Archive for the ‘Unix – FreeBSD’ Category

FreeBSD 10.1 on HP EliteBook 8440p

March 2, 2015

I did a simple setup for FreeBSD on this laptop. I’ve not gotten around to playing with ACPI events such as battery and lid closing. This laptop is purely for BSD Certification testing and playing around with the other BSD’s.

What I can tell you is that everything worked straight from the install with a few addition/tweaks.

Install – You’ll need the UEFI boot images. Even if UEFI is disabled in the bios, it still will not work. Also set the hard drive settings to IDE instead of AHCI.
Wifi – Intel N600 chipset. Just follow the Wireless document in the handbook. Fully supported.
Xorg – NVIDIA drivers. You’ll need to install NVIDIA-drivers-340 and NVIDID-xconfig.

Thats all I have so far because thats all I really need on it for the time being.

OpenBSD 5.6 and VirtualBox

March 2, 2015

So apparently OpenBSD on Virtualbox needs VT enabled in the BIOS or you can’t install it. If you keep getting an error or you can’t press “I” during setup to initial the install, this is why. Go into your BIOS and enable Virtual Technology.

PF Sense & Netgate APU board

December 22, 2014

This guy has a good tutorial…  click here

 

Download the latest embedded image from PF Sense.  You’ll want the 64bit option.

You’ll need to write the image to your SD card.  Depends on your OS.

Windows – download WriteDiskImage

Mac – $ sudo gzcat pfsense-XXX.img.gz | dd of=/dev/disk[n] bs=16k        (unmount the disk, unmountDisk /dev/diskN)

The default serial speed on the board is 115200 but you can set you terminal to 9600.  You’ll see gibberish.  Set your terminal you are using.

FreeBSD – cu -l /dev/cuau0 -s 9600 -t     ( to exit type:   ~. )

Linux – use minicom

Plug in your serial cable and power cable.  Lets do this.

When you see a message about ‘Booting [/boot/kernel/kernel]’ press CTRL-C until it drops to an ‘OK’ prompt.

Type:  set kern.cam.boot_delay=10000

Type:  boot

Assign your interfaces.  I suggest you do auto config.

Log in to the webgui and go to Diagnostics menu –> edit file.

Click the browse button.  Click on the /boot folder.   Click the /default folder.  Click the loader.conf.   Click load at the type.

Add this line:  kern.cam.boot_delay=”10000″

Save it.

Now go System –>  Advanced.    Down near the bottom.  Change your console speed to 115200.  Click save down at the bottom.

 

 

FreeBSD 10 – sFTP setup

May 21, 2014

 

First off, sFTP doesnt actually use FTP protocol or associate with it.  It’s pretty much like SCP but with other features.  It uses port 22 as well.  The one unique thing about it is that the user or group you specify in the sshd_config for sFTP will not be able to log in with SSH.  That user will only be able to sFTP into the server.

Pretty simple to setup.

ee /etc/ssh/sshd_config

scroll down to the bottom and put this in…

Match User sftpuser                (specify “group” instead of user if you wanted)
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

 

Thats it.

# service sshd restart.

Create your user.

Root must be the owner of the home directory.  It should be by default.

Create another directory inside the new users home for them to access.

mkdir /home/sftpuser/files

chown root:sftpuser /home/sftpuser

chown sftpuser:sftpuser /home/sftpuser/files

 

You are done!  Have fun!

FreeBSD 10 ssh key authenication

May 21, 2014

 

# ssh-keygen -t rsa  (uses default 2048, want higher?  use -b 4096)

Enter a passphrase.

cat id_rsa.pub >> .ssh/authorized_keys

ee /etc/ssh/sshd_config  

Comment out (#) the line ChallengeResponseAuthenication and change it to "no" (without the quotes)

service sshd restart

Copy the id_rsa (private key) to your laptop/desktop or whatever computers you use.   drop it into the .ssh directory of your system directory.  Have Windows?  point to it in Putty.  I believe most distro's will read the id_rsa as a default key file so you may need to change its name if you SSH to other servers.  for example...I have a server named web01....so I would ssh user@web01 -i web01.priv  <--- is my private key.  



FreeBSD 10 USB 3.0

May 19, 2014

Just an FYI.  I have an ASUS motherboard with USB 3.0.  I had an issue with FreeBSD 10 and using a USB 3 device.  It would fail to allocate a resource or an assignment of sorts.   I had to go into the BIOS, disable “USB Legacy”.  Now USB 3 works on my PC.

FreeBSD 10 / PCBSD 10 and Edimax 7811un

March 5, 2014

FreeBSD 10 supports the Edimax 7811un (RTL8188CUS chipset, FreeBSD calls the device “urtnw0″) right off the bat.  BUT…there is a small trick to get it working if you don’t see the error message.  Plug in your 7811un to your PC.  Install FreeBSD.

**** if you are using PC-BSD, do the same steps as below.  You’ll have to go into /boot/loader.conf.pcbsd file and edit out the step 3 options.

Do the following:

1. setup your /etc/rc.conf with the following…
wlans_urtwn0=”wlan0″
ifconfig_wlan0=”WPA DHCP”

2. setup your /etc/wpa_supplicant.conf with the following…(my network is WPA2)

network={
     ssid=”yourSSID”
      psk=”yourKey”
}

3. setup your /boot/loader.conf file with the following…
if_urtwn_load=”YES”
wlan_wep_load=”YES”
wlan_ccmp_load=”YES”
wlan_tkip_load=”YES”
legal.realtek.license_ack=1

***The last line is the most important.  If you don’t add that it won’t work.  

4. REBOOT  –  this is a must.

Thats it.  It should come up on its own.  This is if you have your network setup with a WPA2 encryption.  If you need additional help, consult the FreeBSD Handbook wireless section.

PF Firewall settings

February 7, 2014

Here are my PF settings.  Very basic for a firewall on one PC.  I’m not running a router or gateway off my PC.

What this does is block everything coming in, allow anything out and remember its state status so it can come back in.  I do allow SSH to come from the outside and to protect me from hackers I have enabled <ssh_bruteforce> and made it add IP address that have 3 bad login attempts in 60 seconds to be added to the list.  They will be blocked indefinitely.

CONFIG:

#
# Steve’s PF Firewall Rules
#

#Variables
ext_if = “ale0″
ext_ip = “( ” $ext_if ” )”
tcp_services = “{ 22 }”
#icmp_types = “echoreq”

# Tables
table <ssh_bruteforce> persist

# Return a reset for all blacks
set block-policy return

# Ignore the loopback
set skip on lo0

# Anything in the blacklist should be stopped here
block in quick on $ext_if from <ssh_bruteforce> to any

block in all
pass proto icmp all
pass out all keep state
pass in on $ext_if proto tcp from any to $ext_ip port $tcp_services flags S/SA keep state (max-src-conn-rate 3/60, overload <ssh_bruteforce> flush global)

Bash backup script

December 15, 2013

Just a simple back up script and my cron entry.  This script will check to see if your USB device exist.  If so, it mounts, it rsyncs, it echo’s a date and a “complete” string into a file then unmounts the drive.  If the USB device don’t exist, it echos a fail into a file.

My script runs every night 1 minute after 3am.

*Reason I have unmount is so I can just yank it out whenever I want.  Also, with any *nix, there is more than one way to skin a cat, this is my way I figured out on my own.

#######  SCRIPT ########

#!/bin/sh

if [ -e ‘/dev/da0p1′ ] ; then

/sbin/mount /dev/da0p1 /backup

/usr/local/bin/rsync -a –delete /data/ /backup/

echo “$(date) COMPLETE” >> /home/user/backup.log

/sbin/umount -f /backup

else

echo “$(date) FAILED” >> /home/user/backup.log

fi

##############  CRONTAB ENTRY ##########

1 3 * * * root cd /home/user && ./backup.sh

 

FreeBSD handy commands

December 11, 2013

These are just some commands for trouble issues, kernel, device, etc stuff.

– usbconfig   check USB devices

– pciconf -lv   check PCI devices

– kldstat – check kernel modules

– fsck -t ufs -y /dev/ (drive/slice)    “/dev/da0p1″

 


Follow

Get every new post delivered to your Inbox.