Month: February 2017

UTF-8 Character Encoding

UTF-8 Character Encoding

Last Updated on 2017-02-27 by Sture

Description

The LANG=xx_YY.ZZZZ environment variable sets the system locale to language code xx, country code YY, and character encoding ZZZZ. Language and country code affect default application language, number formatting, date and time formatting, string collation, currency settings, and more.

By enabling a locale using UTF-8 character encoding, the system can understand and display each of the 1112064 characters in the Unicode character set, instead of just US ASCII as is default with LANG=C.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Available UTF-8 Locale

Display a list of every available UTF-8 locale on your computer with:

[root@server /usr/home/user]# locale -a | grep '\.UTF-8$' [enter]
af_ZA.UTF-8
am_ET.UTF-8
.
.
.
sv_SE.UTF-8
tr_TR.UTF-8
uk_UA.UTF-8
zh_CN.UTF-8
zh_HK.UTF-8
zh_TW.UTF-8
[root@server /usr/home/user]#

Customize UTF-8 Locale

In this example, as a Swede, I will use English as the default language with Swedish monetary, numeric and time settings.

Create a copy of the en_US.UTF-8 directory with:

[root@server /usr/home/user]# cp -R /usr/share/locale/en_US.UTF-8 /usr/share/locale/en_SE.UTF-8 [enter]
[root@server /usr/home/user]#

…then modify this directory with:

[root@server /usr/home/user]# cp /usr/share/locale/sv_SE.UTF-8/LC_MONETARY /usr/share/locale/en_SE.UTF-8/ [enter]
[root@server /usr/home/user]# cp /usr/share/locale/sv_SE.UTF-8/LC_NUMERIC /usr/share/locale/en_SE.UTF-8/ [enter]
[root@server /usr/home/user]#

Change to 24h clock in uptime, w etc with:

[root@server /usr/home/user]# ee /usr/share/locale/en_SE.UTF-8/LC_TIME [enter]

Edit the LC_TIME file, line 40 – 44, and line 58 as in this example. Do NOT delete the emty lines 42, 43 and 58!

Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
%H:%M:%S
%Y-%m-%d
%a %e %b %X %Y

%a %e %b %Y %X %Z
January
February
March
April
May
June
July
August
September
October
November
December
md

Edit the login class capability database in /etc/login.conf with:

[root@server /usr/home/user]# ee /etc/login.conf [enter]

It is recommended that LC_COLLATE be set to C because some programs still require ASCII ordering in order to function correctly.

…and add a default character set and locale as in this example:

default:\
:passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,LC_COLLATE=C:\
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
:nologin=/var/run/nologin:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=64K:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:swapuse=unlimited:\
:pseudoterminals=unlimited:\
:kqueues=unlimited:\
:umtxp=unlimited:\
:priority=0:\
:ignoretime@:\
:charset=UTF-8:\
:lang=en_SE.UTF-8:\
:umask=022:
.
.

Login shells will inherit the environment variables defined here in the default class or in a narrower class if it matches one.

After making this changesrRebuild the login database with:

[root@server /usr/home/user]# cap_mkdb /etc/login.conf [enter]
[user@server /usr/home/user]#

You may have to specify the new locale elsewhere (like /etc/profile) for non login shell uses such as GDM and other login managers.

[root@server /usr/home/user]# echo 'export LANG=en_SE.UTF-8' >> /etc/profile; echo 'export CHARSET=UTF-8' >> /etc/profile [enter]
[root@server /usr/home/user]#

…and add a default character set and locale as in this example:

You can read more in the Using Localization chapter of the Handbook.

On next login check your work by running:

[root@server /usr/home/user]# locale [enter]
LANG=en_SE.UTF-8
LC_CTYPE="en_SE.UTF-8"
LC_COLLATE="en_SE.UTF-8"
LC_TIME="en_SE.UTF-8"
LC_NUMERIC="en_SE.UTF-8"
LC_MONETARY="en_SE.UTF-8"
LC_MESSAGES="en_SE.UTF-8"
LC_ALL=
[root@server /usr/home/user]#
sSMTP – Simple MTA to get Mail off the System

sSMTP – Simple MTA to get Mail off the System

Last Updated on 2017-07-02 by Sture

Description

A secure, effective and simple way of getting mail off a system to your mail hub. It does not include a mail spool to poke around in, and no daemons running in the background. Mail is simply forwarded to the configured mailhost. Extremely easy configuration.

WARNING: the above is all it does; it does not receive mail, expand aliases or manage a queue. That belongs on a mail hub with a system administrator.

WWW: http://packages.debian.org/stable/mail/ssmtp.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install sSMTP with;

[root@server /usr/home/user]# pkg install ssmtp [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        ssmtp: 2.64_2

Number of packages to be installed: 1

19 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/1] Fetching ssmtp-2.64_2.txz: 100%   19 KiB  19.8kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing ssmtp-2.64_2...
===> Creating groups.
Creating group 'ssmtp' with gid '916'.
Extracting ssmtp-2.64_2: 100%
Message from ssmtp-2.64_2:
sSMTP has been installed successfully.

To replace sendmail with ssmtp type "make replace" or change
your /etc/mail/mailer.conf to:

sendmail        /usr/local/sbin/ssmtp
send-mail       /usr/local/sbin/ssmtp
mailq           /usr/local/sbin/ssmtp
newaliases      /usr/local/sbin/ssmtp
hoststat        /usr/bin/true
purgestat       /usr/bin/true


However, before you can use the program, you should copy the files
"revaliases.sample" and "ssmtp.conf.sample" in /usr/local/etc/ssmtp
to "revaliases" and "ssmtp.conf" respectively and edit them to suit
your needs.
[root@server /usr/home/user]#

Configuration

Stop the Sendmail daemon if it is running:

[root@server /usr/home/user]# service sendmail stop [enter]
Stopping sendmail.
Waiting for PIDS: 739.
Stopping sendmail_msp_queue.
Waiting for PIDS: 742.
[root@server /usr/home/user]#

To disable sendmail on system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# Disable Sendmail' >> /etc/rc.conf; echo 'sendmail_enable="NONE"' >> /etc/rc.conf
[root@server /usr/home/user]#

Edit file /etc/mail/mailer.conf with

[root@server /usr/home/user]# ee /etc/mail/mailer.conf [enter]

It should look like this:

#
# Use "ssmtp" for sending mail
#
sendmail        /usr/local/sbin/ssmtp
send-mail       /usr/local/sbin/ssmtp
mailq           /usr/libexec/sendmail/sendmail
newaliases      /usr/libexec/sendmail/sendmail
hoststat        /usr/libexec/sendmail/sendmail
purgestat       /usr/libexec/sendmail/sendmail

The command sendmail will invoke the ssmtp executable. But you have not told sSMTP which SMTP server to use with which credentials. These settings are looked for in the sSMTP configuration files /usr/local/etc/ssmtp/revaliases and /usr/local/etc/ssmtp/ssmtp.conf.

Copy the sample file /usr/local/etc/revaliases.sample to /usr/local/etc/revaliases with:

[root@server /usr/home/user]# cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases [enter]

…and edit appropriately with this command:

[root@server /usr/home/user]# ee /usr/local/etc/ssmtp/revaliases [enter]

Example:

# sSMTP aliases
#
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:your.mail@example.net:mail.example.net
postmaster:your.mail@example.net:mail.example.net

Create an ssmtp user with:

[root@server /usr/home/user]# pw useradd ssmtp -g ssmtp -h - -s /usr/sbin/nologin -d /nonexistent -c "sSMTP pseudo-user" [enter]
[root@server /usr/home/user]#

This will add the ssmtp user in the ssmtp group, disallowing password-based logins (-h).

Set the correct owner and permissions on the sSMTP configuration directory. We set the setuid bit (see chmod(1) to make sure new files in the directory will be owned by the user ssmtp as well:

[root@server /usr/home/user]# chown -R ssmtp:wheel /usr/local/etc/ssmtp/; chmod 4750 /usr/local/etc/ssmtp [enter]
[root@server /usr/home/user]#

Now the configuration file is set up and protected from unauthorized eyes, the ssmtp executable should be given access to the file. To accomplish this, we will let it run as the ssmtp user.

Make the ssmtp executable owned by the ssmtp user:

[root@server /usr/home/user]# chown ssmtp:nogroup /usr/local/sbin/ssmtp; chmod 4555 /usr/local/sbin/ssmtp [enter]
[root@server /usr/home/user]#

Copy the sample file /usr/local/etc/smartd.conf.sample to /usr/local/etc/smartd.conf with:

[root@server /usr/home/user]# cp /usr/local/etc/ssmtp/ssmtp.conf.sample /usr/local/etc/ssmtp/ssmtp.conf [enter]

…and edit appropriately with this command:

[root@server /usr/home/user]# ee /usr/local/etc/ssmtp/ssmtp.conf [enter]

Example:

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#

# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=your.mail@example.net

# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=mail.example.net:465

# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465

# Where will the mail seem to come from?
rewriteDomain=example.net

# The full hostname
hostname=server.example.net

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES

# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES

# Username/Password
AuthUser=username
AuthPass=password

Edit file /etc/crontab with:

[root@server /usr/home/user]# ee /etc/crontab [enter]

Add the following two lines (example):

# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: src/etc/crontab,v 1.33.2.1.4.1 2010/06/14 02:09:06 kensmith Exp $
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
MAILTO="your.mail@example.net"
#
.

Run some tests as an unprivileged user – user should not a member of groupe ssmtp – with:

[user@server ~]$ cat /usr/local/etc/ssmtp/ssmtp.conf [enter]
cat: /usr/local/etc/ssmtp/ssmtp.conf: Permission denied
[user@server ~]$

Test your mail settings with this two examples:

Create a textfile with the message that you are going to send with:

[user@server ~]$ ee ~/ssmtp-test.txt [enter]

Example Test Message:

To: youre.mail@example.net
From: youre.mail@example.net
Subject: Test message via sSMTP

This is a test message sent via sSMTP

Run this two command to send the testmessage:

[user@server ~]$ ssmtp -v youre.mail@example.net < ~/ssmtp-test.txt [enter]
[<-] 220 smtpout.example.net cmsmtp ESMTP server ready
[->] EHLO server.example.net
[<-] 250 OK
[->] AUTH LOGIN
[<-] 334 VXNlcm5hbWU6
[->] dTMxNTE0NDE1
[<-] 334 UGFzc3dvcmQ6
[<-] 235 2.7.0 ... authentication succeeded
[->] MAIL FROM:<youre.mail@example.net>
[<-] 250 2.1.0 <youre.mail@example.net> sender ok
[->] RCPT TO:<youre.mail@example.net>
[<-] 250 2.1.5 <youre.mail@example.net> recipient ok
[->] DATA
[<-] 354 OK
[->] Received: by server.example.net (sSMTP sendmail emulation); Wed, 06 Jan 2016 13:09:02 +0100
[->] Date: Wed, 06 Jan 2016 13:09:02 +0100
[->] To: youre.mail@example.net
[->] From: youre.mail@example.net
[->] Subject: Test message
[->] 
[->] This is a test meesage sent via sSMTP
[->] .
[<-] 250 2.0.0 Gmt................U9X mail accepted for delivery
[->] QUIT
[<-] 221 2.0.0 smtpout.example.net cmsmtp closing connection
[user@server ~]$

N.B.: Mail transfer output to the terminal has been edited for security reasons!

[user@server ~]$ sendmail your.mail@example.net < ~/ssmtp-test.txt [enter]
[user@server ~]$
[root@user ~]# mail -s "Testing sSMTP" your.address@example.net [enter]
This is a test with sSMTP [enter]

Type <Ctr><D> on a blank line to send message.

[root@user ~]$

Change user to root and heck error log with:

[root@server /usr/home/user]# tail /var/log/maillog [enter]
Jan  6 13:00:00 server newsyslog[1427]: logfile first created
Jan  6 13:09:02 server sSMTP[8552]: Creating SSL connection to host
Jan  6 13:09:03 server sSMTP[8552]: SSL connection using DHE-RSA-AES256-GCM-SHA384
Jan  6 13:09:04 server sSMTP[8552]: Sent mail for your.mail@example.net (221 2.0.0 smtpout.example.net cmsmtp closing connection) uid=1000 username=user outbytes=404
Jan  6 13:24:48 server sSMTP[8735]: Creating SSL connection to host
Jan  6 13:24:48 server sSMTP[8735]: SSL connection using DHE-RSA-AES256-GCM-SHA384
Jan  6 13:24:49 server sSMTP[8735]: Sent mail for your.mail@example.net (221 2.0.0 smtpout.example.net cmsmtp closing connection) uid=1000 username=user outbytes=404
Jan  6 13:25:12 server sSMTP[8740]: Creating SSL connection to host
Jan  6 13:25:12 server sSMTP[8740]: SSL connection using DHE-RSA-AES256-GCM-SHA384
Jan  6 13:25:14 server sSMTP[8740]: Sent mail for your.mail@example.net (221 2.0.0 smtpout.example.net cmsmtp closing connection) uid=1000 username=user outbytes=404
[root@server /usr/home/user]#

Additional Reading

SecureSSMTP

FreeBSD: Use Gmail For Outgoing Mail

FreeBSD: Send mails over an external SMTP server

unzip

unzip

Last Updated on 2017-02-27 by Sture

Description

Unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. The default behavior (with no options) is to extract into the current directory (and subdirectories below it) all files from the specified ZIP archive. Unzip is compatible with archives created by PKWARE’s PKZIP, but in many cases the program options or default behaviors differ.

Zipinfo lists technical information about files in a ZIP archive, most commonly found on MS-DOS systems. Such information includes file access permissions, encryption status, type of compression, version and operating system or file system of compressing program, and the like.

Funzip acts as a filter; that is, it assumes that a ZIP archive is being piped into standard input, and it extracts the first member from the archive to stdout. If there is an argument, then the input comes from the specified file instead of from stdin.

Unzipsfx may be used to create self-extracting ZIP archives from previously created ZIP archives.

WWW: http://www.info-zip.org/UnZip.html

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install unzip with:

[root@server /usr/home/user]# pkg install unzip [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	unzip: 6.0_7

Number of packages to be installed: 1

132 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching unzip-6.0_7.txz: 100%  132 KiB 135.6kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing unzip-6.0_7...
[1/1] Extracting unzip-6.0_7: 100%
[root@server /usr/home/user]#

How to use

To use unzip to extract all members of the archive letters.zip into the current directory and subdirectories below it, creating any subdirectories as necessary:

[root@server /usr/home/user]# unzip letters [enter]

To get a basic, short-format listing of the complete contents of a ZIP archive storage.zip, with both header and totals lines, use only the archive name as an argument to zipinfo:

[root@server /usr/home/user]# zipinfo storage [enter]

To use funzip to extract the first member file of the archive test.zip and to pipe it into more(1):

[root@server /usr/home/user]# funzip test.zip | more [enter]

To create a self-extracting archive letters from a regular zipfile letters.zip and change the new archive’s permissions to be world-executable under Unix:

[root@server /usr/home/user]# cat unzipsfx letters.zip > letters [enter]
[root@server /usr/home/user]# chmod 755 letters [enter]
[root@server /usr/home/user]# zip -A letters [enter]
[root@server /usr/home/user]#
rsync

rsync

Last Updated on 2017-07-02 by Sture

Description

rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License and is currently being maintained by Wayne Davison.

WWW: http://rsync.samba.org/

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install the rsync port with:

[root@server /usr/home/user]# pkg install net/rsync [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        rsync: 3.1.2_7

Number of packages to be installed: 1

298 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/1] Fetching rsync-3.1.2_7.txz: 100%  298 KiB 305.3kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing rsync-3.1.2_7...
Extracting rsync-3.1.2_7: 100%
[root@server /usr/home/user]#

Configuration

List installed services with:

[root@server /usr/home/user]# service -r | grep rsync [enter]
/usr/local/etc/rc.d/rsyncd
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf:

[root@server /usr/home/user]# /usr/local/etc/rc.d/rsyncd rcvar [enter]
# rsyncd
#
rsyncd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start rsync automatically on system boot with –ipv4 as the prefered option add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# rsync using IPv4' >> /etc/rc.conf; echo 'rsyncd_enable="YES"' >> /etc/rc.conf; echo 'rsyncd_flags="--ipv4"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

If you run rsyncd manually and your server only uses IPv4, then make sure you add the “–ipv4” argument to the manual start command_args with:

[root@server /usr/home/user]# perl -pi -e 's/--daemon/--ipv4 --daemon/g' /usr/local/etc/rc.d/rsyncd [enter]
[root@server /usr/home/user]#

Create a logfile with:

[root@server /usr/home/user]# touch /var/log/rsyncd.log [enter]
[root@server /usr/home/user]#

Automatically rotate /var/log/rsyncd.log log file with:

[root@server /usr/home/user]# echo '/var/log/rsyncd.log                     600  9   100000 *     Z' >> /etc/newsyslog.conf [enter]
[root@server /usr/home/user]#

Create the rsync Secret File with:

[root@server /usr/home/user]# ee /usr/local/etc/rsync/rsyncd.secrets [enter]

Add the following text, example:

tridge:passwd1
susan:passwd2

Make file /usr/local/etc/rsync/rsyncd.secrets non-world readable with:

[root@server /usr/home/user]# chmod 440 /usr/local/etc/rsync/rsyncd.secrets [enter]
[root@server /usr/home/user]#

…and then set owner and group with:

[root@server /usr/home/user]# chown root:wheel /usr/local/etc/rsync/rsyncd.secrets [enter]
[root@server /usr/home/user]#

Create group rsync and user rsync with:

[root@server /usr/home/user]# pw group add -n rsync -g 4002; pw user add -n rsync -u 4002 -c "rsync daemon" -d /nonexistent -s /usr/sbin/nologin [enter]
[root@server /usr/home/user]#

The rsync group is added to /etc/group and should look similar to the following:

[root@server /usr/home/user]# grep rsync /etc/group [enter]
rsync:*:4002:
[root@server /usr/home/user]#

The rsync user is added to /etc/passwd and should look similar to the following:

[root@server /usr/home/user]# grep rsync /etc/passwd [enter]
rsync:*:4002:4002:rsync daemon:/nonexistent:/usr/sbin/nologin
[root@server /usr/home/user]#

Edit file /usr/local/etc/rsync/rsyncd.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/rsync/rsyncd.conf [enter]

Example:

# rsyncd.conf - Example file, see rsyncd.conf(5)
#

# Set this if you want to stop rsync daemon with rc.d scripts
pid file = /var/run/rsyncd.pid

# Edit this file before running rsync daemon!!

#uid = rsync
#gid = rsync
#use chroot = no
#max connections = 4
#syslog facility = local5

#[ftp]
#       path = /var/ftp/pub
#       comment = whole ftp area (approx 6.1 GB)

#[sambaftp]
#       path = /var/ftp/pub/samba
#       comment = Samba ftp area (approx 300 MB)

#[rsyncftp]
#       path = /var/ftp/pub/rsync
#       comment = rsync ftp area (approx 6 MB)

#[sambawww]
#       path = /public_html/samba
#       comment = Samba WWW pages (approx 240 MB)

#[cvs]
#       path = /data/cvs
#       comment = CVS repository (requires authentication)
#       auth users = tridge, susan
#       secrets file = /usr/local/etc/rsync/rsyncd.secrets

Manually Start

Manualy start the rsyncd with:

[root@server /usr/home/user]# service rsyncd start [enter]
Starting rsyncd.
[root@server /usr/home/user]#

View rsyncd status with:

[root@server /usr/home/user]# service rsyncd status [enter]
rsyncd is running as pid 902.
[root@server /usr/home/user]#
[root@server /usr/home/user]# ps aux | grep rsync  [enter]
root    3527   0.0  0.0 12808  2448  -  Ss   10:36PM   0:00.00 /usr/local/bin/rsync --ipv4 --ipv4 --daemon --config /usr/local/etc/
root    3535   0.0  0.0 18824  2332  0  S+   10:37PM   0:00.00 grep rsync
[root@server /usr/home/user]#
[root@server /usr/home/user]# sockstat | grep rsync [enter]
root     rsync      3527  3  dgram  -> /var/run/logpriv
root     rsync      3527  4  tcp4   *:873                 *:*
[root@server /usr/home/user]#

Verify that you can connect to the daemon with:

[root@server /usr/home/user]# telnet localhost 873 [enter]
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
@RSYNCD: 30.0
[root@server /usr/home/user]#

rsync Client Setup

N.B.: You may have to install rsync on the client as well!

Create a password file for user user with:

[root@server /usr/home/user]# echo "passwd" > /usr/local/etc/rsyncd.passwd_user [enter]
[root@server /usr/home/user]#

Note: Echo password ONLY! Do NOT echo username!

Make file /usr/local/etc/rsyncd.passwd_user non-world readable with:

[root@server /usr/home/user]# chmod 440 /usr/local/etc/rsyncd.passwd_user [enter]
[root@server /usr/home/user]#

Set owner and group with:

[root@server /usr/home/user]# chown root:wheel /usr/local/etc/rsyncd.passwd_user [enter]
[root@server /usr/home/user]#

Howto use

You use rsync in the same way you use rcp. You must specify a source and a destination, one of which may be remote.

This is a syntax example for a manual file transfer from a remote host:

[root@server /usr/home/user]# rsync -avz --delete --stats --safe-links --password-file=/usr/local/etc/rsyncd.passwd_user user@192.168.1.100::ftp /var/ftp/pub/ [enter]

This is a syntax example for a manual file transfer to a remote host:

[root@server /usr/home/user]# rsync -avz --delete --stats --safe-links --password-file=/usr/local/etc/rsyncd.passwd_user /var/ftp/pub/ user@192.168.1.100::ftp [enter]

rsync can execute commands on the remote computer to generate a list of files to copy. The shell command is expanded by the remote shell before rsync is called.

The following command will run a find command on the remote host in directory ‘/tmp/test’ and rsync all “txt” files it finds to directory ‘/temp/test/’ on the local host:

[root@server /usr/home/user]# rsync -avR ssh user@remotehost:'`find /tmp/test -name "*.[txt]"`' /tmp/test/ [enter]

rsync to Remote Server without Password

No-password authentication works because of public key crypto. Let’s say you have a local machine server and a remote machine remote. You want to be able to ssh from server to remote without having to enter your password.

The server remote in this document is the server that has files that is to be transferred to the local server server.

The server server in this document is the local server that will receive files from the remote server remote.

First step is to prepare the remote server remote by generate a public/private RSA key pair.

Next, we generate a public/private RSA key pair on on the local server, server and then we send the public key to the remote server, remote, so that remote knows that the server key belongs to a list of authorized keys. Then when we try to ssh from server to remote, RSA authentication is performed automatically.

On the Remote Server remote:

Generate keys on the remote server, remote as the user that will be connect to from the local server server:

[user@remote ~]$ ssh-keygen -t dsa -f ~/.ssh/id_dsa [enter]

NOTE: When prompted for a password, do NOT enter one, just press [enter]!

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff user@remote.example.net
The key's randomart image is:
+--[ DSA 1024]----+
|.B+o . |
|.+= + . |
|o... . |
|.... |
| . .... S |
| .o+o . . |
| E += |
| ..o |
| . |
+-----------------+
[user@remote ~]$

This will create folder /usr/home/.ssh if it do not exist, generate a password-less key /usr/home/.ssh/id_dsa, and a public key /usr/home/.ssh/id_dsa.pub.

On the Local Server server:

Generate keys on the local server, server as the user that will perform the ssh connection to the remote server:

[user@server ~]$ ssh-keygen -t dsa -f ~/.ssh/id_dsa [enter]

NOTE: When prompted for a password, do NOT enter one, just press [enter]!

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff user@server.example.net
The key's randomart image is:
+--[ DSA 1024]----+
|.B+o . |
|.+= + . |
|o... . |
|.... |
| . .... S |
| .o+o . . |
| E += |
| ..o |
| . |
+-----------------+
[user@server ~]$

This will create folder /usr/home/.ssh if it do not exist, generate a password-less key /usr/home/.ssh/id_dsa, and a public key /usr/home/.ssh/id_dsa.pub.

Copy the id_dsa.pub key over to the remote server, remote:

[user@server ~]$ scp ~/.ssh/id_dsa.pub user@remote.example.net:~/.ssh/server.pub [enter]
The authenticity of host 'remote.example.net (192.168.1.3)' can't be established.
DSA key fingerprint is ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff.
Are you sure you want to continue connecting (yes/no)? yes [enter]
Warning: Permanently added 'remote.example.net' (DSA) to the list of known hosts.
Password: ******* [enter]
id_dsa.pub                                    100%  622     0.6KB/s   00:00    
[user@server ~]$

Next, log in to remote server, remote, as the user that will perform the ssh connections:

[user@server ~]$ ssh user@remote.example.net
Password: ******* [enter]
Last login: Thu May 22 20:47:16 2009 from server.example.net
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
 The Regents of the University of California. All rights reserved.

Welcome to remote.example.net/192.168.1.nn Running FreeBSD 11.0-RELEASE!
[user@remote ~]$

Add the public key from server to the list of authorized keys on remote with:

[user@remote ~]$ cat ~/.ssh/server.pub >> ~/.ssh/authorized_keys [enter]
[user@remote ~]$

..and to protect the file ‘authorized_keys file from beeng changed do:

[user@remote ~]$ chmod 640 ~/.ssh/authorized_keys [enter]
[user@remote ~]$

Delete the transferd key file with:

[user@remote ~]$ rm -f ~/.ssh/server.pub [enter]
[user@remote ~]$

At this point the remote server remote should accept a password-less login from local server server by the user user.

If the ssh connection is to be performed as user root the following extra configuration must be performed to permit root to login:

[root@server ~]$ su - [enter]
Password: ****** [enter]
[root@server /usr/home/user]#
[root@server /usr/home/user]# ee /etc/ssh/sshd_config [enter]

Go to line 45:

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

…and edit line 45 to look like this:

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

Save file /etc/sshd_config and exit to local server server with:

[root@server /usr/home/user]# exit [enter]
logout
[techpc@remote ~]$ exit [enter]
Connection to remote.example.net closed.
[user@server ~]$

To verify that the password-less ssh login to the remote server remote from the local server, server, works:

[user@server ~]$ ssh user@remote.example.net

…should – without any password request – result in somthing like this example:

Last login: Sat Feb 19 16:32:09 2011 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.  All rights reserved.

FreeBSD 11.0-RELEASE (GENERIC) #0: Mon Jul 19 02:36:49 UTC 2010

Welcome to remote.example.net running FreeBSD 8.1-RELEASE!
[user@remote ~]$

We have successfully logged on to remote!

Issue the following command to log out from remote server remote:

[user@remote ~]$ exit [enter]
Connection to remote.example.net closed.
[user@server ~]$

To backup directory /srv/test on remote server remote to local server server issue the following command, example:

[user@server ~]$ /usr/local/bin/rsync -aquz -e "ssh -l user" remote.example.net:/srv/test/ /srv/test/

rsync – synchronizing two file trees

This section describes how to use rsync to synchronize file trees on two servers.

Remote Server Setup

In this example, we’re going to be using a remote rsync server containing the file tree that we like to syncronize with.

On the remote server edit file /usr/local/etc/rsyncd.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/rsyncd.conf [enter]

Edit file, example:

#
# rsyncd.conf
#
uid             = nobody
gid             = nobody
use chroot      = yes
max connections = 4
syslog facility = local5
pid file        = /var/run/rsyncd.pid

[example]
  path          = /srv/example/
  comment       = all of the example
  auth users    = tridge, susan
  secrets file  = /usr/local/etc/rsyncd.secrets

Make /usr/local/etc/rsyncd.conf non-world readable with:

[root@server /usr/home/user]# chmod 640 /usr/local/etc/rsyncd.conf [enter]
[root@server /usr/home/user]#

On the remote server create file /usr/local/etc/rsyncd.secrets with:

[root@server /usr/home/user]# ee /usr/local/etc/rsyncd.secrets [enter]

Edit file, example:

#
# rsyncd.secrets
#
tridge:mypass
susan:herpass

Make /usr/local/etc/rsyncd.secrets non-world readable with:

[root@server /usr/home/user]# chmod 640 /usr/local/etc/rsyncd.secrets [enter]
[root@server /usr/home/user]#

Local Server Setup

rsync should have been installed on the local server too.

Manually synchronize files using ssh with:

[root@server /usr/home/user]# rsync -e ssh -avz --delete susan@remote.example.net:example /srv/example [enter]
Password: ****** [enter]
receiving file list ... done
[root@server /usr/home/user]#

Additional Reading

Backup FreeNAS Files Remotely Using FreeBSD and rsync

phpSysInfo

phpSysInfo

Last Updated on 2017-02-27 by Sture

Description

phpSysInfo is a PHP script that displays information about the host being accessed. It will displays things like Uptime, CPU, Memory, SCSI, IDE, PCI, Ethernet, Floppy, and Video Information.

WWW: http://phpsysinfo.github.io/phpsysinfo/.

Requirements

The following applications must be installed, configured and running:

  1. Apache HTTP Server
  2. PHP (v. 7.0)
  3. GNU wget

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Download

[root@server /usr/home/user]# wget https://github.com/phpsysinfo/phpsysinfo/archive/v3.2.7.tar.gz
--2017-02-20 19:03:01--  https://github.com/phpsysinfo/phpsysinfo/archive/v3.2.7.tar.gz
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/phpsysinfo/phpsysinfo/tar.gz/v3.2.7 [following]
--2017-02-20 19:03:01--  https://codeload.github.com/phpsysinfo/phpsysinfo/tar.gz/v3.2.7
Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121
Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 986821 (964K) [application/x-gzip]
Saving to: ‘v3.2.7.tar.gz’

v3.2.7.tar.gz       100%[===================>] 963,69K   837KB/s    in 1,2s    

2017-02-20 19:03:03 (837 KB/s) - ‘v3.2.7.tar.gz’ saved [986821/986821]

[root@server /usr/home/user]#

Installation

Extract file v3.2.7.tar.gz to /usr/local/www/ with:

[root@server /usr/home/user]# tar -zxvf v3.2.7.tar.gz  -C /usr/local/www/ [enter]
[root@server /usr/home/user]#

Delete file v3.2.7.tar.gz with:

[root@server /usr/home/user]# rm v3.2.7.tar.gz [enter]
[root@server /usr/home/user]#

Install shared php extension php70-mbstring and php70-xml with:

[root@server /usr/home/user]# pkg install php70-mbstring php70-xml [enter]
[root@server /usr/home/user]#

Configuration

Create a configure file for phpSysInfo with:

[root@server /usr/home/user]# cp /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini.new /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini [enter]
[root@server /usr/home/user]#

Edit file /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini if needed with: with:

[root@server /usr/home/user]# ee /usr/local/www/phpsysinfo-3.2.7/phpsysinfo.ini

To make phpsysinfo available through the local web site:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/phpsysinfo.conf

…and add the following text:

Alias /phpsysinfo/ "/usr/local/www/phpsysinfo-3.2.7/"
<Directory "/usr/local/www/phpsysinfo-3.2.7/">
  AllowOverride All
  Require all granted
</Directory&gt

Restart apache24 with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 1302.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

How to use

Start a browser and go to URL: http://server.example.net/phpsysinfo/.

phpMyAdmin with PHP v. 7.0

phpMyAdmin with PHP v. 7.0

Last Updated on 2017-02-27 by Sture

Description

phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface, while you still have the ability to directly execute any SQL statement.

WWW: http://www.phpmyadmin.net.

Requirentments

The following applications must be installed, configured and running before installation of phpMyAdmin:

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Warning!

N.B.: Do NOT install phpMyAdmin from port if the PHP version installed is > 5.6!

Verify version of PHP installed with:

[root@server /usr/home/user]# php -v [enter]
PHP 7.0.15 (cli) (built: Jan 24 2017 01:18:59) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.15, Copyright (c) 1999-2017, by Zend Technologies
[root@server /usr/home/user]#

In this example PHP version 7.0 is installed. Due to this phpMyAdmin will be downloaded from the phpMyAdmin site.

Download and Verification

[root@server /usr/home/user]# wget https://files.phpmyadmin.net/phpMyAdmin/4.6.6/phpMyAdmin-4.6.6-all-languages.zip [enter]
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.59.222.19
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.59.222.19|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11349727 (11M) [application/zip]
Saving to: ‘phpMyAdmin-4.6.6-all-languages.zip’

phpMyAdmin-4.6.6-al 100%[===================>]  10,82M  2,62MB/s    in 4,3s    

2017-02-22 00:00:00 (2,55 MB/s) - ‘phpMyAdmin-4.6.6-all-languages.zip’ saved [11349727/11349727]

[root@server /usr/home/user]#
[root@server /usr/home/user]# wget https://files.phpmyadmin.net/phpMyAdmin/4.6.6/phpMyAdmin-4.6.6-all-languages.zip.asc [enter]
--2017-02-22 12:12:36--  https://files.phpmyadmin.net/phpMyAdmin/4.6.6/phpMyAdmin-4.6.6-all-languages.zip.asc
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.76.9.11
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.76.9.11|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819 [application/octet-stream]
Saving to: ‘phpMyAdmin-4.6.6-all-languages.zip.asc’

phpMyAdmin-4.6.6-al 100%[===================>]     819  --.-KB/s    in 0s      

2017-02-22 00:00:00 (61,9 MB/s) - ‘phpMyAdmin-4.6.6-all-languages.zip.asc’ saved [819/819]
[root@server /usr/home/user]#

Download the keyring from the phpMyAdmin download server with:

[root@server /usr/home/user]# wget https://files.phpmyadmin.net/phpmyadmin.keyring [enter]
--2017-02-22 12:49:01--  https://files.phpmyadmin.net/phpmyadmin.keyring
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.76.9.11
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.76.9.11|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 34198 (33K) [application/octet-stream]
Saving to: ‘phpmyadmin.keyring’

phpmyadmin.keyring  100%[===================>]  33,40K  --.-KB/s    in 0,006s  

2017-02-22 00:00:00 (5,27 MB/s) - ‘phpmyadmin.keyring’ saved [34198/34198]
[root@server /usr/home/user]#

…and then import the keyring data with:

[root@server /usr/home/user]# gpg --import phpmyadmin.keyring [enter]
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 9C27B31342B7511D: public key "Michal Čihař <michal@cihar.com>" imported
gpg: key FEFC65D181AF644A: public key "Marc Delisle <marc@infomarc.info>" imported
gpg: key CE752F178259BD92: public key "Isaac Bennetch <bennetch@gmail.com>" imported
gpg: key DA68AB39218AB947: public key "phpMyAdmin Security Team <security@phpmyadmin.net>" imported
gpg: Total number processed: 4
gpg:               imported: 4
[root@server /usr/home/user]#

N.B.: Verify the public keys corresponds with the information publiced the phpMyAdmin web site: Verifying phpMyAdmin releases.

[root@server /usr/home/user]# gpg --verify phpMyAdmin-4.6.6-all-languages.zip.asc [enter]
gpg: assuming signed data in 'phpMyAdmin-4.6.6-all-languages.zip'
gpg: Signature made Mon 23 Jan 20:22:46 2017 CET
gpg:                using RSA key CE752F178259BD92
gpg: Good signature from "Isaac Bennetch <bennetch@gmail.com>" [unknown]
gpg:                 aka "Isaac Bennetch <isaac@bennetch.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3D06 A59E CE73 0EB7 1B51  1C17 CE75 2F17 8259 BD92
[root@server /usr/home/user]#

Beginning in January 2016, the release manager for phpMyAdmin is Isaac Bennetch. His RSA key id is:

CE752F178259BD92

…and his PGP primary key fingerprint is:

3D06 A59E CE73 0EB7 1B51 1C17 CE75 2F17 8259 BD92

You should verify that the signature matches the archive you have downloaded. This way you can be sure that you are using the same code that was released. You should also verify the date of the signature to make sure that you downloaded the latest version.

Installation

Extract file phpMyAdmin-4.6.6-all-languages.zip to /usr/local/www/ with:

[root@server /usr/home/user]# unzip phpMyAdmin-4.6.6-all-languages.zip  -d /usr/local/www [enter]
Archive:  phpMyAdmin-4.6.6-all-languages.zip
   creating: /usr/local/www/phpMyAdmin-4.6.6-all-languages/
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/CONTRIBUTING.md  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/ChangeLog  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/DCO  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/LICENSE  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/README  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/RELEASE-DATE-4.6.6  
.
.
.
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/url.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/user_password.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/version_check.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/view_create.php  
 extracting: /usr/local/www/phpMyAdmin-4.6.6-all-languages/view_operations.ph  |
[root@server /usr/home/user]#

Delete file phpMyAdmin-4.6.6-all-languages.zip with:

[root@server /usr/home/user]# rm phpMyAdmin-4.6.6-all-languages.zip [enter]
[root@server /usr/home/user]#

Rename folder /usr/local/www/phpMyAdmin-4.6.6-all-languages to /usr/local/www/phpMyAdmin with:

[root@server /usr/home/user]# mv /usr/local/www/phpMyAdmin-4.6.6-all-languages /usr/local/www/phpMyAdmin [enter]
[root@server /usr/home/user]#

N.B.: Only not installed required PHP shared extension will be installed with the following command!

Install shared PHP extension required by phpMyAdmin with:

[root@server /usr/home/user]# pkg install php70-session php70-xml php70-bz2 php70-ctype php70-filter php70-zip php70-openssl php70-gd php70-mcrypt php70-mbstring php70-mysqli php70-json php70-zlib [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 9 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	php70-session: 7.0.15
	php70-bz2: 7.0.15
	php70-ctype: 7.0.15
	php70-openssl: 7.0.15
	php70-mcrypt: 7.0.15
	php70-mbstring: 7.0.15
	php70-json: 7.0.15
	libltdl: 2.4.6
	libmcrypt: 2.5.8_3

Number of packages to be installed: 9

The process will require 5 MiB more space.
988 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching php70-session-7.0.15.txz: 100%   32 KiB  32.3kB/s    00:01    
Fetching php70-bz2-7.0.15.txz: 100%   11 KiB  11.0kB/s    00:01    
Fetching php70-ctype-7.0.15.txz: 100%    7 KiB   6.8kB/s    00:01    
Fetching php70-openssl-7.0.15.txz: 100%   44 KiB  44.7kB/s    00:01    
Fetching php70-mcrypt-7.0.15.txz: 100%   15 KiB  14.9kB/s    00:01    
Fetching php70-mbstring-7.0.15.txz: 100%  712 KiB 728.9kB/s    00:01    
Fetching php70-json-7.0.15.txz: 100%   19 KiB  19.9kB/s    00:01    
Fetching libltdl-2.4.6.txz: 100%   36 KiB  36.6kB/s    00:01    
Fetching libmcrypt-2.5.8_3.txz: 100%  114 KiB 116.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/9] Installing libltdl-2.4.6...
[1/9] Extracting libltdl-2.4.6: 100%
[2/9] Installing libmcrypt-2.5.8_3...
[2/9] Extracting libmcrypt-2.5.8_3: 100%
[3/9] Installing php70-session-7.0.15...
[3/9] Extracting php70-session-7.0.15: 100%
[4/9] Installing php70-bz2-7.0.15...
[4/9] Extracting php70-bz2-7.0.15: 100%
[5/9] Installing php70-ctype-7.0.15...
[5/9] Extracting php70-ctype-7.0.15: 100%
[6/9] Installing php70-openssl-7.0.15...
[6/9] Extracting php70-openssl-7.0.15: 100%
[7/9] Installing php70-mcrypt-7.0.15...
[7/9] Extracting php70-mcrypt-7.0.15: 100%
[8/9] Installing php70-mbstring-7.0.15...
[8/9] Extracting php70-mbstring-7.0.15: 100%
[9/9] Installing php70-json-7.0.15...
[9/9] Extracting php70-json-7.0.15: 100%
Message from libmcrypt-2.5.8_3:
===>   NOTICE:

The libmcrypt port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from php70-session-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-18-session.ini
configuration file to automatically load the installed extension:

extension=session.so

****************************************************************************
Message from php70-bz2-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-bz2.ini
configuration file to automatically load the installed extension:

extension=bz2.so

****************************************************************************
Message from php70-ctype-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ctype.ini
configuration file to automatically load the installed extension:

extension=ctype.so

****************************************************************************
Message from php70-openssl-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-openssl.ini
configuration file to automatically load the installed extension:

extension=openssl.so

****************************************************************************
Message from php70-mcrypt-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mcrypt.ini
configuration file to automatically load the installed extension:

extension=mcrypt.so

****************************************************************************
Message from php70-mbstring-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mbstring.ini
configuration file to automatically load the installed extension:

extension=mbstring.so

****************************************************************************
Message from php70-json-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-json.ini
configuration file to automatically load the installed extension:

extension=json.so

****************************************************************************
[root@server /usr/home/user]#

Configuration

Change file owner and group recursively for /usr/local/www/phpMyAdmin with:

[root@server /usr/home/user]# chown -R www:www /usr/local/www/phpMyAdmin [enter]
[root@server /usr/home/user]#

To make phpMyAdmin available on the web site:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/phpmyadmin.conf [enter]

Add the following lines;

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
  AllowOverride All
  Require all granted
</Directory>

…the restart the apache24 service with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 12555.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

N.B.: The phpMyAdmin documentation is stored on your server at: http://www.example.com/phpmyadmin/doc/html/!

Start your browser and go to: http://server.example.net/phpmyadmin/setup/

Login as the MySQL root user and complete the configured by enabling the phpMyAdmin extended features.

Create file /usr/local/www/phpMyAdmin/config.inc.php with:

[root@server /usr/home/user]# ee /usr/local/www/phpMyAdmin/config.inc.php [enter]

…and copy the following text – example – that was created for you:

<?php
/*
 * Generated configuration file
 * Generated by: phpMyAdmin 4.6.6 setup script
 * Date: Tue, 22 Feb 2017 00:00:00 +0000
 */

/* Servers configuration */
$i = 0;

/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = true;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';

/* End of servers configuration */

$cfg['blowfish_secret'] = '----------------------------------';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
?>
GnuPG – The GNU Privacy Guard (modern version)

GnuPG – The GNU Privacy Guard (modern version)

Last Updated on 2017-02-27 by Sture

Description

GnuPG is a complete and free replacement for PGP. This is the “modern” version.

GnuPG allows encrypting and signing your data and communication, and features a versatile key management system as well as access modules for many public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

WWW: https://www.gnupg.org/.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Install GnuPG with;

[root@server /usr/home/user]# pkg install gnupg [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gnupg: 2.1.16
	libgpg-error: 1.26
	libassuan: 2.4.3
	npth: 1.3
	libgcrypt: 1.7.6
	pinentry: 1.0.0
	pinentry-tty: 1.0.0
	libksba: 1.3.5

Number of packages to be installed: 8

The process will require 14 MiB more space.
3 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching gnupg-2.1.16.txz: 100%    2 MiB   1.8MB/s    00:01    
Fetching libgpg-error-1.26.txz: 100%  172 KiB 176.1kB/s    00:01    
Fetching libassuan-2.4.3.txz: 100%   76 KiB  77.4kB/s    00:01    
Fetching npth-1.3.txz: 100%   20 KiB  20.6kB/s    00:01    
Fetching libgcrypt-1.7.6.txz: 100%  683 KiB 699.7kB/s    00:01    
Fetching pinentry-1.0.0.txz: 100%   16 KiB  16.6kB/s    00:01    
Fetching pinentry-tty-1.0.0.txz: 100%   27 KiB  27.7kB/s    00:01    
Fetching libksba-1.3.5.txz: 100%  156 KiB 159.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/8] Installing libgpg-error-1.26...
[1/8] Extracting libgpg-error-1.26: 100%
[2/8] Installing libassuan-2.4.3...
[2/8] Extracting libassuan-2.4.3: 100%
[3/8] Installing pinentry-tty-1.0.0...
[3/8] Extracting pinentry-tty-1.0.0: 100%
[4/8] Installing npth-1.3...
[4/8] Extracting npth-1.3: 100%
[5/8] Installing libgcrypt-1.7.6...
[5/8] Extracting libgcrypt-1.7.6: 100%
[6/8] Installing pinentry-1.0.0...
[6/8] Extracting pinentry-1.0.0: 100%
[7/8] Installing libksba-1.3.5...
[7/8] Extracting libksba-1.3.5: 100%
[8/8] Installing gnupg-2.1.16...
[8/8] Extracting gnupg-2.1.16: 100%
Message from gnupg-2.1.16:
###############################################################################
				A T T E N T I O N

In order to use gpg-agent, you need to install a pinentry dialog.

The following ports of pinentry dialogs are available:

security/pinentry-curses	(ncurses based dialog)
security/pinentry-gtk2		(GTK 2.x based dialog)
security/pinentry-qt4		(QT4 based dialog)
security/pinentry-tty		(console based dialog)

###############################################################################
[root@server /usr/home/user]#

Configuration

Create required directories with:

[root@server /usr/home/user]# gpg --verify dummy.asc [enter]
gpg: Warning: using insecure memory!
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: can't open 'dummy.asc': No such file or directory
gpg: verify signatures failed: No such file or directory
[root@server /usr/home/user]#

How to Use

[root@server /usr/home/user]# gpg --help [enter]
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg (GnuPG) 2.1.16
libgcrypt 1.7.6
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data

Commands:
 
 -s, --sign                 make a signature
     --clearsign            make a clear text signature
 -b, --detach-sign          make a detached signature
 -e, --encrypt              encrypt data
 -c, --symmetric            encryption only with symmetric cipher
 -d, --decrypt              decrypt data (default)
     --verify               verify a signature
 -k, --list-keys            list keys
     --list-sigs            list keys and signatures
     --check-sigs           list and check key signatures
     --fingerprint          list keys and fingerprints
 -K, --list-secret-keys     list secret keys
     --gen-key              generate a new key pair
     --quick-gen-key        quickly generate a new key pair
     --quick-adduid         quickly add a new user-id
     --quick-revuid         quickly revoke a user-id
     --full-gen-key         full featured key pair generation
     --gen-revoke           generate a revocation certificate
     --delete-keys          remove keys from the public keyring
     --delete-secret-keys   remove keys from the secret keyring
     --quick-sign-key       quickly sign a key
     --quick-lsign-key      quickly sign a key locally
     --sign-key             sign a key
     --lsign-key            sign a key locally
     --edit-key             sign or edit a key
     --passwd               change a passphrase
     --export               export keys
     --send-keys            export keys to a keyserver
     --recv-keys            import keys from a keyserver
     --search-keys          search for keys on a keyserver
     --refresh-keys         update all keys from a keyserver
     --import               import/merge keys
     --card-status          print the card status
     --card-edit            change data on a card
     --change-pin           change a card's PIN
     --update-trustdb       update the trust database
     --print-md             print message digests
     --server               run in server mode
     --tofu-policy VALUE    set the TOFU policy for a key

Options:
 
 -a, --armor                create ascii armored output
 -r, --recipient USER-ID    encrypt for USER-ID
 -u, --local-user USER-ID   use USER-ID to sign or decrypt
 -z N                       set compress level to N (0 disables)
     --textmode             use canonical text mode
 -o, --output FILE          write output to FILE
 -v, --verbose              verbose
 -n, --dry-run              do not make any changes
 -i, --interactive          prompt before overwriting
     --openpgp              use strict OpenPGP behavior

(See the man page for a complete listing of all commands and options)

Examples:

 -se -r Bob [file]          sign and encrypt for user Bob
 --clearsign [file]         make a clear text signature
 --detach-sign [file]       make a detached signature
 --list-keys [names]        show keys
 --fingerprint [names]      show fingerprints

Please report bugs to <https://bugs.gnupg.org>.
[root@server /usr/home/user]#

 

You should always verify that the signature matches the archive you have downloaded. This way you can be sure that you are using the same code that was released.

For more information see: nixCraft: UNIX / Linux: PGP TarBall File Signature Keys Verification for more information.

WordPress with PHP v. 7.0

WordPress with PHP v. 7.0

Last Updated on 2022-10-17 by Sture

Description

WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability.

More simply, WordPress is what you use when you want to work with your blogging software, not fight it.

WWW: http://wordpress.org/.

Requirements

The following applications must be installed, configured and running before installation of WordPress:

  1. Apache HTTP Server
  2. PHP (v. 7.0)
  3. MySQL DB Server
  4. GNUwget

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Warning!

N.B.: Do NOT install WordPress from port if the PHP version installed is > 5.6!

Verify version of PHP installed with:

[root@server /usr/home/user]# php -v <enter>
PHP 7.0.15 (cli) (built: Jan 24 2017 01:18:59) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.15, Copyright (c) 1999-2017, by Zend Technologies
[root@server /usr/home/user]#

In this example PHP version 7.0 is installed. Due to this WordPress will be downloaded from the WordPress site.

Download

Download the latest version of WordPress with:

[root@server /usr/home/user]# wget https://wordpress.org/latest.tar.gz <enter>
--2017-02-22 18:26:38--  https://wordpress.org/latest.tar.gz
Resolving wordpress.org (wordpress.org)... 66.155.40.249, 66.155.40.250
Connecting to wordpress.org (wordpress.org)|66.155.40.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7997959 (7,6M) [application/octet-stream]
Saving to: ‘latest.tar.gz’

latest.tar.gz       100%[===================>]   7,63M  1,74MB/s    in 6,0s    

2017-02-22 18:26:45 (1,27 MB/s) - ‘latest.tar.gz’ saved [7997959/7997959]

[root@server /usr/home/user]#

Installation

Extract file latest.tar.gz to /usr/local/www/ with:

[root@server /usr/home/user]# tar -xzvf latest.tar.gz  -C /usr/local/www <enter>
x wordpress/
x wordpress/wp-settings.php
x wordpress/wp-cron.php
x wordpress/wp-comments-post.php
x wordpress/wp-activate.php
x wordpress/wp-admin/
.
.
x wordpress/wp-includes/comment.php
x wordpress/wp-includes/class-wp-text-diff-renderer-table.php
x wordpress/wp-config-sample.php
[root@server /usr/home/user]#

Delete file latest.tar.gz with:

[root@server /usr/home/user]# rm latest.tar.gz <enter>
[root@server /usr/home/user]#

N.B.: Only not installed required PHP shared extension will be installed with the following command!

Install shared PHP extension required by phpMyAdmin with:

[root@server /usr/home/user]# pkg install curl php70-curl libnghttp2 php70-gd php70-hash php70-xml php70-tokenizer php70-mysqli php70-zip php70-ftp php70-zlib <enter>
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	curl: 7.52.1_1
	php70-curl: 7.0.15
	libnghttp2: 1.18.0
	php70-ftp: 7.0.15

Number of packages to be installed: 4

The process will require 4 MiB more space.
1 MiB to be downloaded.

Proceed with this action? [y/N]: y <enter>
Fetching curl-7.52.1_1.txz: 100%    1 MiB   1.1MB/s    00:01    
Fetching php70-curl-7.0.15.txz: 100%   26 KiB  26.8kB/s    00:01    
Fetching libnghttp2-1.18.0.txz: 100%  104 KiB 106.4kB/s    00:01    
Fetching php70-ftp-7.0.15.txz: 100%   22 KiB  22.4kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/4] Installing libnghttp2-1.18.0...
[1/4] Extracting libnghttp2-1.18.0: 100%
[2/4] Installing curl-7.52.1_1...
[2/4] Extracting curl-7.52.1_1: 100%
[3/4] Installing php70-curl-7.0.15...
[3/4] Extracting php70-curl-7.0.15: 100%
[4/4] Installing php70-ftp-7.0.15...
[4/4] Extracting php70-ftp-7.0.15: 100%
Message from php70-curl-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-curl.ini
configuration file to automatically load the installed extension:

extension=curl.so

****************************************************************************
Message from php70-ftp-7.0.15:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ftp.ini
configuration file to automatically load the installed extension:

extension=ftp.so

****************************************************************************
[root@server /usr/home/user]#

Configuration

Change file owner and group recursively for /usr/local/www/wordpress with:

[root@server /usr/home/user]# chown -R www:www /usr/local/www/wordpress <enter>
[root@server /usr/home/user]#

Change file modes recursively for /usr/local/www/wordpress with:

[root@server /usr/home/user]# chmod -R 755 /usr/local/www/wordpress <enter>
[root@server /usr/home/user]#

Enable the Apache rewrite_module with:

[root@server /usr/home/user]# perl -pi -e 's/#LoadModule rewrite_module/LoadModule rewrite_module/g' /usr/local/etc/apache24/httpd.conf <enter>
[root@server /usr/home/user]#

To make wordpress available on the web site:

[root@server /usr/home/user]# ee /usr/local/etc/apache24/Includes/wordpress.conf <enter>

Add the following lines;

Alias /wp/ "/usr/local/www/wordpress/"
<Directory "/usr/local/www/wordpress/">
  AllowOverride All
  Require all granted
</Directory>

…the restart the apache24 service with:

[root@server /usr/home/user]# service apache24 restart <enter>
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 12555.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

Prepare MySQL Database

WordPress uses a relational database, such as MySQL, to manage and store site and user information.

Login to the MySQL database with:

[root@server /usr/home/user]# mysql -u root -p <enter>
Enter password: <-- password <enter>
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 422
Server version: 5.7.17-log Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Create a MySQL wordpress database with:

root@localhost [(none)]> CREATE DATABASE wordpress; &enter>
Query OK, 1 row affected (0,02 sec)

root@localhost [(none)]>

Create a MySQL user account wpadmin that WordPress will use to interact with the wordpress database with:

root@localhost [(none)]> CREATE USER wpadmin@localhost IDENTIFIED BY 'password'; &enter>
Query OK, 0 rows affected (0,44 sec)

root@localhost [(none)]>

 

Grant the WordPress wpadmin user full access to the wordpress database with:

 

root@localhost [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO wpadmin@localhost; &enter> Query OK, 0 rows affected (0,44 sec) root@localhost [(none)]>

Before this privileges change will go into effect, we must flush the privileges with:

root@localhost [(none)]> FLUSH PRIVILEGES; &enter>
Query OK, 0 rows affected (0,43 sec)

root@localhost [(none)]>

Exit the MySQL prompt with:

root@localhost [(none)]> exit &enter>
Bye
[root@server /usr/home/user]#

Make a copy of the WordPress sample configuration file with:

[root@server /usr/home/user]# cp /usr/local/www/wordpress/wp-config-sample.php /usr/local/www/wordpress/wp-config.php <enter>
[root@server /usr/home/user]#

Start editing file /usr/local/www/wordpress/wp-config.php with:

[root@server /usr/home/user]# ee /usr/local/www/wordpress/wp-config.php <enter>

…and update DB_NAME, DB_USER and DB_PASSWORD as in this example:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wpadmin');

/** MySQL database password */
define('DB_PASSWORD', 'password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
?>

Authentication Unique Keys and Salts

You can generate the unique keys at: https://api.wordpress.org/secret-key/1.1/salt/

Run WordPress Installation Script

Start your browser and got to http://www.example.net/wp/ and complete the installation of WordPress.

GNU wget

GNU wget

Last Updated on 2017-02-27 by Sture

Description

GNU wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive command-line tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.

GNU wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including:

  • Can resume aborted downloads, using REST and RANGE
  • Can use filename wild cards and recursively mirror directories
  • NLS-based message files for many different languages
  • Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally
  • Supports HTTP and SOCKS proxies
  • Supports HTTP cookies
  • Supports persistent HTTP connections
  • Unattended / background operation
  • Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring
  • GNU wget is distributed under the GNU General Public License.

WWW: http://www.gnu.org/software/wget/wget.html

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Install

Install wget with:

[root@server /usr/home/user]# pkg install wget [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked)
New packages to be INSTALLED:
wget: 1.18_2

Number of packages to be installed: 1

The process will require 3 MiB more space.
578 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching wget-1.18_2.txz: 100% 578 KiB 592.0kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing wget-1.18_2...
[1/1] Extracting wget-1.18_2: 100%
[root@server /usr/home/user]#

List all installed files with:

[root@server ~]# pkg info -l wget | less [enter]

Configure

No configuration required.

How to Use

Since Wget uses GNU getopt to process command-line arguments, every option has a long form along with the short one. Long options are more convenient to remember, but take time to type. You may freely mix different option styles, or specify options after the command-line arguments. Thus you may write:

[root@server ~]#  wget -r --tries=10 http://www.example.com/ -o log [enter]

The space between the option accepting an argument and the argument may be omitted. Instead of -o log you can write -olog.

MySQL DB Server

MySQL DB Server

Last Updated on 2017-07-07 by Sture

Description

MySQL is a very fast, multi-threaded, multi-user and robust SQL (Structured Query Language) database server.

WWW: http://www.mysql.com.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for mysql57-server in the remote package repositories with:

[root@server /usr/home/user]# pkg search "mysql5" [enter]
mysql++-mysql56-3.2.2          Complex C++ API for MySQL56
mysql++1-mysql56-1.7.40_3      Complex C++ API for MySQL56
mysql-connector-odbc-unixodbc-mysql56-5.3.4_1 ODBC driver for MySQL56 / unixodbc
mysql55-client-5.5.56          Multithreaded SQL database (client)
mysql55-server-5.5.56          Multithreaded SQL database (server)
mysql56-client-5.6.36          Multithreaded SQL database (client)
mysql56-q4m-0.9.14             Message queue that works as a pluggable storage engine of MySQL
mysql56-server-5.6.36          Multithreaded SQL database (server)
mysql57-client-5.7.18          Multithreaded SQL database (client)
mysql57-server-5.7.18          Multithreaded SQL database (server)
[root@server /usr/home/user]#

In this example mysql57-server will be installed.

Install mysql57-server with:

[root@server /usr/home/user]# pkg install mysql57-server p5-DBI [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        mysql57-server: 5.7.18
        libevent: 2.1.8
        mysql57-client: 5.7.18

Number of packages to be installed: 3

The process will require 188 MiB more space.
16 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
[1/3] Fetching mysql57-server-5.7.18.txz: 100%   13 MiB   7.1MB/s    00:02
[2/3] Fetching libevent-2.1.8.txz: 100%  300 KiB 307.7kB/s    00:01
[3/3] Fetching mysql57-client-5.7.18.txz: 100%    2 MiB   1.9MB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing libevent-2.1.8...
[1/3] Extracting libevent-2.1.8: 100%
[2/3] Installing mysql57-client-5.7.18...
[2/3] Extracting mysql57-client-5.7.18: 100%
[3/3] Installing mysql57-server-5.7.18...
===> Creating groups.
Creating group 'mysql' with gid '88'.
===> Creating users
Creating user 'mysql' with uid '88'.
Extracting mysql57-server-5.7.18: 100%
Message from mysql57-client-5.7.18:
* * * * * * * * * * * * * * * * * * * * * * * *

This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server

* * * * * * * * * * * * * * * * * * * * * * * *
Message from mysql57-server-5.7.18:
*****************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

*****************************************************************************
[root@server /usr/home/user]#

Configuration

List installed services with:

[root@server /usr/home/user]# service -r | grep mysql [enter]
/usr/local/etc/rc.d/mysql-server
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf:

[root@server /usr/home/user]# /usr/local/etc/rc.d/mysql-server rcvar [enter]
# mysql
#
mysql_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start MySQL on system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# MySQL Server' >> /etc/rc.conf; echo 'mysql_enable="YES"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Then edit /usr/local/etc/mysql/my.cnf with:

[root@server /usr/home/user]# ee /usr/local/etc/mysql/my.cnf [enter]
# $FreeBSD: head/databases/mysql57-server/files/my.cnf.sample.in 414707 2016-05-06 14:39:59Z riggs $

[client]
port                            = 3306
socket                          = /tmp/mysql.sock

[mysql]
prompt                          = \u@\h [\d]>\_
no_auto_rehash

[mysqld]
user                            = mysql
port                            = 3306
socket                          = /tmp/mysql.sock
bind-address                    = 127.0.0.1
basedir                         = /usr/local
datadir                         = /var/db/mysql
tmpdir                          = /var/db/mysql_tmpdir
slave-load-tmpdir               = /var/db/mysql_tmpdir
secure-file-priv                = /var/db/mysql_secure
log-bin                         = mysql-bin
log-output                      = TABLE
master-info-repository          = TABLE
relay-log-info-repository       = TABLE
relay-log-recovery              = 1
slow-query-log                  = 1
server-id                       = 1
sync_binlog                     = 1
sync_relay_log                  = 1
binlog_cache_size               = 16M
expire_logs_days                = 30
default_password_lifetime       = 0
enforce-gtid-consistency        = 1
gtid-mode                       = ON
safe-user-create                = 1
lower_case_table_names          = 1
explicit-defaults-for-timestamp = 1
myisam-recover-options          = BACKUP,FORCE
open_files_limit                = 32768
table_open_cache                = 16384
table_definition_cache          = 8192
net_retry_count                 = 16384
key_buffer_size                 = 256M
max_allowed_packet              = 64M
query_cache_type                = 0
query_cache_size                = 0
long_query_time                 = 0.5
innodb_buffer_pool_size         = 1G
innodb_data_home_dir            = /var/db/mysql
innodb_log_group_home_dir       = /var/db/mysql
innodb_data_file_path           = ibdata1:128M:autoextend
innodb_temp_data_file_path      = ibtmp1:128M:autoextend
innodb_flush_method             = O_DIRECT
innodb_log_file_size            = 256M
innodb_log_buffer_size          = 16M
innodb_write_io_threads         = 8
innodb_read_io_threads          = 8
innodb_autoinc_lock_mode        = 2
skip-symbolic-links

[mysqldump]
max_allowed_packet              = 256M
quote_names
quick

For advice on how to change settings please see https://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

N.B.: MySQL databases is stored in /var/db/mysql by default.

Change file owner and group for file /usr/local/etc/my.cnf with:

[root@server /usr/home/user]# chown mysql:mysql /usr/local/etc/mysql/my.cnf [enter]
[root@server /usr/home/user]#

Start

Manually start MySQL Server with;

[root@server /usr/home/user]# service mysql-server start [enter]
Starting mysql.
[root@server /usr/home/user]#

Check if the service is running with:

[root@server /usr/home/user]# service mysql-server status [enter]
mysql-server is running as pid 91514.
[root@server /usr/home/user]#

…and:

[root@server /usr/home/user]# ps -waux | grep mysql [enter]
mysql     821   0,0  0,0  17088   2540  -  Is   11:03pm    0:00,01 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/var/db/mysql/my.cnf --user=mysql --datadir=/var/db/mysql --pid-file=/var/db/mysql/server.polymathic.net.pid
mysql     939   0,0  3,0 674172 465456  -  I    11:03pm    0:02,87 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/mysql/my.cnf --basedir=/usr/local --datadir=/var/db/mysql --plugin-dir=/usr/local/lib/mysql/plugin --log-error=/var/db/mysql/server.polymathic.net.err --pid-file=/var/db/mysql/server.polymathic.net.pid
[root@server /usr/home/user]#

Securing MySQL

Protect the MySQL installation with:

[root@server /usr/home/user]# mysql_secure_installation [enter]

Securing the MySQL server deployment.

Connecting to MySQL server using password in '/root/.mysql_secret'

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: Y [enter]

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2 [enter]
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : N [enter]

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y [enter]
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : [enter]

 ... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y [enter]
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y [enter]
Success.

All done! 
[root@server /usr/home/user]#

N.B.: The root password for MySQL can be found in file /root/.mysql_secret!

[root@server /usr/home/user]# cat /root/.mysql_secret
# Password set for user 'root@localhost' at 2017-02-20 21:33:40 
{passwd}
[root@server /usr/home/user]#

Logon to the MySQL service as root with:

[root@server /usr/home/user]# mysql -u root -p [enter]
Enter password: <-- password in file /root/.mysql_secret [enter]
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.17-log

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]>

Logout from the MySQL service with:

root@localhost [(none)]> exit [enter]
Bye
[root@server /usr/home/user]#

MySQL User Administration

To set the MySQL root password for the first time:

[root@server /usr/home/user]# mysqladmin -u root password 'passwd' [enter]
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@server /usr/home/user]#

To change the MySQL root password:

[root@server /usr/home/user]# mysqladmin -u root -p'oldpassword' password 'newpasswd' [enter]
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@server /usr/home/user]#

Tweaking MySQL

Default minimum character search length in MySQL is 4 characters. This can easily be adjusted to let’s say 2 characters.

[root@server /usr/home/user]# ee /usr/local/etc/my.cnf

…and add the following text:

[mysqld]
ft_min_word_len=2

[myisamchk]
ft_min_word_len=2

[mysqldump]
ignore-table=mysql.event

Manually restart MySQL Server with;

[root@server /usr/home/user]# service mysql-server restart [enter]
Stopping mysql.
Waiting for PIDS: 939.
Starting mysql.
[root@server /usr/home/user]#

Optional: packet filter (pf)

Network access to the MySQL Server service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add default port information to enable access to the MySQL Server service from clients on the local network as in this example:

.
.
# Ports:
# 123 TCP       Network Time Protocol
.
.
# 3306 TCP      MySQL database system

tcp_pass="{ 123, 3306 }"
.
.

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#

Move a MySQL Database from one server to another via SSH

Create a new empty database on the receiving server, srv2:

[root@srv2 ~]# mysql -uroot -p [enter]
Enter password: passwd [enter]
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3122
Server version: 5.5.23-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
mysql> CREATE DATABASE db_name; [enter]
Query OK, 1 row affected (0.00 sec)
mysql>
mysql> exit [enter]
[root@srv2 ~]#

On the server with the database, srv1:

[root@srv1 ~]# mysqldump -u{user} -p{password} {db_name} | ssh user@{IP Address srv2} "mysql -u{user} -p{password} {db_name}" [enter]
[root@srv1 ~]#

Using the parameters -e -f -q -Q -K for mysqldump a good idea and will make the insert faster and more secure. Look them up in the docs!