openbsd server
TRANSCRIPT
openbsd server 1 afterboot 2 crypt harddisk 3 harden the installation
o 3.1 sshd o 3.2 clear console on logout o 3.3 lockdown single user mode
4 dsl-router and firewall o 4.1 dsl connection o 4.2 firewall o 4.3 dns server bind o 4.4 dyndns
5 server: nfs, dhcp and ntp o 5.1 nfs o 5.2 dhcp o 5.3 ntp
6 isakmpd (ipsec-wlan) 7 mail-server
o 7.1 configure postfix o 7.2 dovecot imap-server o 7.3 procmail and fetchmail
8 ldap 9 cvs-server and mirror
o 9.1 cvs-server o 9.2 use repository o 9.3 mail on commit o 9.4 openbsd mirror with cvsync
10 subversion-server o 10.1 subversion-server o 10.2 use repository
11 oamp - openbsd apache mysql php o 11.1 httpd
11.1.1 ssl 11.1.2 mod_perl
o 11.2 mysql server o 11.3 php
11.3.1 phpldapadmin 12 x
o 12.1 configure o 12.2 fluxbox
13 install additional stuff o 13.1 mergemaster o 13.2 gkrellm o 13.3 wget
o 13.4 unrar o 13.5 unace o 13.6 mpd o 13.7 mplayer o 13.8 darkstat
1 afterboot read the very good manpage: # man afterboot
..* add the following line to enable linux kernel-emulation:: .. .. kern.emul.linux=1
edit fstab and add options softdep all partitions create cdrom and floppy entries in /etc/fstab:
# mkdir -p /mnt/dvd; mkdir -p /mnt/floppy # vi /etc/fstab /dev/cd0a /mnt/dvd cd9660 ro,nodev,nosuid,noauto 0 0 /dev/fd0a /mnt/floppy msdos rw,nodev,nosuid,noauto 0 0
don't use inetd:
# echo "inetd=NO" >> /etc/rc.conf.local
add an user:
# adduser
edit /etc/sudoers:
# visudo # Uncomment to allow people in group wheel to run all commands %wheel ALL=(ALL) ALL
install ports tree:
# cd /tmp # ftp ftp://ftp.openbsd.org/pub/OpenBSD/VERSION/ports.tar.gz # cd /usr # tar xzvf /tmp/ports.tar.gz
create a directory for scripts
# mkdir /usr/local/src/ # mkdir /usr/local/src/scripts # cd /root/ # ln -s /usr/local/src/scripts
2 crypt harddisk cgd is obsolete, use vnconfig
create an image file on the whole mounted partition:
# nice dd if=/dev/prandom of=/mnt/my_partition/encrypted bs=512
configure svnd0 (set password):
# vnconfig -cvk svnd0 /mnt/my_partition/encrypted
create a filesystem on svnd0c:
# newfs /dev/svnd0c # mkdir /my_partition
edit /etc/rc.local insert at the end of this file:
# svnd addition echo 'mounting crypted disks:' for count in First Second Last do wrong_pw="NO" echo -n "$count try /my_partition - " /usr/sbin/vnconfig -u svnd0 >/dev/null 2>&1 /usr/sbin/vnconfig -k svnd0 /mnt/my_partition/encrypted mount /dev/svnd0c /my_partition && break wrong_pw="YES" done if [ "X${wrong_pw}" != X"NO" ]; then echo "Password 3 times wrong." else echo "Successful." /usr/bin/midiplay -x -t 200 fi unset wrong_pw
3 harden the installation
3.1 sshd
do not permit root-login and let sshd listen on another port in /etc/ssh/sshd_config:
Port 2222 PermitRootLogin no
maybe change firewall-rules to open 2222 instead of ssh default 22
for working cvs over ssh - maybe add PORT=2222 on clients in ~/.ssh/config
3.2 clear console on logout
edit /etc/gettytab: P|Pc|Pc console:\ :np:sp#9600:\ :cl=\E[H\E[2J:
3.3 lockdown single user mode
edit /etc/ttys to change line to insecure: console "/usr/libexec/getty Pc" vt220 off insecure
4 dsl-router and firewall
4.1 dsl connection
delete old gateways: # cd /etc # cp -p mygate mygate.old # rm /etc/mygate # route delete default
first networkcard (for LAN) should be configured (during the installation process)
second networkcard connected to the dsl-modem is unconfigured
after the disconnect (24h) ppp should automatically reconnect
edit /etc/ppp/ppp.conf:
default: set log Phase Chat IPCP CCP tun command set redial 15 0 set reconnect 15 10000 pppoe: set device "!/usr/sbin/pppoe -i <second_networkcard>" set server /var/run/pppoe "" 0177 disable acfcomp protocomp deny acfcomp set mtu max 1454 set mru max 1454 set crtscts off set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname <user>@<provider> set authkey <password> add! default HISADDR enable dns resolv readonly enable mssfixup
set restrictive rights on /etc/ppp/ppp.conf:
# chmod 600 /etc/ppp/ppp.conf
edit /etc/ppp/ppp.linkup:
MYADDR: ! sh -c "/sbin/pfctl -e -F all -f /etc/pf-ppp.conf" ! sh -c "/usr/bin/midiplay -x"
edit /etc/ppp/ppp.lindown:
MYADDR: ! sh -c "/sbin/route delete default"
test your connection:
# ifconfig <second_networkcard> up media 10baseT # ppp -ddial pppoe
check /var/log/daemon
make settings static:
# echo "up media 10baseT" > /etc/hostname.<second_networkcard>
add to /etc/rc.local:
# ppp echo 'ppp'; /usr/sbin/ppp -ddial pppoe
enable ip-forwarding:
# sysctl -w net.inet.ip.forwarding=1 # vi /etc/sysctl.conf net.inet.ip.forwarding=1
4.2 firewall
edit /etc/pf.conf: ...
test pf config:
# chmod 0600 /etc/pf.conf # chmod 0600 /etc/pf-ppp.conf # pfctl -nf /etc/pf.conf # pfctl -nf /etc/pf-ppp.conf
start pf:
# /sbin/pfctl -e -F all -f /etc/pf.conf
add to /etc/rc.conf.local:
pf=YES pflogd_flags=
4.3 dns server bind
modify following lines in options section in /var/named/etc/named.conf: options { version ""; // remove this to allow version queries forwarders { <ip_of_dns_of_provider> }; listen-on port 53 { 127.0.0.1; 192.168.100.1; 192.168.110.1; }; allow-query { 127.0/16; 192.168/16; }; cleaning-interval 120; notify no; }
add following zones to /var/named/etc/named.conf:
zone "local" in { type master; file "master/local.zone"; }; zone "100.168.192.in-addr.arpa" in { type master; file "master/192.168.100.zone"; }; zone "110.168.192.in-addr.arpa" in { type master; file "master/192.168.100.zone"; };
create zone-files /var/named/master/192.168.100.zone, /var/named/master/192.168.110.zone and /var/named/master/local.zone for LAN an WLAN
edit /etc/resolv.conf:
domain local lookup file bind; nameserver 127.0.0.1
start bind after reboot:
echo 'named_flags=' >> /etc/rc.conf.local
4.4 dyndns
install ddclient:
# cd /usr/ports/net/ddclient/ # make install clean clean-depends
edit config-file for your account on dyndns.org:
# vi /etc/ddclient/ddclient.conf
test deamon:
# /usr/local/sbin/ddclient -daemon=0 -debug -verbose -noquiet
add the following lines /etc/rc.local:
# dyndns.org if [ -x /usr/local/sbin/ddclient ]; then echo -n ' ddclient'; /usr/local/sbin/ddclient -
verbose fi
5 server: nfs, dhcp and ntp
5.1 nfs
edit /etc/exports, for example: /export_directory1 -mapall=user:group -alldirs -network
192.168.0.0 -mask 255.255.0.0
start all services:
# /sbin/nfsd -tun 4 # echo -n >/var/db/mountdtab # /sbin/mountd
start nfs after reboot:
# echo 'nfs_server=YES' >> /etc/rc.conf.local
start portmap after reboot:
# echo 'portmap=YES' >> /etc/rc.conf.local
5.2 dhcp
edit /etc/dhcpd.conf, for example: # Network: 192.168.100.0/255.255.255.0 # Domain name: local # Name server: 192.168.100.1 # Default router: 192.168.100.1 # shared-network LOCAL-NET { option domain-name "local"; option domain-name-servers 192.168.100.1;
option subnet-mask 255.255.255.0; option broadcast-address 192.168.100.255; option routers 192.168.100.1; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the
local # network, the authoritative directive should be
uncommented. authoritative; subnet 192.168.100.0 netmask 255.255.255.0 { host host1_nfe0 { hardware ethernet 00:11:22:33:44:55; fixed-address host1.local; } host host2_nfe0 { hardware ethernet 00:12:22:33:44:55; fixed-address host2.local; } host host3_nfe0 { hardware ethernet 00:13:22:33:44:55; fixed-address host3.local; } host guest { fixed-address guest.local; } #range 192.168.100.110 192.168.100.120; } } shared-network WLAN-NET { subnet 192.168.110.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option domain-name-servers 192.168.110.1; option broadcast-address 192.168.110.255; option routers 192.168.110.1; host host4_en1 { hardware ethernet 00:14:22:33:44:55; fixed-address 192.168.110.105; } } }
start dhcpd (replace <internal device> with the device on which dhcpd should listen, e.g.: nfe0):
# touch /var/db/dhcpd.leases # /usr/sbin/dhcpd <internal device>
start dhcpd after reboot:
# echo 'dhcpd_flags=' >> /etc/rc.conf.local
5.3 ntp
add the following line to /etc/ntpd.conf: #listen on* listen on 192.168.100.1
start ntpd:
# /usr/sbin/ntpd
start ntpd after reboot:
# echo 'ntpd_flags=' >> /etc/rc.conf.local
6 isakmpd (ipsec-wlan) edit /etc/isakmpd/isakmpd.conf: # # isakmpd.conf # [General] Retransmits= 5 Exchange-max-time= 120 Listen-on= 192.168.110.1 Check-interval= 1 [Phase 1] # remote client (road) has dynamic IP addressing Default= road [Phase 2] # passive connection between client and server Passive-Connections= core-road [road] # phase 1: exchange authentication informations Phase= 1 Transport= udp Local-address= 192.168.110.1 Configuration= Default-main-mode Authentication= secret Default= core-road [core-road] # phase 2: establish the connection Phase= 2 ISAKMP-peer= road Configuration= Default-quick-mode Local-ID= Net-core [Net-core] # local net addressing ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0 Netmask= 0.0.0.0 [Default-main-mode] # declare our main mode of operation DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] # declare our quick mode of operation DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE
edit /etc/isakmpd/isakmpd.policy:
KeyNote-Version: 2 Comment: IKE policy v3.0 (road warrior VPN) Authorizer: "POLICY" Licensees: "passphrase:secret" Conditions: app_domain == "IPsec policy" && esp_present == "yes" && esp_enc_alg != "null" -> "true";
start isakmpd after reboot:
# echo 'isakmpd_flags=""' >> /etc/rc.conf.local
7 mail-server install mailserver software: # cd /usr/ports/mail/fetchmail # make install clean clean-depends # cd /usr/ports/mail/procmail # make install clean clean-depends # cd /usr/ports/mail/postfix/stable/ # make install clean clean-depends # cd /usr/ports/mail/dovecot # make install clean clean-depends
7.1 configure postfix
replace sendmail with postfix: # /usr/local/sbin/postfix-enable # echo 'syslogd_flags="-a /var/spool/postfix/dev/log"' >>
/etc/rc.conf.local # echo 'sendmail_flags="-bd -q30m"' >> /etc/rc.conf.local
uncomment "sendmail clientmqueue runner" in roots crontab:
# crontab -e # sendmail clientmqueue runner
#*/30 * * * * /usr/sbin/sendmail -L sm-msp -queue -Ac -q
edit following lines in /etc/postfix/main.cf leaving most lines unchanged to use the default-values:
myhostname = mail.local mydomain = local myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain mynetworks = 192.168.100.0/24, 127.0.0.0/8 relay_domains = $mydestination home_mailbox = .maildir/ mailbox_command = /usr/local/bin/procmail
edit your alias file:
# vi /etc/mail/aliases # /usr/local/sbin/postalias /etc/mail/aliases
reboot to apply changes
7.2 dovecot imap-server
create maildirs as imap user: # mkdir -p .maildir/new .maildir/cur .maildir/tmp # chmod -R 700 .maildir
edit following line in /etc/dovecot.conf:
mail_location = maildir:/home/%u/.maildir/
edit /etc/ssl/dovecot-openssl.cnf
create cert and start dovecot:
# dovecot-mkcert.sh # dovecot
add the follow lines to /etc/rc.local:
# dovecot if [ -x /usr/local/sbin/dovecot ]; then echo -n ' dovecot'; /usr/local/sbin/dovecot fi
7.3 procmail and fetchmail
create a suitable .procmailrc in mail-users home directory create a suitable .fetchmailrc in mail-users home directory
create a crontab for fetchmail as user:
# su user $ crontab -e
*/30 * * * * /usr/local/bin/fetchmail -a > /dev/null
8 ldap install ldap: # cd /usr/ports/databases/openldap/ # make install clean clean-depends # cd /usr/ports/packages/i386/all/ # pkg_add openldap-server
generate root password (used as rootpw in /etc/openldap/slapd.conf):
# /usr/local/sbin/slappasswd New password: Re-enter new password: {SSHA}secret
add/change the following lines in /etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/openldap.schema pidfile /var/openldap-data/slapd.pid argsfile /var/openldap-data/slapd.args access to attrs=userpassword by self write by dn="uid=root,dc=local" write by * compare # all user write access to adress-book access to dn.subtree="ou=global-addresbook, dc=local" by * write database ldbm suffix "dc=local" rootdn "uid=root,dc=local" rootpw {SSHA}secret index cn,sn,uid pres,eq,approx,sub index objectclass pres,eq
adjust persmissions for openldap dir:
# cd /etc # chown -R _openldap:_openldap openldap/ # chown _openldap:_openldap /var/openldap-data
setup logging:
# touch /var/log/ldap.log
# echo "/var/log/ldap.log root:wheel 640 7 250* Z" >> /etc/newsyslog.conf
add following line to /etc/syslog.conf:
local4.* /var/log/ldap.log
restart syslog:
# kill -HUP `cat /var/run/syslog.pid`
start and test:
# /usr/local/libexec/slapd -u _openldap
create file domain.txt add lines:
dn: dc=local objectclass: dcObject objectclass: organization o: local dc: local
insert file into database:
# ldapadd -x -D "uid=root,dc=local" -W -f domain.txt # ldapsearch -x -b 'dc=local' '(objectclass=*)'
add following lines in /etc/openldap/ldap.conf:
BASE dc=local URI ldap://localhost
add to /etc/rc.local:
# slapd if [ x /usr/local/libexec/slapd ]; then echo -n ' slapd'; /usr/local/libexec/slapd -u _openldap fi
add to /etc/rc.shutdown:
# slapd if [ -x /var/openldap-data/slapd.pid ]; then kill -INT `cat /var/openldap-data/slapd.pid` rm -f /var/openldap-data/slapd.* fi
9 cvs-server and mirror
9.1 cvs-server
create location of repositories: # mkdir /usr/local/cvs/ # ln -s /usr/local/cvs /cvs
starting the server in /etc/inetd.conf:
cvspserver stream tcp nowait root /usr/bin/cvs cvs -allow-root=/usr/local/cvs pserver
enable inetd in /etc/rc.conf.local
start inetd:
# inetd
create group and add users:
# groupadd cvs # usermod -G cvs username # cd /cvs # chgrp -R cvs . # chmod ug+rwx . CVSROOT
for local access simply use:
# export CVSROOT=/cvs
9.2 use repository
create repository on the server: # cvs -d /cvs/your_project init
create initial import from client:
# export CVS_RSH=ssh # export CVSROOT=:ext:user@cvsserver:/cvs # cd /your/project # cvs import -m "initial import" your_project user START
checkout your new project from server to client:
# cvs checkout your_project
list changes from client:
# cvs -n update # cvs status <file> # cvs diff -rX.X <file>
commit changes:
# cvs commit <file> # cvs update
project releases:
# cvs -q tag <releasename> # cvs -q export -r <releasename> -d your_project-0.1 your_project # tar -czvf your_project-0.1.tar.gz your_project-0.1.cdr
9.3 mail on commit
on the client:
# cvs checkout CVSROOT # cd CVSROOT/ # cvs edit loginfo # cvs edit commitinfo
add following line to loginfo:
DEFAULT $CVSROOT/CVSROOT/log_accum -m source-changes@localhost -f $CVSROOT/CVSROOT/ChangeLog %s
add following line to commitinfo:
DEFAULT $CVSROOT/CVSROOT/commit_prep -r
and commit changes:
# cvs commit -m ``enabled commit email notification'' loginfo commitinfo
on the server:
# cp /usr/libexec/cvs/contrib/log_accum /cvs/your_project/CVSROOT/ # cp /usr/libexec/cvs/contrib/commit_prep
/cvs/your_project/CVSROOT/ # chmod 755 /cvs/your_project/CVSROOT/log_accum # chmod 755 /cvs/your_project/CVSROOT/commit_prep
finally you need to change the path to sendmail binary in log_accum
9.4 openbsd mirror with cvsync
install cvsync: # cd /usr/ports/net/cvsync # make install clean clean-depends
add following to /etc/cvsync.conf:
config { hostname cvsync.de.openbsd.org # If your network link is a T1 or faster, comment out the
following line. compress collection { name openbsd release rcs prefix /cvs/openbsd umask 002 } }
start sync:
# cd /cvs # mkdir /cvs/openbsd # cvsync
running sync and checkout as script:
#!/bin/sh
# cvsync echo "==> starting cvsync" cd /cvs/openbsd /usr/local/bin/cvsync chown -R user:cvs /cvs/openbsd export CVSROOT=/cvs/openbsd # local www checkout echo "==> starting local www checkout" cd /var/www/htdocs/ cvs -q checkout www
add script as cronjob
10 subversion-server install subversion: # cd /usr/ports/devel/subversion/ # make install clean clean-depends
10.1 subversion-server
create location of repository: # ln -s /usr/local/svn /svn
create group and add users:
# groupadd svn # usermod -G svn user # cd /usr/local/svn # chown -R _svnserve . # chgrp -R svn . # chmod -R 775 your_project
starting the server:
# sudo useradd -u980 -gsvn -c"svnserve daemon" -d/svn -s/sbin/nologin _svnserve
# /usr/bin/sudo -u _svnserve /usr/local/bin/svnserve --listen-host 0.0.0.0 -d -r /svn
add subversion server to /etc/rc.local:
# svnserve if [ -x /usr/local/bin/svnserve ]; then echo -n ' svnserve'; /usr/bin/sudo -u _svnserve
/usr/local/bin/svnserve --listen-host 0.0.0.0 -d -r /svn fi
10.2 use repository
create repository on server: # svnadmin create /svn/your_project
local checkout:
# svn co file:///svn/your_project
remote checkout:
# svn co svn+ssh://server/svn/your_project
create initial import from client:
# mkdir trunk branches tags # svn add trunk/ branches/ tags/ # svn commit -m "inital layout"
11 oamp - openbsd apache mysql php
11.1 httpd
11.1.1 ssl
generate an rsa cert: # openssl genrsa -out /etc/ssl/private/server.key 2048
generate certificate signing request:
# openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr
let CA sign the key - or sign it self:
# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
insert an entry in /etc/rc.conf.local: # echo 'httpd_flags="-DSSL"' >> /etc/rc.conf.local
restart apache
# apachectl stop # apachectl start
11.1.2 mod_perl
install mod_perl: # cd /usr/ports/www/mod_perl # make install clean clean-depends # /usr/local/sbin/mod_perl-enable
11.2 mysql server
install mysql-server: # cd /usr/ports/databases/mysql
# env SUBPACKAGE=-server make install clean
edit /etc/rc.conf.local and add the following line:
shlib_dirs="$shlib_dirs /usr/local/lib/mysql" # extra directories for ldconfig
init database and set the root password for the database:
# /usr/local/bin/mysql_install_db # /usr/local/bin/mysqld_safe & # /usr/local/bin/mysqladmin -u root password newpassword # /usr/local/bin/mysqladmin -u root -p -h hostname password
'newpassword'
edit /etc/rc.conf.local and add the following line:
mysql=YES
edit /etc/rc.local and add the following lines:
if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/mysqld_safe ]; then
echo -n " mysqld"; /usr/local/bin/mysqld_safe -user=_mysql -log &
for i in 1 2 3 4 5 6; do if [ -S /var/run/mysql/mysql.sock ]; then break else sleep 1 echo -n "." fi done # # Apache chroot Settings mkdir -p /var/www/var/run/mysql ln -f /var/run/mysql/mysql.sock
/var/www/var/run/mysql/mysql.sock # # Postfix chroot Settings if [ "X${postfix_flags}" != X"NO" ]; then mkdir -p /var/spool/postfix/var/run/mysql ln -f /var/run/mysql/mysql.sock
/var/spool/postfix/var/run/mysql/mysql.sock fi fi
11.3 php
install php: # cd /usr/ports/www/php5/ # make install clean clean-depends # /usr/local/sbin/phpxs -s
uncomment the following in /var/www/conf/httpd.conf:
AddType application/x-httpd-php .php
and add index.php to DirectoryIndex:
DirectoryIndex index.html index.php
copy php.ini:
# cp /usr/local/share/examples/php5/php.ini-recommended \ /var/www/conf/php.ini
add and activate mysql extension:
# cd /usr/ports/packages/i386/all/ # pkg_add php5-mysql # /usr/local/sbin/phpxs -a mysql
add and activate imap extension:
# cd /usr/ports/packages/i386/all/ # pkg_add php5-imap # /usr/local/sbin/phpxs -a imap
add and activate ldap extension:
# cd /usr/ports/packages/i386/all/ # pkg_add php5-ldap # /usr/local/sbin/phpxs -a ldap
restart apache
# apachectl stop # apachectl start
11.3.1 phpldapadmin
install phpldapadmin: # cd /usr/ports/www/phpldapadmin # make install clean clean-depends
install and activate php-ldap if not done already:
# cd /usr/ports/packages/i386/all/ # pkg_add php5-ldap # /usr/local/sbin/phpxs -a ldap
set a softlink for phpldapadmin:
# ln -s ../phpldapadmin-1.0.1 /var/www/htdocs/phpldapadmin
edit /var/www/phpldapadmin-1.0.1/config/config.php to configure phpldapadmin
maybe create tmp directory if not done already and set it in config.php:
# mkdir /var/www/tmp # chown www:daemon /var/www/tmp # chmod 1755 /var/www/tmp
12 x
12.1 configure
enable (according to platform) machdep.allowaperture in /etc/sysctl.conf boot from knoppix and copy x config or run X -configure
maybe install pciutils to detect vga-card bus:
# /usr/ports/sysutils/pciutils # make install clean clean-depends # /usr/local/sbin/lspci -v
12.2 fluxbox
install fluxbox: # cd /usr/ports/x11/fluxbox # make install clean clean-depends
13 install additional stuff
13.1 mergemaster
install mergemaster: # cd /usr/ports/sysutils/mergemaster/ # make install clean clean-depends
13.2 gkrellm
install gkrellm and plugins: # cd /usr/ports/sysutils/gkrellm # make install clean clean-depends
edit at least the following lines /etc/gkrellmd.conf:
update-hz 3 max-clients 2 port 19150 allow-host localhost allow-host 192.168.100.*
add the specified gkrellm-user ang group to your system
add the following lines to /etc/rc.local:
# gkrellmd if [ -x /usr/local/sbin/gkrellmd ]; then echo -n ' gkrellmd'; /usr/local/sbin/gkrellmd -d fi
from clients use:
# gkrellm -s <server_ip>
13.3 wget
install wget: # cd /usr/ports/net/wget # make install clean clean-depends
13.4 unrar
install unrar: # cd /usr/ports/archivers/unrar # make install clean clean-depends
13.5 unace
install unace: # cd /usr/ports/archivers/unace # make install clean clean-depends
13.6 mpd
install mpd: # cd /usr/ports/audio/mpd # make install clean clean-depends
edit /etc/mpd.conf
start mpd:
# /usr/local/sbin/mpd
add the following lines to /etc/rc.local:
if [ -x /usr/local/sbin/mpd ]; then echo -n ' mpd'; /usr/local/sbin/mpd fi
13.7 mplayer
install mplayer: # cd /usr/ports/x11/mplayer # env FLAVOR="mad esd sdl ggi" make install clean clean-depends
add the following line to /etc/sysctl.conf:
kern.shminfo.shmall=32768
13.8 darkstat
install darkstat: # cd /usr/ports/net/darkstat # make install clean clean-depends
add the following lines to /etc/rc.local:
if [ -x /usr/local/sbin/darkstat ]; then echo -n ' darkstat'; /usr/local/sbin/darkstat -n -i
pppoe0 -p 80 -b 192.168.100.1 >/dev/null 2>&1 fi