FreeBSD Notes

Table of Contents

Rebuild kernel from source

Install the source code

svn checkout https://svn.FreeBSD.org/base/releng/10.2 /usr/src
  • where the 10.2 is your current release
  • svn.FreeBSD.org will automatically choose a mirror near you 1

Buildworld and kernel 2

System Administration Notes

Inspect system boot log

$ cat /var/run/dmesg.boot

Modify default editor from vi to nano

# For C based shell
$ setenv EDITOR </path/to/nano>

# To find path to nano
$ which nano

Check disk space usage by directory

$ sudo du -hd1 /usr

Expand Partition to Entire Drive

When a VPS is upgraded to a larger instance, the expanded drive is not recognized by the OS

  • Tutorial here
     $ gpart recover vtbd0
     $ gpart resize -i 2 vtbd0  # 2=what is shown on gpart show vtbd0
     $ growfs -y /
    
     # Verify extra displace exists
     $ df -h
    
    # Update /etc/fstab
    
  • On reboot, goes to mountroot prompt
    # do a ? to see list of available disks
    $ ufs:/dev/vtbd0s1
    

Reload sshd config

I usually change the default ssh port from 22 3 and disable root login by modifying the sshd conf. (not ssh conf)

/etc/rc.d/sshd reload

Edit Crontab

$ crontab -e

View traffic on network interfaces

$ systat -ifstat 1


How to manage FreeBSD Jails

Jails have been around years before docker and kubernetes were the rage.4

Manage Jails using ezjail-admin

# View list of available jails
$ jls  
# or 
$ jls -v

Log into existing jail

$ sudo ezjail-admin console <jailname>

# OR use jexec with number parameter where 
# parameter == JID from jls output 
$ sudo jexec 2 csh

# OR use execute a command in jail 
$ sudo jexec 1 hostname
# show host name of jail with id=1

Create new Jail

A condensed version of bsdnow

Create an ip address for jail

  • Find an ipaddress to set for jail

    Select the next ip address number

$ jls
  • Make an alias on your network card with your network settings
$ sudo ifconfig lo10 alias 10.10.10.15 netmask 0xffffff00
  • Add network alias to /etc/rc.conf so it remembers on reboot
  • Your /etc/rc.conf file will look something like this
# Setup Jails
ezjail_enable="YES"
jail_sysvipc_allow="YES"    # For PostgresSQL

gateway_enable="YES"

cloned_interfaces="lo10"
ifconfig_lo10_alias0="inet 10.10.10.1 netmask 255.255.255.0"
ifconfig_lo10_alias1="inet 10.10.10.10 netmask 255.255.255.0"
ifconfig_lo10_alias2="inet 10.10.10.11 netmask 255.255.255.0"
ifconfig_lo10_alias3="inet 10.10.10.12 netmask 255.255.255.0"
ifconfig_lo10_alias4="inet 10.10.10.13 netmask 255.255.255.0"
ifconfig_lo10_alias5="inet 10.10.10.14 netmask 255.255.255.0"
ifconfig_lo10_alias6="inet 10.10.10.15 netmask 255.255.255.0"
  • Create the actual jail
    • use the ip address created above
    sudo ezjail-admin create busilogic-blog 10.10.10.15
    
  • To enable networking inside jail, copy the resolv.conf file
    sudo cp /etc/resolv.conf /usr/jails/busilogic-blog/etc/
    
    • Start the jail
    sudo service ezjail start busilogic-blog
    

Enable networking in jail


# Replace jail name with your jail created
$ cp /etc/resolv.conf /usr/jails/<jailname>/etc/

Using fetch fails with ssl auth error


Reason: Certificate verification failed

# Install ca root
$ pkg install ca_root_nss

# Then ln or cp the combined root certificates to /etc/ssl/cert.pem
$ ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem

Starting PostGres in jail


$ su pgsql
$ pg_ctl -D /usr/local/pgsql/data initdb /usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/postgresql.log start

Jenkins

How to set up jenkins on FreeBSD

Adding more storage

If you need to upgrade your VPS to get additional storage, follow notes here.

Enable webdav on nginx

  • Install nginx from source

    To enable http webdav module You might have to install libxml2 libs as prerequisite for nginx to compile properly

  • Generate htpasswd 5
  • Update nginx config file 6
  • Use it to host secure items e.g. password manager on webdav with keepass 7

Sysvipc and jails on bsd

Footnotes: