2FA has its critics: It’s so unreliable! Phones are so easily hijacked It’s not a lot of added security etc Some of these make assumptions not necessarily in evidence. In this post: FreeBSD 12.1 pam_google_authenticator-1.08 Most of the 2FA I use is time-based one-off passwords (TOTP), as opposed to text messages. These are often 6-digit numbers which change every 30 seconds. These are hard to guess and cannot be intercepted as they reside […]
I backup my databases daily. They get dumped to a disk file and copied somewhere else. Then they are backed up into a file system. Once a month they get copied to tape. Yesterday I upgraded a PostgreSQL database server, and it went well. Overnight, a backup failed. This is the story of how that led to me discovering my backups have been at risk for nearly 100 days. The error This morning
The backups have been wrong for about 97 days Read More »
Be warned, this failed. I’m stalled and I have not completed this. I’m going to do jails within a jail. I already do that with poudriere in a jail but here I want to test an older version of iocage before upgrading my current jail hosts to a newer version. In this post: FreeBSD 12.1 py36-iocage-1.2_3 py36-iocage-1.2_4 This post includes my errors and mistakes. Perhaps you should proceed carefully and read it all
Creating a ZFS dataset for testing iocage within a jail Read More »
You’ve seen it. A package gets installed. Some shell scripts are included. They get modified. It happens. But how do you know what has changed? I know there is a tool in pkg for this. I know there is a periodic script which uses it. Let’s go looking. In this post: FreeBSD 12.1 periodic $ cd /usr/local/etc/periodic/ $ find . | grep checksum ./security/460.pkg-checksum There it is! Looking inside, I found pkg check.
What files installed by this package have been modified post-install? Read More »
FreshPorts runs on a FreeBSD server which hosts multiple jails. Two of these jails run PostgreSQL server. When upgrading from one version of PostgreSQL to another, we run pg_dump in the new jail, and load the backup into that database server. I’m writing this blog post to keep track of this procedure so I do not have to remember it each time. take website offline sudo mv mv offline.conf.disabled offline.conf && \ sudo
Migrating FreshPorts from one db server to another Read More »
Today I found this annoying situation on FreeBSD 12.1 in a FreeBSD 12.0 jail (neither of which are directly relevant to the problem at hand). [dan@serpico:~] $ sudo pkg audit -F vulnxml file up-to-date pkg: vulnxml parsing error: no element found pkg: cannot process vulnxml After a bit if thinking, I figured the vulnxml file was corrupt. I guessed it might be in /var/db/pkg: [dan@serpico:/var/db/pkg] $ ls -l total 5226 -rw-r–r– 1 root
pkg: vulnxml parsing error: no element found Read More »
Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time. Case in point I started the copy-backups-to-tape process today. This appeared on the tape server: Jan 7 19:12:08 r720-01 kernel: (sa0:mps0:0:5:0): 64512-byte tape record bigger than supplied buffer Damn. Do I have a tape problem? Search results When searching for this, I found this FreeBSD Forums post from 2016 where
Archives are important to retain and pass on knowledge Read More »
This is a small desktop / short tower case which is connected to a couple of tape libraries. This post replaces a previous post. Partitions [dan@tape01:~] $ gpart show => 40 5860533088 ada0 GPT (2.7T) 40 1024 1 freebsd-boot (512K) 1064 984 – free – (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 5856335872 3 freebsd-zfs (2.7T) 5860532224 904 – free – (452K) => 40 5860533088 ada1 GPT (2.7T) 40 1024 1 freebsd-boot (512K)
The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (2 occurrences) Jan 1 16:07:04 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already
Listen queue overflow Read More »
See also OpenVPN: unsupported certificate purpose. NOTES NOTE: When using ssl-admin for Bacula: use option 4 (Perform a one-step request/sign) for clients (bacula-fd) use option S (Create new Signed Server certificate) for servers (bacula-sd and bacula-dir) I know these things, but I repeatedly go to option 4 and forget…. Original post follows Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it
SSL client vs server certificates and bacula-fd Read More »