Category Archives: FreeBSD

Migrating a RedHat users file to FreeBSD/OpenBSD

http://www.openbsd.org/faq/faq9.html#passwd

First, figure out if your Linux password file is shadowed or not. If it is, install John the Ripper from packages or ports (security/john) and use the unshadow utility that comes with it to merge your passwd and shadow files into one Sixth Edition-style file.

Using your Linux password file, we’ll call it linux_passwd, you need to add in ::0:0 between fields four and seven. awk(1) does this for you.

At this point, you want to edit the new_passwd file and remove the root and other system entries that are already present in your OpenBSD password file or aren’t applicable with OpenBSD (all of them). Also, make sure there are no duplicate usernames or user IDs between new_passwd and your OpenBSD box’s /etc/passwd. The easiest way to do this is to start with a fresh /etc/passwd

The last step, pwd_mkdb is necessary to rebuild the /etc/spwd.db and /etc/pwd.db files. It also creates a Sixth Edition-style password file (minus encrypted passwords) at /etc/passwd for programs which use it. OpenBSD uses a stronger encryption for passwords, blowfish, which is very unlikely to be found on any system which uses full Sixth Edition-style password files. To switch over to this stronger encryption, simply have the users run ‘passwd’ and change their password. The new password they enter will be encrypted with your default setting (usually blowfish unless you’ve edited /etc/login.conf). Or, as root, you can run passwd username.

Also you will want to copy over the groups file. note again, only copy over groups that do not exist in both.

Basic pfctl control

# basic pfctl control
# ==
# Related: http://www.OpenBSD.org
# Last update: Tue Dec 28, 2004
# ==
# Note:
# this document is only provided as a basic overview
# for some common pfctl commands and is by no means
# a replacement for the pfctl and pf manual pages.

#### General PFCTL Commands ####
# pfctl -d disable packet-filtering
# pfctl -e enable packet-filtering
# pfctl -q run quiet
# pfctl -v -v run even more verbose

#### Loading PF Rules ####
# pfctl -f /etc/pf.conf load /etc/pf.conf
# pfctl -n -f /etc/pf.conf parse /etc/pf.conf, but dont load it
# pfctl -R -f /etc/pf.conf load only the FILTER rules
# pfctl -N -f /etc/pf.conf load only the NAT rules
# pfctl -O -f /etc/pf.conf load only the OPTION rules

#### Clearing PF Rules & Counters ####
# pfctl -F all flush ALL
# pfctl -F rules flush only the RULES
# pfctl -F queue flush only queue’s
# pfctl -F nat flush only NAT
# pfctl -F info flush all stats that are not part of any rule.
# pfctl -z clear all counters
# note: flushing rules do not touch any existing stateful connections

#### Output PF Information ####
# pfctl -s rules show filter information
# pfctl -v -s rules show filter information for what FILTER rules hit..
# pfctl -vvsr show filter information as above and prepend rule numbers
# pfctl -v -s nat show NAT information, for which NAT rules hit..
# pfctl -s nat -i xl1 show NAT information for interface xl1
# pfctl -s queue show QUEUE information
# pfctl -s label show LABEL information
# pfctl -s state show contents of the STATE table
# pfctl -s info show statistics for state tables and packet normalization
# pfctl -s all show everything

#### Maintaining PF Tables ####
# pfctl -t addvhosts -T show show table addvhosts
# pfctl -vvsTables view global information about all tables
# pfctl -t addvhosts -T add 192.168.1.50 add entry to table addvhosts
# pfctl -t addvhosts -T add 192.168.1.0/16 add a network to table addvhosts
# pfctl -t addvhosts -T delete 192.168.1.0/16 delete nework from table addvhosts
# pfctl -t addvhosts -T flush remove all entries from table addvhosts
# pfctl -t addvhosts -T kill delete table addvhosts entirely
# pfctl -t addvhosts -T replace -f /etc/addvhosts reload table addvhosts on the fly
# pfctl -t addvhosts -T test 192.168.1.40 find ip address 192.168.1.40 in table addvhosts
# pfctl -T load -f /etc/pf.conf load a new table definition
# pfctl -t addvhosts -T show -v output stats for each ip address in table addvhosts
# pfctl -t addvhosts -T zero reset all counters for table addvhosts

Using rsync over ssh simple command

arguments used:

-a, –archive
This is equivalent to -rlptgoD. It is a quick way of saying you want recursion and want to preserve almost everything (with -H being a notable omission). The only exception to the above equivalence is when –files-from is specified, in which case -r is not implied.
-v, –verbose
This option increases the amount of information you are given during the transfer. By default, rsync works silently. A single -v will give you information about what files are being transferred and a brief summary at the end. Two -v flags will give you information on what files are being skipped and slightly more information at the end. More than two -v flags should only be used if you are debugging rsync.
Note that the names of the transferred files that are output are done using a default –out-format of “%n%L”, which tells you just the name of the file and, if the item is a link, where it points. At the single -v level of verbosity, this does not mention when a file gets its attributes changed. If you ask for an itemized list of changed attributes (either –itemize-changes or adding “%i” to the –out-format setting), the output (on the client) increases to mention all items that are changed in any way. See the –out-format option for more details.
-z, –compress
With this option, rsync compresses the file data as it is sent to the destination machine, which reduces the amount of data being transmitted — something that is useful over a slow connection.
Note that this option typically achieves better compression ratios than can be achieved by using a compressing remote shell or a compressing transport because it takes advantage of the implicit information in the matching data blocks that are not explicitly sent over the connection.
Note that -a does not preserve hardlinks, because finding multiply-linked files is expensive. You must separately specify -H.
-e, –rsh=COMMAND
This option allows you to choose an alternative remote shell program to use for communication between the local and remote copies of rsync. Typically, rsync is configured to use ssh by default, but you may prefer to use rsh on a local network.