IT notes

sockstat

The sockstat command list open Internet or UNIX domain sockets. List open tcp in ipv4: # sockstat -4l Show connectd sockets in port 443 and tcp: # sockstat -P tcp -p 443 -c List unix sockets: # sockstat -u

freebsd-update

Update Freebsd using freebsd-update: Set in /etc/rc.conf: kern_securelevel_enable="NO" kern_securelevel="0" reboot and then: # freebsd-update upgrade -r 10.4-RELEASE # freebsd-update install # reboot # freebsd-update install Repeate then to upgrade to 11.1 freebsd-update upgrade -r 11.1-RELEASE Only security patches: # freebsd-update fetch # freebsd-update install To update the packages: # pkg-static upgrade -f # freebsd-update install A forced upgrade of all installed packages will replace the packages with fresh versions from the repository even if the version number has not increased.

pkg -o OSVERSION

When updating if get something like this: pkg: Newer FreeBSD version for package jsoncpp: - package: 1101503 - running kernel: 1100506 Try uname -KU to get the version, and then: pkg -o OSVERSION=1100506 update -f pkg -o OSVERSION=1100506 upgrade

update port

Make a copy of the current port: cp -R <port-name> <port-name>.orig Work on the port: make makesum make checksum make stage make check-orphans make package make install make deinstall Crete the diff, first change one level up: diff -u port-name.orig port-name > port-name.diff Submit the patch.

80

To start an application on port 80 being not root: sysctl net.inet.ip.portrange.reservedhigh=79 That will allow to bind an application in any port > 79, to allow any port: sysctl net.inet.ip.portrange.reservedhigh=0 Add this to /etc/sysctl.conf to keep changes persistent across reboots: net.inet.ip.portrange.reservedhigh=79

Syslogd 8 bit

If want to log full utf-8 strings “emoji’s” use the option -8, example on /etc/rc.conf: syslogd_flags="-ssC8" The optiosn are: -s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines. -C Create log files that do not exist (permission is set to 0600). -8 Tells syslogd not to interfere with 8-bit data.

vm tools

vmware tools guest FreeBSD While running FreeBSD as a guest on VMWARE the vm-tools can be installed with this: $ pkg install open-vm-tools-nox11 Later enable them on /etc/rc.conf: vmware_guest_vmblock_enable="YES" vmware_guest_vmhgfs_enable="YES" vmware_guest_vmmemctl_enable="YES" vmware_guest_vmxnet_enable="YES" vmware_guestd_enable="YES"

zfs

FreeBSD zfs disk image Use VirtualBox to install FreeBSD using UFS. After having FreeBSD installed, update your sources and build a custom world and kernel based on your needs for the new image to be created: # cd /usr/src # make -j4 buildworld buildkernel adjust -j4 to the number or cpu cores Use this script to create the image: https://github.com/nbari/freebsd/blob/master/zfs/zfs.sh $ mkdir /raw && cd /raw $ fetch --no-verify-peer https://raw.

ipv6 tunnelbroker

6in4 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. The 6in4 traffic is sent over the IPv4 Internet inside IPv4 packets whose IP headers have the IP protocol number set to 41. https://en.wikipedia.org/wiki/6in4 “6to4” is a tunneling method that is only interesting for reaching IPv6-only services. And 6to4 makes sense only if one has a public IPv4 address. As a rule, you only need to enable “6to4” if you want to access services that are only IPv6.

observability tools

FreeBSD Linux src: http://www.brendangregg.com/blog/2015-03-06/performance-analysis-bsd.html