Page 5 - My FreeBSD weblog

i'm posting this as a reference to get nessus 2.0.1 installed. <br><br>pre-req's are <br>openssl <br>bison<br>ftp.gtk.com glib-1.2.8.tar.gz<br>ftp.gtk.com gtk+-1.2.9.tar.gz<br><br>then download nessus from http://www.nessus.org run <br><br>sh nessus-installer.sh takes about 30 minutes on 450 mhz.<br><br><br>Congratulations ! Nessus is now installed on this host<br><br>. Create a nessusd certificate using /usr/local/sbin/nessus-mkcert<br>. Add a nessusd user use /usr/local/sbin/nessus-adduser<br>. Start the Nessus daemon (nessusd) use /usr/local/sbin/nessusd -D<br>. Start the Nessus client (nessus) use /usr/local/bin/nessus<br>. To uninstall Nessus, use /usr/local/sbin/uninstall-nessus<br><br>. A step by step demo of Nessus is available at :<br> http://www.nessus.org/demo/<br><br><br>Press ENTER to quit<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

magical command to get OpenBSD to burn an ISO. first copy all the files from the i386 directory that are downloaded from openbsd site<br><br>ie have a directory OpenBSD under say /home/SomeUser<br><br>Directory Structure below contains the files ftp'd down.<br><br>OpenBSD/3.2/i386 <br><br># mkisofs -l -L -v -r -T -V "OpenBSD" -A "OpenBSD-v3.2" -b 3.2/i386/cdrom32.fs -c "boot.catalog" -o openbsd32.iso -x openBSD32.iso ./OpenBSD/<br><br>you should have an iso about 122 meg. Copy over using Binary onto windows XP and it should burn fine.<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

also when configuring nessus 2.0.1 install /usr/ports/www/lynx, /usr/ports/ftp/wget and/or /usr/ports/archivers/gzip could not be found. I will not install nessus-update-plugins<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

hi all,<br><br>been a few months since i updated the weblog. the mail server has been up and serving mail.bgeek.com for over 2 months w/o issue also is serving www.bgeek.com. FreeBSD 4.8 stable came out and i wanted to update the system from 4.7 release to 4.8 stable. i'm very aware of patching systems i have the glorious job of patching windows systems for a living. red hat is probably the closest thing to windowsupdate but red hat has more updates than windowsy. i found somewhere there were less than 10 fixes that needed to be updated on freeBSD and i wanted to be able to update my BSD system.<br><br><br>for the impatient who don't want to read the handbook way of updating systems. this assumes your somewhat freeBSD literate. <br><br>1 - install cvsup from the ports<br>2 - make a cvsup file, place in /etc/stable-cvsupfile for example and of the build you want to go to. in this case i visited the bits on the ftp site somewhere and go tthe cvsupfile <br>3 - updated my system via cvsup i put this command in the daily.local file "/usr/local/bin/cvsup -g -L 2 -z /etc/stable-cvsupfile"<br>4 - run mergemaster -p //this does a pre-compare before running buildworld<br>5 - cd /usr/src<br>6 - run make -j4 buildworld<br>7 - run make buildkernel KERNCONF=GENERIC <br>8 - run make installkernel KERNCONF=GENERIC<br>9 - reboot<br>10 - run make installworld<br>11 - run mergemaster<br>12 - fastboot<br><br>if questoins go to http://www.freebsd.org/handbook to get questions on make world.<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

after the upgrade qmail-scanner was getting Can't do setuid error after the upgrade i installed <br><br>Hi-Res out of the ports and Perl5.8 and typed in use.perl port and chown root /usr/bin/setuid and chmod 4711 /usr/bin/setuid and put setuid= true in the /etc/make.conf file and rebooted. the way i was testing was trying to compile the qmail-scanner-queue.pl got errors. more to come after i test more stuff out.<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

i think the last post was posting info on the upgrade to 4.8 freebsd. i still can't believe how stable FreeBSD is. few or no patches and stuff just runs. its a point solution for specific things such as a mail server and/or web server or even DNS server. i'm still sold on ms and the desktop but i just switched my primary mail services back to my FreeBSD box. from my experience its faster and just does the job than windows and IMAIL 7.x. plus its free (that is the OSS zealot favorite line) one thing that wasn't happening was the ability to export the X-Windows display to my laptop running as root. this isn't a good idea but from time to time its nice to have that ability. i don't run x-windows on the console because one i'm lazy and 2 its just cool to export the display to my laptop as i watch X-Men or another movie. not that i need to use the GUI because i can do everything from the command line but its just cool to use this from time to time. <br><br>i was getting this error<br><br>Error: "/root/.kde/tmp-mx.bgeek.com" is not a link or a director<br>Error: "/root/.kde/socket-mx.bgeek.com" is not a link or a directory.<br>kdeinit: Aborting. bind() failed: : Not a directory<br>Warning: connect() failed: : Not a directory<br>kdeinit: Aborting. bind() failed: : Not a directory<br>Could not register with DCOPServer. Aborting.<br>Warning: connect() failed: : Not a directory<br>Error: Can't contact kdeinit!<br><br>all i did was delete the two files tmp-mx.bgeek.com and socket-mx.bgeek.com files and was able to export it. they were zero bytes. now i just need to get spamassassin working with qmail scanner to rid myself of spam or i guess at least try. no new freebsd wants for now, goals for the future is to better understand the make process to keep the system up-to-date and i have to be brave to run portupgrade to keep things up-to-date. i'm sure my interests will fall over to the linux camp but FreeBSD has made me happy and it doesn't have that many flaws. linux will get there but its way too popular and i don't want to have to babysit my hobby servers. wow this post almost sounds like a zealot. the only thing i'm truely zealot about is any technology is cool. if i don't know it and i learn it its cool! <br><br>Bgeek over/out.<br>keep bgeek'n<br><br>steve schofield<br>steve@bgeek.com<br>or steve@aspfree.com<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>

command to show tcp ports to what process that's sockstat

This is the /usr/local/etc/mail/spamassassin/local.cf that needs to be created to allow for server wide spamassassin rules. This is very handy otherwise the <br>10_misc.cf file is used as the default rule. the /etc/mail/spamassassin/local.cf and /etc/spamassassin/local.cf files didn't work. The system i'm running is FreeBSD 4.8, vpopmail 5.3.20, Qmail 1.03, Qmail-scanner 1.16, Courier-IMAP 1.7 i think, I'm still going to mess with customizing this file but i finallly got it! Anytime you change this file, you have to kill the spamd process <br><br>Other items learned how to debug qmail-scanner by opening up /var/qmail/qmail-queue-scanner.pl <br>#Want debugging? Enable this and read $scandir/qmail-queue.log<br>my $DEBUG='0';<br>line 230 turning 1 on this records /var/spool/qmailscan/qmail-queue.log. This grows quite large so don't leave it on. <br><br>Also another debugging switch was using -x on the spamd process. Both should be turned off after done to save disk space. <br>Here is my /usr/local/etc/spamd.sh file<br>replace x.x.x.x with the static IP given by your ISP.<br><br>#!/bin/sh<br><br>if ! PREFIX=$(expr $0 : "(/.*)/etc/rc.d/$(basename $0)$"); then<br>echo "$0: Cannot determine the PREFIX" >&2<br>exit 1<br>fi<br><br>case "$1" in<br>start)<br>[ -x ${PREFIX}/bin/spamd ] && ${PREFIX}/bin/spamd -a -d -v --vpopmail -u vpopmail -i --listen-ip=x.x.x.x && echo -n ' spamd'<br>;;<br>stop)<br>;;<br>*)<br>echo "Usage: `basename $0` {start|stop}" >&2<br>;;<br>esac<br><br>exit 0<br><br><br><br><br><br>1 - ps -ax | grep spamd to get the process and kill it<br>2 - also another thing to have a certain domain use spamC put this in the <br>3 - /usr/local/vpopmail/domains/mail.bgeek.com/.qmail.default file <br>4 - |preline /usr/local/bin/spamc | /usr/local/vpopmail/bin/vdelivermail '' /usr/local/vpopmail/domains/mail.bgeek.com/steve<br><br># SpamAssassin basic config file<br>#<br># Please don't modify this file as your changes will be overwritten with<br># the next update. Use /usr/local/etc/mail/spamassassin/local.cf instead.<br># See 'perldoc Mail::SpamAssassin::Conf' for details.<br>#<br># This program is free software; you can redistribute it and/or modify<br># it under the terms of either the Artistic License or the GNU General<br># Public License as published by the Free Software Foundation; either<br># version 1 of the License, or (at your option) any later version.<br>#<br># See the file "License" in the top level of the SpamAssassin source<br># distribution for more details.<br>#<br>################################################## #########################<br><br># Default template. Try to keep it under 76 columns (inside the the dots below).<br># Bear in mind that EVERY line will be prefixed with "SPAM: " in order to make<br># it clear what's been added, and allow other filters to *remove* spamfilter<br># modifications, so you lose 6 columns right there.<br>#<br># .................................................. ....................<br>clear_report_template<br>report This mail is probably spam. The original message has been attached<br>report along with this report, so you can recognize or block similar unwanted<br>report mail in future. See http://spamassassin.org/tag/ for more details.<br>report <br>report Content preview: _PREVIEW_<br>report <br>report Content analysis details: (_HITS_ points, _REQD_ required)<br>report _SUMMARY_<br># .................................................. ....................<br><br>################################################## #########################<br><br># Terse report template.<br>#<br># .................................................. ....................<br>clear_terse_report_template<br>terse_report ---- Start SpamAssassin results<br>terse_report _HITS_ points, _REQD_ required;<br>terse_report _SUMMARY_<br>terse_report ---- End of SpamAssassin results<br># .................................................. ....................<br><br>################################################## #########################<br># and now, a template for spam-trap responses. If the first few lines<br># begin with "Xxxxxx: " where Xxxxxx is a header, they'll be used as<br># headers.<br><br>clear_spamtrap_template<br>spamtrap Subject: this address is no longer available<br><br>spamtrap [this message has been automatically generated]<br>spamtrap <br>spamtrap Please note that this address is no longer in use, and nowadays<br>spamtrap receives nothing but unsolicited commercial mail. Accordingly,<br>spamtrap any mail sent to it is added to several spam-tracking databases,<br>spamtrap then automatically deleted.<br>spamtrap<br>spamtrap If you genuinely want to contact the owner of the address, please<br>spamtrap re-check your contact lists, or search the web, to find their<br>spamtrap current e-mail address.<br>spamtrap <br>spamtrap The mail you sent is reproduced in full below, for resending to<br>spamtrap the correct address. Sorry for the inconvenience!<br>spamtrap<br>spamtrap [-- Signed: the SpamAssassin mail filter]<br>spamtrap<br><br>################################################## #########################<br><br># Unsafe-for-viewing message report template.<br>#<br># .................................................. ....................<br>clear_unsafe_report_template<br>unsafe_report The original message did not contain plain text, and may be unsafe to<br>unsafe_report open with some email clients; in particular, it may contain a virus,<br>unsafe_report or confirm that your address can receive spam. If you wish to view<br>unsafe_report it, it may be safer to save it to a file and open it with an editor.<br># .................................................. ....................<br><br>################################################## #########################<br># Database configuration options.<br>#<br># user_scores_dsn MUST be in the form:<br># DBI:databasetype:databasename:hostname<img border="0" src="/forum/emoticons/tongue.gif" height="15" width="15" alt="" />ort<br># ex. DBI:mysql:spamassassin:localhost<br>#<br># user_scores_sql_username is the authorized username to connect to DSN<br># user_scores_sql_password is the password for the database username<br><br>#user_scores_dsn DBI:mysql:spamassassin:localhost<br>#user_scores_sql_username spam<br>#user_scores_sql_password spamfilter<br><br>################################################## #########################<br># Automatic-whitelist directory, for the default db-based whitelist<br># backend. By default, each user has their own, in their ~/.spamassassin<br># directory with mode 0600, but for system-wide SpamAssassin use, you may<br># want to share this across all users; uncomment and customise the below<br># lines. (Make sure the mode has --x bits set.)<br><br># auto_whitelist_factor 0.5<br><br># default: per-user whitelist:<br># auto_whitelist_path ~/.spamassassin/auto-whitelist<br># auto_whitelist_file_mode 0600<br><br># use this for a system-wide whitelist:<br># auto_whitelist_path /var/spool/spamassassin/auto-whitelist<br># auto_whitelist_file_mode 0666<br><br>################################################## #########################<br># Define the sensitivity level. Standard level is 5.<br># After a lot of testing, we found that 10 was the best option. <br># Anything lower produced too many false positives<br>required_hits 10.0<br><br># Allow SpamAssassin to rewrite the subject line of any messages it classifies as spam<br>rewrite_subject 1<br><br># This is the value that will prepended to the subject line of messages classified as spam<br># subject_tag [SPAM]<br><br># Put the spam report into the headers of the message, rather than in the body<br>report_header 0<br><br># Use condensed wording for the spam report<br>use_terse_report 1<br><br># As of SpamAssassin 2.50, if SPAM is detected, by default a new report<br># email will be created and the spam message will be attached as a MIME part.<br># We don't like this behavior so we turn it off<br>report_safe 1<br><br># Don't modify the content-type: mime header of suspect mail.. <br># Usually you would be running a virus checker from Qmail-Scanner which will block out<br># any such nasty attachments<br>defang_mime 0<br><br># Spamassassin by default will try and run these following spam-detection utilities<br># for every mail message. (You can read about them at http://www.spamassassin.org/dist/INSTALL)<br># We don't want to waste any CPU cycles trying to run utilities that we don't have installed,<br># so disable these tests for the moment .<br>use_dcc 0<br>use_pyzor 0<br>use_razor1 0<br># enable razor2 checking<br>use_razor2 1<br><br># Enable SpamAssassin's RBL checking features :<br># Although we have already done some RBL filtering earier in qmail's rblsmtpd program,<br># it is still recommended to turn on RBL checking in SpamAssassin, as it will run<br># checks against a variety of different RBL sources, and the results will help<br># tag spam more accurately<br>skip_rbl_checks 0<br><br># If we haven't received a response from the RBL server in X seconds, then skip that test<br>rbl_timeout 3<br><br># Examine the headers of the message for the last 3 mail servers that the message<br># passed through. Run all of these IPs through the RBL checking systems<br>num_check_received 3<br><br># Now we want to alter some of the default scores for RBL hits<br># By default the bl.spamcop.net RBL score is 0 (disabled).<br># We will override this and give any hits a score of 3 <br># Info about this RBL is available from http://spamcop.net/fom-serve/cache/290.html <br>score RCVD_IN_BL_SPAMCOP_NET 3<br><br># Mail using locales used in these country codes will not be marked<br># as being possibly spam in a foreign language.<br>ok_locales all<br><br># Mail using languages used in these country codes will not be marked<br># as being possibly spam in a foreign language. This is an expensive<br># test, so it is set to "all" so the test will not be used by default.<br>ok_languages all<br><br># Mail which scores outside this range will be fed back into SpamAssassin's<br># learning system automatically, to train the Bayesian scanner.<br>auto_learn_threshold_nonspam -2<br>auto_learn_threshold_spam 15<br><br># Set this to 0 to turn off auto-learning.<br>auto_learn 1<br><br># Some common prefs settings can be set here, to take effect site-wide<br># unless the user override them. See the user_prefs.template file for<br># explanations.<br><br># rewrite_subject 0<br># report_safe 1<br># subject_tag *****SPAM*****<br># skip_rbl_checks 0<br>check_mx_attempts 2<br>check_mx_delay 5<p><hr size="1" width="50%" align="left" />*----------------------------------------*<br>* Steve Schofield<br>* steve@aspfree.com<br>*<br>* Microsoft MVP - ASP.NET<br>* http://www.aspfree.com<br>* <br>*----------------------------------------*</p>