FreeBSD

This is my page with some hints and tips about FreeBSD, with a focus on running it on servers. I try to link to the official FreeBSD pages which are a very good source for information as well as to some blog posts I found for some topics that might be of interest. Feel free to contribute if you have anything to say.

enjoy

Installation
Paritioning:

Disklabels:

net/cvsup-without-gui

 * Description: cvsup is used to update our port collection, we install the version without GUI so no X11 dependencies will be installed
 * Config file: Copy a file from /usr/share/examples/cvsup to /etc, I recommend to use ports-supfile unless you want to update more than just ports.
 * Changes: Adjust the hosts= entry to hosts=cvsup.ch.freebsd.org

net/openntpd

 * Description: This is OpenBSD's Network Time Protocol daemon, my recommendation to synchronize time on a system. It is easy to configure and works flawlessly.
 * Config file: /usr/local/etc/ntpd.conf
 * Changes: servers europe.pool.ntp.org: like this we use servers which are based in Europe, not worldwide.
 * rc.conf: openntpd_enable="YES"
 * Remarks: If your machine has a big difference to the real time run /usr/local/sbin/ntpd -s</tt> first to change the time immediately. If you do not do that ntpd will adjust the time very slowly to not confuse any applications. Once you did that you can kill the process and run it via rc.d

sysinstall
In case you want to change something in your FreeBSD configuration the easiest way to do that is to run sysinstall</tt> again. This is the FreeBSD installer you saw during the install itself. To launch it you have to type the full path:

/stand/sysinstall

Then, select Do post-install configuration</tt> in the menu to continue.

CVSup
Install CVSup cd /usr/ports/net/cvsup-without-gui make all install clean Selecting your supfile: Copy the ports-supfile from /usr/share/examples/cvsup</tt> to /etc/ports-supfile</tt>. Edit it and change it according to your needs (at least the host=</tt> entry.

Update the tree with cvsup /etc/ports-supfile

Rebuild the index & readmes cd /usr/ports make index && make readmes

Alternatively you can simply type make fetchindex to get a pre-compiled version from a server, which is much faster

Now you can check if you have the most recent revisions installed: pkg_version -v

Reference:
 * Absolute BSD, Chapter 6: Upgrading FreeBSD and Chapter 10: Making Your System Useful
 * FreeBSD Manual about CVSup

Upgrading Ports
pkgdb -F portupgrade -a portupgrade pkgname
 * install sysutils/portupgrade
 * create/update package-database:
 * run portupgrade:
 * to update a single package:

(see also: FreeBSD handbook, using ports)

Flags for Ports
Many ports contain flags as compile-options, if you compile the stuff yourself you usually do something like ./configure --with-bdb</tt>. On FreeBSD we can do something similar:

make install WITH_OPENSSL=YES

To get a list of flags you can simply start it without flags and hit ctrl-z</tt> soon enough (quite hard on fast machines) or you simply have a look at the Makefile</tt>.

If you want your flags to be persistent during a port-upgrade you can write them into the file

/usr/local/etc/pkgtools.conf

Example:

MAKE_ARGS = { 'mail/vpopmail' => [ 'WITH_PASSWD=yes', 'WITH_VALIAS=yes', 'WITH_MYSQL=yes', 'WITH_CLEAR_PASSWD=yes', 'WITH_QMAIL_EXT=yes', ],   'mail/qmailadmin' => [ 'WITH_MODIFY_QUOTA=yes', 'WITH_DOMAIN_AUTOFILL=yes', 'CGIBINDIR=www/cgi-bin', 'WEBDATADIR=www/data', ],   'graphics/ImageMagick' => [ 'WITHOUT_X11=YES', ], }

Note this just works for pkg-tools!

There is an article about that here

Find out system information
as the /proc-filesystem in bsd doesn't contain various information like cpuinfo and others, you have to use another way to access such information. you can use "sysctl" for that purpose.

sysctl -a

to find out specific information about a running system. you can specify which part of the information you want to see by appending the name of the flags:

sysctl -a hw

will only display fields which begin with hw.

SMTP configuration
If you want your FreeBSD box to be able to send mail the easiest way to go is to configure ssmtp. Note, if you want that the From:</tt> does not get overwritten, you have to set this line:

FromLineOverride=YES

Now you can test it like this on a shell:

/usr/sbin/sendmail -ti From: <test@example.com> To: <destination@example.org> Subject: Test Hello Test, This is a test. <ctrl-d>

<Ctrl-d></tt> is generic end-of-file.

(Credits: ftc :)

X11 forwarding
If you need to have X11 forwarding you need to install XFree86-4-clients</tt> or xorg-clients</tt> respectivly. Also you have to change the /etc/ssh/sshd_config</tt> file and set X11Forwarding yes</tt>.

Compile-time flags for PHP used on mushroom/grinsekatz
the following flags have been used for compilation of php4 on the hosts mushroom/grinsekatz:

NOTE: Those flags are in lang/php4-extensions</tt>! Not in <tt>php4</tt> itself.

BCMATH CALENDAR CTYPE DOMXML DOMXSLT EXIF FTP GD MCAL MCRYPT MHASH MIME MING MYSQL OPENLDAP OVERLOAD PCRE POSIX SESSION TOKENIZER XML XMLRPC XSLT ZIP ZLIB

LDAP Auth on FreeBSD
quick & dirty, don't complain if it doesn't work ;)

References:
 * http://www.gwdg.de/GWDG-Nachrichten/GN0508/gn0508_01.html
 * http://freebsd.de-q.net/index.php/FreeBSD_Mailsystem_mit_Postfix,_Spamassassin,_LDAP_und_mehreren_Servern

Step by step:
 * install <tt>security/pam_ldap</tt>
 * Adjust <tt>/usr/local/etc/openldap/ldap.conf</tt>
 * make a symlink: <tt>ln -svf /usr/local/etc/openldap/ldap.conf /usr/local/etc</tt>
 * add <tt>session sufficient  /usr/local/lib/pam_ldap.so</tt> to <tt>/etc/pam.d/sshd</tt> (XXX 2 more...)
 * add <tt>/etc/nsswitch.conf</tt>

Copy <tt>/usr/local/etc/ldap.conf.dist</tt> to <tt>/usr/local/etc/ldap.conf</tt>, then edit <tt>/usr/local/etc/ldap.conf</tt> in order to use this module. Add a line similar to the following to <tt>/etc/pam.conf</tt> on 4.X, or create an <tt>/etc/pam.d/ldap</tt> on 5.X and higher with a line similar to the following:

login  auth    sufficient      /usr/local/lib/pam_ldap.so

iSCSI on FreeBSD 7.0
Load the iSCSI kernel module or add iSCSI support to your kernel according to http://www.cyberciti.biz/faq/freebsd-iscsi-initiator-howto/. Do not run the <tt>iscontrol</tt> command like stated, that does not work with this syntax.

iscontrol -v -d -t192.168.0.41

Note that this is an internal network for freezer in that example, just works if you configured that subnet too for sure.