Revision [3905]
Last edited on 2011-03-17 00:30:10 by KenFongAdditions:
cmdwatch (watch equiv.)
Revision [2324]
Edited on 2009-06-24 01:21:07 by WikiAdminAdditions:
==[[FreeBSDZFS ZFS]]==
Revision [2215]
Edited on 2009-02-20 10:37:34 by WikiAdminAdditions:
===FreeBSD usage monitoring===
netstat -I em0 -h -finet -w1 (Show nic rate)
netstat -I em0 -h -finet -w1 (Show nic rate)
Revision [2214]
Edited on 2009-02-20 10:33:52 by WikiAdminAdditions:
iostat -w1 ad4 (show IO rate)
Revision [2200]
Edited on 2009-02-12 19:15:23 by WikiAdminAdditions:
=== other kernn tunings ===
kern.maxfiles=
kern.maxfilesperproc=
Revision [2141]
Edited on 2009-01-08 07:45:39 by WikiAdminAdditions:
===Mount iso===
===dump & restore===
===remote soft-updates===
===completely disable sendmail===
===procfs===
proc /proc procfs rw 0 0
===dump & restore===
===remote soft-updates===
===completely disable sendmail===
===procfs===
proc /proc procfs rw 0 0
Deletions:
# dump & restore
# remote soft-updates
# completely disable sendmail
Revision [2140]
Edited on 2009-01-08 06:21:48 by WikiAdminAdditions:
# completely disable sendmail
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
Revision [2138]
Edited on 2009-01-02 02:23:25 by WikiAdminAdditions:
# dump & restore
dump -0uan -f /bk/fs.dump /dev/ad0s1a
cd /tmproot
restore -rf /bk/fs.dump
# remote soft-updates
# boot up with FreeSBIE
tunefs -n disable /dev/ad0s1a
dump -0uan -f /bk/fs.dump /dev/ad0s1a
cd /tmproot
restore -rf /bk/fs.dump
# remote soft-updates
# boot up with FreeSBIE
tunefs -n disable /dev/ad0s1a
Revision [2105]
Edited on 2008-12-04 18:52:08 by WikiAdminAdditions:
# bsdsar
http://www.cyberciti.biz/faq/freebsd-bsdsar-installation-configuration/
http://www.cyberciti.biz/faq/freebsd-bsdsar-installation-configuration/
Revision [2053]
Edited on 2008-10-24 02:18:11 by WikiAdminAdditions:
# Mount iso
mdconfig -a -t vnode -f /data/home/X/Bex301_Unix1.iso -u 0
mdconfig -a -t vnode -f /data/home/X/Bex301_Unix2.iso -u 1
mount -t cd9660 /dev/md0 disc1
mount -t cd9660 /dev/md1 disc2
mdconfig -a -t vnode -f /data/home/X/Bex301_Unix1.iso -u 0
mdconfig -a -t vnode -f /data/home/X/Bex301_Unix2.iso -u 1
mount -t cd9660 /dev/md0 disc1
mount -t cd9660 /dev/md1 disc2
Revision [1913]
Edited on 2008-08-27 18:58:55 by WikiAdminAdditions:
=== Format new drives ===
You can do it via sysinstall, or from command line:
dd if=/dev/zero of=/dev/da3 bs=1k count=1
bsdlabel -Bw da3 auto
newfs -n -o time -U /dev/da3a > da3a-newfs.log
You can do it via sysinstall, or from command line:
dd if=/dev/zero of=/dev/da3 bs=1k count=1
bsdlabel -Bw da3 auto
newfs -n -o time -U /dev/da3a > da3a-newfs.log
Revision [1803]
Edited on 2008-07-09 03:46:41 by WikiAdminAdditions:
netstat -i (show interface errors)
Revision [1722]
Edited on 2008-05-15 03:29:42 by WikiAdminAdditions:
==[[FreeBSDNullMounts Null Mounts]]==
Revision [1712]
Edited on 2008-05-08 19:39:19 by WikiAdminAdditions:
**Some more on that**
* net.inet.tcp.msl=7500
net.inet.tcp.msl defines the Maximum Segment Life. This is the maximum amount of time to wait for an ACK in reply to a SYN-ACK or FIN-ACK, in milliseconds. If an ACK is not received in this time, the segment can be considered "lost" and the network connection is freed.
There are two implications for this. When you are trying to close a connection, if the final ACK is lost or delayed, the socket will still close, and more quickly. However if a client is trying to open a connection to you and their ACK is delayed more than 7500ms, the connection will not form. RFC 753 defines the MSL as 120 seconds (120000ms), however this was written in 1979 and timing issues have changed slightly since then. Today, FreeBSD's default is 30000ms. This is sufficient for most conditions, but for stronger DoS protection you will want to lower this to 7500, or maybe even less.
* net.inet.tcp.blackhole=2
net.inet.tcp.blackhole defines what happens when a TCP packet is received on a closed port. When set to '1', SYN packets arriving on a closed port will be dropped without a RST packet being sent back. When set to '2', all packets arriving on a closed port are dropped without an RST being sent back. This saves both CPU time because packets don't need to be processed as much, and outbound bandwidth as packets are not sent out.
* net.inet.udp.blackhole=1
net.inet.udp.blackhole is similar to net.inet.tcp.blackhole in its function. As the UDP protocol does not have states like TCP, there is only a need for one choice when it comes to dropping UDP packets. When net.inet.udp.blackhole is set to '1', all UDP packets arriving on a closed port will be dropped.
* net.inet.icmp.icmplim=50
The name 'net.inet.icmp.icmplim' is somewhat misleading. This sysctl controls the maximum number of ICMP "Unreachable" and also TCP RST packets that will be sent back every second. It helps curb the effects of attacks which generate a lot of reply packets.
* kern.ipc.somaxconn=32768
kern.ipc.somaxconn limits the maximum number of sockets that can be open at any one time. The default here is just 128. If an attacker can flood you with a sufficiently high number of SYN packets in a short enough period of time, all of your possible network connections will be used up, thus successfully denying your users access to the service.
* net.inet.tcp.msl=7500
net.inet.tcp.msl defines the Maximum Segment Life. This is the maximum amount of time to wait for an ACK in reply to a SYN-ACK or FIN-ACK, in milliseconds. If an ACK is not received in this time, the segment can be considered "lost" and the network connection is freed.
There are two implications for this. When you are trying to close a connection, if the final ACK is lost or delayed, the socket will still close, and more quickly. However if a client is trying to open a connection to you and their ACK is delayed more than 7500ms, the connection will not form. RFC 753 defines the MSL as 120 seconds (120000ms), however this was written in 1979 and timing issues have changed slightly since then. Today, FreeBSD's default is 30000ms. This is sufficient for most conditions, but for stronger DoS protection you will want to lower this to 7500, or maybe even less.
* net.inet.tcp.blackhole=2
net.inet.tcp.blackhole defines what happens when a TCP packet is received on a closed port. When set to '1', SYN packets arriving on a closed port will be dropped without a RST packet being sent back. When set to '2', all packets arriving on a closed port are dropped without an RST being sent back. This saves both CPU time because packets don't need to be processed as much, and outbound bandwidth as packets are not sent out.
* net.inet.udp.blackhole=1
net.inet.udp.blackhole is similar to net.inet.tcp.blackhole in its function. As the UDP protocol does not have states like TCP, there is only a need for one choice when it comes to dropping UDP packets. When net.inet.udp.blackhole is set to '1', all UDP packets arriving on a closed port will be dropped.
* net.inet.icmp.icmplim=50
The name 'net.inet.icmp.icmplim' is somewhat misleading. This sysctl controls the maximum number of ICMP "Unreachable" and also TCP RST packets that will be sent back every second. It helps curb the effects of attacks which generate a lot of reply packets.
* kern.ipc.somaxconn=32768
kern.ipc.somaxconn limits the maximum number of sockets that can be open at any one time. The default here is just 128. If an attacker can flood you with a sufficiently high number of SYN packets in a short enough period of time, all of your possible network connections will be used up, thus successfully denying your users access to the service.
Revision [1706]
Edited on 2008-05-05 18:22:39 by WikiAdminAdditions:
==[[FreeBSDNFS NFS]]==
Revision [1697]
Edited on 2008-04-21 03:48:38 by WikiAdminAdditions:
==[[FreeBSDAddSwap AddSwap]]==
Revision [1599]
Edited on 2008-04-02 01:15:41 by WikiAdminAdditions:
ifconfig_bge0="inet 1.2.3.4 netmask 255.255.255.0"
defaultrouter="1.2.3.254"
ifconfig_bge0_alias0="inet 1.2.3.5 netmask 255.255.255.255"
defaultrouter="1.2.3.254"
ifconfig_bge0_alias0="inet 1.2.3.5 netmask 255.255.255.255"
Deletions:
ifconfig_bge0_alias0="inet 217.72.255.136 netmask 255.255.255.240"
Revision [1562]
Edited on 2008-03-27 00:04:23 by WikiAdminAdditions:
==[[FreeBSDJumpstart Jumpstart]]==
Revision [1558]
Edited on 2008-03-26 08:41:22 by WikiAdminAdditions:
/usr/local/tomcat/bin/startup.sh
/usr/local/tomcat/bin/catalina.sh version
/usr/local/tomcat/bin/catalina.sh version
# lspci equvalent
pciconf
/usr/local/tomcat/bin/catalina.sh version
/usr/local/tomcat/bin/catalina.sh version
# lspci equvalent
pciconf
Deletions:
/usr/local/tomcat/bin/catalina.sh version
/usr/local/tomcat/bin/catalina.sh version
