my FreeBSD docs

Hereby my little contribution with some configuration info for my favorite Operating System.

TOC

	enable user quota's
	compile your kernel
	nice prompt
	mount iso file system
	adding users & groups
	caching dns server
	resolving dns server
	openssl 
	mysql things
	SED
	TCPdump
	restore met dump

quota

	enable user quota's to limit the amount of disk space they use and the 
	number of i-nodes.

	your kernel must have this option, so add this line
	to the kernel conf file an rebuild your kernel. 

		options		QUOTA

	in /etc/rc.conf put:

		enable_quotas="yes" 
		check_quotas="yes"

	in /etc/fstab add 'userquota' to the apropriate file system. I 
	always do this on /usr, like:

		/dev/ar0s1g             /usr            ufs     rw,userquota    2       2

	=> reboot
	now you can type the following, vi starts now edit soft and hard 
	values, between the parenthesis.

		#edquota -u 'user'

	report all user quota's on the filesystem the quotas are enabled on:

		#repquota /usr 

	filter one user;

		#repquota /usr | grep 'user'

kernel

	making a kernel.
	no directory /usr/src/sys/ ? use /stand/sysinstall to get the src tree,
	in the menu go this way;
		"Configure    Do post-install configuration of FreeBSD"
		"Distributions    Install additional distribution sets"
		"[X]  src       Sources for everything"
		"[X]  sys      /usr/src/sys (FreeBSD kernel)"
	
	next is to choose the distribution media and install.

	cd to /usr/src/sys/i386/conf/
	cp GENERIC to MYKERNEL
	vi MYKERNEL
	add the options you want like;

		
		# enable firewall 
		options         IPFIREWALL
		options         IPFIREWALL_VERBOSE
		options         IPFIREWALL_VERBOSE_LIMIT=10

		#ip forwarding.. natd.
		options         IPFIREWALL_FORWARD
		options         IPDIVERT

		#dummynet 
		options         DUMMYNET

		# enable quota
		options         QUOTA
	

	continue with config:

		/usr/sbin/config MYKERNEL

	go to the compile dir
	
		cd ../../compile/MYKERNEL

		make depend
		make
		make install

	=> reboot

nice prompt

	put this in your '.profile' file. (/home/user/.profile)

		alias ls="ls -G"			#ls with colors!
		PS1="\u@\h \W>"				#prompt like: user@host dir>

	locate the 'TERM=${TERM:-cons25}' and put above:

		TERM=xterm-color 			#for colors in the terminal!

mount iso file system

	use the tool 'vnconfig'
		vnconfig /dev/vn0c ./image.iso
		mount -t cd9660 -o ro /dev/vn0c /mnt/cdrom 

	to unmount:
		umount /mnt/cdrom
		vnconfig -u /dev/vn0c

adding user & group

	add a group:
		pw groupadd -n [group] -g [gid]

	add user:
		pw useradd -n [user] -u [uid] -g [gid] -d /nonexistent -s /sbin/nologin
		off course you can replace 'nonexistent' with a vallid home dir.
		and /sbin/nologin with a valid shell

caching name server

	in the djbdns port; make install clean
	add users and group
		pw groupadd -n mydns -g 100
		pw useradd -n mydns -u 100 -g 100 -d /nonexistent -s /sbin/nologin
		pw useradd -n mydnscache -u 101 -g 100 -d /nonexistent -s /sbin/nologin
		pw useradd -n mydnslog -u 102 -g 100 -d /nonexistent -s /sbin/nologin

	
		dnscache-conf mydnscache mydnslog /etc/dnscache 192.168.0.200
		ln -s /etc/dnscache /var/service/
		touch /etc/dnscache/root/ip/192.168.0

	believe it or not, that's it.
	meer op: http://www.lifewithdjbdns.org/#Simple%20setup
     
resolving name server

		tinydns-conf mydns mydnslog /etc/tinydns 192.168.0.12
		ln -s /etc/tinydns /service

openssl

		selfsigned cert
		openssl req -x509 -nodes -days 999 -newkey rsa:1024 -keyout server.key -out server.crt

		voor bijv ideal:
		openssl genrsa  -des3  -out ${DOMAIN}.key 1024
		openssl req  -x509  -new  -key ${DOMAIN}.key -days 3650  -out ${DOMAIN}.cer

mysql things

	keep forgetting this one..
		flush privileges;

	adding mysql user:
		GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost'
        IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

	changing password:
		SET PASSWORD FOR root@localhost=PASSWORD('newpw')

     
sed

	Want to use sed(1) to edit a file in place?  Well, to replace every 'e' with
	an 'o', in a file named 'foo', you can do:

        sed -i.bak s/e/o/g foo

	And you'll get a backup of the original in a file named 'foo.bak', but if you
	want no backup:

        sed -i '' s/e/o/g foo

	 
ahhh.. tcpdump

	tcpdump -ni fxp0 'tcp and (port 25) and (ip dst 192.168.0.9)'
	or
	tcpdump -ni fxp0 'tcp and (port 25) and (ip src 192.168.0.9)'

	 
freebsd installatie kopieren met dump

	- maak een raid array met: 
		atacontrol create RAID1 ad5 ad7
	  let op dit zijn de slave drives! master werkt niet -> Device busy
	- maak slices met label in /stand/sysinstall of met de hand
	  formateer de nieuwe slices
	maak een tijdelijk mount point bijv: /mnt/target
	mount nu van de nieuwe array omdebuurt de partities op /mnt/target en cd in target
		
		mount /dev/ar1s1a /mnt/target
		cd /mnt/target

	vervolgens runnen we dump: (bijvoorbeeld voor /var)
	dump 0af - /var | restore xf -
	
	antwoord y op de laatste vraag,.
	klaar!!




## queued
you could try a number of ways:

'ps aux | grep -c apache' will let you know approximately how many 
servers are running.

netstat -vatn | grep 'my.ip.addr.ess:80' | grep -c ESTABLISHED

will let you know how many connections are established to port 80 on
your box.

##
natd -n ed0 -redirect_port tcp 192.168.0.200:80 8080

### bgp dingen
show ip bgp neighbors 217.170.0.133 routes
show ip bgp 213.84.50.76

smtp ssl test;
	openssl s_client -starttls  smtp -crlf -connect saskia:25
	NOTE: If you get an error like this:
	20656:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:473:

	your qmail install might need the cipher lists. Debian does this, I don't know why. The following commands will fix it:

    openssl ciphers > /var/qmail/control/tlsclientciphers
    openssl ciphers > /var/qmail/control/tlsserverciphers



author: Erik Jan Jonkers (19-05-2003) update: 04-10-06