I just finished the configuration of IPv6 at home.
Just great! :D
Striving to make today's software look ancient as soon as possible
cd /usr/ports/devel/subversion/
sudo make install clean
sudo svn co http://svn.freebsd.org/base/stable/9 /usr/src
sudo svn up /usr/src
cp /usr/src/sys/amd64/conf/GENERIC
/usr/src/sys/amd64/conf/VBOX
For this example, I used the following content:sudo ee
/usr/src/sys/amd64/conf/VBOX
cpu I686_CPU
ident VBOX
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options NFSCL # New Network Filesystem Client
options NFSD # New Network Filesystem Server
options NFSLOCKD # Network Lock Manager
options NFS_ROOT # NFS usable as /, requires NFSCL
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options INCLUDE_CONFIG_FILE # Include this file in kernel
options KDB # Kernel debugger related code
options KDB_TRACE # Print a stack trace for a panic
# To make an SMP kernel, the next two lines are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC
# CPU frequency control
device cpufreq
# Bus support.
device acpi
device eisa
device pci
# ATA controllers
device ahci # AHCI-compatible SATA controllers
device ata # Legacy ATA/SATA controllers
options ATA_CAM # Handle legacy controllers with CAM
options ATA_STATIC_ID # Static device numbering
# ATA/SCSI peripherals
device scbus # SCSI bus (required for ATA/SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct ATA/SCSI access)
device ses # Enclosure Services (SES and SAF-TE)
device ctl # CAM Target Layer
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
options VESA # Add support for VESA BIOS Extensions (VBE)
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
options SC_PIXEL_MODE # add support for the raster text mode
# Add suspend/resume support for the i8254.
device pmtimer
# Serial (COM) ports
device uart # Generic UART driver
# Parallel port
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
device puc # Multi I/O cards and multi-channel UARTs
# PCI Ethernet NICs.
device em # Intel PRO/1000 Gigabit Ethernet Family
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device vlan # 802.1Q VLAN support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
options USB_DEBUG # enable debug msgs
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device xhci # XHCI PCI->USB interface (USB 3.0)
device usb # USB Bus (required)
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
# Sound support
device sound # Generic sound driver (required)
device snd_ich # Intel, NVidia and other ICH AC'97 Audio
cd /usr/src/
sudo make buildkernel KERNCONF=VBOX
sudo make installkernel KERNCONF=VBOX
uname -a
freebsd-update fetch
If updates are found, use the following command to install them: freebsd-update install
portsnap fetch extract
When you are back at the command line you will have the collection available at /usr/ports/, the Ports are inside directories grouped by category. portsnap fetch update
To check if there are new versions of your Ports use the following command: pkg_version -v
cd /usr/ports/ports-mgmt/portaudit
make install clean
Log out and log in again to have the binaries available in your path and use the following command to update and view the known vulnerabilities of your Ports: portaudit -Fda
If your system is going to be up and running 24/7 you might want to use the following command to edit /etc/crontab: ee /etc/crontab
Add the following lines to keep your vulnerabilities database updated everyday at 3:00am: # Portaudit
0 3 * * * root /usr/local/sbin/portaudit -Fda
Any time you want to check if there are vulnerabilities reported for any of your installed Ports use the following command: portaudit -a
You cannot install a Port if there is a vulnerability reported, but in case you want to force it you just have to add the -DDISABLE_VULNERABILITIES option when you call make, like the following: make -DDISABLE_VULNERABILITIES install clean
Be sure to read the vulnerability report first to know how your system is compromised!. cd /usr/ports/ports-mgmt/portmanager
make install clean
Log out and log in again to have the binaries available in your path and use the following command to compile and upgrade your installed Ports: portmanager -u
cd /usr/ports/security/sudo
make install clean
You might want to create a group for the sudoers, use the following command to add the group sudoers: pw groupadd sudoers
Log out and log in again to have the binaries available in your path and use the following command to configure sudo: visudo
Add the following line at the end of the file: %sudoers ALL=(ALL) ALL
Any sudoer can gan root access, you might want to tighten up your security a bit using the following lines instead to prevent the use of visudo, the access as root using the command su and the access as root through one of the installed shells: # visudo, disabling user switching and visudo
Cmnd_Alias NSHELLS = /bin/csh,/bin/tcsh,/bin/sh
Cmnd_Alias NSU = /usr/bin/su
Cmnd_Alias NVISUDO = /usr/local/sbin/visudo
%sudoers ALL=(ALL) ALL, !NSHELLS, !NSU, !NVISUDO
Now you just need to add your users to the group sudoers, use the following command to add user johndoe: pw usermod johndoe -G sudoers
If you wish to disable root access entirely use the following command: pw lock root
If you disabled root access, a sudoer can enable it using the following command: sudo pw unlock root
sudo apt-get install ejabberd pymsnt
sudo vi /etc/ejabberd/ejabberd.cfg
Add your admin user on line 58 (remember to change the IP Address accordingly, this user does not exists yet), change the line to something like the following:{acl, admin, {user, "myuser", "192.168.1.82"}}.
Add your hostname on line 61 (remember to change the IP Address accordingly), change the line to something like the following:{hosts, ["localhost","192.168.1.82"]}.
Uncomment the lines from 165 to 170 (MSN Transport) and change the hostname, just delete the initial "%%" and change localhost, it must look like the following: %% MSN Transport
{5557, ejabberd_service, [
{ip, {127, 0, 0, 1}},
{access, all},
{shapper_rule, fast},
{host, "msn.192.168.1.82", [{password, "secret"}]}
]},
sudo service ejabberd restart
sudo ejabberdctl register myuser 192.168.1.82 mypassword
sudo ufw allow 5222/tcp
Optionally, the administrator interface is available using the address http://192.168.1.82:5280/admin, use the admin user created in step 4 without the hostname, to allow the administration interface through the firewall use the following command:sudo ufw allow 5280/tcp
sudo vi /etc/pymsnt.conf.xml
Change the Jabber Identification on line 6
to match your hostname (remember to change the IP Address accordingly), change the line to something like the following:<jid>msn.192.168.1.82</jid>
Change the port number on line 24, the line should look like following:<port>5347</port>
sudo service pymsnt restart
instantclient-basic-linux.x64-11.2.0.3.0.zip
instantclient-sdk-linux.x64-11.2.0.3.0.zip
instantclient-sqlplus-linux.x64-11.2.0.3.0.zip
sudo apt-get install unzip libaio1
sudo unzip instantclient-basic-linux.x64-11.2.0.3.0.zip -d /usr/lib/oracle
sudo unzip instantclient-sdk-linux.x64-11.2.0.3.0.zip -d /usr/lib/oracle
sudo unzip instantclient-sqlplus-linux.x64-11.2.0.3.0.zip -d /usr/lib/oracle
sudo ln -s /usr/lib/oracle/instantclient_11_2/libclntsh.so.11.1 /usr/lib/oracle/instantclient_11_2/libclntsh.so
sudo ln -s /usr/lib/oracle/instantclient_11_2/libocci.so.11.1 /usr/lib/oracle/instantclient_11_2/libocci.so
sudo vi /etc/ld.so.conf.d/oracle.conf
And insert the following line: /usr/lib/oracle/instantclient_11_2
Save the file and run the configuration of the Dynamic Linker Run-Time Bindings with the following command: sudo ldconfig
sudo vi /etc/profile.d/oracle.sh
And insert the following lines: export ORACLE_HOME=/usr/lib/oracle/instantclient_11_2
export NLS_LANG=AMERICAN_AMERICA.AL32UTF8
export TNS_ADMIN=/etc/oracle
export PATH=$PATH:$ORACLE_HOME
Please note, the NLS_LANG environment variable must match the configuration of your Oracle Database or you will have character problems I normally use one of AMERICAN_AMERICA.AL32UTF8, MEXICAN SPANISH_MEXICO.AL32UTF8, MEXICAN SPANISH_MEXICO.WE8ISO8859P1 or MEXICAN SPANISH_MEXICO.WE8ISO8859P15 but you might need another.sudo mkdir /etc/oracle
Create the file with the following command: sudo vi /etc/oracle/tnsnames.ora
And insert the lines you need to configure your connections, for example: ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.87)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
sqlplus myuser@orcl
sudo apt-get install curl git
sudo apt-get install libssl-dev
sudo apt-get install libreadline-dev
bash < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
rvm install 1.8.7
rvm install 1.9.3
rvm use 1.9.3 --default
rvm use 1.8.7
sudo apt-get install acpid
sudo apt-get install build-essential
sudo apt-get install ufw
sudo ufw enable
sudo apt-get install dkms linux-headers-virtual
sudo mount /dev/cdrom /media/cdrom
cd /media/cdrom
sudo ./VBoxLinuxAdditions.run
sudo apt-get update
sudo apt-get dist-upgrade
At this point you might want to export the appliance (444MB), clone the Virtual Machine or save a Snapshot.