Trihex:
Bravo!
Bravo!
Hey, pretty sweet. Congrats on the FreeBSD News link, too.
My critiques were already said by most other people - namely, why ports for new users?
*snip*
Also, I like that you explain how to mount flash drives, but I noticed there's no mention of fuse-ntfs? A lot of them come NTFS-formatted these days now that they're several GB in size, would help interoperability with other users, etc.
dd if=/dev/zero of=/dev/da0 bs=2m count=1 fdisk -BI /dev/da0 newfs_msdos /dev/da0s1
Shameless self-promotion:
https://forums.freebsd.org/threads/...r-recording-and-streaming-hdhomerun-tv.66054/
Yeah, if you rewrite the guide for pkg and it'll get like a million times easier (and faster)![]()
You have the option of building programs from source though ports or using pre-compiled binary packages through the pkg system. Using pkg is much faster, but by using ports you can choose your own program options and it's the way I've always done it so that's what we'll use in this tutorial.
Why would you use FAT32 on a drive as large as 128GB? Why not ZFS?Or NTFS if you want near-universal compatibility? Don't you ever need to use them in other people's computers?
A question, the configuration of the address of the root mailbox is to leave as it says the guide or is it necessary to put the name of the user and the machine replacing the example?Open /etc/aliases and set the root mailbox address to:
Code:root: username@machinename
and run thenewaliases
command. Your daily messages will then be available to read as root in the /var/mail directory.
......rkhunter to scan for rootkits....
Message from rkhunter-1.4.4: ****************************************************************************** You should keep your rkhunter database up-to-date. This can be done automatically by putting this line to periodic.conf(5) files: daily_rkhunter_update_enable="YES" daily_rkhunter_update_flags="--update --nocolors" Also, you can run rkhunter as a part of the daily security check by putting this line to periodic.conf(5) files: daily_rkhunter_check_enable="YES" daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" ******************************************************************************
A question, the configuration of the address of the root mailbox is to leave as it says the guide or is it necessary to put the name of the user and the machine replacing the example?
root: jitte@unmei
daily_rkhunter_update_enable="YES" daily_rkhunter_update_flags="--update --nocolors" daily_rkhunter_check_enable="YES" daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
This is mine on the machine I'm on now:
Code:root: jitte@unmei
jitte is my username and unmei my machine name. This allows me to get my daily reports as root in /var/mail/root.
For example, the name of the machine is the name of the hostname? Very kind of your to clarify.
When presented with the Set Hostname screen enter your machine name.
portsnap fetch extract
(that just overwrites your existing ports) and replace it with portsnap fetch update
. And while I too agree command line experience is the best it also nice to know about shorter alternatives. A "protip" of portsnap auto
and explanation of the differences could be helpful. Additionally, you now have a nice segue to introducing the new user to man pages by using portsnap auto
as an example. shutdown -r now
can also be effected with a simple reboot
. Follow that with a quick blurb about shutdown -p now
vs poweroff
if, for nothing else, to point it out and let the reader choose their preference. portsnap fetch extract
after already installing them from the install media. portsnap auto
isn't a variable I was aware of or have even used.Roger that. While your howto is methodical, it is a heavy lift for a brand new user to go from OS install to a functional GUI. If you were to break it into two parts with the GUI in a "part 2" thread it could help clear some room for more words.Trihexagonal said:.. I'm also working under the 20,000 character limit for a post ..
Ah. Understood. A GUI problem. I think the last time I attempted a GUI on a BSD box my mouse had a DB9 connector.I've seen people talk about having to add themselves to a "video" group or whatnot to solve a problem that wouldn't have occurred had they been a member of the operator group.
Correct. I was talking more to the point of why you might want less instead of more. man pages is a perfect example... had already been less for him the whole time ..
Correct. I was talking more to the point of why you might want less instead of more. man pages is a perfect example.
Give me a good, logical reason to do something different and I will flip-flop on an issue faster than some of the stable geniuses that are currently running the United States of America.
freebsd-update fetch
:Hello Trihexagonal , is still valid example of firewall for network security on the internet?Now we're going to enable the pf firewall, which is taken from OpenBSD and the best all-around firewall going.
We're going to have to enter Easy Editor to make a ruleset and show the system where to look for it. Type:
ee /etc/pf.conf
And hit Enter.
You've just created a file called pf.conf in the /etc directory. Now type:
Hit the Esc key to bring up the options menu, choose file options, and save file.Code:block in all pass out all keep state
Hit Esc again and exit Easy Editor back to the command line.
Now we have to show the system where to look for our ruleset and the logfile.
Then type:
ee /etc/rc.conf
You've just opened the file rc.conf in the /etc directory. This is a very important file and you should see some options already there, like your machine name and other options.
It's VERY IMPORTANT not to leave any option here uncommented on either end, meaning if you start an option it MUST begin and finish with quotes or you will not be able to start your system and have to enter Single User Mode to fix.
Use your arrow keys to scroll down past the lines that are already present and type these out:
Notice how each option begins and finishes with a quote? You'll be adding your own later so don't forget to check it closely before you exit out of Easy Editor when you do. (Always hit Enter after your last entry so you end up on a new blank line.)Code:pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags=""
Hello Trihexagonal , is still valid example of firewall for network security on the internet?
block in all pass out all keep state
### Macro name for external interface ext_if = "em0" netbios_tcp = "{ 22, 23, 25, 80, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }" netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }" ### Reassemble fragmented packets scrub in on $ext_if all fragment reassemble ### Default deny everything block log all ### Pass loopback set skip on lo0 ### Block spooks antispoof for lo0 antispoof for $ext_if inet block in from no-route to any block in from urpf-failed to any block in quick on $ext_if from any to 255.255.255.255 block in quick log on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any ### Block all IPv6 block in quick inet6 all block out quick inet6 all ### Block to and from port 0 block quick proto { tcp, udp } from any port = 0 to any block quick proto { tcp, udp } from any to any port = 0 ### Block specific ports block in quick log on $ext_if proto tcp from any to any port $netbios_tcp block in quick log on $ext_if proto udp from any to any port $netbios_udp ### Keep and modulate state of outbound tcp, udp and icmp traffic pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state
root@unmei:/ # pfctl -s rules scrub in on em0 all fragment reassemble block drop log all block drop in on ! lo0 inet from 127.0.0.0/8 to any block drop in on ! em0 inet from 192.168.1.0/24 to any block drop in inet from 192.168.1.2 to any block drop in on ! lo0 inet6 from ::1 to any block drop in from no-route to any block drop in from urpf-failed to any block drop in quick on em0 inet from any to 255.255.255.255 block drop in log quick on em0 inet from 10.0.0.0/8 to any block drop in log quick on em0 inet from 172.16.0.0/12 to any block drop in log quick on em0 inet from 192.168.0.0/16 to any block drop in log quick on em0 inet from 255.255.255.255 to any block drop in quick inet6 all block drop out quick inet6 all block drop quick proto tcp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any port = 0 to any block drop quick proto udp from any to any port = 0 block drop in log quick on em0 proto tcp from any to any port = ssh block drop in log quick on em0 proto tcp from any to any port = telnet block drop in log quick on em0 proto tcp from any to any port = smtp block drop in log quick on em0 proto tcp from any to any port = http block drop in log quick on em0 proto tcp from any to any port = pop3 block drop in log quick on em0 proto tcp from any to any port = sunrpc block drop in log quick on em0 proto tcp from any to any port = ntp block drop in log quick on em0 proto tcp from any to any port = exec block drop in log quick on em0 proto tcp from any to any port = login block drop in log quick on em0 proto tcp from any to any port = shell block drop in log quick on em0 proto tcp from any to any port = printer block drop in log quick on em0 proto tcp from any to any port = x11 block drop in log quick on em0 proto tcp from any to any port = x11-ssh block drop in log quick on em0 proto udp from any to any port = ntp block drop in log quick on em0 proto udp from any to any port = biff block drop in log quick on em0 proto udp from any to any port = who block drop in log quick on em0 proto udp from any to any port = syslog block drop in log quick on em0 proto udp from any to any port = printer block drop in log quick on em0 proto udp from any to any port = mdns block drop in log quick on em0 proto udp from any to any port = x11 block drop in log quick on em0 proto udp from any to any port = x11-ssh pass out on em0 proto tcp all flags S/SA modulate state pass out on em0 proto udp all keep state pass out on em0 proto icmp all keep state root@unmei:/ #
… the value in adding "operator" …
… I've always made myself a member of the wheel and operator group. It's how I learned to do it and comes in handy down the road. I've seen people talk about having to add themselves to a "video" group or whatnot to solve a problem that wouldn't have occurred had they been a member of the operator group. …
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M | grep operator For USB support your user needs to be in the operator group and needs read % pw groupmod operator -m jerry add path 'usb/*' mode 0660 group operator grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M virtualbox-ose | grep operator For USB support your user needs to be in the operator group and needs read % pw groupmod operator -m jerry add path 'usb/*' mode 0660 group operator grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg rquery %M | grep operator grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M | grep video | grep group "video" group. grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M drm-legacy-kmod | grep video | grep group "video" group. grahamperrin@momh167-gjp4-8570p:~ %
Right honourable operator Trihexagonal, I extend a greeting to you. May I make a solitary suggestion, perhaps in future thread authorship you could reserve post #2 to effectively double the character limit.But I'm also working under the 20,000 character limit for a post rule and only words from the upper limit, usually having to do away with excess text to make room for edits and will see what I can do.
:)
operator
Not using a firewall is not a problem. Don't use single user mode for your day to day work. That's not going to work and is not what single user mode is for.is there any difficulties if I don't use firewall & single user mode.
Open a new thread for your issue and post the whole error and commands.freebsd-update fetch not work
Mirror not found
Open /etc/aliases and set the root mailbox address to:
Code:root: username@machinename
and run thenewaliases
command. Your daily messages will then be available to read as root in the /var/mail directory.
Finally, open /etc/rc.conf in leafpad and add the following entries to what's already there:
This will allow you to receive security updates via sendmail as root, enable Linux emulation for any programs you might install that need it, clear tmp files, etc. (It looks like sendmail is disabled but that takes the NONE variable.) Reboot one final time to ensure the file changes you've made go into affect.Code:mouse_type="auto" ntpd_enable="YES" ntpd_sync_on_start="YES" powerd_enable="YES" powerd_flags="-b adaptive -a hiadaptive" sendmail_enable="NO" fsck_y_enable="YES" swapexd_enable="YES" mixer_enable="YES" snddetect_enable="YES" syslogd_flags="-c -ss" linux_enable="YES" clear_tmp_enable="YES" clean_tmp_X="YES" avahi_daemon_enable="YES"
ee /etc/rc.conf
sendmail_enable="NONE"
ee /etc/rc.conf
sendmail_enable="NO"