Πέμπτη, Σεπτεμβρίου 27, 2007
FreeBSD: Colourful console
Rise history size to 1000. Change console text to green. Read inverted documentation as yellow. Kernel messages will be blue.
Recompile kernel with these options:
options SC_HISTORY_SIZE=1000
options SC_NORM_ATTR=(FG_LIGHTGREENBG_BLACK)
options SC_NORM_REV_ATTR=(FG_YELLOWBG_BLACK)
options SC_KERNEL_CONS_ATTR=(FG_LIGHTBLUEBG_BLACK)
options SC_KERNEL_CONS_REV_ATTR=(FG_LIGHTREDBG_BLACK)
2) Dialup firewalling with FreeBSD ( IPFW)
Marc Silver
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
options TCP_DROP_SYNFIN
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="your_profile"
Save and Quit [ esc a a ]
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Firewall rules
# Written by Marc Silver (marcs@draenor.org)
# http://draenor.org/ipfw
# Freely distributable
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp0
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example specifically allows connections
# to ssh and apache.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0
# Allow them back in with the answers... :)
$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work). You may wish to
# disallow this, but I feel it suits my needs to keep them in.
$fwcmd add allow icmp from any to any
# Deny all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
options TCP_DROP_SYNFIN
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="your_profile"
Save and Quit [ esc a a ]
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Firewall rules
# Written by Marc Silver (marcs@draenor.org)
# http://draenor.org/ipfw
# Freely distributable
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp0
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example specifically allows connections
# to ssh and apache.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0
# Allow them back in with the answers... :)
$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work). You may wish to
# disallow this, but I feel it suits my needs to keep them in.
$fwcmd add allow icmp from any to any
# Deny all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
1) Dialup firewalling with FreeBSD ( IPFW )
Marc Silver
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile=""your_profile"
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Define our outside interface. With userland-ppp this
# defaults to tun0.
oif="tun0"
# Define our inside interface. This is usually your network
# card. Be sure to change this to match your own network
# interface.
iif="fxp0"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath
# Allow all connections that we initiate, and keep their state.
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and 80.
# This example specifically allows connections to the sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile=""your_profile"
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Define our outside interface. With userland-ppp this
# defaults to tun0.
oif="tun0"
# Define our inside interface. This is usually your network
# card. Be sure to change this to match your own network
# interface.
iif="fxp0"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath
# Allow all connections that we initiate, and keep their state.
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and 80.
# This example specifically allows connections to the sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
FreeBSD: Rebuild the World, and Recompile the Kernel ( STABLE)
Login: root
password: password
Install cvsup-without-gui
# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
If you want to install these items via ports, the way would be like this "but as I mentioned, you can use the pkg_add method for these 2 applications without fear"
# cd /usr/ports/net/cvsup-without-gui; make install clean
# cd /usr/ports/sysutils/fastest_cvsup; make install clean
# ee /etc/ssh/sshd_config
CHANGE the following
# Protocol 2
to
Protocol 2
and CHANGE the following
# PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
changes the console to not logout
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
Install ports tree
# cp /usr/share/examples/cvsup/ports-supfile /root/
# cp /usr/share/examples/cvsup/stable-supfile /root/
# ee /root/ports-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
# ee /root/stable-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
Setup scripts for maintaining systems
# mkdir /root/scripts
# cd /root/scripts
# ee ports-update.sh
Write the following
#!/bin/sh
# updating port
echo "Beginning Ports Update"
/usr/local/bin/cvsup -g -L 2 /etc/ports-supfile
echo "Ports Update Complete"
Save and Quit [ esc a a ]
# ee src-update.sh
Write the following
#!/bin/sh
# updating source
echo "Beginning Source Update"
/usr/local/bin/cvsup -g -L 2 /etc/stable-supfile
echo "Source Update Complete"
Save and Quit [ esc a a ]
# chmod +x *.sh
# cp /root/ports-supfile /etc/
# cp /root/stable-supfile /etc/
# chmod 640 /etc/ports-supfile
# chmod 640 /etc/stable-supfile
Rebuild the entire machine and Kernel
# /root/scripts/src-update.sh
# cd /usr/src/sys/i386/conf
# cp GENERIC CUSTOM
# cd /usr/src/
# make buildworld
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot
Login: root
password: password
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster
# reboot
Login: root
password: password
# cd /usr/src
# make clean
Update ports now
# pkg_add -r portupgrade
# /usr/local/bin/portupgrade -a
Adding applications
# pkg_add -r portaudit
# pkg_add -r zsh
# pkg_add -r wget
# pkg_add -r screen
If pkg_add -r screen fails try the following
# cd /usr/ports/sysutils/screen
# make install clean
# pkg_add -r sudo
# pkg_add -r pcre
# cd /root/scripts
# ee check-ports.sh
Write the following
#!/bin/sh
#check ports
/usr/local/sbin/portaudit -Fda
Save and Quit [ esc a a ]
# chmod +x check-ports.sh
password: password
Install cvsup-without-gui
# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
If you want to install these items via ports, the way would be like this "but as I mentioned, you can use the pkg_add method for these 2 applications without fear"
# cd /usr/ports/net/cvsup-without-gui; make install clean
# cd /usr/ports/sysutils/fastest_cvsup; make install clean
# ee /etc/ssh/sshd_config
CHANGE the following
# Protocol 2
to
Protocol 2
and CHANGE the following
# PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
changes the console to not logout
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
Install ports tree
# cp /usr/share/examples/cvsup/ports-supfile /root/
# cp /usr/share/examples/cvsup/stable-supfile /root/
# ee /root/ports-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
# ee /root/stable-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
Setup scripts for maintaining systems
# mkdir /root/scripts
# cd /root/scripts
# ee ports-update.sh
Write the following
#!/bin/sh
# updating port
echo "Beginning Ports Update"
/usr/local/bin/cvsup -g -L 2 /etc/ports-supfile
echo "Ports Update Complete"
Save and Quit [ esc a a ]
# ee src-update.sh
Write the following
#!/bin/sh
# updating source
echo "Beginning Source Update"
/usr/local/bin/cvsup -g -L 2 /etc/stable-supfile
echo "Source Update Complete"
Save and Quit [ esc a a ]
# chmod +x *.sh
# cp /root/ports-supfile /etc/
# cp /root/stable-supfile /etc/
# chmod 640 /etc/ports-supfile
# chmod 640 /etc/stable-supfile
Rebuild the entire machine and Kernel
# /root/scripts/src-update.sh
# cd /usr/src/sys/i386/conf
# cp GENERIC CUSTOM
# cd /usr/src/
# make buildworld
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot
Login: root
password: password
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster
# reboot
Login: root
password: password
# cd /usr/src
# make clean
Update ports now
# pkg_add -r portupgrade
# /usr/local/bin/portupgrade -a
Adding applications
# pkg_add -r portaudit
# pkg_add -r zsh
# pkg_add -r wget
# pkg_add -r screen
If pkg_add -r screen fails try the following
# cd /usr/ports/sysutils/screen
# make install clean
# pkg_add -r sudo
# pkg_add -r pcre
# cd /root/scripts
# ee check-ports.sh
Write the following
#!/bin/sh
#check ports
/usr/local/sbin/portaudit -Fda
Save and Quit [ esc a a ]
# chmod +x check-ports.sh
FreeBSD: Rebuild the World, and Recompile the Kernel
Login: root
password: password
Install cvsup-without-gui
# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
If you want to install these items via ports, the way would be like this "but as I mentioned, you can use the pkg_add method for these 2 applications without fear"
# cd /usr/ports/net/cvsup-without-gui; make install clean
# cd /usr/ports/sysutils/fastest_cvsup; make install clean
# cp /usr/share/examples/cvsup/standard-supfile /root
# cp /usr/share/examples/cvsup/ports-supfile /root
# ee /root/ports-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup5.FreeBSD.org
Save and Quit [ esc a a ]
# ee /root/standard-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup5.FreeBSD.org
Save and Quit [ esc a a ]
Update your source tree with this command. This process can also be expected to take a few minutes.
# cvsup -g -L 2 /root/standard-supfile
# cvsup -g -L 2 /root/ports-supfile
# cd /usr/src/sys/i386/conf/
# cp GENERIC CUSTOM
# cd /usr/src/
# make buildworld
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot
Login: root
password: password
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster
# reboot
password: password
Install cvsup-without-gui
# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
If you want to install these items via ports, the way would be like this "but as I mentioned, you can use the pkg_add method for these 2 applications without fear"
# cd /usr/ports/net/cvsup-without-gui; make install clean
# cd /usr/ports/sysutils/fastest_cvsup; make install clean
# cp /usr/share/examples/cvsup/standard-supfile /root
# cp /usr/share/examples/cvsup/ports-supfile /root
# ee /root/ports-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup5.FreeBSD.org
Save and Quit [ esc a a ]
# ee /root/standard-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup5.FreeBSD.org
Save and Quit [ esc a a ]
Update your source tree with this command. This process can also be expected to take a few minutes.
# cvsup -g -L 2 /root/standard-supfile
# cvsup -g -L 2 /root/ports-supfile
# cd /usr/src/sys/i386/conf/
# cp GENERIC CUSTOM
# cd /usr/src/
# make buildworld
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot
Login: root
password: password
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster
# reboot
Εγγραφή σε:
Αναρτήσεις (Atom)