Celoteh Harian + *nix

Our previous FreeBSD installation may lack of options like ALTQ for PF (Packet Filter) . So we have to compile our kernel to a new kernel with some option enable. Prepare yourself.. • Make sure you are on i386 architecture machine • Copy the original GENERIC kernel to a new one. • Bare in mind, you are not allowed to make any changes to the original kernel. Since we will use that for our 'work in hand' kernel if anything goes wrong. shell>cd /usr/src/sys/i386/conf shell>cp GENERIC MYKERNEL • Edit MYKERNEL using your prefered editor. Mine prefer nano :) shell>nano MYKERNEL • For this tutorial we will enable ALTQ for PF #options for pf (packet filter) ALTQ options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC #pf (packet filter) device pf device pflog device pfsync • Save and let's build them...

New issue already out to download .

http://www.sshguard.net/ SSHGuard adalah salah satu tools yang ada di ports untuk melindungi ssh servis anda dari diserang secara bruteforce. Ia menggunakan sistem log dari syslog untuk mengesan IP yang gagal untuk login ke server. - Install dari ports proxy# /usr/ports/security/sshguard-pf proxy# make install clean - Konfigurasi PF shell> nano /etc/pf.conf #di bahagian table table " " persist #sila buang "", <> tak boleh :P #bahagian block rules block in quick on $ext_if proto tcp from to any port 22 label "ssh bruteforce" - Aktifkan rules pf yang baru shell> pfctl -ef /etc/pf.conf - Edit /etc/syslog.conf uncomment line yang berkenaan sshguard proxy# nano /etc/syslog.conf GNU nano 2.0.9 File: /etc/syslog.conf # $FreeBSD: src/etc/syslog.conf,v 1.28.20.1 2009/04/15 03:14:26 kensmith Exp $ # # Spaces ARE valid field separators in this file. However, ...

DHCP - adalah singkatan kepada "Dynamic Host Configuration Protocol". Servis ini adalah untuk memberikan IP kepada client di network kita. Dengan adanya servis DHCP ini, kita tidak perlulah menggunakan cara manual untuk menetapkan IP di setiap komputer yang terdapat di network kita. Bahan : - isc-dhcp30-server - Editor (nano,vi,vim,ee) - Secawan kopi Cara-Cara : - Install servis dhcp server seperti dibawah : shell> cd /usr/ports/net/isc-dhcp30-server shell> make config (disable chroot) shell> make install clean - Contoh file konfigurasi dhcpd.conf shell> ee /usr/local/etc/dhcpd.conf # dhcpd.conf # # Sample configuration file for ISC dhcpd # # option definitions common to all supported networks... # set kan domain,DNS server option domain-name "gateway.domain.local"; option domain-name-servers 192.168.2.1; option subnet-mask 255.255.255.0; default-lease-time 600; max-lease-time 7200; # If this DHCP server is ...

Now we have already install apache,mysql and also PHP in our box.. so what next? I myself feel hard to manage my database using CLI :P and the solutions is using PhpMyAdmin lets begin.. as root #cd /usr/ports/databases/phpmy admin #make config #make install clean Once done the compiling session it will install to /usr/local/www/PhpMyAdmin next we have to configure the config.inc.php to make phpmyadmin can talk with mysql #cd /usr/local/www/phpmyadmin #cp config.sample.inc.php config.inc.php Now we will edit the file #ee config.inc.php /* set your secret password */ $cfg['blowfish_secret'] = 'password'; /* uncomment the following line and put your mysql login */ $cfg['Servers'][$i]['controluser'] = 'root'; $cfg['Servers'][$i]['controlpass'] = 'password'; Save! Then we have to configure httpd.conf to treat phpmyadmin as one of the aliases #ee /usr/local/etc/apache22/httpd.conf ...

this time we will build from source and compile :) #cd /usr/ports/lang/php5 #make config *choose apache module *choose mysql module and others that suite for you #make install clean Now we will install other common module for web server such as : mysql database #cd /usr/ports/databases/php5- mysql #make install clean once done a message will appear : The following line has been added to your /usr/local/etc/php/extensions.ini configuration file to automatically load the installed extension: extension=mysql.so This will enable PHP to interact with mysql database Session #cd /usr/ports/www/php5-session #make install clean once done a message will appear : The following line has been added to your /usr/local/etc/php/extensions.ini configuration file to automatically load the installed extension: extension=session.so Graphic library #cd /usr/ports/graphics/php5-gd Once done a message will appear : The following line has been added to...

simpler command :) #pkg_add -r mysql51-server from this command it will install mysql server and also mysql client for the server once done we can enable it on boot up by editing rc.conf #ee /etc/rc.conf add this following line mysql_enable="YES" After that we can start the service by this command : #sh /usr/local/etc/rc.d/mysql- server.sh start Then we have to configure our root login for mysql which is by default it is blank. By using a password for the root login it will be more safe to outsider :) #mysql -u root #SET PASSWORD FOR 'root'@'localhost' = PASSWORD('urpasswordhere'); once done try to login using root user #mysql -u root -p Enter password: If that appear then you have successfully configuring your mysql server :)

FAMPP adalah idea daripada (FreeBSD,Apache,MySQL,PHP,PhpMyAdmin) , Tutorial ini akan membangunkan basic web server bersama-sama FreeBSD 7.2 FreeBSD 7.2 : Install Apache2.2 Ada dua cara untuk install aplikasi di FreeBSD - ports - pre-compiled pakej kali ini kita akan gunakan cara yang mudah iaitu menggunakan pre-compiled pakej #pkg_add -r apache22 edit /etc/rc.conf to start apache at boot apache22_enable="YES" Reboot and try to start. #apachectl -k start if got error something like this : Syntax error on line 151 of /usr/local/etc/apache22/ht tpd.conf: DocumentRoot must be a directory Edit your httpd.conf and make sure your folder "data" is created in /usr/local/www/apache22/ Try to start again, #apachectl -k start if got warning something like this : [Mon Jan 01 08:31:17 2007] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter It is because some module are not loaded for filtering the pack...

I just 'freebsd-update' on one of my firewall, and got this message FreeBSD 7.2-RELEASE-p4 is approaching its End-of-Life date. It is strongly recommended that you upgrade to a newer release within the next 2 month  and as per security.freebsd.org The new 7.3-RELEASE is still on RC-ing and when the release come out, for a better system we should upgrade to the new one :)

Recently I just configured our office PC which is Pentium III with 667Mhz speed. Can it be install with Windows XP or Windows 7 maybe ? :) I installed with a FreeBSD 7.2 and updated to 7.2-p6 to become one of our greatest firewall (hope so) and running for about : $ uname -a;uptime;date FreeBSD firewall.sm.local 7.2-RELEASE-p6 FreeBSD 7.2-RELEASE-p6 #2: Tue Jan 26 08:46:49 MYT 2010     root@firewall.sm.local:/usr/obj/usr/src/sys/SMKERNEL  i386  2:58AM  up 33 days, 16:26, 1 user, load averages: 0.00, 0.00, 0.00 Fri Mar  5 02:58:02 MYT 2010 without any failure and need to be restart. For now the box act as our firewall and also our NAT for about 50 people in our office. Before this we are using Dir-300 which i don't it can perform well and customized with what I need to protect my network. my future needs is to install Ntop for network monitoring..

I got my Jails running 3 web server with sendmail enable. This is to enable my web server to send an email using the PHP mail() function. After a while the server is in testing period, I encounter a slowness when trying to post/insert into the database(that's also one of the jail). Further investigation, I found that in my web server log (/var/log/messages) with the following warning (even the sendmail is still functioning) : Jan 13 16:25:44 httpd-2-server sendmail[46097]: unable to qualify my own domain name (httpd-2-server) -- using short name Jan 13 16:25:49 httpd-2-server sm-mta[46118]: o0DGPi16046116: SYSERR(root): hash map "Alias0": missing map file /etc/mail/aliases.db: No such file or directory For the "unable to qualify my own domain name (httpd-2-server) -- using short name", I resolve through setting up the /etc/hosts with something like this : ::1 localhost httpd-2-server.local 127.0.0.1 localhost httpd-2-se...

I facing this error message in my samba server which serve 20 Windows XP user that store their file in the server daily. I setup a FreeBSD 7.2 samba server on my machine. So far it working good :) But the error that I get is so annoying but since the samba server is working fine, it's no big deal for me to check for more details. Oct 12 09:51:02 opigateway smbd[1239]: [2009/10/12 09:51:02, 0] lib/util_sock.c:get_peer_addr_internal(1676) Oct 12 09:51:02 opigateway smbd[1239]: getpeername failed. Error was Socket is not connected Oct 12 09:51:02 opigateway smbd[1239]: [2009/10/12 09:51:02, 0] lib/util_sock.c:write_data(1136) Oct 12 09:51:02 opigateway smbd[1239]: [2009/10/12 09:51:02, 0] lib/util_sock.c:get_peer_addr_internal(1676) As I'm searching on the net, I found one of the web site mention regarding getpeername error which is this site . So we have to add a new option in our global configuration smb ports = 139 Restart the samba service and monitor your messages logs i...