Archives

All posts for the month June, 2006

FreeBSD 6.1 as a NIS Client

Posted by Jason O'Connell on June 16, 2006
Posted in: FreeBSD. Tagged: , . Leave a Comment

This is probably the easiest thing I’ve done with FreeBSD yet.

As root, edit /etc/rc.conf and add the following 2 lines:

nisdomainname=”yourNISdomain”
nis_client_enable=”YES”

Then, edit your /etc/master.passwd (type: vipw) and add the following to the end:

+:::::::::

That tells passwd to consult NIS for users as well as any you’ve defined in your passwd file.

Then edit your /etc/group so we can also find groups from NIS. Add the following to the end:

+:*::

Now heres the trick – I’m not sure how to start ypbind without rebooting, so I had to reboot. Then I could log in and do:

ypcat passwd
and
ypcat group

and was able to see all my NIS users and groups! Man was that easy!

FreeBSD Ports behind proxy

Posted by Jason O'Connell on June 13, 2006
Posted in: FreeBSD. Tagged: , , . Leave a Comment

In my last post, I swore FreeBSD knew the hostname of my proxy server without me telling it – that was false. Here is what I had to do to install bash on a fresh install of FreeBSD 6.1 using a proxy:

Since the default shell (at least for root) is csh, use the setenv command to set the environment variable http_proxy like this:

setenv http_proxy http://proxyserver:port

Now, since the invalid attempts to retrieve source files by the ports system mucked up /usr/ports/shells/bash, do a:

make distclean

followed by:

make install

…ok thats not working either. To hell with this, we exported a proxy server, so:

pkg_add -r bash

DONE.

Installing FreeBSD 6.1

Posted by Jason O'Connell on June 13, 2006
Posted in: FreeBSD. Tagged: , . Leave a Comment

In my quest to figure out why Apache 2.2 on a Linux box seemed to outperform my Apache 1.3 / FreeBSD 6.1 box, I started to really muck up my server. I had started commenting individual LoadModule directives, then decided to try and run Apache 2.2 beside 1.3. Well the ports system complained, so I ended up removing 1.3 with the pkg_del command. Ugh, then 2.2 never did install right – would never listen on 80, so I took this opportunity to reinstall.

6 re-installs later, I’ve come up with the magic formula for installing FreeBSD 6.1. Always select at least User! Not selecting anything gives you no kernel! And while you can get away with Minimal – it won’t ask if you would like to include the ports system – something I couldn’t figure out how to add to my minimal system, yet.

Now heres another thing thats got me scratching my head. After the install I logged in as root so I could install bash. I cd’ed into /usr/ports/shells/bash and did a make install. How the hell did FreeBSD figure out how to get to my proxy server?

Apache 2.2 on Linux faster than Apache 1.3 on FreeBSD?

Posted by Jason O'Connell on June 13, 2006
Posted in: FreeBSD, Linux, Web. Tagged: , , . Leave a Comment

Not comparing apples to apples here, but my initial benchmarks turned up some interesting results.

Linux box ripon:
ab -n 1000 -c 5 http://ripon/snkpage.html

Server Software: Apache/2.0.46
Server Hostname: ripon
Server Port: 80

Document Path: /snkpage.html
Document Length: 187 bytes

Concurrency Level: 5
Time taken for tests: 0.275 seconds
Complete requests: 1000
Failed requests: 0
Broken pipe errors: 0
Total transferred: 451000 bytes
HTML transferred: 187000 bytes
Requests per second: 3636.36 [#/sec] (mean)
Time per request: 1.38 [ms] (mean)
Time per request: 0.28 [ms] (mean, across all concurrent requests)
Transfer rate: 1640.00 [Kbytes/sec] received

Connnection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 3
Processing: 0 1 0.2 1 4
Waiting: 0 0 0.1 0 3
Total: 0 1 0.2 1 4
WARING: The median and mean for the waiting time are not within a normal deviation
These results are propably not that reliable.

Percentage of the requests served within a certain time (ms)
50% 1
66% 1
75% 1
80% 1
90% 1
95% 1
98% 1
99% 1
100% 4 (last request)

FreeBSD box mitnick:
ab -n 1000 -c 5 http://mitnick/snkpage.html

Server Software: Apache/1.3.34
Server Hostname: mitnick
Server Port: 80

Document Path: /snkpage.html
Document Length: 187 bytes

Concurrency Level: 5
Time taken for tests: 0.581414 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 467000 bytes
HTML transferred: 187000 bytes
Requests per second: 1719.94 [#/sec] (mean)
Time per request: 2.907 [ms] (mean)
Time per request: 0.581 [ms] (mean, across all concurrent requests)
Transfer rate: 784.29 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 2
Processing: 1 2 0.7 2 7
Waiting: 0 1 0.8 2 6
Total: 1 2 0.7 2 7
WARNING: The median and mean for the waiting time are not within a normal deviation
These results are probably not that reliable.

Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 3
80% 3
90% 3
95% 3
98% 4
99% 4
100% 7 (longest request)

How can that be explained?

Apache 1.3 w/SSL on FreeBSD 6.1

Posted by Jason O'Connell on June 12, 2006
Posted in: FreeBSD, Uncategorized. Leave a Comment

I decided to remove Apache 2.2 and go with 1.3. Why? Because I can. And because 1.3 is found on the majority of sites that run FreeBSD as their OS, and those are the sites that stay online the longest – high availability sites. Although I have no intentions of hosting my own webserver, I like to do stuff because I can.

cd /usr/ports/www/apache13-modssl
make install distclean

echo ‘apache_enable=”YES”‘ >> /etc/rc.conf
echo ‘apache_flags=”-DSSL”‘ >> /etc/rc.conf

cd ~
openssl genrsa -des3 -out server.key 1024
Must enter a pass phrase when prompted

openssl req -new -key server.key -out server.csr
Must also enter passphrase
Use servername for common name

openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt
Again, enter passphrase

cp ~/server.key /usr/local/etc/apache/ssl.key/
cp ~/server.crt /usr/local/etc/apache/ssl.crt/

Test:

/usr/local/sbin/apachectl startssl
Enter passphrase when prompted
Browse to webserver via http and https

Remove encryption:

cd /usr/local/etc/apache/ssl.key
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

Restart apache:

apachectl stop
apachectl startssl

No more passphrase, better keep that server secure!

Apache 2.2 + SSL in FreeBSD 6.1

Posted by Jason O'Connell on June 9, 2006
Posted in: FreeBSD, Uncategorized. Leave a Comment

Enabling SSL support in Apache is a breeze. Heres how I did it:

Create the certificate. As root:

openssl genrsa -des3 -out server.key 1024

Enter a passphrase when prompted. Don’t forget it.

Create the CSR:

openssl req -new -key server.key -out server.csr

Enter your passphrase when prompted, and make sure the CN matches your hosts FQDN.

Self-sign the cert with:

openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

Now, copy the key and the cert to apache’s installation directory:

cp server.* /usr/local/etc/apache22

Make the files readable by root only:

chmod 0400 /usr/local/etc/apache22/server.*

Edit httpd.conf and uncomment the line that reads:

Include etc/apache22/extra/httpd-ssl.conf

Restart Apache:

apachectl restart

You will now be prompted for your passphrase. To remove the password from the cert, do:

cd /usr/local/etc/apache22
openssl rsa -in server.key -out server.key

Enter your passphrase one last time. Start (or restart) Apache:
apachectl restart

Point your web-browser at your server, accept the cert. Thats all!

Install and configure sudo in FreeBSD 6.1

Posted by Jason O'Connell on June 9, 2006
Posted in: FreeBSD, Uncategorized. Leave a Comment

Ok, now I’m beginning to understand the ports system a little better. Here is how I installed sudo:

as root:

cd /usr/ports/security/sudo
make install

When its done, still logged in as root do:

visudo
And add your user account to the # User privilege specification section as follows:

jason ALL=ALL,!FREEDOM

That pretty much gives you the keys to the kingdom. Log out and test your new sudo access with:

sudo ls /
Enter your password. Thats it!

Installing apache 2.2 on FreeBSD 6.1

Posted by Jason O'Connell on June 9, 2006
Posted in: FreeBSD, Uncategorized. Leave a Comment

Installing apache 2.2 on FreeBSD 6.1

So the next step was to install apache. Why? Because FreeBSD is known as the mack-daddy of all OS’s that host websites. Longest uptimes, best performance. So I decided to see what all the hype was about.

as root:

pkg_add -r apache22

When it was done installing, it told me I could make apache start at boot time by adding the line:

apache22_enable=”YES”

to my /etc/rc.conf

which I did, rebooted, then pointed a webbrowser to the machine, and got the message:

It works!

Which is exactly what we want.

Change your default shell in FreeBSD

Posted by Jason O'Connell on June 9, 2006
Posted in: FreeBSD, Uncategorized. Leave a Comment

Change your default shell in FreeBSD

With all the hype surrounding Ubuntu, I decided to go a different direction and try out FreeBSD. I like to do the opposite of what everyone else does.

The install was smooth, the initial login was great. And so here I am, at the command-line.

First thing, I gotta have bash. sh just dosen’t cut it for me. So… how to do that??

which bash returned nothing. whereis bash says I have a copy, but I’m not famaliar with the ports system to know how to start. I dug through some docs and found this:

Log in as root and do:

pkg_add -r bash

This will download bash and its dependencies from, um, the, repository? I’ve got a lot of new terms to learn.

Is it there?

grep bash /etc/shells

/usr/local/bin/bash

awesome. its there and waiting. Now to make it my new default!

As user, do:

chsh -s /usr/local/bin/bash
enter your password,
log out,
log in,
echo $SHELL
/usr/local/bin/bash

Yeah!

Well that was easy, whats next?