Table of Contents

OS - BSD - OpenBSD - Notes - Miscellaneous

Hawk Host Blog - TMUX – The Terminal Multiplexer (Part 1)
Hawk Host Blog - TMUX – The Terminal Multiplexer (Part 2)

Start Webmin:

/usr/bin/perl /root/webmin-1.420/miniserv.pl /etc/webmin/miniserv.conf

Add a description to an interface:

ifconfig em0 description "description (in double quotes if it contains spaces)"

Source:joshua stein: my history with openbsd

Radeon + nvagp: openbsd-tech - [patch] nForce AGP support

Connect over a USB COM port to the debug port of a PowerStation:

cu -l ttyU0 -s 19200|tee output

When executing as a normal user an error is shown:

$ cu -l ttyU0|tee output 
/var/spool/lock/LCK..ttyU0: No such file or directory
Can't open lock file.
all ports busy

Source:Nabble.com - Re: net4801 loads slowly pxelinux.0

Open the CDROM drive:

eject /dev/rcd0c

Prefer IPv6 addresses when resolving names? Add the following to /etc/resolv.conf:

family inet6 inet4

Show SSH fingerprint without printing the filenames (ksh shell):

for i in `ls /etc/ssh/*.pub`; do ssh-keygen -l -f $i; done | awk '{ print $1, $2, $4 }'

Source:eFreedom - SSH - How to manually know the RSA2 key finger print?

Show linked libraries of a library/program:

ldd /path/to/library/or/program

Show a list of processes with opened network ports:

fstat | grep internet

Build a pkg_delete list based on the contents of /var/log/messages:

grep "pkg_add: Added" /var/log/messages | awk '{ print "pkg_delete " $7 }'

Build a pkg_delete list in reversed order based on the contents of /var/log/messages:

grep "pkg_add: Added" /var/log/messages | awk '{ print "pkg_delete " $7 }' | tail -r

Print a file in all lowercase:

awk '{ print tolower }' filename

Virtual machine drive size for testing

40G drive.

a150M/
b512Mswap
d6G/usr
e30G/var
f2G/tmp
g1,3G/home

OpenBSD and multicore CPU's

throwing more than one cpu (core) at a database server running just
one mysqld instance is not going to help right now. that's likely to
change with rthreads so.

throwing more than one core at a firewall (without much proxy stuff in
userland) hurts more than it helps right now.

guess my point is clear. we scale fine for many (I'd even say the most)
tasks. we scale miserably for some others. yes, our SMP can be
improved, but it isn't bad. heck, what cannot be improved?

-- Henning Brauer

The above is subject to change. Taken from:marc.info - openbsd.misc - multicore processors gain

Apache

Apache HTTP Server Version 1.3 - Name-based Virtual Host Support
Apache HTTP Server Version 1.3 - Apache IP-based Virtual Host Support

Logrotate

Very crappy log rotation for Apache logs.
Use rotatelogs (8) instead.

apachectl stop
cd /var/www/logs
mv access_log access_log_`date +%Y%m%d`
mv error_log error_log_`date +%Y%m%d`
mv ssl_engine_log ssl_engine_log_`date +%Y%m%d`
mv ssl_request_log ssl_request_log_`date +%Y%m%d`
touch access_log
touch error_log
touch ssl_engine_log
touch ssl_request_log
apachectl startssl
gzip access_log_`date +%Y%m%d`
gzip error_log_`date +%Y%m%d`
gzip ssl_engine_log_`date +%Y%m%d`
gzip ssl_request_log_`date +%Y%m%d`

SSL

Add intermediate/signing certificate

This assumes /etc/ssl/server.crt and /etc/ssl/private/server.key are already installed.

Add the public intermediate/signing certificate that was used to sign server.crt (in this case GlobalSign Domain Validation CA - G2):

cp GlobalSign\ Domain\ Validation\ CA\ -\ G2.crt /etc/ssl/globalsigndomvalcag2.crt
chgrp bin /etc/ssl/globalsigndomvalcag2.crt

Add the following to /var/www/conf/httpd.conf (after the line “SSLCertificateKeyFile /etc/ssl/private/server.key”):

SSLCertificateChainFile /etc/ssl/globalsigndomvalcag2.crt

Source for httpd.conf entry:Apache Module mod_ssl

Sendmail

Set up sendmail as a null client

By default sendmail only listens on the localhost address and does not forward email. With this setting you turn sendmail into a null client, all email that can't be delivered locally will be sent to an SMTP gateway/relay server.

Open /usr/share/sendmail/cf/openbsd-localhost.mc and add the following rule at the bottom:

define(`SMART_HOST',`esmtp:[10.1.1.1]')dnl

Save the file. Then cd to the cf directory:

# cd /usr/share/sendmail/cf

And compile the configuration file:

# make openbsd-localhost.cf

Copy /usr/share/sendmail/cf/openbsd-localhost.cf to /etc/mail/localhost.cf:

# cp /usr/share/sendmail/cf/openbsd-localhost.cf /etc/mail/localhost.cf

dd

Erase a disk (by overwriting it with zeros):

dd if=/dev/zero of=/dev/rsd0c bs=10m

Source: Marc.info - Re: Can one dd to /dev/rwd0c?

> dd if=/dev/wd0c of=/dev/wd1c bs=4m

This hits the buffer cache, use raw devices for anything apart
from mounting, ie /dev/rwd0c

Source: “Re: dd performance question” thread op misc@openbsd.

Erase a drive

atactl drive secerase

Via marc.info - openbsd-misc - Re: Is fdisk, disklabel and newfs enough to "reset" an SSD

Installation as transparant filtering bridge

# ifconfig bridge0 create
# ifconfig bridge0 add bge1
# ifconfig bridge0 add bge2
# ifconfig bge1 up
# ifconfig bge2 up
# ifconfig bridge0 up

To make this configuration permanent you have to create the /etc/hostname.if files with the correct contents:

# echo add bge1 > /etc/hostname.bridge0
# echo add bge2 >> /etc/hostname.bridge0
# echo add up >> /etc/hostname.bridge0
# echo up > /etc/hostname.bge1
# echo up > /etc/hostname.bge2

You can filter on this bridge. Example /etc/pf.conf:

ext_if = "bge2"
int_if = "bge1"
tcp_services = "{www,https}"

block in on $ext_if all

# Allow all outbound tcp traffic to tcp_services
pass out quick on $ext_if proto tcp from any to any port $tcp_services
# Allow all outbound udp traffic to 10.0.0.138 for DNS
pass out quick on $ext_if proto udp from any to 10.0.0.138 port domain

ANSI (IBM CP437) art and the text console

Set the TERM variable to cons25:

TERM=cons25

See:

KarakterverzamelingTerminaltype
ISO8859-1 of ISO-8859-15cons25l1
ISO8859-2cons25l2
ISO8859-7cons25l7
KOI8-Rcons25r
KOI8-Ucons25u
CP437 (VGA standaardinstelling)cons25
US-ASCIIcons25w

Source:FreeBSD handboek - 23.3. Lokalisatie gebruiken

Download the latest version of Tetradraw, extract, and then compile with:

configure
make

Use the tetraview application to open .ANS file:

./tetraview FINAL.ANS

See also:
marc.info - openbsd-misc - Subject: Running ANSI-based applications
FreeBSD syscons fonts
CP437.fnt - Alternate 8x16 Character font

Sendmail skips mailertable

Scenario:
After the system had an unclean shutdown (loss of power) sendmail ignored the mailertable.

mailertable:

domein.nl dbmail:localhost

local-host-names has no additions.

Test with the following command:

# sendmail -d60.5 -bv naam@domein.nl

This produced the following output:

map_lookup(dequote, root, %0=root) => NOT FOUND (0)
map_lookup(host, domein.nl, %0=domein.nl) => domein.nl. (0)
map_lookup(virtuser, naam@domein.nl, %0=naam@domein.nl, %1=naam) => NOT FOUND (0)
map_lookup(virtuser, @domein.nl, %0=@domein.nl, %1=naam) => NOT FOUND (0)
naam@domein.nl... User unknown

The mailertable is skipped.

/etc/hosts held an extra line with the private IP-address of the server and behind it:

www.domein.nl www domein.nl

After commenting out this line in /etc/hosts and restarting the system the output of 'sendmail -d60.5 -bv naam@domein.nl' was now:

# sendmail -C/etc/mail/dbmail.cf -d60.5 -bv naam@domein.nl
map_lookup(dequote, root, %0=root) => NOT FOUND (0)
map_lookup(host, domein.nl, %0=domein.nl) => domein.nl. (0)
map_lookup(mailertable, domein.nl, %0=domein.nl) => dbmail:localhost (0)
naam@domein.nl... deliverable: mailer dbmail, host localhost, user naam@domein.nl

Strangely the system did work before that with the extra line in /etc/hosts.
Presumably after the unclean shutdown a corrupted file or cache in the sendmail↔dbmail chain was rebuilt or something similar after which the rule in /etc/hosts was in full effect.

Sources:
Configure Local DNS lookup in Sendmail voor het d60.5 commando.
extract the nectar, burn the tree - When SendMail ignores the mailertable maakte melding van een identieke opstelling met DBMail waar een compleet lege local-host-names de oplossing was. Getest, werkte niet voor mijn opzet.
LinuxQuestions.org - sendmail mailertable beschrijft een soorgelijk probleem en wees met de laatste post in de richting van /etc/hosts.
goldfisch knowledgebase - sendmail ignores mailertable and threatens domain as local

Quake 2 Giex server

  1. Install the Quake2 package:
    pkg_add quake2
  2. Copy at least pak0.pak upto pak4.pak to /usr/local/share/quake2/baseq2/.
  3. Place the giex directory in /usr/local/share/quake2/.
  4. Make sure the game library is named game.so.
  5. Add a _giex user. (default shell, no password, answer yes to disalow logons)
  6. Change the ownership of the charsave directory and giexlog.txt to _giex:
    chown -R _giex /usr/local/share/quake2/giex/charsave
    chown _giex /usr/local/share/quake2/giex/giexlog.txt
  7. To automatically start the server at system startup add the following to /etc/rc.local:
    if [ -x /usr/local/bin/quake2 ]; then
            echo -n ' q2-giex'
            su -m _giex -c "cd /usr/local/share/quake2/ && /usr/local/bin/quake2 +game giex +map q2dm1 +exec dmsrv.cfg +set dedicated 1 >/dev/null &"
    fi

OpenSSH ChrootDirectory

OpenSSH/Cookbook/SFTP
OpenSSH/Logging - Logging Chrooted SFTP
Bigmite Solutions - Chroot sftp using openssh and logging

Open /etc/ssh/sshd_config and modify the Subsystem line to the following:

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server -u 0022

Voeg onderaan toe:
Match Group sftp-only
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -f AUTH -l VERBOSE -u 0027

The options after internal-sftp are important if you want to have the file transfers logged to /var/log/authlog and have files created without group write and any world permissions. Source:The FreeBSD Forums > Server & Networking > Web & Network Services - openssh and sftp logging

Add an extra log socket to the syslogd startup options by adding the following to /etc/rc.conf.local:

syslogd_flags="-a /home/sftp.log.socket"

Stop syslogd and start it with the above -a option.

Correct the permissions on the homedir and remove the dotfiles:

chown root:wheel /home/username/
rm -rf /home/username/.*

Create a user writable subdirectory:

mkdir /home/username/export
chown username:username /home/username/export

Create the /dev/ directory in the chroot homedir and link the sftp.log.socket:

mkdir /home/username/dev/
chmod 0755 /home/username/dev/
ln /home/sftp.log.socket /home/username/dev/log

Create the sftp-only group:

groupadd sftp-only

Now add the users that should chroot to their homedir to the sftp-only group.

Geany treebrowser plugin

Tested on
OpenBSD versionOpenBSD archGeany versionGeany plugins version
5.2i3860.200.20

Install the prerequisites:

pkg_add intltool

Extract the plugins archive:

tar xzvf geany-plugins-0.20.tar.gz

Change to the plugins directory:

cd geany-plugins-0.20

Run the configure script (to create the Makefiles):

./configure

Change to the treebrowser directory:

cd treebrowser

Compile the plugin:

make

Copy the compiled plugin to the geany plugin directory:

cp .libs/treebrowser.so /usr/local/lib/geany/

Correct the file mode and group on the plugin:

chmod -x /usr/local/lib/geany/treebrowser.so
chgrp bin /usr/local/lib/geany/treebrowser.so

The plugin should now be available in the Geany Plugin Manager.

Auto logon

Auto logon to X

  1. Create a user to auto logon with.
  2. Setup ~/.xinitrc to start the desired window manager.
  3. Add the following to /etc/rc.local:
    /usr/bin/su - <userlogin> -c /usr/X11R6/bin/startx

    Replace <userlogin> with the name of the user to auto logon with.

  4. When the system next boots it will be logged in automatically under the user <userlogin> and X will be started.

Source: Debian Ubuntu Linux Solutions Blog - HOWTO: Autologin into your Linux system without XDM, GDM, KDM, etc

LPD printing to HP CM 2320i printer

Add the following to /etc/printcap:

rp|cm2320:\
        :lp=cm2320.domain.local:rm=cm2320:rp=lp:sd=/var/spool/output:lf=/var/log/lpd-errs:

And start lpd:

/etc/rc.d/lpd -f start

Test printing from a program (xpdf, Seamonkey, LibreOffice) with:

lpr -Pcm2320

Default packages for desktop system

A list of packages used on a personal desktop system.

FIXME: Expand the list towards a fully equipped system…

pkg_add -i dia dillo dmenu dosbox gimp libreoffice mutt rsync seamonkey texmaker thunderbird unzip vim vlc xfe xpdf

Games:

pkg_add -i chocolate-doom flare megaglest openarena prboom-plus quake quake2 redeclipse sumwars widelands

Compiling:

pkg_add -i clang cmake gmake subversion

goomwwm

Compile and install the latest version of goomwwm.

  1. Download the latest master.tar.gz from GitHub - seanpringle - goomwwm.
  2. Extract the goomwwm-master.tar.gz archive.
  3. Compile:
    make
  4. Install:
    sudo cp goomwwm /usr/local/bin 
    sudo cp goomwwm.1 /usr/local/man/man1/
  5. Install the required prerequisite of dmenu:
    pkg_add dmenu
  6. Add to ~/.xinitrc:
    goomwwm -modkey mod1,shift

    '-modkey mod1,shift' uses the Alt+Shift keys as modkey instead of the left Windows key (for keyboards that do not have a Windows key). Can be omitted on keyboards that do have a Windows key.

  7. Start X Window:
    startx
  8. Use the key combination Alt+Shift+x (or Windows+x) to call the dmenu launcher.

sscrotwm

Compile and install the latest version of sscrotwm.

  1. Download the latest master.tar.gz from GitHub - sporkexec - sscrotwm.
  2. Extract the sscrotwm-master.tar.gz archive.
  3. Compile:
    make
  4. Install:
    sudo cp sscrotwm /usr/local/bin 
    sudo cp sscrotwm.1 /usr/local/man/man1/
    sudo cp sscrotwm.conf /etc/
  5. Install the required prerequisite of dmenu:
    pkg_add dmenu
  6. Add to ~/.xinitrc:
    sscrotwm
  7. Start X Window:
    startx
  8. Use the key combination Alt+p to call the menu launcher.
  9. Use the key combination Alt+Shift+Return to call a terminal.

librt and libdl functions in libc

Ran into this when trying to compile Odamex 0.7.0.

OpenBSD currently (2015-05-30) does not supply librt or libdl.

(Some of) their functionality is included in libc.

Sources:

Audio control - Volume

First read OpenBSD FAQ - 13 - Multimedia.

Tested on:

$ dmesg | grep audio           
audio0 at azalia0
$ dmesg | grep azalia
azalia0 at pci0 dev 27 function 0 "Intel 6321ESB HD Audio" rev 0x09: msi
azalia0: codecs: Realtek ALC262
audio0 at azalia0

outputs.master is set to 120,120 by default:

$ mixerctl outputs.master  
outputs.master=120,120

To up this:

mixerctl outputs.master=220,220

To make this permanent on every reboot:

echo outputs.master=220,220 >> /etc/mixerctl.conf

OpenSMTPd + cron == no From address

Applies to OpenBSD 5.4 - 5.7. Fixed in OpenBSD 5.8.

Due to openbsd-misc - Re: no hostname in mails sent with smtpd in a crontab not being solved yet all cronjobs need to have ' | mail -s “Subject” <e-mailaddress>' appended if it is desired to mail the output to someone else than the host root account.

Su to root.
Modify the crontab for root:

crontab -e

Change:

Resize a file system

Tested on OpenBSD/amd64 5.8 on VMware ESXi 6.0 after enlarging /dev/sd1 VMDK. /dev/sd1 only contained one partition (a).

  1. Unmount the file system:
    umount /dev/sd1a
  2. Edit the disklabel:
    disklabel -E /dev/rsd1c
  3. Set disk boundaries to cover the entire disk:
    > b
    Starting sector: [0] 
    Size ('*' for entire disk): [8388608] *
  4. Change the size of the partition to cover the entire disk:
    > c a
    Partition a is currently 8388608 sectors in size, and can have a maximum
    size of 16777216 sectors.
    size: [8388608] *
  5. Write the new label:
    > q
    Write new label?: [y] 
  6. Grow the file system on sd1a:
    # growfs /dev/rsd1a
    We strongly recommend you to make a backup before growing the Filesystem
    
     Did you backup your data (Yes/No) ? Yes
    new filesystem size is: 4194304 frags
    Warning: 190976 sector(s) cannot be allocated.
    growfs: 8098.8MB (16586240 sectors) block size 16384, fragment size 2048
            using 40 cylinder groups of 202.47MB, 12958 blks, 25984 inodes.
    super-block backups (for fsck -b #) at:
     8707808, 9122464, 9537120, 9951776, 10366432, 10781088, 11195744, 11610400,
     12025056, 12439712, 12854368, 13269024, 13683680, 14098336, 14512992,
     14927648, 15342304, 15756960, 16171616
  7. Check the file system:
    # fsck /dev/rsd1a
    
    ** /dev/sd1a (58e67b67b9473b4c.a)
    ** Last Mounted on /var/www/pkg-cache
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    524 files, 1699675 used, 2381276 free (92 frags, 297648 blocks, 0.0% fragmentati
    on)
    
    MARK FILE SYSTEM CLEAN? [Fyn?] y
  8. Mount all file systems:
    mount -a

Extra bpf devices

Tested on OpenBSD/macppc 5.7 and 5.9.

OpenBSD creates 10 bpf devices by default.

Sometimes those 10 are already used. For instance when creating two extra pflog devices on a default install.

You can see how many bpf devices are in use in the output of:

fstat | grep bpf

Example output:

_pflogd  pflogd      8788    3 /           10223 crw-------  rw     bpf9
root     pflogd     20191    3 /           10223 crw-------  rw     bpf9
_pflogd  pflogd     32657    3 /           10222 crw-------  rw     bpf8
root     pflogd     25912    3 /           10222 crw-------  rw     bpf8
_dhcp    dhcpd      16901    4 /           10215 crw-------  rw     bpf1
_dhcp    dhcpd      16901    5 /           10216 crw-------  rw     bpf2
_dhcp    dhcpd      16901    6 /           10217 crw-------  rw     bpf3
_dhcp    dhcpd      16901    7 /           10218 crw-------  rw     bpf4
_dhcp    dhcpd      16901    8 /           10219 crw-------  rw     bpf5
_dhcp    dhcpd      16901    9 /           10220 crw-------  rw     bpf6
_dhcp    dhcpd      16901   10 /           10221 crw-------  rw     bpf7
_pflogd  pflogd      1558    3 /           10214 crw-------  rw     bpf0
root     pflogd     29587    3 /           10214 crw-------  rw     bpf0

When all bpf devices are in use, starting a tcpdump gives an error:

# tcpdump -i gem0
tcpdump: Failed to open bpf device for gem0: No such file or directory

The fix is creating extra bpf devices:

cd /dev/
sh MAKEDEV bpf10
sh MAKEDEV bpf11
sh MAKEDEV bpf12
#And so on...

Sources:

Add a CA cert to the Java keystore

Tested on OpenBSD/amd64 6.0 with jdk-1.7.0.80p1v0.

This will import the root CA certificate stored in /root/rootca.crt into the global Java keystore so the Java programs can verify certificates signed by that root CA.

/usr/local/jdk-1.7.0/bin/keytool -importcert \
 -keystore /usr/local/jdk-1.7.0/jre/lib/security/cacerts \
 -file /root/rootca.crt -noprompt \
 -storepass changeit

Source for password: Microsoft Azure - Adding a Certificate to the Java CA Certificates Store