ZeroBSD

/usr disk space problem

I use the proposed auto-layout of my OpenBSD disk that is suggested during install. The problem is that, while /home partition is generous enough, /usr might be to small for some operations. For example, on a 20 GB hard-disk drive, the OpenBSD installer thinks that 2 GB is enough for /usr. Well, probably it is for some stuff, but when trying to compile TexLive from ports I’ve noticed that those 2 GB gets filled up near the end, making impossible to complete install the needed packages. The probem can be overcome simply and the process is described in OpenBSD FAQ, section 15.3.3. All we have to do to ease the stress on the /usr partition is to move the package handling operations to a partition with plenty of space, say /home. So edit your /etc/mk.conf like I did (if the file doesn’t exist, create it and add the following lines):

WRKOBJDIR=/home/john/ports/obj/ports
DISTDIR=/home/john/ports/distfiles
PACKAGE_REPOSITORY=/home/john/ports/packages

Don’t worry if you don’t have the /home/<user>/ports directory, the scripts will create it for you.

That’s it, now TexLive compiled and installed gently. The process took a few hours on my Intel Core2 Duo E6300.

Installing Xfce 4.8 on OpenBSD 5.0

After playing with FreeBSD for a few days, I’m back on my OpenBSD. First time I tried installing Xfce I gave up, due to some mouse problems and window manager issues. Now I’m back on track for installing this simple desktop environment, ready to fix all the problems.

The mouse problem arise probably due to the fact that my moue is a PS2 mouse, but it connect to my PC trough a PS2-to-USB adapter. I needed that so that my OS X could run on my system, since Apple’s operating system doesn’t had drivers for PS2 mouses. In OpenBSD, everytime I exited Xorg, my mouse would disconnect and stayed that way. Frustrating. So I removed the adapter and plugged my mouse in it’s intended location. Problem solved.

So let’s get on installing Xfce. I’ve used this website as a guide, but with some modifications (some packages couldn’t be found and some of them have different name now). If you already have a clean OpenBSD installed, just run this commands to have your Xfce desktop ready (there is no meta-package for Xfce, so we have to manually install everything):

FreeBSD on my desktop

Since I haven’t tried FreeBSD in a long, long time (years), I gave it a shot these days and I must say I was surprised. After almost a day of using it, it didn’t feel different than any other modern Linux distribution. It even have a graphical update manager that didn’t work! Jokes aside, FreeBSD had made some huge progress in desktop usability and if we consider the server tools and its awesome documentation, it’s an interesting operating system. 

Installing GNOME was so easy that I really have nothing to add. There’s no tips and trick, just follow the manual and you’ll have GNOME installed in like half an hour. If you want to have an enjoyable experience as a desktop, you have to read and apply these tips from the handbook and… there you have it, a fully usable FreeBSD desktop. With Flash, NVIDIA driver and Java support just a few pkg_add command away.

FreeBSD is so simple to install that offers really no challenge so if I made a blog about me using it, I’m afraid there wouldn’t be much to write about. On the server side, FreeBSD brings a few tools on the table that really worth taking a look at: ZFS, jails and virtualization. Not bad FreeBSD, not bad.

I was also tempted to install Solaris 11, but after a quick IRC chat I found out that Oracle doesn’t supply free security updates. That’s not funny. Open source implementation of Solaris and its features are spread between different projects (SmartOS, ProjectIndiana, etc) so until they stabilize and deliver an usable product, I think FreeBSD have it all: really good server tools, best desktop experience, without being owned by a ruthless corporation.

So back to our OpenBSD, after a wonderful trip trough FreeBSD realm. It’s nice to know there is an operating system like this and it continues to evolve. I will probably fail to make OpenBSD my desktop operating system, but I’m pretty sure I could get used to FreeBSD as quickly as I could with any other Linux distribution.

My .vimrc

I learned to love vim. In the first days of my *NIX adventures, I was using nano, since it reminded me of Norton Commander’s editor, but I soon realized that vim was more elegant and it seems I was more quicker using it then nano or, God forbids, Emacs (who uses an operating system to write a text file, anyway?). When in X, I prefer other, more fancy, editors, but when stuck to command line, vim is a great tool and usually the first package I install (if it’s not installed already).

While vanilla vim is quite usable after you get used to it, having some options turned on just makes it more friendly. So here’s my .vimrc file:

set ai
set background=dark
set showtabline=3
set smartindent
set smarttab
set backspace=indent,eol,start
set ruler
syntax on
command WQ wq
command Wq wq
command W w
command Q q

While I saw some very complex .vimrc settings, I like not to deviate to much from default options, but, in the same time, still using vim without frustration.

When in GNOME, I use gnome-terminal with a white background and the above setup doesn’t look very nice for most files, due to syntax color, so I modify the second line like this:

set background=light

That’s all about vim for now.

GNOME on OpenBSD

Once we’ve got X configured and running on our OpenBSD 5.0/amd64, getting GNOME 2.32 it’s not that hard. I just had to fetch and install a few packages.

# pkg_add -vi gnome-session
# pkg_add -vi metacity

Here, you will have to chose GTK2 variant of metacity, to avoid  conflicts later on. Let’s continue our GNOME installation.

# pkg_add -vi gnome-panel
# pkg_add -vi nautilus
# pkg_add -vi gnome-terminal
# pkg_add -vi gnome-control-center
# pkg_add -vi gnome-menus
# pkg_add -vi gnome-settings-daemon
# pkg_add -vi gnome-themes
# pkg_add -vi gnome-themes-extras
# pkg_add -vi gnome-utils
# pkg_add -vi gnome-applets2
# pkg_add -vi gnome-system-monitor
# pkg_add -vi gnome-nettool

A restart is recommended. After that, if .xinitrc file doesn’t exist in your home directory, create it and add the following line:

exec gnome-session

That’s it, now we have GNOME installed and it should look like this, after running:

startx

If you look careful enough, you’ll see a few apps already installed. Before getting the snapshot, I’ve installed xmms, audacity, firefox, thunderbird, pidgin, vlc, mplayer and gFTP. The good news is that Libre Office installed and it’s running fine without any Java dependencies, that’s just great. Using GNOME’s keyboard layout tool, I was able to use localized keyboard layouts with special characters, like ăâșțî.

GNOME looks nice and polished, but I don’t have hardware acceleration and you can tell that by dragging a window on the screen. Its not that fast and almost annoying to have a video card and not being able to fully use it. 

I also found out about mozilla-dicts-XX packages, with spell check dictionaries for various languages, accessible form Firefox and Thunderbird (and hopefully SeaMonkey too, but I didn’t check that). Identify your language and just type:

# pkg_add -vi mozilla-dicts-XX

replacing XX with your country code.

Now, if we want to login directly into GNOME, we should install gdm (GNOME Display Manager). There’s no trick here, just:

# pkg_add -vi gdm

After that, make sure yu add the following in /etc/rc.local:

if [ -x /usr/local/sbin/gdm ]; then
echo -n ’ gdm’; (sleep 5; /usr/local/sbin/gdm) &
fi

That’s it. Restart and you should be taken directly into gdm and from there to GNOME.

YouTube works in Firefox, using HTML5, since no Flash is available on OpenBSD, but it’s rather slow, almost unusable.

Another disappointment was to find out that OpenBSD does not mount HFS+ disks, leaving my entire 1TB storage HDD inaccessible on my shiny new operating system. ZFS would be nice, but since there is some hope with read-only NTFS, the situation is not catastrophic.

I’m not very enthusiastic about GNOME performance. I’d expected the system to be quicker and also, video performance on Firefox is really bad. I’ve also played with cwm, but about this, in a future post.

Desktop project: getting started

OpenBSD was installed on the following hardware: Asus P5B-E motherboard with Intel Core2 Duo E6300 CPU at 1.86 GHz with 4 GB RAM and on a WD 75 GB hard disk drive. NVIDIA 8600 GT video card was present on the system, but this will not affect our installation to much.

Installing was performed using the default options, giving the whole 75 GB disk to OpenBSD and installing all sets from the CD. Since I have a dedicated disk for this test, I won’t fiddle with dual boot just yet. The installation was fast, took only a few minutes, as expected.

Since I haven’t created an user during install, this was the first thing I did after booting into my clean OpenBSD system. I’ve also added him to the wheel group,

Next, pkg_add config, so that we can move on. Used vi to edit .profile, by adding the following lines:

export PKG_PATH=http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.0/ \
packages/`machine -a`/

Save, log out and log in again to avoid running the above mentioned command in the shell, then checked fore new packages by running:

pkg_add -u

MOving on installing basic tools:

pkg_add -vi vim
pkg_add -vi mc

The -v switch is for verbose and -i for interactive selection, if needed.

There are a few things we should check before starting X. You should check if machdep.allowaperture is correctly set for your platfrom. Its value should be 2 in case of i386 or amd64. My OpenBSD 5.0 had this value already correclty set up in /etc/sysctl.conf, so I woulnd’t have to modify a thing. Also, I had to set wsmoused_flags=”“ in /etc/rc.conf.local before I could use the mouse in X.

If any problems arise with X, just use another terminal to issue

pkill Xorg

that will bring down any non responsive Xorg setup, in case CTRL-ALT-Backspace fails to work.

Create .xinitrc file in your home folder, add just cvm on its first line, then you can manually start the X server and cwm window manager by typing:

startx

CTRL-ALT-Enter in cwm will spawn a new terminal window. You can read more about cwm in the manual. To be able to post this message, I had to install a web browser:

pkg_add -vi seamonkey

It’s not the latest release, but it’s all I need for now.

So we’ve installed OpenBSD on a new system and managed to get X up and running. That’s the first step towards a functional desktop for daily use. I haven’t figured out yet how to take a screenshot, so you’ll have to take my word on this. Our saga will continue next time, when we’ll probably play and configure with others window managers, since the current setup is not very pretty.

The great mistery of the empty tar.bz2 file

Nihil sine backup, and what better way to do backup than a script placed in crontab? The script is a simple one:

NOWD=$(date +”%F”)
NOWT=$(date +”%T”)
/usr/local/bin/mysqldump -u root -password \
dbname > /root/databases/db.sql
/bin/tar cvfj /home/john/backup/backup-$NOWD-$NOWT.tar.bz2 \
/var/log /var/www /etc /root/databases
/bin/rm /root/databases/db.sql

It dumps MySQL database in a folder than group a few folders in an archive with a proper name based on the date and time of its creation and finally cleans up. Nothing fancy, just your basic backup script. Running it by hand will start tar.bz2-ing the files and then carefully place the archive where it should. Nothing extraordinary here, just a script doing its job.

The problems appears when I place the script in crontab.

50 3 * * 3 /bin/sh /root/backup.sh

As expected, the script starts running when it should, but fails when it reaches the first file on the first folder that it needs to process. The resulted tar.bz2 file is in its right place, but it’s empty, with a size of 0 KB. Yes, the script is executable, like I said, running it by hand gives the expected behavior and results. I suspect some sort of permissions issue, but I couldn’t find a way to solve this yet. Until then, manual backup will do the job.

Edit: Problem fixed. See here.

Desktop project: evaluating requirements

The plan is to install OpenBSD at home, on my desktop and use it for exclusively for at least a week, to evaluate it’s usability for daily routine and how fit am I to use it like this. It will be an act of asceticism giving away the polished look of Mac OS X, but maybe I will end up enlightened after this experience :)

Before starting this thing, I need to evaluate my daily needs. Off course, first thing that came to mind is having X up and running. This would be fairly easy to achieve. The problem would be choosing the right desktop environment / window manager. Although I’m curious about simplistic tilled window managers, like cwm, it will probable get a while to adjust, so for starters I think I’ll try to install GNOME, since KDE4 is really not something I would enjoy, but who knows, maybe I’ll be on the mood for something new. And also a simple and pretty desktop (graphical login) manager, SLiM is a perfect candidate for this.

Basically, I think I would need the following to cover my daily needs:

• web browser (with spell-check, Firefox, SeaMonkey)
• office suite (OpenOffice, LibreOffice)
• basic image processing (with resize and various format support)
• instant messaging (pidgin)
• IRC client (pidgin, X-Chat, Konversation in case of KDE)
• Bittorent client (in terminal or in X)
• SFTP client (gFTP)
• video player with various codecs (VLC, mplayer)
• audio player with MP3 and all (xmms, audacious)
• possibility to mount HFS+/NTFS drive (read-only for the time being)
• Dropbox beyond web interface (I think I’ll have to work hard for this one)
• some games (OpenTTD and Minecraft will satisfy me, though I’ll need Java)
• localized keyboard layout
• optionally: email client (Thunderbird, SeaMonkey, Sylpheed)

Everything up there seems do-able in OpenBSD, so when time permits, I’ll start the project and keep you updated about my progress.

More fun with PF: blocking unwanted guests

Every once in a while, I check my /var/logs/auth to see people knocking on my port 22 door. While I do have a strong password for my user and “PermitRootLogin no” on my /etc/ssh/sshd_config, I’m still not very comfortable with people wanted to get in. Once again, PF came to rescue, delivering an elegant solution. Actually, two.

First, I tried the manual method. Looking in /var/logs/auth and putting the incriminated IPs into a text files. Them I would tell pf to look into that file and block all access for those IPs, like this:

table <blockedips> persist file “/etc/pf.blocked.ip.conf”
block in on bnx0 from <blockedips> to any

The first line defines a table with values in the specified file, then pf will block all connection from the matching IP (bnx0 being my network interface). Simple, but requires some daily maintenance. My next thought was: could I make this process automatic? It appears that I do, and this will be the second method of keeping your lawn clean.

The second solution was found on the web.

table <bruteforce> persist
block quick from <bruteforce>
pass inet proto tcp from any to any port \
ssh flags S/SA keep state (max-src-conn 5, \
max-src-conn-rate 5/30, overload <bruteforce> flush global)

We create another table and block all the IPs from it. Then we populate the table with IPs from users that try connecting to the server and fails to often. If they connect with more then 5 clients to the SSH server and try reconnect 5 times within 30 secs they get added to the table.

Don’t forget to reload pf rules by running, as root:

# pfctl -f /etc/pf.conf

If you want to check the content of any table, just run the following, as root:

# pfctl -t bruteforce -T show

To remove an IP from the table, run:

# pfctl -t bruteforce -T delete <IP>

I think the second option is the most elegant way to keep unwanted guests away. Although I’m pretty sure that the content of the bruteforce table will empty on reboot, but that’s ok since it will be repopulated next time someone fails to properly login.

Fun with PF: blocking ports

Firsts things first: we have to close our unused ports. We surely need port 22 open for ssh connection and 80 for Apache. I would also use ntpd, so 123 will remain open. After a few Internet readings, port 53 should remain open, due to its use by bind for zone transfers and such.

I’ve learned that PF is a great OpenBSD tool, but it sure does require some reading before using it and it’s on my to-do list. The following example was found on the web and I adapted it to my needs. As I see it, we define a table in the first two rows, with information about TCP and UDP ports that we want open. After that, we block all connections, but create exceptions for the above mentioned ports. It works for me.

tcp_pass = “{ 53 80 22 123 }”
udp_pass = “{ 53 }”
block all
pass out proto tcp to any port $tcp_pass keep state
pass out proto udp to any port $udp_pass keep state
pass in proto tcp to port 22 keep state
pass in proto tcp to port 80 keep state