Requerimientos:
FreeBSD instalado
Apache instalado
Instalando
# whereis php5
php5: /usr/ports/lang/php5
# cd /usr/ports/lang/php5
# make config
Activar la opcion
[X] APACHE Build Apache module
[ OK ]
# make install clean
Configurando
# edit /usr/local/www/apache22/data/test.php
<?php
phpinfo();
?>
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
# edit /usr/local/etc/apache22/httpd.conf
Desactivo las siguientes lineas:
#<IfModule dir_module>
#DirectoryIndex index.html
#</IfModule>
Agregamos las nuevas:
# Lineas agregadas para PHP inicio
<IfModule mod_php5.c>
DirectoryIndex default.php index.html index.php login.php
</IfModule>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
# Lineas agregadas para PHP fin
# /usr/local/etc/rc.d/apache22 restart
http://serverip/test.php
martes, diciembre 07, 2010
FreeBSD + Apache
Requerimientos:
FreeBSD instalado
Instalando
# whereis apache22
apache22: /usr/ports/www/apache22
# cd /usr/ports/www/apache22
# make config
# make install clean
Configurando
# edit /usr/local/etc/apache22/httpd.conf
Verificar una configuracion en httpd.conf
# /usr/local/etc/rc.d/apache22 configtest
Hacer que Apache se inicie con el sistema
# echo 'apache22_enable="YES"' >> /etc/rc.conf
Iniciar apache
# /usr/local/etc/rc.d/apache22 start
Aplicando los cambios luego de modificar algo en httpd.conf
# apachectl graceful
FreeBSD instalado
Instalando
# whereis apache22
apache22: /usr/ports/www/apache22
# cd /usr/ports/www/apache22
# make config
# make install clean
Configurando
# edit /usr/local/etc/apache22/httpd.conf
Verificar una configuracion en httpd.conf
# /usr/local/etc/rc.d/apache22 configtest
Hacer que Apache se inicie con el sistema
# echo 'apache22_enable="YES"' >> /etc/rc.conf
Iniciar apache
# /usr/local/etc/rc.d/apache22 start
Aplicando los cambios luego de modificar algo en httpd.conf
# apachectl graceful
sábado, octubre 23, 2010
FreeBSD Updating and Upgrading
FreeBSD Updating and Upgrading
Requerimientos:
FreeBSD instalado
Conexion a Internet
Ahora vamos sincronizar y/o actualizar las fuentes de FreeBSD (Kernel + World) con csup
Chapter 24 Updating and Upgrading FreeBSD
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading.html
---------------------------------------
24.4.3 Updating the Documentation Sources
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /usr/share/examples/cvsup/doc-supfile
---------------------------------------
24.6 Synchronizing Your Source
A.6 Using CVSup
Note: The csup utility is a rewrite of the CVSup...
...if you are using FreeBSD 6.2 or later, you can use it out-of-the-box, since it is included in the base system.
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /usr/share/examples/cvsup/standard-supfile <-(VIEW THE TIP)
---
TIP :
# cp /usr/share/examples/cvsup/standard-supfile /root
# edit /root/standard-supfile
Change the lines
*default host=CHANGE_THIS.FreeBSD.org
*default release=cvs tag=RELENG_7_1
for
*default host=cvsup15.us.FreeBSD.org
*default release=cvs tag=RELENG_8_1
Exit from editor and save changes (en edit, con "Esc" main menu, "a" leave editor, "a" save changes)
Note :
for FreeBSD 8.1 RELEASE use tag=RELENG_8_1, for FreeBSD 8.2 use tag=RELENG_8_2
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html#CVSUP-MIRRORS
# csup -g -L 2 /root/standard-supfile
---
---------------------------------------
24.7 Rebuilding “world”
These concerns have led to the following recommended sequence. Note that the detailed sequence for particular updates may require additional steps, but this core process should remain unchanged for some time:
# cd /usr/src (hay que estar dentro de este directorio para el siguiente comando)
1. make buildworld
This first compiles the new compiler and a few related tools, then uses the new compiler to compile the rest of the new world. The result ends up in /usr/obj.
2. make buildkernel <-(VIEW THE TIP)
Unlike the older approach, using config(8) and make(1), this uses the new compiler residing in /usr/obj. This protects you against compiler-kernel mismatches.
3. make installkernel <-(VIEW THE TIP)
Place the new kernel and kernel modules onto the disk, making it possible to boot with the newly updated kernel.
---
TIP: Storing your kernel configuration file directly under /usr/src can be a bad idea. If you are experiencing problems it can be tempting to just delete /usr/src and start again. After doing this, it usually only takes a few seconds for you to realize that you have deleted your custom kernel configuration file. Also, do not edit GENERIC directly, as it may get overwritten the next time you update your source tree, and your kernel modifications will be lost.
You might want to keep your kernel configuration file elsewhere, and then create a symbolic link to the file in the i386 directory.
For example:
# cd /usr/src/sys/i386/conf
# mkdir /root/kernels
# cp GENERIC /root/kernels/MYKERNEL
# ln -s /root/kernels/MYKERNEL
8.6 The Configuration File
Now, edit MYKERNEL with your favorite text editor.
# edit MYKERNEL
Change the line:
ident GENERIC
for
ident MYKERNEL
Save an exit for editor (en edit, con "Esc" se abre el menu, "a" salir del editor, "a" guardar cambios)
8.5 Building and Installing a Custom Kernel
Building a Kernel
1. Change to the /usr/src directory:
# cd /usr/src
2. Compile the kernel:
# make buildkernel KERNCONF=MYKERNEL
3. Install the new kernel:
# make installkernel KERNCONF=MYKERNEL
---
4. Reboot into single user mode <-(VIEW THE TIP)
Single user mode minimizes problems from updating software that's already running. It also minimizes any problems from running the old world on a new kernel.
---
TIP:
24.7.5 Drop to Single User Mode
As the superuser, you can execute:
# shutdown now
from a running system, which will drop it to single user mode.
Alternatively, reboot the system, and at the boot prompt, select the “single user” option. The system will then boot single user. At the shell prompt you should then run:
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
---
5. mergemaster -p <-(VIEW THE NOTE)
This does some initial configuration file updates in preparation for the new world. For instance it may add new user groups to the system, or new user names to the password database. This is often necessary when new groups or special system-user accounts have been added since the last update, so that the installworld step will be able to use the newly installed system user or system group names without problems.
---
NOTE:
http://www.understudy.net/makeworld.html#mergemaster1
*** The directory specified for the temporary root environment,
/var/tmp/temproot, exists. This can be a security risk if untrusted users have access to the system.
Use 'd' to delete the old /var/tmp/temproot and continue
Use 't' to select a new temporary root directory
Use 'e' to exit mergemaster
Default is to use /var/tmp/temproot as is
How should I deal with this? [Use the existing /var/tmp/temproot]
Press Enter ( which means use /var/tmp/temproot ) and you should be good to go. This will keep the temporary root environment in /var/tmp/temproot. It will now start to compare a large number of files. And show you the differences between them.
Now it is going to start going through your /etc/ directory and /dev/MAKEDEV file .This is the beginning of the hellish part of Make World. Some notes on what you will see here. Mergemaster brings up the current file on the hard drive and the new version.If they are the same it smiles and moves on. If they are different it will point out the differences. It brings up what is different between the files and shows you just the things that are different in the file. It may not need to bring up everything in the file. The symbols used in Mergemaster:
--- 3 minus symbols in a row usually pertaining to the date of the file installation. I have only seen them at the top of a file that is to be changed. It means the line next to them really has to be removed.
+++ 3 plus symbols in a row usually pertaining to the date of the file installation. I have only seen them at the top of a file that is to be changed. It means the line next to them really has to be added (replace the existing line).
@@ means the line numbers that will be affected by the change. @@ -1,5 +1,24 @@ means line 1 and the next 4 lines will become line 1 and the next 24 lines. Look at the next symbols to understand.
+ means the line that will be added.
- means the line that will be replaced/ removed
. The mergemaster then brings up this dialogue.
Use 'd' to delete the temporary .name of file
Use 'i' to install the temporary .name of file
Use 'm' to merge the temporary and installed versions or parts of them.
Use 'v' to view the diff results again
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later]
'd' will remove any new lines for the file leaving it the way it was. No changes.
'i' will install all of the new lines and remove all of the old lines.
'm' will place both old and /or new lines in the file.
'v' lets you look at it again.
Use 'i' if you want to upgrade. Use 'd' if you don't. Use 'm' if you want to screw with things. And do it without the quotes.
Okay important notes here. If you have custom files in the /etc/ directory And you just click through this without checking. I can assure you they will be gone when your trip to Make World is done. and you will not have had a good time on the rides.You did remember to backup didn't you?
So how do I know what to upgrade and what to not upgrade? And what to merge?
My rules of thumb on this is:
The 'd' is for files that I have customized. Files I don't want changes in. Files like ppp.conf.
---
*** Comparison complete
Do you wish to delete what is left of /var/tmp/temproot? [no] (dar enter)
# cd /usr/src (hay que estar dentro de este directorio para el siguiente comando)
6. make installworld
Copies the world from /usr/obj. You now have a new kernel and new world on disk.
7. mergemaster
Now you can update the remaining configuration files, since you have a new world on disk.
---
Default is to use /var/tmp/temproot as is
How should I deal with this? [Use the existing /var/tmp/temproot] (dar enter)
The presence of stale files in this directory can cause the
dreaded unpredictable results, and therefore it is highly
recommended that you delete them.
*** Delete them now? [n] yes (poner 'yes' y dar enter)
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later] ( si es un archivo que hemos modificado como ppp.conf doy 'd', pero si me sirve el nuevo poner 'i' y dar enter)
Do you wish to delete what is left of /var/tmp/temproot? [no] yes (poner yes y dar enter)
---
8. reboot
A full machine reboot is needed now to load the new kernel and new world with new configuration files.
---------------------------------------
Para verificar que version de kernel tenemos, usamos el comando:
# uname -a
FreeBSD pruebas.alpha.telemedellin.tv 8.1-RELEASE-p1 FreeBSD 8.1-RELEASE-p1 #0: Thu Oct 21 07:44:33 COT 2010 angel@pruebas.alpha.telemedellin.tv:/usr/obj/usr/src/sys/MYKERNEL i386
Si hemos actualizado la version de FreeBSD modificando el RELENG_X_Y puede que tengamos que recompilar e instalar todos los ports que tengamos actualmente instalados, para hacer esto ejecutamos
# portupgrade -af
Si quisieramos desistalar todos los ports que tengamos en un solo comando, puedemos ejecutar
# cd /var/db/pkg
# pkg_delete *
---------------------------------------
Si algo sale mal y el nuevo kernel no funciona bien, puedo regresar al anterior
Al iniciar el equipo nos muestra el listado de opciones de inicio de FreeBSD
6. Escape to loader prompt
Type '?' for a list of commands, 'help' for more detailed help.
OK
(escribimos)
unload kernel (enter)
(escribimos)
boot /boot/kernel.old/kernel (enter)
Luego podemos renombrar el kernel problematico y renombrar el kernel anterior que funciona (kernel.old)
# mv /boot/kernel /boot/kernel.bad
# mv /boot/kernel.old /boot/kernel
---------------------------------------
Ahora vamos a actualizar el arbol de ports
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /usr/share/examples/cvsup/ports-supfile <-(VIEW THE TIP)
---
TIP :
# cp /usr/share/examples/cvsup/ports-supfile /root
# edit /root/ ports-supfile
Change the lines
*default host=CHANGE_THIS.FreeBSD.org
for
*default host=cvsup15.us.FreeBSD.org
Exit from editor and save changes (en edit, con "Esc" main menu, "a" leave editor, "a" save changes)
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /root/ports-supfile
Note :
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html#CVSUP-MIRRORS
---
---------------------------------------
Ejemplo de como se usan los ports, aqui instalaremos portupgrade, es una utilidad para mantener actualizados los ports que se instalen luego y hasta portupgrade mismo.
Instalar nuestro primer port, portupgrade:
# whereis portupgrade
portupgrade: /usr/ports/ports-mgmt/portupgrade
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean
Options for portupgrade 2.4.6_4,2
[X] BDB4 Use Berkeley DB >=2 as backend
[ OK ]
Suele pasar que luego de instalar algun port, al ejecutar el comando, nos muestre
Command not found.
Hay dos formas de hacer que permita usar el port:
Ejecutar el comando
# rehash
Tambien podemos simplemente salir de la sesion (exit), iniciar de nuevo sesion y ejecutar el comando de nuevo
Comandos basicos de portupgrade:
# pkg_version -v <- Imprime como estan las versiones
# portupgrade -a <- Actualiza los ports instalados
# portsclean -DD <- Limpia los ports viejos guardados en /usr/ports/distfiles
Requerimientos:
FreeBSD instalado
Conexion a Internet
Ahora vamos sincronizar y/o actualizar las fuentes de FreeBSD (Kernel + World) con csup
Chapter 24 Updating and Upgrading FreeBSD
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading.html
---------------------------------------
24.4.3 Updating the Documentation Sources
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /usr/share/examples/cvsup/doc-supfile
---------------------------------------
24.6 Synchronizing Your Source
A.6 Using CVSup
Note: The csup utility is a rewrite of the CVSup...
...if you are using FreeBSD 6.2 or later, you can use it out-of-the-box, since it is included in the base system.
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /usr/share/examples/cvsup/standard-supfile <-(VIEW THE TIP)
---
TIP :
# cp /usr/share/examples/cvsup/standard-supfile /root
# edit /root/standard-supfile
Change the lines
*default host=CHANGE_THIS.FreeBSD.org
*default release=cvs tag=RELENG_7_1
for
*default host=cvsup15.us.FreeBSD.org
*default release=cvs tag=RELENG_8_1
Exit from editor and save changes (en edit, con "Esc" main menu, "a" leave editor, "a" save changes)
Note :
for FreeBSD 8.1 RELEASE use tag=RELENG_8_1, for FreeBSD 8.2 use tag=RELENG_8_2
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html#CVSUP-MIRRORS
# csup -g -L 2 /root/standard-supfile
---
---------------------------------------
24.7 Rebuilding “world”
These concerns have led to the following recommended sequence. Note that the detailed sequence for particular updates may require additional steps, but this core process should remain unchanged for some time:
# cd /usr/src (hay que estar dentro de este directorio para el siguiente comando)
1. make buildworld
This first compiles the new compiler and a few related tools, then uses the new compiler to compile the rest of the new world. The result ends up in /usr/obj.
2. make buildkernel <-(VIEW THE TIP)
Unlike the older approach, using config(8) and make(1), this uses the new compiler residing in /usr/obj. This protects you against compiler-kernel mismatches.
3. make installkernel <-(VIEW THE TIP)
Place the new kernel and kernel modules onto the disk, making it possible to boot with the newly updated kernel.
---
TIP: Storing your kernel configuration file directly under /usr/src can be a bad idea. If you are experiencing problems it can be tempting to just delete /usr/src and start again. After doing this, it usually only takes a few seconds for you to realize that you have deleted your custom kernel configuration file. Also, do not edit GENERIC directly, as it may get overwritten the next time you update your source tree, and your kernel modifications will be lost.
You might want to keep your kernel configuration file elsewhere, and then create a symbolic link to the file in the i386 directory.
For example:
# cd /usr/src/sys/i386/conf
# mkdir /root/kernels
# cp GENERIC /root/kernels/MYKERNEL
# ln -s /root/kernels/MYKERNEL
8.6 The Configuration File
Now, edit MYKERNEL with your favorite text editor.
# edit MYKERNEL
Change the line:
ident GENERIC
for
ident MYKERNEL
Save an exit for editor (en edit, con "Esc" se abre el menu, "a" salir del editor, "a" guardar cambios)
8.5 Building and Installing a Custom Kernel
Building a Kernel
1. Change to the /usr/src directory:
# cd /usr/src
2. Compile the kernel:
# make buildkernel KERNCONF=MYKERNEL
3. Install the new kernel:
# make installkernel KERNCONF=MYKERNEL
---
4. Reboot into single user mode <-(VIEW THE TIP)
Single user mode minimizes problems from updating software that's already running. It also minimizes any problems from running the old world on a new kernel.
---
TIP:
24.7.5 Drop to Single User Mode
As the superuser, you can execute:
# shutdown now
from a running system, which will drop it to single user mode.
Alternatively, reboot the system, and at the boot prompt, select the “single user” option. The system will then boot single user. At the shell prompt you should then run:
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
---
5. mergemaster -p <-(VIEW THE NOTE)
This does some initial configuration file updates in preparation for the new world. For instance it may add new user groups to the system, or new user names to the password database. This is often necessary when new groups or special system-user accounts have been added since the last update, so that the installworld step will be able to use the newly installed system user or system group names without problems.
---
NOTE:
http://www.understudy.net/makeworld.html#mergemaster1
*** The directory specified for the temporary root environment,
/var/tmp/temproot, exists. This can be a security risk if untrusted users have access to the system.
Use 'd' to delete the old /var/tmp/temproot and continue
Use 't' to select a new temporary root directory
Use 'e' to exit mergemaster
Default is to use /var/tmp/temproot as is
How should I deal with this? [Use the existing /var/tmp/temproot]
Press Enter ( which means use /var/tmp/temproot ) and you should be good to go. This will keep the temporary root environment in /var/tmp/temproot. It will now start to compare a large number of files. And show you the differences between them.
Now it is going to start going through your /etc/ directory and /dev/MAKEDEV file .This is the beginning of the hellish part of Make World. Some notes on what you will see here. Mergemaster brings up the current file on the hard drive and the new version.If they are the same it smiles and moves on. If they are different it will point out the differences. It brings up what is different between the files and shows you just the things that are different in the file. It may not need to bring up everything in the file. The symbols used in Mergemaster:
--- 3 minus symbols in a row usually pertaining to the date of the file installation. I have only seen them at the top of a file that is to be changed. It means the line next to them really has to be removed.
+++ 3 plus symbols in a row usually pertaining to the date of the file installation. I have only seen them at the top of a file that is to be changed. It means the line next to them really has to be added (replace the existing line).
@@ means the line numbers that will be affected by the change. @@ -1,5 +1,24 @@ means line 1 and the next 4 lines will become line 1 and the next 24 lines. Look at the next symbols to understand.
+ means the line that will be added.
- means the line that will be replaced/ removed
. The mergemaster then brings up this dialogue.
Use 'd' to delete the temporary .name of file
Use 'i' to install the temporary .name of file
Use 'm' to merge the temporary and installed versions or parts of them.
Use 'v' to view the diff results again
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later]
'd' will remove any new lines for the file leaving it the way it was. No changes.
'i' will install all of the new lines and remove all of the old lines.
'm' will place both old and /or new lines in the file.
'v' lets you look at it again.
Use 'i' if you want to upgrade. Use 'd' if you don't. Use 'm' if you want to screw with things. And do it without the quotes.
Okay important notes here. If you have custom files in the /etc/ directory And you just click through this without checking. I can assure you they will be gone when your trip to Make World is done. and you will not have had a good time on the rides.You did remember to backup didn't you?
So how do I know what to upgrade and what to not upgrade? And what to merge?
My rules of thumb on this is:
The 'd' is for files that I have customized. Files I don't want changes in. Files like ppp.conf.
---
*** Comparison complete
Do you wish to delete what is left of /var/tmp/temproot? [no] (dar enter)
# cd /usr/src (hay que estar dentro de este directorio para el siguiente comando)
6. make installworld
Copies the world from /usr/obj. You now have a new kernel and new world on disk.
7. mergemaster
Now you can update the remaining configuration files, since you have a new world on disk.
---
Default is to use /var/tmp/temproot as is
How should I deal with this? [Use the existing /var/tmp/temproot] (dar enter)
The presence of stale files in this directory can cause the
dreaded unpredictable results, and therefore it is highly
recommended that you delete them.
*** Delete them now? [n] yes (poner 'yes' y dar enter)
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later] ( si es un archivo que hemos modificado como ppp.conf doy 'd', pero si me sirve el nuevo poner 'i' y dar enter)
Do you wish to delete what is left of /var/tmp/temproot? [no] yes (poner yes y dar enter)
---
8. reboot
A full machine reboot is needed now to load the new kernel and new world with new configuration files.
---------------------------------------
Para verificar que version de kernel tenemos, usamos el comando:
# uname -a
FreeBSD pruebas.alpha.telemedellin.tv 8.1-RELEASE-p1 FreeBSD 8.1-RELEASE-p1 #0: Thu Oct 21 07:44:33 COT 2010 angel@pruebas.alpha.telemedellin.tv:/usr/obj/usr/src/sys/MYKERNEL i386
Si hemos actualizado la version de FreeBSD modificando el RELENG_X_Y puede que tengamos que recompilar e instalar todos los ports que tengamos actualmente instalados, para hacer esto ejecutamos
# portupgrade -af
Si quisieramos desistalar todos los ports que tengamos en un solo comando, puedemos ejecutar
# cd /var/db/pkg
# pkg_delete *
---------------------------------------
Si algo sale mal y el nuevo kernel no funciona bien, puedo regresar al anterior
Al iniciar el equipo nos muestra el listado de opciones de inicio de FreeBSD
6. Escape to loader prompt
Type '?' for a list of commands, 'help' for more detailed help.
OK
(escribimos)
unload kernel (enter)
(escribimos)
boot /boot/kernel.old/kernel (enter)
Luego podemos renombrar el kernel problematico y renombrar el kernel anterior que funciona (kernel.old)
# mv /boot/kernel /boot/kernel.bad
# mv /boot/kernel.old /boot/kernel
---------------------------------------
Ahora vamos a actualizar el arbol de ports
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /usr/share/examples/cvsup/ports-supfile <-(VIEW THE TIP)
---
TIP :
# cp /usr/share/examples/cvsup/ports-supfile /root
# edit /root/ ports-supfile
Change the lines
*default host=CHANGE_THIS.FreeBSD.org
for
*default host=cvsup15.us.FreeBSD.org
Exit from editor and save changes (en edit, con "Esc" main menu, "a" leave editor, "a" save changes)
# csup -h cvsup15.us.FreeBSD.org -g -L 2 /root/ports-supfile
Note :
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html#CVSUP-MIRRORS
---
---------------------------------------
Ejemplo de como se usan los ports, aqui instalaremos portupgrade, es una utilidad para mantener actualizados los ports que se instalen luego y hasta portupgrade mismo.
Instalar nuestro primer port, portupgrade:
# whereis portupgrade
portupgrade: /usr/ports/ports-mgmt/portupgrade
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean
Options for portupgrade 2.4.6_4,2
[X] BDB4 Use Berkeley DB >=2 as backend
[ OK ]
Suele pasar que luego de instalar algun port, al ejecutar el comando, nos muestre
Command not found.
Hay dos formas de hacer que permita usar el port:
Ejecutar el comando
# rehash
Tambien podemos simplemente salir de la sesion (exit), iniciar de nuevo sesion y ejecutar el comando de nuevo
Comandos basicos de portupgrade:
# pkg_version -v <- Imprime como estan las versiones
# portupgrade -a <- Actualiza los ports instalados
# portsclean -DD <- Limpia los ports viejos guardados en /usr/ports/distfiles
martes, julio 27, 2010
FreeBSD 8 + Migracion usuarios
Manuales:
http://forums.freebsd.org/showthread.php?t=5446
http://forums.freebsd.org/showthread.php?t=3292
http://www.afterschool.dk/documents/freebsd/freebsd-migrate-users/
Para migrar los usuarios de un equipo con FreeBSD a otro equipo con FreeBSD, se debe hacer backup a los siguientes archivos:
BACKUPS (en el servidor viejito)
Usuarios de FreeBSD
/etc/passwd
/etc/master.passwd
/etc/group
Documentos de los usuarios de FreeBSD
/usr/home
/var/mail
Usuarios de SAMBA de FreeBSD
/usr/local/etc/samba34/passdb.tdb
/usr/local/etc/samba34/secrets.tdb
Archivo con los parametros para compartir en SAMBA
/usr/local/etc/smb.conf
RESTAURACION (en el servidor nuevo)
Se instala FreeBSD
Se crea el usuario root y si lo deseamos para ssh creamos algun otro usuario.
Se instala SAMBA
Hacemos que SAMBA arranque con el sistema agregando en /etc/rc.conf las lineas:
# Activamos Samba
nmbd_enable="YES"
smbd_enable="YES"
Se reemplazan los archivos existentes con los del backups, que son los que tienen los datos importantes (usuarios, passwords y grupos)
Con "pwd_mkdb" se regeneran los passwords, con el siguiente comando:
# pwd_mkdb -p /etc/master.passwd
Si nuestro FreeBSD actua como file server, el contenido de
/usr/home
es donde ellos tienen su informacion importante y que debemos restaurar del backup
El directorio
/var/mail
guarda los e-mails de los usuarios del equipo, si nuestro FreeBSD actua como file server, no es importante restaurar esto.
Aqui les dejo un script para automatizar el proceso, pero cuidado que lo deben ajustar a su equipo y lo mas importante, deben activar o no el backup de /usr/home y /var/mail segun se desee (por defecto los dejo activo!)
Contenido del script INICIO
#! /bin/sh
# Manual
# http://forums.freebsd.org/showthread.php?t=5446
# http://forums.freebsd.org/showthread.php?t=3292
# http://www.afterschool.dk/documents/freebsd/freebsd-migrate-users/
#
# Move user entries from the following old files:
# /etc/passwd
# /etc/group
# /etc/master.passwd
#
# Then run the following command to rebuild the password database:
# pwd_mkdb -p /etc/master.passwd
# Macros
path="/root/backups"
# USUARIOS y PASSWORDS de FreeBSD
#
# 1 Backup /etc/passwd
tar -czf $path/passwd-`date +%Y-%m-%d-%H-%M`.tar.gz /etc/passwd
# 2 Backup /etc/master.passwd
tar -czf $path/master.passwd-`date +%Y-%m-%d-%H-%M`.tar.gz /etc/master.passwd
# 3 Backup /etc/group
tar -czf $path/group-`date +%Y-%m-%d-%H-%M`.tar.gz /etc/group
# 4 Backup /usr/home
tar -czf $path/home-`date +%Y-%m-%d-%H-%M`.tar.gz /usr/home
# 5 Backup /var/mail
tar -czf $path/mail-`date +%Y-%m-%d-%H-%M`.tar.gz /var/mail
# USUARIOS y PASSWORDS de SAMBA en FreeBSD
#
# Parte 1. Backup a: /usr/local/etc/samba o /usr/local/etc/samba34, activar el que corresponda a la version de samba
#
# =<> samba34 (samba34-3.4.9) /usr/local/etc/samba34/ por defecto utiliza 'passdb.tdb' + 'secrets.tdb' para sus usuarios
#tar -czf /usr/home/hd1/backups/FreeBSD/Usuarios-Samba34-`date +%Y-%m-%d-%H-%M`.tar.gz /usr/local/etc/samba34
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
# ; passdb backend = tdbsam
#
# Entonces podemos emplear tdbsam o smbpasswd segun se desee, la linea para el archivo 'smbpasswd' seria.
# passdb backend = smbpasswd
#
# Convertir 'smbpasswd' a 'passdb.tdb' con el comando (como root):
# pdbedit -i smbpasswd:/path/smbpasswd -e tdbsam:/path/passdb.tdb
#
# Convertir 'passdb.tdb' a 'smbpasswd'con el comando (como root):
# pdbedit -i tdbsam:/path/passdb.tdb -e smbpasswd:/path/smbpasswd
#
# Podemos preguntarle a SAMBA cual usa actualmente con el comando:
# smbd -b | less
# ...
# SMB_PASSWD_FILE: /usr/local/etc/samba/smbpasswd
# ...
#
# Parte 2. Backup a: /usr/local/etc/smb.conf
tar -czf $path/samba.conf-`date +%Y-%m-%d-%H-%M`.tar.gz /usr/local/etc/smb.conf
#
# Parte 3. Backup a: /root/.nsmbrc <- Aqui se ingresan los host, usuarios y claves para montajes remotos con SAMBA
tar -czf $path/dotnsmbrc-`date +%Y-%m-%d-%H-%M`.tar.gz /root/.nsmbrc
Contenido del script FIN
Los comandos usados son basicamente:
Descomprimir los .tar.gz
# tar -xvzf archivo.tar.gz
Copiar un archivo
# cp archivo /ruta/
Copiar un directorio recursivamente, osea con los archivos y sub-directorios
# cp -r /ruta/directorio /ruta/
Borrar un directorio que tenga archivos y sub-directorios
# rm -rf directorioaborrar
http://forums.freebsd.org/showthread.php?t=5446
http://forums.freebsd.org/showthread.php?t=3292
http://www.afterschool.dk/documents/freebsd/freebsd-migrate-users/
Para migrar los usuarios de un equipo con FreeBSD a otro equipo con FreeBSD, se debe hacer backup a los siguientes archivos:
BACKUPS (en el servidor viejito)
Usuarios de FreeBSD
/etc/passwd
/etc/master.passwd
/etc/group
Documentos de los usuarios de FreeBSD
/usr/home
/var/mail
Usuarios de SAMBA de FreeBSD
/usr/local/etc/samba34/passdb.tdb
/usr/local/etc/samba34/secrets.tdb
Archivo con los parametros para compartir en SAMBA
/usr/local/etc/smb.conf
RESTAURACION (en el servidor nuevo)
Se instala FreeBSD
Se crea el usuario root y si lo deseamos para ssh creamos algun otro usuario.
Se instala SAMBA
Hacemos que SAMBA arranque con el sistema agregando en /etc/rc.conf las lineas:
# Activamos Samba
nmbd_enable="YES"
smbd_enable="YES"
Se reemplazan los archivos existentes con los del backups, que son los que tienen los datos importantes (usuarios, passwords y grupos)
Con "pwd_mkdb" se regeneran los passwords, con el siguiente comando:
# pwd_mkdb -p /etc/master.passwd
Si nuestro FreeBSD actua como file server, el contenido de
/usr/home
es donde ellos tienen su informacion importante y que debemos restaurar del backup
El directorio
/var/mail
guarda los e-mails de los usuarios del equipo, si nuestro FreeBSD actua como file server, no es importante restaurar esto.
Aqui les dejo un script para automatizar el proceso, pero cuidado que lo deben ajustar a su equipo y lo mas importante, deben activar o no el backup de /usr/home y /var/mail segun se desee (por defecto los dejo activo!)
Contenido del script INICIO
#! /bin/sh
# Manual
# http://forums.freebsd.org/showthread.php?t=5446
# http://forums.freebsd.org/showthread.php?t=3292
# http://www.afterschool.dk/documents/freebsd/freebsd-migrate-users/
#
# Move user entries from the following old files:
# /etc/passwd
# /etc/group
# /etc/master.passwd
#
# Then run the following command to rebuild the password database:
# pwd_mkdb -p /etc/master.passwd
# Macros
path="/root/backups"
# USUARIOS y PASSWORDS de FreeBSD
#
# 1 Backup /etc/passwd
tar -czf $path/passwd-`date +%Y-%m-%d-%H-%M`.tar.gz /etc/passwd
# 2 Backup /etc/master.passwd
tar -czf $path/master.passwd-`date +%Y-%m-%d-%H-%M`.tar.gz /etc/master.passwd
# 3 Backup /etc/group
tar -czf $path/group-`date +%Y-%m-%d-%H-%M`.tar.gz /etc/group
# 4 Backup /usr/home
tar -czf $path/home-`date +%Y-%m-%d-%H-%M`.tar.gz /usr/home
# 5 Backup /var/mail
tar -czf $path/mail-`date +%Y-%m-%d-%H-%M`.tar.gz /var/mail
# USUARIOS y PASSWORDS de SAMBA en FreeBSD
#
# Parte 1. Backup a: /usr/local/etc/samba o /usr/local/etc/samba34, activar el que corresponda a la version de samba
#
# =<> samba34 (samba34-3.4.9) /usr/local/etc/samba34/ por defecto utiliza 'passdb.tdb' + 'secrets.tdb' para sus usuarios
#tar -czf /usr/home/hd1/backups/FreeBSD/Usuarios-Samba34-`date +%Y-%m-%d-%H-%M`.tar.gz /usr/local/etc/samba34
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
# ; passdb backend = tdbsam
#
# Entonces podemos emplear tdbsam o smbpasswd segun se desee, la linea para el archivo 'smbpasswd' seria.
# passdb backend = smbpasswd
#
# Convertir 'smbpasswd' a 'passdb.tdb' con el comando (como root):
# pdbedit -i smbpasswd:/path/smbpasswd -e tdbsam:/path/passdb.tdb
#
# Convertir 'passdb.tdb' a 'smbpasswd'con el comando (como root):
# pdbedit -i tdbsam:/path/passdb.tdb -e smbpasswd:/path/smbpasswd
#
# Podemos preguntarle a SAMBA cual usa actualmente con el comando:
# smbd -b | less
# ...
# SMB_PASSWD_FILE: /usr/local/etc/samba/smbpasswd
# ...
#
# Parte 2. Backup a: /usr/local/etc/smb.conf
tar -czf $path/samba.conf-`date +%Y-%m-%d-%H-%M`.tar.gz /usr/local/etc/smb.conf
#
# Parte 3. Backup a: /root/.nsmbrc <- Aqui se ingresan los host, usuarios y claves para montajes remotos con SAMBA
tar -czf $path/dotnsmbrc-`date +%Y-%m-%d-%H-%M`.tar.gz /root/.nsmbrc
Contenido del script FIN
Los comandos usados son basicamente:
Descomprimir los .tar.gz
# tar -xvzf archivo.tar.gz
Copiar un archivo
# cp archivo /ruta/
Copiar un directorio recursivamente, osea con los archivos y sub-directorios
# cp -r /ruta/directorio /ruta/
Borrar un directorio que tenga archivos y sub-directorios
# rm -rf directorioaborrar
martes, junio 01, 2010
FreeBSD + APCUPSD
Requerimientos:
FreeBSD instalado
UPS APC con tarjeta AP9619 conectada al servidor
Manuales:
/usr/local/share/doc/apcupsd/apcupsd.pdf
http://www.apcupsd.com/manual/manual.pdf
http://www.apcupsd.com/
http://www.freebsddiary.org/apcupsd.php
http://www.packetwatch.net/documents/guides/2010031301.php
Instrucciones:
1) Instalar el port apcupsd-3.14.8
# whereis apcupsd
apcupsd: /usr/ports/sysutils/apcupsd
# cd /usr/ports/sysutils/apcupsd
# make config
[X] APCSMART_DRV Compile APC SmartUPS serial driver
[X] APCDUMB_DRV Compile dumb UPS driver
[ ] CLIENT_ONLY Only NIS client (no network server or drivers)
[X] CGI Compile with CGI programs to show status
[X] PCNET_DRV Compile PowerChute Network Shutdown driver
[X] USB Compile with USB Support driver
[X] SNMP_DRV Compile with SNMP driver
[ ] SNMP_DRV_OLD Compile with old SNMP driver
[X] TCP_WRAPPERS Compile with TCP_WRAPPERS support
[ ] TEST_DRV Compile TEST driver
[ ] GAPCMON Build GTK GUI front-end
[ OK ]
# make install clean
---
**********************************************************************
Read the manual
/usr/local/share/doc/apcupsd/apcupsd.pdf
to do site specific configuration assigenments! Especially have a
detailed look into the chapter describing the shutdown procedure.
Sample files are installed in /usr/local/etc/apcupsd. These files
must be copied and/or configured for a proper working apcupsd.
You need to modify /usr/local/etc/apcupsd/apcupsd.conf as follows:
For serial cable: DEVICE /dev/cuadX (or /dev/cuaaX for [45.]x)
For USB cable: DEVICE (yes, leave it blank after DEVICE)
NOTE that for USB cable you must comment out the line
device uhid # "Human Interface Devices"
in your kernel configuration file and recompile the kernel.
Your keyboard and mouse will still work.
WARNING USB support on FreeBSD is still considered BETA!
Add apcupsd_enable=YES to your /etc/rc.conf[.local] to have apcupsd
starting up at boot time.
**********************************************************************
---
2) Configurar APCUPSD
# cd /usr/local/etc/apcupsd
# ls
apccontrol apcupsd.conf.sample apcupsd.css.sample changeme commok
hosts.conf.sample multimon.conf.sample onbattery apcupsd.conf
apcupsd.css cgi commfailure hosts.conf multimon.conf offbattery
# cp apcupsd.conf apcupsd.conf.sample
# cp apccontrol apccontrol.sample
# edit apcupsd.conf
# egrep -v '#|^ *$' apcupsd.conf
---
UPSNAME SURT10000XLT-1TF10K
UPSCABLE ether
UPSTYPE snmp
DEVICE 192.168.1.187:161:APC:private
POLLTIME 60
LOCKFILE /var/spool/lock
SCRIPTDIR /usr/local/etc/apcupsd
PWRFAILDIR /var/run
NOLOGINDIR /var/run
ONBATTERYDELAY 6
BATTERYLEVEL 5
MINUTES 3
TIMEOUT 0
ANNOY 300
ANNOYDELAY 60
NOLOGON disable
KILLDELAY 0
NETSERVER on
NISIP 0.0.0.0
NISPORT 3551
EVENTSFILE /var/log/apcupsd.events
EVENTSFILEMAX 10
UPSCLASS standalone
UPSMODE disable
STATTIME 0
STATFILE /var/log/apcupsd.status
LOGSTATS off
DATATIME 0
---
# touch /var/log/apcupsd.events
# touch /var/log/apcupsd.status
# edit hosts.conf
# egrep -v '#|^ *$' hosts.conf
---
MONITOR 127.0.0.1 "SURT10000XLT-1TF10K"
---
# edit multimon.conf
# egrep -v '#|^ *$' multimon.conf
---
TEMPC
FIELD SYSTEM "System" ""
FIELD MODEL "Model" ""
FIELD STATUS "Status" ""
FIELD battpct "Battery Chg" "%"
FIELD utility "Utility" "VAC"
FIELD loadpct "UPS Load" "%"
FIELD UPSTEMP "UPS Temp" ""
FIELD runtime "Batt. Run Time" "min."
FIELD DATA "Data" "All data"
---
3) Verificar que en el firewall se pueda acceder al puerto TCP 3551 del servidor desde la LAN
4) Editar el archivo /etc/rc.conf para agregar las lineas de APCUPSD para que inicie con el equipo
# edit /etc/rc.conf
---
# Activamos apcupsd (Si tengo una UPS marca APC)
apcupsd_enable="YES"
---
5) Crear el sitio en APACHE para monitorear la UPS remotamente por WWW ([X] CGI) agregando unas lineas
# edit /usr/local/etc/apache22/httpd.conf
---
# Modificacion para APCUPSD inicio
<Directory /usr/local/etc/apcupsd>
AllowOverride Options FileInfo
Order deny,allow
Allow from all
</Directory>
<Directory /usr/local/etc/apcupsd/cgi>
Options ExecCGI
</Directory>
ScriptAlias /apcupsd/cgi/ /usr/local/etc/apcupsd/cgi/
Alias /apcupsd /usr/local/etc/apcupsd/
# Modificacion para APCUPSD fin
---
Re-iniciar APACHE
# /usr/local/etc/rc.d/apache22 restart
6) Ajustar los parametros de la UPS
PARAMETROS DE LA UPS
IP Address: 192.168.1.187
Mask: 255.255.255.0
Gateway: 192.168.1.1
Tarjeta AP9619 S/N:
MAC Address 00:C0:B7:80:CA:D1
Enviarle la IP a la tarjeta desde FreeBSD
# arp -s 192.168.1.187 00:C0:B7:80:CA:D1
# ping 192.168.1.187 -s 113
Entrar por telnet a la ip de la tarjeta
# telnet 192.168.1.187
Login: apc
Passwd: apc
7) Iniciar el servicio
# /usr/local/etc/rc.d/apcupsd start
8) Monitorear la UPS via WWW, entrar a:
http://ipdemiserver/apcupsd/cgi/multimon.cgi
9) apcaccess Test
# apcaccess status
---
APC : 001,048,1167
DATE : 2010-09-01 07:36:10 -0500
HOSTNAME : alpha.company.com
VERSION : 3.14.8 (16 January 2010) freebsd
UPSNAME : UPS_IDEN
CABLE : Ethernet Link
MODEL : SNMP UPS Driver
UPSMODE : Stand Alone
STARTTIME: 2010-08-31 06:34:22 -0500
STATUS : ONLINE
LINEV : 205.0 Volts
LOADPCT : 38.0 Percent Load Capacity
BCHARGE : 100.0 Percent
TIMELEFT : 19.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME : 0 Seconds
MAXLINEV : 205.0 Volts
MINLINEV : 204.0 Volts
OUTPUTV : 207.0 Volts
SENSE : Unknown
DWAKE : 000 Seconds
DSHUTD : 020 Seconds
DLOWBATT : 02 Minutes
LOTRANS : 146.0 Volts
HITRANS : 229.0 Volts
RETPCT : 000.0 Percent
ITEMP : 34.0 C Internal
ALARMDEL : 5 seconds
BATTV : 214.0 Volts
LINEFREQ : 59.0 Hz
LASTXFER : Unacceptable line voltage changes
NUMXFERS : 0
TONBATT : 0 seconds
CUMONBATT: 0 seconds
XOFFBATT : N/A
SELFTEST : OK
STESTI : 336
STATFLAG : 0x07000008 Status Flag
MANDATE : 07/19/06
SERIALNO : NS0630013487
BATTDATE : 07/19/06
NOMOUTV : 208 Volts
NOMBATTV : 4294967295.0 Volts
EXTBATTS : 1
BADBATTS : -1
FIRMWARE : 476.17.W
APCMODEL : Smart-UPS RT 10000
END APC : 2010-09-01 07:37:10 -0500
---
10) APCUPSD SLAVE:
Se instala y configura en modo slave, estos son equipos que aunque reciben
energia de la UPS no estan conectados directamente a ella.
Nota:
La ip del servidor que corre APCUPSD en modo MASTER es 192.168.1.1
Parametros para los SLAVE en apcupsd.conf
UPSCABLE ether
UPSTYPE net
DEVICE 192.168.1.1:3551
WINDOWS
Cliente http://sourceforge.net/projects/apcupsd/files/win-binaries%20-%20Stable/
C:\apcupsd\etc\apcupsd\apcupsd.conf
Log
C:\apcupsd\etc\apcupsd\apcupsd.events
GNU/LINUX UBUNTU
$ sudo su
[sudo] password for angel:
# gedit /etc/apcupsd/apcupsd.conf
# gedit /etc/default/apcupsd
cambiar
ISCONFIGURED=no
por
ISCONFIGURED=yes
GNU/LINUX SUSE
YaST / Software / Software Management
apcupsd
# gedit /etc/apcupsd/apcupsd.conf
YaST / System / System Services (Runlevel)
apcupsd
Enable
MAC OS X
Configurar
sudo vi /private/etc/apcupsd/apcupsd.conf
Desinstalar
sudo /sbin/apcupsd-uninstall
FreeBSD
Configurar
# edit /usr/local/etc/apcupsd/apcupsd.conf
# edit /etc/rc.conf
apcupsd_enable="YES"
# /usr/local/etc/rc.d/apcupsd start
# exit
FreeBSD instalado
UPS APC con tarjeta AP9619 conectada al servidor
Manuales:
/usr/local/share/doc/apcupsd/apcupsd.pdf
http://www.apcupsd.com/manual/manual.pdf
http://www.apcupsd.com/
http://www.freebsddiary.org/apcupsd.php
http://www.packetwatch.net/documents/guides/2010031301.php
Instrucciones:
1) Instalar el port apcupsd-3.14.8
# whereis apcupsd
apcupsd: /usr/ports/sysutils/apcupsd
# cd /usr/ports/sysutils/apcupsd
# make config
[X] APCSMART_DRV Compile APC SmartUPS serial driver
[X] APCDUMB_DRV Compile dumb UPS driver
[ ] CLIENT_ONLY Only NIS client (no network server or drivers)
[X] CGI Compile with CGI programs to show status
[X] PCNET_DRV Compile PowerChute Network Shutdown driver
[X] USB Compile with USB Support driver
[X] SNMP_DRV Compile with SNMP driver
[ ] SNMP_DRV_OLD Compile with old SNMP driver
[X] TCP_WRAPPERS Compile with TCP_WRAPPERS support
[ ] TEST_DRV Compile TEST driver
[ ] GAPCMON Build GTK GUI front-end
[ OK ]
# make install clean
---
**********************************************************************
Read the manual
/usr/local/share/doc/apcupsd/apcupsd.pdf
to do site specific configuration assigenments! Especially have a
detailed look into the chapter describing the shutdown procedure.
Sample files are installed in /usr/local/etc/apcupsd. These files
must be copied and/or configured for a proper working apcupsd.
You need to modify /usr/local/etc/apcupsd/apcupsd.conf as follows:
For serial cable: DEVICE /dev/cuadX (or /dev/cuaaX for [45.]x)
For USB cable: DEVICE (yes, leave it blank after DEVICE)
NOTE that for USB cable you must comment out the line
device uhid # "Human Interface Devices"
in your kernel configuration file and recompile the kernel.
Your keyboard and mouse will still work.
WARNING USB support on FreeBSD is still considered BETA!
Add apcupsd_enable=YES to your /etc/rc.conf[.local] to have apcupsd
starting up at boot time.
**********************************************************************
---
2) Configurar APCUPSD
# cd /usr/local/etc/apcupsd
# ls
apccontrol apcupsd.conf.sample apcupsd.css.sample changeme commok
hosts.conf.sample multimon.conf.sample onbattery apcupsd.conf
apcupsd.css cgi commfailure hosts.conf multimon.conf offbattery
# cp apcupsd.conf apcupsd.conf.sample
# cp apccontrol apccontrol.sample
# edit apcupsd.conf
# egrep -v '#|^ *$' apcupsd.conf
---
UPSNAME SURT10000XLT-1TF10K
UPSCABLE ether
UPSTYPE snmp
DEVICE 192.168.1.187:161:APC:private
POLLTIME 60
LOCKFILE /var/spool/lock
SCRIPTDIR /usr/local/etc/apcupsd
PWRFAILDIR /var/run
NOLOGINDIR /var/run
ONBATTERYDELAY 6
BATTERYLEVEL 5
MINUTES 3
TIMEOUT 0
ANNOY 300
ANNOYDELAY 60
NOLOGON disable
KILLDELAY 0
NETSERVER on
NISIP 0.0.0.0
NISPORT 3551
EVENTSFILE /var/log/apcupsd.events
EVENTSFILEMAX 10
UPSCLASS standalone
UPSMODE disable
STATTIME 0
STATFILE /var/log/apcupsd.status
LOGSTATS off
DATATIME 0
---
# touch /var/log/apcupsd.events
# touch /var/log/apcupsd.status
# edit hosts.conf
# egrep -v '#|^ *$' hosts.conf
---
MONITOR 127.0.0.1 "SURT10000XLT-1TF10K"
---
# edit multimon.conf
# egrep -v '#|^ *$' multimon.conf
---
TEMPC
FIELD SYSTEM "System" ""
FIELD MODEL "Model" ""
FIELD STATUS "Status" ""
FIELD battpct "Battery Chg" "%"
FIELD utility "Utility" "VAC"
FIELD loadpct "UPS Load" "%"
FIELD UPSTEMP "UPS Temp" ""
FIELD runtime "Batt. Run Time" "min."
FIELD DATA "Data" "All data"
---
3) Verificar que en el firewall se pueda acceder al puerto TCP 3551 del servidor desde la LAN
4) Editar el archivo /etc/rc.conf para agregar las lineas de APCUPSD para que inicie con el equipo
# edit /etc/rc.conf
---
# Activamos apcupsd (Si tengo una UPS marca APC)
apcupsd_enable="YES"
---
5) Crear el sitio en APACHE para monitorear la UPS remotamente por WWW ([X] CGI) agregando unas lineas
# edit /usr/local/etc/apache22/httpd.conf
---
# Modificacion para APCUPSD inicio
<Directory /usr/local/etc/apcupsd>
AllowOverride Options FileInfo
Order deny,allow
Allow from all
</Directory>
<Directory /usr/local/etc/apcupsd/cgi>
Options ExecCGI
</Directory>
ScriptAlias /apcupsd/cgi/ /usr/local/etc/apcupsd/cgi/
Alias /apcupsd /usr/local/etc/apcupsd/
# Modificacion para APCUPSD fin
---
Re-iniciar APACHE
# /usr/local/etc/rc.d/apache22 restart
6) Ajustar los parametros de la UPS
PARAMETROS DE LA UPS
IP Address: 192.168.1.187
Mask: 255.255.255.0
Gateway: 192.168.1.1
Tarjeta AP9619 S/N:
MAC Address 00:C0:B7:80:CA:D1
Enviarle la IP a la tarjeta desde FreeBSD
# arp -s 192.168.1.187 00:C0:B7:80:CA:D1
# ping 192.168.1.187 -s 113
Entrar por telnet a la ip de la tarjeta
# telnet 192.168.1.187
Login: apc
Passwd: apc
7) Iniciar el servicio
# /usr/local/etc/rc.d/apcupsd start
8) Monitorear la UPS via WWW, entrar a:
http://ipdemiserver/apcupsd/cgi/multimon.cgi
9) apcaccess Test
# apcaccess status
---
APC : 001,048,1167
DATE : 2010-09-01 07:36:10 -0500
HOSTNAME : alpha.company.com
VERSION : 3.14.8 (16 January 2010) freebsd
UPSNAME : UPS_IDEN
CABLE : Ethernet Link
MODEL : SNMP UPS Driver
UPSMODE : Stand Alone
STARTTIME: 2010-08-31 06:34:22 -0500
STATUS : ONLINE
LINEV : 205.0 Volts
LOADPCT : 38.0 Percent Load Capacity
BCHARGE : 100.0 Percent
TIMELEFT : 19.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME : 0 Seconds
MAXLINEV : 205.0 Volts
MINLINEV : 204.0 Volts
OUTPUTV : 207.0 Volts
SENSE : Unknown
DWAKE : 000 Seconds
DSHUTD : 020 Seconds
DLOWBATT : 02 Minutes
LOTRANS : 146.0 Volts
HITRANS : 229.0 Volts
RETPCT : 000.0 Percent
ITEMP : 34.0 C Internal
ALARMDEL : 5 seconds
BATTV : 214.0 Volts
LINEFREQ : 59.0 Hz
LASTXFER : Unacceptable line voltage changes
NUMXFERS : 0
TONBATT : 0 seconds
CUMONBATT: 0 seconds
XOFFBATT : N/A
SELFTEST : OK
STESTI : 336
STATFLAG : 0x07000008 Status Flag
MANDATE : 07/19/06
SERIALNO : NS0630013487
BATTDATE : 07/19/06
NOMOUTV : 208 Volts
NOMBATTV : 4294967295.0 Volts
EXTBATTS : 1
BADBATTS : -1
FIRMWARE : 476.17.W
APCMODEL : Smart-UPS RT 10000
END APC : 2010-09-01 07:37:10 -0500
---
10) APCUPSD SLAVE:
Se instala y configura en modo slave, estos son equipos que aunque reciben
energia de la UPS no estan conectados directamente a ella.
Nota:
La ip del servidor que corre APCUPSD en modo MASTER es 192.168.1.1
Parametros para los SLAVE en apcupsd.conf
UPSCABLE ether
UPSTYPE net
DEVICE 192.168.1.1:3551
WINDOWS
Cliente http://sourceforge.net/projects/apcupsd/files/win-binaries%20-%20Stable/
C:\apcupsd\etc\apcupsd\apcupsd.conf
Log
C:\apcupsd\etc\apcupsd\apcupsd.events
GNU/LINUX UBUNTU
$ sudo su
[sudo] password for angel:
# gedit /etc/apcupsd/apcupsd.conf
# gedit /etc/default/apcupsd
cambiar
ISCONFIGURED=no
por
ISCONFIGURED=yes
GNU/LINUX SUSE
YaST / Software / Software Management
apcupsd
# gedit /etc/apcupsd/apcupsd.conf
YaST / System / System Services (Runlevel)
apcupsd
Enable
MAC OS X
Configurar
sudo vi /private/etc/apcupsd/apcupsd.conf
Desinstalar
sudo /sbin/apcupsd-uninstall
FreeBSD
Configurar
# edit /usr/local/etc/apcupsd/apcupsd.conf
# edit /etc/rc.conf
apcupsd_enable="YES"
# /usr/local/etc/rc.d/apcupsd start
# exit
viernes, mayo 28, 2010
FreeBSD + MySQL
Requerimientos:
FreeBSD Instalado
Instrucciones:
1) Instalar MySQL desde los ports
# cd /usr/ports/databases/mysql50-server
# make install clean
2) Hacer que el MySQL se inicie con el sistema poniendo una linea en /etc/rc.conf como esta
# Activamos MySQL
mysql_enable="YES"
3) Iniciar MySQL para no tener que re-iniciar el servidor
# /usr/local/etc/rc.d/mysql-server start
4) Creamos el usuario administrador del gestor
# mysqladmin -u root password 'PASSWORDROOT'
Nota:
PASSWORDROOT se debe cambiar por una clave valida para el usuario root en MySQL
MyDB se debe cambiar por el nombre de la base de datos que requiero crear
usuario1 se debe cambiar por el nombre de usuario con el que se ingresara a DB
passusuario1 se debe cambiar por la clave que queremos para usuario1
5) Creamos la DB con su usuario correspondiente
# mysql -u root -p
Enter password: <- PASSWORDROOT
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15 Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90 Type 'help;' or '\h' for help.
Type '\c' to clear the current input statement. mysql>
6) Crear la DB junto con el usuario y clave (todo de una)
CREAMOS DB utf8, permiso solo desde red clase "C", usuario y password, recargamos permisos
# mysql -u root -p
Enter password: <- PASSWORDROOT
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE MyDB CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON MyDB.* TO usuario1@'192.168.1.%' IDENTIFIED BY 'passusuario1';
Query OK, 0 rows affected (0.05 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Nota:
Esta permite conectar desde cualquier ip de la lan clase "C"
mysql> GRANT ALL PRIVILEGES ON MyDB.* TO usuario1@'192.168.1.%' IDENTIFIED BY 'passusuario1';
Con esta linea solo se permite conectar desde la ip 192.168.1.244
mysql> GRANT ALL PRIVILEGES ON MyDB.* TO usuario1@192.168.1.244 IDENTIFIED BY 'passusuario1';
7) Creamos la estructura (no se puede hacer si en el shell estoy como root)
$ mysql --user=root --password=PASSWORDROOT* MyDB < /tmp/dbiniciar.sql
8) Importamos los datos a la DB (no se puede hacer si en el shell estoy como root)
$ mysql --user=root --password=PASSWORDROOT* MyDB < /tmp/datos.sql
NOTA: Para borrar la DB que en este caso llamamos MyDB
# mysqladmin -u root drop MyDB -p
Enter password: <- PASSWORDROOT
Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.
Do you really want to drop the 'MyDB' database [y/N]y
9) PRUEBAS CONEXION
REMOTA (desde un linux con mysql-client -> FreeBSD)
$ mysql -h 192.168.1.1 -u usuario1 MyDB -p
Enter password: <- passusuario1
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 522
Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \q
Bye
LOCAL (desde FreeBSD)
# mysql -u root MyDB -p
Enter password: <- PASSWORDROOT
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \q
Bye
BACKUP A LA DB ACTUAL (NO SE PUEDE HACER COMO ROOT)
$ mysqldump --user=root --password=PASSWORDROOT MyDB | gzip > /tmp/MyDB.sql.gz
IMPORTAR BACKUP
DESCOMPRIMIR EL BACKUP
# cd /tmp
# gunzip MyDB.sql.gz
IMPORTAR LA DB DEL BACKUP (NO SE PUEDE HACER COMO ROOT)
$ mysql --user=root --password=PASSWORDROOT MyDB < /tmp/MyDB.sql
FreeBSD Instalado
Instrucciones:
1) Instalar MySQL desde los ports
# cd /usr/ports/databases/mysql50-server
# make install clean
2) Hacer que el MySQL se inicie con el sistema poniendo una linea en /etc/rc.conf como esta
# Activamos MySQL
mysql_enable="YES"
3) Iniciar MySQL para no tener que re-iniciar el servidor
# /usr/local/etc/rc.d/mysql-server start
4) Creamos el usuario administrador del gestor
# mysqladmin -u root password 'PASSWORDROOT'
Nota:
PASSWORDROOT se debe cambiar por una clave valida para el usuario root en MySQL
MyDB se debe cambiar por el nombre de la base de datos que requiero crear
usuario1 se debe cambiar por el nombre de usuario con el que se ingresara a DB
passusuario1 se debe cambiar por la clave que queremos para usuario1
5) Creamos la DB con su usuario correspondiente
# mysql -u root -p
Enter password: <- PASSWORDROOT
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15 Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90 Type 'help;' or '\h' for help.
Type '\c' to clear the current input statement. mysql>
6) Crear la DB junto con el usuario y clave (todo de una)
CREAMOS DB utf8, permiso solo desde red clase "C", usuario y password, recargamos permisos
# mysql -u root -p
Enter password: <- PASSWORDROOT
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE MyDB CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON MyDB.* TO usuario1@'192.168.1.%' IDENTIFIED BY 'passusuario1';
Query OK, 0 rows affected (0.05 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Nota:
Esta permite conectar desde cualquier ip de la lan clase "C"
mysql> GRANT ALL PRIVILEGES ON MyDB.* TO usuario1@'192.168.1.%' IDENTIFIED BY 'passusuario1';
Con esta linea solo se permite conectar desde la ip 192.168.1.244
mysql> GRANT ALL PRIVILEGES ON MyDB.* TO usuario1@192.168.1.244 IDENTIFIED BY 'passusuario1';
7) Creamos la estructura (no se puede hacer si en el shell estoy como root)
$ mysql --user=root --password=PASSWORDROOT* MyDB < /tmp/dbiniciar.sql
8) Importamos los datos a la DB (no se puede hacer si en el shell estoy como root)
$ mysql --user=root --password=PASSWORDROOT* MyDB < /tmp/datos.sql
NOTA: Para borrar la DB que en este caso llamamos MyDB
# mysqladmin -u root drop MyDB -p
Enter password: <- PASSWORDROOT
Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.
Do you really want to drop the 'MyDB' database [y/N]y
9) PRUEBAS CONEXION
REMOTA (desde un linux con mysql-client -> FreeBSD)
$ mysql -h 192.168.1.1 -u usuario1 MyDB -p
Enter password: <- passusuario1
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 522
Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \q
Bye
LOCAL (desde FreeBSD)
# mysql -u root MyDB -p
Enter password: <- PASSWORDROOT
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 5.0.90 FreeBSD port: mysql-server-5.0.90
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \q
Bye
BACKUP A LA DB ACTUAL (NO SE PUEDE HACER COMO ROOT)
$ mysqldump --user=root --password=PASSWORDROOT MyDB | gzip > /tmp/MyDB.sql.gz
IMPORTAR BACKUP
DESCOMPRIMIR EL BACKUP
# cd /tmp
# gunzip MyDB.sql.gz
IMPORTAR LA DB DEL BACKUP (NO SE PUEDE HACER COMO ROOT)
$ mysql --user=root --password=PASSWORDROOT MyDB < /tmp/MyDB.sql
martes, mayo 25, 2010
FreeBSD + Squid-cache + squidGuard
Requerimientos:
FreeBSD instalado
Squid-cache instalado
Instrucciones:
1) Instalar el port squidGuard
# whereis squidguard
squidguard: /usr/ports/www/squidguard
# cd /usr/ports/www/squidguard
# make install clean
2) Instalar DB41 (squidGuard no funciona con db superior a 4.1, pero se pueden tener diferentes versiones instaladas al mismo tiempo)
# whereis db41
db41: /usr/ports/databases/db41
# cd /usr/ports/databases/db41
# make install clean
3) Crear los directorios, archivos y darle permisos en ellos a squid
# mkdir /var/db/squidGuard
# chown -R squid:squid /var/db/squidGuard
# touch /var/log/squidGuard.log
# touch /var/log/squidGuard.error
# chown squid:squid /var/log/squidGuard.log
# chown squid:squid /var/log/squidGuard.error
4) Hacer que Squid-cache envie a squidGuard
Agregar la siguente linea en /usr/local/etc/squid/squid.conf
en la seccion # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf
5) Descargar el blacklist
De aqui se pueden descargar varias listas
http://www.squidguard.org/blacklists.html
Aqui usaremos la de Universite Toulouse blacklist collection que parece estar mas actualizada
Se debe descomprimir dentro de /var/db/squidGuard
Hay que darle permisos a squid en ese directorio recuersivamente
# chown -R squid:squid /var/db/squidGuard
6) Crear el archivo de configuracion de squidGuard /usr/local/etc/squid/squidGuard.conf con el siguiente contenido:
#
# SAMPLE CONFIG FILE FOR SQUIDGUARD
# (for further configuration options see the
# documentation and http://www.squidguard.org/)
#
#
# Location of the blacklists
#
dbhome /var/db/squidGuard
#
# Location of the logfiles
#
logdir /var/log
#
# DESTINATION CLASSES
#
# Universite Toulouse
# http://cri.univ-tlse1.fr/documentations/cache/squidguard_en.html#contrib
# ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
#
dest ads {
domainlist ads/domains
urllist ads/urls
expressionlist ads/expressions
}
dest adult {
domainlist adult/domains
urllist adult/urls
expressionlist adult/expressions
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
expressionlist aggressive/expressions
}
dest agressif {
domainlist agressif/domains
urllist agressif/urls
expressionlist agressif/expressions
}
dest astrology {
domainlist astrology/domains
urllist astrology/urls
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest blog {
domainlist blog/domains
urllist blog/urls
}
dest celebrity {
domainlist celebrity/domains
urllist celebrity/urls
}
dest chat {
domainlist chat/domains
urllist chat/urls
}
dest child {
domainlist child/domains
urllist child/urls
}
dest cleaning {
domainlist cleaning/domains
urllist cleaning/urls
}
dest dangerous_material {
domainlist dangerous_material/domains
urllist dangerous_material/urls
}
dest dating {
domainlist dating/domains
urllist dating/urls
}
dest drogue {
domainlist drogue/domains
urllist drogue/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest filehosting {
domainlist filehosting/domains
urllist filehosting/urls
}
dest financial {
domainlist financial/domains
urllist financial/urls
}
dest forums {
domainlist forums/domains
urllist forums/urls
expressionlist forums/expressions
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest games {
domainlist games/domains
urllist games/urls
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest liste_bu {
domainlist liste_bu/domains
urllist liste_bu/urls
}
dest mail {
domainlist mail/domains
}
dest malware {
domainlist malware/domains
urllist malware/urls
expressionlist malware/expressions
}
dest manga {
domainlist manga/domains
urllist manga/urls
}
dest marketingware {
domainlist marketingware/domains
urllist marketingware/urls
}
dest mixed_adult {
domainlist mixed_adult/domains
urllist mixed_adult/urls
}
dest mobile-phone {
domainlist mobile-phone/domains
urllist mobile-phone/urls
}
dest phishing {
domainlist phishing/domains
urllist phishing/urls
}
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
}
dest press {
domainlist press/domains
urllist press/urls
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
}
dest publicite {
domainlist publicite/domains
urllist publicite/urls
expressionlist publicite/expressions
}
dest radio {
domainlist radio/domains
urllist radio/urls
}
dest reaffected {
domainlist reaffected/domains
urllist reaffected/urls
}
dest redirector {
domainlist redirector/domains
urllist redirector/urls
}
dest remote-control {
domainlist remote-control/domains
urllist remote-control/urls
}
dest sect {
domainlist sect/domains
urllist sect/urls
}
dest sexual_education {
domainlist sexual_education/domains
urllist sexual_education/urls
}
dest shopping {
domainlist shopping/domains
urllist shopping/urls
}
dest strict_redirector {
domainlist strict_redirector/domains
urllist strict_redirector/urls
expressionlist strict_redirector/expressions
}
dest strong_redirector {
domainlist strong_redirector/domains
urllist strong_redirector/urls
expressionlist strong_redirector/expressions
}
dest tricheur {
domainlist tricheur/domains
urllist tricheur/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest webmail {
domainlist webmail/domains
urllist webmail/urls
}
dest nuevas {
domainlist nuevas/domains # Listado de direcciones nuevas
urllist nuevas/urls
}
dest permitidas {
domainlist permitidas/domains # Listado de direcciones permitidas
urllist permitidas/urls
}
# Examples
# http://www.squidguard.org/Doc/examples.html
# http://www.squidguard.org/Doc/Examples/07.conf
# leisure-time = tiempo-ocio
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time leisure-time {
weekly * 00:00-07:30 17:30-24:00 # night and evening
weekly fridays 16:00-17:00 # weekend
date *.01.01 # New Year's Day
date *.05.01 # Labour Day
date *.05.17 # National Day
date *.12.24 12:00-24:00 # Christmas Eve
date *.12.25 # Christmas Day
date *.12.26 # Boxing Day
}
# grownups = adultos
src grownups {
#ip 10.0.0.0/24 # range 10.0.0.0 - 10.0.0.255
ip 192.168.1.244/24 # DELTA para una prueba
}
# kids = ninos
src kids {
#ip 10.0.0.0/22 # range 10.0.0.0 - 10.0.3.255
ip 192.168.0.0/16 # los empleados son como ninos
}
acl {
grownups within leisure-time {
pass all # don't censor peoples leisure-time
} else {
#pass !in-addr !porn all # restrict access during business hours
pass !in-addr permitidas !nuevas !hacking !malware !phishing !porn !proxy !remote-control !warez all
redirect http://alpha/mensaje.html
}
kids {
#pass !porn all # protect the kids 24h anyway
pass permitidas !nuevas !hacking !malware !phishing !porn !proxy !remote-control !warez all
}
default {
pass none # reject unknown clients
redirect http://alpha/mensaje.html
}
}
# Notas:
# !ads bloquea los logos de por ejemplo www.elcolombiano.com
Nota:
Seguramente existen sitios nuevos que o son bloqueados accidentalmente (permitidas) o no estan en la blacklist (nuevas)
Para eso, se crean manualmente
# mkdir /var/db/squidGuard/permitidas
# mkdir /var/db/squidGuard/nuevas
Luego creamos los archivos de cada una
# touch /var/db/squidGuard/permitidas/domains
# touch /var/db/squidGuard/permitidas/urls
# touch /var/db/squidGuard/nuevas/domains
# touch /var/db/squidGuard/nuevas/urls
en esos archivos (domains) de cada carpeta podemos agregar nuevos lugares, por ejemplo:
# cat /var/db/squidGuard/nuevas/domains
sologatitas.com
pornstargals.com
Darle permisos a squid en esos directorios recursivamente
# chown -R squid:squid /var/db/squidGuard
7) Inicializar la blacklist
# squidGuard -C all
# chown -R squid:squid /var/db/squidGuard/*
en el log de squidGuard, debemos ver algo como esto
# tail -f /var/log/squidGuard.log
---
2010-05-25 11:13:04 [76487] squidGuard 1.4 started (1274803965.070)
2010-05-25 11:13:04 [76487] db update done
2010-05-25 11:13:04 [76487] squidGuard stopped (1274803984.037)
---
8) Re-iniciar el Squid-cache
# /usr/local/etc/rc.d/squid restart
9) prueba
Tratar de ingresar con el navegador a, por ejemplo, www.sologatitas.com
Debemos ver un mensaje personalizado que si tenemos apache funcioando, en nuestro caso los enviamos a ver mensaje.html
FreeBSD instalado
Squid-cache instalado
Instrucciones:
1) Instalar el port squidGuard
# whereis squidguard
squidguard: /usr/ports/www/squidguard
# cd /usr/ports/www/squidguard
# make install clean
2) Instalar DB41 (squidGuard no funciona con db superior a 4.1, pero se pueden tener diferentes versiones instaladas al mismo tiempo)
# whereis db41
db41: /usr/ports/databases/db41
# cd /usr/ports/databases/db41
# make install clean
3) Crear los directorios, archivos y darle permisos en ellos a squid
# mkdir /var/db/squidGuard
# chown -R squid:squid /var/db/squidGuard
# touch /var/log/squidGuard.log
# touch /var/log/squidGuard.error
# chown squid:squid /var/log/squidGuard.log
# chown squid:squid /var/log/squidGuard.error
4) Hacer que Squid-cache envie a squidGuard
Agregar la siguente linea en /usr/local/etc/squid/squid.conf
en la seccion # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf
5) Descargar el blacklist
De aqui se pueden descargar varias listas
http://www.squidguard.org/blacklists.html
Aqui usaremos la de Universite Toulouse blacklist collection que parece estar mas actualizada
Se debe descomprimir dentro de /var/db/squidGuard
Hay que darle permisos a squid en ese directorio recuersivamente
# chown -R squid:squid /var/db/squidGuard
6) Crear el archivo de configuracion de squidGuard /usr/local/etc/squid/squidGuard.conf con el siguiente contenido:
#
# SAMPLE CONFIG FILE FOR SQUIDGUARD
# (for further configuration options see the
# documentation and http://www.squidguard.org/)
#
#
# Location of the blacklists
#
dbhome /var/db/squidGuard
#
# Location of the logfiles
#
logdir /var/log
#
# DESTINATION CLASSES
#
# Universite Toulouse
# http://cri.univ-tlse1.fr/documentations/cache/squidguard_en.html#contrib
# ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
#
dest ads {
domainlist ads/domains
urllist ads/urls
expressionlist ads/expressions
}
dest adult {
domainlist adult/domains
urllist adult/urls
expressionlist adult/expressions
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
expressionlist aggressive/expressions
}
dest agressif {
domainlist agressif/domains
urllist agressif/urls
expressionlist agressif/expressions
}
dest astrology {
domainlist astrology/domains
urllist astrology/urls
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest blog {
domainlist blog/domains
urllist blog/urls
}
dest celebrity {
domainlist celebrity/domains
urllist celebrity/urls
}
dest chat {
domainlist chat/domains
urllist chat/urls
}
dest child {
domainlist child/domains
urllist child/urls
}
dest cleaning {
domainlist cleaning/domains
urllist cleaning/urls
}
dest dangerous_material {
domainlist dangerous_material/domains
urllist dangerous_material/urls
}
dest dating {
domainlist dating/domains
urllist dating/urls
}
dest drogue {
domainlist drogue/domains
urllist drogue/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest filehosting {
domainlist filehosting/domains
urllist filehosting/urls
}
dest financial {
domainlist financial/domains
urllist financial/urls
}
dest forums {
domainlist forums/domains
urllist forums/urls
expressionlist forums/expressions
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest games {
domainlist games/domains
urllist games/urls
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest liste_bu {
domainlist liste_bu/domains
urllist liste_bu/urls
}
dest mail {
domainlist mail/domains
}
dest malware {
domainlist malware/domains
urllist malware/urls
expressionlist malware/expressions
}
dest manga {
domainlist manga/domains
urllist manga/urls
}
dest marketingware {
domainlist marketingware/domains
urllist marketingware/urls
}
dest mixed_adult {
domainlist mixed_adult/domains
urllist mixed_adult/urls
}
dest mobile-phone {
domainlist mobile-phone/domains
urllist mobile-phone/urls
}
dest phishing {
domainlist phishing/domains
urllist phishing/urls
}
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
}
dest press {
domainlist press/domains
urllist press/urls
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
}
dest publicite {
domainlist publicite/domains
urllist publicite/urls
expressionlist publicite/expressions
}
dest radio {
domainlist radio/domains
urllist radio/urls
}
dest reaffected {
domainlist reaffected/domains
urllist reaffected/urls
}
dest redirector {
domainlist redirector/domains
urllist redirector/urls
}
dest remote-control {
domainlist remote-control/domains
urllist remote-control/urls
}
dest sect {
domainlist sect/domains
urllist sect/urls
}
dest sexual_education {
domainlist sexual_education/domains
urllist sexual_education/urls
}
dest shopping {
domainlist shopping/domains
urllist shopping/urls
}
dest strict_redirector {
domainlist strict_redirector/domains
urllist strict_redirector/urls
expressionlist strict_redirector/expressions
}
dest strong_redirector {
domainlist strong_redirector/domains
urllist strong_redirector/urls
expressionlist strong_redirector/expressions
}
dest tricheur {
domainlist tricheur/domains
urllist tricheur/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest webmail {
domainlist webmail/domains
urllist webmail/urls
}
dest nuevas {
domainlist nuevas/domains # Listado de direcciones nuevas
urllist nuevas/urls
}
dest permitidas {
domainlist permitidas/domains # Listado de direcciones permitidas
urllist permitidas/urls
}
# Examples
# http://www.squidguard.org/Doc/examples.html
# http://www.squidguard.org/Doc/Examples/07.conf
# leisure-time = tiempo-ocio
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time leisure-time {
weekly * 00:00-07:30 17:30-24:00 # night and evening
weekly fridays 16:00-17:00 # weekend
date *.01.01 # New Year's Day
date *.05.01 # Labour Day
date *.05.17 # National Day
date *.12.24 12:00-24:00 # Christmas Eve
date *.12.25 # Christmas Day
date *.12.26 # Boxing Day
}
# grownups = adultos
src grownups {
#ip 10.0.0.0/24 # range 10.0.0.0 - 10.0.0.255
ip 192.168.1.244/24 # DELTA para una prueba
}
# kids = ninos
src kids {
#ip 10.0.0.0/22 # range 10.0.0.0 - 10.0.3.255
ip 192.168.0.0/16 # los empleados son como ninos
}
acl {
grownups within leisure-time {
pass all # don't censor peoples leisure-time
} else {
#pass !in-addr !porn all # restrict access during business hours
pass !in-addr permitidas !nuevas !hacking !malware !phishing !porn !proxy !remote-control !warez all
redirect http://alpha/mensaje.html
}
kids {
#pass !porn all # protect the kids 24h anyway
pass permitidas !nuevas !hacking !malware !phishing !porn !proxy !remote-control !warez all
}
default {
pass none # reject unknown clients
redirect http://alpha/mensaje.html
}
}
# Notas:
# !ads bloquea los logos de por ejemplo www.elcolombiano.com
Nota:
Seguramente existen sitios nuevos que o son bloqueados accidentalmente (permitidas) o no estan en la blacklist (nuevas)
Para eso, se crean manualmente
# mkdir /var/db/squidGuard/permitidas
# mkdir /var/db/squidGuard/nuevas
Luego creamos los archivos de cada una
# touch /var/db/squidGuard/permitidas/domains
# touch /var/db/squidGuard/permitidas/urls
# touch /var/db/squidGuard/nuevas/domains
# touch /var/db/squidGuard/nuevas/urls
en esos archivos (domains) de cada carpeta podemos agregar nuevos lugares, por ejemplo:
# cat /var/db/squidGuard/nuevas/domains
sologatitas.com
pornstargals.com
Darle permisos a squid en esos directorios recursivamente
# chown -R squid:squid /var/db/squidGuard
7) Inicializar la blacklist
# squidGuard -C all
# chown -R squid:squid /var/db/squidGuard/*
en el log de squidGuard, debemos ver algo como esto
# tail -f /var/log/squidGuard.log
---
2010-05-25 11:13:04 [76487] squidGuard 1.4 started (1274803965.070)
2010-05-25 11:13:04 [76487] db update done
2010-05-25 11:13:04 [76487] squidGuard stopped (1274803984.037)
---
8) Re-iniciar el Squid-cache
# /usr/local/etc/rc.d/squid restart
9) prueba
Tratar de ingresar con el navegador a, por ejemplo, www.sologatitas.com
Debemos ver un mensaje personalizado que si tenemos apache funcioando, en nuestro caso los enviamos a ver mensaje.html
martes, mayo 11, 2010
FreeBSD 8
Requerimientos:
Disco de instalacion de FreeBSD
Conexion a internet
Instalando:
Iniciar el equipo desde el cd
232 United States
OK
Standard Begin a standard installation (recommended)
[Select]
...fdisk...
OK
Would you like to keep using the current geometry?
YES
A = Use Entire Disk
Q = Finish
Standard Install a standard MBR (no boot manager)
OK
Now you need to create BSD partitions...
OK
C = Create
4096M
OK
FS A file system
OK
Please specify a mount point for the partition
/
OK
C = Create
2048M
OK
Swap A swap partition
OK
C = Create
8192M
FS A file system
OK
/var
OK
C = Create
(the resto of hd free)
OK
FS A file system
OK
/usr
OK
Q = Finish
----------------------------------------------
Ejemplo de particionado para un disco de 36GB SCSI
Part Mount Size Newfs Part
da0s1a / 4096MB UFS2 Y
da0s1b swap 2048MB SWAP
da0s1d /var 8192MB UFS2+S Y
da0s1e /usr 22528MB UFS2+S Y
----------------------------------------------
[X] 5 Kern-Developer Full binaries and doc, kernel soruces only
OK
<<< X Exit Exit this menu (returning to previous)
OK
Would you like to install the FreeBSD ports collection?
YES
OK
1 CD/DVD Install fron a FreeBSD CD/DVD
OK
Last Chance!
YES
Congratulations! You now have FreeBSD installed on your system.
/usr/sbin/sysinstall
OK
Would you like to configure any Ethernet or SLIP/PPP network devices?
YES
(si tenemos dos tarjetas, debemos tomar nota de los nombres, por ejemplo: sis0 y rl0)
sis0 SiS 900/SiS 7016 PCI Ethernet card
OK
Do you want to try IPv6 configuration of the interface?
YES
Do you want to try DHCP configuration of the interface?
YES
Host: pruebas.company.com
Domain: company.com
IPv4 Gateway: 192.168.1.1
Name server: 192.168.1.1
IPv4 Address: 192.168.1.108
Netmask: 255.255.255.0
OK
Do you want this machine to funtion as a network gateway?
NO
Do you want to configure inetd and the network services that it provides?
NO
Would you like to enable SSH login?
YES
Do you want to have anonymous FTP access to this machine?
NO
Do you want to configure this machine as an NFS server?
NO
Do you want to configure this machine as an NFS client?
NO
Would you like to customize your system console settings?
NO
Would you like to set this machine's time zone now?
YES
Is this machine's CMOS clock set to UTC? If ...
NO
2 America -- North and South
OK
13 Colombia
OK
Does the abbreviation 'COT' look reasonable?
YES
Does this system have a PS/2, serial, or bus mouse?
NO
The FreeBSD package collection is a ...
NO
Would you like add any initial user accounts...?
YES
User Add a new user to the system
OK
Login: myname
UID: 1001
Group:
Password: ******
Confirm Password: *******
Full name: My Full Name
Member groups:
Home directory: /home/myname
Login shell: /bin/sh
OK
X Exit Exit this menu (returning to previous)
OK
Now you must set the system manager's password
OK
New Password: ******
Retype New Password: ******
Visit the general configuration menu...?
NO
X Exit Install
Are you sure you wish to exit? The system will reboot
YES
(expulsa el disco de instalacion)
Be sure to remove the media fron the drive
OK
(se reinicia el equipo)
(al terminar de cargar, nos pide login y password en el shell)
FreeBSD/i386 (pruebas.company.com) (ttyv0)
Login: root
Password: ******
pruebas#
Nota:
FreeBSD por defecto solo permite conectar por SSH con usuarios normales, tampoco permite a los usuarios hacer 'su' por seguridad, por esto para permitirle a un usuario hacer 'su' hay que editar el archivo /etc/group
# edit /etc/group
---
wheel:*:0:root,angel
---
En nuestro ejemplo hemos agregado el login angel como se puede ver, los logins van separados por (,).
Disco de instalacion de FreeBSD
Conexion a internet
Instalando:
Iniciar el equipo desde el cd
232 United States
OK
Standard Begin a standard installation (recommended)
[Select]
...fdisk...
OK
Would you like to keep using the current geometry?
YES
A = Use Entire Disk
Q = Finish
Standard Install a standard MBR (no boot manager)
OK
Now you need to create BSD partitions...
OK
C = Create
4096M
OK
FS A file system
OK
Please specify a mount point for the partition
/
OK
C = Create
2048M
OK
Swap A swap partition
OK
C = Create
8192M
FS A file system
OK
/var
OK
C = Create
(the resto of hd free)
OK
FS A file system
OK
/usr
OK
Q = Finish
----------------------------------------------
Ejemplo de particionado para un disco de 36GB SCSI
Part Mount Size Newfs Part
da0s1a / 4096MB UFS2 Y
da0s1b swap 2048MB SWAP
da0s1d /var 8192MB UFS2+S Y
da0s1e /usr 22528MB UFS2+S Y
----------------------------------------------
[X] 5 Kern-Developer Full binaries and doc, kernel soruces only
OK
<<< X Exit Exit this menu (returning to previous)
OK
Would you like to install the FreeBSD ports collection?
YES
OK
1 CD/DVD Install fron a FreeBSD CD/DVD
OK
Last Chance!
YES
Congratulations! You now have FreeBSD installed on your system.
/usr/sbin/sysinstall
OK
Would you like to configure any Ethernet or SLIP/PPP network devices?
YES
(si tenemos dos tarjetas, debemos tomar nota de los nombres, por ejemplo: sis0 y rl0)
sis0 SiS 900/SiS 7016 PCI Ethernet card
OK
Do you want to try IPv6 configuration of the interface?
YES
Do you want to try DHCP configuration of the interface?
YES
Host: pruebas.company.com
Domain: company.com
IPv4 Gateway: 192.168.1.1
Name server: 192.168.1.1
IPv4 Address: 192.168.1.108
Netmask: 255.255.255.0
OK
Do you want this machine to funtion as a network gateway?
NO
Do you want to configure inetd and the network services that it provides?
NO
Would you like to enable SSH login?
YES
Do you want to have anonymous FTP access to this machine?
NO
Do you want to configure this machine as an NFS server?
NO
Do you want to configure this machine as an NFS client?
NO
Would you like to customize your system console settings?
NO
Would you like to set this machine's time zone now?
YES
Is this machine's CMOS clock set to UTC? If ...
NO
2 America -- North and South
OK
13 Colombia
OK
Does the abbreviation 'COT' look reasonable?
YES
Does this system have a PS/2, serial, or bus mouse?
NO
The FreeBSD package collection is a ...
NO
Would you like add any initial user accounts...?
YES
User Add a new user to the system
OK
Login: myname
UID: 1001
Group:
Password: ******
Confirm Password: *******
Full name: My Full Name
Member groups:
Home directory: /home/myname
Login shell: /bin/sh
OK
X Exit Exit this menu (returning to previous)
OK
Now you must set the system manager's password
OK
New Password: ******
Retype New Password: ******
Visit the general configuration menu...?
NO
X Exit Install
Are you sure you wish to exit? The system will reboot
YES
(expulsa el disco de instalacion)
Be sure to remove the media fron the drive
OK
(se reinicia el equipo)
(al terminar de cargar, nos pide login y password en el shell)
FreeBSD/i386 (pruebas.company.com) (ttyv0)
Login: root
Password: ******
pruebas#
Nota:
FreeBSD por defecto solo permite conectar por SSH con usuarios normales, tampoco permite a los usuarios hacer 'su' por seguridad, por esto para permitirle a un usuario hacer 'su' hay que editar el archivo /etc/group
# edit /etc/group
---
wheel:*:0:root,angel
---
En nuestro ejemplo hemos agregado el login angel como se puede ver, los logins van separados por (,).
Suscribirse a:
Entradas (Atom)
