Archive for category FreeBSD

Date: May 25th, 2009
Cate: FreeBSD

VirtualBox 對於 FreeBSD 的支援

我在一台 CPU 不支援 Intel VT/AMD-V 的機器上測試 VirtualBox

Windows 執行起來是還可以,但是 FreeBSD 實在是慘不忍睹。想要安裝 ports 或是 make world 都會不定時噴出一堆

sigreturn: eflags = 0×80247
sigreturn: eflags = 0×80293
sigreturn: eflags = 0×80207

的訊息,google 出來發現這是從 2007 年到現在都有的問題,從 FreeBSD 6 -> 7 都沒修好…

Date: June 17th, 2007
Cate: FreeBSD

FreeBSD 下備份用的 script

因為自己手賤的關係,不小心刪掉自己管理的機器上的設定檔,所以改了一下別的 script 來備份設定檔


#!/bin/sh
# system_backup.sh: backup system files and keep newest 5 days backup.
#
# Last updated: 2 June 2007 by yrchen (yrchen@ATCity.org)
# ----------------------------------------------------------------------
# This is a free shell script under GNU GPL version 2.0 or above
# Copyright (C) 2007 Chen Yu-Ren
# Feedback/comment/suggestions : http://yrchen.ATCity.org/
# ----------------------------------------------------------------------

# the directory for story your backup file.
backup_dir="備份用的目錄"
kernel_config="Kernel 設定檔的位置"

# date format for backup file (yyyy-mm-dd)
time="$(date +"%d-%m-%Y")"
time="$(date +"%Y-%m-%d")"

# mysql, mysqldump and some other bin's path
CP="$(which cp)"
MKDIR="$(which mkdir)"
RM="$(which rm)"
MV="$(which mv)"
TAR="$(which tar)"
GZIP="$(which gzip)"

# check the directory for store backup is writeable
test ! -w $backup_dir && echo "Error: $backup_dir is un-writeable." && exit 0

# the directory for story the newest backup
test ! -d "$backup_dir/backup.0/" && $MKDIR "$backup_dir/backup.0/"

$CP $kernel_config $backup_dir/backup.0/$time.kernel_config
$TAR czfpP $backup_dir/backup.0/$time.etc.tgz /etc
$TAR czfpP $backup_dir/backup.0/$time.local_etc.tgz /usr/local/etc

# delete the oldest backup
test -d "$backup_dir/backup.5/" && $RM -rf "$backup_dir/backup.5"

# rotate backup directory
for int in 4 3 2 1 0
do
if(test -d "$backup_dir"/backup."$int")
then
next_int=`expr $int + 1`
$MV "$backup_dir"/backup."$int" "$backup_dir"/backup."$next_int"
fi
done

exit 0;

Date: April 28th, 2007
Cate: FreeBSD, Security

在 FreeBSD 上用 SSHGUARD 搭配 ipfw 防範入侵

SSHGUARD 預設支援了 iptables, pf, ipfw 幾種防火牆,不過在 FreeBSD 上面搭配 ipfw 使用的時候可能會遇到一點小麻煩,因為預設的規則編號從 55000 開始起跳,若是前面的規則已經 match 而放行了,那 SSHGUARD 擋再多次都沒有用

修改的方式很簡單,建議先透過 ports 安裝完,然後再去 /usr/ports/distfiles/ 執行下面指令:

sudo tar zvxf sshguard-0.91.tar.bz2
cd sshguard-0.91/fwalls/
sudo ee ipfw.c

找到開頭的

#define IPFW_RULERANGE_MIN 55000
#define IPFW_RULERANGE_MAX 55050

把數值改成較前面的編號就可以了,請視自己機器上的環境而決定。修改完以後請記得回到 sshguard-0.91 的根目錄編譯跟安裝:

cd ../
sudo ./configure –with-firewall=ipfw
sudo make all install clean

找台機器測試一下,應該會在 /var/log/auth.log 看到下面的字樣:

Apr 28 18:58:05 Ithica sshd[22626]: error: PAM: authentication error for illegal user 3 from xxx.xxx.xxx.xxx
Apr 28 18:58:05 Ithica sshd[22626]: Failed keyboard-interactive/pam for invalid user 3 from xxx.xxx.xxx.xxx port 58193 ssh2
Apr 28 18:58:05 Ithica sshd[22626]: error: PAM: authentication error for illegal user 3 from xxx.xxx.xxx.xxx
Apr 28 18:58:05 Ithica sshd[22626]: Failed keyboard-interactive/pam for invalid user 3 from xxx.xxx.xxx.xxx port 58193 ssh2
Apr 28 18:58:05 Ithica sshd[22626]: error: PAM: authentication error for illegal user 3 from xxx.xxx.xxx.xxx
Apr 28 18:58:05 Ithica sshd[22626]: Failed keyboard-interactive/pam for invalid user 3 from xxx.xxx.xxx.xxx port 58193 ssh2
Apr 28 18:58:06 Ithica sshguard[83302]: Blocking xxx.xxx.xxx.xxx: 4 failures over 1 seconds.

用 ipfw list 可以看到結果,收工 :)

Powered by ScribeFire.