2015年4月30日木曜日

openbsd autoinstall ; dillo 少しだけ日本語化

1)まず手動では
openbsdで PXEサーバーをたちあげて openbsdを インストール


internet
|
sis0
openbsd PXE server
ne3 :192.168.11.1
|
|
 PC ( openbsd will be installed)

# cat /etc/hostname.ne3                                                       
inet 192.168.11.1 255.255.255.0


# cat /etc/dhcpd.interfaces 
ne3


# cat /etc/dhcpd.conf                                                         

            option  domain-name "example.com";
            option  domain-name-servers 8.8.8.8;

            subnet 192.168.11.0 netmask 255.255.255.0 {

                    option routers 192.168.11.1;
                    filename "pxeboot";
                    range 192.168.11.30 192.168.11.31;
                    default-lease-time 86400;
                    max-lease-time 90000;
            }



# ./comment-out.bat /etc/rc.conf.local                                        
dhcpd_flags=""  #NO             # for normal use: ""
ntpd_flags=""   #NO             # for normal use: ""


# ls -l /tftpboot/                                                            
total 13860
-rw-r--r--  1 root  wheel  6987854 Apr 30 01:21 bsd.rd
drwxr-xr-x  2 root  wheel      512 Apr 30 09:04 etc
-rw-r--r--  1 root  wheel    81108 Apr 30 01:04 pxeboot



# cat /tftpboot/etc/boot.conf                                                 
#tty com0 19200
#set tty com0
boot tftp:/bsd.rd





 /etc/httpd.conf
ext_addr="192.168.11.1"
server "www.intranet.com" {
        listen on $ext_addr port 80
        root "/htdocs/5.7"
}



ls /var/www/htdocs/pub/5.7
INSTALL.i386 base57.tgz   bsd.rd
index.txt  
xbase57.tgz  xshare57.tgz
SHA256       bsd          comp57.tgz   man57.tgz    xfont57.tgz
SHA256.sig   bsd.mp       game57.tgz   pxeboot      xserv57.tgz


tftpd  /tftpboot
でPXEサーバーが動く 

もし httpdではなくて nginx の場合

  cat /etc/nginx/nginx.conf                                                  
worker_processes  1;
worker_rlimit_nofile 1024;
events {
    worker_connections  800;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout  65;
    server_tokens off;
    server {
        listen       80;
        listen       [::]:80;
        server_name  192.168.11.1;
        root         /var/www/htdocs;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root  /var/www/htdocs;
        }
    }
}





1-1)dnsmasqをつかって
  /etc/dnsmasq.conf  
---------------------                                                           listen-address=127.0.0.1
listen-address=192.168.11.1
interface=fxp0
dhcp-range=192.168.11.10,192.168.11.12,12h
dhcp-boot=pxeboot
enable-tftp
tftp-root=/tftpboot


 /etc/hosts
127.0.0.1       localhost
::1             localhost
192.168.11.1    01.net
192.168.11.1    02.net


 /etc/nginx/nginx.conf                                                         
worker_processes  1;
worker_rlimit_nofile 1024;
events {
    worker_connections  800;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout  65;
    server_tokens off;
    server {
        listen       80;
        listen       [::]:80;
        server_name  01.net;
        root         /var/www/htdocs;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root  /var/www/htdocs;
        }
    }
}



以下のシェルスクリプトで起動
ifconfig fxp0 192.168.11.1/24
ifconfig fxp0
echo '------------------------'
/etc/rc.d/dnsmasq  restart
/etc/rc.d/nginx    restart
echo '127.0.0.1' > /etc/resolv.conf




ただし wifiの時は
/etc/hostname.bge0 を前もってdhcpにしておかないと dnsmasqサーバーからアドレスをもらえない。




2)本題のautoinstall です。

http://www.bsdnow.tv/tutorials/autoinstall のとおりです。

  cat /var/www/htdocs/install.conf

System hostname = bsdnow.tv
Password for root = ThePlaceToBe...SD
Network interfaces = em0
IPv4 address for em0 = dhcp
Setup a user = puffy
Password for user = whywasibornasafish
What timezone are you in = US/Eastern
Location of sets = http
Server = 192.168.1.1


 ----->8-----cut here ----->8-----
System hostname = tester
Which network interface do you wish to configure = em0
IPv4 address for em0 = 192.168.99.10
Netmask for em0 = 255.255.255.0
IPv6 address for em0 = none
Which network interface do you wish to configure = done
Default IPv4 route = 192.168.99.1
DNS domain name = example.com
DNS nameservers = none
Password for root account = insecure
Start sshd(8) by default = yes
Start ntpd(8) by default = no
Do you expect to run the X Window System = no
Do you want the X Window System to be started by xdm(1) = no
Setup a user = joe
Full name for user joe = Joe Blogs
Password for user joe = insecure
Public ssh key for user joe = none
Which disk is the root disk = wd0
Use DUIDs rather than device names in fstab = yes
Use (W)hole disk, use the (O)penBSD area, or (E)dit the MBR = whole
URL to autopartitioning template for disklabel = http://192.168.99.1/template
Location of sets = http
HTTP proxy URL = none
HTTP Server = 192.168.99.1
----->8-----cut here ----->8-----



/etc/rc.d/nginx stop と 止めます。
apacheをいれます。 




internet
|
sis0
openbsd PXE server
ne3 :192.168.11.1
|
|
fxp0
PC ( openbsd will be installed)

a) httpd

# cat /etc/hostname.ne3                                                       
inet 192.168.11.1 255.255.255.0

# cat /etc/dhcpd.interfaces                                                   
ne3

# cat /etc/dhcpd.conf                                                         
option domain-name-servers 8.8.8.8;
subnet 192.168.11.0 netmask 255.255.255.0 {
    option routers 192.168.11.1;
    filename "auto_install";
    next-server 192.168.11.1;
    range 192.168.11.8 192.168.11.25;
}



b)httpd


 $ cat /etc/httpd.conf                                                        
server "default" {
        listen on ne3 port 80
        root "/htdocs"
        directory auto index
}


  # ls -ltr /var/www/htdocs
total 340
-r--r--r--  1 root  bin      2220 Mar  6  2014 smalltitle.gif
-r--r--r--  1 root  bin      2063 Mar  6  2014 openssl_ics.gif
-r--r--r--  1 root  bin      3334 Mar  6  2014 openbsdpower.gif
-r--r--r--  1 root  bin      3361 Mar  6  2014 openbsd_pb.gif
-r--r--r--  1 root  bin      2007 Mar  6  2014 mod_ssl_sb.gif
-r--r--r--  1 root  bin     35570 Mar  6  2014 logo24.jpg
-r--r--r--  1 root  bin     46246 Mar  6  2014 logo23.jpg
-r--r--r--  1 root  bin      5417 Mar  6  2014 lock.gif
-r--r--r--  1 root  bin      4090 Mar  6  2014 bsd_small.gif
-r--r--r--  1 root  bin     41318 Mar  6  2014 blowfish.jpg
-r--r--r--  1 root  bin      2326 Mar  6  2014 apache_pb.gif
-r--r--r--  1 root  bin       537 Mar  6  2014 50x.html
-r--r--r--  1 root  bin      2269 Dec 26 05:35 index.html
drwxr-xr-x  2 root  wheel     512 Apr 27 01:24 bgplg
drwxr-xr-x  3 root  daemon    512 Apr 30 19:30 pub

lrwxr-xr-x  1 root  daemon     11 Apr 30 20:49 auto_install -> 5.6/pxeboot
lrwxr-xr-x  1 root  daemon     10 Apr 30 20:51 bsd -> 5.6/bsd.rd
drwxr-xr-x  2 root  daemon    512 Apr 30 21:00 5.6
-rw-r--r--  1 root  daemon    263 May  1 02:09 install.conf


# ls  /var/www/htdocs/5.6   
INSTALL.i386 base56.tgz   bsd.rd       game56.tgz   xbase56.tgz  xserv56.tgz
SHA256       bsd          comp56.tgz   man56.tgz    xetc56.tgz   xshare56.tgz
SHA256.sig   bsd.mp       etc56.tgz    pxeboot      xfont56.tgz



cp  /var/www/htdocs/5.6/bsd.rd  /tftpboot/bsd

# cat /var/www/htdocs/install.conf                                            

System hostname = bsdnow.tv
Password for root = e-----------
Network interfaces = fxp0     #reserch NIC previouly
IPv4 address for fxp0 = dhcp
Setup a user = t-user
Password for user = f-----------
What timezone are you in = Asia/Tokyo
Location of sets = http
Server = 192.168.11.1



c)tftpd
# ls -l /tftpboot/
total 13600
lrwxr-xr-x  1 root  wheel        7 Apr 30 19:23    auto_install -> pxeboot
-rw-r--r--  1 root  wheel  6918326 May  1 01:30    bsd
-rw-r--r--  1 root  wheel    81108 Apr 30 01:04       pxeboot


bsdは実は bsd.rd でしたね

d)
/etc/rc.d/dhcpd -f restart
/etc/rc.d/httpd  -f restart
tftpd  /tftpboot


起動したら
cat /etc/kbdtype                                                            
jp






)
http://cappesoft.blog21.fc2.com/blog-entry-1199.html
参考にして

 ./comment-out.bat .dillo/dillorc                     で日本語動くが、以下は奇妙


initially.
img.example.org,
font_serif="M+1P+IPAG"
font_sans_serif="M+1P+IPAG"
font_cursive="M+1P+IPAG"
font_fantasy="M+1P+IPAG"
font_monospace="M+1P+IPAG"
running
uniq").
viewport
start_page="http://www.searchdesk.com"
home="http://www.google.co.jp"
among
search_url="Google http://www.google.co.jp/search?ie=UTF-8&oe=UTF-8&q=%s"
search_url="YahooDictionary
http://dic.search.yahoo.co.jp/search?stype=0&dtype=2&ei=UTF-8&p=%s"
search_url="Wikipedia
http://ja.wikipedia.org/w/index.php?search=%s&go=Go"
www.iana.org/assignments/language-subtag-registry
http_language="ja"
proxy.
because it
that the
a
features
strings.
Firefox/7.0.1"
Windows...and
enterpress,
submits).
").







2015年4月28日火曜日

ftpd

vsftpdは導入が困難。
で openbsd 純正ftpdを導入。

これは
http://www.openbsd.org/faq/faq10.html#vipw
をみれば ftpdの導入は容易。

# echo /usr/bin/false >> /etc/shells
# adduser
Use option ``-silent'' if you don't want to see all warnings and questions.

Reading /etc/shells
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: ftp
Enter full name []: anonymous ftp
Enter shell csh false ksh nologin sh [ksh]: false
Uid [1002]: Enter
Login group ftp [ftp]: Enter
Login group is ``ftp''. Invite ftp into other groups: guest no 
[no]: Enter
Login class authpf daemon default staff [default]: Enter
Enter password []: Enter
Disable password logins for the user? (y/n) [n]: y

Name:        ftp
Password:    ****
Fullname:    anonymous ftp
Uid:         1002
Gid:         1002 (ftp)
Groups:      ftp
Login Class: default
HOME:        /home/ftp
Shell:       /usr/bin/false
OK? (y/n) [y]: Enter
Added user ``ftp''
Copy files from /etc/skel to /home/ftp
Add another user? (y/n) [y]: n
Goodbye!

# ./comment-out.bat /etc/rc.conf.local                                        
dhcpd_flags=""  #NO             # for normal use: ""
ntpd_flags=""   #NO             # for normal use: ""
ftpd_flags="-llUSA"


 Users in a login class with the ftp-chroot variable set are automatically chrooted.
 Additionally, you can add a username to the file /etc/ftpchroot to chroot those usernames.
 だけ覚えていけばよい。

普通に ユーザー ftp-1をつくってここにロウロクすれば
chroot される。
IDとパスワードがついてくる。
lftp OB -i ftp-1 てかんじ。

lftp OB だと /home/ftpにはいっていく。





問題はこれからで
opebsdをインターネットに晒すftpサーバーするには、
http://www.openbsd.org/faq/pf/ftp.html
をみないとできない。

インターネットの場合は 普通は1台のマシンだけだから
PF is running on the FTP server itself なので


 インターネット---------router------------------------------linux(実験用)
                                       |
                                     sis0 OpenBSD ne3--intraet      


from linux, lftp OpenBSD -u joe

 int_if="ne3"
ext="sis0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
set block-policy return
set loginterface $ext
set skip on lo
match out on $ext inet from !($ext:network) to any nat-to ($ext:0)
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext inet proto tcp from any to ($ext) port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
pass in on $ext proto tcp to port 21
pass in on $ext proto tcp to port > 49151

くらいでできる。








2015年4月23日木曜日

samba lumba , currentを追いかける

windows81 でのネットワーク共有は
http://kss02rx.blog.fc2.com/blog-entry-38.html にある。
ここの

http://kss02rx.blog.fc2.com/img/20140521221644922.jpg
が大事。
sharity-light-1.3p0 
  は userland smbfs SMB to NFS protocols converter
  で  smbclient -U tuyosi \\\\192.168.100.102\\common
shlight               //192.168.100.102/common /mnt81  -u tuyosi
こんな風に使う。



 Following -current

http://unosodoku638kam.hatenablog.com/entry/2013/12/27/192223
http://www.openbsd.org/faq/faq5.html#Bld
に従いました。 
 
けど Building thuserland 後に 
Duplicate directories detected for extension Scalar-List-Utils
Configure cannot correctly recover from this - shall I abort?
/usr/src/gnu/usr.bin/perl/Configure: .: ../UU/myread: not found
*** Error 1 in gnu/usr.bin/perl (Makefile.bsd-wrapper:76 'config.sh')
*** Error 1 in gnu/usr.bin (<bsd.subdir.mk>:48 'depend')
*** Error 1 in gnu (<bsd.subdir.mk>:48 'depend')
*** Error 1 in . (<bsd.subdir.mk>:48 'depend')
*** Error 1 in /usr/src (Makefile:82 'build')
風になり、current を追いかけるのは 力量ないと危険!
 
なお 
Snapshots are based on -current and thus /newer/ than the
upcoming 5.7-release.
 
5.7 has been built nearly two months ago. 
Current snapshots are whatwill eventually become 5.8.
 
 
 1)
           # cd /usr
                                (export CVSROOT=anoncvs@anoncvs.example.org:/cvs)
    # export CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs      
src # cvs -d$CVSROOT checkout -P src
sys  # cvs -d$CVSROOT checkout -P sys



#######----->
    Once you have a tree, you can update it at a later time:

           # cd /usr/src
           # export CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs
      src       # cvs -d$CVSROOT up -P src
      sys       # cvs -d$CVSROOT up -P sys
src+sys > # cvs -d$CVSROOT up -Pd 
#######----<





2)
#####  build kernel
# cd /usr/src/sys/arch/i386/conf
# cp GENERIC GENERIC-1
# config GENERIC
# cd ../compile/GENERIC
# make clean && make
    [...lots of output...]
# make install



3)
<--- reboot--->


4)
Building the userland

        # rm -rf /usr/obj/*
        # cd /usr/src
        # make obj

        # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs


        # cd /usr/src
        # make build


5)
<---- Following -current
http://www.openbsd.org/faq/current.html
 

2015年4月13日月曜日

vnc over ssh ( openbsd と arch linux とで)

まず openbsdで基本をおさえます


1) x11vnc  over  ssh

2階に (192.168.1.142)にopenbsd PC があります。

1階の openbsd PCから 2階に入ってみます。

青い色は2階でのこと
黒い色は1階でのこと です。

2階で
#  pkg_add x11vnc 
と導入し
$  x11vnc
と走らせます。
そうして 1階に降ります。


一階でもx11vncは導入してあります。

$ ssh  192.168.1.142  -L  5900:localhost:5900
 (一階から2階に トンネルを掘りました)
そして



1階の新たなX端末で
$ vncviewer localhost:5900
とすると
2階のPCの画面がそのままでてきます。 



2)今度は archlinux です。


https://wiki.archlinux.org/index.php/Vncserverをみました



遠隔地のPC(yaourt tightvnc済み)から 自宅のPCに これをします。
遠隔地のPCから 自宅のPCsshで入っていろいろ準備します。

  遠隔地のPCーーーーーーー>自宅のPCがサーバー

まず 遠隔地のPCから 自宅のPCに普通に sshではいって
yaourt tightvnc


それから
zitaku$  cat .vnc/xstartup
#!/bin/sh
export XKL_XMODMAP_DISABLE=1
exec startlxde

とし、 chmod +x .vnc/xstartup します。 



zitaku$ vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1
をします。
パスワードをもとめられますのでいれます。


今度は 遠隔地のパソコンから
ssh a.mydns.jp  -L 8900:localhost:5901
をし(これをした途端に自宅にいってます)、トンネルを自宅のPCにむけて掘りました。 

 
さらに  遠隔地のパソコンで別のターミナルをひらいて
vncviewer localhost:8900
をすると 
あら不思議自宅のパソコン画面がでてきます。
 
 
下の図は 自宅から遠隔地のPCに teamviewerではいってから、
この遠隔地のパソコンで 自宅のPCに vnc over ssh をして
結局自宅のパソコンをみてます。
ちょっと おもしろい。
赤枠が  teamviewer  の世界
黄枠が   vnc over sshの世界 ですね。
 

 どうして上の様になったかというと
遠隔地のPCは firewallの背後にあるので
自宅のPCからは ssh では入れないのです。
したがって teamviewer の登場となります。
一旦 遠隔地のPCにはいってしまうと、 遠隔地のPCから自宅のPCにvnc over sshで入れます。

 自宅のPCーーteamviewerーー>遠隔地のPCーーーvnc over sshーー>自宅のPC

2015年4月5日日曜日

5.6 -> 5.7 snapshot ; block teamviewer

1)how to start jwmを立ち上げるには

$ cat .xinitrc                                                                 jwm
 
see below .
ibus-anthy is going well and show state .










もちろん  pkg_add -iu


2) /etc/nginx/nginx.conf  


 
 worker_processes  1;
worker_rlimit_nofile 1024;

events {
    worker_connections  800;
}

#h>
http {

    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout  65;
    server_tokens off;


server {
        listen       80;
        listen       [::]:80;
        server_name  localhost;    #<-for test
        root         /var/www/d1;
auth_basic "Restricted";
auth_basic_user_file /var/www/1/.htpasswd;
          }
 #0#  
    server {
        listen       80;
        listen       [::]:80;
        server_name  a.mydns.jp;
        root         /var/www/d0;
#auth_basic "Restricted";
#auth_basic_user_file /var/www/1/.htpasswd;
          }

#1
server {
        listen       80;
        listen       [::]:80;
        server_name  s.sun.ddns.vc;
        root         /var/www/d1;
auth_basic "Restricted";
auth_basic_user_file /var/www/1/.htpasswd;
          }

#2
server {
        listen       80;
        listen       [::]:80;
        server_name  kko.sun.ddns.vc;
        root         /var/www/d2;
auth_basic "Restricted";
auth_basic_user_file /var/www/2/.htpasswd;
 
 #11
server {
        listen       80;
        listen       [::]:80;
        server_name  m.planex.ddns.vc;
        root         /var/www/d11;
auth_basic "Restricted";
auth_basic_user_file /var/www/11/.htpasswd;
          }

#12
server {
        listen       80;
        listen       [::]:80;
        server_name  n.luna.ddns.vc;
        root         /var/www/d12;
auth_basic "Restricted";
auth_basic_user_file /var/www/12/.htpasswd;
          }
#h>
    } 
 

3)mount sda4(ext2)
 mount /dev/sd0j  /mnt





cd /mnt
dd bs=32786k if=/dev/rsd2c | gzip -c -9 > 32gUSBarch.gz 
4)
pfctl -sr


5)md5
p5-Test-File-Contents


6)
/etc/rc.local                                                            
#       $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $
# Site-specific startup actions, daemons, and other things which
# can be done AFTER your system goes into securemode.  For actions
# which should be done BEFORE your system has gone into securemode
# please see /etc/rc.securelevel.
#if [  -x  /root/mount-EXT2.bat ]; then
#        echo 'Starting mount /EXT2 '; /root/mount-EXT2.bat
#fi


/usr/sbin/ntpd -s

#umount /var/www
#mount_ext2fs /dev/sd0a /var/www # <-----ext2fs


if [ -x /usr/sbin/nginx ];
then echo ' ----- Starting nginx ----- ';
/etc/rc.d/nginx -f start
fi


7)
gzip -c -9 X.img > X.img.gz



8)日本語入力
libreoffice




9) # cat /etc/rc.local
  
   # cat /etc/rc.shutdown



10)cat x.bat  access.log

x=`date | cut -d ' ' -f 4`
echo $x

y=`date | cut -d ' ' -f 2`
echo $y

z=`date | cut -d ' ' -f 7`
echo $z

A=$x/$y/$z
echo $A

cat /var/www/logs/access.log |  grep  $A >k1
cat k1
echo '111111111111111111111111111111111'

cat k1 | grep -v DoCoMo > k2
cat k2

ls -l /var/log/snort
cat /var/log/snort/alert
echo 'cd  /var/log/snort '



snort自体は
  wget https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz?oinkcode=076d8a7。。。5bd5fba


cp snortrules-snapshot-2962.tar.gz\?oinkcode\=076d8a77eadd51。。。5fba      /etc/snort/






cd /etc/snort/

# tar xvzf
snortrules-snapshot-2962.tar.gz\?oinkcode\=076d8a7。。。45bd5fba





を確か 2970 2972も繰り返した。

snort -D -d -c /etc/snort/snort.conf  -u _snort -g _snort ; ps -ax| grep snort







10) top

 load averages:  0.34,  0.35,  0.34                                                             yuma.my.domain 19:51:24
59 processes: 2 running, 56 idle, 1 on processor
CPU states:  6.8% user,  0.0% nice,  0.2% system,  0.0% interrupt, 93.0% idle
Memory: Real: 296M/458M act/tot Free: 25M Cache: 96M Swap: 157M/1021M

  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
11602 tusi     2    0  192M  186M run       poll      4:04  0.00%     firefox
24033 tusi     2    0  112M   13M sleep     poll      2:06  0.00%    midori
 3018 tusi     2    0   20M   23M run       -         0:40  0.00%        Xorg
19218 tusi     2    0 3124K 3904K sleep     poll      0:07  0.00%   ibus-daemon
23443 tusi     2    0 3500K   10M idle      poll      0:03  0.00%      ibus-ui-gtk3
16713 tusi     2    0 6960K 8004K idle      poll      0:02  0.00%     python2.7
    1 root      10    0  676K  120K sleep     wait      0:01  0.00%    init
21844 tusi     2    0 1328K 2480K idle      poll      0:01  0.00%     ibus-engine-simp
 6833 tuysi     2    0 1008K 2040K idle      select    0:00  0.00%   fvwm






12)filemanager 
rox-filer -> rox で開始


3) scim-anthy
http://d.hatena.ne.jp/nawolets/20110507/1304757336 をみるとよい。


$ vi .profile
export LANG=ja_JP.UTF-8
export LC_CTYPE=ja_JP.UTF-8
export GTK_IM_MODULE="scim"
export QT_IM_MODULE="scim"
export XMODIFIERS="@im=SCIM" 
 
$ vi .xinitrc
/usr/local/bin/scim -d &


$ vi .inputrc
set convert-meta off
set meta-flag on
set output-meta on





13)ports memo
http://unosodoku638kam.hatenablog.com/entry/2013/12/27/192223

  •  http://www.openbsd.org/faq/faq15.html#Ports

    $ cd /usr/ports
    $ make search key=rsnapshot
     
     
     
    $ cd /usr/ports/net/rsnapshot
    $ make install
     
     

    15.3.6 - Cleaning up after a build

    You probably want to clean the port's default working directory after you have built the package and installed it.
    $ make clean
    ===>  Cleaning for rsnapshot-1.2.9
    
    In addition, you can also clean the working directories of all dependencies of the port with this make target:
    $ make clean=depends
    ===>  Cleaning for rsync-2.6.9
    ===>  Cleaning for rsnapshot-1.2.9
    
    If you wish to remove the source distribution set(s) of the port, you would use
    $ make clean=dist
    ===>  Cleaning for rsnapshot-1.2.9
    ===>  Dist cleaning for rsnapshot-1.2.9
    
    In case you have been compiling multiple flavors of the same port, you can clear the working directories of all these flavors at once using
    $ make clean=flavors
    
    You can also clean things up as they get built, by setting a special variable. Work directories will automatically be cleaned after packages have been created:
    $ make package BULK=Yes
    



  • 辛抱できるterminal


1) roxterm 

$ cat
/usr/local/bin/lll
ls $1 | cat -
 
 
2) 
1st     pkg_add colorls 
 
ln -s /usr/local/bin/colorls  /usr/local/bin/ll
        use ll instead of ls

2nd     from https://sites.google.com/site/teyasn001/home/uxterm
        $ cat .Xdefaults

        #   XTerm*loginShell:true
        XTerm*faceName:'Monospace'
        XTerm*faceSize:13
        XTerm*background:gray
        XTerm*foreground:blac

        UXTerm*faceName:            Dejavu Sans Mono:style=book
        UXTerm*faceNameDoublesize:  IPAGothic:style=Regular
        UXTerm*faceSize:        15
        UXTerm*background:      gray
        UXTerm*foreground:      black
 
3rd more .jwmrc
<?xml version="1.0"?>

<JWM>

   <!-- The root menu, if this is undefined you will not get a menu. -->
   <!-- Additional RootMenu attributes: onroot, labeled, label -->
   <RootMenu height="32" onroot="12">

 <Program icon="terminal.png" label="uxterm">    uxterm </Program>
 <Program icon="terminal.png" label="roxterm">   roxterm</Program>
 <Program icon="ibun-anthy.png" label="IbusAnthy">      /usr/local/bin/ibus-daemon -d -x -r</Program>
 <Program icon="xfce4-mixer.png" label="xfce4-mixer">   xfce4-mixer        </Program>
 <Program icon="rox.png" label="rox">rox                                </Program>


 <Menu icon="folder.png" label="Applications">
 <Program icon="word-processor.png" label="Libre Office">libreoffice    </Program>



さまざま

sh /etc/netstart



#cdio -f cd1c blank  ;  eject cd1c
 cdrecord -v   dev=6,1,0 blank=all  ;  eject cd1c


$ cat cd-iso-burn.bat                                                         
#cdio -f cd0c tao $1   <--- うすくしか焼けない
#cdio -f cd1c tao $1 
<--- うすくしか焼けない
 ##########################
#cdrecord dev=1,0,0 speed=2 -v $1
 cdrecord dev=6,1,0 speed=2 -v $1



BLOCK  teamviewer


internet
|
|
wifi router---windows81
|
|
urtwn0 dhcp
openbsd
fxp0 192.168.64.1/24(dhcpd)
|
|
dhcp
linux
(firefox edit>preference>adavance>setting>http proxy 192.168.64.1 port 3128



# ./comment-out.bat  /etc/squid/squid.conf                                                                  
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/squid/cache
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# ./comment-out.bat  /etc/pf.conf                                                                           
ext_if="urtwn0"
int_if="fxp0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
set reassemble yes no-df
pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1 port 3128
pass out quick from 127.0.0.1 divert-reply
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp \
    divert-to 127.0.0.1 port 8021
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in  on  $ext_if   inet proto tcp from any to  ( $ext_if:0 ) port  $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if


すると win81 のteamviewer から linuxのteamviewer に接続しようとしても
パートナーへの接続はありません
となって接続を拒否される。
つまり openbsd firewall が侵入を食い止めた。




snort





http://inaba-serverdesign.jp/blog/20140131/snort_inline_ips.html
がいいサイトです。

最終的には
  cat snort.bat  
cd /usr/local/bin/# test-mode
#snort -T -i urtwn0 -u _snort -g _snort -c /etc/snort/snort.conf

snort -A fast -b -d -D -i urtwn0 -u _snort -g _snort -c /etc/snort/snort.conf -l /var/log/snort



ポイントは
1) ルールは cd /etc/snort のところで解凍
2) 
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
3)
# mkdir /usr/local/lib/snort_dynamicrules
# cp
   /etc/snort/so_rules/precompiled/OpenBSD-5-3/i386/2.9.7.2/*
   /usr/local/lib/snort_dynamicrules/
でした。