Open Source

scripts for monitoring vulns in FreeBSD jails

Leave a Comment / FreeBSD, Jails, Nagios, Security / By /

I have scripts for monitoring vulns in FreeBSD jails. They use third-party scripts. All I wrote was the Nagios part of the solution. I was preparing slides for my Why I prefer thick jails over thin jails talk at EuroBSDCon 2019. There is still time to register and attend. I was explaining my scripts and was providing links to gist.github.com … I realized I should create a repo: https://github.com/dlangille/freebsd-nagios-jail These scripts do the […]

scripts for monitoring vulns in FreeBSD jails Read More »

poudriere hooks

Leave a Comment / poudriere / By /

zi0r suggested I use hooks to accomplish my patches-outside-distfiles question. In this post: FreeBSD 12.0 poudriere 3.3.2 I started reading the documentation and played with the supplied sample files in /usr/local/etc/poudriere.d/hooks. For background, see FreeBSD custom port patches when using poudriere. Eventually I came up with this solution: mkdir during the start phase mount during the mount phase I put stuff into a gist first, then created this post. The hook This is

poudriere hooks Read More »

iocage

Leave a Comment / iocage, py-iocage / By /

I was asked why I was exasperated with iocage: This is the list of issues where I found my name. A given issue may be listed multiple times. Oct 2017 – iocage upgrade is looping: https://github.com/iocage/iocage/issues/399 Jun 2018 – cannot run ‘iocage start’ from my home dir: https://github.com/iocage/iocage/issues/567 Aug 2018 – entries in fstab disappear: https://github.com/iocage/iocage/issues/595 Dec 2018 – Cannot install 12.0 in a jail: https://github.com/iocage/iocage/issues/715 Jan 2019 – iocages puts exec files

iocage Read More »

Installing Owntracks recorder on FreeBSD

Leave a Comment / MQTT, OwnTracks / By /

I went and did a thing. I ported OwnTrack Recorder to FreeBSD. In this post: FreeBSD 12 owntracks/recoder 0.8.4 I refer to owntracks/recorder as ot-recorder. The FreeBSD service is known as otrecorder On FreeBSD, ot-recorder runs as the ot-recorder user, created by the package. I did not want it running as root. ot-recorder installs mosquitto by default, because it needs it’s libraries. That is also the reason why it installs curl. I chose

Installing Owntracks recorder on FreeBSD Read More »

upgrading to LibreNMS 1.53.1

Leave a Comment / LibreNMS, Open Source / By /

When upgrading to LibreNMS 1.53.1, your website will not load. You’ll see a message saying check the logs. There will be nothing useful in the logs. I checked. Nothing. This is how I fixed the loading issue. In this post: FreeBSD 12.0 LibreNMS 1.51 running in a jail Upgrading to 1.53.1 First attempts Running as www OK, let’s run that as www. Eh? What? References Searching around, I found nothing useful. I found

upgrading to LibreNMS 1.53.1 Read More »

hacking on iocage

Leave a Comment / FreeBSD, iocage, Open Source / By /

Today is the day after BSDCan 2019. The power cables and extension cords from the hacking lounge have been laid to rest in an Ottawa basement until next year. Sitting in my parents garden, I noticed some Nagios cert warnings: I logged into my certificates server (the website from which all my hosts download their certs). The cert looked OK: [dan@webs01:/usr/local/www/certs.unixathome.org/www/certs/x8dtu.unixathome.org] $ ls -l total 14 -rw-r–r– 1 rsyncer rsyncer 1647 May 11

hacking on iocage Read More »

pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No address record

Leave a Comment / FreeBSD, py-iocage / By /

I’ve been making use of some FreeBSD-provided scripts within my Nagios monitoring. Recently, I started seeing a problem after some jail maintenance. This post is about that problem and the fix. Full disclosure: the issue was not what I thought it was and I did not solve it. I’m using: FreeBSD 11.2-RELEASE-p9 The scripts are: 405.pkg-base-audit 410.pkg-audit Where are they from? $ pkg which /usr/local/etc/periodic/security/405.pkg-base-audit /usr/local/etc/periodic/security/405.pkg-base-audit was installed by package base-audit-0.3 You don’t

pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No address record Read More »

Mount your ZFS datasets anywhere you want

Leave a Comment / ZFS / By /

ZFS is very flexible about mountpoints, and there are many features available to provide great flexibility. When you create your second zpool this is what it might look like: $$ zfs list -r main_tank NAME USED AVAIL REFER MOUNTPOINT main_tank 893G 3.52T 96K /main_tank main_tank/data 786G 3.52T 88K /main_tank/data main_tank/data/dvl 755G 3.52T 755G /main_tank/data/dvl main_tank/data/freshports 31.4G 3.52T 88K /main_tank/data/freshports main_tank/data/freshports/backend 3.11G 3.52T 88K /main_tank/data/freshports/backend This is a pool I created long ago, but

Mount your ZFS datasets anywhere you want Read More »

Converting thin jails to thick jails

Leave a Comment / ezjail, FreeBSD, iocage, Jails, Open Source, ZFS / By /

I have been using ezjail since at least 2008 (see earlier blog post). A few years ago, I started deploying iocage on new servers. About three months ago, I starting converting systems from ezjail to iocage. When I converted my first system, I found that the existing documentation for conversion was incomplete. Specifically, symlinks were a problem. I raised an issue and wrote a better script which I have since used on a

Converting thin jails to thick jails Read More »

using syncthing between my OSX laptop and my FreeBSD server

Leave a Comment / Open Source, syncthing / By /

We know the routine. You have a desktop, and a laptop, or perhaps two laptops. You want your files in both places. A shared, remotely mounted directory is not ideal. Instead, let’s have the systems synchronize themselves. That’s where syncthing comes in: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is

using syncthing between my OSX laptop and my FreeBSD server Read More »

Scroll to Top