Difference between revisions of "OpenBSD"
(→Logs: added tcpdump option to drop attempts on port 6882) |
(Added Building section and Building a Release sub-section.) |
||
| Line 153: | Line 153: | ||
# cvs -q up -rOPENBSD_4_5 -Pd | # cvs -q up -rOPENBSD_4_5 -Pd | ||
</pre> | </pre> | ||
| + | |||
| + | === Building === | ||
| + | |||
| + | == Making a release == | ||
| + | |||
| + | Read [http://www.openbsd.org/faq/faq5.html#Release] | ||
| + | |||
| + | If this is not your first time building a release, clean out the Destination and Release directories: | ||
| + | <pre> | ||
| + | # rm -rf /usr/dest/* | ||
| + | # rm -rf /usr/rel/* | ||
| + | </pre> | ||
| + | |||
| + | If this is the first release you're building since a clean installation, make the release directories: | ||
| + | <pre> | ||
| + | # mkdir /usr/dest | ||
| + | # mkdir /usr/rel | ||
| + | </pre> | ||
| + | |||
| + | Define our DESTDIR and RELEASEDIR environment variables: | ||
| + | <pre> | ||
| + | # export DESTDIR=/usr/dest | ||
| + | # export RELEASEDIR=/usr/rel | ||
| + | </pre> | ||
| + | |||
| + | We now clear the DESTDIR and create the directories if needed: | ||
| + | <pre> | ||
| + | # test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}.old && rm -rf ${DESTDIR}.old & | ||
| + | # mkdir -p ${DESTDIR} ${RELEASEDIR} | ||
| + | </pre> | ||
| + | |||
| + | RELEASEDIR does not normally need to be empty before starting the release process, however, if there are changes in the release files or their names, old files may be left laying around. You may wish to also erase this directory before starting. | ||
| + | |||
| + | We now make the release itself: | ||
| + | <pre> | ||
| + | # cd /usr/src/etc | ||
| + | # make release | ||
| + | </pre> | ||
| + | After the release is made, it is a good idea to check the release to make sure the tar files are matching what is in the DESTDIR. The output of this step should be very minimal. | ||
| + | <pre> | ||
| + | # cd /usr/src/distrib/sets | ||
| + | # sh checkflist | ||
| + | </pre> | ||
| + | |||
| + | You now have complete and checked release file sets in the RELEASEDIR. These files can now be used to install or upgrade OpenBSD on other machines. | ||
| + | The authoritative instructions on making a release are in release(8). | ||
| + | |||
| + | Note: if you wish to distribute the resultant files by HTTP for use by the upgrade or install scripts, you will need to add an "index.txt" file, which contains the list of all the files in your newly created release. | ||
| + | <pre> | ||
| + | # /bin/ls -1 >index.txt | ||
| + | </pre> | ||
| + | |||
| + | Once you have the complete release made, you can use those files for a standard install or upgrade on another machine, or if updating a machine to a new -stable, simply unpack the tar files in the root directory of the target machine. | ||
== Hardware Sensors == | == Hardware Sensors == | ||
Revision as of 10:17, 29 April 2012
Contents
Packet Filter
Logs
Real-time display of Packet Filter Logs:
sudo tcpdump -n -e -ttt -i pflog0 src host not 174.0.204.1 and dst port not 6882
Tables
Update/replace a table:
sudo pfctl -t retards -T replace -f /etc/pf.d/tables/blacklist.txt
Display a table called 'retards':
pfctl -t retards -T show
Show the current state table:
sudo pfctl -s state sudo pfctl -ss
Configuration Files
Load a Packet Filter configuration file:
pfctl -f /etc/pf.conf
Parse a configuration file but do not load it:
pfctl -nf /etc/pf.conf
Load only the NAT rules from the file:
pfctl -Nf /etc/pf.conf
Load only the filter rules from the file:
pfctl -Rf /etc/pf.conf
Show states
Show the current NAT rules:
pfctl -sn
Show current filter rules:
pfctl -sr
Show filter stats and counters:
pfctl -si
Show everything it can show:
pfctl -sa
Updating OpenBSD Via Source
Grab source from CVS
First Time
For -current:
cd /usr cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P src
For -stable:
cd /usr cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_5 -P src
Updating
For -current:
cd /usr/src cvs -q up -Pd
For -stable:
cd /usr/src cvs -q up -rOPENBSD_4_5 -Pd
Rebuilding the Kernel
# cd /usr/src/sys/arch/i386/conf # /usr/sbin/config GENERIC # cd /usr/src/sys/arch/i386/compile/GENERIC # make clean && make depend && make
Rebooting with the new kernel
# cd /usr/src/sys/arch/i386/compile/GENERIC # make install (Safely install new kernel) # reboot
Rebuilding the userland binaries
# rm -rf /usr/obj/* # cd /usr/src # make obj # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs # cd /usr/src # make build
Updating Ports Via CVS
First Time
For -current:
# cd /usr # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P ports
For -stable:
# cd /usr # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_5 -P ports
Updating
For -current:
# cd /usr/ports # cvs -q up -Pd
For -stable:
# cd /usr/ports # cvs -q up -rOPENBSD_4_5 -Pd
Building
Making a release
Read [1]
If this is not your first time building a release, clean out the Destination and Release directories:
# rm -rf /usr/dest/* # rm -rf /usr/rel/*
If this is the first release you're building since a clean installation, make the release directories:
# mkdir /usr/dest # mkdir /usr/rel
Define our DESTDIR and RELEASEDIR environment variables:
# export DESTDIR=/usr/dest # export RELEASEDIR=/usr/rel
We now clear the DESTDIR and create the directories if needed:
# test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}.old && rm -rf ${DESTDIR}.old &
# mkdir -p ${DESTDIR} ${RELEASEDIR}
RELEASEDIR does not normally need to be empty before starting the release process, however, if there are changes in the release files or their names, old files may be left laying around. You may wish to also erase this directory before starting.
We now make the release itself:
# cd /usr/src/etc # make release
After the release is made, it is a good idea to check the release to make sure the tar files are matching what is in the DESTDIR. The output of this step should be very minimal.
# cd /usr/src/distrib/sets # sh checkflist
You now have complete and checked release file sets in the RELEASEDIR. These files can now be used to install or upgrade OpenBSD on other machines. The authoritative instructions on making a release are in release(8).
Note: if you wish to distribute the resultant files by HTTP for use by the upgrade or install scripts, you will need to add an "index.txt" file, which contains the list of all the files in your newly created release.
# /bin/ls -1 >index.txt
Once you have the complete release made, you can use those files for a standard install or upgrade on another machine, or if updating a machine to a new -stable, simply unpack the tar files in the root directory of the target machine.
Hardware Sensors
Check hardware sensors
# sysctl -a | grep "hw.sensors"
