The time has come for me to consider another application for my TOTP data (think 6-digit codes produced by Google Authenticator or an RSA device. I’ve been using an app called 2STP – I have long liked it. Support for it ended about 7 years ago, yet it continued to slug along on my phone and on my watch. Recently, it stopped working on my watch. That was the tipping point. I decided […]
Self-hosting Bitwarden / VaultWarden on FreeBSD Read More »
The type of abuse recently seen on FreshPorts isn’t a big deal. I would ignore it if it was on my own server. However, I’m using a “paid” service and the credits go faster when pillocks do pillocky stuff. While I hope I’ve covered what I’ve done, I’ve been sick with a cold for a week, and helping to look after two < 4 year-olds for two weekends in a row. Perhaps I've
fail2ban – adding to my website to deter abuse Read More »
For 3 days now, I’ve been seeing these messages. If you search online, it’s usually the result of port scanning. Aug 7 14:05:15 zuul kernel: Limiting closed port RST response from 212 to 195 packets/sec Aug 7 14:05:16 zuul kernel: Limiting closed port RST response from 219 to 215 packets/sec Aug 7 14:05:17 zuul kernel: Limiting closed port RST response from 220 to 193 packets/sec Aug 7 14:05:18 zuul kernel: Limiting closed port
kernel: Limiting closed port RST response from x to y packets/sec Read More »
I was checking email this (Friday Jul 19, 2024) morning, over coffee, while many IT folks dealt with Cloudstrike fallout, when I noticed this message from the logs: Jul 19 09:12:18 zuul kernel: [zone: pf states] PF states limit reached I’ve seen that message before. It’s not of high concern. That server contains many services including PGCon, the former BSDCan website, and my blogs. I didn’t give it much concern, although I should
What’s this gap in the graphs? Read More »
Nagios was telling me: FILE_AGE WARNING: /usr/home/rsyncer/backups/aws-1/postgresql/freshports.org.dump is 117636 seconds old and 3608113799 bytes That means the FreshPorts backup is more than a day old, and it should have been refreshed by now. OK, let’s go look. I log into the host known as aws-1 and check the files. They look fresh to me: [rsyncer@aws-1 ~/backups/database-backup/postgresql]$ ls -lt total 3525154 -rw-r–r– 1 rsyncer rsyncer 3963 Jul 16 02:14 globals.sql drwxr-xr-x 2 rsyncer rsyncer
Where’s my backup? Read More »
Yesterday, I mentioned (in more than one place) that I planned to move a 2017 Digital Ocean droplet over to Azure. As I sit here, with coffee, on the balcony, overlooking lot of green trees, at 7:45 AM, I’m trying to put into words the plan I came up with about 30 minutes ago. In this post: Digital Ocean Microsoft Azure FreeBSD 14.1 Why move? There is no technical issue or dissatisfaction involved
Transferring a VM from one provider to another Read More »
I’ve updated all my hosts to FreeBSD 14.1 – but not all the jails. I’m going to do some of that today. In this post: FreeBSD 14.0 FreeBSD 14.1 mkjail-0.0.4 What’s on r730-03 to update? Full disclosure: mkjail was originally written by Mark Felder, and I joined him in maintaining it. I use it for: Creating jails Updating jails (patching, like freebsd-update fetch install) Upgrading jails (as in going from FreeBSD 14.0 to
Updating some jails from FreeBSD 14.0 to FreeBSD 14.1 via mkjail Read More »
When feasible, I prefer to run things as non-root. A recent commit to net-snmp has made this possible. By its nature, being a new change, it took me some time and help to figure out what needed to be changed. Before doing this yourself, I recommend waiting until the two code reviews mentioned below are committed. In this post: FreeBSD 14.0-RELEASE-p6 net-snmp-5.9.4_2,1 librenms-24.5.0,1 I include commands from different host; please do not be
Notes on running net-snmp as non-root Read More »
bind916 will be EOL in a few months (April 2024). In this post, I’m going to copy an existing jail (running bind916) and configure it to run the new bind. If all goes well, the new jail will replace the old jail. This has an added benefit of effectively renaming the old jail (toiler) to dns2 (my other dns server at home is called dns1). Given the jail runs both dhcpd and named,
Copying an existing jail to try bind918 Read More »
One of the configuration aspects of FreeBSD I have long liked is the concept of default values which are overridden by the user. For example, /etc/defaults/rc.conf (see The /etc directory). The default values in this file can be overridden by the user with their preferred values in /etc/rc.conf (or /etc/rc.conf.local, and other locations if you so choose (search for rc_conf_files)). With that approach in mind, I wanted to do the same thing with
Moving local settings for pg_hba.conf and postgresql.conf out of PGDATA Read More »