DNS: DNS Reverso para classe /29

Fiz o seguinte:
no* named.conf*
*zone "197.10.189.in-addr.arpa" {
type master;
file "/var/named/189.10.197.rev";
allow-transfer {
201.10.124.26;
200.255.125.214;
};
notify yes;
};*

e no arquivo *197.10.197.in-addr.arpa*
*$ttl 38400
197.10.189.in-addr.arpa. IN SOA server.folhadomate.com.br.
junior.folhadomate.com.br. (
1208190170
10800
3600
604800
38400 )

176-184.197.10.189.in-addr.arpa. IN NS ns1.folhadomate.com.br.
176-184.197.10.189.in-addr.arpa. IN NS
ns03-bsa.brasiltelecom.net.br.

197.10.189.in-addr.arpa. IN NS ns1.folhadomate.com.br.
178.197.10.189.in-addr.arpa. IN PTR
server.folhadomate.com.br.dig -x 189.10.197.178
*
*internamente no servidor funciona 100%, mas se rodo externamente ocorre
assim:*

FONTE: http://www.mail-archive.com/debian-user-portuguese@lists.debian.org/msg116316.html

Redhat: the working directory is not writable

Jan 25 16:03:44 um1udns1 named[3349]: the working directory is not writable

Resolution.

under /var/named/chroot/var/

#chmod 775 named (rwx for both)

restart named service.

now onward error disappear in logs.

FONTE: http://raman-kumar.blogspot.com/2011/01/named3349-working-directory-is-not.html

Redhat: Liberar dns para o registro.br

Se esse servidor DNS responde como autoritativo para algum domínio registrado
no Registro.br deve ser

"any" (ou simplesmente nem setar pois é o valor default) , pois toda a internet
irá consultar ele quando

quiser resolver algum nome dentro do seu domínio.

Se ele for apenas um servidor DNS recursivo ( servidor cache como alguns chamam
por ai... ), ou seja,

o que resolve nomes para os computadores "da sua rede e filiais", você deve
deixar não só o allow-query

com a acl, mas as diretivas



allow-query { "trusted"; };
allow-query-cache { "trusted"; };
allow-recursion { "trusted"; };

FONTE: http://www.fug.com.br/historico/html/freebsd/2009-03/msg00436.html

FreeBSD: rc.conf para bridge

hostname="Serveur"

ipv6_enable="NO"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm em1 addm em2 addm bge0 addm bge1 up"
ifconfig_bridge0_alias0="inet 10.254.0.0/8"
ifconfig_em0="inet 192.168.0.254/24"
defaultrouter="192.168.0.1"
ifconfig_em1="up"
ifconfig_em2="up"
ifconfig_bge0="up"
ifconfig_bge1="up"

gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/firewall.rules"
firewall_logging="YES"
natd_enable="YES"
natd_interface="em0"
natd_flags="-dynamic -m -s"

keymap="fr.iso.acc"
sshd_enable="YES"
ntpd_enable="YES"
named_enable="YES"

FONTE: http://forums.freebsd.org/showthread.php?p=145315#post145315

Squid: Bloqueia MSN

liberamsn = host com acesso ao msn.

### Conf

acl liberamsn src 192.168.0.66/255.255.255.255
acl bloqueia_msn dstdomain "/etc/squid/bloqmsn.txt"
acl bloqueia_msn2 url_regex "/etc/squid/bloqmsn2.txt"
acl bloqueia_msn3 url_regex -i /gateway/gateway.dll

http_access allow liberamsn
http_access deny bloqueia_msn
http_access deny bloqueia_msn2
http_access deny bloqueia_msn3

### bloqueiamsn.txt

passport.com
msn.com.br
msn.com
sc.msn.com
www.msn.be
207.46.110.11
messenger.msn.com.br
http.msg.yahoo.com
nickname.msn.com.br
chat.msn.com
chat.msn.com.br
msgr.hotmail.com
gateway.messenger.hotmail.com
http1.msgr.hotmail.com
http2.msgr.hotmail.com
http3.msgr.hotmail.com
http4.msgr.hotmail.com
http5.msgr.hotmail.com
http6.msgr.hotmail.com
http7.msgr.hotmail.com
http8.msgr.hotmail.com
http9.msgr.hotmail.com
http10.msgr.hotmail.com
http11.msgr.hotmail.com
http12.msgr.hotmail.com
http13.msgr.hotmail.com
http14.msgr.hotmail.com
http15.msgr.hotmail.com
http16.msgr.hotmail.com
http17.msgr.hotmail.com
http18.msgr.hotmail.com
http19.msgr.hotmail.com
http20.msgr.hotmail.com

### bloqueiamsn2.txt

x-msn

Iptables: Ler arquivo

#!/bin/bash

IPTABLES="/usr/sbin/iptables"

for i in 'cat lista.txt'
do

$IPTABLES -A FORWARD -s $i -p tcp --dport 1863 -j ACCEPT
$IPTABLES -A FORWARD -d $i -p tcp --sport 1863 -j ACCEPT

done

$IPTABLES -A FORWARD -p tcp --dport 1863 -j DROP
$IPTABLES -A FORWARD -p tcp --sport 1863 -j DROP
$IPTABLES -A FORWARD -d loginnet.passport.com -j DROP

FONTE: http://under-linux.org/f96/iptables-ler-arquivo-texto-86161/

FreeBSD - Banda Compartilhada

A ideia é criar um pipe principal com o valor de 256Kbps e definir queues dos clientes para o pipe principal.

FreeBSD - Upgrading 8, 7, 6, 5, 4

=========================================

Author: Ralf S. Engelschall
Created: 2009-01-01
Modified: 2011-01-29
Version: 1.4

ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA. NO WARRANTY AT ALL.
USE IT AT YOUR OWN RISK!

This upgrades from FreeBSD 7.3-STABLE to 8.2-STABLE.

---- PREPARE ----------------------------------------------------------------

o # reboot once to make sure OLD system is at least
# able to still successfully reboot autonomous at all
# SORRY, THIS IS _NOT_ A JOKE -- THIS IS A VERY SERIOUS ISSUE!
$ shutdown -r now

---- BUILD ------------------------------------------------------------------

o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT

o # install backward compatibility files
# ("locale data" to /usr/local/share/compat/, "libraries" to /usr/local/lib/compat/)
# notice: via binary packages as FreeBSD 8.X ports cannot be installed under FreeBSD 7.X
$ url="ftp://ftp.freebsd.org/pub/FreeBSD/ports/`uname -m`/packages-8-stable/All"; \
( cd /tmp; for pkg in localedata-5.4.tbz \
compat6x-`uname -m`-6.4.604000.200810_3.tbz \
compat7x-`uname -m`-7.3.703000.201008_1.tbz; do \
fetch -p $url/$pkg; pkg_add $pkg; rm -f $pkg; \
done )

o # install latest FreeBSD Upgrade Toolkit
$ cd /usr; \
fetch http://people.freebsd.org/~rse/dist/freebsd-adm-1.2.2.tar.gz; \
rm -rf adm; gunzip > RELENG_8

o # upgrade /usr/src (already required for "mergemaster -p" below!)
$ (cd /usr/src && make cleandir); \
(cd /usr/adm && make update)

o # upgrade kernel configuration
$ vi /sys/`uname -m`/conf/`hostname -s | tr 'a-z' 'A-Z'`

<< options ADAPTIVE_GIANT << options STOP_NMI << device sio << device ugen << device uscanner << device isa << device mem << device io << device sl << device ppp >> options COMPAT_FREEBSD6
>> options COMPAT_FREEBSD7
>> options P1003_1B_SEMAPHORES
>> options PRINTF_BUFR_SIZE=128
>> options HWPMC_HOOKS
>> options MAC
>> options FLOWTABLE
>> device acpi
>> device uart

o # prepare the upgrade
# (just to be sure, should be not really necessary this time)
$ mergemaster -p

o # build new system
$ cd /usr/adm && make world-build && make kernel-build

---- INSTALL ----------------------------------------------------------------

o # workaround 1/3 for "bad system call" during usage of ln(1) in "make etc"
$ cp -p /bin/ln /bin/ln.old

o # upgrade system
$ make world-install && make kernel-install

o # workaround 2/3 for "bad system call" during usage of ln(1) in "make etc"
$ cp -p /bin/ln /bin/ln.new
$ cp -p /bin/ln.old /bin/ln

o # cleanup system (part 1)
$ rm -f /etc/rc.d/early.sh /etc/rc.d/idmapd /etc/rc.d/isdnd /etc/rc.d/nfslocking /etc/rc.d/ip6fw
$ make etc
$ make clean

o # workaround 3/3 for "bad system call" during usage of ln(1) in "make etc"
$ cp -p /bin/ln.new /bin/ln
$ rm -f /bin/ln.old

o # regenerate /etc/localtime
$ tzsetup

o # reboot into upgraded system
$ shutdown -r now

---- CLEANUP ----------------------------------------------------------------

o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT

o # cleanup system (part 2)
$ ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/libdata /usr/lib32; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) >/tmp/remove
$ vi /tmp/remove
# REVIEW FILES TO REMOVE MANUALLY
$ cat /tmp/remove | xargs chflags noschg
$ cat /tmp/remove | xargs rm -f
$ ( for dir in /lib /usr/lib; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) | grep -v /usr/lib/compat >/tmp/move
$ vi /tmp/move
# REVIEW FILES TO MOVE MANUALLY
$ for x in `cat /tmp/move`; do chflags noschg $x; mv $x /usr/lib/compat/; done
$ cd /usr/src; make BATCH_DELETE_OLD_FILES=YES delete-old delete-old-libs

o # reboot into cleaned system
# (mainly to reload the shared library cache and to
# make sure everything really still works fine)
$ shutdown -r now


#############################################################
#############################################################
Upgrading from FreeBSD 6.X to FreeBSD 7.X
#############################################################
#############################################################

Author: Ralf S. Engelschall
Created: 2007-05-24
Modified: 2009-08-01
Version: 1.3

ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA. NO WARRANTY AT ALL.
USE IT AT YOUR OWN RISK!

This upgrades from FreeBSD 6.4-STABLE to 7.2-STABLE.

---- PROLOG -----------------------------------------------------------------

o # reboot once to make sure OLD system is at least
# able to still successfully reboot autonomous at all
# SORRY, THIS IS _NOT_ A JOKE -- THIS IS A VERY SERIOUS ISSUE!
$ shutdown -r now

---- BUILD ------------------------------------------------------------------

o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT

o # install backward compatibility files
# ("locale data" to /usr/local/share/compat/, "libraries" to /usr/local/lib/compat/)
# notice: via binary packages as FreeBSD 7.x ports cannot be installed under FreeBSD 6.X
$ url="ftp://ftp.freebsd.org/pub/FreeBSD/ports/`uname -m`/packages-7-stable/All"; \
( cd /tmp; for pkg in localedata-5.4.tbz compat6x-`uname -m`-6.4.604000.200810.tbz; do \
fetch -p $url/$pkg; pkg_add $pkg; rm -f $pkg; \
done )

o # install latest FreeBSD Upgrade Toolkit
$ cd /usr; \
fetch http://people.freebsd.org/~rse/dist/freebsd-adm-1.2.2.tar.gz; \
rm -rf adm; gunzip > RELENG_7

o # upgrade /usr/src (already required for "mergemaster -p" below!)
$ (cd /usr/src && make cleandir); \
(cd /usr/adm && make update)

o # upgrade kernel configuration
$ vi /sys/`uname -m`/conf/`hostname -s | tr 'a-z' 'A-Z'`

>> options COMPAT_FREEBSD6
>> options SCTP # Stream Transmission Control Protocol
>> options UFS_GJOURNAL # Enable gjournal-based UFS
>> options STOP_NMI # Stop CPUS using NMI instead of IPI
>> options AUDIT # Security event auditing
>> options GEOM_LABEL # Provides labelization

<< options GEOM_GPT # GUID Partition Tables. >> options GEOM_PART_GPT # GUID Partition Tables.

<< options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] >> options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]

<< options NTFS >> options STACK # stack(9) support

>> device uart # Generic UART driver

<< device lnc # NE2100, NE32-VL Lance Ethernet cards >> device le # AMD Am7900 LANCE and Am79C9xx PCnet

>> device firmware # firmware assist module

>> device dcons # Dumb console driver
>> device dcons_crom # Configuration ROM for dcons

<< device rr232x # Highpoint RocketRAID 232x o # prepare the upgrade # (mainly create "ftp" group) $ mergemaster -p o # build new system $ cd /usr/adm && make world-build kernel-build ---- INSTALL ---------------------------------------------------------------- o # upgrade system $ make world-install kernel-install o # cleanup system (part 1) $ rm -f /etc/rc.d/ike /etc/rc.d/pccard /etc/rc.d/pcvt /etc/rc.d/ramdisk $ rm -f /etc/rc.d/ramdisk-own /etc/rc.d/usbd /etc/rc.d/nfslocking $ make etc $ make clean o # reboot into upgraded system $ shutdown -r now ---- CLEANUP ---------------------------------------------------------------- o # switch to a reasonable run-time environment $ cd /; exec `/usr/bin/which bash sh | head -1` $ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT o # cleanup system (part 2) $ ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/libdata; do \ find $dir -mtime +2 -type f -xdev -print; \ find $dir -mtime +2 -type l -xdev -print; \ done ) >/tmp/remove
$ vi /tmp/remove
# REVIEW FILES TO REMOVE MANUALLY
$ cat /tmp/remove | xargs rm -f
$ ( for dir in /lib /usr/lib; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) | grep -v /usr/lib/compat >/tmp/move
$ vi /tmp/move
# REVIEW FILES TO MOVE MANUALLY
$ for x in `cat /tmp/move`; do chflags noschg $x; mv $x /usr/lib/compat/; done
$ cd /usr/src; make BATCH_DELETE_OLD_FILES=YES delete-old delete-old-libs

---- EPILOG ----------------------------------------------------------------

o # reboot into cleaned system
# (mainly to reload the shared library cache and to
# make sure everything really still works fine)
$ shutdown -r now

#############################################################
#############################################################
Upgrading from FreeBSD 5.X to FreeBSD 6.X
#############################################################
#############################################################

Author: Ralf S. Engelschall
Version: 1.5
Modified: 2007-05-24
Created: 2006-01-11

ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA. NO WARRANTY AT ALL.
USE IT AT YOUR OWN RISK!

The following is a step-by-step procedure for upgrading a server from
FreeBSD 5.[45]-STABLE to a FreeBSD 6.2-STABLE.

It is able to upgrade the server completely remotely with neither
console access nor single-user mode requirements. It was successfully
tested on about 20 servers in February 2007.

---- PREPARE ----------------------------------------------------------------

o # reboot once to make sure OLD system is at least
# able to still successfully reboot at all ;-)
# SORRY, THIS IS NOT A JOKE -- THIS IS A VERY SERIOUS ISSUE!
$ shutdown -r now

---- BUILD ------------------------------------------------------------------

o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT

o # install backward compatibility files
# (locale data to /usr/local/share/compat/, libraries to /usr/local/lib/compat/)
# notice: via binary packages as ports cannot be installed under FreeBSD 5.X
$ url="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/All"
$ ( cd /tmp; for pkg in localedata-5.4.tbz compat5x-i386-5.4.0.8_7.tbz; do \
fetch -p $url/$pkg; pkg_add $pkg; rm -f $pkg; \
done )

o # install latest FreeBSD Upgrade Toolkit
$ cd /usr; \
fetch http://people.freebsd.org/~rse/dist/freebsd-adm-1.2.2.tar.gz; \
rm -rf adm; gunzip > options COMPAT_FREEBSD5

o # prepare the upgrade
# (mainly create "_dhcp" and "audit" user/group)
$ mergemaster -p

o # build new system
$ cd /usr/adm && make world-build kernel-build

---- INSTALL ----------------------------------------------------------------

o # upgrade system
$ make world-install kernel-install

o # cleanup system (part 1)
$ rm -f /etc/rc.d/gbde_swap /etc/rc.d/initdiskless /etc/rc.d/ppp-user
$ rm -f /etc/rc.d/preseedrandom /etc/rc.d/rcconf.sh /etc/rc.d/vinum
$ make etc
$ make clean

o # reboot into upgraded system
$ shutdown -r now

---- CLEANUP ----------------------------------------------------------------

o # switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin; umask 022; unset TMOUT

o # cleanup system (part 2)
$ ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/libdata; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) >/tmp/remove
$ vi /tmp/remove
# REVIEW FILES TO REMOVE MANUALLY
$ cat /tmp/remove | xargs rm -f
$ ( for dir in /lib /usr/lib; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) | grep -v /usr/lib/compat >/tmp/move
$ vi /tmp/move
# REVIEW FILES TO MOVE MANUALLY
$ for x in `cat /tmp/move`; do chflags noschg $x; mv $x /usr/lib/compat/; done
$ cd /usr/src; make BATCH_DELETE_OLD_FILES=YES delete-old delete-old-libs

o # reboot into cleaned system
# (mainly to reload the shared library cache and to
# make sure everything really still works fine)
$ shutdown -r now

#####################################################
#####################################################
Upgrading from FreeBSD 4.X to FreeBSD 5.X
#####################################################
#####################################################

Ralf S. Engelschall
Version: 3.4 (2005-09-28)

ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA.

The following is a step-by-step procedure for upgrading a FreeBSD 4.X
(actually 4.11-STABLE) system to FreeBSD 5.X (actually 5.4-STABLE).

It uses a hard-core in-place system overwriting approach in order to
require no console access and single-user mode at all. Hence it is
suitable for upgrading a server remotely via just SSH access.

It was developed on a VMWare GSX based virtual PC (i386) and
successfully tested on HP DL380 PCs. BUT NO WARRANTY IS GIVEN THAT THIS
PROCEDURE REALLY WORKS FOR YOU. USE IT AT YOUR OWN RISK ONLY!

Notice: the main difference between the resulting upgraded system and a
freshly installed system is that the upgraded one is still running under
UFS1 filesystems instead of UFS2. Unfortunately UFS1 cannot be converted
to UFS2. A full dump/restore of the whole data would be required (which
is nearly impossible remotely, at least for / and /usr). But it doesn't
hurt, as the UFS2 advantages (64bit pointers, lazy inode init, extended
attributes, etc) are not necessary for existing old servers (usually
filesystems not greater than 1TB, filesystems already initialized and
extended attributes are a new feature).

PASS 1: Bootstrap into FreeBSD 5.4-RELEASE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

o switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin
$ ntpdate pool.ntp.org pool.ntp.org pool.ntp.org pool.ntp.org
$ umask 022
$ unset TMOUT
$ unalias vi

o try to shutdown as much processes as possible to reduce filesystem
contention. The result should be some sort of a pseudo single-user mode
(yes: cron, syslogd, inetd, sendmail, lpd, ...)
(no: sshd, getty, dhclient, ntpd, csh, adjkerntz, ...)
$ killall cron syslogd inetd sendmail lpd
$ ps -ax
$ kill ...

o fetch and mount FreeBSD 5.4-RELEASE CDROM ISO image
$ cd /usr
$ fetch ftp://ftp.de.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/5.4/5.4-RELEASE-i386-disc1.iso
$ vnconfig -c -v /dev/vn0 5.4-RELEASE-i386-disc1.iso
$ mount -t cd9660 -o ro /dev/vn0 /mnt

o determine which /etc files were actually changed
$ mergemaster -t /tmp/mm -a
$ chflags -R noschg,nouchg /tmp/mm
$ find /tmp/mm -type d -depth -print | xargs rmdir 2>/dev/null
$ rm -rf /tmp/mm/usr /tmp/mm/var /tmp/mm/sys /tmp/mm/dev
$ find /tmp/mm -type l -print | xargs rm -f

o create a new /usr/src (for both mergemaster and later upgrade speedup)
$ kc=`hostname | sed -e 's;\..*$;;' | tr 'a-z' 'A-Z'`; echo $kc
$ cp /sys/`uname -m`/conf/$kc /tmp/$kc 2>/dev/null || true
$ rm -rf /usr/src; mkdir /usr/src
$ cd /mnt/5.4-RELEASE/src; ./install.sh all
$ cp /tmp/$kc /sys/`uname -m`/conf/$kc 2>/dev/null || true
$ sync; sync; sync

o create a new /etc from scratch
(Notice: tar intentionally used without pipe as it broke sometimes!)
$ cd /usr/src/usr.sbin/mergemaster && make all install
$ mv /etc /etc.old
$ mkdir /etc
$ cd /etc.old && tar cf /tmp/etc.tar master.passwd passwd group shells
$ cd /etc && tar xvf /tmp/etc.tar
$ pwd_mkdb -p /etc/master.passwd
$ mergemaster -v -i -a
$ cap_mkdb /etc/login.conf
$ /usr/bin/newaliases

o restore the old /etc files which were actually changed
(Notice: tar intentionally used without pipe as it broke sometimes!)
$ cd /tmp/mm/etc; for file in *; do \
if [ -f $file -a ! -h $file ]; then \
cp -p /etc.old/$file /etc/$file; \
echo /etc/$file; \
fi; \
done
$ cd /; rm -rf /tmp/mm
$ cd /etc.old && tar cf /tmp/etc.tar rc.conf crontab fstab resolv.conf termcap \
wall_cmos_clock localtime rc.d/*.sh start_if* ssh 2>/dev/null
$ cd /etc && tar xvf /tmp/etc.tar

o merge the /etc files which were actually changed with new content
$ export EDITOR=vi
$ export PAGER=less
$ vipw
:1,$s/\/sbin\/nologin/\/usr\/sbin\/nologin/g
$ chflags -R noschg /var/tmp/temproot
$ rm -rf /var/tmp/temproot
$ mergemaster -v -i -s -C
$ vi /etc/rc.conf
# REVIEW MANUALLY
<>
<>dumpdev="/dev/idad0s1b"
<>#saver="..."
<>#blanktime="..."
<>#font8x8="iso-8x8"
<>#font8x14="iso-8x14"
<>#font8x16="iso-8x16"
<>sshd_enable="YES"
firewall_enable="NO"
firewall_type="open"
#firewall_script="open"
$ vi /etc/ssh/sshd_config
Port 2222
PermitRootLogin yes
$ vi /etc/start_if*
# REVIEW MANUALLY
$ vi /etc/sysctl.conf
# REVIEW MANUALLY
<> md /tmp mfs rw,-s256m,-i2048,-Otime,-v2,async,noatime,nosuid,nodev 0 0

o further adjust system configuration files
1. force foreground fsck(1) to avoid snapshots (which are unstable on FreeBSD 5)
2. disable ACPI (which too often makes problems on older servers)
$ echo "background_fsck=\"NO\"" >>/etc/rc.conf
$ echo "hint.acpi.0.disabled=\"1\"" >>/boot/loader.conf

o allow us to finalize after the hard-core system file overwrite
$ cp -p /bin/rm /bin/sync /sbin/reboot /tmp

o hard-core overwrite FreeBSD 4.x system files with FreeBSD 5.4 ones
$ chflags -R noschg,nouchg /bin /sbin /usr/bin /usr/sbin /usr/lib /usr/libexec 2>/dev/null || true
$ for part in compat4x games dict manpages info; do \
(cd /mnt/5.4-RELEASE/$part && ./install.sh); \
done
$ mv /usr/include /usr/include.old
$ mv /usr/share /usr/share.old
$ cd /mnt/5.4-RELEASE/base
*** ATTENTION: NOW THE SYSTEM IS OVERWRITTEN IN-PLACE ***
$ cat base.?? | tar --unlink --exclude="etc/*" -xpzf - -C / 2>/dev/null
*** ATTENTION: NOW ALL OVERWRITTEN COMMANDS ARE UNUSABLE: "Bad system call" ***

o reboot into FreeBSD 5.4-RELEASE
$ /tmp/rm -rf /dev/*
$ /tmp/rm -f /usr/lib/libkvm.so.2
$ /tmp/sync; /tmp/sync; /tmp/sync
$ /tmp/reboot

PASS 2: Rebuild system in-place for FreeBSD 5.4-STABLE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

o switch to a reasonable run-time environment
$ cd /; exec `/usr/bin/which bash sh | head -1`
$ PATH=/bin:/usr/bin:/sbin:/usr/sbin
$ ntpdate pool.ntp.org pool.ntp.org pool.ntp.org pool.ntp.org
$ umask 022
$ unset TMOUT
$ unalias vi

o reduce background activity
$ /etc/rc.d/cron stop

o some cleanups from PASS 1
$ for fs in / /var /usr; do find $fs -name PaxHeader -type d -print -xdev | xargs rm -rf; done
$ rm -rf /usr/include.old /usr/share.old
$ rm -f /usr/5.4-RELEASE-i386-disc1.iso
$ rm -rf /modules
$ chflags noschg,nouchg /kernel*
$ rm -f /kernel*

o migrate the kernel configuration
$ cd /sys/`uname -m`/conf
$ kc=`hostname | sed -e 's;\..*$;;' | tr 'a-z' 'A-Z'`; echo $kc
$ test -f $kc || cp GENERIC $kc
$ vi $kc
>> options COMPAT_FREEBSD4

o upgrade /usr/adm environment
$ cd /usr
$ fetch http://people.freebsd.org/~rse/dist/freebsd-adm-1.0.14.tar.gz
$ rm -rf adm; gunzip Makefile.bsd.new && mv Makefile.bsd.new Makefile.bsd
$ rm -rf /usr/ports/*
$ sync; sync; sync
$ make upgrade
$ make etc

o filesystem cleanup by removing obsolete files
$ ( for dir in /bin /sbin /usr/bin /usr/sbin /usr/lib /usr/libexec /usr/libdata; do \
find $dir -mtime +2 -type f -xdev -print; \
find $dir -mtime +2 -type l -xdev -print; \
done ) | grep -v /usr/lib/compat >/tmp/remove
$ vi /tmp/remove
# REVIEW MANUALLY
$ cat /tmp/remove | xargs rm -f

o reboot into FreeBSD 5.4-STABLE
$ shutdown -r now

#####################################################
#####################################################
Upgrading from FreeBSD 3.X to FreeBSD 4.1-STABLE
#####################################################
#####################################################

Ralf S. Engelschall
Version: 1.2 (2005-09-27)

ATTENTION: THIS UPGRADE PROCEDURE MIGHT NOT WORK FOR YOU AS YOUR
ENVIRONMENT IS DIFFERENT. ALSO, THIS UPGRADE PROCEDURES MIGHT DESTROY
YOUR SYSTEM AND YOU POTENTIALLY MIGHT LOOSE DATA.

o boot the old FreeBSD 3.x in multi-user mode

o provide a particular build environment
$ vi /etc/make.conf
NOPERL=true # else Perl would fail to build under 3.x initially
NOPROFILE=true # to speed up building
MAKE_RSAINTL=YES # for non-US
USA_RESIDENT=NO # dito.
CFLAGS=-O -pipe # standard optimization
COPTFLAGS=-O -pipe # dito.
COMPAT1X=yes # install compatibility libraries
COMPAT20=yes # dito.
COMPAT21=yes # dito.
COMPAT22=yes # dito.
COMPAT3X=yes # dito.

o provide boot-strapping run-time environment
$ mkdir -p /usr/obj/usr/src/lib/libc
$ ldconfig -R /usr/obj/usr/src/lib/libc

o build the world initially (still under FreeBSD 3.x run-time)
$ cd /usr/obj
$ chflags -R noschg *
$ rm -rf *
$ cd /usr/src
$ make buildworld

o build and install new GENERIC kernel+modules
$ make buildkernel KERNEL=GENERIC
$ make installkernel KERNEL=GENERIC
$ chflags noschg /kernel.GENERIC /GENERIC
$ mv /kernel.GENERIC /kernel.GENERIC.3
$ mv /GENERIC /kernel.GENERIC
$ chflags schg /kernel.GENERIC

o upgrade FOO kernel config from 3.x to 4.x
$ vi /sys/i386/conf/FOO
- remove "config kernel ...", "bio", "tty", "net", "conflicts"
- remove unnecessary quotations
- remove "pnp" device
- remove "acd0" device
- remove obsolete options (check output of "config FOO")
- replace some "xxx0" with "xxx" (compare LINT for details)
- replace "controller" & "disk" with "device"
- replace "wdc0" with "ata0" plus more "ata*" from GENERIC
- replace "bpfilter" with "bpf"
- replace "isa?" with "atkbdc?" for "atkbd0" and "psm0" device

o build and install new FOO kernel+modules
$ make buildkernel KERNEL=FOO
$ make installkernel KERNEL=FOO
$ chflags noschg /kernel /FOO
$ mv /kernel /kernel.3
$ mv /FOO /kernel
$ chflags schg /kernel

o upgrade devices
$ cd /usr/src/sbin/mknod && make install
$ cp /usr/src/etc/MAKEDEV* /dev
$ cd /dev
$ sh MAKEDEV all
- make sure really all devices for disks exists:
for N in the list of disks
sh MAKEDEV N # eg ad0
for M in the list of slices
sh MAKEDEV NsMa # eg ad0s1a
- edit /etc/fstab and replace "wd0" with "ad0"

o upgrade boot blocks and loader
$ cd /sys/boot && make install

o boot FreeBSD 4.x kernel (still with 3.x user-land) in single-user mode
$ shutdown -r now
> boot -s
$ mount -a

o install the world
$ cd /usr/src/gnu/usr.bin/texinfo/install-info
$ make install
$ ldconfig -R /usr/obj/usr/src/lib/libc
$ cd /usr/src
$ make installworld
$ cd /usr/src/release/sysinstall && make all install

o upgrade /etc
$ cp -rp /etc /etc.old
$ mergemaster -v -s

o final adjustments for new FreeBSD 4.x user-land
$ touch /var/log/security
$ touch /var/log/cron
$ rm /var/cron/log*

o switch to new shipped OpenSSH [OPTIONAL!]
$ ssh-keygen -f /etc/ssh/ssh_host_key
$ ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key
$ vi /etc/rc.conf
sshd_enable="YES"
$ pkg_delete ssh-1.2.27

o boot FreeBSD 4.x kernel and user-land in multi-user mode
$ shutdown -r now

o rebuild some criticial programs to avoid spurious segfaults
under the forthcoming final "buildworld/installworld" step
$ vi /etc/make.conf
#NOPERL=true
$ cd /usr/src/gnu/usr.bin/perl
$ (cd libperl && make all install)
$ (cd perl && make all install)
$ make clean all install
$ cd /usr/src/usr.bin/lex && make clean all install
$ cd /usr/src/usr.bin/yacc && make clean all install
$ cd /usr/src/gnu/usr.bin/as && make clean all install
$ cd /usr/src/gnu/usr.bin/cc && make clean all install
$ cd /usr/src/gnu/lib/libgcc && make clean all install

o build and install the world finally from scratch (under FreeBSD 4.x run-time)
$ cd /usr/obj
$ chflags -R noschg *
$ rm -rf *
$ cd /usr/src
$ make buildworld
$ make installworld

o rebuild the kernel with the final tools
$ cd /sys/i386/conf
$ config FOO
$ cd /sys/compile/FOO
$ make depend all
$ make install

o reboot to switch to the final FreeBSD 4.x system
$ shutdown -r now

EGREP - Remover comentário do texto

egrep -v "^[#]" arquivo.txt > arquivo.txt-limpo

FreeBSD: Resolução tela modo texto

Most servers these days are headless although with some security system setups it’s still important to have physical access to the box. After a short time of using it you’ll certainly get fed up with the low resolution, here’s a way to increase your screen resolution.

Recompiling the Kernel

You’ll first need to recompile your kernel to add support for vidcontrol, you can do this as follows:

Using sysinstall ensure you have installed the following src files: base,sys
cd /usr/src/sys/amd64/conf (you may want to replace amb64 with i386)
cp GENERIC CUSTOMKERNEL
echo “options VESA” >> CUSTOMKERNEL
echo “options SC_PIXEL_MODE” >> CUSTOMKERNEL
cd /usr/src
make buildkernel KERNCONF=CUSTOMKERNEL
make installkernel KERNCONF=CUSTOMKERNEL
reboot
You’ll then need to reboot to enable the new kernel you booted. You may encounter an error suggesting you’ve run out of disk space. If this is the case you’ll probably want to “mv /boot/kernel.old /usr” and try again.

Now you’re using your new kernel you’ll be able to see a list of all available resolutions:

vidcontrol -i mode
Find a line that shows the correct resolution and make a note of the number at the start of it, I’m using 280 which is 1024x768x32
echo allscreens_flags=”MODE_280″ >> /etc/rc.conf
reboot or vidcontrol
You should now be able to enjoy many more characters on your screen, hooray!

FONTE: http://www.elfnet.org/2010/11/28/freebsd-console-terminal-resolution/

FreeBSD: Servidor de Counter Strike

At 09:49 AM 11/7/2002, you wrote:
Para aqueles que se interessaram em montar um servidor CS no FreeBSD, acabei de faze-lo, mas não é tão direto quanto se acredita, nem ao menos é parecido com Linux.

Passos básicos:

1) Instale/atualize a árvore dos ports com o cvsup (favor consultar documentação específica)

2) Instalar a compatibilidade de Linux mais atualizada (/stand/sysinstall); Consulte documentação específica. Por volta de 24 MB.

3) Baixar o pacote http://gwforum.net/cs/ua/HL_CS_Files/halflife/hlds_l_3110_full.bin

(por volta de 118 MB)

Esse arquivo pode ser baixado de vários outros pontos na Internet. Use o Google ou similar para procurar. (esse é o SERVIDOR de Half Life propriamente dito, o "engine" que roda o MOD Counter Strike.)

Coloque-o em /usr/ports/distfiles

Neste caso esse já é o binário de Linux. É um arquivo auto-descompactável que tem a licensa de uso. Caso você concorde com ela, o arquivo irá descompactar o pacote .tar.gz completo no diretório local, que no FreeBSD TEM QUE SER o /usr/ports/distfiles .


4) Baixar o pacote de atualização para Counter Strike mais atual (1.5, hoje)
O link
http://gwforum.net/cs/ua/HL_CS_Files/cstrike/lin_server/cs_15_full.tar.gz
funciona bem, mas continua valendo o comentário anterior. Por volta de 108 MB.

Coloque-o em /usr/ports/distfiles

Esse não precisa executar. O conteúdo do arquivo vai ser usado para "patchear" o módulo de Linux hlds, e isso vai acontecer quando VC der um make.

5) tudo pronto para começar a compilar;

execute

cd /usr/ports/games/halflifeserver/

make

make install

(provavelmente este passo 5 e o seguinte são redundantes, ou, na pior das hipóteses, iguais, mas foi assim que eu fiz, e ainda não tive tempo de testar outro modo)

6) execute

cd /usr/ports/games/hlserver-cs/

make

make install

7) Edite o arquivo de configuração do servidor em

/usr/compat/linux/usr/games/hlds_l/cstrike/server.cfg

o meu está assim:

// disable autoaim
sv_aim 0

// disable clients' ability to pause the server
pausable 0

// default server name. Change to "Bob's Server", etc.
hostname "Cap_BR"

// maximum client movement speed
sv_maxspeed 320

// 20 minute timelimit
mp_timelimit 20

sv_cheats 0

rcon_password "senhadoserverCS"
mp_c4timer 30
mp_flashlight 1
mp_footsteps 1
mp_friendlyfire 1
mp_autoteambalance 1
mp_freezetime 6
mp_roundtime 3
mp_maxrounds 0
mp_mapvoteratio 0.8
mp_forcechasecam 0

Finalmente rode o servidor como USUÁRIO NÃO PRIVILEGIADO (não root, ou não pertencente ao grupo wheel). Comando:

./usr/compat/linux/usr/games/hlds_l/hlds_run -game cstrike + maxplayers 6 + exec server.cfg + map de_dust &

(tudo em uma linha só, claro. Preste atenção no "." no início do comando e o "&" no final!)

Com isso um servidor CS básico vai estar rodando em background, sem senha, para os usuários.

Lembre que assim que VC inicia o servidor ele vai:

-Baixar atualizações do site principal
-publicar-se como sendo um servidor público nas listas internacionais (portanto VC vai ser conhecido em todo o mundo) -se seu servidor estiver por trás de um firewall e/ou gateway, e com IP reservado (192.168.x.y, 10.x.y.z, 172.16.x.y) o IP do GATEWAY vai ser publicado como sendo de um servidor de jogo, e várias requisições de conexão (porta udp 27015/27005), informação (porta udp 27010) passarão a acontecer entre o servidor de jogo e a Internet, ou o GATEWAY e a internet.

Para tornar público um servidor de jogo, mantendo-o por trás do firewall/gateway, use o redirecionamento do natd ou similar da seguinte maneira:

todas as conexões chegando para o gateway para udp 27015 devem ser redirecionadas para o ip interno do servidor de jogo.

O servidor de CS é muito econômico e estimo que consuma por volta de 3 a 4% dos recursos de processamento de um Pentium 3 500 MHz com 128 MH de ram (rodando apenas isso) por jogador conectado. O único probleminha é que - pelo que eu interpretei do TOP - ele ocupa algo como 53 MB de memória ram.

Calculo uma média de 3.5 KBytes/s de saída e 2.5 Kbytes/s de entrada de dados, por cliente (jogador) conectado. Ou seja, donos de speedy 256/128, sinto muito mas não vão jogar mais do que 4 pessoas no seu server (remotamente), com boa performance. Esse consumo de banda não é estável, e varia muito durante o jogo, não atinei exatamente o porque.

Dica: Para tornar o jogo balanceado entre jogadores remotos e locais, use o pipe do ipfw para reduzir a velocidade e alterar o tempo de resposta da conexão local, e equalizar o tempo de resposta. O tempo de resposta de um cliente pode ser verificado durante o jogo apertando a tecla tab. Esse tempo de resposta é conhecido como "ping" pela comunidade CS (mas designado como "latency"), e estando entre 35 e 45 é considerado excelente. "Pings" de 100 e acima dificultam em muito o jogo para esse determinado cliente (vira presa fácil).

Clientes na rede interna deverão ter um "ping" de aproximadamente 15 a 40, com bastante flutuação.

Ainda não tenho os comandos mais avançados do servidor de CS e agradeceria se alguém os passasse para mim.

Se VC tem um servidor um pouco mais avantajado que está funcionando só como DNS ou coisas pequenas, taí uma máquina ideal para fazer uma servidor de Couter Strike.

[]s

Capriotti

FONTE: http://www.fug.com.br/historico/html/freebsd/2002-11/msg00230.html

ZIMBRA: Restaurar .MSG

FONTE: http://tretasonline.blogspot.com/2011/02/para-comecar.html

Tivemos um problema em um cliente que possui o pacote de colaboração do Zimbra, aconteceu que o cliente acabou perdendo os backups existentes e o zimbra havia parado de funcionar devido a algum problema no Mysql.

Enfim, tentei varias alternativas para concertar o Mysql, porém nada adiantou, depois de muita peleia acabei convertendo a maquina para uma vm em um outro servidor, e depois instalei um zimbra do zero e bastou criar as contas dos usuários...

Mas dai tu me pergunta.. e os e-mails que estavam no outro servidor?

Dai vem a pior parte, como o zimbra não levantava, eu não conseguia efetuar backup das contas, pois o script que tenho para backup faz através de HTTP, então ficou complicado...

Depois de muita busca no google e de muitas noites perdidas devido a grandes quatidades de café, consegui uma fórmula mágica...

Bem, não tão mágica, daria um pouco de trabalho, mas iria funcionar.. Vamos a ela...


O zimbra possui uma pasta onde ele armazena todos os e-mails dos usuários, "/opt/zimbra/store/0/", nesta pasta ficam os arquivos ".msg" de todos as contas, porém, cada usuário possui uma identificação, que é guardada no Mysql do zimbra (justamente o que não tava funcionando), então não tinha como saber que Id era qual usuário..

Entrando na pasta, me deparei com várias outras pastas nomeadas com a id do usuário, e dentro de cada "id" outras pastas com os ".msg" da conta...

Criei então uma conta "teste" no meu servidor zimbra com uma pasta "restaurados", e mandei converter os ".msg" para dentro dela com o seguinte comando...

/opt/zimbra/bin/zmmailbox -z -m teste@zimbrateste01.com.br addMessage /restaurados *.msg

Foi ai que percebi que era possível restaurar as mensagens que até então estavam perdidas nas contas que eu queria...

O maior trabalho foi restaurar as .msg de cada id para descobrir de quem eram aquelas mensages...
Isso demorou quase uma manha inteira, e isso que eram somente 43 contas!! (obviamente não restaurei todas as mensagens de uma conta para saber de quem eram..)

Dai parti pro shell script...

dei um "ls" na pasta com as id's ( já alteradas para os nomes dos respectivos usuários) e concatecei em um arquivo chamado "users", nesse arquivo contia então as pastas com os arquivos ".msg" e consequentemente os usuários que receberiam as mensagens...

Criei então um script que iria ler a lista de usuarios, iria criar uma pasta na conta de cada usuario da lista e também iria restaurar as mensagens de cada usuario/msg para a pasta que eu previamente havia escolhido...

O script foi rodado através de uma "screen" no linux e ficou rodando durante a noite, ao chegar na empresa pela manhã, verifiquei que todas as mensagens haviam sido restauradas..

Sendo assim, a migração das contas foi "praticamente" um sucesso, não foi "completamente" porque não foi possível salvar os "contatos, agenda, tarefas e etc..." das contas, somente as mensagens.. Mas já é alguma coisa, e o cliente ficou com as mensagens, o que sinceramente, é o mais importante né???

Deixo aqui o meu testemunho então de que é possivel restaurar os e-mails de um servidor zimbra corrompido sem ter que fazer todos os testes que eu fiz...

Ex:
Copiar pasta "store" de um servidor pro outro... (não adiantou, pois não identifica as mensagens)
Copiar pasta inteira "/opt/zimbra" - Não adiantou (ainda tive que reconfigurar o zimbra, e serviços que antes funcionavam, haviam parado!)


Se alguem estiver com o mesmo problema, só precisa entrar em contato através do meu e-mail que envio o script que faz tal tarefa...