Independent WWW/Perforce/FreeBSD/Unix consultant, > email for more information. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
how do i invoke the command "ee" or "vi" when system fails to load
hello. pardon my stupid question, but how do i invoke the command "ee" or "vi"? i recently removed partition no. 2 on my disk, and fbsd resides on partition no. 3, so now i have 2 partitions, windoze on partition 1 and = fbsd on partition 2. but when i boot into fbsd, the system cannot see the files, and drops me into the "#" prompt. how do i invoke "ee" or "vi"? is it ok to just edit the file "/etc/fstab" and reboot? is there anything else i need to do? thanks in advance. pls. cc any response because this email address of mine is not subscribed, bec. any mail from my other subscribe addy gets bounced due to a spammer on my isp. i hate spammers!!! they should be shot! __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
