• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Finally, you can manage your Google Docs, uploads, and email attachments (plus Dropbox and Slack files) in one convenient place. Claim a free account, and in less than 2 minutes, Dokkio (from the makers of PBworks) can automatically organize your content for you.



Page history last edited by PBworks 14 years, 6 months ago

Security related sysctl variables


# users can't see the processes, sockets, etc, of other users using ps, netstat, procfs, and other tools.

sysctl -w security.bsd.see_other_uids=0


# users can't see the processes, sockets, etc, of users in other groups using ps, netstat, procfs, and other tools.

sysctl -w security.bsd.see_other_gids=0


# unprivileged processes can't invoke system debugging primitives, such as ptrace, procfs, ktrace, etc.

sysctl -w security.bsd.unprivileged_proc_debug=1


# unprivileged processes can't read the system console message buffer.

sysctl -w security.bsd.unprivileged_read_msgbuf=0


# users can only hard link to objects that match their uid.

sysctl -w security.bsd.hardlink_check_uid=1


# users can only hard link to objects that match one of their gids.

sysctl -w security.bsd.hardlink_check_gid=1


# users can't request their live quota information.

sysctl -w security.bsd.unprivileged_get_quota=0


sysctl -w net.inet.ip.redirect=0

sysctl -w net.inet.icmp.drop_redirect=1

sysctl -w net.inet.icmp.log_redirect=1


# Maximum number of ICMP "Unreachable" and also TCP RST packets that will be sent back every second.

sysctl -w net.inet.icmp.icmplim=100


# Drop TCP SYN to a closed port without an RST reply

sysctl -w net.inet.tcp.blackhole=2


# Drop UDP without a port unreachable reply

sysctl -w net.inet.udp.blackhole=1


sysctl -w net.inet.ip.random_id=1


# Drop connections that take longer than 10 seconds to complete the TCP handshake.

sysctl -w net.inet.tcp.msl=10000


# Embryonic connection table size

sysctl -w kern.ipc.somaxconn=4096


Mount ISO Image on FreeBSD 5.x


# mdconfig -a -t vnode -f image.iso -u 0

# mount -t cd9660 /dev/md0 /mnt/iso


Unmount ISO Image on FreeBSD 5.x


# umount /mnt/iso

# mdconfig -d -u 0


Mount ISO Image on FreeBSD 4.x


# vnconfig -c vn0c image.iso

# mount -t cd9660 /dev/vn0c /mnt/whatever


Unmount ISO Image on FreeBSD 4.x


# umount /mnt/whatever

# vnconfig -u vn0c


Upgrade Perl Version from 5.8.6 to 5.8.8


1) Install the perl5.8 port


$ cd /usr/ports/lang/perl5.8

$ make install


2) Set the new version of perl to be the default. (This also turns off building perl as part of the base system):


$ use.perl port


3) Re-install any 3rd party modules, etc that you've installed so the new perl can access them.


$ find /usr/local/lib/perl5/{site_perl/5.8.6,5.8.6} -type f -print0 | xargs -0 -n 1 pkg_which | sort -u > /tmp/perl-ports

$ vi perl-ports (Be sure to sanity check the results)

$ portupgrade -f `cat /tmp/perl-ports`


Setting blowfish as the default password encryption method


In /etc/login.conf change








and recreate the login capability database:


$ cap_mkdb /etc/login.conf


Now have each user change their password. Start with your current login.


$ passwd

Changing local password for {current user}.

new password:

retype new password:

passwd: updating the database. . .

passwd: done


To confirm your changes, type:

$ grep ${USER} /etc/master.passwd | cut -d: -f2


The second field in your password file, which is the cipher of the passwords, should begin with $2 now which indicates the use of blowfish.


Then in /etc/auth.conf change


#crypt_default = md5 des




crypt_default = blf


All new users you now create with adduser will now have their password encrypted in Blowfish.


  • Configure syslog to listen to on a sinlge IPv4 interface

$ echo "syslogd_flags=\"-4 -b\" >> /etc/rc.conf


  • Creating a New File-Backed Disk with mdconfig


$ dd if=/dev/zero of=newimage bs=1k count=5k

5120+0 records in

5120+0 records out

$ mdconfig -a -t vnode -f newimage -u 0

$ bsdlabel -w md0 auto

$ newfs md0a

/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048

using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.

super-block backups (for fsck -b #) at:

160, 2720, 5280, 7840

$ mount /dev/md0a /mnt

$ df /mnt

Filesystem 1K-blocks Used Avail Capacity Mounted on

/dev/md0a 4710 4 4330 0% /mnt

Comments (0)

You don't have permission to comment on this page.