Archive for the ‘FreeBSD’ Category
Saturday, February 18th, 2012 I've hit an interesting article in Wikipedia called Comparison of BSD operating systems
The article explains basic difference between different BSD (Berkley Software Distributions) and what is the primary accent of each of the BSD (free software OS) distributions. It also reveals basic details about the history and how each of the BSD's came to existence. I recommend to anyone interested in free software as it is just a great reading for everybody interested in FOSS.
The most interesting part of the wiki thread is a bar chart, provided by BSD Certification Group research conducted in September 2005.
The above diagram is showing the proportion of users of each BSD variant from the BSD usage survey prior conducted
The research is already 6 years old, and unfortunately as of time of writting seems to be the only publicly available. Though being outdated, I believe generally the bar charts distributions along different BSD variants would be mostly true. The only big difference will be probably in PC-BSD which is not even on the diagram should have outbeaten DragonflyBSD's use. Since there is no public data available for 2012 and the years 2005 – 2012 for the use percantage of each of the BSD distributions, I've thought about a pseudo way to get some general statistics on each of the BSD distributions popularity. The methodology to gather the required statistics comes to simply, type in Google each of the BSD variant "code names" (e.g. freebsd, netbsd, openbsd etc.) and look at the number of results returned. It seems logical the more results distribution keyword searched returns, the bigger the probability of more users to be involved in developing or using the respective BSD variant.
Below you see the results, I've gathered in my quick "google research":
As you can see in the above data FreeBSD is still probably leading the BSD use, the public interest to OpenBSD – BSD focused on security has significantly grow since the last 6 years. Next it is seen the PC-BSD users base has probably tremendously increased and according to the Google results returned it is probably on a 3rd place by users interest (use?) followed by NetBSD with only 1.47% of all the BSD users. Lastly with only 0.99%, orders Dragonfly BSD which no longer is so popular as a Desktop BSD based OS as it used to be back in 2005.
Again the presented diagram results are based on only on the factor of Google BSD variant popularity and hence shouldn't be consired too trustworthy, still I'm sure it gives a general idea on how used is each of the BSD variants as of Jan 2012. Tags: Auto, bar charts, Berkley, bsd distributions, bsd variant, bsd variants, Certification, certification group, code names, comparison, distribution type, distributions, Draft, DragonflyBSD, everybody, existence, foss, general statistics, google, google research, Group, group research, interest, NetBSD, OpenBSD, pc bsd, percantage, place, primary accent, probability, proportion, pseudo, public interest, reading, software, software distributions, survey, thread, time, type, usage survey, Wikipedia
Posted in FreeBSD, System Administration, Various | No Comments »
Sunday, January 8th, 2012 I've faced some issues with crappy sound in some of the games I'm playing on my Debian . Also I ometimes, have issues with sound while watching movies with VLC or Totem... Sound issues with Skype are also seldomly occuring during skype calls etc. etc.
Recently I've realized many of this crappy sound issues origins from PulseAudio – the sound server GNOME desktop env uses to manage all sound just before passing it through ALSA.
I've found on the internet many suggested ways on how to workaround these issues. Many of the things suggested as workarounds, however was outdated and referred to old versions of GNOME / Pulseaudio and therefore was unusable on my Debian 6 Squeeze….
What I found most helpful is fixes and workarounds for pulseaudio list compiled by people in the Fedora community on fedorasolved.org's website – http://fedorasolved.org/Members/fenris02/pulseaudio-fixes-and-workarounds
Some of the fixes and work arounds suggeted on the above link, I have already applied, others was not applicable for Debian.
Anyways the things which I found most important and I believe many people who runs Debian need to implement from the list to solve pulseaudio crappy sound issues is concluded in the below 5 steps.
1. Install few packages related to pulseaudio
apt-get install paman padevchooser paprefs pulseaudio pulseaudio-esound-compat pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils
2. Edit ~/.asoundrc and include
pcm.pulse { type pulse }
ctl.pulse { type pulse }
Quickest way is by issuing:
echo 'pcm.pulse { type pulse }' >> ~/.asoundrc
echo 'ctl.pulse { type pulse }' >> ~/.asoundrc
3. Change in the pulseaudio server configuration file ( /etc/pulse/daemon.conf ):
debian:~# vim /etc/pulse/daemon.conf
Look up for the lines:
; default-fragments = 4
; default-fragment-size-msec = 25
Substitute this two lines with:
default-fragments = 8
default-fragment-size-msec = 5
4. Enable Simultaneous Output in PulseAudio preferences
Navigate to the GNOME menus:
System -> PulseAudio Preferences
Choose the "Simultaneous Output" tab and select:
Add virtual output device for simultaneous output on all local sound cards
5. Log Off Gnome and restart PulseAudio
To load the new changed settings in /etc/pulse/daemon.conf restart of pulseaudio server is required, right after a Logoff from the current opened gnome session;
To do so LogOff with the trivial:
System -> Log Out
Login as root in console;
Press CTRL+ALT+F1, login with root and issue:
debian:~# /etc/init.d/pulseaudio restart
...
N.B.; In some cases it might be necessery to do some adjustments are made in gstreamer properties , to change settings there launch:
Tampering with gstreamer-properties used to fix for me some problems with ALSA and PulseAudio in the past, so it might be worthy to check it out and experiment a bit with it as well.
debian:~$ gstreamer-properties
Now many of the crappy sound games or applications should start working just fine. Enjoy 😉
Tags: alsa, asoundrc, asoundrcecho, Auto, change, configuration file, crappy, debian gnu, default fragment, Desktop, Draft, fedora, file, fragment size, fragments, games, Gnome, gnome desktop, gnu linux, Install, Linux, login, look, msec, occuring, old versions, org members, origins, OutLogin, Output, padevchooser, Press, pulse type, quot, right, root, server configuration, Skype, sound server, tab, type, vim, VLC, work
Posted in FreeBSD, Gnome, Linux, Linux and FreeBSD Desktop | 1 Comment »
Sunday, January 22nd, 2012 Accidently I've removed the Gnome Volume Control while trying to remove an applet nearby from the GNOME main menu panel. Unfortunately in GNOME 2, I couldn't find a way to to return back (restore) Gnome Volume Control to the main panel. After a bit of pondering, I've managed to find a way.
Here is how I managed to restore it back:
1. Navigate to:
System > Preference > Startup Applications
2. Click on Add, then add and type the following:
Name: Volume control
Command: gnome-volume-control-applet
Comment: Launch volume control applet
Adding the gnome-volume-control-applet will launch it every time a new gnome session (with the same user) is initiated. On next gnome login you will see the icon to appear again in the notification area. Cheers 😉
Tags: applet, area, Auto, Cheers, Click, command, Comment, control, Draft, Gnome, gnu linux, icon, launch, Linux, login, menu, menu panel, Navigate, notification, notification area, panel, preference, startup, startup applications, system, time, type, volume control, way
Posted in FreeBSD, Gnome, Linux, Linux and FreeBSD Desktop | No Comments »
Saturday, May 28th, 2011 If you’re installing some PHP based CMS/blog like (Joomla or WordPress) or some kind of template and suddenly you stumble on a error:
Deprecated: Function split() is deprecated in /usr/local/www/websitedomain/templates/youbizz/html/modules.php on line 78
In order to fix that the file which spits the error message, in my case modules.php needs to be modified and the split php function has to be substituted with explode on every occuring place.
I experienced this error on FreeBSD 7_2 with php version 5.3.5 installed from ports.
This simple fix works fine.
Tags: blog, cms, Deprecated, ERROR, error message, file, fine, fix, freebsd, function, kind, line, order, php 5, place, ports, template, usr, version, websitedomain, Wordpress, www, youbizz
Posted in FreeBSD, Joomla, System Administration, Wordpress | 4 Comments »
Tuesday, June 21st, 2011 One of the contact forms running on a FreeBSD server configured to work on top of Apache+MySQL suddenly stopped working.
The errors that appeared on the webpage during a page request to the form url was:
Fatal error: Class 'SimpleXMLElement' not found in /var/www/joomla/plugins/system/plugin_googlemap2_helper.php on line 2176 Fatal error: Class 'JLoader' not found in /var/www/joomla/plugins/libraries/loader.php on line 161
As you see in the output the website which was causing the issues was running a Joomla version 1.5.23 Stable configured with RSForm!ver 1.5.x (as a contact form solution) and Google Maps version 2.13b plugins.
The Google Map from Google Maps plugin and the RSform were configured to appear on one physical configured article in Joomla and seemed to work just until now. However yesterday suddenly the error messages:
Fatal error: Class ‘SimpleXMLElement’ not found
Fatal error: Class ‘JLoader’ not found
came out of nothing, it’s really strange as I don’t remember doing any changes to either Joomla or the PHP installation on this server.
There is one more guy who has access to the Joomla installation which I suspect might have changed something in the Joomla, but this scenario is not very likely.
Anyways as the problem was there I had to fix it up. Obviously as the error message Fatal error: Class ‘SimpleXMLElement’ not found reported the server php simplexml was missing!
Just to assure myself the php simplexml extension is not present on the server I used the classical method of setting up a php file with phpinfo(); in it to check all the installed php extensions on the server.
Finally to solve the issue I had to install the module from ports php5-simplexml , e.g.:
freebsd# cd /usr/ports/textproc/php5-simplexml
freebsd# make install clean
Afterwards to make the new settings take place I did restart of my Apache server:
freebsd# /usr/local/etc/rc.d/apache2 restart
Syntax OK
Stopping apache2.
Waiting for PIDS: 63883.
Performing sanity check on apache2 configuration:
Syntax OK
Starting apache2.
Now my Joomla contact form is back to normal 😉
If someone has any idea why this error occured without any php or server modifications, and how comes that all worked fine beforehand even though I did not have the simplexml module instlaled on the server o_O, I would be enormously greatful.
Tags: apache mysql, apache server, Auto, classical method, contact forms, Draft, error message, error messages, fatal error, file, form, form solution, freebsd server, google, google map, google maps, installation, JLoader, loader, Map, Maps, page, page request, php, php extensions, php file, php installation, php simplexml, phpinfo, place, plugin, ports, request, server php, simplexml, something, Stable, Stopping, system, url, Waiting, yesterday
Posted in FreeBSD, Joomla, System Administration, Web and CMS | No Comments »
Saturday, June 18th, 2011 After installing the Tweet Old Post wordpress plugin and giving it, I’ve been returned an error of my PHP code interpreter:
Call to undefined function: curl_init()
As I’ve consulted with uncle Google’s indexed forums 😉 discussing the issues, I’ve found out the whole issues are caused by a missing php curl module
My current PHP installation is installed from the port tree on FreeBSD 7.2. Thus in order to include support for php curl it was necessery to install the port /usr/ports/ftp/php5-curl :
freebsd# cd /usr/ports/ftp/php5-curl
freebsd# make install clean
(note that I’m using the php5 port and it’s surrounding modules).
Fixing the Call to undefined function: curl_init() on Linux hosts I suppose should follow the same logic, e.g. one will have to install php5-curl to resolve the issue.
Fixing the missing curl_init() function support on Debian for example will be as easy as using apt to install the php5-curl package, like so:
debian:~# apt-get install php5-curl
...
Now my tweet-old-post curl requirement is matched and the error is gone, hooray 😉
Tags: call to undefined function, Debian, ERROR, fatal error, freebsd, function, google, hooray, init function, installation, interpreter, issue, Linux, linux hosts, logic, Module, necessery, note, Old, order, package, php code, php installation, plugin, port, ports, post, requirement, support, tree, usr
Posted in FreeBSD, Linux, Wordpress | No Comments »
Sunday, September 4th, 2011 
Recently the annoying Viagra spam has emerged again. Therefore I decided to clean up some of the mails received to one of the qmail servers to protect users emailbox from this viagra peril.
To do so I’ve remember about an old script which used to be part of qmailrocks.org qmail install, the script is called qtrap and is able to filter emails based on list of specific mail contained words.
Since qmailrocks.org is gone (down) for some time and its still available only on few mirrored locations which by the way are not too easy to find I decided to write a little post on how qtrap.sh could be integrated quick & easy with any Qmail + Vpopmail install out there.
Hereby I include the description for qtrap.sh given by the script author:
“qtrap.sh script is applied on a per domain basis and serves as a “bad word” scanner to catch any spam that Spamassassin may have missed. This filter serves as the last defense against SPAM before it arrived in your inbox. I like this filter because it helps to get rid of any SPAM that happens to make it by Spamassassin. Without any protection at all, my mailbox gets a shit ton of SPAM every day. Within the first 3 months I enacted the Qtrap filter, Qtrap logged over 9,000 deleted SPAM messages, none of which were legitimate e-mails. My keyboard’s delete key was very appreciated the extra rest.
Any emails that are scanned and contain a banned word will be automatically deleted and logged by the qtrap script. A whitelist feature now exists so that individual addresses or domains can be exempt from the qtrap scan.”
Now as one might have general idea on what the script does. Here is the step by step qtrap.sh integration;
1. Create necessery qtrap directory and logs and set proper permissions
If the vpopmail is installed in /home/vpopmail , issue the following commands.
debian:~# cd /home/vpopmail
debian:~# mkdir -p qtrap/logs
debian:/home/vpopmail/qtrap# cd qtrap
debian:/home/vpopmail/qtrap# wget https://www.pc-freak.net/files/qtrap.sh
...
debian:/home/vpopmail/qtrap# cd ~
debian:~# touch /home/vpopmail/qtrap/logs/qtrap.logdebian:~# chown -R vpopmail:vchkpw /home/vpopmail/qtrapdebian:~# chmod -R 755 /home/vpopmail/qtrap
On older qmail installations it could be vpopmail is installed in /var/vpopmail if that’s the case, link /var/vpopmail to /home/vpopmail and go back to step 1. To link:
debian:~# ln -sf /var/vpopmail/ /home/vpopmail
2. Edit qtrap.sh to whitelist email addresses and build a ban words list
a) Include the email addresses mail arriving from which would not be checked by qtrap.sh
Inside qtrap.sh in line 63, there is a shell function whitelist_check(), the function looks like so:
whitelist_check () {
case $WHITELIST in
address@somewhere.com|address@somewhereelse.com)
echo $SENDER found in whitelist on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 0;;
*)
;;
esac
}
By default the script has just two sample mails which gets whitelisted this is the line reading:
address@somewhere.com|address@somewhereelse.com
The whitelisted emails should be separated with a pipe, thus to add two more sample emails to get whitelisted by script the line should be changed like:
address@somewhere.com|address@somewhereelse.com|hipod@mymailserver.com|hipo@gmail.com
In order to whitelist an entire domain let’s say yahoo.com add a line to the above code like:
address@somewhere.com|address@somewhereelse.com|hipod@mymailserver.com|hipo@gmail.com|*yahoo.com
b) Defining the bad words ban list, mails containing them should not be delivery by qmail
The function that does check for the ban word list inside the script is checkall();, below is a paste from the script function:
checkall () {
case $BANNED_WORDS in
porn|PORN|Sex|SEX)
printout $BANNED_WORDS
echo MESSAGE DROPPED from $SENDER because of $BANNED_WORDS on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 99;;
*)
;;
esac
}
checkall(); is located on line 74 in qtrap.sh, the exact list of banned words which the script should look for is located on line 76, the default qtrap.sh filters only mails containing just 4 words, e.g.:
porn|PORN|Sex|SEX)
To add the Viagra and VIAGRA common spam words to the list, modify it and expand like so:
porn|PORN|Sex|SEX|viagra|Viagra)
The delimiter is again | , so proceed further and add any unwanted spam words that are not common for any legit mails.
3. Install qtrap.sh to process all emails delivered to vpopmail
If its necessery to install the dropping of mails based on word filtering only to a single vpopmail virtualdomain do it with cmd:
debian:~# cd /home/vpopmail/domains/yourdomain.com
debian:/home/vpopmail/domains/yourdomain.com# touch .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# echo '| /home/vpopmail/qtrap/qtrap.sh' >> .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# echo "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" >> .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# chown vpopmail:vchkpw .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# cp -rpf .qmail-default .qmail-default.bak; mv .qmail-default.new .qmail-default
If however qtrap.sh needs to get installed for all existing vpopmail virtualdomains on the qmail server, issue a one liner bash script:
debian:~# cd /home/vpopmail/domains
debian:/var/vpopmail/domains# for i in *; do cd $i; echo "| /home/vpopmail/qtrap/qtrap.sh" >> $i/.qmail-default.new;
echo "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" >> $i/.qmail-default.new;
chown vpopmail:vchkpw .qmail-default.new; mv .qmail-default .qmail-default.old; mv .qmail-default.new .qmail-default; cd ..; done
This for loop will add ‘| /home/vpopmail/qtrap/qtrap.sh’ to all .qmail-default for all vpopmail domains.
Afterwards the .qmail-default file should contain the following two lines:
| /home/vpopmail/qtrap/qtrap.sh
| /home/vpopmail/bin/vdelivermail '' delete
A very important thing here you should consider that adding some common words, as let’s say hello or mail etc. could easily drop almost all the emails the qmail hands in to vpopmail.
Caution!! Never ever implement common words in the list of words !!
Always make sure the banned words added to qtrap.sh are words that are never enter an everyday legit email.
Another thing to keep in mind is that qtrap.sh doesn’t make a copy of the received message ,though it can easily be modified to complete this task.
Any mail that matches the banned words list will be dropped and lost forever.
4. Check if qtrap.sh is working
To check, if qtrap is working send mail to some mailbox located on the qmail server containing inside subject or mail message body the unwanted word defined inside qtrap.sh.
The mail should not be received in the mailbox to which its sent, if qtrap is working moreover qtrap.sh should log it inside it’s log file:
debian:~# cat /home/vpopmail/qtrap/logs/qtrap.log
MESSAGE DROPPED from hipo@mytestmail.com because of viagra on 09/03/11 11:34:19
MESSAGE DROPPED from support@mymailserver.com because of Viagra on 09/03/11 11:39:29
If the qtrap.log contains records similar to the one above, and the mail matching the banned word is not delivered, qtrap.sh is properly configured. If any issues check in qmail logs, they should have a good pointer on what went wrong with qtrap.sh invokation.
Note that I’ve integrated qtrap.sh to custom qmail install running on Debian Lenny 5.0 GNU/Linux.
If I have time I’ll soon test if its working fine on the latest stable Debian Squeeze and will report here in comments.
If however someone is willing to test if the script works on Debian Squeeze 6.0 or have tested it already please drop a comment to report if it works fine.
qtrap.sh, is a bit oldish and is not written to work too optimal therefore on some heavy loaded mail servers it can create some extra load and a bit delay the mail delivery. Thus when implementang one needs to consider the downsides of putting it in.
Also I was thinking tt might be nice if the script is rewritten to read the ban words and whitelist mails from files instead of as it is now as the words are hard coded in the script.
If I have some free time, I’ll probably do this, though I’m not sure if this is a too good idea as this might have a negative performance impact on the script execution time, as each instance of the script invoked should do one more operation of reading a file storing the ban words.
Well that’s pretty much it, enjoy 😉
Tags: amp, annoying spam, bad word, ban, BANNED, basis, cd home, com, defense against spam, description, esac, filter messages, function, general idea, Gmail, Hereby, hipo, inbox, keyboard, logs, mail, mkdir, necessery, newdebian, peril, PORN, proper permissions, protection, Qmail, qtrapdebian, quot, scanner, script, script author, servers, Sex, spamassassin, time, viagra, vpopmail, whitelist, word scanner, WORDS
Posted in FreeBSD, Linux, Qmail, System Administration | 1 Comment »
Tuesday, February 14th, 2012 
I had to setup a QMAIL auto reply (Out of the Office) message on 5 email addresses and since I haven't done it for a long time it took me a couple 20 minutes to consult Qmail (Life With Qmail http://lifewithqmail.org (great website!) documentation and read a couple of online forum threads until I finally remembered, how I used to be setting up a vacation message manually via qmail's .qmail file.
Of course Setting qmail auto reply can always be done via QmailAdmin or VQadmin .. – Qmail Vpopmail web frontends however on many Qmail mail servers Qmailadmin or/and VQadmin is absent due to some reason or even on a big mail servers the server doesn't run Apache at all. Hence it is good to know how to set qmail vacation message directly via plain SSH terminal connection and this is why how this article got born.
So here is how I enable qmail auto reply "manually", through .qmail for my email address info@my-email-domain.com:
1. Set a /var/vpopmail/domains/my-email-domain.com/info/.qmail file with the following content:
| /usr/bin/autorespond 86400 3 /home/vpopmail/domains/my-email-domain.com/info/vacation/message /home/vpopmail/domains/my-email-domain.com/info/vacation
2. Create /home/vpopmail/domains/my-email-domain.com/info/vacation directory
linux:~# mkdir -p /home/vpopmail/domains/my-email-domain.com/info/vacation/
3. Create /home/vpopmail/domains/my-email-domain.com/info/vacation/message file with auto reply message
First create the message file with touch command:
linux:~# touch /home/vpopmail/domains/my-email-domain.com/info/vacation/message
Then put with vim or mcedit etc. an auto-reply vacation message similar to the sample below:
From: info@cadiainsurance.com
Subject: We have received your message. Thank you!
Dear Customer, we thank you for the interest in our services.
A member of our team will reply promptly to your enquiry shortly.
4. Set proper permissions for vacation/message and .qmail files
/home/vpopmail/domains/my-email-domain.com/info/vacation/message and /home/vpopmail/domains/my-email-domain.com/info/.qmail files has to be owned by user/group vpopmail:vchkpw, e.g.:
linux:~# chown -R vpopmail:vchkpw /home/vpopmail/domains/my-email-domain.com/info/vacation
linux:~# chown vpopmail:vchkpw /home/vpopmail/domains/my-email-domain.com/info/.qmail
If you are a qmail administration with the requirement to create auto reply message for employees going on a holiday often (in a middle sized company office), setting up the out of the office auto reply manually one by one is a time consuming, annoying task and "crazy" task. Therefore some time ago while still I was employed in a Bulgarian mid-sized company called Design.BG, I've written a tiny shell script which creates qmail email users vacation messages by passing few arguments.
Here is my create_vpopmail_vacation.sh shell script
Note that this script might have a lot of bugs and is not much tested, so read it carefully and test it before you put it for daily use 😉
Happy Hacking! 😉
Tags: address info, apache, auto reply, autorespond, com, connection, content, course, dear customer, doesn, email addresses, email domain, enquiry, file, forum threads, info, life, long time, mail servers, mcedit, message file, message home, office message, processing, proper permissions, qmailadmin, quot, reason, reply message, script, Set, Shell, terminal, terminal connection, time, vacation directory, vacation message, vim, vqadmin, website documentation
Posted in FreeBSD, Linux, Qmail, System Administration | 1 Comment »
Sunday, February 12th, 2012 
Lately I've been researching on ntpd and wrote a two articles on how to install ntpd on CentOS, Fedora and how to install ntpd on FreeBSD and during my research on ntpd, I've come across OpenNTPD and decided to give it a go on my FreeBSD home router.
OpenBSD project is well known for it is high security standards and historically has passed the test of time for being a extraordinary secure UNIX like free operating system.
OpenBSD is developed in parallel with FreeBSD, however the development model of the two free operating systems are way different.
As a part of the OpenBSD to be independant in its basis of software from other free operating systems like GNU / Linux and FreeBSD. They develop the all around free software realm known OpenSSH. Along with OpenSSH, one interesting project developed for the main purpose of OpenBSD is OpenNTPD.
Here is how openntpd.org describes OpenNTPD:
"a FREE, easy to use implementation of the Network Time Protocol. It provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock."
OpenNTPD's accent just like OpenBSD's accent is security and hence for FreeBSD installs which targets security openntpd might be a good choice. Besides that the so popular classical ntpd has been well known for being historically "insecure", remote exploits for it has been released already at numerous times.
Another reason for someone to choose run openntpd instead of ntpd is its great simplicity. openntpd configuration is super simple.
Here are the steps I followed to have openntpd time server synchronize clock on my system using other public accessible openntpd servers on the internet.
1. Install openntpd through pkg_add -vr openntpd or via ports tree
a) For binar install with pkg_add issue:
freebsd# pkg_add -vr openntpd
...
b) if you prefer to compile it from source
freebsd# cd /usr/ports/net/openntpd
freebsd# make install clean
...
2. Enable OpenNTPD to start on system boot:
freebsd# echo 'openntpd_enable="YES"' >> /etc/rc.conf
3. Create openntpd ntpd.conf configuration file
There is a default sample ntpd.conf configuration which can be straight use as a conf basis:
freebsd# cp -rpf /usr/local/share/examples/openntpd/ntpd.conf /usr/local/etc/ntpd.conf
Default ntpd.conf works just fine without any modifications, if however there is a requirement the openntpd server to listen and accept time synchronization requests from only certain hosts add to conf something like:
listen on 192.168.1.2
listen on 192.168.1.3
listen on 2607:f0d0:3001:0009:0000:0000:0000:0001
listen on 127.0.0.1
This configuration will enable only 192.168.1.2 and 192.168.1.3 IPv4 addresses as well as the IPv6 2607:f0d0:3001:0009:0000:0000:0000:0001 IP to communicate with openntpd.
4. Start OpenNTPD service
freebsd# /usr/local/etc/rc.d/openntpd
5. Verify if openntpd is up and running
freebsd# ps axuww|grep -i ntp
root 31695 0.0 0.1 3188 1060 ?? Ss 11:26PM 0:00.00 ntpd: [priv] (ntpd)
_ntp 31696 0.0 0.1 3188 1140 ?? S 11:26PM 0:00.00 ntpd: ntp engine (ntpd)
_ntp 31697 0.0 0.1 3188 1088 ?? S 11:26PM 0:00.00 ntpd: dns engine (ntpd)
root 31700 0.0 0.1 3336 1192 p2 S+ 11:26PM 0:00.00 grep -i ntp
Its also good idea to check if openntpd has succesfully established connection with its peer remote openntpd time servers. This is necessery to make sure pf / ipfw firewall rules are not preventing connection to remote 123 UDP port:
freebsd# sockstat -4 -p 123
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
_ntp ntpd 31696 4 udp4 83.228.93.76:54555 212.70.148.15:123
_ntp ntpd 31696 6 udp4 83.228.93.76:56666 195.69.120.36:123
_ntp ntpd 31696 8 udp4 83.228.93.76:49976 217.75.140.188:123
By default openntpd is also listening to IPv6 if IPv6 support is enabled in freebsd kernel.
6. Resolve openntpd firewall filtering issues
If there is a pf firewall blocking UDP requests to in/out port 123 within /etc/pf.conf rule like:
block in log on $EXT_NIC proto udp all
Before the blocking rule you will have to add pf rules:
# Ipv4 Open outgoing port TCP 123 (NTP)
pass out on $EXT_NIC proto tcp to any port ntp
# Ipv6 Open outgoing port TCP 123 (NTP)
pass out on $EXT_NIC inet6 proto tcp to any port ntp
# Ipv4 Open outgoing port UDP 123 (NTP)
pass out on $EXT_NIC proto udp to any port ntp
# Ipv6 Open outgoing port UDP 123 (NTP)
pass out on $EXT_NIC inet6 proto udp to any port ntp
where $EXT_NIC is defined to be equal to the external lan NIC interface, for example:
EXT_NIC="ml0"
Afterwards to load the new pf.conf rules firewall has to be flushed and reloaded:
freebsd# /sbin/pfctl -f /etc/pf.conf -d
...
freebsd# /sbin/pfctl -f /etc/pf.conf -e
...
In conclusion openntpd should be more secure than regular ntpd and in many cases is probably a better choice.
Anyhow bear in mind on FreeBSD openntpd is not part of the freebsd world and therefore security updates will not be issued directly by the freebsd dev team, but you will have to regularly update with the latest version provided from the bsd ports to make sure openntpd is 100% secure.
For anyone looking for more precise system clock synchronization and not so focused on security ntpd might be still a better choice. The OpenNTPD's official page states it is designed to reach reasonable time accuracy, but is not after the last microseconds.
Tags: Auto, basis, better security, CentOS, connection, development model, Draft, Engine, exploits, fedora, Free, free operating system, free operating systems, freebsd, GNU, gnu linux, high security, Linux, network time protocol, ntp server, ntp servers, ntpd, Open, OpenBSD, OpenNTPD, pkg, ports, project, Protocol, quot, realm, reason, root, secure unix, security standards, simplicity, software, system, system clock, test, test of time, time, time server
Posted in FreeBSD, System Administration | No Comments »
Friday, February 10th, 2012
On FreeBSD ntpd , ntpdc , ntpdate , ntpq doesn't need to be installed via a specific package like on GNU/Linux as they're part of the FreeBSD world (binary standardly shipped with FreeBSD basis system).
The FreeBSD handbook has a chapter explaining thoroughfully on ntp on FreeBSD ,however for the lazy ones here is a short few steps tutorial on how to install and configure ntpd on bsd :
1. Copy sample ntp.conf file to /etc/
freebsd# cp -rpf /usr/src/etc/ntp.conf /etc/ntp/
No need for any modifications if you don't want to apply some specific restrictions on whom can access the ntpd server. If you update regularly the FreeBSD system with freebsd-update or directly by rebuilding the FreeBSD kernel / world adding restrictions might be not necessery..
If you check /usr/src/etc/ntp.conf you will notice freebsd project people are running their own ntp servers , by default ntpd will use this servers to fetch timing information. The exact server hosts which as of time of writting are used can be seen in ntp.conf and are:
server 0.freebsd.pool.ntp.org iburst maxpoll 9
server 1.freebsd.pool.ntp.org iburst maxpoll 9
server 2.freebsd.pool.ntp.org iburst maxpoll 9
2. Add ntpd daemon to load on system boot via /etc/rc.conf
By default ntpd is disabled on FreeBSD, you can see if it is disabled or enabled by invoking:
freebsd# /etc/rc.d/ntpd rcvar
# ntpd
ntpd_enable=NO
To Enable ntpd to get loaded each time it boots , following 3 lines has to be added in /etc/rc.conf .
ntpdate_enable="YES"
ntpdate_flags="europe.pool.ntp.org"
ntpd_enable="YES"
Quick way to add them is to use echo :
echo 'ntpdate_enable="YES" >> /etc/rc.conf
echo 'ntpdate_flags="europe.pool.ntp.org" >> /etc/rc.conf
echo 'ntpd_enable="YES" >> /etc/rc.conf
Now as the 3 rc.conf vars are set to "YES", the ntpd can be started. Without having this variables in /etc/rc.conf , "/etc/rc.d/ntpd start" will refuse to start ntpd.
3. Start the ntpd service
freebsd# /etc/rc.d/ntpd start
...
One interesting note to make is ntpd can also operate without specifying any config file (/etc/ntp.conf), the only requirement for the server to start is to have a properly set ntpdate server, like lets say (ntpdate_flags="europe.pool.ntp.org")
4. Permit only certain host or localhost to "talk" to the ntpd server
If you want to imply some ntp server restrictions, the configuration directives are same like on Linux:
To allow only a a host inside a local network with IP 192.168.0.2 as well as localhost, to be able to fetch time information via ntpd server put inside /etc/ntp.conf:
restrict 127.0.0.1
restrict 192.168.0.1 mask 255.255.255.0 nomodify notrap
If you want to prohibit ntpd to serve as a Network Time Server, to any other host except localhost, add in /etc/ntp.conf :
restrict default ignore
Allowing and denying certain hosts can be also done on pf (packet filter) or ipfw firewall level, and in my view is easier (and less confusing), than adding restrictions through ntp.conf. Besides that using directly the server firewall to apply restrictions is more secure. If for instance a remote exploit vulnerability is discovered affecting your ntpd server. this will not affect you externally as access to the UDP port 123 will be disabled on a firewall level.
Something good to mention is NTP servers communicate between each other using the UDP source/destination (port 123). Hence if the NTPD server has to be publicly accessible and there is a firewall already implemented, access to source/dest port 123 should be included in the configured firewall …
5. Check if the ntp server is running properly / ntp server query operations
[root@pcfreak /home/hipo]# ps axuww|grep -i ntp
root 15647 0.0 0.2 4672 1848 ?? Ss 2:49PM 0:00.04 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ntpd.pid -f /var/db/ntpd.drift
To query the now running ntpd server as well as set various configuration options "on the fly" (e.g. without need for ntp.conf edits and init script restart), a tool called ntpdc exists. ntpdc tool could be used to connect to localhost running ntpd as well as to connect and manage remotely a ntpd server.
The most basic use of ntpdc is to check (server peers).:
freebsd# ntpdc localhost
ntpdc> peers
remote local st poll reach delay offset disp
===================================================
kgb.comnet.bg 83.228.93.76 2 64 377 0.00282 -0.050575 0.06059
*billing.easy-la 83.228.93.76 2 64 377 0.01068 -0.057400 0.06770
=ns2.novatelbg.n 83.228.93.76 2 64 377 0.01001 -0.055290 0.06058
ntpdc has also a non-interactive interface, handy if there is a need for requests to a ntpd to be scripted. To check ntpd server peers non-interactively:
freebsd# ntpdc -p localhost
===================================================
kgb.comnet.bg 83.228.93.76 2 64 377 0.00284 -0.043157 0.06184
=billing.easy-la 83.228.93.76 2 64 377 0.01059 -0.042648 0.05811
*ns2.novatelbg.n 83.228.93.76 2 64 377 0.00996 -0.041097 0.06094
ntpdc has plenty of other ntpd query options, e.g. :
ntpdc> help
ntpdc commands:
addpeer controlkey fudge keytype quit timeout
addrefclock ctlstats help listpeers readkeys timerstats
addserver debug host loopinfo requestkey traps
addtrap delay hostnames memstats reset trustedkey
authinfo delrestrict ifreload monlist reslist unconfig
broadcast disable ifstats passwd restrict unrestrict
clkbug dmpeers iostats peers showpeer untrustedkey
clockstat enable kerninfo preset sysinfo version
clrtrap exit keyid pstats sysstats
ntpdc is an advanced query tool for ntpd , servers. Another tool exists called ntpq which syntax is almost identical to ntpdc . The main difference between the two is ntpq is a monitoring tool mostly used just for monitoring purposes, where ntpdc can also change plenty of things in the server configuration.
For people who want to learn more on ntpd the man page is a great reading , containing chapters describing thoroughfully exactly how NTPD time servers operate, etc.
Tags: basis, basis system, boots, comnet, configure, daemon, doesn, echo echo, europe, file, flags, freebsd handbook, freebsd kernel, freebsd system, freebsd world, gnu linux, handbook, iburst, information, level, Linux, localhost, maxpoll, nbsp, necessery, need, ntp servers, ntpd, ntpdate, ntpdc, ntpq, package, pool, quot, root, rpf, server clock, server hosts, system boot, time, timing, tool, variables, writting, YES
Posted in FreeBSD, System Administration | 1 Comment »
How to restore accidently removed Gnome volume control in GNOME in GNU / Linux
Sunday, January 22nd, 2012Accidently I've removed the Gnome Volume Control while trying to remove an applet nearby from the GNOME main menu panel. Unfortunately in GNOME 2, I couldn't find a way to to return back (restore) Gnome Volume Control to the main panel. After a bit of pondering, I've managed to find a way.
Here is how I managed to restore it back:
1. Navigate to:
System > Preference > Startup Applications
2. Click on Add, then add and type the following:Name: Volume control
Command: gnome-volume-control-applet
Comment: Launch volume control applet
Adding the gnome-volume-control-applet will launch it every time a new gnome session (with the same user) is initiated. On next gnome login you will see the icon to appear again in the notification area. Cheers 😉
Tags: applet, area, Auto, Cheers, Click, command, Comment, control, Draft, Gnome, gnu linux, icon, launch, Linux, login, menu, menu panel, Navigate, notification, notification area, panel, preference, startup, startup applications, system, time, type, volume control, way
Posted in FreeBSD, Gnome, Linux, Linux and FreeBSD Desktop | No Comments »