openbsd server 1       afterboot 2       crypt harddisk 3       harden the installation

o 3.1       sshd o 3.2       clear console on logout o 3.3       lockdown single user mode

4       dsl-router and firewall o 4.1       dsl connection o 4.2       firewall o 4.3       dns server bind o 4.4       dyndns

5       server: nfs, dhcp and ntp o 5.1       nfs o 5.2       dhcp o 5.3       ntp

6       isakmpd (ipsec-wlan) 7       mail-server

o 7.1       configure postfix o 7.2       dovecot imap-server o 7.3       procmail and fetchmail

8       ldap 9       cvs-server and mirror

o 9.1       cvs-server o 9.2       use repository o 9.3       mail on commit o 9.4       openbsd mirror with cvsync

10       subversion-server o 10.1       subversion-server o 10.2       use repository

11       oamp - openbsd apache mysql php o 11.1       httpd

11.1.1       ssl 11.1.2       mod_perl

o 11.2       mysql server o 11.3       php

11.3.1       phpldapadmin 12       x

o 12.1       configure o 12.2       fluxbox

13       install additional stuff o 13.1       mergemaster o 13.2       gkrellm o 13.3       wget

o 13.4       unrar o 13.5       unace o 13.6       mpd o 13.7       mplayer o 13.8       darkstat

1       afterboot read the very good manpage: # man afterboot

..* add the following line to enable linux kernel-emulation:: .. .. kern.emul.linux=1

edit fstab and add options softdep all partitions create cdrom and floppy entries in /etc/fstab:

# mkdir -p /mnt/dvd; mkdir -p /mnt/floppy # vi /etc/fstab /dev/cd0a /mnt/dvd cd9660 ro,nodev,nosuid,noauto 0 0 /dev/fd0a /mnt/floppy msdos rw,nodev,nosuid,noauto 0 0

don't use inetd:

# echo "inetd=NO" >> /etc/rc.conf.local

add an user:

# adduser

edit /etc/sudoers:

# visudo # Uncomment to allow people in group wheel to run all commands %wheel ALL=(ALL) ALL

install ports tree:

# cd /tmp # ftp ftp://ftp.openbsd.org/pub/OpenBSD/VERSION/ports.tar.gz # cd /usr # tar xzvf /tmp/ports.tar.gz

create a directory for scripts

# mkdir /usr/local/src/ # mkdir /usr/local/src/scripts # cd /root/ # ln -s /usr/local/src/scripts

2       crypt harddisk cgd is obsolete, use vnconfig

create an image file on the whole mounted partition:

# nice dd if=/dev/prandom of=/mnt/my_partition/encrypted bs=512

configure svnd0 (set password):

# vnconfig -cvk svnd0 /mnt/my_partition/encrypted

create a filesystem on svnd0c:

# newfs /dev/svnd0c # mkdir /my_partition

edit /etc/rc.local insert at the end of this file:

# svnd addition echo 'mounting crypted disks:' for count in First Second Last do wrong_pw="NO" echo -n "$count try /my_partition - " /usr/sbin/vnconfig -u svnd0 >/dev/null 2>&1 /usr/sbin/vnconfig -k svnd0 /mnt/my_partition/encrypted mount /dev/svnd0c /my_partition && break wrong_pw="YES" done if [ "X${wrong_pw}" != X"NO" ]; then echo "Password 3 times wrong." else echo "Successful." /usr/bin/midiplay -x -t 200 fi unset wrong_pw

3       harden the installation

3.1       sshd

do not permit root-login and let sshd listen on another port in /etc/ssh/sshd_config:

Port 2222 PermitRootLogin no

maybe change firewall-rules to open 2222 instead of ssh default 22

for working cvs over ssh - maybe add PORT=2222 on clients in ~/.ssh/config

3.2       clear console on logout

edit /etc/gettytab: P|Pc|Pc console:\ :np:sp#9600:\ :cl=\E[H\E[2J:

3.3       lockdown single user mode

edit /etc/ttys to change line to insecure: console "/usr/libexec/getty Pc" vt220 off insecure

4       dsl-router and firewall

4.1       dsl connection

delete old gateways: # cd /etc # cp -p mygate mygate.old # rm /etc/mygate # route delete default

first networkcard (for LAN) should be configured (during the installation process)

second networkcard connected to the dsl-modem is unconfigured

after the disconnect (24h) ppp should automatically reconnect

edit /etc/ppp/ppp.conf:

default: set log Phase Chat IPCP CCP tun command set redial 15 0 set reconnect 15 10000 pppoe: set device "!/usr/sbin/pppoe -i <second_networkcard>" set server /var/run/pppoe "" 0177 disable acfcomp protocomp deny acfcomp set mtu max 1454 set mru max 1454 set crtscts off set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname <user>@<provider> set authkey <password> add! default HISADDR enable dns resolv readonly enable mssfixup

set restrictive rights on /etc/ppp/ppp.conf:

# chmod 600 /etc/ppp/ppp.conf

edit /etc/ppp/ppp.linkup:

MYADDR: ! sh -c "/sbin/pfctl -e -F all -f /etc/pf-ppp.conf" ! sh -c "/usr/bin/midiplay -x"

edit /etc/ppp/ppp.lindown:

MYADDR: ! sh -c "/sbin/route delete default"

test your connection:

# ifconfig <second_networkcard> up media 10baseT # ppp -ddial pppoe

check /var/log/daemon

make settings static:

# echo "up media 10baseT" > /etc/hostname.<second_networkcard>

add to /etc/rc.local:

# ppp echo 'ppp'; /usr/sbin/ppp -ddial pppoe

enable ip-forwarding:

# sysctl -w net.inet.ip.forwarding=1 # vi /etc/sysctl.conf net.inet.ip.forwarding=1

4.2       firewall

edit /etc/pf.conf: ...

test pf config:

# chmod 0600 /etc/pf.conf # chmod 0600 /etc/pf-ppp.conf # pfctl -nf /etc/pf.conf # pfctl -nf /etc/pf-ppp.conf

start pf:

# /sbin/pfctl -e -F all -f /etc/pf.conf

add to /etc/rc.conf.local:

pf=YES pflogd_flags=

4.3       dns server bind

modify following lines in options section in /var/named/etc/named.conf: options { version ""; // remove this to allow version queries forwarders { <ip_of_dns_of_provider> }; listen-on port 53 { 127.0.0.1; 192.168.100.1; 192.168.110.1; }; allow-query { 127.0/16; 192.168/16; }; cleaning-interval 120; notify no; }

add following zones to /var/named/etc/named.conf:

zone "local" in { type master; file "master/local.zone"; }; zone "100.168.192.in-addr.arpa" in { type master; file "master/192.168.100.zone"; }; zone "110.168.192.in-addr.arpa" in { type master; file "master/192.168.100.zone"; };

create zone-files /var/named/master/192.168.100.zone, /var/named/master/192.168.110.zone and /var/named/master/local.zone for LAN an WLAN

edit /etc/resolv.conf:

domain local lookup file bind; nameserver 127.0.0.1

start bind after reboot:

echo 'named_flags=' >> /etc/rc.conf.local

4.4       dyndns

install ddclient:

# cd /usr/ports/net/ddclient/ # make install clean clean-depends

edit config-file for your account on dyndns.org:

# vi /etc/ddclient/ddclient.conf

test deamon:

# /usr/local/sbin/ddclient -daemon=0 -debug -verbose -noquiet

add the following lines /etc/rc.local:

# dyndns.org if [ -x /usr/local/sbin/ddclient ]; then echo -n ' ddclient'; /usr/local/sbin/ddclient -

verbose fi

5       server: nfs, dhcp and ntp

5.1       nfs

edit /etc/exports, for example: /export_directory1 -mapall=user:group -alldirs -network

192.168.0.0 -mask 255.255.0.0

start all services:

# /sbin/nfsd -tun 4 # echo -n >/var/db/mountdtab # /sbin/mountd

start nfs after reboot:

# echo 'nfs_server=YES' >> /etc/rc.conf.local

start portmap after reboot:

# echo 'portmap=YES' >> /etc/rc.conf.local

5.2       dhcp

edit /etc/dhcpd.conf, for example: # Network: 192.168.100.0/255.255.255.0 # Domain name: local # Name server: 192.168.100.1 # Default router: 192.168.100.1 # shared-network LOCAL-NET { option domain-name "local"; option domain-name-servers 192.168.100.1;

option subnet-mask 255.255.255.0; option broadcast-address 192.168.100.255; option routers 192.168.100.1; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the

local # network, the authoritative directive should be

uncommented. authoritative; subnet 192.168.100.0 netmask 255.255.255.0 { host host1_nfe0 { hardware ethernet 00:11:22:33:44:55; fixed-address host1.local; } host host2_nfe0 { hardware ethernet 00:12:22:33:44:55; fixed-address host2.local; } host host3_nfe0 { hardware ethernet 00:13:22:33:44:55; fixed-address host3.local; } host guest { fixed-address guest.local; } #range 192.168.100.110 192.168.100.120; } } shared-network WLAN-NET { subnet 192.168.110.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option domain-name-servers 192.168.110.1; option broadcast-address 192.168.110.255; option routers 192.168.110.1; host host4_en1 { hardware ethernet 00:14:22:33:44:55; fixed-address 192.168.110.105; } } }

start dhcpd (replace <internal device> with the device on which dhcpd should listen, e.g.: nfe0):

# touch /var/db/dhcpd.leases # /usr/sbin/dhcpd <internal device>

start dhcpd after reboot:

# echo 'dhcpd_flags=' >> /etc/rc.conf.local

5.3       ntp

add the following line to /etc/ntpd.conf: #listen on* listen on 192.168.100.1

start ntpd:

# /usr/sbin/ntpd

start ntpd after reboot:

# echo 'ntpd_flags=' >> /etc/rc.conf.local

6       isakmpd (ipsec-wlan) edit /etc/isakmpd/isakmpd.conf: # # isakmpd.conf # [General] Retransmits= 5 Exchange-max-time= 120 Listen-on= 192.168.110.1 Check-interval= 1 [Phase 1] # remote client (road) has dynamic IP addressing Default= road [Phase 2] # passive connection between client and server Passive-Connections= core-road [road] # phase 1: exchange authentication informations Phase= 1 Transport= udp Local-address= 192.168.110.1 Configuration= Default-main-mode Authentication= secret Default= core-road [core-road] # phase 2: establish the connection Phase= 2 ISAKMP-peer= road Configuration= Default-quick-mode Local-ID= Net-core [Net-core] # local net addressing ID-type= IPV4_ADDR_SUBNET

Network= 0.0.0.0 Netmask= 0.0.0.0 [Default-main-mode] # declare our main mode of operation DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] # declare our quick mode of operation DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE

edit /etc/isakmpd/isakmpd.policy:

KeyNote-Version: 2 Comment: IKE policy v3.0 (road warrior VPN) Authorizer: "POLICY" Licensees: "passphrase:secret" Conditions: app_domain == "IPsec policy" && esp_present == "yes" && esp_enc_alg != "null" -> "true";

start isakmpd after reboot:

# echo 'isakmpd_flags=""' >> /etc/rc.conf.local

7       mail-server install mailserver software: # cd /usr/ports/mail/fetchmail # make install clean clean-depends # cd /usr/ports/mail/procmail # make install clean clean-depends # cd /usr/ports/mail/postfix/stable/ # make install clean clean-depends # cd /usr/ports/mail/dovecot # make install clean clean-depends

7.1       configure postfix

replace sendmail with postfix: # /usr/local/sbin/postfix-enable # echo 'syslogd_flags="-a /var/spool/postfix/dev/log"' >>

/etc/rc.conf.local # echo 'sendmail_flags="-bd -q30m"' >> /etc/rc.conf.local

uncomment "sendmail clientmqueue runner" in roots crontab:

# crontab -e # sendmail clientmqueue runner

#*/30 * * * * /usr/sbin/sendmail -L sm-msp -queue -Ac -q

edit following lines in /etc/postfix/main.cf leaving most lines unchanged to use the default-values:

myhostname = mail.local mydomain = local myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost,

$mydomain mynetworks = 192.168.100.0/24, 127.0.0.0/8 relay_domains = $mydestination home_mailbox = .maildir/ mailbox_command = /usr/local/bin/procmail

edit your alias file:

# vi /etc/mail/aliases # /usr/local/sbin/postalias /etc/mail/aliases

reboot to apply changes

7.2       dovecot imap-server

create maildirs as imap user: # mkdir -p .maildir/new .maildir/cur .maildir/tmp # chmod -R 700 .maildir

edit following line in /etc/dovecot.conf:

mail_location = maildir:/home/%u/.maildir/

edit /etc/ssl/dovecot-openssl.cnf

create cert and start dovecot:

# dovecot-mkcert.sh # dovecot

add the follow lines to /etc/rc.local:

# dovecot if [ -x /usr/local/sbin/dovecot ]; then echo -n ' dovecot'; /usr/local/sbin/dovecot fi

7.3       procmail and fetchmail

create a suitable .procmailrc in mail-users home directory create a suitable .fetchmailrc in mail-users home directory

create a crontab for fetchmail as user:

# su user $ crontab -e

*/30 * * * * /usr/local/bin/fetchmail -a > /dev/null

8       ldap install ldap: # cd /usr/ports/databases/openldap/ # make install clean clean-depends # cd /usr/ports/packages/i386/all/ # pkg_add openldap-server

generate root password (used as rootpw in /etc/openldap/slapd.conf):

# /usr/local/sbin/slappasswd New password: Re-enter new password: {SSHA}secret

add/change the following lines in /etc/openldap/slapd.conf:

include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/openldap.schema pidfile /var/openldap-data/slapd.pid argsfile /var/openldap-data/slapd.args access to attrs=userpassword by self write by dn="uid=root,dc=local" write by * compare # all user write access to adress-book access to dn.subtree="ou=global-addresbook, dc=local" by * write database ldbm suffix "dc=local" rootdn "uid=root,dc=local" rootpw {SSHA}secret index cn,sn,uid pres,eq,approx,sub index objectclass pres,eq

adjust persmissions for openldap dir:

# cd /etc # chown -R _openldap:_openldap openldap/ # chown _openldap:_openldap /var/openldap-data

setup logging:

# touch /var/log/ldap.log

# echo "/var/log/ldap.log root:wheel 640 7 250* Z" >> /etc/newsyslog.conf

add following line to /etc/syslog.conf:

local4.* /var/log/ldap.log

restart syslog:

# kill -HUP `cat /var/run/syslog.pid`

start and test:

# /usr/local/libexec/slapd -u _openldap

create file domain.txt add lines:

dn: dc=local objectclass: dcObject objectclass: organization o: local dc: local

insert file into database:

# ldapadd -x -D "uid=root,dc=local" -W -f domain.txt # ldapsearch -x -b 'dc=local' '(objectclass=*)'

add following lines in /etc/openldap/ldap.conf:

BASE dc=local URI ldap://localhost

add to /etc/rc.local:

# slapd if [ x /usr/local/libexec/slapd ]; then echo -n ' slapd'; /usr/local/libexec/slapd -u _openldap fi

add to /etc/rc.shutdown:

# slapd if [ -x /var/openldap-data/slapd.pid ]; then kill -INT `cat /var/openldap-data/slapd.pid` rm -f /var/openldap-data/slapd.* fi

9       cvs-server and mirror

9.1       cvs-server

create location of repositories: # mkdir /usr/local/cvs/ # ln -s /usr/local/cvs /cvs

starting the server in /etc/inetd.conf:

cvspserver stream tcp nowait root /usr/bin/cvs cvs -allow-root=/usr/local/cvs pserver

enable inetd in /etc/rc.conf.local

start inetd:

# inetd

create group and add users:

# groupadd cvs # usermod -G cvs username # cd /cvs # chgrp -R cvs . # chmod ug+rwx . CVSROOT

for local access simply use:

# export CVSROOT=/cvs

9.2       use repository

create repository on the server: # cvs -d /cvs/your_project init

create initial import from client:

# export CVS_RSH=ssh # export CVSROOT=:ext:user@cvsserver:/cvs # cd /your/project # cvs import -m "initial import" your_project user START

checkout your new project from server to client:

# cvs checkout your_project

list changes from client:

# cvs -n update # cvs status <file> # cvs diff -rX.X <file>

commit changes:

# cvs commit <file> # cvs update

project releases:

# cvs -q tag <releasename> # cvs -q export -r <releasename> -d your_project-0.1 your_project # tar -czvf your_project-0.1.tar.gz your_project-0.1.cdr

9.3       mail on commit

on the client:

# cvs checkout CVSROOT # cd CVSROOT/ # cvs edit loginfo # cvs edit commitinfo

add following line to loginfo:

DEFAULT $CVSROOT/CVSROOT/log_accum -m source-changes@localhost -f $CVSROOT/CVSROOT/ChangeLog %s

add following line to commitinfo:

DEFAULT $CVSROOT/CVSROOT/commit_prep -r

and commit changes:

# cvs commit -m ``enabled commit email notification'' loginfo commitinfo

on the server:

# cp /usr/libexec/cvs/contrib/log_accum /cvs/your_project/CVSROOT/ # cp /usr/libexec/cvs/contrib/commit_prep

/cvs/your_project/CVSROOT/ # chmod 755 /cvs/your_project/CVSROOT/log_accum # chmod 755 /cvs/your_project/CVSROOT/commit_prep

finally you need to change the path to sendmail binary in log_accum

9.4       openbsd mirror with cvsync

install cvsync: # cd /usr/ports/net/cvsync # make install clean clean-depends

add following to /etc/cvsync.conf:

config { hostname cvsync.de.openbsd.org # If your network link is a T1 or faster, comment out the

following line. compress collection { name openbsd release rcs prefix /cvs/openbsd umask 002 } }

start sync:

# cd /cvs # mkdir /cvs/openbsd # cvsync

running sync and checkout as script:

#!/bin/sh

# cvsync echo "==> starting cvsync" cd /cvs/openbsd /usr/local/bin/cvsync chown -R user:cvs /cvs/openbsd export CVSROOT=/cvs/openbsd # local www checkout echo "==> starting local www checkout" cd /var/www/htdocs/ cvs -q checkout www

add script as cronjob

10       subversion-server install subversion: # cd /usr/ports/devel/subversion/ # make install clean clean-depends

10.1       subversion-server

create location of repository: # ln -s /usr/local/svn /svn

create group and add users:

# groupadd svn # usermod -G svn user # cd /usr/local/svn # chown -R _svnserve . # chgrp -R svn . # chmod -R 775 your_project

starting the server:

# sudo useradd -u980 -gsvn -c"svnserve daemon" -d/svn -s/sbin/nologin _svnserve

# /usr/bin/sudo -u _svnserve /usr/local/bin/svnserve --listen-host 0.0.0.0 -d -r /svn

add subversion server to /etc/rc.local:

# svnserve if [ -x /usr/local/bin/svnserve ]; then echo -n ' svnserve'; /usr/bin/sudo -u _svnserve

/usr/local/bin/svnserve --listen-host 0.0.0.0 -d -r /svn fi

10.2       use repository

create repository on server: # svnadmin create /svn/your_project

local checkout:

# svn co file:///svn/your_project

remote checkout:

# svn co svn+ssh://server/svn/your_project

create initial import from client:

# mkdir trunk branches tags # svn add trunk/ branches/ tags/ # svn commit -m "inital layout"

11       oamp - openbsd apache mysql php

11.1       httpd

11.1.1       ssl

generate an rsa cert: # openssl genrsa -out /etc/ssl/private/server.key 2048

generate certificate signing request:

# openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr

let CA sign the key - or sign it self:

# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt

insert an entry in /etc/rc.conf.local: # echo 'httpd_flags="-DSSL"' >> /etc/rc.conf.local

restart apache

# apachectl stop # apachectl start

11.1.2       mod_perl

install mod_perl: # cd /usr/ports/www/mod_perl # make install clean clean-depends # /usr/local/sbin/mod_perl-enable

11.2       mysql server

install mysql-server: # cd /usr/ports/databases/mysql

# env SUBPACKAGE=-server make install clean

edit /etc/rc.conf.local and add the following line:

shlib_dirs="$shlib_dirs /usr/local/lib/mysql" # extra directories for ldconfig

init database and set the root password for the database:

# /usr/local/bin/mysql_install_db # /usr/local/bin/mysqld_safe & # /usr/local/bin/mysqladmin -u root password newpassword # /usr/local/bin/mysqladmin -u root -p -h hostname password

'newpassword'

edit /etc/rc.conf.local and add the following line:

mysql=YES

edit /etc/rc.local and add the following lines:

if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/mysqld_safe ]; then

echo -n " mysqld"; /usr/local/bin/mysqld_safe -user=_mysql -log &

for i in 1 2 3 4 5 6; do if [ -S /var/run/mysql/mysql.sock ]; then break else sleep 1 echo -n "." fi done # # Apache chroot Settings mkdir -p /var/www/var/run/mysql ln -f /var/run/mysql/mysql.sock

/var/www/var/run/mysql/mysql.sock # # Postfix chroot Settings if [ "X${postfix_flags}" != X"NO" ]; then mkdir -p /var/spool/postfix/var/run/mysql ln -f /var/run/mysql/mysql.sock

/var/spool/postfix/var/run/mysql/mysql.sock fi fi

11.3       php

install php: # cd /usr/ports/www/php5/ # make install clean clean-depends # /usr/local/sbin/phpxs -s

uncomment the following in /var/www/conf/httpd.conf:

AddType application/x-httpd-php .php

and add index.php to DirectoryIndex:

DirectoryIndex index.html index.php

copy php.ini:

# cp /usr/local/share/examples/php5/php.ini-recommended \ /var/www/conf/php.ini

add and activate mysql extension:

# cd /usr/ports/packages/i386/all/ # pkg_add php5-mysql # /usr/local/sbin/phpxs -a mysql

add and activate imap extension:

# cd /usr/ports/packages/i386/all/ # pkg_add php5-imap # /usr/local/sbin/phpxs -a imap

add and activate ldap extension:

# cd /usr/ports/packages/i386/all/ # pkg_add php5-ldap # /usr/local/sbin/phpxs -a ldap

restart apache

# apachectl stop # apachectl start

11.3.1       phpldapadmin

install phpldapadmin: # cd /usr/ports/www/phpldapadmin # make install clean clean-depends

install and activate php-ldap if not done already:

# cd /usr/ports/packages/i386/all/ # pkg_add php5-ldap # /usr/local/sbin/phpxs -a ldap

set a softlink for phpldapadmin:

# ln -s ../phpldapadmin-1.0.1 /var/www/htdocs/phpldapadmin

edit /var/www/phpldapadmin-1.0.1/config/config.php to configure phpldapadmin

maybe create tmp directory if not done already and set it in config.php:

# mkdir /var/www/tmp # chown www:daemon /var/www/tmp # chmod 1755 /var/www/tmp

12       x

12.1       configure

enable (according to platform) machdep.allowaperture in /etc/sysctl.conf boot from knoppix and copy x config or run X -configure

maybe install pciutils to detect vga-card bus:

# /usr/ports/sysutils/pciutils # make install clean clean-depends # /usr/local/sbin/lspci -v

12.2       fluxbox

install fluxbox: # cd /usr/ports/x11/fluxbox # make install clean clean-depends

13       install additional stuff

13.1       mergemaster

install mergemaster: # cd /usr/ports/sysutils/mergemaster/ # make install clean clean-depends

13.2       gkrellm

install gkrellm and plugins: # cd /usr/ports/sysutils/gkrellm # make install clean clean-depends

edit at least the following lines /etc/gkrellmd.conf:

update-hz 3 max-clients 2 port 19150 allow-host localhost allow-host 192.168.100.*

add the specified gkrellm-user ang group to your system

add the following lines to /etc/rc.local:

# gkrellmd if [ -x /usr/local/sbin/gkrellmd ]; then echo -n ' gkrellmd'; /usr/local/sbin/gkrellmd -d fi

from clients use:

# gkrellm -s <server_ip>

13.3       wget

install wget: # cd /usr/ports/net/wget # make install clean clean-depends

13.4       unrar

install unrar: # cd /usr/ports/archivers/unrar # make install clean clean-depends

13.5       unace

install unace: # cd /usr/ports/archivers/unace # make install clean clean-depends

13.6       mpd

install mpd: # cd /usr/ports/audio/mpd # make install clean clean-depends

edit /etc/mpd.conf

start mpd:

# /usr/local/sbin/mpd

add the following lines to /etc/rc.local:

if [ -x /usr/local/sbin/mpd ]; then echo -n ' mpd'; /usr/local/sbin/mpd fi

13.7       mplayer

install mplayer: # cd /usr/ports/x11/mplayer # env FLAVOR="mad esd sdl ggi" make install clean clean-depends

add the following line to /etc/sysctl.conf:

kern.shminfo.shmall=32768

13.8       darkstat

install darkstat: # cd /usr/ports/net/darkstat # make install clean clean-depends

add the following lines to /etc/rc.local:

if [ -x /usr/local/sbin/darkstat ]; then echo -n ' darkstat'; /usr/local/sbin/darkstat -n -i

pppoe0 -p 80 -b 192.168.100.1 >/dev/null 2>&1 fi