Blue Flower

Sunday, 05 July 2015 13:08

Installing MYSQL

Written by

Installing the MySql Database Server

Installing Mysql

MySQL is a very fast, multi-threaded, multi-user and robust SQL (Structured Query Language) database server. For more information (Mysql has VERY good documentation I might add) please check out http://www.mysql.com/

All we need to do are a few things. Lets get Mysql installed first. This will install both the client and the server automatically.


# cd /usr/ports/databases/mysql56-server
# make install clean

Configuring mysql

We now need to tell Mysql to come up on startup. To do this, we need to add mysql_enable="YES" to /etc/rc.conf. So lets go ahead and edit /etc/rc.conf and add it!


# echo 'mysql_enable="YES"' >> /etc/rc.conf

Manually starting Mysql

Run the following command to start mysql:


# /usr/local/etc/rc.d/mysql-server start

You will then see Starting mysql. and then it will drop to the next line. See if it's running by using the following command:


# ps -auxw | grep mysql

and you should see something like:


mysql 35843 0.0 0.4 1644 1132 p0 I 10:27PM 0:00.03 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/var/db/mys
mysql 35861 0.0 10.6 55544 26852 p0 S 10:27PM 0:01.50 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/mysql/my.cnf

Don't worry if you see it cutoff at the end of the first line. This is completely normal. These 2 lines are just telling us mysql is running fine! Mysql is installed and configured!

Now to set the correct users:


# chown -R mysql /var/db/mysql/
# chgrp -R mysql /var/db/mysql/

To ensure the security of the default settings of MySQL, continue with the command below:


# mysql_secure_installation

When prompt with “Enter current password for root” hit enter for none then Y(Yes) to set MYSQL password. You will then be prompted with a series of questions. Just type Y for yes on all of them, see the screen shot below:

Sunday, 05 July 2015 13:06

Installing Fetchmail

Written by

Originally taken from http://www.thedjbway.org/services/fetchmail.html
Modified for Freebsd courtesy of William Olson

fetchmail is a mail retrieval utility written by Eric S. Raymond. It is extremely flexible and configurable for a variety of retrieval and forwarding applications.

Although fetchmail has its own daemon mode, using it with a daemontools setup will provide some advantages. These include:

* consistent control interface through daemontools' svc utility
* reliable, platform-independent daemon start-up and run
* logging with multilog

Lets first install fetchmail:


# cd /usr/ports/mail/fetchmail
# make install clean

Here we also create a directory where fetchmail will reside:


# cd /var/qmail/supervise
# mkdir -m 755 fetchmail
# cd fetchmail
# fetch http://freebsdrocks.net/files/run.fetchmail
# mv run.fetchmail run
# chmod 755 run
# mkdir -m 755 log
# cd log
# fetch http://freebsdrocks.net/files/log-run
# mv log-run run
# chmod 755 run

Now to set the correct ownership on the supervise file so you can write the pid file:


# chown fetchmail:fetchmail /var/qmail/supervise/fetchmail/

If you open up the run file, you will see the INTERVAL which is the amount of seconds to wait before checking messages. Right now it is set to check messages every 5 minutes.

Now lets configure the /usr/local/etc/fetchmailrc

replace pop.server below with the actual name of the pop server
replace the user with the actual username of the host you are checking
replace the pass with the actual password of the host you are checking

The SMTP host is the IP of your qmail server. This is needed so fetchmail doesn't have to auth with qmail.

poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10

Multiple lines/polls can exist. If you're checking multiple email accounts on one server, you can just use something like so:

poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
smtphost 192.168.9.10

Or if you're checking multiple servers:

poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here
poll pop.server
with protocol pop3
username user password pass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

Lots of different combinations are avilable.


# chown fetchmail:nofiles fetchmailrc
# chmod 600 fetchmailrc

And then create the service:


# ln -s /var/qmail/supervise/fetchmail /service/

After a few seconds run


# svstat /service/fetchmail/ /service/fetchmail/log/

And you should see something like:


/service/fetchmail/: up (pid 50481) 4 seconds
/service/fetchmail/log/: up (pid 50482) 4 seconds

If you want to force fetchmail to check messages, The svc -t /service/fetchmail command will force fetchmail to terminate and restart giving you the same effect.

Sunday, 05 July 2015 13:03

Enabling IPv6 on PFSense

Written by

Download, install, burn the iso then configure pfsense here : http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=46

Run over to http://tunnelbroker.net/, click register at the bottom and once you're verfied setup an IPv6 tunnel. Once this is done print out the details page then continue on.

Login to pfsense via the console or ssh (if enabled) of pfsense and hit option 8 for the shell. Then create the following 2 scripts

# cd /usr/local/etc/rc.d/
# touch config-ipv6.sh
# chmod 755 config-ipv6.sh
# vi config-ipv6.sh

#
# Start Script
#

#!/bin/sh

IFOUT="gif0"
IFIN=""
WANIP=""

IPv6Router=""
IPv6Server=""
IPv6Client=""

IPv4Server=""
IPv4Client=""

####### Configure the stuff

# Configure the interfaces
ifconfig $IFIN inet6 $IPv6Router prefixlen 64

ifconfig $IFOUT create
ifconfig $IFOUT tunnel $IPv4Client $IPv4Server
ifconfig $IFOUT inet6 $IPv6Client $IPv6Server prefixlen 128
ifconfig $IFOUT up

route add -inet6 default fe80::%$IFOUT
route add -inet6 default $IPv6Server

# Configure IPv6 forwarding
sysctl net.inet6.ip6.forwarding=1

/usr/sbin/rtadvd -d -D -c /etc/rtadvd.conf $IFIN

cat /tmp/rules.debug | sed "/User-defined rules follow/{
p;s/.*/\
pass in quick on $IFIN inet6 from any to any\\
pass out quick on $IFIN inet6 from any to any\\
pass out quick on $IFOUT inet6 from any to any\\
pass quick proto ipv6-icmp from any to any\\
/;}" > /tmp/rules.config-ipv6.txt

# Read the new PF configuration file
pfctl -f /tmp/rules.config-ipv6.txt
pfctl -d; pfctl -e

#
# End Script
#

Leave IFOUT as it is. Don't touch it
IFIN is your LAN adapter
WANIP is your WAN IP

IPv6Router is your Routed 64 ending with a 1
IPv6Server is your Server IPv6 address
IPv6Client is your Client IPv6 address

IPv4Server is the Server IPv4 address
IPv4Client is your WAN IP

There are no other changes to be made

# cd /etc/
# vi /etc/rtadvd.conf

#
# Start Script
#

IFIN:\
:addrs#1:addr="*":prefixlen#64:tc=ether:

#
# End Script
#

IFIN is your LAN adapter
* is your Routed 64 address

Reboot and your pfsense will start handing out ip addresses. Try to ping google using 'ping6 ipv6.google.com'.

The only issue I have with this is sometimes the tunnel times out and you have to run the script manually. It's a pita but it still workisn. I would put this script in crontab and run it just before the start of the business day just to make sure the tunnel is up or run something like irssi on ipv6. The freenode IPv6 server is ipv6.chat.freenode.net

Sunday, 05 July 2015 13:02

Installing Squid

Written by

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process.

For more information, Please see http://www.squid-cache.org/

Now lets install it!


# cd /usr/ports/www/squid30
# make install clean

make sure that all below are checked:


SQUID_WCCP
SQUID_IDENT
SQUID_ARP_ACL

Now lets copy over the default configuarion file:


# cd /usr/local/etc/squid
# cp squid.conf.default squid.conf

Now edit squid.conf


# vi squid.conf

You can change the port number from the default if you would like, but I left it with port 3128

Edit "#Recommended minimum configuration:"

acl localhost src 127.0.0.0/255.255.255.255

to respective IP and subnet

Further down uncomment:

acl our_networks src 192.168.1.0/24 192.168.2.0/24

again to respective ip and subnet

uncomment:

http_access allow our_networks

save and exit and then run

Run 'squid -z' to create swap directories


# /usr/local/sbin/squid -NCd1 &

after it stops hit control c

type


# squid

if no errors, open your browser and set it to your proxy server and then try to open a webpage.

Wednesday, 08 June 2016 20:23

Setting your locale

Written by

this is for setting your locale in the USA.Run locale -a to get a list of all the available locale settings.

Edit /etc/login.conf and modify/add the following lines:

        :umask=022:\
        :charset=UTF-8:\
        :lang=en_US.UTF-8:

Run

cap_mkdb /etc/login.conf

log completely out and log back in

now run locale and this should pop up:

LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_ALL=

Sunday, 05 July 2015 13:01

Updating and Maintaining Ports and Sources

Written by

If you are going to just be using ports and not updating sources you do not have to install subversion below. To update ports just run the following command the first time:


# portsnap fetch && portsnap extract

to update ports thereafter just run


# portsnap fetch && portsnap update

You can also have ports updated via cron:


/usr/sbin/portsnap cron update

You will want to install subversion to update ports and sources. If you have already installed subversion then skip this step and continue on.


# cd /usr/ports/devel/subversion
# make install clean

Wait until it downloads a few things and then the install will be completed. At this time there are 2 subversion sites to fetch sources and ports from. Please note that if you have extracted sources and ports via sysinstall or cvsup BEFORE going through this walkthrough then they will need to be deleted first and then checked out by subversion. Updating is easy after that.

Deleting the current ports and sources

First lets get rid of the current /usr/src:


# rm -dfr /usr/src
# mkdir /usr/src

A list of the current subversion sites are below.

https://www.freebsd.org/doc/handbook/svn.html#svn-mirrors

Now we need to checkout both ports and sources using the following commands. Replace HOST with the closest mirror to you (See link above). Also on the 2nd line if you are using FreeBSD 9 then the command shown will work fine.


# cd /usr/src
# svn checkout https://svn0.us-east.FreeBSD.org/base/stable/10 /usr/src

Please DO NOT continue until at least the sources are updated via svn

Keeping up to date on your ports and sources is important. Updating sources helps your system keep up with the latest updates when you run you next make buildkernel. This is also helpful when you are upgrading. Upgrades don’t happen quite that often but it is a good idea to update them from time to time.Updating your ports is most important! If you don’t update ports, you are or could be installing an outdated port. I put this is a daily script in my ~user/bin folder called daily.sh. The command you use to update ports is

# cd /usr/ports
# svn checkout https://svn0.us-east.FreeBSD.org/ports/head /usr/ports

One good thing to start with is when you’re running scripts, give them good names so you don’t forget what they have in them. So if you run a script hourly, you can call it hourly.sh and so on. I have a daily script that runs twice a day that runs a bunch of different things:

#!/bin/sh
# Update the time to the MIT Time Server
/usr/sbin/ntpdate time.mit.edu
# updates your headers when you upgrade ClamAV or SpamAssassin
/usr/local/bin/setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
# Update sources
/usr/local/bin/cvsup -g -L 2 /root/stable-supfile
# Update Ports
/usr/local/bin/cvsup -g -L 2 /root/ports-supfile
# Backup /usr/local/etc
/bin/rm /home/wolson/archives/etc.tgz
/usr/bin/tar cvzf /home/wolson/archives/etc.tgz /usr/local/etc

Just read the notes and you should be able to figure out what that script does. That’s my daily.sh script

I would definitely recommend running a backup of vpopmail if you have a test or a backup box running. Here is the URL for it:

http://freebsdrocks.net/index.php/13-useful-qmail-utilities/87-how-to-backup-vpopmail-with-rsync-ssh

Maintaining your Ports

It is a good idea to keep your ports system up to date. There really isn’t an easy way to do this via a script so I would recommend you do this kind of thing once a week or so. If you wait a month or two or even more, you’ll have a lot of fun doing a bunch of portupgrades. If you run the following command, it will tell you what needs updating:

# pkg version -vL=

Here is my output:

linux_base-8-8.0_14 < needs updating (port has 8.0_16)
portaudit-0.5.10 < needs updating (port has 0.5.11)

Generally the way we want top do this is via portupgrade. If you haven’t installed it yet, just do:

# cd /usr/ports/ports-mgmt/portupgrade
# make install clean

If I want to upgrade linux_base-8-8.0_14 and all it's upward-recursive and downward recursive dependencies, this is what I would do:

# portupgrade -rR linux_base-8-8.0_14

Warning: I would not run the command below unless it’s on a test box. I WOULD NOT RECOMMEND THIS FOR A PRODUCTION MACHINE!!!

Here's how to upgrade all packages, downwards-recursive AND upwards-recursive, and clean up obsolete shared libraries:

# portupgrade -urRa

That’s basically it to updating and managing ports!

Page 20 of 23