https://DevOpsCloud.io -- Cloud Monk Losang Jinpa

Return to Absolute FreeBSD, FreeBSD Bibliography, FreeBSD

Fair Use Source: B0776JKXNR (AbFrBSD 2018)

BRIEF CONTENTS

Foreword by Marshall Kirk McKusick

Acknowledgments

Introduction

Chapter 1: Getting More Help

Chapter 2: Before You Install

Chapter 3: Installing

Chapter 4: Start Me Up! The Boot Process

Chapter 5: Read This Before You Break Something Else! (Backup and Recovery)

Chapter 6: Kernel Games

Chapter 7: The Network

Chapter 8: Configuring Networking

Chapter 9: Securing Your System

Chapter 10: Disks, Partitioning, and GEOM

Chapter 11: The Unix File System

Chapter 12: The Z File System

Chapter 13: Foreign Filesystems

Chapter 14: Exploring /etc

Chapter 15: Making Your System Useful

Chapter 16: Customizing Software with Ports

Chapter 17: Advanced Software Management

Chapter 18: Upgrading FreeBSD

Chapter 19: Advanced Security Features

Chapter 20: Small System Services

Chapter 21: System Performance and Monitoring

Chapter 22: Jails

Chapter 23: The Fringe of FreeBSD

Chapter 24: Problem Reports and Panics

Afterword

Bibliography

Index

CONTENTS IN DETAIL

FOREWORD by Marshall Kirk McKusick

ACKNOWLEDGMENTS

INTRODUCTION

What Is FreeBSD?

BSD: FreeBSD’s Granddaddy

The BSD License

The AT&T/CSRG/BSDi Iron Cage Match

The Birth of FreeBSD

FreeBSD Development

Committers

Contributors

Users

Other BSDs

NetBSD

OpenBSD

DragonFly BSD

macOS

FreeBSD’s Children

Other Unixes

Solaris

illumos

AIX

Linux

Other Unixes

FreeBSD’s Strengths

Portability

Power

Simplified Software Management

Customizable Builds

Advanced Filesystems

Who Should Use FreeBSD?

Who Should Run Another BSD?

Who Should Run a Proprietary Operating System?

How to Read This Book

What Must You Know?

For the New System Administrator

Desktop FreeBSD

How to Think About Unix

Notes on the Third Edition

Contents of This Book

1

GETTING MORE HELP

Why Not Beg for Help?

The FreeBSD Attitude

Support Options

Man Pages

Manual Sections

Navigating Man Pages

Finding Man Pages

Section Numbers and Man

Man Page Contents

FreeBSD.org

Web Documents

The Mailing List Archives

The Forums

Other Websites

Using FreeBSD Problem-Solving Resources

Checking the Handbook and FAQ

Checking the Man Pages

Mailing Lists Archives and Forums

Using Your Answer

Asking for Help

Composing Your Message

Responding to Email

The Internet Is Forever

2

BEFORE YOU INSTALL

Default Files

Configuration with UCL

FreeBSD Hardware

Proprietary Hardware

Hardware Requirements

BIOS versus EFI

Disks and Filesystems

FreeBSD Filesystems

Filesystem Encryption

Disk Partitioning Methods

Partitioning with UFS

Multiple Operating Systems

Multiple Hard Drives

Swap Space

Getting FreeBSD

FreeBSD Versions

Choosing Installation Images

Network Installs

3

INSTALLING

Core Settings

Distribution Selection

Disk Partitioning

UFS Installs

ZFS Installs

Network and Service Configuration

Finishing the Install

4

START ME UP! THE BOOT PROCESS

Power-On

Unified Extensible Firmware Interface

Basic Input/Output System

The Loader

Boot Multi User [Enter]

Boot FreeBSD in Single-User Mode

Escape to Loader Prompt

Reboot

Single-User Mode

Disks in Single-User Mode

Programs Available in Single-User Mode

The Network in Single-User Mode

Uses for Single-User Mode

The Loader Prompt

Viewing Disks

Loader Variables

Reboot

Booting from the Loader

Loader Configuration

Boot Options

Startup Messages

Multiuser Startup

/etc/rc.conf, /etc/rc.conf.d, and /etc/defaults/rc.conf

The rc.d Startup System

The service(8) Command

System Shutdown

Serial Consoles

Serial Protocol

Physical Serial Console Setup

IPMI Serial Console Setup

Configuring FreeBSD’s Serial Console

Using Serial Consoles

Working at the Console

5

READ THIS BEFORE YOU BREAK SOMETHING ELSE! (BACKUP AND RECOVERY)

System Backups

Backup Tapes

Tape Drive Device Nodes, Rewinding, and Ejecting

The $TAPE Variable

Tape Status with mt(1)

Other Tape Drive Commands

BSD tar(1)

tar Modes

Other tar Features

Compression

Permissions Restore

And More, More, More . . .

Recording What Happened

Repairing a Broken System

6

KERNEL GAMES

What Is the Kernel?

Kernel State: sysctl

sysctl MIBs

sysctl Values and Definitions

Viewing sysctls

Changing sysctls

Setting sysctls Automatically

The Kernel Environment

Viewing the Kernel Environment

Dropping Hints to Device Drivers

Kernel Modules

Viewing Loaded Modules

Loading and Unloading Modules

Loading Modules at Boot

Build Your Own Kernel

Preparations

Buses and Attachments

Back Up Your Working Kernel

Configuration File Format

Configuration Files

Building a Kernel

Booting an Alternate Kernel

Custom Kernel Configuration

Trimming a Kernel

Troubleshooting Kernel Builds

Inclusions, Exclusions, and Expanding the Kernel

NOTES

Inclusions and Exclusions

Skipping Modules

7

THE NETWORK

Network Layers

The Physical Layer

Datalink: The Physical Protocol

The Network Layer

Heavy Lifting: The Transport Layer

Applications

The Network in Practice

Getting Bits and Hexes

Network Stacks

IPv4 Addresses and Netmasks

Computing Netmasks in Decimal

Unusable IP Addresses

Assigning IPv4 Addresses

IPv6 Addresses and Subnets

IPv6 Basics

Understanding IPv6 Addresses

IPv6 Subnets

Link-Local Addresses

Assigning IPv6 Addresses

TCP/IP Basics

ICMP

UDP

TCP

How Protocols Fit Together

Transport Protocol Ports

Understanding Ethernet

Protocol and Hardware

MAC Addresses

8

CONFIGURING NETWORKING

Network Prerequisites

Configuring Changes with ifconfig(8)

Adding an IP to an Interface

Testing Your Interface

Set Default Route

Multiple IP Addresses on One Interface

Renaming Interfaces

DHCP

Reboot!

The Domain Name Service

Host/IP Information Sources

Local Names with /etc/hosts

Configuring Nameservice

Caching Nameserver

Network Activity

Current Network Activity

What’s Listening on Which Port?

Port Listeners in Detail

Network Capacity in the Kernel

Optimizing Network Performance

Optimizing Network Hardware

Memory Usage

Maximum Incoming Connections

Polling

Other Optimizations

Network Adapter Teaming

Aggregation Protocols

Configuring lagg(4)

Virtual LANs

Configuring VLAN Devices

Configuring VLANs at Boot

9

SECURING YOUR SYSTEM

Who Is the Enemy?

Script Kiddies

Disaffected Users

Botnets

Motivated Skilled Attackers

FreeBSD Security Announcements

User Security

Creating User Accounts

Configuring Adduser: /etc/adduser.conf

Editing Users

Shells and /etc/shells

root, Groups, and Management

The root Password

Groups of Users

Using Groups to Avoid Root

Tweaking User Security

Restricting Login Ability

Restricting System Usage

File Flags

Setting and Viewing File Flags

Securelevels

Securelevel Definitions

Which Securelevel Do You Need?

What Won’t Securelevels and File Flags Accomplish?

Living with Securelevels

Network Targets

Putting It All Together

10

DISKS, PARTITIONING, AND GEOM

Disks Lie

Device Nodes

The Common Access Method

What Disks Do You Have?

Non-CAM Devices

The GEOM Storage Architecture

GEOM Autoconfiguration

GEOM vs. Volume Managers

Providers, Consumers, and Slicers

GEOM Control Programs

GEOM Device Nodes and Stacks

Hard Disks, Partitions, and Schemes

The Filesystem Table: /etc/fstab

What’s Mounted Now?

Disk Labeling

Viewing Labels

Sample Labels

GEOM Withering

The gpart(8) Command

Viewing Partitions

Other Views

Removing Partitions

Scheming Disks

Removing the Disk Partitioning Scheme

Assigning the Partitioning Scheme

The GPT Partitioning Scheme

GPT Device Nodes

GPT Partition Types

Creating GPT Partitions

Resizing GPT Partitions

Changing Labels and Types

Booting on Legacy Hardware

Unified Extensible Firmware Interface and GPT

Expanding GPT Disks

The MBR Partitioning Scheme

What Is the Master Boot Record?

BSD Labels

MBR Device Nodes

MBR and Disklabel Alignment

Creating Slices

Removing Slices

Activating Slices

BSD Labels

Creating a BSD Label

Creating BSD Label Partitions

Assigning Specific Partition Letters

11

THE UNIX FILE SYSTEM

UFS Components

The Fast File System

How UFS Uses FFS

Vnodes

Mounting and Unmounting Filesystems

Mounting Standard Filesystems

Special Mounts

Unmounting a Partition

UFS Mount Options

UFS Resiliency

Soft Updates

Soft Updates Journaling

GEOM Journaling

Creating and Tuning UFS Filesystems

UFS Labeling

Block and Fragment Size

Using GEOM Journaling

Tuning UFS

Expanding UFS Filesystems

UFS Snapshots

Taking and Destroying Snapshots

Finding Snapshots

Snapshot Disk Usage

UFS Recovery and Repair

System Shutdown: The Syncer

Dirty Filesystems

File System Checking: fsck(8)

Forcing Read-Write Mounts on Dirty Disks

Background fsck, fsck -y, Foreground fsck, Oy Vey!

UFS Space Reservations

How Full Is a Partition?

Adding New UFS storage

Partitioning the Disk

Configuring /etc/fstab

Installing Existing Files onto New Disks

Stackable Mounts

12

THE Z FILE SYSTEM

Datasets

Dataset Properties

Managing Datasets

ZFS Pools

Pool Details

Pool Properties

Viewing Pool Properties

Virtual Devices

VDEV Types and Redundancy

Managing Pools

ZFS and Disk Block Size

Creating and Viewing Pools

Multi-VDEV Pools

Destroying Pools

Errors and -f

Copy-On-Write

Snapshots

Creating Snapshots

Accessing Snapshots

Destroying Snapshots

Compression

Pool Integrity and Repair

Integrity Verification

Repairing Pools

Pool Status

Boot Environments

Viewing Boot Environments

Creating and Accessing Boot Environments

Activating Boot Environments

Removing Boot Environments

Boot Environments at Boot

Boot Environments and Applications

13

FOREIGN FILESYSTEMS

FreeBSD Mount Commands

Supported Foreign Filesystems

Permissions and Foreign Filesystems

Using Removable Media

Ejecting Removable Media

Removable Media and /etc/fstab

Formatting FAT32 Media

Creating Optical Media

Writing Images to Thumb Drives

Memory Filesystems

tmpfs

Memory Disks

Mounting Disk Images

Filesystems in Files

devfs

/dev at Boot

Global devfs Rules

Dynamic Device Management with devd(8)

Miscellaneous Filesystems

The Network File System

NFS Versions

Configuring the NFS Server

Configuring NFS Exports

Enabling the NFS Client

The Common Internet File System

Prerequisites

Kernel Support

Configuring CIFS

nsmb.conf Keywords

CIFS Name Resolution

Other smbutil(1) Functions

Mounting a Share

Other mount_smbfs Options

nsmb.conf Options

CIFS File Ownership

Serving CIFS Shares

14

EXPLORING /ETC

/etc Across Unix Species

/etc/adduser.conf

/etc/aliases

/etc/amd.map

/etc/auto_master

/etc/blacklistd.conf

/etc/bluetooth, /etc/bluetooth.device.conf, and /etc/defaults/bluetooth.device.conf

/etc/casper

/etc/crontab and /etc/cron.d

/etc/csh.*

/etc/ddb.conf

/etc/devd.conf

/etc/devfs.conf, /etc/devfs.rules, and /etc/defaults/devfs.rules

/etc/dhclient.conf

/etc/disktab

/etc/dma/

/etc/freebsd-update.conf

/etc/fstab

/etc/ftp.*

/etc/group

/etc/hostid

/etc/hosts

/etc/hosts.allow

/etc/hosts.equiv

/etc/hosts.lpd

/etc/inetd.conf

/etc/libmap.conf

/etc/localtime

/etc/locate.rc

/etc/login.*

/etc/mail

/etc/mail.rc

/etc/mail/mailer.conf

/etc/make.conf

CFLAGS

COPTFLAGS

CXXFLAGS

/etc/master.passwd

/etc/motd

/etc/mtree

/etc/netconfig

/etc/netstart

/etc/network.subr

/etc/newsyslog.conf

/etc/nscd.conf

/etc/nsmb.conf

/etc/nsswitch.conf

/etc/ntp/, /etc/ntp.conf

/etc/opie*

/etc/pam.d/*

/etc/passwd

/etc/pccard_ether

/etc/periodic.conf and /etc/defaults/periodic.conf

daily_output=”root”

daily_show_success=”YES”

daily_show_info=”YES”

daily_show_badconfig=”NO”

daily_local=”/etc/daily.local”

/etc/pf.conf, /etc/pf.os

/etc/phones

/etc/portsnap.conf

/etc/ppp/

/etc/printcap

/etc/profile

/etc/protocols

/etc/pwd.db

/etc/rc*

/et/regdomain.xml

/etc/remote

/etc/resolv.conf

/etc/rpc

/etc/security/

/etc/services

/etc/shells

/etc/skel/

/etc/snmpd.config

/etc/spwd.db

/etc/src.conf

/etc/ssh/

/etc/ssl/

/etc/sysctl.conf

/etc/syslog.conf, /etc/syslog.conf.d/

/etc/termcap, /etc/termcap.small

/etc/ttys

/etc/unbound/

/etc/wall_cmos_clock

/etc/zfs/

15

MAKING YOUR SYSTEM USEFUL

Ports and Packages

Packages

Package Files

Introducing pkg(8)

Installing pkg(8)

Common pkg Options

Configuring pkg(8)

Finding Packages

Installing Software

The Package Cache

Package Information and Automatic Installs

Uninstalling Packages

Changing the Package Database

Locking Packages

Package Files

Package Integrity

Package Maintenance

Package Networking and Environment

Package Repositories

Repository Configuration

Repository Customization

Repository Inheritance

Package Branches

Upgrading Packages

16

CUSTOMIZING SOFTWARE WITH PORTS

Making Software

Source Code and Software

The Ports Collection

Ports

The Ports Index

Searching the Index

Legal Restrictions

What’s In a Port?

Installing a Port

Port Customization Options

Building Packages

Uninstalling and Reinstalling Ports

Tracking Port Build Status

Cleaning Up Ports

Read-Only Ports Tree

Changing the Install Path

Private Package Repositories

Poudriere Resources

Installing and Configuring Poudriere

Poudriere Jail Creation

Install a Poudriere Ports Tree

Configuring Poudriere Ports

Running Poudriere

Using the Private Repository

All Poudrieres, Large and Small

Small Systems

Large Systems

Updating Poudriere

More Poudriere

17

ADVANCED SOFTWARE MANAGEMENT

Using Multiple Processors: SMP

Kernel Assumptions

SMP: The First Try

Today’s SMP

Processors and SMP

Threads, Threads, and More Threads

Startup and Shutdown Scripts

rc Script Ordering

A Typical rc Script

Special rc Script Providers

Vendor Startup/Shutdown Scripts

Debugging Custom rc Scripts

Managing Shared Libraries

Shared Library Versions and Files

Attaching Shared Libraries to Programs

LD_LIBRARY_PATH and LD_PRELOAD

What a Program Wants

Remapping Shared Libraries

Running Software from the Wrong OS

Recompilation

Emulation

ABI Reimplementation

Binary Branding

Supported ABIs

Installing and Configuring the Linuxulator

Using Linux Mode

Debugging Linux Mode

Running Software from the Wrong Architecture or Release

18

UPGRADING FREEBSD

FreeBSD Versions

Releases

FreeBSD-current

FreeBSD-stable

Snapshots

FreeBSD Support Model

Testing FreeBSD

Which Version Should You Use?

Upgrade Methods

Binary Updates

/etc/freebsd-update.conf

Running freebsd-update(8)

Reverting Updates

Scheduling Binary Updates

Optimizing and Customizing FreeBSD Update

Upgrading via Source

Which Source Code?

Updating Source Code

Building FreeBSD from Source

Build the World

Build, Install, and Test a Kernel

Prepare to Install the New World

Installing the World

Customizing Mergemaster

Upgrades and Single-User Mode

Shrinking FreeBSD

Packages and System Upgrades

Updating Installed Ports

19

ADVANCED SECURITY FEATURES

Unprivileged Users

The nobody Account

A Sample Unprivileged User

Network Traffic Control

Default Accept vs. Default Deny

TCP Wrappers

Configuring Wrappers

Wrapping Up Wrappers

Packet Filtering

Enabling PF

Default Accept and Default Deny in Packet Filtering

Basic Packet Filtering and Stateful Inspection

Configuring PF

Small-Server PF Rule Sample

Managing PF

Blacklistd(8)

PF and Blacklistd

Configuring Blacklistd

Configuring Blacklistd Clients

Managing Blacklistd

De-Blacklisting

Public-Key Encryption

OpenSSL

Certificates

TLS Trick: Connecting to TLS-Protected Ports

Global Security Settings

Install-Time Options

Secure Console

Nonexecutable Stack and Stack Guard

Other Security Settings

Preparing for Intrusions with mtree(1)

Running mtree(1)

mtree(1) Output: The Spec File

The Exclusion File

Saving the Spec File

Finding System Differences

Monitoring System Security

Package Security

If You’re Hacked

20

SMALL SYSTEM SERVICES

Secure Shell

The SSH Server: sshd(8)

SSH Keys and Fingerprints

Configuring the SSH Daemon

Managing SSH User Access

SSH Clients

Email

mailwrapper(8)

The Dragonfly Mail Agent

The Aliases File and DMA

Network Time

Setting the Time Zone

Network Time Protocol

Name Service Switching

inetd

/etc/inetd.conf

Configuring inetd Servers

Starting inetd(8)

Changing inetd’s Behavior

DHCP

How DHCP Works

Configuring dhcpd(8)

Managing dhcpd(8)

Printing and Print Servers

/etc/printcap

Enabling LPD

TFTP

Root Directory

tftpd and Files

File Ownership

tftpd(8) Configuration

Scheduling Tasks

cron(8)

periodic(8)

21

SYSTEM PERFORMANCE AND MONITORING

Computer Resources

Checking the Network

General Bottleneck Analysis with vmstat(8)

Processes

Memory

Paging

Disks

Faults

CPU

Using vmstat

Continuous vmstat

Disk I/O

CPU, Memory, and I/O with top(1)

UFS and top(1)

ZFS and top(1)

Process List

top(1) and I/O

Following Processes

Paging and Swapping

Paging

Swapping

Performance Tuning

Memory Usage

Swap Space Usage

CPU Usage

Rescheduling

Reprioritizing with Niceness

Status Mail

Logging with syslogd

Facilities

Levels

Processing Messages with syslogd(8)

syslogd Customization

Log File Management

Log File Path

Owner and Group

Permissions

Count

Size

Time

Flags

Pidfile

Signal

Sample newsyslog.conf Entry

FreeBSD and SNMP

SNMP 101

Configuring bsnmpd

22

JAILS

Jail Basics

Jail Host Server Setup

Jail Host Storage

Jail Networking

Jails at Boot

Jail Setup

Jail Userland

/etc/jail.conf

Testing and Configuring a Jail

Jail Startup and Shutdown

Jail Dependencies

Managing Jails

Viewing Jails and Jail IDs

Jailed Processes

Running Commands in Jails

Installing Jail Packages

Updating Jails

More Jail Options

Jailing Ancient FreeBSD

Last Jail Notes

23

THE FRINGE OF FREEBSD

Terminals

/etc/ttys Format

Insecure Console

Managing Cloudy FreeBSD

LibXo

Universal Configuration Language

Diskless FreeBSD

Diskless Clients

DHCP Server Setup

tftpd and the Boot Loader

Diskless Security

The NFS Server and the Diskless Client Userland

Diskless Farm Configuration

Configuration Hierarchy

Diskless Remounting /etc

Finalizing Setup

Installing Packages

SSH Keys

Storage Encryption

Generating and Using a Cryptographic Key

Filesystems on Encrypted Devices

24

PROBLEM REPORTS AND PANICS

Bug Reports

Before Filing a Bug

Bad Bug Reports

The Fix

Filing Bugs

After Submitting

System Panics

Recognizing Panics

Responding to a Panic

Preparations

The Crash Dump in Action

Testing Crash Dumps

Crash Dump Types

Textdumps

Dumps and Security

AFTERWORD

The FreeBSD Community

Why Do We Do It?

What Can You Do?

If Nothing Else

Getting Things Done

BIBLIOGRAPHY

References

Books I've Written

INDEX

Fair Use Sources:

• B0776JKXNR (AbFrBSD 2018)