Introduction to FreeBSD Topics Additional Topics

How FreeBSD boots ( detail) - devfs filesytem ccTLD Workshop Nairobi Recompiling the FreeBSD kernel - Accessing devices Kernel loadable modules - crontab and hardware support September, 2005 Nairobi, Kenya Firewalls

X Window vs. Gnome vs. KDE

cvs in detail

FreeBSD : UFS Hervey Allen Logs

Use of

Lots more commands

How FreeBSD Boots How FreeBSD Boots cont.

Initial boot items are in /boot (this resides Stage 3 or /boot/loader:

under “/”, or in it's own partition). ¡ Probes for consoles and disk boot0: ¡ Reads in this order: Copy of MBR is in /boot/boot0. MBR is at start of ¢ /boot/loader.rc

the boot disk and is 512 bytes in size. If you use ¢ lilo, grub, or other MBR then this is not relevant. /boot/defaults/loader.conf ¢ boot1/boot2 or Stage 1 and 2: /boot/loader.conf to override previous ¡ Kernel and modules are loaded after a 10 /boot/boot1 is 512 bytes in size and runs second wait for key press. Interactive prompt /boot/boot2. available. /boot/boot2 is more complex and runs / For more discussion and examples see: boot/loader. http://www.freebsd.org/doc/en_US.ISO8859- 1/books/handbook/boot-blocks.html How FreeBSD Boots cont. How FreeBSD Boots cont.

The process: The init process cont.:

¡ After the kernel boots it hands over control to ¡ Once file systems are mounted then the the user process /sbin/init. following starts: ¢ ¡ If filesystems look good then init begins reading Networking services the resource configuration of the system. These ¢ System daemons

files are read in this order: ¢ Locally installed package daemons ¢ /etc/defaults/rc.conf (/usr/local/etc/rc. scripts) ¢ /etc/rc.conf (overrides previous) Init process and shutdown: ¢ /etc/rc.conf.local (overrides previous) ¡ When shutdown is called then init runs the ¡ Mounts file systems in /etc/ scripts /etc/rc.shutdown.

The FreeBSD Kernel Recompiling the FreeBSD Kernel

You might rebuild a kernel to add hardware See FreeBSD Handbook section 8.3

support, additional filesystem support, etc. /usr/src/sys/ /conf Config file in arch Or, to remove extraneous drivers.

Kernel source, if installed, is in /usr/src/sys Example (old style):

GENERIC /root/kernel/MYNEWKERNEL “If there is not a /usr/src/sys directory on your system,

then the kernel source has not been installed. The -s /root/kernel/MYNEWKERNEL easiest way to do this is by running /stand/sysinstall as root, choosing Configure, then Distributions, then src, Edit MYNEWKERNEL file to set options then sys.” (FreeBSD Handbook 9.3) see /usr/src/sys/arch/conf/NOTES

To rebuild your kernel you use the default /usr/sbin/config MYNEWKERNEL

configuration file, update settings as cd ../compile/MYNEWKERNEL needed, then recompile the kernel, installing it in /boot. depend, make, make Recompiling the FreeBSD Kernel cont. Recompiling the FreeBSD Kernel cont.

Example (new style): The kernel config file has many options. For a After you've edited MYKERNEL for options more complete explanation of the various cd /usr/src options see (e.g. on a PC with CPU):

make buildkernel kernconf=MYNEWKERNEL ¡ /usr/src/sys//conf/NOTES make installkernel kernconf=MYNEWKERNEL And, for non-architecture specific notes see:

Kernel installed as /boot/kernel/kernel ¡ /usr/src/sys/conf/NOTES Old kernel is in /boot/kernel.old/kernel Or look at the FreeBSD Handbook section 8.4 If new kernel does not boot, go to boot for some more examples. loader prompt and type:

unload

boot /boot/kernel.old/kernel

Kernel and Hardware Support Kernel Loadable & Static Modules

FreeBSD is moving towards “modularizing” Static (in conf) – built-in during recompile hardware support. That is “drivers” (kernel vs.

loadable modules) are loaded at boot time Kernel loadable (kld) /boot/kernel modules. to support your systems' hardware. Autoloading using /etc/rc.conf directives Some hardware is still supported by statically and/or using /boot/loader.conf, loaded software directly in the kernel. overrides /boot/defaults/loader.conf

Some hardware use is optimized by setting Address security in FreeBSD vs. and kernel state using the facility. modules.

¢ Commands kldload, kldstat, kldunload Firewalls Installing a Binary File

Building an appropriate ruleset for This is much common, but you can precompile your situation requires thought: a program for a specific version of FreeBSD.

See FreeBSD Handbook section 10.8 to get started. Clearly this would be something that might be done

Enable IP FireWall support (IPFW) by adding one, or with commercial applications that have restrictive more options to kernel configuration file. licensing agreements.

ipfw was updated to “ipfw2” in July 2002. Normally installation is done using a shell that Starting and stopping in /etc/rc.conf and /etc/rc.firewall. copies compressed files to the appropriate

ipfw rules and firewall set are in /etc/rc.firewall. locations and updates configurations as needed.

You can dynamically control ipfw as well: Adobe's Acrobat Reader, Macromedia Flash plugin, ipfw flush, ipfw enable, ipfw disable, etc. are examples (/usr/local/bin/acroread). ipfw flush, etc.

Installing with CVS Install cvsup

CVS: Concurrent Versions System If you are using KDE or Gnome, then check: Somewhat detailed FreeBSD Handbook entry: pkg_info | cvs http://www.freebsd.org/doc/en_US.ISO8859- If CVS is installed you can skip this. Otherwise: 1/books/handbook/cvsup.html

¢ cd /usr/ports/net/cvsup-without-gui Typical use for CVS and FreeBSD (other than software projects) is to keep your or up-to-date. cd /usr/ports/net/cvsup ¢ To do this be sure you have installed the Ports collection at initial installation. make ¢ Now install cvsup-without-gui from source if make install necessary: make clean Install cvsup cont. Install and Use cvsup

Now copy the cvsup configuration file needed At this point you are ready to update your to tell CVS to upgrade your ports collection. A entire Ports collection with one simple sample is located in /usr/share/examples: command: cp /usr/share/examples/cvsup/ports-supfile /root/.

Edit this file to look like this (line 50): cvsup -g -L 2 /root/ports-supfile # IMPORTANT: Change the next line to use one of the CVSup mirror sites # listed at http://www.freebsd.org/doc/handbook/mirrors.html. *default host=cvsupNAME.FreeBSD.org *default base=/usr “-g” : don't use graphical interface. *default prefix=/usr -L 2 *default release=cvs tag=. “ ” : verbosity level. Level 2 is verbose. *default delete use-rel-suffix

CVS Summary X Windows – Gnome – KDE

CVS is a powerful and complex tool. For some The first thing to understand is that Gnome more hints and information see: and KDE use the X graphical subsystem. man cvsup Generally KDE programs run in Gnome and vice-versa. info cvs For a you do not need to run, or install, FreeBSD Handbook: any of these. http://www.freebsd.org/doc/en_US.ISO8859- 1/books/handbook/ports-using.html You can run one, both, or other window managers like fwvm, windowmaker, etc. X – Gnome – KDE cont. X – Gnome – KDE cont.

¢ Which is better? There's no ¢ You can install Gnome and/or KDE by choosing the correct answer to this. or “base” packages in under Packages

¢ using the /stand/sysinstall utility. To configure how X runs you specify this in the file /etc/X11/xorg.conf. ¢ Under FreeBSD 5.4 (July 2005) just install these to

¢ pull in the entire desktop installations: You general configure using the command: ¡ gnome2-2.10.0

Xorg -config ¡ kde-3.4.1 ¢ To exit X you can press ALT-CTRL-Backspace. ¢ Once installed you can generally just run either gdm ¢ You can, also, go directly to a terminal using alt- or kdm to start the Gnome or KDE Display Managers. ctrl-f1 through f8. alt-ctrl-f9 returns to X. ¢ kdm supports multiple desktop choices. ¢ For details on setting up your desktop environment read: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x11-wm.html

The FreeBSD FreeBSD UFS cont.

Taken from Wikipedia: UFS2 and make for a powerful UNIX file system (UFS) is a file system used by many unix combination: operating systems. It is derived from the Berkeley Fast File Data is clustered on cylinders to reduce fragmentation.

System (FFS), which itself was originally developed from FS level fragmentation to avoid wasting disk space in the first versions of UNIX developed at . when large block sizes are used. Nearly all BSD unix derivatives including FreeBSD, NetBSD, Extended attribute support. OpenBSD, NeXTStep, and Solaris use a variant of UFS. In Support for 1TB file systems.

Mac OS X it is available as an alternative to HFS. In Linux, Fast file system creation using “lazy” inode partial UFS support is available and the native linux initizializtion.

filesystem is derived from UFS. Soft updates to dramatically improve metadata operations.

UFS is journaled so no need for on large drives. FreeBSD UFS cont. Installing FreeBSD (5.2.1)

To learn more about UFS and Soft Updates: Sample install session... Boot from CD-ROM Click Exit twice to get to media dialogue - Configure Gnome Choose to install from CD/DVD UFS Definition from Wikipedia: Say "Yes" to last chance to set options - Get from CD/DVD Pick default FreeBSD install - set root password - add users - Add package bash - configure addtion network interfaces - install packages Choose Express install option - configure dc0 http://en.wikipedia.org/wiki/UFS - shells - no dhcp Delete any slices laying around - Add package (under security) - host = int/labnn - Set timezone Use "A" (entire disk) for FreeBSD slice - domain = workshop.th Little UFS2 FAQ: remove CD-ROM - ipv4 gw = 203.159.31.1 Q to finish disk partition reboot - nameserver = 203.159.0.1 http://lists.freebsd.org/pipermail/freebsd-current/2003- Install FreeBSD BootMgr - ipv4 address = 203.159.31. April/001444.html Create partitions like this: - netmask (calc) = 255.255.255.0 - / 1GB - configure your mouse, turn on Disk Tuning (Soft Udpates): - /var 1GB with SoftUpdate on mouse http://www.freebsd.org/doc/en_US.ISO8859- - swap 1GB 1/books/handbook/configtuning-disk.html#SOFT-UPDATES - /usr (rest of disk with Softupdates on) Q to finish partition creation Inode Definition from Wikipedia: Choose A, or All to install everything Choose to install Ports http://en.wikipedia.org/wiki/Inode

Installing FreeBSD cont. More Commands

ps ProceSs list. Show information for running processes First pick the type of install: ConCATenate a file to the default ouput (screen) - Standard less Display file pausing each & allowing movement - Express more Display file pausing each page, but no movement - Custom Display the end of a file (see “-f” option) During install you must partition and slice. Compress file(s) using Lempel-Ziv coding After install use Configure to: gunzip Decompress zip'ped files

¡ Install Distribtutions bunzip2 Uncompress files compressed with bzip2

¡ Packages Manipulate Tape ARchive files.

¡ Configure network, accounts, Timezone, grep Search text/files for patterns (many variations) mouse, etc. Even More Commands Basic Commands

apropos gcc * su

bg hexdump sysinstall Impress your friends...

history sysctl bzip2 nmap** ¢

chgrp* id ping swapinfo Open: vi fn, vi -r fn, vi + fn, vi +n fn, vi +/pat fn

* pkg_add ¢

Close: :, w!:, :wq, :wq!, :q, :q! clear info pkg_delete

chown* init* pkg_info touch ¢ Movement: h,j,k,l w, W, b, B, :n (+arrow keys)

“ctrl-u” printenv ¢

date ln ps Edit: A, i, o, x, D, , yy, p

unset exec ¢

Search: /pattern, ?pattern, n, N ** reset unzip

mkdir * users

du “|” pipe watch

export man script whereis

file mkisofs set which

*root only for changes **Not installed by default in FreeBSD

/etc/group Using the su Command

Format is: ¡ The “su” command is used to become a different userid, like root, without having to logout and log back in. wheel:*:0:root,hervey,test ¡ To use “su” to become root your userid has to be given

permission to do this in “/etc/sudoers”. Group name. 8 characters or less. ¡ Encrypted password. Rarely used. “*” as placeholder. Use “su -” to become root and execute login scripts.

Group Identifying number (GID). ¡

You can allow users to run specific privileged commands List of group members seperated by commas. sudo

using “/etc/sudoers” and “ ”. User's login shell. ¡ You can assign users to the “wheel” group and using “/etc/sudoers” you can allow them to run all commands (or some, but unusual).

¡ Use “visudo” as root to allow users or groups to use sudo. Users in the “wheel” group can run su. More Uses for the su Command Looking for More Information

Instead of having to open a root shell, you can Not only can you use commands to find information run a privileged command like this: about your system, but you can look inside several files, and you can use the sysctl facility as well. sudo command Example of files with useful information: For example: ¢ /etc/motd sudo mount /mnt/cdrom ¢ /etc/resolve.conf And, if you wish to open a different user shell ¢ /etc/services and run their login scripts do: ¢ /etc/X11/xorg.conf su – userid ¢ /etc/fstab

More information cont. Logs – How to Know What's Up

If you are used to “/proc” it's possible to compile ¢ To configure what happens to events that are support for this in to the kernel, but not normally used (“options LINPROCFS” in kernel conf file). logged by applications using syslog, edit the file /etc/syslog.conf (see “man syslog.conf”). You can look in /boot/kernel for modules available and use “kldstat” to see what's loaded (kernel ¢ Take a look at the file /var/log/messages. The loadable modules = “kld”). “tail” command is very useful for this.

Use “dmesg” to see what is reported during startup, ¢ including hardware and addresses. To troubleshoot start by typing: Use of sysctl, such as: sysctl -a, tail -f /var/log/messages sysctl -aN sysctl kern.maxproc and in another terminal start and stop the service And, see /etc/sysctl.conf you are trying to debug. Logs cont. Mounting Filesystems

There are many log files. For example, if you run a ¢ If you want to mount a filesystem not listed in webserver, like apache, all of the webserver logs /etc/fstab then you need to use the mount are likely to be in /var/log/httpd command. ¢ First, you need to know what entry in the /dev sendmail uses /var/log/maillog directory describes the device you wish to mount (a cd, floppy, another hard drive, etc.). There are multiple software packages to read and automatically generate reports based on logfiles. ¢ You, also, need to know what type of filesystem. See: ¢ For example, mounting a dos formatted floppy:

¡ http://nsrc.org/security/index.html#logging mount -t msdos /dev/fd0 /mnt/floppy or

mount_msdosfs /dev/fd0 /mnt/floppy for some examples of available packages. And, a USB flash pen drive:

mount -t msdos /dev/da0s1 /mnt/

devfs Accessing Devices

DEVice File System: ¢ If you want to manipulate how certain items can be accessed edit the file /etc/devfs.conf.

Basically a way to interact with new devices at the ¢ For items that are dynamically attached (USB kernel level in the global file system namespace. devices for example) use /etc/devfs.rules.

DEVFS allows the sytem to adapt to hardware ¢ man pages are not yet available. See them here: changes more cleanly. http://www.xs4all.nl/~rsmith/freebsd/devfs.conf.txt ¢ USB, firewire, etc. device mounts are cleaner. http://www.xs4all.nl/~rsmith/freebsd/devfs.rules.txt ¢ ¢ Included by default in FreeBSD 5.0 and above. To better understand read: man devfs ¢

No longer need to use makedev to create device man usbd.conf nodes for new hardware. ¢ And, for ide devices accessed via the cam subsystem:

man xpt

man User Hardware Access Example Crontab

To allow an end-user r/w access to a local cdr/dvd-r The “” service allows you to drive you can add the following to /etc/devfs.conf* automatically run programs when you want.

own xpt0 root:cdrom This is configured in /etc/crontab, and perm xpt0 0660 /var/cron/tabs/

own cd0 root:cdrom Use the command crontab in order to perm cd0 0660 link cd0 cdrom change the files that control how the cron link cd0 dvd daemon works.

own pass0 root:cdrom perm pass0 0660

*From http://www.xs4all.nl/~rsmith/freebsd/

Crontab cont.

In addition you can specify may and may not use cronjobs with /var/cron/allow and /var/cron/deny A cron file that shows how a service is going to run has the following : Minute Hour Day Month Weekday Command An example: 1 4 1 4 * /bin/mail [email protected] < /home/user/joke Send an email on the first of April.