CS & IT Solutions

For a long time I use to see reports of brute force SSH attacks aganist my FreeBSD machines in mailbox every morning. Finnaly I got fed up not that they were even getting close to getting in but just tired of getting these huge reports. So I decided it was time to do something about it. First let me say I run PF (BSD Packet Filter) on all my FreeBSD machines. Its quite easy to setup so I will start there.

1. Rebuild your kernel to enable ALTQ being able to trottle bandwidth is pretty cool (optional)
   1. Create a folder in /root called /kernels
      

      [root@test] [/usr/src/sys/i386/conf]# mkdir /root/kernels

   2. Make a copy of the GENERIC kernerl profile and place it in the /root/kernels directory. Keep in mind that if your running say an AMD64 this directory will be slightly different.

      [root@test] [/usr/src/sys/i386/conf]# cp GENERIC /root/kernels/

   3. Rename the file to something else like GENERIC-PF
      

      [root@test] [/usr/src/sys/i386/conf]# mv /root/kernels/GENERIC /root/kernles/GENERIC-PF

   4. Link the new kernel file to directory where your kernel configuration files exist.

      [root@test] [/usr/src/sys/i386/conf]# ln -s /root/kernels/GENERIC-PF

   5. Open the file in your favorite editor (vi for me)

      [root@test] [/usr/src/sys/i386/conf]# vi GENERIC-PF

      You may want to change the ident so that it reflects the changes you make to the kernel as well.

      ident         GENERIC-PF

      and add the following lines below the last line that starts with option and above the first line that beings with device.
      

      options         ALTQ
      options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
      options         ALTQ_RED        # Random Early Detection (RED)
      options         ALTQ_RIO        # RED In/Out
      options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
      options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
      options         ALTQ_NOPCC      # Required for SMP build
      

   6. Rebuild your kernel
      [root@test] [/usr/src/sys/i386/conf]# cd ../../../ Read the rest of this entry »

Squid2MySQL for FreeBSD 5.2 (08.07.2004 r)

What Squid2MySQL? This authorization, and accounting traffic users
Internet. There is a proxy-server Squid (http://www.squid-cache.org/)
and the database MySQL, (http://dev.mysql.com/)
Squid caching of information involved, and MySQL stores information about
user (name, password, URL and downloaded, etc.).
Binder link – it Squid2MySQL (http://evc.fromru.com/squid2mysql/download.html) 1.0.0
by Eugene V. Chernyshev for Linux.

For those who use Linux as the OS for servers – it will be better
Visit poster’s Squid2MySQL and use information from
Copyright (http://evc.fromru.com/squid2mysql/download.html) site.
I just ported squid2mysql under FreeBSD, and corrected a few errors
them were reported to the author for correspondence e-mail.

This article describes the stages and features of the installation of the corrected
version squid2mysql under FreeBSD.
Let’s go …

1) must be installed MySQL, Squid and Perl. Check
efficiency of these programs: go to MySQL, make a simple
request to table mysql; check Perl command perl-v; do not forget
do for Squid base command squid-z. Check the DNS team
nslookup host, if there will be problems with DNS, you will not run Squid.

2) Download the archive squid2mysql (http://www.uvsw.narod.ru/project/squid2mysql_v.tar.gz)
under FreeBSD (~ 600 Kb) and unpack

# Tar-zxvf squid2mysql_v.tar.gz

3) Go to the newly created directory squid2mysql_v. Go to the subdirectory
for_perl and install the modules for the Perl DBI-1.42.tar.gz and
Msql-Mysql-modules-1.2219.tar.gz or download the newer.

# Tar-zxvf DBI-1.42.tar.gz
# Cd DBI-1.42
# Perl Makefile.PL
# Make
# Make test
# Make install

analogous set module Msql-Mysql-modules-1.2219.tar.gz Read the rest of this entry »

Compiling the Kernel
After installing FreeBSD, compiling the kernel.

Via sysinstall:

# Sysinstall
Configure
Distributions
[x] src
[x] sys

# Cd / sys/i386/conf /
Hostname # cp GENERIC
Hostname # ee

Include at the end of file:

# firewall options IPFIREWALL
options IPFIREWALL_VERBOSE # enable logging to syslogd (8)
options IPFIREWALL_VERBOSE_LIMIT = 100 # limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default
options IPFIREWALL_FORWARD # packet destination changes
IPFILTER options
IPFILTER_LOG options
options IPDIVERT # divert sockets
options IPSTEALTH # support for stealth forwarding
DUMMYNET options
options HZ = 1000
ALTQ options
options ALTQ_CBQ # Class Bases Queuing
options ALTQ_RED # Random Early Drop
options ALTQ_RIO # RED In / Out
# options ALTQ_HFSC Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queuing
netgraph options
NETGRAPH_PPPOE options
NETGRAPH_SOCKET options
NETGRAPH_IFACE options
options BRIDGE

# Config SEUKERNEL
# Cd .. / compile / SEUKERNEL
# Make depend
# Make
# Make install
# Reboot

Update the ports
Update the ports before you begin installing the packages:

# Portsnap fetch extract

Installing PPPoE
Edit the file:

# Ee / etc / ppp / ppp.conf

Delete everything and paste the configs below:

Ppp.conf ######## ########
BEGIN ######### ##########
default:
set log Chat Command Phase # Enables the client logged.
# enable pap pap Enables authentication (password authentication protocol)
enable chap # Activate account CHAP (Challenge Handshake Authentication Protocol)
# enable echo Sending LCP echos (Check if the link is active)
# 5 September echoperiod Shipping time for each echo (After 5 failures the tun is disconnected)
allow mode direct # Turn on ppp bridging
enable proxy # Enables ppp proxyarping
# How to disable IPV6CP not use IPV6, we do not want their mistakes
September mru 1492 # Set the MRU below 1500
September mtu 1492 # Set the MRU below 1500
September ifaddr 192.168.1.1 192.168.1.2-192.168.1.100 # gateway and range of IPs
set speed sync #
set timeout 0 #
enable lqr #
accept dns # DNS accepted
September radius / etc / radius.conf # Active Radius and specifies where the connection file
END ########### ##########
Ppp.conf ######## ########

Edit / etc / radius.conf (create this file).

RADIUS.CONF ###### ######
BEGIN ######### #########
# # # # type # # # # server password # ######
auth localhost senharadius
acct localhost senharadius Read the rest of this entry »

If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

However, if you want to change (or update) a root password, then you need to use following command

For example, If old password is abc, and set new password to 123456, enter:

source here

Backup

Dump ALL MySQL Databases

Dump Individual or Multiple MySQL Databases

Dump only certain tables from a MySQL Database

Restore

source here