Author: attenboroughp
I made these guides for myself some time ago for reference purposes. I don’t know if they’ve been posted so I figured rather than hold on to them I might as well share them. IIRC most of the stuff in these guides is copied from guides I’ve followed on the net, so credit where it’s due.
Nice fonts for FreeBSD: (Follow this guide if your fonts are messed up)
If you use PC-BSD, you can skip this tutorial because we're going to use PC-BSD's configuration, and fonts are going to look like MS Windows or PC-BSD
1. First you need to install the Microsoft Fonts. Open your terminal and issue:
2. Then, download the fontconfig XML files and extract them into your system:
http://www.attenboroughp.plus.com/fontconfig.tbz3. Log out from *BSD and relog in. Your fonts should look like MS Windows or PC-BSD
__________________________________________
General Linux/BSD:
How to change your monitor to 96DPI:Open /etc/X11/xorg.conf as root.
Locate Section "Monitor" and add the following lines before EndSection:
Uncomment the one you need, in my case:
__________________________________________
How to get sound working in FreeBSD:(Taken from:
http://www.freebsd.org/doc/en_US.ISO885 ... setup.html)
This is a metadriver loading the most common device drivers at once. This speeds up the search for the correct driver. It is also possible to load all sound drivers via the /boot/loader.conf facility.
If you wish to find out the driver selected for your soundcard after loading the snd_driver metadriver, you may check the /dev/sndstat file with the cat /dev/sndstat command.
__________________________________________
How to get a basic Samba setup up and running:Tested on FreeBSD 4.10 & 5.3 & 6.0
Samba is a powerful application capable of performing many functions.
In this howto I will explain howto to get basic file sharing working with your Microsoft machines.
First you need to install Samba so,
# cd /usr/ports/net/samba3
# make install clean
This should place a startup script in /usr/local/etc/rc.d called samba.sh
# chmod 700 /usr/local/etc/rc.d/samba.sh
Now edit you rc.conf to start samba on boot.
# vi /etc/rc.conf
Add
samba_enable=”YES”
Now create a configuration file for samba to use.
# vi /usr/local/etc/smb.conf
Add
[global]
netbios name = COMPUTERNAME
workgroup = WORKGROUP
security = user
log file = /var/log/samba.log
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 99
[homes]
read only = no
guest ok = no
browseable = no
Change COMPUTERNAME and WORKGROUP to your liking.
The homes section will setup a share for each users home directory.
Windows users will only see the directory for the user that they are logged into.
If you want to setup a normal share that everyone who is authenticated can see, add this to smb.conf
[sharename]
path = /path/to/shared/directory
read only = no
guest ok = no
The port sets up a directory called /var/log/samba which I delete, but that is up to you.
# cd /var/log
# rm -rf samba
# touch samba.log
# chmod 600 samba.log
Now set your newsyslog.conf to rotate the files, add this to /etc/newsyslog.conf
/var/log/samba.log 600 3 300 * Z
If you don’t understand this man newsyslog
With this configuration you must have a real unix user account for each samba account.
These should match the username on the Microsoft machine you will be connecting with.
example from 5.3
home# adduser
Username: testuser
Full name:
Uid (Leave empty for default):
Login group [testuser]:
Login group is testuser. Invite testuser into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash nologin) [sh]: bash
Home directory [/home/testuser]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : testuser
Password : *****
Full Name :
Uid : 1004
Class :
Groups : testuser
Home : /home/testuser
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): y
adduser: INFO: Successfully added (testuser) to the user database.
Add another user? (yes/no): n
You may wish to change the default shell to /sbin/false or something similar so that this username cannot login through ssh, etc…
After you have setup the the unix user, you must setup the samba username.
Use the same password that you use on your Microsoft machines so you will not have to login to access your shares.
It is not recommended, but smbpasswd will take a blank password in case you don’t use one on your Microsoft machine.
# smbpasswd -a testuser
New SMB password:
Retype new SMB password:
Added user testuser.
You should now be ready to start the samba daemons.
# /usr/local/etc/rc.d/samba.sh start
# ps -waux | grep mbd
root 16158 0.0 0.6 5360 3096 ?? Ss 8:20PM 0:00.09 /usr/local/sbin/nmbd -D -s /usr/local/etc/smb.conf
root 16164 0.0 0.9 7120 4600 ?? Is 8:20PM 0:00.01 /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf
root 16166 0.0 0.9 7120 4624 ?? I 8:20PM 0:00.00 /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf
root 16168 0.0 1.0 7488 4984 ?? S 8:21PM 0:00.05 /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf
Provided you don’t have the MS stuff blocked in your firewall, you should be able to test your setup now.
Now try to connect from your Microsoft machine
C:> net view COMPUTERNAME
Shared resources at COMPUTERNAME
Samba 3.0.9
Share name Type Used as Comment
__________________________________________
OPTIONAL: How to map the Samba share on a MS Windows computer:testuser Disk Home directory of testuser
The command completed successfully.
C:>net use z: COMPUTERNAMEtestuser
The command completed successfully.
You should now have a mapped drive to your BSD Machine.
__________________________________________
FreeBSD - Apache web server:General Information
I'm sure many of you have been wondering how people host secure sites using Secure Sockets Layer (SSL). This guide will show you how to set up a web server with SSL, PHP, and MySQL support.
Requirements
1. In order for public access to your website, you must have a valid domain name.
2. A text editor (for this guide we will use Nano)
Installation
Section A -- Apache+mod_ssl
First thing we need to do is install the Apache web server. Currently there are two main versions available: 1.3.x and 2.0.x. I will be teaching from the 1.3x branch, but many of the steps are the same for 2.0.x. I will also make notes for those of you who choose to use the 2.0.x branch.
# cd /usr/ports/www/apache13-modssl
# make install distclean
Apache now gets started on system boot from rc.conf so let's add the respective entry:
# echo 'apache_enable="YES"' >> /etc/rc.conf
# echo 'apache_flags="-DSSL"' >> /etc/rc.conf
Note: For Apache2 users: You only need to install the apache2 port, but then you have to manually create the directories for the SSL Certificate and Key.
# cd /usr/ports/www/apache2
# make install distclean
# echo 'apache2_enable="YES"' >> /etc/rc.conf
# echo 'apache2_flags="-DSSL"' >> /etc/rc.conf
# mkdir /usr/local/etc/apache2/ssl.key
# mkdir /usr/local/etc/apache2/ssl.crt
# chmod 0700 /usr/local/etc/apache2/ssl.key
# chmod 0700 /usr/local/etc/apache2/ssl.crt
Section B -- MySQL
# cd /usr/ports/databases/mysql40-server
# make install WITH_OPENSSL=yes distclean
Take a break while it downloads, compiles, and installs. It'll take about 45 minutes on a K6-2 350MHz.
Section C -- PHP
# cd /usr/ports/www/mod_php4
# make install distclean
# cd /usr/ports/lang/php4-extensions
# make install distclean
Now, when you get to the PHP configuration screen, you just need to check the OpenSSL box and leave the rest of the default values alone, unless you plan on installing other applications, such as the IMP Webmail, that require other PHP modules. Time to take another break.
PHP should be installed by now. At the end of the installation, you will need to edit Apache's configuration file to add two lines after all the "LoadModule" lines for PHP support.
# nano -w /usr/local/etc/apache/httpd.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Configuration
Section A -- Create Certificate
It is now time to create your own certificate using the openssl utility. Now, you need to understand that one server can hold multiple certificates, but only one per listening IP address. So, if your server is listening on one IP address, you can only have one certificate for the server. All of your virtual domains can share the same certificate, but clients will get warning prompts when they connect to a secure site where the certificate does not match the domain name. If your server is listening on multiple IP addresses, your virtual hosts have to be IP-based -- not name-based. This is something to consider when creating your certificate.
Change to any directory you would like to save your certficate in. I chose root's home directory. We will then copy the necessary files to the correct directory later. This way we have a back up in case something happens.
# cd ~
# openssl genrsa -des3 -out server.key 1024
You will be prompted to enter a password for this key. Remember it because we will need it later. Now we need to make a Certificate Signing Request (CSR) from the key we just generated.
# openssl req -new -key server.key -out server.csr
Enter your password you had used as this is where you get to enter all the fun information about the certificate, like your name and Fully Qualified Domain Name (FQDN). Make sure you enter your FQDN for the "Common Name" portion. For example, if the certificate is for
https://webmail.domain.tld/, then your CommonName should be webmail.domain.tld.
Alright, your certificate is ready to be signed. The following steps are to self-sign the certificate, but you could pay money and have it signed by Verisign or Thawte.
# openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt
Ok, your certificate is signed and valid for 365 days, which you could have changed if you wanted. We now need to copy the files to the appropriate directory for Apache to use them.
# cp ~/server.key /usr/local/etc/apache/ssl.key/
# cp ~/server.crt /usr/local/etc/apache/ssl.crt/
If you want to read more about SSL Certificates, you can read the FAQs at
http://httpd.apache.org/docs-2.0/ssl/ss ... aboutcerts.
** Apache2 users: The correct permissions must be set.
# chmod 0400 /usr/local/etc/apache2/ssl.key/server.key
# chmod 0400 /usr/local/etc/apache2/ssl.crt/server.crt
Section B -- Configure VirtualHosts
VirtualHosts are neat because they allow you to host many domains on the same server and the same IP address. For this example, we will make three VirtualHost entries -- one for http and two for https (SSL).
This section will be modifying /usr/local/etc/apache/httpd.conf so you can pull that up in your favorite editor now. The normal VirtualHosts can be placed at the beginning of the file for easy access and should be set up like this:
ServerName domain.tld
NameVirtualHost 192.168.0.2:80
<VirtualHost 192.168.0.2:80>
ServerName domain.tld
ServerAlias
http://www.domain.tld ServerAdmin
admin@domain.tld DocumentRoot /path/to/website/files
</VirtualHost>
Now at the bottom of httpd.conf, you should see a whole bunch of lines relating to SSL. Insert the following line just before the default VirtualHost for SSL like this:
NameVirtualHost 192.168.0.2:443
<VirtualHost _default_:443>
NameVirtualHost tells Apache that there are several virtual hosts under the same IP. So, at the bottom of httpd.conf you will want to put your VirtualHosts just before .
<VirtualHost 192.168.0.2:443>
ServerName domain.tld
ServerAlias
http://www.domain.tld ServerAdmin
admin@domain.tld DocumentRoot /path/to/website/files
SSLEngine on
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
</VirtualHost>
Now, if you had a server listening on another IP address, you could set up another certificate for that IP address to use. Then, your second VirtualHost could look like this:
<VirtualHost 192.168.0.3:443>
ServerName domain2.tld
ServerAlias
http://www.domain2.tld ServerAdmin
admin@domain2.tld DocumentRoot /path/to/website/files
SSLEngine on
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server2.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server2.key
</VirtualHost>
If you notice, SSLCertificateFile and SSLCertificateKeyFile are only paths to the certificate and key. Just remember that you would have to use IP-based VirtualHosts, like we did, and not name-based.
** Apache2 users: All of your SSL configuration is in a separate file at /usr/local/etc/apache2/ssl.conf so edit that for your SSL-aware VirtualHosts.
Section C -- Start Services
Your server is now ready to start MySQL and Apache with SSL.
# /usr/local/etc/rc.d/mysql-server.sh start
# /usr/local/sbin/apachectl startssl
When you start apache with ssl, you will be prompted to enter that password you were supposed to remember. The reason for entering it everytime apache starts is because the RSA private key is stored in encrypted format. You can remove the encryption to eliminate the password prompt if you would like, but it's not recommended for security reasons. If you removed the encryption and somebody was able to control your box, they could take your certificate and impersonate you. But, if you are annoyed by the password prompt and feel confident that your server is secure, these are the steps to remove the encryption:
# cd /usr/local/etc/apache/ssl.key
# cp server.key server.key.orig
# openssl rsa -in server.key.orig -out server.key
Point your favorite browser to
https://domain.tld and you should have a 128-bit secure connection. That's all there is to setting up a standard web server with SSL support. Happy hosting!
__________________________________________
Mounting an Windows formatted ipod in PCBSD: as root.
__________________________________________
Install an FTP server on FreeBSD:(Taken from:
http://www.qnd-guides.org/qnd-pureftpd.html)
As root:
<password>
Add "pureftpd_enable="YES" to /etc/rc.conf
Edit your pure-ftpd.conf file and change:
to read:
