Trihex:
Bravo!
Bravo!
Hey, pretty sweet. Congrats on the FreeBSD News link, too.
My critiques were already said by most other people - namely, why ports for new users?
*snip*
Also, I like that you explain how to mount flash drives, but I noticed there's no mention of fuse-ntfs? A lot of them come NTFS-formatted these days now that they're several GB in size, would help interoperability with other users, etc.
dd if=/dev/zero of=/dev/da0 bs=2m count=1
fdisk -BI /dev/da0
newfs_msdos /dev/da0s1
Shameless self-promotion:
https://forums.freebsd.org/threads/...r-recording-and-streaming-hdhomerun-tv.66054/
Yeah, if you rewrite the guide for pkg and it'll get like a million times easier (and faster)
You have the option of building programs from source though ports or using pre-compiled binary packages through the pkg system. Using pkg is much faster, but by using ports you can choose your own program options and it's the way I've always done it so that's what we'll use in this tutorial.
Why would you use FAT32 on a drive as large as 128GB? Why not ZFS? Or NTFS if you want near-universal compatibility? Don't you ever need to use them in other people's computers?
A question, the configuration of the address of the root mailbox is to leave as it says the guide or is it necessary to put the name of the user and the machine replacing the example?Open /etc/aliases and set the root mailbox address to:
and run theCode:root: username@machinename
newaliases
command. Your daily messages will then be available to read as root in the /var/mail directory.
......rkhunter to scan for rootkits....
Message from rkhunter-1.4.4:
******************************************************************************
You should keep your rkhunter database up-to-date.
This can be done automatically by putting this line to periodic.conf(5) files:
daily_rkhunter_update_enable="YES"
daily_rkhunter_update_flags="--update --nocolors"
Also, you can run rkhunter as a part of the daily security check by
putting this line to periodic.conf(5) files:
daily_rkhunter_check_enable="YES"
daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
******************************************************************************
A question, the configuration of the address of the root mailbox is to leave as it says the guide or is it necessary to put the name of the user and the machine replacing the example?
root: jitte@unmei
daily_rkhunter_update_enable="YES"
daily_rkhunter_update_flags="--update --nocolors"
daily_rkhunter_check_enable="YES"
daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
This is mine on the machine I'm on now:
Code:root: jitte@unmei
jitte is my username and unmei my machine name. This allows me to get my daily reports as root in /var/mail/root.
For example, the name of the machine is the name of the hostname? Very kind of your to clarify.
When presented with the Set Hostname screen enter your machine name.
portsnap fetch extract
(that just overwrites your existing ports) and replace it with portsnap fetch update
. And while I too agree command line experience is the best it also nice to know about shorter alternatives. A "protip" of portsnap auto
and explanation of the differences could be helpful. Additionally, you now have a nice segue to introducing the new user to man pages by using portsnap auto
as an example. shutdown -r now
can also be effected with a simple reboot
. Follow that with a quick blurb about shutdown -p now
vs poweroff
if, for nothing else, to point it out and let the reader choose their preference. portsnap fetch extract
after already installing them from the install media. portsnap auto
isn't a variable I was aware of or have even used.Roger that. While your howto is methodical, it is a heavy lift for a brand new user to go from OS install to a functional GUI. If you were to break it into two parts with the GUI in a "part 2" thread it could help clear some room for more words.Trihexagonal said:.. I'm also working under the 20,000 character limit for a post ..
Ah. Understood. A GUI problem. I think the last time I attempted a GUI on a BSD box my mouse had a DB9 connector.I've seen people talk about having to add themselves to a "video" group or whatnot to solve a problem that wouldn't have occurred had they been a member of the operator group.
Correct. I was talking more to the point of why you might want less instead of more. man pages is a perfect example... had already been less for him the whole time ..
Correct. I was talking more to the point of why you might want less instead of more. man pages is a perfect example.
Give me a good, logical reason to do something different and I will flip-flop on an issue faster than some of the stable geniuses that are currently running the United States of America.
freebsd-update fetch
:Hello Trihexagonal , is still valid example of firewall for network security on the internet?Now we're going to enable the pf firewall, which is taken from OpenBSD and the best all-around firewall going.
We're going to have to enter Easy Editor to make a ruleset and show the system where to look for it. Type:
ee /etc/pf.conf
And hit Enter.
You've just created a file called pf.conf in the /etc directory. Now type:
Hit the Esc key to bring up the options menu, choose file options, and save file.Code:block in all pass out all keep state
Hit Esc again and exit Easy Editor back to the command line.
Now we have to show the system where to look for our ruleset and the logfile.
Then type:
ee /etc/rc.conf
You've just opened the file rc.conf in the /etc directory. This is a very important file and you should see some options already there, like your machine name and other options.
It's VERY IMPORTANT not to leave any option here uncommented on either end, meaning if you start an option it MUST begin and finish with quotes or you will not be able to start your system and have to enter Single User Mode to fix.
Use your arrow keys to scroll down past the lines that are already present and type these out:
Notice how each option begins and finishes with a quote? You'll be adding your own later so don't forget to check it closely before you exit out of Easy Editor when you do. (Always hit Enter after your last entry so you end up on a new blank line.)Code:pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags=""
Hello Trihexagonal , is still valid example of firewall for network security on the internet?
block in all
pass out all keep state
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 80, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"
### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble
### Default deny everything
block log all
### Pass loopback
set skip on lo0
### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in quick log on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any
### Block all IPv6
block in quick inet6 all
block out quick inet6 all
### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0
### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp
### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state
root@unmei:/ # pfctl -s rules
scrub in on em0 all fragment reassemble
block drop log all
block drop in on ! lo0 inet from 127.0.0.0/8 to any
block drop in on ! em0 inet from 192.168.1.0/24 to any
block drop in inet from 192.168.1.2 to any
block drop in on ! lo0 inet6 from ::1 to any
block drop in from no-route to any
block drop in from urpf-failed to any
block drop in quick on em0 inet from any to 255.255.255.255
block drop in log quick on em0 inet from 10.0.0.0/8 to any
block drop in log quick on em0 inet from 172.16.0.0/12 to any
block drop in log quick on em0 inet from 192.168.0.0/16 to any
block drop in log quick on em0 inet from 255.255.255.255 to any
block drop in quick inet6 all
block drop out quick inet6 all
block drop quick proto tcp from any port = 0 to any
block drop quick proto tcp from any to any port = 0
block drop quick proto udp from any port = 0 to any
block drop quick proto udp from any to any port = 0
block drop in log quick on em0 proto tcp from any to any port = ssh
block drop in log quick on em0 proto tcp from any to any port = telnet
block drop in log quick on em0 proto tcp from any to any port = smtp
block drop in log quick on em0 proto tcp from any to any port = http
block drop in log quick on em0 proto tcp from any to any port = pop3
block drop in log quick on em0 proto tcp from any to any port = sunrpc
block drop in log quick on em0 proto tcp from any to any port = ntp
block drop in log quick on em0 proto tcp from any to any port = exec
block drop in log quick on em0 proto tcp from any to any port = login
block drop in log quick on em0 proto tcp from any to any port = shell
block drop in log quick on em0 proto tcp from any to any port = printer
block drop in log quick on em0 proto tcp from any to any port = x11
block drop in log quick on em0 proto tcp from any to any port = x11-ssh
block drop in log quick on em0 proto udp from any to any port = ntp
block drop in log quick on em0 proto udp from any to any port = biff
block drop in log quick on em0 proto udp from any to any port = who
block drop in log quick on em0 proto udp from any to any port = syslog
block drop in log quick on em0 proto udp from any to any port = printer
block drop in log quick on em0 proto udp from any to any port = mdns
block drop in log quick on em0 proto udp from any to any port = x11
block drop in log quick on em0 proto udp from any to any port = x11-ssh
pass out on em0 proto tcp all flags S/SA modulate state
pass out on em0 proto udp all keep state
pass out on em0 proto icmp all keep state
root@unmei:/ #
… the value in adding "operator" …
… I've always made myself a member of the wheel and operator group. It's how I learned to do it and comes in handy down the road. I've seen people talk about having to add themselves to a "video" group or whatnot to solve a problem that wouldn't have occurred had they been a member of the operator group. …
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M | grep operator
For USB support your user needs to be in the operator group and needs read
% pw groupmod operator -m jerry
add path 'usb/*' mode 0660 group operator
grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M virtualbox-ose | grep operator
For USB support your user needs to be in the operator group and needs read
% pw groupmod operator -m jerry
add path 'usb/*' mode 0660 group operator
grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg rquery %M | grep operator
grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M | grep video | grep group
"video" group.
grahamperrin@momh167-gjp4-8570p:~ %
grahamperrin@momh167-gjp4-8570p:~ % pkg query %M drm-legacy-kmod | grep video | grep group
"video" group.
grahamperrin@momh167-gjp4-8570p:~ %
Right honourable operator Trihexagonal, I extend a greeting to you. May I make a solitary suggestion, perhaps in future thread authorship you could reserve post #2 to effectively double the character limit.But I'm also working under the 20,000 character limit for a post rule and only words from the upper limit, usually having to do away with excess text to make room for edits and will see what I can do.
:)
operator
Not using a firewall is not a problem. Don't use single user mode for your day to day work. That's not going to work and is not what single user mode is for.is there any difficulties if I don't use firewall & single user mode.
Open a new thread for your issue and post the whole error and commands.freebsd-update fetch not work
Mirror not found
Open /etc/aliases and set the root mailbox address to:
and run theCode:root: username@machinename
newaliases
command. Your daily messages will then be available to read as root in the /var/mail directory.
Finally, open /etc/rc.conf in leafpad and add the following entries to what's already there:
This will allow you to receive security updates via sendmail as root, enable Linux emulation for any programs you might install that need it, clear tmp files, etc. (It looks like sendmail is disabled but that takes the NONE variable.) Reboot one final time to ensure the file changes you've made go into affect.Code:mouse_type="auto" ntpd_enable="YES" ntpd_sync_on_start="YES" powerd_enable="YES" powerd_flags="-b adaptive -a hiadaptive" sendmail_enable="NO" fsck_y_enable="YES" swapexd_enable="YES" mixer_enable="YES" snddetect_enable="YES" syslogd_flags="-c -ss" linux_enable="YES" clear_tmp_enable="YES" clean_tmp_X="YES" avahi_daemon_enable="YES"
ee /etc/rc.conf
sendmail_enable="NONE"
ee /etc/rc.conf
sendmail_enable="NO"