I just finished the configuration of IPv6 at home.
Just great! :D
2013-08-05
2012-05-24
FreeBSD 9.0 Kernel compilation
Recently, some friends tried to compile a FreeBSD kernel but failed to get the source using CVSup and got stuck... so they asked me how do I do it. Personally, I've never been able to get the sources using CVSup and it may be because I'm used to be behind firewalls.
Since June 2008, development of the base system moved to Subversion, so it might be easier for you to use Subversion if you're having problems to get the source.
The FreeBSD Handbook cites "Building a custom kernel is one of the most important rites of passage for advanced BSD users.", I believe everyone who is really into FreeBSD should do it at some point.
I'll be using the Virtual Machine created in my previous post, you might want to use your own computer with FreeBSD already installed and the only difference is that you might already have the required ports installed.
Preliminaries:
- Install Subversion from ports as you need it to get the sources, use default
options when asked (this will require some time due to the dependencies
needed):
cd /usr/ports/devel/subversion/ sudo make install clean - Log out and log in again to make the new commands available to your user.
- Use subversion to get the source code:
sudo svn co http://svn.freebsd.org/base/stable/9 /usr/src - Once installed, use the following commands to update your source:
sudo svn up /usr/src
Let's create a stripped down kernel for VirtualBox, remeber to use capital letters to name it (as it is a tradition :P) and to leave the GENERIC file untouched (as it is not recommended to modify it). If you have a 32 bit Kernel use the directory i386 instead of amd64.
- Start with a copy of the GENERIC Kernel naming it VBOX:
cp /usr/src/sys/amd64/conf/GENERIC/usr/src/sys/amd64/conf/VBOX - In the new VBOX file it is important to change the identification changing the line "ident GENERIC" to "ident VBOX". The lines with the options you don't want can be commented or deleted, and you can add options according to your needs. Use the following command to edit the file:
For this example, I used the following content:sudo ee/usr/src/sys/amd64/conf/VBOXcpu I686_CPU ident VBOX options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols options SCTP # Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options UFS_GJOURNAL # Enable gjournal-based UFS journaling options MD_ROOT # MD is a potential root device options NFSCL # New Network Filesystem Client options NFSD # New Network Filesystem Server options NFSLOCKD # Network Lock Manager options NFS_ROOT # NFS usable as /, requires NFSCL options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options COMPAT_FREEBSD6 # Compatible with FreeBSD6 options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing options MAC # TrustedBSD MAC Framework options INCLUDE_CONFIG_FILE # Include this file in kernel options KDB # Kernel debugger related code options KDB_TRACE # Print a stack trace for a panic # To make an SMP kernel, the next two lines are needed options SMP # Symmetric MultiProcessor Kernel device apic # I/O APIC # CPU frequency control device cpufreq # Bus support. device acpi device eisa device pci # ATA controllers device ahci # AHCI-compatible SATA controllers device ata # Legacy ATA/SATA controllers options ATA_CAM # Handle legacy controllers with CAM options ATA_STATIC_ID # Static device numbering # ATA/SCSI peripherals device scbus # SCSI bus (required for ATA/SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct ATA/SCSI access) device ses # Enclosure Services (SES and SAF-TE) device ctl # CAM Target Layer # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device kbdmux # keyboard multiplexer device vga # VGA video card driver options VESA # Add support for VESA BIOS Extensions (VBE) device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc options SC_PIXEL_MODE # add support for the raster text mode # Add suspend/resume support for the i8254. device pmtimer # Serial (COM) ports device uart # Generic UART driver # Parallel port device ppc device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device device puc # Multi I/O cards and multi-channel UARTs # PCI Ethernet NICs. device em # Intel PRO/1000 Gigabit Ethernet Family # Pseudo devices. device loop # Network loopback device random # Entropy device device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. device pty # BSD-style compatibility pseudo ttys device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) device firmware # firmware assist module # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device bpf # Berkeley packet filter # USB support options USB_DEBUG # enable debug msgs device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device ehci # EHCI PCI->USB interface (USB 2.0) device xhci # XHCI PCI->USB interface (USB 3.0) device usb # USB Bus (required) device uhid # "Human Interface Devices" device ukbd # Keyboard device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse # Sound support device sound # Generic sound driver (required) device snd_ich # Intel, NVidia and other ICH AC'97 Audio - To compile and install your Kernel use the following:
cd /usr/src/ sudo make buildkernel KERNCONF=VBOX sudo make installkernel KERNCONF=VBOX
- Reboot to use the new Kernel, you can check it with the following command:
uname -a
Enjoy a faster boot time and a lower memory usage at this point.
I hope this will help someone out there, please feel free to send any comments.
2012-04-02
FreeBSD 9.0 in VirtualBox 4.1.12
I've been a FreeBSD fan for years now and I must say I really like this OS. Sadly, most people feel it is way too complicated to be used and recently I was asked to provide a simple walkthrough.
The FreeBSD handbook is a great resource, but some people get easily lost reading it... I'll show in this post the steps necessary to get a Virtual Machine running trying to give just a brief explanation when needed to keep it simple.
At this time, I'm using VirtualBox 4.1.12 (no Extension Pack) and FreeBSD 9.0 (64 bit) but you can use 32 bit as well.
Preliminaries:
1. Create a Virtual Machine for a "BSD" Operating System and the "FreeBSD (64 bit)" Version, I suggest 512MB of RAM memory and a virtual hard drive with 8GB of space (as you might feel a bit tight with the default options).
2. Use the default configuration, you might want to disable audio as it won't be needed.
Installation:
You should have no trouble selecting the options you need and you can select the default if you are not familiar with the dialogs, just change the following:
1. You need to type your hostname in the Set Hostname screen, I suggest "freebsd" but you might want another name for it. If you plan to use this system to host a network service like Kerberos or LDAP you might want to use a full qualified domain name here.
2. Uncheck everything in the Distribution Select screen, we'll deal with that later.
3. Select "<Guided>" in the Partitioning screen, select "<Entire Disk>" in the Partition screen, select "<Finish>" at the Partition Editor screen and select "<Commit>" when the Confirmation dialog shows up. This will create a 64kB partition for boot, a 409 MB for swap and the rest for the file system root "/" using UFS.
4. In the Network Configuration screen, select "<Yes>" for "IPv4", select "<Yes>" for "DHCP", select "<No>" for IPv6 (VirtualBox 4.1.10 has limited support for IPv6) and select "<OK>" in the resolver configuration (your DNS servers should be there already but be sure to type at least one IP address if your fields are blank).
5. Check only "ssh" in the System Configuration screen.
6. Select "<No>" in the Dumpdev Configuration screen.
7. Select "<No>" in the Manual Configuration screen.
Remeber to unmount your virtual CD when the VirtualBox logo appears or it might boot from it again.
Post-Installation:
A minimal system is running, here is what you need to know in order to get started in the FreeBSD world.
Keep your Kernel updated
You probably want to check if there are updates (especially security ones) for your Kernel, use the following command to get the updates available:
freebsd-update fetch
freebsd-update installGet your Ports collection and keep it updated with Portsnap
We need to install the software we are going to use and for that I recommend you to use FreeBSD Ports, you can add binary packages in a similar way to linux using pkg commands but you will likely encounter bugs that are already fixed on the source code.
There is no need to fear the source code, many people I know do not want to compile everything because they are afraid of compilation errors but the FreeBSD Ports do a pretty good job and the only disadvantage is the time needed for the compilation process.
One big plus is, you can look for vulnerabilities reported on the FreeBSD Ports and proactively take action.
Use the root account with the password set during the installation, we don't have sudo installed just yet.
Get the FreeBSD Ports collection and extract it using the following command:
portsnap fetch extract
You'll probably want to keep your FreeBSD Ports up to date, you can use the following command when you want to download and apply the available updates for your collection:
portsnap fetch update
pkg_version -v
Audit your Ports collection with Portaudit
Portaudit checks for known security issues with your installed Ports, alerts if there are vulnerabilities reported in your installations and even prevents the installation of compromised Software. Install it with the following commands:
cd /usr/ports/ports-mgmt/portaudit
make install clean
portaudit -Fda
ee /etc/crontab
# Portaudit
0 3 * * * root /usr/local/sbin/portaudit -Fda
portaudit -a
make -DDISABLE_VULNERABILITIES install clean
Update your installed Ports with Portmanager
Portsnap will help you to keep the source code updated for your Ports but it will not upgrade the installed binaries. Portmanager will help you to install new versions of your Ports when Portsnap updates their source code, install it with the following commands (leave the default options when asked):
cd /usr/ports/ports-mgmt/portmanager
make install clean
portmanager -u
Install and configure sudo:
It is a good idea to use sudo as it will leave a trace of every command used by the administrators for audit purposes, you never know what can hit you and if everyone is using the root account for administration this can lead to serious consequences as the attakers can delete their own traces easily... on the other hand, someone on your staff did something wrong you'll never know who (I've seen around 20 people using the root account for administration on a single system when I've been called to find out what caused the disaster!).
This might not be bulletproof, but it certainly helps to close the gap, install it with the following commands (leave the default options when asked):
cd /usr/ports/security/sudo
make install clean
pw groupadd sudoers
visudo
%sudoers ALL=(ALL) ALL
# visudo, disabling user switching and visudo
Cmnd_Alias NSHELLS = /bin/csh,/bin/tcsh,/bin/sh
Cmnd_Alias NSU = /usr/bin/su
Cmnd_Alias NVISUDO = /usr/local/sbin/visudo
%sudoers ALL=(ALL) ALL, !NSHELLS, !NSU, !NVISUDO
pw usermod johndoe -G sudoers
pw lock root
sudo pw unlock root
At this point you have the base system ready to install the Ports you want, you might want to export the appliance (473MB), clone the Virtual Machine or save a Snapshot.
I hope this will help someone out there, please feel free to send any comments.
2011-11-14
Jabber with MSN transport in Ubuntu 11.10
There are several ways to install a messenger service on your own servers to provide communication to your comrades or integrate a messenger service on the Intranet page in your workplace.
Ubuntu has packages to help you out, I'll show you here how to install the Erlang Jabber/XMPP Daemon and the MSN Transport to help your users to communicate with their contacts on the MSN Messenger network.
I'll be using the Virtual Machine created in my first post, you might want to use your own computer with Ubuntu already installed and the only difference is that you might already have the required packages installed.
Preliminaries:
- You need a hostname to identify your server, feel free to use the IP Address of your server as it will work. Of course a Dynamic DNS entry, a conventional Domain Name System or a DNS Appliance to get a hostname will be useful if you want to provide worldwide access.
Installation:
I'll be using the IP Address 192.168.1.82 as the hostname but you need to change it to your Internal IP Address, your Public IP Address or your hostname.
- You need the Erlang Jabber/XMPP Daemon and the MSN Transport, to install the packages use the following:
sudo apt-get install ejabberd pymsnt - Your hostname and your administration user are missing in the configuration file, edit the file with the following command:
Add your admin user on line 58 (remember to change the IP Address accordingly, this user does not exists yet), change the line to something like the following:sudo vi /etc/ejabberd/ejabberd.cfg
Add your hostname on line 61 (remember to change the IP Address accordingly), change the line to something like the following:{acl, admin, {user, "myuser", "192.168.1.82"}}.
Uncomment the lines from 165 to 170 (MSN Transport) and change the hostname, just delete the initial "%%" and change localhost, it must look like the following:{hosts, ["localhost","192.168.1.82"]}.%% MSN Transport {5557, ejabberd_service, [ {ip, {127, 0, 0, 1}}, {access, all}, {shapper_rule, fast}, {host, "msn.192.168.1.82", [{password, "secret"}]} ]}, - Restart the Erlang Jabber/XMPP Daemon with the following command:
sudo service ejabberd restart - Create your admin user (remember to change the IP Address as well as myuser and mypassword accordingly) with the following command:
sudo ejabberdctl register myuser 192.168.1.82 mypassword - Allow port 5222/TCP through the firewall with the following command:
Optionally, the administrator interface is available using the address http://192.168.1.82:5280/admin, use the admin user created in step 4 without the hostname, to allow the administration interface through the firewall use the following command:sudo ufw allow 5222/tcpsudo ufw allow 5280/tcp - The Erlang Jabber/XMPP Daemon is expecting the MSN Transport to connect using the port number 5557 (as we can see in step 2) but the MSN Transport is using 5347, edit the configuration file with the following command:
Change the Jabber Identification on line 6 to match your hostname (remember to change the IP Address accordingly), change the line to something like the following:sudo vi /etc/pymsnt.conf.xml
Change the port number on line 24, the line should look like following:<jid>msn.192.168.1.82</jid><port>5347</port> - Restart the MSN Transport with the following command:
sudo service pymsnt restart
At this point you should be able to use a Jabber Client like Psi to get access using your admin user myuser@192.168.1.82 (remember to change the IP Address accordingly), new users can register also and use the MSN Transport to get their MSN Messenger contacts in Jabber.
The secure connection is possible using a self signed certificate you can set on line 229 in the configuration file /etc/ejabberd/ejabberd.cfg, but you might want to install your own certificate if you have the experience. Even with the self signed certificate every connection can be protected using STARTTLS if the Jabber Client support this feature, a good way to keep your conversations private.
2011-11-08
Oracle Instant Client 11.2.0.3.0 in Ubuntu 11.10
As an Oracle Database Administrator, I've been involved in several projects where the installation of the Instant Client is a requirement.
I'm aware of some tutorials where people tell you to use "alien" to convert Oracle RPMs to DEBs but I preffer to use ZIPs, so I'll post here how it works including the Basic package along with the SQL*Plus and the SDK.
I'll be using the Virtual Machine created in my first post, you might want to use your own computer with Ubuntu already installed and the only difference is that you might already have the required packages installed.
Preliminaries:
Feel free to use "alien" to make your own DEBs, I'm not against that in any way, I'm just posting this because some people I've worked with believe that just by installing those DEB files everything will work as espected ignoring some missing steps are needed. Hopefully, this will save you some time.
I hope this will help someone out there, please feel free to send any comments.
I'm aware of some tutorials where people tell you to use "alien" to convert Oracle RPMs to DEBs but I preffer to use ZIPs, so I'll post here how it works including the Basic package along with the SQL*Plus and the SDK.
I'll be using the Virtual Machine created in my first post, you might want to use your own computer with Ubuntu already installed and the only difference is that you might already have the required packages installed.
Preliminaries:
- Get the following files from Oracle Download site:
instantclient-basic-linux.x64-11.2.0.3.0.zip instantclient-sdk-linux.x64-11.2.0.3.0.zip instantclient-sqlplus-linux.x64-11.2.0.3.0.zip - You will need unzip for the files and SQL*Plus requires the Linux kernel AIO access library, to install the packages use the following:
sudo apt-get install unzip libaio1
- Instant Client will be installed under /usr/lib/oracle, from the directory where you have the ZIP files enter the following commands:
sudo unzip instantclient-basic-linux.x64-11.2.0.3.0.zip -d /usr/lib/oracle sudo unzip instantclient-sdk-linux.x64-11.2.0.3.0.zip -d /usr/lib/oracle sudo unzip instantclient-sqlplus-linux.x64-11.2.0.3.0.zip -d /usr/lib/oracle - You need two Symbolic Links for compilation purposes, create them with the following commands:
sudo ln -s /usr/lib/oracle/instantclient_11_2/libclntsh.so.11.1 /usr/lib/oracle/instantclient_11_2/libclntsh.so sudo ln -s /usr/lib/oracle/instantclient_11_2/libocci.so.11.1 /usr/lib/oracle/instantclient_11_2/libocci.so - Dynamic Linker Run-Time Bindings must be configured, create a new file with the following command:
And insert the following line:sudo vi /etc/ld.so.conf.d/oracle.conf
Save the file and run the configuration of the Dynamic Linker Run-Time Bindings with the following command:/usr/lib/oracle/instantclient_11_2sudo ldconfig - Some environment variables are required and you can add the directory to the path, create a new file with the following command:
And insert the following lines:sudo vi /etc/profile.d/oracle.sh
Please note, the NLS_LANG environment variable must match the configuration of your Oracle Database or you will have character problems I normally use one of AMERICAN_AMERICA.AL32UTF8, MEXICAN SPANISH_MEXICO.AL32UTF8, MEXICAN SPANISH_MEXICO.WE8ISO8859P1 or MEXICAN SPANISH_MEXICO.WE8ISO8859P15 but you might need another.export ORACLE_HOME=/usr/lib/oracle/instantclient_11_2 export NLS_LANG=AMERICAN_AMERICA.AL32UTF8 export TNS_ADMIN=/etc/oracle export PATH=$PATH:$ORACLE_HOME - Log out and log in again to make the new environment variables available to your user.
- Finally, the tnsnames.ora file must be created in the path defined in the environment variable TNS_ADMIN, create the directory with the following command:
Create the file with the following command:sudo mkdir /etc/oracle
And insert the lines you need to configure your connections, for example:sudo vi /etc/oracle/tnsnames.oraORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.87)(PORT = 1521)) (CONNECT_DATA = (SERVICE_NAME = orcl) ) )
sqlplus myuser@orclFeel free to use "alien" to make your own DEBs, I'm not against that in any way, I'm just posting this because some people I've worked with believe that just by installing those DEB files everything will work as espected ignoring some missing steps are needed. Hopefully, this will save you some time.
I hope this will help someone out there, please feel free to send any comments.
2011-11-07
Ruby 1.8.7/1.9.3 in Ubuntu 11.10 (using RVM Single-User installation)
As a Ruby developer, I'm often using different versions of the language to create scripts and Ruby on Rails applications. Packages for Ruby are available for Ubuntu through the official repositories but you might want to use Ruby Version Manager to keep things a bit simpler.
I'll be using the official installation instructions for Ruby Version Manager in the Virtual Machine created in my first post, you might want to use your own computer with Ubuntu already installed and the only difference is that you might already have the required packages installed.
Preliminaries:
I'll be using the official installation instructions for Ruby Version Manager in the Virtual Machine created in my first post, you might want to use your own computer with Ubuntu already installed and the only difference is that you might already have the required packages installed.
Preliminaries:
- You will need curl and git to get the source code using the official script, to install the packages use the following:
sudo apt-get install curl git - If you want to use SSL you need the OpenSSL libraries available, for Ruby on Rails this is a requirement, to install the package use the following:
sudo apt-get install libssl-dev - If you like to use the Interactive Ruby Shell (IRB), you probably want to install the GNU readline libraries using the folowing:
sudo apt-get install libreadline-dev
Installation:
Everything will be done as user, no need for administrative rights (or sudo), use the following command to install Ruby Version Manager:
bash < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)Once the installer finishes and you are back to your command line you need to log out and log in again to have Ruby Version Manager available (this is the preferred way for initial installations).
Post-Installation:
After your log in, you will have Ruby Version Manager installed and it is time to install Ruby. To install both versions (1.8.7 and 1.9.3) use the following commands:
rvm install 1.8.7
rvm install 1.9.3After the installation of Ruby you need to select the default version to be used (even if you only installed one), use the following command to set the version 1.9.3 as default (of course, you can change the version number if you like):
rvm use 1.9.3 --defaultYou can change the default Ruby version anytime you want using the previous command, or you can change it temporary in your current session or terminal using it without the default flag (everytime you log in you will have the default version available):
rvm use 1.8.7Ruby Gems will be installed as well, no need to download and install. Please note each Ruby version will have its own Gems, you can start to install Gems right away using the gem command.
I hope this will help someone out there, please feel free to send any comments.
Ubuntu 11.10 Server in VirtualBox 4.1.10
I've been doing a lot of research over the years looking for ways to integrate new or updated Software in different environments, something I always need is a Virtual Machine in which I install all the new stuff to test it and people ask me about how I create it to start their own (and, with a bit of luck, compete with me to be the first to implement something useful to make someone's job a bit easier).
At this time, I'm using VirtualBox 4.1.10 (no Extension Pack) and Ubuntu 11.10 Server (64 bit) but you can use 32 bit as well.
Preliminaries:
At this time, I'm using VirtualBox 4.1.10 (no Extension Pack) and Ubuntu 11.10 Server (64 bit) but you can use 32 bit as well.
Preliminaries:
- Create a Virtual Machine using all the default option for a "Linux" Operating System and the "Ubuntu (64 bit)" Version.
- After creation, you need to change from SATA to IDE in the Storage configuration or your system will never boot (please! don't ask me why).
Installation:
After language selection (when you can highlight the "Install Ubuntu Server" entry) you should press "F4" on the keyboard to list the available instalation modes and select "Install a minimal Virtual Machine", now when you "Install Ubuntu Server" the installer will use a special version of the Linux Kernel made to be used in Virtual Machines.
At the "Partition Disks" step I select "Guided - Use entire Disk" which will create a 534.8MB partition for Swap and leave the rest for the file system root "/" using EXT4. At the "Software selection" step I leave everything blank to know exactly what packages I need to install when needed.
Post-Installation:
You will notice a faster boot of your Virtual Machine as it is using just what it needs to run, but to have complete functionality you might want to do the following:
I hope this will help someone out there, please feel free to send any comments.
You will notice a faster boot of your Virtual Machine as it is using just what it needs to run, but to have complete functionality you might want to do the following:
- ACPI Shutdown from the "Machine" menu in VirtualBox does not work, to make it work use the following command:
sudo apt-get install acpid - Build Essential is missing, to install the packages needed to compile use the following command:
sudo apt-get install build-essential - No firewall installed, it is a good idea to install one if you want to understand your network services and add a level security, to install the Uncomplicated Firewall and enable it use the following commands:
sudo apt-get install ufw sudo ufw enable - There is no X server installed but you might want to use VirtualBox Shared Folders, select "Install guest additions..." from the "Devices" menu in VirtualBox and use the following commands:
sudo apt-get install dkms linux-headers-virtual sudo mount /dev/cdrom /media/cdrom cd /media/cdrom sudo ./VBoxLinuxAdditions.run
sudo apt-get update
sudo apt-get dist-upgradeI hope this will help someone out there, please feel free to send any comments.
Subscribe to:
Posts (Atom)