Absolute FreeBSD: the complete guide to FreeBSD

Free Download

Authors:

Edition: 2

ISBN: 1593271514, 9781593271510

Size: 7 MB (7473566 bytes)

Pages: 744/745

File format:

Language:

Publishing Year:

Category: Tag:

Michael W. Lucas1593271514, 9781593271510

FreeBSD—the powerful, flexible, and free Unix-like operating system—is the preferred server for many enterprises. But it can be even trickier to use than either Unix or Linux, and harder still to master.
Absolute FreeBSD, 2nd Edition is your complete guide to FreeBSD, written by FreeBSD committer Michael W. Lucas. Lucas considers this completely revised and rewritten second edition of his landmark work to be his best work ever; a true product of his love for FreeBSD and the support of the FreeBSD community. Absolute FreeBSD, 2nd Edition covers installation, networking, security, network services, system performance, kernel tweaking, filesystems, SMP, upgrading, crash debugging, and much more, including coverage of how to:
• Use advanced security features like packet filtering, virtual machines, and host-based intrusion detection
• Build custom live FreeBSD CDs and bootable flash
• Manage network services and filesystems
• Use DNS and set up email, IMAP, web, and FTP services for both servers and clients
• Monitor your system with performance-testing and troubleshooting tools
• Run diskless systems
• Manage schedulers, remap shared libraries, and optimize your system for your hardware and your workload
• Build custom network appliances with embedded FreeBSD
• Implement redundant disks, even without special hardware
• Integrate FreeBSD-specific SNMP into your network management system.
Whether you’re just getting started with FreeBSD or you’ve been using it for years, you’ll find this book to be the definitive guide to FreeBSD that you’ve been waiting for.

Author Bio
Michael W. Lucas is a network/security engineer with extensive experience working with high-availability systems. He is the author of the critically acclaimed Absolute BSD, Absolute OpenBSD, Cisco Routers for the Desperate, and PGP & GPG, all from No Starch Press.


Table of contents :
Absolute FreeBSD: The Complete Guide to FreeBSD, 2nd Edition……Page 1
Foreword by Robert N.M. Watson……Page 29
Acknowledgments……Page 31
Introduction……Page 33
BSD: FreeBSD’s Granddaddy……Page 34
The BSD License……Page 35
The Birth of FreeBSD……Page 36
Committers……Page 37
Contributors……Page 38
OpenBSD……Page 39
Solaris/OpenSolaris……Page 40
IRIX, HP/UX, and So On……Page 41
Simplified Software Management……Page 42
Who Should Run Another BSD?……Page 43
What Must You Know?……Page 44
Desktop FreeBSD……Page 45
How to Think About Unix……Page 46
Contents of This Book……Page 48
1: Getting More Help……Page 51
Support Options……Page 52
Man Pages……Page 53
Manual Sections……Page 54
Finding Man Pages……Page 55
Man Page Contents……Page 56
Web Documents……Page 57
Using FreeBSD Problem-Solving Resources……Page 58
Checking the Man Pages……Page 59
Using Your Answer……Page 60
Writing Your Email……Page 61
Sending Your Email……Page 62
Email Is Forever……Page 63
2: Installing FreeBSD……Page 65
FreeBSD Hardware……Page 66
Proprietary Hardware……Page 67
Hardware Requirements……Page 68
Partitioning……Page 69
Multiple Hard Drives……Page 72
Partition Block Size……Page 73
Choosing Your Distribution(s)……Page 74
FTP Server Content……Page 75
Choosing Boot Media……Page 77
Choosing Installation Media……Page 78
Preparing Boot CDs……Page 79
FTP Media Setup……Page 80
Actually Installing FreeBSD……Page 81
Configuring the Network……Page 86
Adding Packages……Page 88
Adding Users……Page 89
Post-Installation Setup……Page 90
Restart!……Page 91
3: Start Me Up! The Boot Process……Page 93
Power-On and the Loader……Page 94
Single-User Mode……Page 95
Programs Available in Single-User Mode……Page 96
Uses for Single-User Mode……Page 97
The Loader Prompt……Page 98
Default Files……Page 100
Loader Configuration……Page 101
Serial Consoles……Page 102
Software Serial Consoles……Page 103
Serial Console Use……Page 105
Serial Console Disconnection……Page 107
Startup Messages……Page 108
/etc/rc.conf and /etc/defaults/rc.conf……Page 111
The rc.d Startup System……Page 119
Shutdown……Page 120
4: Read This Before You Break Something Else! (Backup and Recovery)……Page 121
Backup Tapes……Page 122
The $TAPE Variable……Page 123
Tape Status with mt(1)……Page 124
To Rewind or Not?……Page 125
tar Modes……Page 126
Other tar Features……Page 128
gzip……Page 129
dump Levels……Page 130
dump and Live Filesystems……Page 131
Running dump……Page 132
Checking the Contents of an Archive……Page 133
Restoring dump Data……Page 134
Multiple Backups on One Tape……Page 137
Revision Control……Page 138
Initializing Revision Control……Page 139
Checking Back In……Page 140
Viewing RCS Logs……Page 141
Reviewing a File’s Revision History……Page 142
Getting Older Versions……Page 143
Breaking Locks……Page 144
The Fixit Disk……Page 146
5: Kernel Games……Page 149
What Is the Kernel?……Page 150
sysctl……Page 151
sysctl MIBs……Page 152
Viewing sysctls……Page 153
Changing sysctls……Page 154
Viewing Loaded Modules……Page 156
Loading Modules at Boot……Page 157
Preparations……Page 158
Buses and Attachments……Page 159
Configuration File Format……Page 160
Configuration Files……Page 161
Basic Options……Page 163
Device Drivers……Page 166
Pseudodevices……Page 167
Building a Kernel……Page 168
Booting an Alternate Kernel……Page 169
NOTES……Page 170
How Kernel Options Fix Problems……Page 171
Sharing Kernels……Page 172
Testing Kernels Remotely……Page 173
PAE……Page 174
Lock Order Reversals……Page 175
6: The Network……Page 177
Datalink: The Physical Protocol……Page 178
Heavy Lifting: The Transport Layer……Page 179
The Network in Practice……Page 180
Getting Bits and Hexes……Page 182
IP Addresses and Netmasks……Page 184
UDP……Page 187
TCP……Page 188
Transport Protocol Ports……Page 189
Understanding Ethernet……Page 190
Protocol and Hardware……Page 191
MAC Addresses……Page 192
ifconfig(8)……Page 193
Adding an IP to an Interface……Page 194
Multiple IP Addresses on One Interface……Page 195
Renaming Interfaces……Page 196
DHCP……Page 197
Current Network Activity……Page 198
What’s Listening on What Port?……Page 199
Port Listeners in Detail……Page 200
Network Capacity in the Kernel……Page 201
Optimizing Network Hardware……Page 202
Memory Usage……Page 203
Maximum Incoming Connections……Page 205
Changing Window Size……Page 206
Aggregation Protocols……Page 207
Configuring lagg(4)……Page 208
7: Securing Your System……Page 209
Script Kiddies……Page 210
Motivated Skilled Attackers……Page 211
FreeBSD Security Announcements……Page 212
Creating User Accounts……Page 213
Editing Users: passwd(1), chpass(1), and Friends……Page 215
Shells and /etc/shells……Page 220
The root Password……Page 221
Groups of Users……Page 222
Using Groups to Avoid Root……Page 223
Restricting Login Ability……Page 227
Restricting System Usage……Page 229
File Flags……Page 233
Setting and Viewing File Flags……Page 235
Securelevel Definitions……Page 236
Which Securelevel Do You Need?……Page 237
Living with Securelevels……Page 238
Network Targets……Page 239
Putting It All Together……Page 240
Disk Drives 101……Page 241
Device Nodes……Page 242
Hard Disks and Partitions……Page 243
The Filesystem Table: /etc/fstab……Page 244
Mounting Standard Filesystems……Page 246
How Full Is a Partition?……Page 247
The Fast File System……Page 249
FFS Mount Types……Page 250
Soft Updates and Journaling with FFS……Page 252
Write Caching……Page 253
Dirty Disks……Page 254
FFS Syncer at Shutdown……Page 256
Using Foreign Filesystems……Page 257
Supported Foreign Filesystems……Page 258
Formatting FAT32 Media……Page 260
Using Removable Media……Page 262
Other FreeBSD Filesystems……Page 263
Memory Filesystems……Page 264
Filesystems in Files……Page 267
Wiring Down Devices……Page 270
Creating Slices……Page 272
Installing Existing Files onto New Disks……Page 273
Stackable Mounts……Page 274
Network Filesystems……Page 275
Prerequisites……Page 280
nsmb.conf Keywords……Page 281
Other smbutil(1) Functions……Page 282
Other mount_smbfs Options……Page 283
Serving CIFS Shares……Page 284
devfs at Boot: devfs.conf……Page 285
Global devfs Rules……Page 287
Dynamic Device Management with devd(8)……Page 288
Unprivileged Users……Page 293
Network Traffic Control……Page 295
Default Accept vs. Default Deny……Page 296
Configuring Wrappers……Page 297
Wrapping Up Wrappers……Page 303
Packet Filtering……Page 304
Default Accept and Default Deny in Packet Filtering……Page 305
Basic Packet Filtering and Stateful Inspection……Page 306
Configuring PF……Page 307
Complete PF Rule Sample……Page 310
Activating PF Rules……Page 311
Public Key Encryption……Page 312
Configuring OpenSSL……Page 313
Certificates……Page 314
SSL Trick: Connecting to SSL-Protected Ports……Page 317
Jails……Page 318
Jail Host Server Setup……Page 319
Jail and the Kernel……Page 321
Client Setup……Page 322
Decorating Your Cell: In-Jail Setup……Page 323
Jail Startup and Shutdown……Page 325
Managing Jails……Page 326
What’s Wrong with Jails……Page 327
Preparing for Intrusions with mtree(1)……Page 328
Running mtree(1)……Page 329
Saving the Spec File……Page 330
Monitoring System Security……Page 331
If You’re Hacked……Page 332
10: Exploring /etc……Page 333
/etc/crontab……Page 334
/etc/disktab……Page 335
/etc/hosts.equiv……Page 336
/etc/locate.rc……Page 337
/etc/make.conf……Page 338
CPUTYPE=i686……Page 339
/etc/mtree……Page 340
/etc/opie*……Page 341
daily_show_info=”YES”……Page 342
/etc/ppp……Page 343
/etc/remote……Page 344
/etc/syslog.conf……Page 345
/etc/ttys……Page 346
11: Making Your System Useful……Page 347
Source Code and Software……Page 348
The Ports and Packages System……Page 349
Ports……Page 350
Finding Software……Page 352
Finding by Keyword……Page 353
Using Packages……Page 354
CD Packages……Page 355
FTP Packages……Page 356
Installing Packages……Page 357
pkg_add(1) Environment Settings……Page 358
What Does a Package Install?……Page 359
Uninstalling Packages……Page 360
Package Information……Page 361
Package Problems……Page 362
Using Ports……Page 363
Installing a Port……Page 364
Integrated Port Customizations……Page 366
Port Makefiles……Page 368
Uninstalling and Reinstalling……Page 369
Cleaning Up Ports……Page 370
Changing the Install Path……Page 371
Ports and Package Security……Page 372
12: Advanced Software Management……Page 375
Kernel Assumptions……Page 376
SMP: The First Try……Page 377
Today’s SMP……Page 378
Processors and SMP……Page 379
Using SMP……Page 380
Schedulers……Page 381
rc Script Ordering……Page 382
A Typical rc Script……Page 383
Special rc Script Providers……Page 384
Debugging Custom rc Scripts……Page 385
Shared Library Versions and Files……Page 386
Attaching Shared Libraries to Programs……Page 387
LD_LIBRARY_PATH……Page 389
Threads, Threads, and More Threads……Page 390
Userland Threading Libraries……Page 391
Remapping Shared Libraries……Page 392
Running Software from the Wrong OS……Page 393
Recompilation……Page 394
ABI Reimplementation……Page 395
Supported ABIs……Page 396
Using Linux Mode……Page 397
Testing Linux Mode……Page 398
linprocfs……Page 399
Debugging Linux Mode with truss(1)……Page 400
Running Software from the Wrong Architecture……Page 401
13: Upgrading FreeBSD……Page 403
Releases……Page 404
FreeBSD-current……Page 405
FreeBSD-stable……Page 406
Snapshots……Page 407
Which Version Should You Use?……Page 408
Upgrade Methods……Page 409
/etc/freebsd-update.conf……Page 410
Running freebsd-update(8)……Page 411
Upgrading via sysinstall……Page 412
Upgrading via Source……Page 414
Selecting Your Supfile……Page 415
Modifying Your Supfile……Page 416
Blocking Updates: The Refuse File……Page 418
Using csup to Get the Whole Source Tree……Page 419
Build the World……Page 420
Build, Install, and Test a Kernel……Page 421
Prepare to Install the New World……Page 422
Installing the World……Page 425
Upgrades and Single-User Mode……Page 427
Shrinking FreeBSD……Page 428
Updating with csup and make……Page 430
Building a Local CVSup Server……Page 431
Controlling Access……Page 434
Configuring portsnap……Page 435
Updating Installed Ports……Page 436
Initial portmaster Setup……Page 437
Identifying and Upgrading Software……Page 438
Forcing a Rebuild……Page 439
Ignoring Ports……Page 440
Reducing the Size of the Ports Tree……Page 441
14: The Internet Road Map: DNS……Page 443
How DNS Works……Page 444
The host(1) Command……Page 445
Digging for Detail……Page 446
Finding Hostnames with dig……Page 448
More dig Options……Page 449
in-addr.arpa……Page 450
Host/IP Information Sources……Page 451
Setting Local Domain Names……Page 452
The Nameserver List……Page 453
Building a Nameserver……Page 454
BIND Configuration Files……Page 455
Options……Page 456
Zones in named.conf……Page 457
Configuring a Slave Domain……Page 458
Master and Slave File Storage……Page 459
Zone Files……Page 460
A Real Sample Zone……Page 464
Reverse DNS Zones……Page 465
Configuring rndc……Page 466
Using rndc……Page 467
Controlling Zone Transfers……Page 468
More on BIND……Page 469
SSH……Page 471
The SSH Server: sshd(8)……Page 472
Configuring the SSH Daemon……Page 474
Managing SSH User Access……Page 476
SSH Clients……Page 477
Setting the Time Zone……Page 479
Network Time Protocol……Page 480
/etc/nsswitch.conf……Page 482
Name Query Caching with nscd(8)……Page 483
/etc/inetd.conf……Page 485
Configuring inetd Servers……Page 486
Starting inetd(8)……Page 487
DHCP……Page 488
Configuring dhcpd(8)……Page 489
Printing and Print Servers……Page 491
/etc/printcap……Page 492
Root Directory……Page 493
tftpd(8) Configuration……Page 494
User Crontabs vs. /etc/crontab……Page 495
Crontab Format……Page 496
16: Spam, Worms, and Viruses (Plus Email, If You Insist)……Page 499
Finding Mail Servers for a Domain……Page 500
Undeliverable Email……Page 501
The SMTP Protocol……Page 502
Stopping Bad Email……Page 504
Sendmail……Page 505
Submission vs. Reception……Page 506
The access File……Page 508
The aliases File……Page 510
The mailertable File……Page 511
Making Changes Take Effect……Page 512
User Mapping……Page 513
Changing sendmail.cf……Page 515
Custom .mc Files……Page 516
Rejecting Spam Sources……Page 517
Greylisting……Page 519
Configuring milter-greylist……Page 520
Attaching milter-sendmail to Sendmail……Page 522
Sendmail Authentication with SASL……Page 523
Building sendmail.cf……Page 524
IMAP and POP3……Page 525
Configuring Dovecot……Page 526
Creating a Dovecot SSL Certificate……Page 527
Testing POP3S……Page 528
Testing IMAPS……Page 529
17: Web and FTP Services……Page 531
The Apache Web Server……Page 532
Core Apache Configuration……Page 533
Apache Logs……Page 535
Apache Modules……Page 537
Controlling Access by IP Address……Page 539
Directory Options……Page 540
Configuration by Users……Page 542
Other Directory Settings……Page 543
Password Protection and Apache……Page 544
Including Other Configuration Files……Page 547
Configuring Virtual Hosts……Page 549
Tuning Virtual Hosts……Page 550
HTTPS Websites……Page 552
Controlling Apache……Page 553
The FTP Client……Page 554
Binary and ASCII Transfers……Page 555
FTP User Control……Page 556
FTP Server Messages……Page 557
Setting Up Anonymous FTP Servers……Page 558
Chrooting sftp(1) and scp(1)……Page 559
18: Disk Tricks with GEOM……Page 561
Disk Drives 102……Page 562
Slicing Disks……Page 563
Viewing the Slice Table with fdisk(8)……Page 564
Changing the Slice Table……Page 565
Partitioning Slices……Page 568
Reading Disklabels……Page 569
Editing Disklabels……Page 570
Replicating Drive Slicing and Partitioning……Page 571
Building Filesystems……Page 572
Hardware vs. Software RAID……Page 573
Parity and Stripe Size……Page 574
RAID Types……Page 575
Generic GEOM Commands……Page 576
Striping Disks……Page 577
gstripe Destruction……Page 578
Creating a Mirror……Page 579
Repairing Mirrors……Page 580
Mirrored Boot Disks……Page 581
RAID-3……Page 582
Repairing a RAID-3……Page 583
RAID-10 Setup……Page 585
Journaling Filesystems with gjournal(8)……Page 586
Configuring gjournal(8)……Page 588
De-Journaling Partitions……Page 589
Filesystem Encryption……Page 590
Generating and Using a Cryptographic Key……Page 591
Deactivating Encrypted Disks……Page 592
Disk Device Network Exports……Page 593
geom_gate Server Setup……Page 594
geom_gate Client Setup……Page 595
Oops! Rescuing geom_gate……Page 596
Backup Server Setup……Page 597
Primary Server Setup……Page 598
Mirror Failover and Recovery……Page 599
19: System Performance and Monitoring……Page 601
Computer Resources……Page 602
General Bottleneck Analysis with vmstat(8)……Page 603
Paging……Page 604
Using vmstat……Page 605
Disk I/O……Page 606
CPU, Memory, and I/O with top(1)……Page 607
Process Counts……Page 608
Memory……Page 609
Process List……Page 610
top(1) and I/O……Page 611
Following Processes……Page 612
Paging and Swapping……Page 613
Performance Tuning……Page 614
CPU Usage……Page 615
Reprioritizing with Niceness……Page 616
Status Mail……Page 618
Facilities……Page 619
Levels……Page 620
Processing Messages with syslogd(8)……Page 621
syslogd Customization……Page 624
Log File Management……Page 625
Count……Page 626
Time……Page 627
Flags……Page 628
Sample newsyslog.conf Entry……Page 629
SNMP 101……Page 630
Configuring bsnmpd……Page 632
20: The Fringe of FreeBSD……Page 635
/etc/ttys Format……Page 636
Insecure Console……Page 637
Diskless FreeBSD……Page 638
DHCP Server Setup……Page 639
The NFS Server and the Diskless Client Userland……Page 641
The /conf/base Directory……Page 643
Per-Subnet and Per-Client Directories……Page 644
Diskless Configuration Files……Page 645
NanoBSD: Building Your Own Appliances……Page 647
What Is NanoBSD?……Page 648
Your Hardware and Your Flash Drive……Page 649
Expanding FlashDevice.sub……Page 650
NanoBSD Configuration Options……Page 651
A Sample NanoBSD Configuration……Page 653
Building NanoBSD……Page 656
Customizing NanoBSD……Page 659
Using NanoBSD……Page 661
Live Media with FreeSBIE……Page 662
Configuring FreeSBIE……Page 663
FreeSBIE Plug-ins……Page 666
Choosing Packages……Page 667
Rebuilding FreeSBIE……Page 668
What Causes Panics?……Page 669
Recognizing Panics……Page 670
Responding to a Panic……Page 671
Configuring Crash Dumps……Page 672
Debugging Kernels……Page 673
When Panic Strikes: Manual Crash Dumps……Page 674
Getting a Backtrace……Page 675
vmcore and Security……Page 677
Submitting Problem Reports……Page 678
Before Filing a PR……Page 679
Bad PRs……Page 680
Good PRs……Page 681
A Sample PR……Page 684
After Submitting the PR……Page 685
The Community……Page 687
Why Do We Do It?……Page 688
What Can You Do?……Page 689
Getting Things Done……Page 690
Some Interesting sysctl MIBs……Page 693
Index……Page 707
Updates……Page 743

Reviews

There are no reviews yet.

Be the first to review “Absolute FreeBSD: the complete guide to FreeBSD”
Shopping Cart
Scroll to Top