Absolute BSD—The Ultimate Guide to FreeBSD Table of Contents Absolute BSD—The Ultimate Guide to FreeBSD 1 Dedication 3 Foreword 4 Introduction 5 What Is FreeBSD? 5 How Did FreeBSD Get Here? 5 The BSD License: BSD Goes Public 6 The Birth of Modern FreeBSD 6 FreeBSD Development 7 Committers 7 Contributors 8 Users 8 Other BSDs 8 NetBSD 8 OpenBSD 9 BSD/OS 9 Mac OS X 9 Other UNIXes 9 Solaris 9 AIX 10 Linux 10 IRIX, HPUX, etc 10 FreeBSD's Strengths 10 Portability 10 Power 10 Simplified Software Management 11 Optimized Upgrade Process 11 Filesystem 11 Who Should Use FreeBSD 11 FreeBSD as Your Desktop 11 Who Should Run Another BSD 12 Who Should Run a Proprietary Operating System 12 How to Read This Book 13 What Must You Know? 13 How to Think About UNIX 14 Channels of Communication 14 Working with Channels 14 The Command Line 14 Chapter 1: Installation 16 FreeBSD Hardware 16 Processor 16 Memory (RAM) 16 Hard Drives 16 Downloading FreeBSD 17 Installing by FTP 18 Other FTP Install Information 19 i Table of Contents Chapter 1: Installation Hardware Setup 19 Actually Installing FreeBSD 20 Configuring the Kernel for ISA Cards 21 Sysinstall: The Ugly FreeBSD Installer 21 Disk Usage 22 Partitioning 24 Root 25 Swap Space 25 Swap Splitting 26 /var, /usr, and /home 26 A Second Hard Drive 27 Soft Updates 28 Block Size 28 What to Install 28 Installation Media 29 Committing 30 Post−Install Setup 30 Root Password 30 Adding Users 31 Time Zone 32 Mouse 32 Configuring Network Cards 33 Xfree86 35 Software 35 Restart 36 A Note on Editors 37 Chapter 2: Getting More Help 38 Why Not Mail First? 38 The FreeBSD Attitude 38 Man Pages 39 The FreeBSD Manual 40 Man Page Headings 41 The FreeBSD Documentation 42 The Mailing List Archives 42 Other Web Sites 43 Using FreeBSD Problem−Solving Resources 43 Checking the Handbook/FAQ 43 Checking the Man Pages 43 Checking the Mailing List Archives 45 Using Your Answer 45 Mailing for Help 45 Chapter 3: Read This Before You Break Something Else! (Backup and Recovery) 48 Overview 48 System Backups 48 Tape Devices 49 How to Read Dmesg.boot 49 Controlling Your Tape Drive 50 ii Table of Contents Chapter 3: Read This Before You Break Something Else! (Backup and Recovery) Device Nodes 50 Using the TAPE Variable 50 The mt Command 51 Backup Programs 52 Tar 52 Dump/Restore 55 Restoring from an Archive 58 Checking the Contents of an Archive 58 Extracting Data from an Archive 58 Restoring Interactively 59 Recording What Happened 60 Revision Control 61 Getting Older Versions 63 Breaking Locks 64 Viewing Log Messages 64 Reviewing a File's Revision History 65 Ident and ident Strings 65 Going Further 66 Single−User Mode 66 The Fixit Disk 68 Chapter 4: Kernel Games 70 Overview 70 What Is the Kernel? 70 Configuring Your Kernel 71 Sysctl 71 Changing Sysctls 74 Setting Sysctls at Boot 74 Kernel Configuration with Loader.conf 75 Manually Configuring the Loader 77 Loading and Unloading Modules in Multi−User Mode 78 Viewing Loaded Modules 78 Loading and Unloading Modules 79 Customizing the Kernel 79 Preparation 79 Your Backup Kernel 80 Editing Kernel Files 80 Basic Options 83 Multiple Processors 86 Device Entries 86 Building Your Kernel 89 Troubleshooting Kernel Builds 90 Booting an Alternate Kernel 91 Adding to the Kernel 92 LINT 92 Fixing Errors with Options 93 Tweaking Kernel Performance 94 Sharing Kernels 96 iii Table of Contents Chapter 5: Networking 97 Overview 97 Network Layers 97 The Physical Layer 98 The Physical Protocol Layer 98 The Logical Protocol Layer 99 The Application Layer 100 The Network in Practice 100 Mbufs 101 What Is a Bit? 101 Ethernet 102 Broadcasting 103 Address Resolution 103 Hubs and Switches 103 Netmasks 104 Netmask Tricks 105 Hexadecimal Netmasks 105 Unusable IP Addresses 106 Routing 106 UDP and TCP 107 Network Ports 107 Connecting to an Ethernet Network 108 Multiple IP Addresses on One Interface 110 Using Netstat 111 Chapter 6: Upgrading FreeBSD 116 Overview 116 FreeBSD Versions 116 Release 116 FreeBSD−current 117 FreeBSD−stable 117 Snapshots 118 Security Updates 118 Which Release Should You Use? 119 Upgrade Methods 119 Upgrading via Sysinstall 119 Upgrading via CVSup 120 Simplifying the CVSup Upgrade Process 130 Building a Local CVSup Server 132 Controlling Access 134 Authentication 135 Combining Authentication and Access 137 Chapter 7: Securing Your System 138 Overview 138 Who Is the Enemy? 138 Script Kiddies 139 Disaffected Users 139 Skilled Attackers 139 FreeBSD Security Announcements 139 iv Table of Contents Chapter 7: Securing Your System Subscribing 140 What You'll Get 140 Installation Security Profiles 141 Moderate 141 Extreme 141 Root, Groups, and Permissions 141 The root Password 142 Groups of Users 142 Primary Group 143 Some Interesting Default Groups 143 Group Permissions 144 Changing Permissions 145 Changing File Ownership 146 Assigning Permissions 147 File Flags 148 Viewing a File's Flags 149 Setting Flags 149 Securelevels 150 Setting Securelevels 150 Which Securelevel Do You Need? 152 What Won't Securelevel and File Flags Do? 152 Living with Securelevels 153 Programs That Can Be Hacked 153 Putting It All Together 156 Chapter 8: Advanced Security Features 157 Traffic Control 157 Default Accept vs. Default Deny 157 TCP Wrappers 158 Configuring Wrappers 158 Daemon Name 158 The Client List 159 Putting It All Together 165 Packet Filtering 166 IPFilter 166 IPFW 167 Default Accept and Default Deny in Packet Filtering 167 Basic Concepts of Packet Filtering 167 Implementing IPFilter 168 Configuring Your Server to Use Jail 176 Configuring Your Kernel to Use Jail 177 Client Setup 178 Final Jail Setup 181 Starting the Jail 182 Managing Jails 182 Shutting Down a Jail 183 Monitoring System Security 183 If You're Hacked 184 v Table of Contents Chapter 9: Too Much Information About /etc 185 Overview 185 Varieties of /etc Files 185 Default Files 185 /etc/defaults/rc.conf 186 /etc/adduser.conf 186 /etc/crontab 188 /etc/csh.* 191 /etc/dhclient.conf 191 /etc/fstab 192 /etc/ftp.* 192 /etc/hosts.allow 193 /etc/hosts.equiv 193 /etc/hosts.lpd 193 /etc/inetd.conf 194 /etc/locate.rc 194 /etc/login.access 194 /etc/login.conf 197 Specifying Default Environment Settings 199 /etc/mail/mailer.conf 202 /etc/make.conf and /etc/defaults/make.conf 202 /etc/master.passwd 207 /etc/motd 208 /etc/mtree/* 208 /etc/namedb/* 208 /etc/newsyslog.conf 208 /etc/passwd 209 /etc/periodic.conf and /etc/defaults/periodic.conf 209 /etc/printcap 210 Working with Printcap Entries 210 /etc/profile 212 /etc/protocols 213 /etc/pwd.db 213 /etc/rc 214 /etc/rc.conf and /etc/defaults/rc.conf 215 /etc/resolv.conf 221 /etc/security 221 /etc/services 222 /etc/shells 222 /etc/spwd.db 222 /etc/ssh 222 /etc/sysctl.conf 222 /etc/syslog.conf 222 Chapter 10: Making Your System Useful 223 Overview 223 Making Software 223 The Pain and Pleasure of Source Code 224 Debugging 225 The Ports and Packages System 225 vi Table of Contents Chapter 10: Making Your System Useful Ports 225 Finding Software 227 Legal Restrictions 229 Using Packages 229 Installing from CD−ROM 230 Installing via FTP 231 What Does a Package Install? 232 Uninstalling Packages 234 Package Information 234 Controlling Pkg_add 235 Package Problems 236 Forcing an Install 237 Using Ports 238 Installing a Port 239 Using Make Install 239 Built−In Port Features 240 Uninstalling and Reinstalling 243 Cleaning Up with Make Clean 244 Building Packages 244 Changing the Install Path 245 Setting Make Options Permanently 245 Upgrading Ports and Packages 245 Upgrading the Ports Collection 246 Ports Collection Upgrade Issues 247 Checking Software Versions 247 Hints for Upgrading 248 Chapter 11: Advanced Software Management 250 Overview 250 Startup and Shutdown Scripts 250 Typical Startup Script 251 Using Scripts to Manage Running Programs 252 Managing Shared Libraries 252 Ldconfig 253 Running Software from the Wrong OS 256 Recompilation 256 Emulation 257 ABI Implementation 257 Foreign Software Libraries 259 Installing and Enabling Linux Mode 259 Identifying Programs 260 What Is Linux_base? 261 Adding to Linux_base 261 Configuring Linux Shared Libraries 262 Installing Extra Linux Packages as RPMs 263 Using Multiple Processors—SMP 263 What Is SMP? 263 Kernel Assumptions 264 FreeBSD 3.0 SMP 265 vii Table of Contents Chapter 11: Advanced Software Management FreeBSD 5 SMP 265 Using SMP 266 SMP and Upgrades 266 Chapter 12: Finding Hosts With DNS 268 How DNS Works 268 Basic DNS Tools 269 The Host Command 269 Getting Detailed Information with Dig 269 Looking Up Hostnames with Dig 271 More Dig Options 272 Configuring a DNS Client: The Resolver 273 Domain or Search Keywords 274 The Nameserver List 275 DNS Information Sources 275 The Hosts File 275 The Named Daemon 276 Zone Files 282 A Real Sample Zone 286 named.conf 286 /var/named/master/absolutebsd.com 286 Making Changes Work 288 Starting Named at Boottime 289 Checking DNS 289 Named Configuration Errors 290 Named Security 290 Controlling Information Order 291 More About BIND 292 Chapter 13: Managing Small Network Services 293 Bandwidth Control 293 Configuring IPFW 294 Reviewing IPFW Rules 297 Dummynet Queues 297 Directional Traffic Shaping 298 Public−Key Encryption 298 Certificates 299 Create a Request 299 Being Your Own CA 302 SSH 303 Testing SSH 304 Enabling SSH 304 Basics of SSH 304 Creating Keys 304 Confirming SSH Identity 305 SSH Clients 305 Connecting via SSH 306 Configuring SSH 306 System Time 309 viii Table of Contents Chapter 13: Managing Small Network Services Setting the Time Zone 309 Network Time Protocol 309 Ntpdate 310 Ntpd 310 Inetd 311 /etc/inetd.conf 311 Configuring Programs in Inetd 312 Inetd Security 313 Starting Inetd 313 Changing Inetd's Behavior 314 Chapter 14: Email Services 315 Email Overview 315 Where FreeBSD Fits In 315 The Email Protocol 315 Email Programs 318 Who Needs Sendmail? 319 Replacing Sendmail 319 Installing Postfix 319 Pieces of Postfix 319 Configuring Postfix 320 Email Aliases 323 Email Logging 324 Virtual Domains 325 Postfix Commands 326 Finding the Correct Mail Host 326 Undeliverable Mail 326 POP3 327 Installing POP3 327 Testing POP3 327 POP3 Logging 328 POP3 Modes 328 Qpopper Preconfiguration Questions 329 Default Qpopper Configuration 329 APOP Setup 332 Configuring Pop3ssl 333 Qpopper Security 334 Chapter 15: Web and FTP Services 335 Overview 335 How a Web Server Works 335 The Apache Web Server 336 Apache Configuration Files 336 Configuring Apache 337 Controlling Apache 352 Virtual Hosting 355 Name−Based Virtual Hosts 356 IP−Based Virtual Hosts 357 Tweaking Virtual Hosts 357 ix [...]... piece they deem necessary To plug yourself in to the beehive of FreeBSD development, consider subscribing to the mailing list FreeBSD hackers @FreeBSD. org, which contains most of the technical discussion Some of the technical talk is broken out into more specific mailing lists—for example, the networking development is discussed on FreeBSD net @FreeBSD. org There are also a few IRC channels where the FreeBSD. .. might think, for the most part these FreeBSD developers work well together as members of the FreeBSD team And, unlike some other projects, all FreeBSD development happens openly Two groups of people develop FreeBSD: contributors and committers Committers Today, FreeBSD has almost 300 developers, or committers Committers have read− and−write access to the FreeBSD master source−code repository and can develop,... Hubbard Co−Founder, The FreeBSD Project 4 Introduction Welcome to Absolute BSD! This book is a one−stop shop for new UNIX administrators who want to build, configure, and manage dedicated FreeBSD servers It will also be useful for those folks who want to run FreeBSD on their desktop or combined desktop/server systems By the time you finish this book, you should be able to use FreeBSD to provide network... BSD4 .4−Lite2, is the grandfather of the current FreeBSD source, as well as the ancestor of many other operating systems, such as NetBSD, OpenBSD, and Mac OS X Today FreeBSD is used throughout the Internet by some of the most vital and visible Internet−oriented companies For example, at this writing, Yahoo! is run almost entirely on FreeBSD The "baby Bell" US West uses FreeBSD to power its Internet operations... uses FreeBSD compared to the number of servers [2] And some day I might forgive Will, Wilko, and Bruce for that But I'll never let them live it down Other BSDs FreeBSD is the most popular BSD, but it's not the only one BSD 4.4−Lite spawned several different projects, each with its own focus and purpose NetBSD NetBSD is similar to FreeBSD in many ways, and the teams share developers and code NetBSD's... installation requires both the software (FreeBSD) and supported hardware You can get FreeBSD easily enough by visiting http://www .FreeBSD. org/ and clicking the link that says "Getting FreeBSD, " or by ordering it from any of several vendors, such as FreeBSD Mall (http://www.freebsdmall.com/) or Daemon News (http://www.daemonnews.org/).[1] Hardware is another issue entirely FreeBSD Hardware FreeBSD runs on several... visit the BIOS publisher's site online While you're in the system BIOS, set the "Plug and Play OS" option to "no." This tells the BIOS to do some basic hardware setup, rather than relying on the operating system to do everything Modern versions of Microsoft Windows expect the hardware to do as it is told, and hence expect full access to the hardware FreeBSD, on the other hand, expects a system to perform... Should Run Another BSD NetBSD is FreeBSD' s closest competitor However, unlike competitors in the commercial world, this competition is mostly friendly NetBSD and FreeBSD share code and developers freely; some people even maintain the same subsystem in both operating systems For example, NetBSD and FreeBSD share their USB support In fact, as I write this, work is actively underway to integrate the FTP server... licensed to be freely reusable, just like the original BSD 4.4−Lite code it's based on 8 OpenBSD OpenBSD branched off from NetBSD in 1996 with the goal of becoming the most secure BSD OpenBSD was the first to support hardware−accelerated cryptography (allowing it to encrypt and decrypt information at a remarkable rate), and the developers are rather proud of the fact that their default install hasn't been... higher numbers Try a site down around http://ftp5 .freebsd. org/,[2] or some high−numbered server under your country code, and see if you can get a nice fast connection Many FreeBSD mirrors also mirror other software, and they store all the FreeBSD content under /pub /FreeBSD Let's take a look there: .message notar CERT CTM CVSup FreeBSD current FreeBSD stable README.TXT branches development dir.sizes . Absolute BSD The Ultimate Guide to FreeBSD Table of Contents Absolute BSD The Ultimate Guide to FreeBSD 1 Dedication 3 Foreword 4 Introduction 5 What Is FreeBSD? 5 How Did FreeBSD Get. Here? 5 The BSD License: BSD Goes Public 6 The Birth of Modern FreeBSD 6 FreeBSD Development 7 Committers 7 Contributors 8 Users 8 Other BSDs 8 NetBSD 8 OpenBSD 9 BSD/ OS 9 Mac OS X 9 Other UNIXes. Note on Editors 37 Chapter 2: Getting More Help 38 Why Not Mail First? 38 The FreeBSD Attitude 38 Man Pages 39 The FreeBSD Manual 40 Man Page Headings 41 The FreeBSD Documentation 42 The Mailing