FreeBSD: Proper buildworld technique

VMware Virtual Machine Hosting

Follow all these steps in this exact order…this is from hard-won experience!!!

1. cvsup the correct /usr/src – example cvsup files can usually be found in /root/sup. Normally we follow the security releases e.g. RELENG 6_2 rather than stable e.g. RELENG_6
2. read /usr/src/UPDATING to make sure nothing bad is going to happen.
3. rm -rf /usr/obj or weird bad shit can happen. This is #1 cause of failed installworlds.
4. check /etc/make.conf is sensible…usually it is but for a new box it won’t be.
5. mergemaster -p – otherwise installworld can fail with new users and groups, or worse it doesn’t boot.
6. make -j16 buildworld
7. check kernel config file, usually you can use the one from the previous release, not always. Using WWW here.
8. make buildkernel KERNCONF=WWW
9. make installkernel KERNCONF=WWW
10. [OPTIONAL] reboot to see if the kernel is OK. This is a 2-edged sword, because if you don’t do it, you are screwed if there is a problem with the kernel and you’ve already done installworld. If you do it, the kernel comes up incompatible with userland, and in the worst case, tcp/ip is broken!
11. make installworld
12. mergemaster – take care not to overwrite /etc/ssh/sshd_config and lock yourself out of the box!
13. reboot and pray to the FSM!

VMware Virtual Machine Hosting

Arizona “Action to Foreclose”

VMware Virtual Machine Hosting

Arizona Tax Lien “Action to Foreclose” notification process:

42-18202. Notice

A. At least thirty days before filing an action to foreclose the right to redeem under this article, but not more than one hundred eighty days before such an action is commenced or may be commenced under section 42-18101 the purchaser shall send notice of intent to file the foreclosure action by certified mail to:

1. The property owner of record according to the records of the county recorder in the county in which the property is located or to all of the following:

(a) The property owner according to the records of the county assessor in the county in which the property is located as determined by section 42-13051.

(b) The situs address of the property, if shown on the tax roll and if different from the owner’s address under subdivision (a).

(c) The tax bill mailing address according to the records of the county treasurer in the county in which the property is located, if that address is different from the addresses under subdivisions (a) and (b).

2. The treasurer of the county in which the real property is located.

B. The notice shall include:

1. The property owner’s name.

2. The real property tax parcel identification number.

3. The legal description of the real property.

4. The certificate of purchase number.

5. The proposed date of filing the action.

C. If the purchaser fails to send the notice required by this section, the purchaser is considered to have substantially failed to comply with this section. A court shall not enter any action to foreclose the right to redeem under this article until the purchaser sends the notice required by this section.

VMware Virtual Machine Hosting

Routing Hackers To /dev/null (Blackhole)

Add: route add -host attacker_ip 127.0.0.1 -blackhole
Remove: route delete -host attacker_ip 127.0.0.1 -blackhole

The above will route all traffic from the “attacker_ip” to a blackhole.

This is useful when you see someone relentlessly attacking any daemon on your server (ssh, http, ftp, etc).

[ad#Google Adsense]

Decrypt SMIME E-Mails – BlackBerry/iPhone

VMware Virtual Machine Hosting

I, and most everyone I deal with, use SMIME e-mail certificates from Verisign/Thawte/Home Brew. Unfortunately, these e-mails can not be viewed on an BlackBerry (without BES) or iPhone.

I overcame this by creating an alias on my server that would receive e-mails, decrypt them, and send them back to me -> UNENCRYPTED.

[NOTE: If you are reading this and clean up my technique, please email me your updates! admin -at- tediosity.com]

1. Install openssl on your server

2. Export your key and cert from your desktop machine in PFX format and upload it to your server.

3. Run this command on your cert:
openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes

The output of the above will be your key and cert in 1 file (mycert.pem). Make two separate files with mycert.pem: key and cert. Place these two files in: /usr/decrypt

4. Download this Python script: http://phd.pp.ru/Software/Python/extract_mime.tgz
Put the extracted file in: /usr/decrypt

5. Use this wrapper [name: extract_mime] and place it in /usr/decrypt
———————
#! /bin/sh

if ! cd /usr/decrypt/; then
echo “Cannot cd to work dir”
exit 1
fi

TMPFILE=”_mail_tmp.$$”
rm -rf $TMPFILE # to be on safe side

# get message from sendmail
cat – > $TMPFILE

# parse message
/usr/decrypt/extract_mime.py /usr/decrypt/$TMPFILE >>log 2>>err

# clean up
rm -rf $TMPFILE
————–

6. [ASSUMES SENDMAIL IS YOUR MTA] Edit your aliases file and add:
decrypt: “| /usr/decrypt/extract_mime”

7. Cron this script for every 5 minutes:

/usr/decrypt/check.sh
———–
#!/bin/sh
if [ -f /usr/decrypt/smime.p7m ];
then
/usr/local/bin/openssl smime -decrypt -binary -inform DER -in /usr/decrypt/smime.p7m -inkey /usr/decrypt/key -recip /usr/decrypt/cert| mail -s “Your unencrypted e-mail” youremail@yourdomain.com
rm /usr/decrypt/smime.p7m

else
exit
fi
————-

NOTE:It appears there is now an app for the iPhone and iPad to read SMIME e-mails and documents. It is available in the appstore: CLICK HERE

VMware Virtual Machine Hosting

FreeBSD: Aliasing IPs

[ad#Google Adsense]

Edit /etc/rc.conf

The primary IP of the machine will be defined by a line that looks similar to this:

ifconfig_rl0=”inet 192.168.1.2 netmask 255.255.255.0″

To add additional IPs you simply:

ifconfig_rl0_alias0=”inet 192.168.1.3 netmask 255.255.255.255″
ifconfig_rl0_alias1=”inet 192.168.1.4 netmask 255.255.255.255″

[ad#Google Adsense]

FreeBSD: Moving To A Larger Harddrive

[ad#Google Adsense]

Moving to a Larger Hard Drive

Applicable to: FreeBSD 4.3 and Higher

This Sheet describes the procedure I used to move my company’s FreeBSD system to a larger hard drive.

1. Verify that the system supports two hard drives. If not, rebuild the kernel with support for two hard drives:

# ATA and ATAPI devices

device ata0 at isa? port IO_WD1 irq 14

device ata1 at isa? port IO_WD2 irq 15

device ata

device atadisk # ATA disk drives

2. Shutdown and install the additional drive as the slave on the primary IDE controller. Be sure to set the existing drive from ‘single’ to ‘master.’

3. Boot to single user mode:

ok boot -s

# fsck -p

# mount -u /

# mount -a -t ufs

# swapon -a

4. Run sysinstall:

# /stand/sysinstall [This is now just sysinstall on newer versions

1. Choose ‘Configure,’ then ‘Fdisk’ from the menu, then choose drive ‘ad1.’

2. In the FDISK Partition Editor, choose ‘A’ to use the entire disk, then choose ‘W’ to write the changes to disk. Press ‘Q’ to continue.

3. Choose ‘Standard’ at the “Install Boot Manager” dialog box.

4. Back at the sysinstall menu, choose ‘Label’.

5. In the Disklabel Editor, create the following partitions:

ad1s1a /mnt 512MB as UFS

ad1s1b swap 512MB as swap

ad1s1e /mnt/usr remaining as UFS

Note: To get partition ‘a’, tell Disklabel Editor the mount point is ‘/’, then change it to ‘/mnt’ using the ‘M’ option.

Choose ‘W’ to write changes to disk, then choose ‘Q’ to continue.

6. Exit sysinstall.

5. If the new filesystems aren’t automatically mounted, mount them by hand:

# mount /dev/ad1s1a /mnt

# mount /dev/ad1s1e /mnt/usr

6. Copy the existing filesystems:

# tar clf – -C / -X /mnt . | tar xpvf – -C /mnt

# tar clf – -C /usr . | tar xpvf – -C /mnt/usr

7. Shutdown and remove the old hard drive. Be sure to set the new drive from ‘slave’ to ‘single.’

8. Boot to single user mode:

ok boot -s

9. If softupdates are compiled into the kernel, enable soft updates on the new drive:

# tunefs -n enable /usr

10. Mount the remaining filesystems:

# fsck -p

# mount -u /

# mount -a -t ufs

# swapon -a

11. Verify that all of the filesystems are properly mounted:

# mount

/dev/wd0s1a on / (ufs, local, writes: sync 8 async 204)

/dev/wd0s1e on /usr (ufs, local, soft-updates, writes: sync 366 async 13493)

procfs on /proc (procfs, local)

12. Reboot and observe startup messages to ensure the system is functioning properly.

[ad#Google Adsense]

Networking Subnets – Quick Reference

[ad#Google Adsense]

notation resulting subnet
netmask shorthand number of addresses
255.255.255.0 /24 [8-bit] 28 = 256 = 254 hosts + 1 bcast + 1 net base
255.255.255.128 /25 [7-bit] 27 = 128 = 126 hosts + 1 bcast + 1 net base
255.255.255.192 /26 [6-bit] 26 = 64 = 62 hosts + 1 bcast + 1 net base
255.255.255.224 /27 [5-bit] 25 = 32 = 30 hosts + 1 bcast + 1 net base
255.255.255.240 /28 [4-bit] 24 = 16 = 14 hosts + 1 bcast + 1 net base
255.255.255.248 /29 [3-bit] 23 = 8 = 6 hosts + 1 bcast + 1 net base
255.255.255.252 /30 [2-bit] 22 = 4 = 2 hosts + 1 bcast + 1 net base
255.255.255.254 /31 [1-bit] 21 = invalid (no possible hosts)
255.255.255.255 /32 [0-bit] 20 = 1 a host route (odd duck case)


[ad#Google Adsense]