screen 設定

設定完畢會像這樣

1. 需要2個tool, 用以取得 cpu / memory usage
https://github.com/MatthewCox/screen-cpu-mem

所需檔案(cmake file, cpp file, script file, screenrc)
https://docs.google.com/file/d/0By-PnpBdd03WWjNTWmNaNkdNSGM/edit?usp=sharing

根據網頁說明安裝 tool

Installation

Dependencies

Building

• >= cmake -2.6
• C++ compiler (e.g. gcc/g++)

Download

There are links to the source code at the project homepage.

Build

cd <source dir>
cmake .
make

Install

su -
make install

2. 把壓縮檔裡的screenrc放到家目錄
mv current.screenrc ~/.screenrc

之後再執行 screen就有效果了

http://scratching.psybermonkey.net/2010/01/freebsd-how-to-setup-ports-using-wget.html

The below is how to setup ports to use wget to download :
Insert the following into /etc/make.conf :

FETCH_CMD=wget FETCH_BEFORE_ARGS=-nc --progress=bar --read-timeout=60 DISABLE_SIZE=yes

官方文件中文版

http://www.freebsd.org/doc/zh_TW/books/handbook/index.html

6.3~7.0 都適用， 很值得一看

定期更新ports-tree 並 列出可更新套件

#pico /xxx/pkg_update
#可做成script file, 目錄名自訂
cd /usr/ports && make update
portsdb -Fu
pkg_version -v | grep '<' > /home/shinhsin/www/pkg/pkg`date +%Y%m%d`
rm /home/shinhsin/www/pkg/pkg`date -v-7d +%Y%m%d`

#script file 做好後便可以利用crontab去定期執行它並通過網頁檢查

檢查並更新所安裝套件

1. 先做前一篇 make.conf的設定 (改用csup)

2. 更新ports-tree
#cd /usr/ports && make update

3. 更新INDEX
#portsdb -Uu

4. 檢查可更新套件
#pkg_version -v | grep '<' //列出目前的套件及可更新的版本

5. 備份/還原現有套件
#pkg_create -b 要備的套件(ex.openwebmail 2.40)
//備份所指定之套件會產生再目前的目錄

#pkg_add -v 要還原的套件(ex.openwebmail 2.40.tgz)
//升級後無法使用把升級後的版本移除再利用此行還原原本的套件

6. 升級套件
#pkgdb -F
//修復程式間的關連性即更新 /var/db/pkg/pkgdb.db(升級前、後都要執行)

#portupgrade 要升級的套件名稱(ex.openwebmail 2.40)


如果要一次升級全部已安裝套件
#portugprade -aR //R為更新該套件及其所需套件
//r為更新套件及 所有需要該套件的套件

#portsclean -CDLP //清除不需要的distfiles、working、舊的 shared libraries

make.conf

#改用csup
#針對沒在用XWINDOWS的人

KERNCONF=mykernel
SUP_UPDATE=yes
SUP= `which csup`
SUPFLAGS= -L 2
SUPHOST= cvsup3.tw.FreeBSD.org
SUPFILE= /usr/share/examples/cvsup/stable-supfile
PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile
DOCSUPFILE= /usr/share/examples/cvsup/doc-supfile

MASTER_SITE_BACKUP?=\
http://mirror.csie.ntu.edu.tw/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
http://ftp2.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
http://ftp.tw.freebsd.org/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}

# added by use.perl 2008-03-20 01:02:16
PERL_VER=5.8.8
PERL_VERSION=5.8.8


WITHOUT_X11=yes
WITHOUT_X=yes
ENABLE_GUI=NO

Postfix + TLS + SASL2

Postfix + TLS + SASL2 + Courier-imap ( 建立加密及安全認證之郵件伺服器 )

Setp 1. 伺服器的 SMTP 安全強化
# 安裝 Postfix MTA 郵件伺服器軟體
#cd /usr/ports/mail/postfix
#make install clean

※ 出現的第一個選單只選擇 SASL 跟 TLS

[X] SASL2 Cyrus SASLv2 (Simple Authentication and Security Layer)
[X] TLS SSL and TLS
[X] DB41 Berkeley DB4.1 (required if SASL also built with DB4.1)

You need user "postfix" added to group "mail".
Would you like me to add it [y]? y

Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y

# 安裝 cyrus-sasl2-saslauthd
# cd /usr/ports/security/cyrus-sasl2-saslauthd
#make install clean

#vi /etc/rc.conf
# 關閉 sendmail , 在 FreeBSD 中 Sendmail
#預設是開機會自動啟動 127.0.0.1 本機的 MTA 功能，
#同時也加入開機自動啟動 postfix 及 saslauthd

sendmail_enable="NONE"
postfix_enable="YES"
saslauthd_enable="YES"

#vi /usr/local/etc/postfix/main.cf
# 修改 postfix 設定檔 main.cf

myhostname = ms1.ntut.idv.tw
mydomain = nttu.idv.tw
alias_maps = hash:/usr/local/etc/postfix/aliases
smtpd_banner = $myhostname ESMTP
myorigin = $myhostname
mynetworks = $myhostname, 127.0.0.1
home_mailbox = Maildir/

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable= yes
smtpd_sasl_security_options= noanonymous
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains

#vi master.conf
# 修改 master.conf 中的 smtp 及 smtps，smtps 是開 465 port
#提供 outlook express 做加密傳輸使用
#將註解拿掉即可

smtp inet n n n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

#postalias /usr/local/etc/postfix/aliases # 製做 aliases.db 檔

#vi /usr/local/lib/sasl2/smtpd.conf # 編寫 SASL smtpd 的認證方式採用 plain login

pwcheck_method: saslauthd
mechlist: plain login crammd5 digestmd5

#vi /usr/local/etc/rc.d/saslauthd.sh # 修改 saslauthd.sh

原本 >> saslauthd_flags=${saslauthd_flags:-"-a pam"}
改為 >> saslauthd_flags=${saslauthd_flags:-"-a getpwent"}

# 重新啟動 saslauthd 及 postfix
以 /usr/local/etc/rc.d下的.sh檔重啟

#ps -aux | grep saslauthd # 再次確認 saslauthd 有無啟動

584 ?? Is 0:00.01 /usr/local/sbin/saslauthd -a getpwent
585 ?? I 0:00.00 /usr/local/sbin/saslauthd -a getpwent
586 ?? I 0:00.00 /usr/local/sbin/saslauthd -a getpwent
587 ?? I 0:00.00 /usr/local/sbin/saslauthd -a getpwent
588 ?? I 0:00.00 /usr/local/sbin/saslauthd -a getpwent

#telnet localhost 25 # 測試 25 port 看是否多了兩行 250-AUTH
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.ntut.idv.tw.
Escape character is '^]'.
220 ms1.ntut.idv.tw ESMTP
ehlo locahost
250-ms1.ntut.idv.tw
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.

Setp 2. 伺服器的 SMTP 憑證製作
先注意系統是否已安裝 /usr/bin/openssl, 若有則使用內建 以免裝了兩個版本ssl
內建ssl的 CA.pl在 /usr/src/crypto/openssl/apps/CA.pl
另外裝的ssl的 CA.pl在/usr/local/openssl/misc/CA.pl

另外設定檔各別位於
/etc/ssl/openssl.cnf
/usr/local/openssl/openssl.cnf

視使用情況修改 openssl.cnf及 CA.pl內的 ./demoCA成 ./CA

#cd /usr/ports/security/openssl
# 安裝 openssl 的目的為產生 CA.pl 這支 perl 程式，好讓我們可以輕鬆產生金鑰
#make install clean

#mkdir /usr/local/etc/postfix/CA # 建立 CA 存放的資料夾
#cd /usr/local/etc/postfix/CA
#cp /usr/local/openssl/misc/CA.pl ./ # 將 CA.pl 這支 perl 程式 copy 到剛剛建立的 CA 目錄

# perl CA.pl -newca
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
.++++++
.......................++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase: ( 輸入密碼 )
Verifying - Enter PEM pass phrase: ( 輸入密碼 )
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taichung
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ERA
Organizational Unit Name (eg, section) []:ISP
Common Name (eg, YOUR name) []:ms1.ntut.idv.tw
Email Address []:xxxxx@gmail.com

#cd /usr/local/postfix/CA
#openssl req -nodes -config /usr/local/openssl/openssl.cnf -new -days 3650 -newkey rsa:1024 -keyout serverkey.pem -out serverreq.pem
Generating a 1024 bit RSA private key
......++++++
...............++++++
writing new private key to 'serverkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taichung
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ERA
Organizational Unit Name (eg, section) []:ISP
Common Name (eg, YOUR name) []:ms1.ntut.idv.tw
Email Address []:xxxxxx@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ( 輸入密碼 )
An optional company name []:ERA

#回到上一層目錄
#cd /usr/local/etc/postfix
#openssl ca -config /usr/local/openssl/openssl.cnf -policy policy_anything -out servercert.pem -infiles serverreq.pem

Using configuration from /usr/local/openssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
96:a5:d5:76:64:ad:3f:31
Validity
Not Before: Apr 13 01:52:30 2006 GMT
Not After : Apr 13 01:52:30 2007 GMT
Subject:
countryName = TW
stateOrProvinceName = Taiwan
localityName = Taichung
organizationName = ERA
organizationalUnitName = ISP
commonName = ms1.ntut.idv.tw
emailAddress = xxxxx@gmail.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
32:98:18:2A:98:B9:03:EC:A2:A9:E5:1A:C9:09:82:6B:95:5D:D2:D3
X509v3 Authority Key Identifier:
keyid:66:9D:78:67:61:75:95:B0:60:72:59:F5:77:4B:83:0D:D1:E4:B7:E8
DirName:/C=TW/ST=Taiwan/L=Taichung/O=ERA/OU=ISP/CN=ms1.ntut.idv.tw/emailAddress=xxxxx@gmail.com
serial:96:A5:D5:76:64:AD:3F:30

Certificate is to be certified until Apr 13 01:52:30 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

#cat serverkey.pem servercert.pem > post.pem

#vi /usr/local/etc/postfix/main.cf # 將 Postfix 的 smtpd 加入 TLS 設定

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/CA/post.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/CA/post.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/CA/post.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
mtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

#postfix reload # 重新啟動 postfix

#telnet loadlhost 25 # 測試是否啟動 TLS 加密，手動輸入 STARTTLS 如果成功會回應下面那行紅字

Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.ntut.idv.tw.
Escape character is '^]'.
220 ms1.ntut.idv.tw ESMTP
ehlo localhost
250-ms1.ntut.idv.tw
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250 8BITMIME
STARTTLS
220 Ready to start TLS
quit
quit
221 Bye
Connection closed by foreign host.

產生ssl

C.安裝Private key
——————————————————
先找到 openssl 程式的路徑
which openssl
/usr/bin/openssl
切換到 /usr/local/apache/conf/ssl.key 目錄下
cd /usr/local/apache/conf/ssl.key
/usr/bin/openssl genrsa -des3 1024 > Floatisha.key
chmod 400 Floatisha.key

D.產生認證請求(CSR)
——————————————
切換到 /usr/local/apache/conf/ssl.csr 目錄下
cd /usr/local/apache/conf/ssl.csr
/usr/bin/openssl req -new -key ../ssl.key/Floatisha.key -out Floatisha.csr

E.產生暫時認證書
——————————————
切換到 /usr/local/apache/conf/ssl.crt 目錄下
cd /usr/local/apache/conf/ssl.crt
/usr/bin/openssl req -x509 -days 365 -key ../ssl.key/Floatisha.key -in
../ssl.csr/Floatisha.csr -out Floatisha.crt

SMP 雙核心的kernel + Firewall+NAT

#沒有 USB, SCSI, RAID, Wireless, 網卡驅動, IPV6, NFS, PCMIA
#取名為 MyKernel

machine i386
cpu I686_CPU
ident MyKernel
options SMP
options SCHED_ULE # 5BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
#options SCSI_DELAY=1000 # Delay (in ms) before probing SCSI
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.

device apic # I/O APIC
device pci
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
device scbus # SCSI bus (required for SCSI)
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device sc
device agp # support several AGP chipsets
# Power management support (see NOTES for more options)
device apm
# Add suspend/resume support for the i8254.
device pmtimer
device cbb # cardbus (yenta) bridge
device ppc
device ppbus # Parallel port bus (required)
device sio # 8250, 16[45]50 based serial ports
device miibus # MII bus support
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device bpf # Berkeley packet filter
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
# FireWire support
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires scbus and da)
device fwe # Ethernet over FireWire (non-standard!)
#Firewall
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPDIVERT

options ACCEPT_FILTER_HTTP

Proftpd 指定 passive ports

#/usr/local/etc/proftpd.conf

# Restrict the range of ports from which the server will
#select when sent the PASV command from a client.
#Use IANA-registered ephemeral port range of
#49260-49360

PassivePorts 49260 49360


另外，要記得在防火牆開允許
#/etc/rc.firewall

#passive ftp ports
/sbin/ipfw add allow all from any to 140.120.31.205 49260-49360

/etc/rc.firewall

參考 這裡

#先清除所有規則
/sbin/ipfw -f flush

# 所有nat的網路封包皆會通過xl0 這個網路介面
/sbin/ipfw add divert natd all from any to any via fxp0

# 放local對local
/sbin/ipfw add pass all from 127.0.0.1 to 127.0.0.1

# 放行local 對 任何地方
/sbin/ipfw add pass all from 127.0.0.1 to any
/sbin/ipfw add allow all from 140.120.31.205 to any

# 讓內部ip全部可以連上本機
/sbin/ipfw add pass all from 192.168.1.1/24 to 192.168.1.1/24

#test
/sbin/ipfw add deny udp from 140.120.90.0/24 to any
/sbin/ipfw add deny udp from 140.120.108.0/24 to any

# ICMP 的封包擋掉(不給ping)
#/sbin/ipfw add 001 deny icmp from any to any
/sbin/ipfw add allow icmp from any to any

#亂踹機器
/sbin/ipfw add deny all from 140.120.90.61 to any
/sbin/ipfw add deny all from 140.120.90.152 to any

#拿鐵對vida進行Rsync備份及ssh連線
/sbin/ipfw add allow all from 140.120.31.187 to 140.120.31.205 873
/sbin/ipfw add allow all from 140.120.31.187 to 140.120.31.205 22

#連線白名單
#news server
/sbin/ipfw add allow all from 140.114.87 to any
/sbin/ipfw add allow all from 140.120.1.6 to any
/sbin/ipfw add allow all from 140.113.54.117 to any

#允許來自403的IP連線

#ShinHsin @ NCKU

#開放常用daemon連線: ftp, bbs, http, https
#ssh 交由/etc/hosts.allow以tcp wrapper控制
/sbin/ipfw add allow all from any to any 20
/sbin/ipfw add allow all from any to any 21
/sbin/ipfw add allow all from any to any 23
/sbin/ipfw add allow all from any to any 80
/sbin/ipfw add allow all from any to any 443

#允許本機對外連線各種常用daemon:
#cvsup, ftp, telnet, ssh, http, https, news,
/sbin/ipfw add allow all from any 20 to 140.120.31.205
/sbin/ipfw add allow all from any 21 to 140.120.31.205
/sbin/ipfw add allow all from any 22 to 140.120.31.205
/sbin/ipfw add allow all from any 23 to 140.120.31.205
/sbin/ipfw add allow all from any 25 to 140.120.31.205
/sbin/ipfw add allow all from any 80 to 140.120.31.205
/sbin/ipfw add allow all from any 110 to 140.120.31.205
/sbin/ipfw add allow all from any 119 to 140.120.31.205
/sbin/ipfw add allow all from any 443 to 140.120.31.205
/sbin/ipfw add allow all from any 5999 to 140.120.31.205



#允許寄信來vida的IP
/sbin/ipfw add allow all from 140.114.78.150 to 140.120.31.205 25

#阻擋其它未被允許連線，不存log
/sbin/ipfw add deny all from any to any 137
/sbin/ipfw add deny all from any to any 138
/sbin/ipfw add deny udp from any to any
/sbin/ipfw add deny all from any to any 25

/sbin/ipfw add deny log tcp from any to any in tcpflags syn,fin
# 以上為阻止 nmap 和 queso 利用 syn 與 fin 封包進行掃描，防止 ddos攻擊。

#將被阻擋的存在/var/log/security
/sbin/ipfw add deny log logamount 500 all from any to any

apache22+php5+mysql5

先安裝mysql
#cd /usr/ports/databases/mysql50-server/
#make install

//設定 my.cnf, 自mysql 5.5起

// server不接受 default-character-set

// 改為character-set-server = utf8

[client]

default-character-set = utf8

[mysqld]

character-set-server = utf8

在安裝apache2
#cd /usr/ports/www/apache22
#make WITHOUT_PROXY=yes WITH_THREADS=yes WITH_STATIC_SUPPORT=yes WITH_ALL_STATIC_MODULES=yes install

在安裝mod_php5
#cd /usr/ports/lang/php5
#make install

跟著安裝php5-extensions
#cd /usr/ports/lang/php5-extensions/
#make install clean
挑選你要支援的吧^^

跟著更改apache2
#cp /usr/local/etc/apache22/
#ee httpd.conf
AddType application/x-httpd-php .php .php3 .php4 .php5 //記的加上這一行支援php
Options Indexes FollowSymLinks //把Indexes拿掉,網頁不外露
DirectoryIndex index.html index.html.var //加上index.htm index.php
AddType application/x-httpd-php-source .phps

跟著調整一下php.ini 對新手來說比較好做
#cd /usr/local/etc
#cp php.ini-dist php.ini
#ee php.ini
找到下面這一行
register_globals = Off //off改成On

新版php的extension設定檔放在 /usr/local/etc/php/extions.conf


最後更改rc.conf在裡面增加以下這兩行
# 啟動mysql
mysql_enable="YES"
# 啟動apache2
apache22_enable="YES"
接著重新開機就ok嚕.


#若不想重開機即使rc.conf生效
/etc/netstart
重新啟動網路卡 也就是重新讀rc.conf

php extension.ini

extension=bz2.so
extension=ctype.so
extension=curl.so
extension=dom.so
extension=exif.so
extension=fileinfo.so
extension=gd.so
extension=gettext.so
extension=iconv.so
extension=mcrypt.so
extension=ming.so
extension=mysql.so
extension=openssl.so
extension=pcre.so
extension=zlib.so
extension=pdo.so
extension=posix.so
extension=session.so
extension=simplexml.so
extension=sqlite.so
extension=spl.so
extension=tokenizer.so
extension=xml.so

小變動

portsupgrade 和 portaudit 都搬到 ports-mgmt下了

#pkg_version -v grep '<' 還學到這個簡單的技令

更新完ports tree和portsupgrade要記得 portsdb -u 及 pkgdb -L

這個pkgdb -L 倒是第一次用 畢竟是它要我用的 哈

設定tcsh

#/etc/csh.cshrc

setenv EDITOR pico #需先安裝 editor/pico

alias ls 'gnuls --color=auto --show-control-chars'
#需先安裝 misc/gnuls #又或者改用 ls -G

set prompt="%B%m[%/]-%n->"

set autolist

#UTF-8
setenv LANG zh_TW.UTF-8
setenv LC_CTYPE zh_TW.UTF-8
setenv MM_CHARSET utf-8


#vi 顯示big5
alias vi 'env LC_CTYPE=en_US.ISO8859-1 vi'
# will be notified when someone logs in or out of your system.
set watch = (0 any any)

設定locale

檢查 /etc/login.conf 中的語言使用者等級是否正確。 確認 /etc/login.conf 存在
下列的設定值。
taiwan:Taiwanese Users:\
:lang=zh_TW.UTF-8:\
:lc_all=zh_TW.UTF-8:\
:lc_collate=zh_TW.UTF-8:\
:lc_ctype=zh_TW.UTF-8:\
:lc_messages=zh_TW.UTF-8:\
:lc_monetary=zh_TW.UTF-8:\
:lc_numeric=zh_TW.UTF-8:\
:lc_time=zh_TW.UTF-8:\
:tc=default:\
:charset=UTF-8:\
#:xmodifiers="@im=xcin":
#Setting the XIM Input Server


更新login.conf
# cap_mkdb /etc/login.conf


改變各使用者的語言
1.vipw:

user:password:UID:GID:language:0:0:User Name:UserHome:Shell

新kernel導致開機失敗

核心優化失敗後 重新掛上舊核心即可
在ok mode下
ok unload
ok
ok load /kernel.good 假設之前備份的檔為kernel.good
(/kerlner.GENERIC為預設核心)

ok load /modules/if_fxp.ko
ok boot

重編kernel

當想你去掉多餘載入的裝置驅動時，或是想加入firewall或SMP支援時，都需要這個步驟

##請先備份你舊有的kernel及module

1.編輯核心設定檔
vi /usr/src/sys/i386/conf/GENERIC

2.重編kernel
config GENERIC
cd ../compile/GENERIC
make cleandepend && make depend
make all install

如果過程都沒錯，能成功重開機進作系統後，便算成功了。

Rebuild everything!!

在更新完source 及 port-tree後，會各有一個UPDATING檔可看
/usr/src/UPDATING以及/usr/ports/UPDATING
裡面都寫很多注意事及更新內容

cd /usr/src
make buildworld
make kernel KERNCONF=YOUR_KERNEL_HERE
##可取為GENERIC ,, make kernel KERNCONF=GENERIC

[1] If you have third party modules, such as vmware, you should disable them at this point so they don't crash your system on reboot.

然後開進單人模式
[3] From the bootblocks, boot -s, and then do
fsck -p
mount -u /
mount -a
cd src
adjkerntz -i # if CMOS is wall time

mergemaster -p [5]

make installworld

make delete-old

mergemaster [4]

在作mergemaster時，會比對新舊設定檔，要仔細注意這個步驟，以免舊有設定被覆蓋
若是想安裝新設定檔按 i，若是想保留原有設定按 d


然後重新開機，應該就OK了，可以用 uname -r 來檢查FreeBSD版本

更新source及port-tree

國內各大CVSUP server
http://ftp.giga.net.tw/cvsup.php

1.編輯supfile
vi /usr/share/examples/cvsup/standard-supfile #更新source用
vi /usr/share/examples/cvsup/ports-supfile #更新port-tree用

*default host=cvsup8.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_6_1
*default delete use-rel-suffix
##若在stand-supfile中加入 ports-all tag =.
##則等於是一個檔可以同時更新source及port-tree

2.更新

cvsup -g -L 2 standard-supfile

可以crontab方式定期更新source及port-tree

若是已有安裝sysutil/portupgrade，在更新完port-tree後

可以用 portsdb -FU來更新portsdb

/etc/make.conf

PERL_VER=5.8.8
PERL_VERSION=5.8.8
CPUTYPE=i686
NO_GAMES=true
NO_INFO=true
WITHOUT_X11=yes
X11BASE=${LOCALBASE}
MASTER_SITE_BACKUP?=\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp3.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp7.tw.freebsd.org/FreeBSD/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}

FreeBSD 6 基本環境安裝設定流程

在基本的安裝和網路設定都OK後

1. 用cvsup更新 src及 port-tree

2. 重編系統及kernel (world,kernel)

3. 核心調校及重編

4. 設定locale及各使用者所使用的語言 (login.conf, vipw)

5. 設定 make.conf

6. 微調tcsh (gnuls,pico,..)

7. 設定 /etc/hosts.allow，擋掉亂try ssh的人

到這裡基本的系統環境都設定好了，接下來就可以安裝你所要的port了

1. portupgrade,sudo

2. Apache2+php5+mysql5+phpmyadmin

3. 設定Apache的 ssl + VirtualHost 以及Natd (Optional)

4. webmin,BBS,galler,lifetype/wp,dokuwiki等常用網路套件