Instalar FreeBSD https://www.freebsd.org/
Disco duro Intel SSD 60Gb
He añadido a continuación algunos puntos de referencia
# diskinfo -c -t -v ada0
ada0
512 # sectorsize
60022480896 # mediasize in bytes (56G)
117231408 # mediasize in sectors
0 # stripesize
0 # stripeoffset
116301 # Cylinders according to firmware.
16 # Heads according to firmware.
63 # Sectors according to firmware.
CVLI2505023Z060K # Disk ident.
Not_Zoned # Zone Mode
I/O command overhead:
time to read 10MB block 0.029355 sec = 0.001 msec/sector
time to read 20480 sectors 1.160798 sec = 0.057 msec/sector
calculated command overhead = 0.055 msec/sector
Seek times:
Full stroke: 250 iter in 0.037406 sec = 0.150 msec
Half stroke: 250 iter in 0.039282 sec = 0.157 msec
Quarter stroke: 500 iter in 0.071750 sec = 0.143 msec
Short forward: 400 iter in 0.042250 sec = 0.106 msec
Short backward: 400 iter in 0.031437 sec = 0.079 msec
Seq outer: 2048 iter in 0.119019 sec = 0.058 msec
Seq inner: 2048 iter in 0.096423 sec = 0.047 msec
Transfer rates:
outside: 102400 kbytes in 0.333264 sec = 307264 kbytes/sec
middle: 102400 kbytes in 0.232805 sec = 439853 kbytes/sec
inside: 102400 kbytes in 0.230457 sec = 444335 kbytes/sec
# pkg install blogbench
# mkdir /root/BLOG
# cd /root
# blogbench -i 10 -d BLOG
Frequency = 10 secs
Scratch dir = [BLOG]
Spawning 3 writers...
Spawning 1 rewriters...
Spawning 5 commenters...
Spawning 100 readers...
Benchmarking for 10 iterations.
The test will run during 1 minutes.
Nb blogs R articles W articles R pictures W pictures R comments W comments
35 139328 1991 79359 1656 72427 5855
35 172008 248 100568 112 109986 2096
35 149286 233 88331 109 110745 1615
35 116916 182 71146 85 86253 2935
35 113976 394 72354 196 91373 2436
36 119877 324 78673 183 108347 2535
36 135859 307 88955 148 121805 3611
36 146624 268 98854 130 132046 690
36 141039 211 98031 137 131306 2144
36 149424 182 105312 88 136755 1132
Final score for writes: 36
Final score for reads : 27401
# freebsd-update fetch install
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching public key from update4.freebsd.org... done.
Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 70 patches.....10....20....30....40....50....60....70... done.
Applying patches... done.
...
Installing updates... done.
Xorg puede ser instalado como paquete o construir e instalar desde la colección de puertos (ports). Cualquiera de estas instalaciones da como resultado la instalación completa del sistema Xorg. Los paquetes binarios son la mejor opción para la mayoría de los usuarios.
# pkg install xorg
La tarjeta de video, monitor y dispositivos de entrada son automáticamente detectados y no requiere configuración manual.
Agregar usuario al grupo video y wheel. Lea las recomendaciones de seguridad https://www.freebsd.org/doc/es/books/handbook/book.html#securing-freebsd
# pw groupmod video -m carles || pw groupmod wheel -m carles
XFce es un entorno de escritorio basado en el «toolkit» GTK utilizado por GNOME pero es mucho más ligero y está pensado para aquellos que quieran un escritorio sencillo, eficiente y fácil de utlizar y configurar. Visualmente es muy parecido a CDE, que podemos encontrar en sistemas UNIX® comerciales
# pkg install xfce
Paquetes disponibles para instalar
# pkg search xfce4
xfce4-appfinder-4.12.0 Application launcher and finder
xfce4-battery-plugin-1.0.5_4 Battery monitor panel plugin for Xfce4
xfce4-bsdcpufreq-plugin-0.2_1 Displays the current CPU clock frequency in the panel
xfce4-calculator-plugin-0.6.0 Simple calculator for the Xfce panel
xfce4-clipman-plugin-1.4.1 Clipboard manager for the Xfce panel
xfce4-conf-4.12.1 D-Bus-based configuration storage system
xfce4-cpugraph-plugin-1.0.5_4 Graphical representation of the CPU load
xfce4-dashboard-0.6.1 GNOME shell like dashboard for the Xfce desktop
xfce4-datetime-plugin-0.7.0 Datetime panel plugin for the Xfce desktop
xfce4-desktop-4.12.3_2 Xfce's desktop manager
xfce4-dev-tools-4.12.0_1 Xfce development tools
xfce4-dict-plugin-0.7.2 Xfce4 plugin to query different dictionaries
xfce4-diskperf-plugin-2.6.1 Graphical representation of the disk IO
xfce4-embed-plugin-1.6.0 Embed arbitrary windows into the Xfce panel
xfce4-equake-plugin-1.3.8.1 Earthquake monitor plugin for the Xfce panel
xfce4-fsguard-plugin-1.1.0 Panel plugin which displays free space of mountpoint
xfce4-generic-slider-0.0.20100827_7 Slider plugin to adjust and/or monitor any numeric variable
xfce4-genmon-plugin-4.0.0 Generic Monitor Xfce4 panel plugin
xfce4-goodies-4.12 Meta-port for software and artwork from the Xfce4 Goodies Project
xfce4-mailwatch-plugin-1.2.0_8 Mail notification applet for the Xfce panel
xfce4-mixer-4.11.0_3 Volume control for the Xfce desktop
xfce4-mount-plugin-1.1.2 Mount and umount utility for the Xfce4 panel
xfce4-mpc-plugin-0.5.0 Musicpd client plugin for the Xfce panel
xfce4-netload-plugin-1.3.1 Network Load plugin for Xfce4
xfce4-notes-plugin-1.8.1 Notes plugin for the Xfce panel
xfce4-notifyd-0.3.6 Visually-appealing notification daemon for Xfce
xfce4-panel-4.12.1 Xfce's panel
xfce4-power-manager-1.6.0 Power manager for the Xfce Desktop
xfce4-print-4.6.1_14 Print system support for the Xfce Desktop
xfce4-pulseaudio-plugin-0.2.4 Panel plugin for controlling PulseAudio mixer
xfce4-quicklauncher-plugin-1.9.4_17 Quicklauncher plugin for Xfce
xfce4-screenshooter-plugin-1.8.2_2 Application and panel plugin to take screenshots
xfce4-session-4.12.1_3 Xfce's session manager
xfce4-settings-4.12.1 Xfce 4 settings application
xfce4-smartbookmark-plugin-0.5.0 Query search engines from the Xfce panel
xfce4-systemload-plugin-1.2.1 System Load plugin for Xfce4 panel
xfce4-taskmanager-1.2.0_1 Task manager for the Xfce desktop
xfce4-terminal-0.8.4 Terminal emulator for the X windowing system
xfce4-time-out-plugin-1.0.2_1 Timer out plugin for Xfce
xfce4-timer-plugin-1.6.0_1 Timer plugin for Xfce
xfce4-tumbler-0.1.31_5 Thumbnail service for Xfce desktop
xfce4-vala-4.10.3_3 Vala binding for the Xfce core libraries
xfce4-verve-plugin-1.1.0_1 Command line plugin for the Xfce Desktop
xfce4-volumed-0.1.13_2 Volume management daemon for the Xfce desktop
xfce4-volumed-pulse-0.2.2 Volume management daemon for Xfce using PulseAudio
xfce4-wavelan-plugin-0.6.0 Displays various information about a WaveLAN device
xfce4-weather-plugin-0.8.9 Weather plugin for the Xfce panel
xfce4-whiskermenu-plugin-1.7.1 Alternate menu for the Xfce Desktop
xfce4-wm-4.12.3 Xfce's window manager
xfce4-wm-themes-4.10.0_1 Additional themes for xfwm4
xfce4-wmdock-plugin-0.6.0_2 WMdock plugin for Xfce
xfce4-xkb-plugin-0.7.1 Keyboard layout switching plugin for the Xfce panel
# pkg install numix-theme xfce4-mount-plugin
# pkg install xfce4-xkb-plugin gimp libreoffice firefox gedit
# pkg install xdg-user-dirs
Como usuario normal se crean los directorios de usuario:
$ xdg-user-dirs-update
# echo 'hald_enable="YES"'>>/etc/rc.conf
# echo 'dbus_enable="YES"'>>/etc/rc.conf
Como usuario no privilegiado:
$ echo "exec /usr/local/bin/startxfce4 --with-ck-launch" > ~/.xinitrc
# service hald start
# service dbus start
Español como idioma por defecto:
$ cd
$ ee .login_conf
me:
:charset=iso-8859-15:
:lang=es_ES.ISO8859-15:
:tc=default:
LANG=es_ES.ISO8859-15; export LANG
MM_CHARSET=ISO-8859-15; export MM_CHARSET
LANG=es_ES.ISO8859-15; export LANG
setenv LANG es_ES.ISO8859-15
login:
carles
password
$ startx
Cambiar el tema por defecto:
Aplicaciones>Configuración>Apariencia>Estilo>Numix
Utilizar el gestor de ventanas Numix
Aplicaciones>Gestor de ventanas>Numix
Kernel Mode settings (KMS) - handbook FreeBSD
Cuando la computadora cambia de mostrar la consola a una resolución de pantalla más alta para X, debe configurar el modo de salida de vídeo. Las versiones recientes de Xorg utilizan un sistema dentro del kernel para realizar estos cambios de modo más eficientemente. Las versiones anteriores de FreeBSD utilizan sc (4), que no tiene conocimiento del sistema KMS. El resultado final es que después de cerrar X, la consola del sistema está en blanco, aunque todavía está funcionando. La nueva vt (4) consola evita este problema.
Agregar esta linea a /boot/loader.conf
kern.vty=vt
$ echo $SHELL
/bin/sh
Algunos alias útiles:
$ cat .shrc
...
alias ls="ls -FGA"
alias ll="ls -lAG"
alias su="su -m"
Al iniciar como single-user init le pregunta por el password de root
# ee /etc/ttys
# name getty type status comments
#
# Cambiar secure por insecure
console none unknown off insecure
Añadir un grupo usando pw
# pw groupadd docent
# pw groupshow docent
docent:*:1003:
Ahora mismo docent no tiene miembros, y es por tanto bastante inútil.
Cambiemos eso invitando a axel a formar parte del grupo docent.
Añadir un usuario a un grupo usando pw
# pw groupmod docent -M axel
# pw groupshow docent
docent:*:1003:axel
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0p2 / ufs rw,noatime 1 1
/dev/ada0p3 none swap sw 0 0
fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0
tmpfs /tmp tmpfs rw,mode=01777 0 0
/dev/cd0 /cdrom cd9660 ro,noauto 0 0
sendmail_enable="NONE"
hostname="fbsd11.linux.bcn"
#keymap="spanish.iso.kbd"
keymap="es"
#ifconfig_re0="DHCP"
ifconfig_re0="192.168.3.11 netmask 255.255.255.128"
defaultrouter="192.168.3.1"
moused_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
dbus_enable="YES"
hald_enable="YES"
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/pia_openvpn/pia_vpn.conf"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfiles="/var/log/pflog"
# Webcam disable daemon
webcamd_enable="NO"
powerd_enable="YES"
Iniciar ntpd
# service ntpd start
Starting ntpd.
Puede inhabilitar el pitido (beep) en la terminal tcsh tecleando
# set nobeep
# Desactivar beep del sistema
# sysctl kern.vt.enable_bell
kern.vt.enable_bell: 1
# sysctl kern.vt.enable_bell=0
Hacer permanente el cambio agregando esta línea al archivo /etc/sysctl.conf
# desactivar beep del sistema
kern.vt.enable_bell=0
Conocer más del diseño del sistema de archivos
# man hier
Quitar permiso de ejecución a Sendmail
# chmod -x /etc/rc.d/sendmail
# ls -l /etc/rc.d/sendmail
-r--r--r-- 1 root wheel 6446 29 sept. 2016 /etc/rc.d/sendmail
powerd is not running.
# service powerd start
Starting powerd.
# service powerd status
powerd is running as pid 1011.
# cat /etc/resolv.conf
# Generated by resolvconf
search unix.bcn
nameserver 192.168.3.1
nameserver 209.222.18.218
# ls -lo /etc/resolv.conf
-rw-r--r-- 1 root wheel schg 92 21 abr. 20:55 /etc/resolv.conf
# chflags noschg /etc/resolv.conf
# ls -lo /etc/resolv.conf
-rw-r--r-- 1 root wheel - 92 21 abr. 20:55 /etc/resolv.conf
# pkg install firefox
# pkg search firefox
# pkg install firefox-i18n-53.0
Cambiar idioma Firefox
Firefox about:config
Buscar: general.useragent.locale
Nombre de la preferencia valor de la cadena
general.useragent.locale es-ES
# pkg search vlc
fpc-libvlc-3.0.2 Free Pascal interface to vlc media player library
npapi-vlc-2.0.6_4 Embeds vlc-player in web-browsers
phonon-vlc-0.9.1 VLC backend for Phonon
qt5-phonon-vlc-0.9.1 VLC backend for Phonon 4 Qt 5
vlc-2.2.4_12,4 Qt based multimedia player and streaming server
vlc-qt4-2.2.4_12,4 Qt 4 based multimedia player and streaming server
Túnel VPN. Lo configuramos en un artículo anterior
Configurar PIA VPN FreeBSD
# pkg install openvpn
# cat /usr/local/etc/pia_openvpn/pia_vpn.conf
client
dev tun
proto udp4
remote france.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify /usr/local/etc/pia_openvpn/crl.rsa.2048.pem
ca /usr/local/etc/pia_openvpn/ca.rsa.2048.crt
disable-occ
auth-user-pass /usr/local/etc/pia_openvpn/password_pia.txt
auth-nocache
# cat /etc/sysctl.conf
# sed -e '/^[ ]*#/d' -e '/^$/d' /etc/sysctl.conf
kern.ipc.shm_allow_removed=1
vfs.usermount=1
kern.ipc.shmmax=67108864
kern.ipc.shmall=32768
kern.sched.preempt_thresh=120
kern.maxfiles=200000
hw.syscons.bell=0
hw.snd.default_unit=0
kern.logsigexit=0
security.bsd.see_other_uids=0
$ sed -e '/^[ ]*#/d' -e '/^$/d' /etc/pf.conf
ext_if="re0"
icmp_types = "{echoreq, unreach}"
state_tcp="flags S/SA keep state"
state_udp="keep state"
set block-policy drop
set skip on lo0
scrub in on $ext_if all fragment reassemble
block in all
pass out quick modulate state
antispoof quick for $ext_if inet
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
pass inet proto icmp all icmp-type $icmp_types keep state
# service pflog start
Reporte sobre reglas de filtrado y state
$ pfctl -s rules
scrub in on re0 all fragment reassemble
block drop in all
pass out quick all flags S/SA modulate state
block drop in quick on ! re0 inet from 192.168.3.0/25 to any
block drop in quick inet from 192.168.3.11 to any
block drop in from urpf-failed to any
block drop in quick on re0 inet from any to 255.255.255.255
pass inet proto icmp all icmp-type echoreq keep state
pass inet proto icmp all icmp-type unreach keep state
all udp 192.168.3.11:36221 -> 108.61.122.156:1198 MULTIPLE:MULTIPLE
all tcp 10.47.10.6:37967 -> 213.138.116.73:80 CLOSING:FIN_WAIT_2
all tcp 10.47.10.6:33762 -> 213.138.116.73:80 CLOSING:FIN_WAIT_2
all tcp 10.47.10.6:47438 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:62397 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:38273 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:64746 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20193 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20195 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20196 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20197 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20198 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20199 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20200 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20201 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20204 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20205 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20206 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20207 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20208 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20209 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20210 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.3.11:20211 -> 192.168.3.1:22 ESTABLISHED:ESTABLISHED
all tcp 10.47.10.6:20192 -> 213.138.116.73:80 TIME_WAIT:TIME_WAIT
all tcp 10.47.10.6:20194 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20202 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20203 -> 213.138.116.73:80 FIN_WAIT_2:FIN_WAIT_2
[devfsrules_devcom=7]
add path 'ad[0-9]\*' mode 666
add path 'ada[0-9]\*' mode 666
add path 'da[0-9]\*' mode 666
add path 'acd[0-9]\*' mode 666
add path 'cd[0-9]\*' mode 666
add path 'mmcsd[0-9]\*' mode 666
add path 'pass[0-9]\*' mode 666
add path 'xpt[0-9]\*' mode 666
add path 'ugen[0-9]\*' mode 666
add path 'usbctl' mode 666
add path 'usb/\*' mode 666
add path 'lpt[0-9]\*' mode 666
add path 'ulpt[0-9]\*' mode 666
add path 'unlpt[0-9]\*' mode 666
add path 'fd[0-9]\*' mode 666
add path 'uscan[0-9]\*' mode 666
add path 'video[0-9]\*' mode 666
add path 'tuner[0-9]*' mode 666
add path 'dvb/\*' mode 666
add path 'cx88*' mode 0660
add path 'cx23885*' mode 0660
add path 'iicdev*' mode 0660
add path 'uvisor[0-9]*' mode 0660
# Allow members of group operator to cat things to the speaker
own speaker root:operator
perm speaker 0660
# Allow all users to access optical media
perm /dev/acd0 0666
perm /dev/acd1 0666
perm /dev/cd0 0666
perm /dev/cd1 0666
# Allow all USB Devices to be mounted
perm /dev/da0 0666
perm /dev/da1 0666
perm /dev/da2 0666
perm /dev/da3 0666
perm /dev/da4 0666
perm /dev/da5 0666
# Misc other devices
perm /dev/pass0 0666
perm /dev/xpt0 0666
perm /dev/uscanner0 0666
perm /dev/video0 0666
perm /dev/tuner0 0666
perm /dev/dvb/adapter0/demux0 0666
perm /dev/dvb/adapter0/dvr 0666
perm /dev/dvb/adapter0/frontend0 0666
# service devfs start
A /etc/periodic.conf añadir:
daily_clean_preserve_enable="NO"
daily_backup_pkgdb_enable="NO"
daily_backup_aliases_enable="NO"
daily_status_security_ipfwdenied_enable="NO"
daily_status_security_ipfdenied_enable="NO"
daily_status_security_chkmounts_enable="NO"
daily_status_security_pfdenied_enable="NO"
weekly_status_pkg_enable="NO"
monthly_accounting_enable="NO"
weekly_locate_enable="NO"
weekly_whatis_enable="NO"
weekly_noid_enable="NO"
daily_status_security_chksetuid_enable="NO"
daily_clean_rwho_enable="NO"
daily_status_security_chkportsum_enable="NO"
daily_status_security_neggrpperm_enable="NO"
monthly_statistics_enable="NO"
monthly_statistics_report_devices="NO"
# lshal
# pciconf -lv
# pciconf -l
# dmesg | grep -i usb
# lsvfs
# camcontrol devlist
Cuales controladores de sonido tiene actualmente en uso?
$ dmesg | grep ^hda
$ cat /boot/loader.conf
loader_logo="beastie"
autoboot_delay="2"
kern.ipc.shmseg=1024
kern.ipc.shmmni=1024
kern.maxproc=100000
tmpfs_load="YES"
cuse4bsd_load="NO"
net.inet.tcp.hostcache.cachelimit=0
net.link.ifqmaxlen=200
net.inet.tcp.soreceive_stream=1
hw.igb.num_queues=2
kern.hz=100
kern.vty=vt
=> 40 117231328 ada0 GPT (56G)
40 1024 1 freebsd-boot (512K)
1064 111148032 2 freebsd-ufs (53G)
111149096 5861376 3 freebsd-swap (2.8G)
117010472 220896 - free - (108M)
# vipw
toor...
...
:q!
vipw: password list updated
https://www.bsdnow.tv/tutorials/the-desktop
https://www.freebsd.org/doc/handbook/firewalls-pf.html
FreeBSD es genial!.
No hay comentarios:
Publicar un comentario