Be warned, this failed. I’m stalled and I have not completed this. I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version. In this post: FreeBSD 12.1 […]
Creating a ZFS dataset for testing iocage within a jail Read More »
You’ve seen it. A package gets installed. Some shell scripts are included. They get modified. It happens. But how do you know what has changed? I know there is a tool in pkg for this. I know there is a periodic script which uses it. Let’s go looking. In this post: FreeBSD 12.1 periodic $
What files installed by this package have been modified post-install? Read More »
FreshPorts runs on a FreeBSD server which hosts multiple jails. Two of these jails run PostgreSQL server. When upgrading from one version of PostgreSQL to another, we run pg_dump in the new jail, and load the backup into that database server. I’m writing this blog post to keep track of this procedure so I do
Migrating FreshPorts from one db server to another Read More »
Today I found this annoying situation on FreeBSD 12.1 in a FreeBSD 12.0 jail (neither of which are directly relevant to the problem at hand). [dan@serpico:~] $ sudo pkg audit -F vulnxml file up-to-date pkg: vulnxml parsing error: no element found pkg: cannot process vulnxml After a bit if thinking, I figured the vulnxml file
pkg: vulnxml parsing error: no element found Read More »
Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time. Case in point I started the copy-backups-to-tape process today. This appeared on the tape server: Jan 7 19:12:08 r720-01 kernel: (sa0:mps0:0:5:0): 64512-byte tape record bigger than supplied buffer Damn. Do I have
Archives are important to retain and pass on knowledge Read More »
This is a small desktop / short tower case which is connected to a couple of tape libraries. This post replaces a previous post. Partitions [dan@tape01:~] $ gpart show => 40 5860533088 ada0 GPT (2.7T) 40 1024 1 freebsd-boot (512K) 1064 984 – free – (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 5856335872 3 freebsd-zfs
The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in
Listen queue overflow Read More »
See also OpenVPN: unsupported certificate purpose. NOTES NOTE: When using ssl-admin for Bacula: use option 4 (Perform a one-step request/sign) for clients (bacula-fd) use option S (Create new Signed Server certificate) for servers (bacula-sd and bacula-dir) I know these things, but I repeatedly go to option 4 and forget…. Original post follows Sometimes I forget
SSL client vs server certificates and bacula-fd Read More »
Today I found out about a vuln in net/py-urllib3. Nagios told me: Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Tue Nov 26 18:23:32 UTC 2019 py36-urllib3-1.22,1 I logged into that host and ran a pkg upgrade py36-urllib3. What other hosts have that installed? There. That’s the hosts I have
Which hosts have this vuln package installed? SamDrucker knows. Read More »
Today this Nagios alert showed up: I admit it. I have not patched my micro code before. I’m doing it only because it turned up in Nagios. Browsing to that URL, I found “Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).”.
patching your Intel CPU Microcode using FreeBSD ports Read More »