Open Source

What files installed by this package have been modified post-install?

Leave a Comment / FreeBSD, pkg / By /

You’ve seen it. A package gets installed. Some shell scripts are included. They get modified. It happens. But how do you know what has changed? I know there is a tool in pkg for this. I know there is a periodic script which uses it. Let’s go looking. In this post: FreeBSD 12.1 periodic $ cd /usr/local/etc/periodic/ $ find . | grep checksum ./security/460.pkg-checksum There it is! Looking inside, I found pkg check. […]

What files installed by this package have been modified post-install? Read More »

Migrating FreshPorts from one db server to another

Leave a Comment / FreeBSD, FreshPorts, iocage, Jails, Open Source / By /

FreshPorts runs on a FreeBSD server which hosts multiple jails. Two of these jails run PostgreSQL server. When upgrading from one version of PostgreSQL to another, we run pg_dump in the new jail, and load the backup into that database server. I’m writing this blog post to keep track of this procedure so I do not have to remember it each time. take website offline sudo mv mv offline.conf.disabled offline.conf && \ sudo

Migrating FreshPorts from one db server to another Read More »

pkg: vulnxml parsing error: no element found

Leave a Comment / FreeBSD, Open Source / By /

Today I found this annoying situation on FreeBSD 12.1 in a FreeBSD 12.0 jail (neither of which are directly relevant to the problem at hand). [dan@serpico:~] $ sudo pkg audit -F vulnxml file up-to-date pkg: vulnxml parsing error: no element found pkg: cannot process vulnxml After a bit if thinking, I figured the vulnxml file was corrupt. I guessed it might be in /var/db/pkg: [dan@serpico:/var/db/pkg] $ ls -l total 5226 -rw-r–r– 1 root

pkg: vulnxml parsing error: no element found Read More »

SSL client vs server certificates and bacula-fd

Leave a Comment / OpenSSL / By /

See also OpenVPN: unsupported certificate purpose. NOTES NOTE: When using ssl-admin for Bacula: use option 4 (Perform a one-step request/sign) for clients (bacula-fd) use option S (Create new Signed Server certificate) for servers (bacula-sd and bacula-dir) I know these things, but I repeatedly go to option 4 and forget…. Original post follows Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it

SSL client vs server certificates and bacula-fd Read More »

Which hosts have this vuln package installed? SamDrucker knows.

Leave a Comment / FreeBSD, Open Source, Security / By /

Today I found out about a vuln in net/py-urllib3. Nagios told me: Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Tue Nov 26 18:23:32 UTC 2019 py36-urllib3-1.22,1 I logged into that host and ran a pkg upgrade py36-urllib3. What other hosts have that installed? There. That’s the hosts I have to update. How about a list for csshX? Ideally, I’d like to take the query output, and construct

Which hosts have this vuln package installed? SamDrucker knows. Read More »

patching your Intel CPU Microcode using FreeBSD ports

Leave a Comment / FreeBSD / By /

Today this Nagios alert showed up: I admit it. I have not patched my micro code before. I’m doing it only because it turned up in Nagios. Browsing to that URL, I found “Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).”. Looking on FreshPorts, I found that port. I built it. I installed it on all hosts. I followed

patching your Intel CPU Microcode using FreeBSD ports Read More »

knew

Leave a Comment / Disks, FreeBSD, hardware, Open Source, ZFS / By /

This post has been replaced by a newer post. For future reference, this is the knew server … oh wait, I think it’s this server which is was mounted in the 4U chassis mentioned in this post. It runs a few jails, including Bacula regression testing services. It is now mounted in a SuperChassis 846E16-R1200B This is the previous post for this system configuration. Photos of the assembly. File systems Paritions zpools Those

knew Read More »

zpool degraded – one drive missing from system

Leave a Comment / Disks, FreeBSD, Open Source, ZFS / By /

I rebooted knew yesterday for upgrades. When it came back, the main storage zpool was degraded: Is the drive alive? The drive is not listed at all in /var/run/dmesg.boot. I keep a list of the expected drives in /etc/periodic.conf, for use by a Nagios check: [dan@knew:~] $ /usr/sbin/sysrc -nf /etc/periodic.conf daily_status_smart_devices /dev/da22 /dev/da21 /dev/da20 /dev/da19 /dev/da18 /dev/da17 /dev/da16 /dev/da15 /dev/da14 /dev/da13 /dev/da12 /dev/da11 /dev/da10 /dev/da9 /dev/da8 /dev/da7 /dev/da6 /dev/da5 /dev/da4 /dev/da3 /dev/da2 /dev/da1

zpool degraded – one drive missing from system Read More »

Creating a drive-bay map

Leave a Comment / Disks, FreeBSD, Open Source, ZFS / By /

When the time comes to replace a drive, it is very nice to know which drives is missing. I created this drive map to help me figure out which drive disappeared. I created this drive-bay map using a combination of: zpool status sesutil map lsblk camcontrol /var/run/dmesg.boot I have not included /var/run/dmesg.boot here. If you click on this image, you’ll see a larger version which is easier to read. I went through sesutil

Creating a drive-bay map Read More »

zfstools & sanoid – snapshots on the local host

Leave a Comment / sanoid, snapshots, zfstools / By /

I’m going to implement zfstools on all my ZFS-based hosts today. I first started using this tool in July 2019. In this post: FreeBSD 12.0 and 12.1 zfstools 0.3.6_1 sanoid-2.0.1_2 Local snapshots only I will be using zfstool only for creating local snapshots. If I wanted snapshots for sending to other hosts, I would probably use a tool such as sysutils/sanoid, which is policy-driven solution for snapshot management and replication. For now, there

zfstools & sanoid – snapshots on the local host Read More »

Scroll to Top