IT notes

Start 2 XS SATA

To install FreeBSD using the rescue system on a Start-2-XS-SATA from #!/bin/sh -x USER=monkey PASSWORD=secret gpart destroy -F ada0 gpart create -s gpt ada0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0 gpart add -t freebsd-boot -l boot -s 128K ada0 gpart add -t freebsd-swap -l swap -s 4g ada0 gpart add -t freebsd-ufs -l root ada0 gpart set -a active ada0 newfs /dev/gpt/root mount /dev/gpt/root /mnt cd /tmp fetch http://ftp.


To load kernel modules after local disks are mounted add this to /etc/rc.conf: kld_list="fuse" in this case module fuse will be loaded


To get an overview of the system: # sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu' hw.machine: amd64 hw.model: Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz hw.ncpu: 16 hw.machine_arch: amd64

MANIFEST No Such File or Directory

If when trying to install FreeBSD using bsdinstall you get: "Error while fetching file:///usr/freebsd-dist/MANIFEST" - no such file or directory Try to: [email protected]:~ # mkdir -p /usr/freebsd-dist/ [email protected]:~ # touch /usr/freebsd-dist/MANIFEST And then start again


The sockstat command list open Internet or UNIX domain sockets. List open tcp in ipv4: # sockstat -4l Show connectd sockets in port 443 and tcp: # sockstat -P tcp -p 443 -c List unix sockets: # sockstat -u


Update Freebsd using freebsd-update: Set in /etc/rc.conf: kern_securelevel_enable="NO" kern_securelevel="0" reboot and then: # freebsd-update upgrade -r 10.4-RELEASE # freebsd-update install # reboot # freebsd-update install Repeate then to upgrade to 11.1 freebsd-update upgrade -r 11.1-RELEASE Only security patches: # freebsd-update fetch # freebsd-update install To update the packages: # pkg-static upgrade -f # freebsd-update install A forced upgrade of all installed packages will replace the packages with fresh versions from the repository even if the version number has not increased.


When updating if get something like this: pkg: Newer FreeBSD version for package jsoncpp: - package: 1101503 - running kernel: 1100506 Try uname -KU to get the version, and then: pkg -o OSVERSION=1100506 update -f pkg -o OSVERSION=1100506 upgrade

update port

Make a copy of the current port: cp -R <port-name> <port-name>.orig Work on the port: make makesum make checksum make stage make check-orphans make package make install make deinstall make clean Crete the diff, first change one level up: diff -u port-name.orig port-name > port-name.diff Submit the patch.


To start an application on port 80 being not root: sysctl net.inet.ip.portrange.reservedhigh=79 That will allow to bind an application in any port > 79, to allow any port: sysctl net.inet.ip.portrange.reservedhigh=0 Add this to /etc/sysctl.conf to keep changes persistent across reboots: net.inet.ip.portrange.reservedhigh=79

bsdinstall MANIFEST

When installing FreeBSD from an ftp/http it may complain that MANIFEST file is missing, to solve the problem try this: export DISTRIBUTIONS="kernel.txz base.txz" mkdir /usr/freebsd-dist export BSDINSTALL_DISTDIR="/usr/freebsd-dist/" export BSDINSTALL_DISTSITE="" bsdinstall distfetch cd /usr/freebsd-dist fetch Then run bsdinstall

Syslogd 8 bit

If want to log full utf-8 strings “emoji’s” use the option -8, example on /etc/rc.conf: syslogd_flags="-ssC8" The optiosn are: -s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines. -C Create log files that do not exist (permission is set to 0600). -8 Tells syslogd not to interfere with 8-bit data.

vm tools

vmware tools guest FreeBSD While running FreeBSD as a guest on VMWARE the vm-tools can be installed with this: $ pkg install open-vm-tools-nox11 Later enable them on /etc/rc.conf: vmware_guest_vmblock_enable="YES" vmware_guest_vmhgfs_enable="YES" vmware_guest_vmmemctl_enable="YES" vmware_guest_vmxnet_enable="YES" vmware_guestd_enable="YES"


FreeBSD zfs disk image Use VirtualBox to install FreeBSD using UFS. After having FreeBSD installed, update your sources and build a custom world and kernel based on your needs for the new image to be created: # cd /usr/src # make -j4 buildworld buildkernel adjust -j4 to the number or cpu cores Use this script to create the image: $ mkdir /raw && cd /raw $ fetch --no-verify-peer https://raw.

ipv6 tunnelbroker

6in4 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. The 6in4 traffic is sent over the IPv4 Internet inside IPv4 packets whose IP headers have the IP protocol number set to 41. “6to4” is a tunneling method that is only interesting for reaching IPv6-only services. And 6to4 makes sense only if one has a public IPv4 address. As a rule, you only need to enable “6to4” if you want to access services that are only IPv6.

observability tools

FreeBSD Linux src:


FreeBSD & MySQL UTC After doing a fresh install, load the UTC zone: $ cd /usr/share/zoneinfo $ mysql_tzinfo_to_sql UTC UTC | mysql -u root mysql Edit the /etc/my.cnf: [mysqld] default-time-zone='UTC' This will set the default timezone on the server to be UTC To get current timezone of the mysql you can do following things: mysql> SELECT @@global.time_zone, @@session.time_zone;


Convert from RAW to VDI When creating custom “RAW” images using mkimg they can be use in VirtualBox by converting them to “VDI” format, example: $ VBoxManage convertfromraw ec2.raw ec2.vdi --format VDI Converting from raw image file="ec2.raw" to file="ec2.vdi"... Creating dynamic image with size 3221292544 bytes (3073MB)... Once the image is in “VDI” format it can be resized using: $ VBoxManage modifyhd ec2.vdi --resize 8192 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% The above command will resize the image to 8GB.

Raspberry Pi 1 Model B

Raspberry Pi 1 Model B, FreeBSD + wifi cat /var/run/dmesg.boot: KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 08:01:14 UTC 2016 [email protected]:/usr/obj/arm.armv6/usr/src/sys/RPI-B arm FreeBSD clang version 3.

uptime 1000 days

uptime >= 1000 days OS: FreeBSD + ZFS + Jails Server: Dell PowerEdge 2900 2xE5420 24GB RAM Colocation: Time to reboot after 4 years: I need to rebuild the RAID and can’t mix SAS drives with SATA on an living array:

L2TP over IPSec

L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. L2TP/IPSec Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec.