openbsd　で　ｄｈｃｐｄ　＋　firewall

2015年5月13日水曜日

Compile and install

2015年4月30日木曜日

2015年4月28日火曜日

2015年4月23日木曜日

2015年4月13日月曜日

2015年4月5日日曜日

2015年3月30日月曜日

nginx 5.7

openbsd autoinstall ; dillo 少しだけ日本語化

ftpd

samba lumba　, currentを追いかける

vnc over ssh ( openbsd と　arch linux とで)

5.6 -> 5.7 snapshot ; block teamviewer

linux で　作った　openbsd 　領域に　新規　インストール

5.7 で　pkg_add nginx はうまく動かない。

しょうがないので
http://wiki.nginx.org/OnOpenBSD
のとおりにする。

http://nginx.org/download/nginx-1.9.0.tar.gz

$ ./configure --sbin-path=/usr/local/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --with-http_ssl_module --http-log-path=/var/log/nginx.log --error-log-path=/var/log/nginx-error.log --http-fastcgi-temp-path=/var/tmp/fastcgi_tmp --http-proxy-temp-path=/var/tmp/proxy_tmp --http-client-body-temp-path=/var/tmp/client_body_temp --with-http_stub_status_module --user=www --group=www

$ make && sudo make install

後は　以下の用にした。

ls -l /var/www/                                                                                                      
total 28
drwx------  2 www  wheel  512 Apr 11 00:06 0
drwx------  2 www  wheel  512 May 13 01:42 1
drwx------  2 www  wheel  512 Apr 11 00:06 11
drwx------  2 www  wheel  512 Apr 11 00:06 12
drwx------  2 www  wheel  512 Apr 11 00:06 2
lrwxr-xr-x  1 www  wheel    8 May 13 02:06 d0 -> /SAVE/d0
lrwxr-xr-x  1 www  wheel    8 May 13 02:05 d1 -> /SAVE/d1
lrwxr-xr-x  1 www  wheel    9 May 13 02:06 d11 -> /SAVE/d11
lrwxr-xr-x  1 www  wheel    9 May 13 02:06 d12 -> /SAVE/d12
lrwxr-xr-x  1 www  wheel    8 May 13 02:06 d2 -> /SAVE/d2
drwxr-xr-x  3 www  wheel  512 May 12 20:55 htdocs
drwxr-xr-x  2 www  wheel  512 May 13 02:20 logs

ls -l /SAVE/                                                                                                         
total 3892264
drwx------   2 www  wheel          512 Apr 11 00:06 0
drwx------   2 www  wheel          512 May 13 01:42 1
drwx------   2 www  wheel          512 Apr 11 00:06 11
drwx------   2 www  wheel          512 Apr 11 00:06 12
drwx------   2 www  wheel          512 Apr 11 00:06 2
drwxr-xr-x   3 www  wheel          512 Apr 24 18:25 d0
drwxr-xr-x   5 www  wheel          512 May 11 08:58 d1
drwxr-xr-x   2 www  wheel          512 Apr  9 05:33 d11
drwxrwxr--   8 www  tuyosi         512 May  2 10:24 d12
drwxr-xr-x   3 www  wheel          512 Dec 31 03:46 d2

/etc/nginx/nginx.conf

 worker_processes  1;
worker_rlimit_nofile 1024;
events {
    worker_connections  800;
       }
http {
    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout  65;
    server_tokens off;

server {
        listen       80;
        server_name  localhost;    #<-for test
        root         /var/www/d0;
          }

 server {
        listen       80;
        server_name  a.mydns.jp;
        root         /var/www/d0;
          }

server {
        listen       80;
        server_name  s.sun.ddns.vc;
        root         /var/www/d1;
auth_basic "Restricted";
auth_basic_user_file /var/www/1/.htpasswd;
          }

server {
        listen       80;
        server_name  k.sun.ddns.vc;
        root         /var/www/d2;
auth_basic "Restricted";
auth_basic_user_file /var/www/2/.htpasswd;
          }

server {
        listen       80;
        server_name  m.planex.ddns.vc;
        root         /var/www/d11;
auth_basic "Restricted";
auth_basic_user_file /var/www/11/.htpasswd;
          }

server {
        listen       80;
        server_name  n.luna.ddns.vc;
        root         /var/www/d12;
auth_basic "Restricted";
auth_basic_user_file /var/www/12/.htpasswd;
          }
    }

1)まず手動では
openbsdで　PXEサーバーをたちあげて openbsdを　インストール

internet
|
sis0
openbsd PXE server
ne3 :192.168.11.1
|
|
PC ( openbsd will be installed)

# cat /etc/hostname.ne3
inet 192.168.11.1 255.255.255.0

# cat /etc/dhcpd.interfaces
ne3

# cat /etc/dhcpd.conf

            option domain-name "example.com";
            option domain-name-servers 8.8.8.8;

            subnet 192.168.11.0 netmask 255.255.255.0 {
                    option routers 192.168.11.1;
                    filename "pxeboot";
                    range 192.168.11.30 192.168.11.31;
                    default-lease-time 86400;
                    max-lease-time 90000;
            }

# ./comment-out.bat /etc/rc.conf.local
dhcpd_flags="" #NO             # for normal use: ""
ntpd_flags=""   #NO             # for normal use: ""

# ls -l /tftpboot/
total 13860
-rw-r--r-- 1 root wheel 6987854 Apr 30 01:21 bsd.rd
drwxr-xr-x 2 root wheel      512 Apr 30 09:04 etc
-rw-r--r-- 1 root wheel    81108 Apr 30 01:04 pxeboot

# cat /tftpboot/etc/boot.conf
#tty com0 19200
#set tty com0
boot tftp:/bsd.rd

/etc/httpd.conf
ext_addr="192.168.11.1"
server "www.intranet.com" {
        listen on $ext_addr port 80
        root "/htdocs/5.7"
}

ls /var/www/htdocs/pub/5.7
INSTALL.i386 base57.tgz   bsd.rd
index.txt
xbase57.tgz xshare57.tgz
SHA256       bsd          comp57.tgz   man57.tgz    xfont57.tgz
SHA256.sig   bsd.mp       game57.tgz   pxeboot      xserv57.tgz

tftpd /tftpboot
でPXEサーバーが動く

もし　httpdではなくて　nginx の場合は

cat /etc/nginx/nginx.conf
worker_processes 1;
worker_rlimit_nofile 1024;
events {
    worker_connections 800;
}

http {
    include       mime.types;
    default_type application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout 65;
    server_tokens off;
    server {
        listen       80;
        listen       [::]:80;
        server_name 192.168.11.1;
        root         /var/www/htdocs;
        error_page   500 502 503 504 /50x.html;
        location = /50x.html {
            root /var/www/htdocs;
        }
    }
}

1-1)dnsmasqをつかって
/etc/dnsmasq.conf
---------------------                                                           listen-address=127.0.0.1
listen-address=192.168.11.1
interface=fxp0
dhcp-range=192.168.11.10,192.168.11.12,12h
dhcp-boot=pxeboot
enable-tftp
tftp-root=/tftpboot

/etc/hosts
127.0.0.1       localhost
::1             localhost
192.168.11.1    01.net
192.168.11.1    02.net

/etc/nginx/nginx.conf
worker_processes 1;
worker_rlimit_nofile 1024;
events {
    worker_connections 800;
}
http {
    include       mime.types;
    default_type application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout 65;
    server_tokens off;
    server {
        listen       80;
        listen       [::]:80;
        server_name 01.net;
        root         /var/www/htdocs;
        error_page   500 502 503 504 /50x.html;
        location = /50x.html {
            root /var/www/htdocs;
        }
    }
}

以下のシェルスクリプトで起動
ifconfig fxp0 192.168.11.1/24
ifconfig fxp0
echo '------------------------'
/etc/rc.d/dnsmasq restart
/etc/rc.d/nginx    restart
echo '127.0.0.1' > /etc/resolv.conf

ただし　wifiの時は
/etc/hostname.bge0 を前もってdhcpにしておかないと　dnsmasqサーバーからアドレスをもらえない。

２）本題のautoinstall です。

http://www.bsdnow.tv/tutorials/autoinstall　のとおりです。

cat /var/www/htdocs/install.conf

System hostname = bsdnow.tv
Password for root = ThePlaceToBe...SD
Network interfaces = em0
IPv4 address for em0 = dhcp
Setup a user = puffy
Password for user = whywasibornasafish
What timezone are you in = US/Eastern
Location of sets = http
Server = 192.168.1.1

----->8-----cut here ----->8-----
System hostname = tester
Which network interface do you wish to configure = em0
IPv4 address for em0 = 192.168.99.10
Netmask for em0 = 255.255.255.0
IPv6 address for em0 = none
Which network interface do you wish to configure = done
Default IPv4 route = 192.168.99.1
DNS domain name = example.com
DNS nameservers = none
Password for root account = insecure
Start sshd(8) by default = yes
Start ntpd(8) by default = no
Do you expect to run the X Window System = no
Do you want the X Window System to be started by xdm(1) = no
Setup a user = joe
Full name for user joe = Joe Blogs
Password for user joe = insecure
Public ssh key for user joe = none
Which disk is the root disk = wd0
Use DUIDs rather than device names in fstab = yes
Use (W)hole disk, use the (O)penBSD area, or (E)dit the MBR = whole
URL to autopartitioning template for disklabel = http://192.168.99.1/template
Location of sets = http
HTTP proxy URL = none
HTTP Server = 192.168.99.1
----->8-----cut here ----->8-----

/etc/rc.d/nginx stop　と　止めます。
apacheをいれます。

internet
|
sis0
openbsd PXE server
ne3 :192.168.11.1
|
|
fxp0
PC ( openbsd will be installed)

a) httpd

# cat /etc/hostname.ne3
inet 192.168.11.1 255.255.255.0

# cat /etc/dhcpd.interfaces
ne3

# cat /etc/dhcpd.conf
option domain-name-servers 8.8.8.8;
subnet 192.168.11.0 netmask 255.255.255.0 {
    option routers 192.168.11.1;
    filename "auto_install";
    next-server 192.168.11.1;
    range 192.168.11.8 192.168.11.25;
}

b)httpd

$ cat /etc/httpd.conf
server "default" {
        listen on ne3 port 80
        root "/htdocs"
        directory auto index
}

# ls -ltr /var/www/htdocs
total 340
-r--r--r-- 1 root bin      2220 Mar 6 2014 smalltitle.gif
-r--r--r-- 1 root bin      2063 Mar 6 2014 openssl_ics.gif
-r--r--r-- 1 root bin      3334 Mar 6 2014 openbsdpower.gif
-r--r--r-- 1 root bin      3361 Mar 6 2014 openbsd_pb.gif
-r--r--r-- 1 root bin      2007 Mar 6 2014 mod_ssl_sb.gif
-r--r--r-- 1 root bin     35570 Mar 6 2014 logo24.jpg
-r--r--r-- 1 root bin     46246 Mar 6 2014 logo23.jpg
-r--r--r-- 1 root bin      5417 Mar 6 2014 lock.gif
-r--r--r-- 1 root bin      4090 Mar 6 2014 bsd_small.gif
-r--r--r-- 1 root bin     41318 Mar 6 2014 blowfish.jpg
-r--r--r-- 1 root bin      2326 Mar 6 2014 apache_pb.gif
-r--r--r-- 1 root bin       537 Mar 6 2014 50x.html
-r--r--r-- 1 root bin      2269 Dec 26 05:35 index.html
drwxr-xr-x 2 root wheel     512 Apr 27 01:24 bgplg
drwxr-xr-x 3 root daemon    512 Apr 30 19:30 pub
lrwxr-xr-x 1 root daemon     11 Apr 30 20:49 auto_install -> 5.6/pxeboot
lrwxr-xr-x 1 root daemon     10 Apr 30 20:51 bsd -> 5.6/bsd.rd
drwxr-xr-x 2 root daemon    512 Apr 30 21:00 5.6
-rw-r--r-- 1 root daemon    263 May 1 02:09 install.conf

# ls /var/www/htdocs/5.6
INSTALL.i386 base56.tgz   bsd.rd       game56.tgz   xbase56.tgz xserv56.tgz
SHA256       bsd          comp56.tgz   man56.tgz    xetc56.tgz   xshare56.tgz
SHA256.sig   bsd.mp       etc56.tgz    pxeboot      xfont56.tgz

cp /var/www/htdocs/5.6/bsd.rd /tftpboot/bsd

# cat /var/www/htdocs/install.conf

System hostname = bsdnow.tv
Password for root = e-----------
Network interfaces = fxp0     #reserch NIC previouly
IPv4 address for fxp0 = dhcp
Setup a user = t-user
Password for user = f-----------
What timezone are you in = Asia/Tokyo
Location of sets = http
Server = 192.168.11.1

c)tftpd
# ls -l /tftpboot/
total 13600
lrwxr-xr-x 1 root wheel        7 Apr 30 19:23    auto_install -> pxeboot
-rw-r--r-- 1 root wheel 6918326 May 1 01:30    bsd
-rw-r--r-- 1 root wheel    81108 Apr 30 01:04       pxeboot

bsdは実は　bsd.rd でしたね

d）
/etc/rc.d/dhcpd -f restart
/etc/rc.d/httpd -f restart
tftpd /tftpboot

起動したら
cat /etc/kbdtype
jp

３)
http://cappesoft.blog21.fc2.com/blog-entry-1199.html
参考にして

./comment-out.bat .dillo/dillorc                     で日本語動くが、以下は奇妙

initially.
img.example.org,
font_serif="M+1P+IPAG"
font_sans_serif="M+1P+IPAG"
font_cursive="M+1P+IPAG"
font_fantasy="M+1P+IPAG"
font_monospace="M+1P+IPAG"
running
uniq").
viewport
start_page="http://www.searchdesk.com"
home="http://www.google.co.jp"
among
search_url="Google http://www.google.co.jp/search?ie=UTF-8&oe=UTF-8&q=%s"
search_url="YahooDictionary
http://dic.search.yahoo.co.jp/search?stype=0&dtype=2&ei=UTF-8&p=%s"
search_url="Wikipedia
http://ja.wikipedia.org/w/index.php?search=%s&go=Go"
www.iana.org/assignments/language-subtag-registry
http_language="ja"
proxy.
because it
that the
a
features
strings.
Firefox/7.0.1"
Windows...and
enterpress,
submits).
").

vsftpdは導入が困難。
で　openbsd 純正ftpdを導入。

これは
http://www.openbsd.org/faq/faq10.html#vipw
をみれば　ftpdの導入は容易。

# echo /usr/bin/false >> /etc/shells

# adduser
Use option ``-silent'' if you don't want to see all warnings and questions.

Reading /etc/shells
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: ftp
Enter full name []: anonymous ftp
Enter shell csh false ksh nologin sh [ksh]: false
Uid [1002]: Enter
Login group ftp [ftp]: Enter
Login group is ``ftp''. Invite ftp into other groups: guest no 
[no]: Enter
Login class authpf daemon default staff [default]: Enter
Enter password []: Enter
Disable password logins for the user? (y/n) [n]: y

Name:        ftp
Password:    ****
Fullname:    anonymous ftp
Uid:         1002
Gid:         1002 (ftp)
Groups:      ftp
Login Class: default
HOME:        /home/ftp
Shell:       /usr/bin/false
OK? (y/n) [y]: Enter
Added user ``ftp''
Copy files from /etc/skel to /home/ftp
Add another user? (y/n) [y]: n
Goodbye!

# ./comment-out.bat /etc/rc.conf.local
dhcpd_flags="" #NO             # for normal use: ""
ntpd_flags=""   #NO             # for normal use: ""
ftpd_flags="-llUSA"

Users in a login class with the ftp-chroot variable set are automatically chrooted.
Additionally, you can add a username to the file /etc/ftpchroot to chroot those usernames.
だけ覚えていけばよい。

普通に　ユーザー　ftp-1をつくってここにロウロクすれば
chroot される。
IDとパスワードがついてくる。
lftp OB -i ftp-1 てかんじ。

lftp OB だと　/home/ftpにはいっていく。

問題はこれからで
opebsdをインターネットに晒すftpサーバーするには、
http://www.openbsd.org/faq/pf/ftp.html
をみないとできない。

インターネットの場合は　普通は１台のマシンだけだから
PF is running on the FTP server itself　なので

インターネット---------router------------------------------linux(実験用)
                                       |
                                     sis0 OpenBSD ne3--intraet

from linux, lftp OpenBSD -u joe

int_if="ne3"
ext="sis0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
set block-policy return
set loginterface $ext
set skip on lo
match out on $ext inet from !($ext:network) to any nat-to ($ext:0)
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext inet proto tcp from any to ($ext) port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
pass in on $ext proto tcp to port 21
pass in on $ext proto tcp to port > 49151

くらいでできる。

windows81 でのネットワーク共有は
http://kss02rx.blog.fc2.com/blog-entry-38.html　にある。
ここの

http://kss02rx.blog.fc2.com/img/20140521221644922.jpg
が大事。
sharity-light-1.3p0
　　は　userland smbfs　SMB to NFS protocols converter
　　で　 smbclient -U tuyosi \\\\192.168.100.102\\common
shlight //192.168.100.102/common /mnt81 -u tuyosi
こんな風に使う。

 Following -current

http://unosodoku638kam.hatenablog.com/entry/2013/12/27/192223
http://www.openbsd.org/faq/faq5.html#Bld
に従いました。

けど　Building thuserland　後に

Duplicate directories detected for extension Scalar-List-Utils
Configure cannot correctly recover from this - shall I abort?
/usr/src/gnu/usr.bin/perl/Configure: .: ../UU/myread: not found
*** Error 1 in gnu/usr.bin/perl (Makefile.bsd-wrapper:76 'config.sh')
*** Error 1 in gnu/usr.bin (<bsd.subdir.mk>:48 'depend')
*** Error 1 in gnu (<bsd.subdir.mk>:48 'depend')
*** Error 1 in . (<bsd.subdir.mk>:48 'depend')
*** Error 1 in /usr/src (Makefile:82 'build')

風になり、current を追いかけるのは　力量ないと危険！

なお

Snapshots are based on -current and thus /newer/ than the
upcoming 5.7-release.

5.7 has been built nearly two months ago.

Current snapshots are whatwill eventually become 5.8.

 1)
           # cd /usr
                                (export CVSROOT=anoncvs@anoncvs.example.org:/cvs)
　　  # export CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs      
src # cvs -d$CVSROOT checkout -P src
sys  # cvs -d$CVSROOT checkout -P sys



#######----->
    Once you have a tree, you can update it at a later time:

           # cd /usr/src
           # export CVSROOT=anoncvs@anoncvs.jp.openbsd.org:/cvs
      src       # cvs -d$CVSROOT up -P src
      sys       # cvs -d$CVSROOT up -P sys
ｓｒｃ＋ｓｙｓ > # cvs -d$CVSROOT up -Pd 
#######----<





2)
#####  build kernel
# cd /usr/src/sys/arch/i386/conf
# cp GENERIC GENERIC-1
# config GENERIC
# cd ../compile/GENERIC
# make clean && make
    [...lots of output...]
# make install



3)
<--- reboot--->


4)
Building the userland

        # rm -rf /usr/obj/*
        # cd /usr/src
        # make obj

        # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs


        # cd /usr/src
        # make build


5)
<---- Following -current
http://www.openbsd.org/faq/current.html

まず　openbsdで基本をおさえます

1) x11vnc over ssh

2階に　(192.168.1.142)にopenbsd PC があります。

１階の openbsd PCから　２階に入ってみます。

青い色は２階でのこと
黒い色は１階でのこと　です。

２階で
# 　pkg_add x11vnc　
と導入し
$ 　x11vnc
と走らせます。
そうして　１階に降ります。

一階でもx11vncは導入してあります。

$ ssh　 192.168.1.142　 -L　 5900:localhost:5900
（一階から２階に　トンネルを掘りました）
そして

１階の新たなX端末で
$ vncviewer localhost:5900
とすると
２階のPCの画面がそのままでてきます。

２）今度は　archlinux です。

https://wiki.archlinux.org/index.php/Vncserverをみました

遠隔地のPC（yaourt tightvnc済み）から　自宅のPCに　これをします。
遠隔地のPCから　自宅のPCにsshで入っていろいろ準備します。

遠隔地のPCーーーーーーー＞自宅のPCがサーバー

まず　遠隔地のPCから　自宅のPCに普通に　sshではいって
yaourt tightvnc

それから

zitaku$  cat .vnc/xstartup
#!/bin/sh
export XKL_XMODMAP_DISABLE=1
exec startlxde

とし、　chmod +x .vnc/xstartup します。

zitaku$ vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1

をします。
パスワードをもとめられますのでいれます。

今度は　遠隔地のパソコンから

ssh a.mydns.jp  -L 8900:localhost:5901

をし(これをした途端に自宅にいってます)、トンネルを自宅のPCにむけて掘りました。

さらに　 遠隔地のパソコンで別のターミナルをひらいて

vncviewer localhost:8900

をすると

あら不思議自宅のパソコン画面がでてきます。

下の図は　自宅から遠隔地のPCに　teamviewerではいってから、

この遠隔地のパソコンで　自宅のPCに　vnc over ssh をして

結局自宅のパソコンをみてます。

ちょっと　おもしろい。

赤枠が　　teamviewer  の世界

黄枠が 　 vnc over sshの世界　ですね。

 どうして上の様になったかというと

遠隔地のPCは　firewallの背後にあるので

自宅のPCからは　ssh では入れないのです。

したがって teamviewer の登場となります。

一旦　遠隔地のPCにはいってしまうと、　遠隔地のPCから自宅のPCにvnc over sshで入れます。

 自宅のPCーーteamviewerーー＞遠隔地のPCーーーvnc over sshーー＞自宅のPC

１）how to start jwmを立ち上げるには

$ cat .xinitrc jwm

see below .
ibus-anthy is going well and show state .

もちろん　　pkg_add　-iu

２）　/etc/nginx/nginx.conf　

 worker_processes  1;
worker_rlimit_nofile 1024;

events {
    worker_connections  800;
}

#h>
http {

    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout  65;
    server_tokens off;


server {
        listen       80;
        listen       [::]:80;
        server_name  localhost;    #<-for test
        root         /var/www/d1;
auth_basic "Restricted";
auth_basic_user_file /var/www/1/.htpasswd;
          }

 #0#  
    server {
        listen       80;
        listen       [::]:80;
        server_name  a.mydns.jp;
        root         /var/www/d0;
#auth_basic "Restricted";
#auth_basic_user_file /var/www/1/.htpasswd;
          }

#1
server {
        listen       80;
        listen       [::]:80;
        server_name  s.sun.ddns.vc;
        root         /var/www/d1;
auth_basic "Restricted";
auth_basic_user_file /var/www/1/.htpasswd;
          }

#2
server {
        listen       80;
        listen       [::]:80;
        server_name  kko.sun.ddns.vc;
        root         /var/www/d2;
auth_basic "Restricted";
auth_basic_user_file /var/www/2/.htpasswd;

 #11
server {
        listen       80;
        listen       [::]:80;
        server_name  m.planex.ddns.vc;
        root         /var/www/d11;
auth_basic "Restricted";
auth_basic_user_file /var/www/11/.htpasswd;
          }

#12
server {
        listen       80;
        listen       [::]:80;
        server_name  n.luna.ddns.vc;
        root         /var/www/d12;
auth_basic "Restricted";
auth_basic_user_file /var/www/12/.htpasswd;
          }
#h>
    }

３)mount sda4(ext2)
mount /dev/sd0j /mnt

cd　/mnt
dd bs=32786k if=/dev/rsd2c | gzip -c -9 > 32gUSBarch.gz
４)
pfctl -sr

５)md5
p5-Test-File-Contents

６)
/etc/rc.local
#       $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $
# Site-specific startup actions, daemons, and other things which
# can be done AFTER your system goes into securemode. For actions
# which should be done BEFORE your system has gone into securemode
# please see /etc/rc.securelevel.#if [ -x /root/mount-EXT2.bat ]; then
#        echo 'Starting mount /EXT2 '; /root/mount-EXT2.bat
#fi

/usr/sbin/ntpd -s

#umount /var/www
#mount_ext2fs /dev/sd0a /var/www # <-----ext2fs

if [ -x /usr/sbin/nginx ];
then echo ' ----- Starting nginx ----- ';
/etc/rc.d/nginx -f start
fi

７)
gzip -c -9 X.img > X.img.gz

８)日本語入力
libreoffice

９) # cat /etc/rc.local
　　
　　＃　cat /etc/rc.shutdown

10）cat x.bat access.log

x=`date | cut -d ' ' -f 4`
echo $x

y=`date | cut -d ' ' -f 2`
echo $y

z=`date | cut -d ' ' -f 7`
echo $z

A=$x/$y/$z
echo $A

cat /var/www/logs/access.log | grep $A >k1
cat k1
echo '111111111111111111111111111111111'

cat k1 | grep -v DoCoMo > k2
cat k2

ls -l /var/log/snort
cat /var/log/snort/alert
echo 'cd /var/log/snort '

snort自体は
wget https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz?oinkcode=076d8a7。。。5bd5fba

cp snortrules-snapshot-2962.tar.gz\?oinkcode\=076d8a77eadd51。。。5fba    /etc/snort/

cd /etc/snort/

# tar xvzf
snortrules-snapshot-2962.tar.gz\?oinkcode\=076d8a7。。。45bd5fba

を確か　2970　2972も繰り返した。

snort -D -d -c /etc/snort/snort.conf -u _snort -g _snort ; ps -ax| grep snort

１０) top

load averages: 0.34, 0.35, 0.34                                                             yuma.my.domain 19:51:24
59 processes: 2 running, 56 idle, 1 on processor
CPU states: 6.8% user, 0.0% nice, 0.2% system, 0.0% interrupt, 93.0% idle
Memory: Real: 296M/458M act/tot Free: 25M Cache: 96M Swap: 157M/1021M

PID USERNAME PRI NICE SIZE   RES STATE     WAIT      TIME    CPU COMMAND
11602 tusi     2    0 192M 186M run       poll      4:04 0.00%     firefox
24033 tusi     2    0 112M   13M sleep     poll      2:06 0.00%    midori
3018 tusi     2    0   20M   23M run       -         0:40 0.00%        Xorg
19218 tusi     2    0 3124K 3904K sleep     poll      0:07 0.00%   ibus-daemon
23443 tusi     2    0 3500K   10M idle      poll      0:03 0.00%      ibus-ui-gtk3
16713 tusi     2    0 6960K 8004K idle      poll      0:02 0.00%     python2.7
    1 root      10    0 676K 120K sleep     wait      0:01 0.00%    init
21844 tusi     2    0 1328K 2480K idle      poll      0:01 0.00%     ibus-engine-simp
6833 tuysi     2    0 1008K 2040K idle      select    0:00 0.00% fvwm

12)filemanager
rox-filer -> rox で開始

１３)　scim-anthy
http://d.hatena.ne.jp/nawolets/20110507/1304757336 をみるとよい。

$ vi .profile
export LANG=ja_JP.UTF-8
export LC_CTYPE=ja_JP.UTF-8
export GTK_IM_MODULE="scim"
export QT_IM_MODULE="scim"
export XMODIFIERS="@im=SCIM"

$ vi .xinitrc
/usr/local/bin/scim -d &

$ vi .inputrc
set convert-meta off
set meta-flag on
set output-meta on

13)ports memo
http://unosodoku638kam.hatenablog.com/entry/2013/12/27/192223

http://www.openbsd.org/faq/faq15.html#Ports
```
$ cd /usr/ports
$ make search key=rsnapshot
```
```
 
```
```
 
```
```
 
```
```
$ cd /usr/ports/net/rsnapshot
$ make install
```
```
 
```
```
 
```
15.3.6 - Cleaning up after a build
You probably want to clean the port's default working directory after you have built the package and installed it.
```
$ make clean
===>  Cleaning for rsnapshot-1.2.9
```
In addition, you can also clean the working directories of all dependencies of the port with this make target:
```
$ make clean=depends
===>  Cleaning for rsync-2.6.9
===>  Cleaning for rsnapshot-1.2.9
```
If you wish to remove the source distribution set(s) of the port, you would use
```
$ make clean=dist
===>  Cleaning for rsnapshot-1.2.9
===>  Dist cleaning for rsnapshot-1.2.9
```
In case you have been compiling multiple flavors of the same port, you can clear the working directories of all these flavors at once using
```
$ make clean=flavors
```
You can also clean things up as they get built, by setting a special variable. Work directories will automatically be cleaned after packages have been created:
```
$ make package BULK=Yes
```
辛抱できるterminal

1) roxterm 

$ cat
/usr/local/bin/lll
ls $1 | cat -

2)

1st     pkg_add colorls

ln -s /usr/local/bin/colorls  /usr/local/bin/ll
        use ll instead of ls

2nd     from https://sites.google.com/site/teyasn001/home/uxterm
        $ cat .Xdefaults

        #   XTerm*loginShell:true
        XTerm*faceName:'Monospace'
        XTerm*faceSize:13
        XTerm*background:gray
        XTerm*foreground:blac

        UXTerm*faceName:            Dejavu Sans Mono:style=book
        UXTerm*faceNameDoublesize:  IPAGothic:style=Regular
        UXTerm*faceSize:        15
        UXTerm*background:      gray
        UXTerm*foreground:      black

３rd　more .jwmrc
<?xml version="1.0"?>

<JWM>

   
   
   <RootMenu height="32" onroot="12">

<Program icon="terminal.png" label="uxterm">    uxterm </Program>
<Program icon="terminal.png" label="roxterm">   roxterm</Program>
<Program icon="ibun-anthy.png" label="IbusAnthy">      /usr/local/bin/ibus-daemon -d -x -r</Program>
<Program icon="xfce4-mixer.png" label="xfce4-mixer">   xfce4-mixer        </Program>
<Program icon="rox.png" label="rox">rox                                </Program>

<Menu icon="folder.png" label="Applications">
<Program icon="word-processor.png" label="Libre Office">libreoffice    </Program>

さまざま

sh /etc/netstart

#cdio -f cd1c blank ; eject cd1c
cdrecord -v   dev=6,1,0 blank=all ; eject cd1c

$ cat cd-iso-burn.bat
#cdio -f cd0c tao $1 <--- うすくしか焼けない
#cdio -f cd1c tao $1　<--- うすくしか焼けない
##########################
#cdrecord dev=1,0,0 speed=2 -v $1
cdrecord dev=6,1,0 speed=2 -v $1

BLOCK teamviewer

internet
|
|
wifi router---windows81
|
|
urtwn0 dhcp
openbsd
fxp0 192.168.64.1/24(dhcpd)
|
|
dhcp
linux
(firefox edit>preference>adavance>setting>http proxy 192.168.64.1 port 3128

# ./comment-out.bat /etc/squid/squid.conf
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/squid/cache
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# ./comment-out.bat /etc/pf.conf
ext_if="urtwn0"
int_if="fxp0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
set reassemble yes no-df
pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1 port 3128
pass out quick from 127.0.0.1 divert-reply
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp \
    divert-to 127.0.0.1 port 8021
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext_if   inet proto tcp from any to ( $ext_if:0 ) port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if

すると　win81　のteamviewer から　linuxのteamviewer に接続しようとしても
パートナーへの接続はありません
となって接続を拒否される。
つまり　openbsd firewall が侵入を食い止めた。

http://inaba-serverdesign.jp/blog/20140131/snort_inline_ips.html
がいいサイトです。

最終的には
cat snort.bat
cd /usr/local/bin/# test-mode
#snort -T -i urtwn0 -u _snort -g _snort -c /etc/snort/snort.conf
snort -A fast -b -d -D -i urtwn0 -u _snort -g _snort -c /etc/snort/snort.conf -l /var/log/snort

ポイントは
１）　ルールは　cd /etc/snort のところで解凍
２）　

touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules

3)

# mkdir /usr/local/lib/snort_dynamicrules

# cp

   /etc/snort/so_rules/precompiled/OpenBSD-5-3/i386/2.9.7.2/*

   /usr/local/lib/snort_dynamicrules/

でした。

linux で　openbsd 領域をつくりました。

fdisk -l /dev/sdb
Device     Boot     Start       End   Sectors Size Id Type
/dev/sdb1           22528   3891199   3868672 1.9G 82 Linux swap / Solaris
/dev/sdb2            2048     22527     20480   10M c W95 FAT32 (LBA)
/dev/sdb3         3891200 842751999 838860800 400G 5 Extended
/dev/sdb4       842752000 976773167 134021168 63.9G a6 OpenBSD
/dev/sdb5         3893248 213608447 209715200 100G 83 Linux
/dev/sdb6 *    213610496 528183295 314572800 150G 83 Linux
/dev/sdb7       528185344 842751999 314566656 150G 7 HPFS/NTFS/exFAT

しかし
openbsdのCDで　/dev/sdb4　へ直接インストールするのは
失敗した時恐ろしいことが待ち受けます。

それで作戦をかえ、まずUSBにインストールしてから
その内容を　/dev/sdb4に　クローンコピーする方向にしました。

2G のUSB　と　５００GのSDBとを接続後
openbsdのCDでブートします。

ctrl+c を押し、中断させ　dmesgでどう認識されてるかを見ます。
５００Gのは　sd1と認識されてます。
２G のは　　sd2。

install と打ち込み、
インストール先を　OpenBSD　areaとし、
sd1がフォーマットされる段階が終わったら ctrl+c 。

なお自分は　a（/）と　b(swap)しか作りません。

この後

# mkdir /mnt0
# mkdir /mnt1

# mount /dev/sd2a /mnt0  
# mount /dev/sd1a /mnt1

# (cd /mnt0; tar cvpf - .)|(cd /mnt1 ; tar xpf -)

これで　クローンコピーは終了です。
しかし　ブートローダーは入ってない。

そのため一旦　halt します。

２Gを抜き、　５００Gだけつけて openbsd CDでブート.
今度は　upgrade を選び、
bsd.rdなんたらのところにきたら
abort を選んだあと　
halt します。

あと　以前のようにgrub4dosで　openbsdを立ち上げたあと、
/etc/rc.conf.local で　xdmをコメントアウトします。

これで終了です。

以下は英語で同じものです。

this is my little expirience , it may be useful using openbsd & linux in
tha same hard disk .

I made the openbsd area by LINUX's fdisk.
namely
fdisk -l /dev/sdb (500GB USB hard disk)
Device Boot Start End Sectors Size Id Type
 sdb1 22528 3891199 3868672 1.9G 82 Linux swap / Solaris
 sdb2 2048 22527 20480 10M c W95 FAT32 (LBA)
 sdb3 3891200 842751999 838860800 400G 5 Extended
 sdb4 842752000 976773167 134021168 63.9G a6 OpenBSD <--------
 sdb5 3893248 213608447 209715200 100G 83 Linux
 sdb6 * 213610496 528183295 314572800 150G 83 Linux
 sdb7 528185344 842751999 314566656 150G 7 HPFS / NTFS / exFAT


i want to install openbsd OS into sdb4 .
But to install OpenBSD directly is risky .
if i fail , i lose all (including linux) .

So I changed the strategy.
install first on 2G USB.
then clone copy to 500G USB sdb4 .


After connecting the 2G USB and 500G USB , I boot by  openbsd CD .
press ctrl + c, I  look at the way of 2G and 500G by 'dmesg' .
500G is  recognized as sd1.
2G                  as sd2.

i install openbsd OS into ---OpenBSD area---.
When sd1 is formatted , i put  ctrl + c.

my way is always  a (/) and b (swap) only .
so

# mkdir / mnt0
# mkdir / mnt1

# Mount /dev/sd2a / mnt0
# Mount /dev/sd1a / mnt1

# (cd / mnt0;. tar cvpf -) | (cd / mnt1; tar xpf -)

clone copy itself is completed.
But the boot loader is not .


Therefore I will install boot loader .
afte unplug the 2G, put 500G only ,then i  boot by openbsd CD.
Now select the ---upgrade---,
When i came to the stage 'bsd.rd etc', i select ---abort---.

all is done .
by using  previos menu.lst , i boot openbsd in 500G by grub4dos .
After i launched openbsd , I comment out the xdm in /etc/rc.conf.local.

登録: 投稿 (Atom)