Author: Sture

OpenSSL – Cryptography And SSL/TLS Toolkit

OpenSSL – Cryptography And SSL/TLS Toolkit

Description:

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1, v1.1, v1.2, v1.3) protocols with full-strength cryptography world-wide. The project is managed by a worldwide community of volunteers who use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes, subject to some simple license conditions.

WWW: http://www.openssl.org/.

How to use

The OpenSSL program is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for:

  • Creation and management of private keys, public keys, and parameters
  • Public key cryptographic operations
  • Creation of X.509 certificates, CSRs and CRLs
  • Calculation of Message Digests
  • Encryption and Decryption with Ciphers
  • SSL/TLS Client and Server Tests
  • Handling of S/MIME signed or encrypted mail
  • Time Stamp requests, generation, and verification

Display version information for includes a stable OpenSSL with:

user@freebsdsrv:~ $ openssl version [enter]
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)
user@freebsdsrv:~ $

Display version information for the current package version(s) of OpenSSL with:

user@freebsdsrv:~ $ pkg search openssl | egrep '^openssl[0-9]+-[0-9]' [enter]
openssl111-1.1.1w_2            TLSv1.3 capable SSL and crypto library
openssl31-3.1.7_1              TLSv1.3 capable SSL and crypto library
openssl32-3.2.3_1              TLSv1.3 capable SSL and crypto library
openssl33-3.3.2_1              TLSv1.3 capable SSL and crypto library
openssl34-3.4.0                TLSv1.3 capable SSL and crypto library
user@freebsdsrv:~ $

Note: The latest stable version is the 3.4!
In this example, an update to the stable version of OpenSSL, version 3.4.0, will be performed!

Installation

Install openssl34 with:

user@freebsdsrv:~ $ sudo pkg install -y security/openssl34 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	openssl34: 3.4.0

Number of packages to be installed: 1

The process will require 27 MiB more space.
8 MiB to be downloaded.
[1/1] Fetching openssl34-3.4.0.pkg: 100%    8 MiB   8.1MB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing openssl34-3.4.0...
[1/1] Extracting openssl34-3.4.0: 100%
user@freebsdsrv:~ $

Configuration

Disable the use of the old version of OpenSSL in directory /usr/bin/ with:

user@freebsdsrv:~ $ sudo mv /usr/bin/openssl /usr/bin/openssl.default [enter]
user@freebsdsrv:~ $

Create a symbolic link to enable the use of the new version of OpenSSL with:

user@freebsdsrv:~ $ sudo ln -s /usr/local/bin/openssl /usr/bin/ ; ls -l /usr/bin/openssl [enter]
lrwxr-xr-x  1 root wheel 22 Dec  5 15:26 /usr/bin/openssl@ -> /usr/local/bin/openssl
user@freebsdsrv:~ $

Edit file /etc/ssl/openssl.cnf with:

user@freebsdsrv:~ $ sudo ee +168 /usr/local/openssl/openssl.cnf [enter]

This is an example:

...
[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = SE
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Vastra Gotaland

localityName                    = Locality Name (eg, city)
localityName_default            = Hisings Karra

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Polymathic

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = World Wide Web Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Support and Development

commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_default              = freebsdsrv.local.lan
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = admin@local.lan
emailAddress_max                = 64

# SET-ex3                       = SET extension number 3
...

Generate a key and certificate for 10 year usage with:

user@freebsdsrv:~ $ sudo sh -c 'openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/server.key -x509 -days 3650 -out /etc/ssl/server.crt' [enter]
.....+.+........+....+..+.........+.+...+..+.+...+..+...+......+..................+.+++++++++++++++++++++++++++++++++++++++*.....+..+.....................+....+.....+.+++++++++++++++++++++++++++++++++++++++*....+....+...+..+......+.+...+..++++++
.+.................+...+.+..+.........+...+.+..+..................+....+++++++++++++++++++++++++++++++++++++++*.....+.+..+.......+++++++++++++++++++++++++++++++++++++++*..+.+......+...+.....+....+...+..+......+.......+.................+...+....+.....+...+...+...............+...+.+.........+......+......+..+.+..+....+........+......+............+.............+.........+..+....+.....+.+......+...+............+..+............+......+....+.....+.+.........+...+...........+......+...+.+..+....+...+.....+...+...+................+...+.....+.......+........+.+..+...+....+...........+.......+...+..+...+................+...+..+....+.....+.......+............+..+.+........+.+.....+....+.....+.......+.....+...+.+...+.....................+..+.........+...+..........+......+......+...+..+...................+.....+....+..+...................++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [SE]: [enter]
State or Province Name (full name) [Vastra Gotaland]: [enter]
Locality Name (eg, city) [Hisings Karra]: [enter]
Organization Name (eg, company) [Polymathic]: [enter]
Organizational Unit Name (eg, section) [Support and Development]: [enter]
Common Name (e.g. server FQDN or YOUR name) [freebsdsrv.local.lan]: [enter]
Email Address [admin@local.lan]: [enter]
user@freebsdsrv:/usr/local/etc/ssl $

Review the certificate with:

user@freebsdsrv:~ $ sudo sh -c 'openssl x509 -text -noout -in /etc/ssl/server.crt' [enter]
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b3:69:65:0b:00:ec:5b:bf:55:2e:b3:58:10:e6:58:23:11:21:0b
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=SE, ST=Vastra Gotaland, L=Hisings Karra, O=Polymathic, OU=Support and Development, CN=freebsdsrv.local.lan, emailAddress=admin@local.lan
        Validity
            Not Before: Jan 27 16:26:04 2025 GMT
            Not After : Jan 25 16:26:04 2035 GMT
        Subject: C=SE, ST=Vastra Gotaland, L=Hisings Karra, O=Polymathic, OU=Support and Development, CN=freebsdsrv.local.lan, emailAddress=admin@local.lan
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:43:bb:19:32:7f:b8:4d:36:57:20:02:e3:
                    07:6a:8b:e1:7c:4a:59:c0:78:be:72:c2:b6:e7:10:
                    c8:c5:b7:d0:2b:c5:e6:f7:f1:a7:cf:39:21:98:d2:
                    98:5b:69:d0:e6:e2:00:49:b9:3a:c7:e2:d5:32:4c:
                    d2:3d:b5:d7:91:32:23:7e:8e:4d:82:75:4a:10:54:
                    86:cf:b7:49:44:d0:32:d8:cb:f1:4a:7f:65:68:9a:
                    0b:59:f2:0d:0f:1a:55:19:57:c1:ce:69:d8:36:b4:
                    77:1a:45:29:b0:d6:2d:93:26:4c:f9:10:a2:71:1d:
                    ac:8e:c0:1a:1d:be:98:34:4a:e8:23:bd:e8:87:af:
                    01:7c:30:4c:70:1f:84:80:de:33:4e:f8:19:ae:3c:
                    d5:d0:2b:42:cb:2d:1b:74:79:36:f9:33:20:9e:58:
                    08:99:03:61:f3:60:e3:75:d7:d0:0a:0a:68:0b:b0:
                    ba:51:83:11:6d:cd:b2:06:6d:56:7f:b2:e4:6d:72:
                    1b:b1:a0:2c:18:f0:0c:0f:17:82:0d:61:a1:b2:0f:
                    c2:6f:11:08:6d:74:b6:3d:eb:9d:f4:94:4f:e3:66:
                    ae:36:0d:d8:e9:c5:db:1a:f6:2c:27:ce:66:a3:75:
                    46:e9:98:9b:70:53:37:44:33:a4:f1:68:65:d3:03:
                    72:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D0:E3:3C:AA:67:16:7A:E0:4F:8B:66:16:49:15:E4:19:11:36:C7:23
            X509v3 Authority Key Identifier: 
                D0:E3:3C:AA:67:16:7A:E0:4F:8B:66:16:49:15:E4:19:11:36:C7:23
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        99:07:ac:20:4d:19:68:22:5b:0c:21:c0:9f:01:53:01:aa:a5:
        1b:2c:dd:64:7e:8f:33:4f:d3:58:cb:6e:7a:f6:38:00:85:c8:
        60:71:3a:51:94:da:ff:ed:f9:80:7e:c3:57:e8:c3:ea:88:be:
        5b:f1:ee:d9:fa:40:8a:ee:89:3a:9c:f9:ac:a5:68:ab:27:10:
        33:92:ef:2f:ee:1d:80:6e:90:e6:82:e1:ea:f1:f5:50:cc:6f:
        ce:db:78:00:94:6c:52:13:d5:71:e3:4a:4d:f2:b9:b6:7a:eb:
        41:cd:43:a5:86:ee:72:e0:3b:04:af:d2:a4:c5:47:d6:2b:86:
        82:96:21:a6:ab:47:61:54:0d:9a:70:62:e6:e9:7b:ae:b5:68:
        db:b9:49:dc:a0:55:55:45:64:a0:a0:fb:70:33:6b:8c:70:45:
        50:ef:13:e0:4e:53:d7:2f:16:63:55:16:61:ef:d3:f0:61:0b:
        ce:a5:04:3b:c2:91:e5:52:48:a3:60:b6:ab:ab:b7:2c:b1:65:
        1c:ac:c5:e8:f7:d8:3d:dc:56:cb:91:b4:27:56:ab:e2:0e:a6:
        fc:c1:72:b4:33:46:93:15:10:72:5c:34:01:09:af:43:65:90:
        bd:c6:bf:f0:89:b8:a2:b1:11:5a:1e:25:9d:3b:a0:5c:5c:b2:
        0f:44:5e:51
user@freebsdsrv:~ $

Display a list of files that have been created with:

user@freebsdsrv:~ $ ls -l /etc/ssl/ [enter]
total 49
drwxr-xr-x  2 root wheel   149 Nov 29 12:13 certs
-rw-r--r--  1 root wheel 12336 Nov 29 11:21 openssl.cnf
-rw-r--r--  1 root wheel  1554 Jan 27 17:26 server.crt
-rw-------  1 root wheel  1704 Jan 27 17:25 server.key
drwxr-xr-x  2 root wheel    54 Nov 29 12:12 untrusted
user@freebsdsrv:~ $
First To Do After FreeBSD OS Installation

First To Do After FreeBSD OS Installation

Reboot the system after installation of FreeBSD base OS with:

root@:~ # reboot [enter]
Connection to 192.168.1.250 closed by remote host.
Connection to 192.168.1.250 closed.

N.B.: Remove the FreeBSD Installation USB Stick before the system restarts!
In this example, login is performed remotely via the Terminal application from an Apple Mac Mini to a system with the local LAN IP Address 192.168.1.50 as user user.

user@Mac-mini ~ % ssh user@192.168.1.50 [enter]
The authenticity of host '192.168.1.50 (192.168.1.50)' can't be established.
ED25519 key fingerprint is SHA256:uU1ln2+R7xOW1IaKvIsrsBU+t0KFbop75RS5BcBQ0B0.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.50' (ED25519) to the list of known hosts.
(user@192.168.1.50) Password for user@freebsdsrv:
FreeBSD 14.2-RELEASE (GENERIC) releng/14.2-n269506-c8918d6c7412

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List:        https://www.FreeBSD.org/lists/questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

To change this login announcement, see motd(5).
ZFS keeps a history of commands run against a specific pool using the
history subcommand to zpool:

zpool history

More details are available using the -i and -l parameters. Note that ZFS
will not keep the complete pool history forever and will remove older
events in favor of newer ones.
		-- Benedict Reuschling <bcr@FreeBSD.org>
user@freebsdsrv:~ $

SUDO – Execute Command As The Superuser

Description:

The best practice is to never log in as the root superuser interactively. If you do – you are doing it wrong!

sudo is a program that allows a permitted user to execute a command as the superuser or another user, as specified by the user’s security policy. Unlike the su utility, sudo authenticates the user against the user’s own password rather than that of the target user. Sudo allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. This allows the delegation of specific commands to specific users on specific systems without sharing passwords among the users.

Prerequisites

To follow along, make sure you have,

  • Root access to your FreeBSD server
  • The password of the root user
Installation

Installation and configuration of sudo require superuser privileges. This sudo installation will be the only and last interactive login as the root superuser you will ever need to perform on this system.

Substitute the user identity with the root superuser identity with:

user@freebsdsrv:~ $ su - [enter]
Password: <-- RootPassWord [enter]
root@freebsdsrv:~ #

Install sudo with:

root@freebsdsrv:~ # pkg install -y security/sudo [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.23
	indexinfo: 0.3.1
	sudo: 1.9.16p2

Number of packages to be installed: 3

The process will require 9 MiB more space.
2 MiB to be downloaded.
[1/3] Fetching indexinfo-0.3.1.pkg: 100%    6 KiB   5.9kB/s    00:01    
[2/3] Fetching sudo-1.9.16p2.pkg: 100%    2 MiB   1.9MB/s    00:01    
[3/3] Fetching gettext-runtime-0.23.pkg: 100%  235 KiB 241.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/3] Installing indexinfo-0.3.1...
[1/3] Extracting indexinfo-0.3.1: 100%
[2/3] Installing gettext-runtime-0.23...
[2/3] Extracting gettext-runtime-0.23: 100%
[3/3] Installing sudo-1.9.16p2...
[3/3] Extracting sudo-1.9.16p2: 100%
root@freebsdsrv:~ #

Configuration

A default sudo configuration file /usr/local/etc/sudoers was created as part of the installation process.

N.B.: /usr/local/etc/sudoers MUST be edited with the visudo command as root.

The use of visudo minimizes the risk of syntax or file permission errors that prevent sudo from running.

Start editing file /usr/local/etc/sudoers with:

root@freebsdsrv:~ # visudo [enter]
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
...

visudo use the famous vi editor commands. The following commands are needed for updating and saving or exiting without saving file /usr/local/etc/sudoers:

  1. Use the arrow keys to move the cursor or…
  2. Move the cursor up one line with key ‘K’, down one line with key ‘J’, left one character with key ‘H’ and right one character with key ‘L’
  3. Press key ‘I’ to start inserting charters before the current cursor location
  4. Press key ‘A’ to start inserting charters after the current cursor location
  5. Press key ‘esc’ to abort inserting charters
  6. Press key ‘X’ to delete the character under the cursor
  7. Press key ‘:’, then ‘W’ and ‘Q’ to save and exit
  8. Press key ‘:’, then ‘Q’ and ‘!’ to exit without saving

To delegate privileges to the example user user locate section User privilege specification in the file /usr/local/etc/sudoers.

Update settings as indicated in this example to allow members of the wheel group to substitute user identity without entering their password:

...
##
## User privilege specification
##
root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
%wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) NOPASSWD: ALL
...

Save and exit visudo by pressing [ esc ], [ : ] and the [ W ] and finally [ Q ]
Exit as root with:

root@freebsdsrv:~ # exit [enter]
user@freebsdsrv:~ $

N.B.: User user in this example is configured to be a member of group wheel!
Display privileges for the current user with:

user@freebsdsrv:~ $ sudo -l [enter]
Matching Defaults entries for user on freebsdsrv:
   
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

Runas and Command-specific defaults for user:
    Defaults!/usr/local/sbin/visudo env_keep+="SUDO_EDITOR EDITOR VISUAL"

User user may run the following commands on freebsdsrv:
    (ALL : ALL) NOPASSWD: ALL
user@freebsdsrv:~ $
Post-installation Setup and Configuration

Post-installation Setup and Configuration

Colorized Directory Listings

Description:

Enable display of colors to directory contents listing for command ls and ll.

Configuration

Add two alias commands to file .profile for the user user with:

user@freebsdsrv:~ $ echo 'alias ll="ls -lGF"' | tee -a .profile ; sudo echo 'alias ls="ls -GF"' | tee -a .profile [enter]
alias ll="ls l-GF"
alias ls="ls -GF"
user@freebsdsrv:~ $

…and for root with:

user@freebsdsrv:~ $ sudo echo 'alias ll="ls -lGF"' | sudo tee -a /root/.profile ; sudo echo 'alias ls="ls -GF"' | sudo tee -a /root/.profile [enter]
alias ll="ls l-GF"
alias ls="ls -GF"
user@freebsdsrv:~ $
Log off your system with:
user@freebsdsrv:~ $ exit [enter]

…and then log in to the FreeBSD server and see colors as in this example:

user@freebsdsrv:~ $ ls -l /usr/local [enter]
drwxr-xr-x   2 root wheel 11 Jan 26 17:20 bin
drwxr-xr-x   6 root wheel 14 Jan 26 17:22 etc
drwxr-xr-x   3 root wheel  7 Jan 26 17:20 include
drwxr-xr-x   3 root wheel 14 Jan 26 17:20 lib
drwxr-xr-x   4 root wheel  4 Jan 26 17:20 libdata
drwxr-xr-x   3 root wheel  3 Jan 26 17:20 libexec
drwxr-xr-x   2 root wheel  7 Jan 26 17:20 sbin
drwxr-xr-x  10 root wheel 10 Jan 26 17:20 share
user@freebsdsrv:~ $

/boot/loader.conf

The file loader.conf contains descriptive information on bootstrapping the system. Through it, you can specify the kernel to be booted, parameters to be passed to it, and additional modules to be loaded; generally, set all variables described in loader(8).

By default, the delay before automatically booting is set to 10 seconds.
In this example, the delay is set to zero seconds with:

autoboot_delay=”0″!
Reset content and add autoboot_delay=”0″ to file /boot/loader.conf and verify entries to file /mnt/boot/loader.conf with:

user@freebsdsrv:~ $ sudo sh -c 'echo -e "autoboot_delay=\"0\"" >> /boot/loader.conf' ; cat /boot/loader.conf [enter]
geom_mirror_load="YES"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES"
zfs_load="YES"
autoboot_delay="0"
user@freebsdsrv:~ $

/etc/hosts

The host file /etc/hosts contains information regarding the known hosts on the network.
This file provides a backup used when the name server is not running.
Only a few addresses should be included in this file. These include addresses for the local interfaces that ifconfig needs at boot time and a few machines on the local network.

user@freebsdsrv:~ $ sudo sh -c 'cat <<EOF > /etc/hosts
#
# Host Database
#
::1           localhost localhost.local.lan
127.0.0.1     localhost localhost.local.lan
192.168.1.50  freebsdsrv freebsdsrv.local.lan
EOF' ; cat /etc/hosts [enter]
#
# Host Database
#
::1           localhost localhost.local.lan
127.0.0.1     localhost localhost.local.lan
192.168.1.50  freebsdsrv freebsdsrv.local.lan
user@freebsdsrv:~ $

/etc/resolv.conf

The resolver configuration file contains information that is read by the resolver routines the first time a process invokes them. The file is designed to be human-readable and contains a list of keywords with values that provide various types of resolver information.

To configure the FreeBSD server as a DNS client, you need to edit or modify the /etc/resolv.conf file to define which name servers should use.

Display content of file /etc/resolv.conf with:

user@freebsdsrv:~ $ sudo sh -c 'cat <<EOF > /etc/resolv.conf
#
# Resolver Database
#
domain local.lan
nameserver 192.168.1.1
nameserver 208.67.222.222
nameserver 208.67.220.220
EOF' ; cat /etc/resolv.conf [enter]
#
# Resolver Database
#
domain local.lan
nameserver 192.168.1.1
nameserver 208.67.222.222
nameserver 208.67.220.220
user@freebsdsrv:~ $

Verify Configuration with:

ping

ping – send ICMP or ICMPv6 ECHO_REQUEST packets to network hosts.

user@freebsdsrv:~ $ ping -c 3 freebsdsrv.local.lan [enter]
PING freebsdsrv (192.168.1.50): 56 data bytes
64 bytes from 192.168.1.50: icmp_seq=0 ttl=64 time=0.036 ms
64 bytes from 192.168.1.50: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 192.168.1.50: icmp_seq=2 ttl=64 time=0.026 ms

--- freebsdsrv ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.026/0.031/0.036/0.004 ms
user@freebsdsrv:~ $
user@freebsdsrv:~ $ ping -c 3 freebsdsrv [enter]
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.072 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.056 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.047 ms

--- localhost ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.047/0.058/0.072/0.010 ms
user@freebsdsrv:~ $
drill

drill is a tool designed to get all sorts of information out of the DNS.

user@freebsdsrv:~ $ drill freebsd.org [enter]
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 31073
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; freebsd.org.	IN	A

;; ANSWER SECTION:
freebsd.org.	3600	IN	A	96.47.72.84

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 37 msec
;; SERVER: 192.168.1.1
;; WHEN: Fri Oct 28 13:35:22 2022
;; MSG SIZE  rcvd: 45
user@freebsdsrv:~ $

Networking restart

Network interface setup is done using the netif, and routing setup is done using the routing.

N.B.: Always restart the netif and routing services together to avoid lockdown issues!

The right way to restart networking services on FreeBSD is:

user@freebsdsrv:~ $ sudo service netif restart ; sudo service routing restart [enter]
Stopping Network: lo0 em0.
...
Starting Network: lo0 em0.
...
delete host 127.0.0.1: gateway lo0 fib 0: gateway uses the same route
delete net default: gateway 192.168.1.1 fib 0: not in table
delete host ::1: gateway lo0 fib 0: gateway uses the same route
delete net fe80::: gateway ::1
delete net ff02::: gateway ::1
delete net ::ffff:0.0.0.0: gateway ::1
delete net ::0.0.0.0: gateway ::1
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 192.168.1.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
user@freebsdsrv:~ $
user@freebsdsrv:~ $

Log Console Messages To File

Configuration:

Enable all writes to /dev/console during boot to be logged to file /var/log/console.log with:

user@freebsdsrv:~ $ sudo sed -e 's/#console.info/console.info/' -i "" /etc/syslog.conf && cat /etc/syslog.conf | grep console.info [enter]
console.info					/var/log/console.log
user@freebsdsrv:~ $

Create file /var/log/console.log and then change file modes to mode 600 with:

user@freebsdsrv:~ $ sudo touch /var/log/console.log && sudo chmod -vv 600 /var/log/console.log [enter]
/var/log/console.log: 0100644 [-rw-r--r-- ] -> 0100600 [-rw------- ]
user@freebsdsrv:~ $

Restart syslogd to log all new console messages to file /var/log/console.log with:

user@freebsdsrv:~ $ sudo service syslogd restart [enter]
Stopping syslogd.
Waiting for PIDS: 808.
Starting syslogd.
user@freebsdsrv:~ $

A reboot is required to record all console messages on the system boot.
Reboot the system with:

user@freebsdsrv:~ $ sudo reboot [enter]
Connection to 192.168.1.50 closed by remote host.
Connection to 192.168.1.50 closed.

Wait for the system to reboot, then log back in with a remote SSH client session.

Display file /var/log/console.log with:

user@freebsdsrv:~ $ sudo cat /var/log/console.log [enter]

…and look for ERRORs and WARNINGs.

Display lines with word warning, error or critical in file /var/log/console.log with:

user@freebsdsrv:~ $ sudo cat /var/log/console.log | grep -E -wi 'warning|error|critical' [enter]
user@ freebsdsrv:~ $

If any errors and warnings are found, fix the problem and restart service syslogd as described above.

Create a FreeBSD-14.2-RELEASE-amd64 Install USB Memory Stick

Create a FreeBSD-14.2-RELEASE-amd64 Install USB Memory Stick

Requirements:

Required hardware: USB Memory Stick, minimum size 2 GB

Required software: sudo and wget

Download files

user@freebsdsrv:~ $ wget https://download.freebsd.org/ftp/releases/ISO-IMAGES/14.2/FreeBSD-14.2-RELEASE-amd64-memstick.img [enter]
--2025-01-24 16:47:51--  https://download.freebsd.org/ftp/releases/ISO-IMAGES/14.2/FreeBSD-14.2-RELEASE-amd64-memstick.img
Resolving download.freebsd.org (download.freebsd.org)... 85.30.190.138, 2a02:80:0:3ffd::15:1
Connecting to download.freebsd.org (download.freebsd.org)|85.30.190.138|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1559351808 (1.5G) [application/octet-stream]
Saving to: ‘FreeBSD-14.2-RELEASE-amd64-memstick.img’

FreeBSD-14.2-RELEAS 100%[===================>]   1.45G  93.8MB/s    in 16s     

2025-01-24 16:48:07 (91.1 MB/s) - ‘FreeBSD-14.2-RELEASE-amd64-memstick.img’ saved [1559351808/1559351808]

user@freebsdsrv:~ $
user@freebsdsrv:~ $ wget https://download.freebsd.org/ftp/releases/ISO-IMAGES/14.2/CHECKSUM.SHA512-FreeBSD-14.2-RELEASE-amd64 [enter]
--2025-01-24 16:49:55--  https://download.freebsd.org/ftp/releases/ISO-IMAGES/14.2/CHECKSUM.SHA512-FreeBSD-14.2-RELEASE-amd64
Resolving download.freebsd.org (download.freebsd.org)... 85.30.190.138, 2a02:80:0:3ffd::15:1
Connecting to download.freebsd.org (download.freebsd.org)|85.30.190.138|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1811 (1.8K) [application/octet-stream]
Saving to: ‘CHECKSUM.SHA512-FreeBSD-14.2-RELEASE-amd64’

CHECKSUM.SHA512-Fre 100%[===================>]   1.77K  --.-KB/s    in 0s      

2025-01-24 16:49:55 (200 MB/s) - ‘CHECKSUM.SHA512-FreeBSD-14.2-RELEASE-amd64’ saved [1811/1811]

user@freebsdsrv:~ $

Verify file checksum

user@freebsdsrv:~ % sha512sum --ignore-missing -c CHECKSUM.SHA512-FreeBSD-14.2-RELEASE-amd64 [enter]
FreeBSD-14.2-RELEASE-amd64-memstick.img: OK
user@freebsdsrv:~ %

Prepare the USB Memory Stick

Insert the USB Memory Stick into a USB Port on the FreeBSD Computer.

N.B.: All Data on the USB Memory Stick will be lost!

Since USB devices are seen as a SCSI device, camcontrol can be used to list device information for the inserted USB Memory Stick with this command:

user@freebsdsrv:~ $ sudo camcontrol devlist [enter]
<KINGSTON SKC600MS1024G S4500105>  at scbus0 target 0 lun 0 (pass0,ada0)
<AHCI SGPIO Enclosure 2.00 0001>   at scbus1 target 0 lun 0 (ses0,pass1)
<Generic STORAGE DEVICE 9454>      at scbus2 target 0 lun 0 (da0,pass2)
<USB SanDisk 3.2Gen1 1.00>         at scbus3 target 0 lun 0 (da1,pass3)
user@freebsdsrv:~ %

…or show the list with:

user@freebsdsrv:~ % geom disk list [enter]
Geom name: ada0
Providers:
1. Name: ada0
   Mediasize: 1024209543168 (954G)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r3w3e6
   descr: KINGSTON SKC600MS1024G
   lunid: 50026b7784547f24
   ident: 50026B7784547F24
   rotationrate: 0
   fwsectors: 63
   fwheads: 16

Geom name: da0
Providers:
1. Name: da0
   Mediasize: 15682240512 (15G)
   Sectorsize: 512
   Mode: r0w0e0
   descr: USB SanDisk 3.2Gen1
   lunname: USB     SanDisk 3.2Gen10401d35adeca736bcb13
   lunid: USB     SanDisk 3.2Gen10401d35adeca736bcb13
   ident: 0401d35adeca736bcb13031ed3ec52718ba62977e6bc9346b77babe3dc0b8413cbd00000000000000000000073fbf77f0096801881558107632a548f
   rotationrate: unknown
   fwsectors: 63
   fwheads: 255

user@freebsdsrv:~ %

In this example, SanDisk 3.2Gen1 registered as device da0 is the target USB Memory Stick.

Optional: Display information about device da0 with, for example:

user@freebsdsrv:~ % sudo diskinfo -v da0 [enter]
da1
	512         	# sectorsize
	15682240512 	# mediasize in bytes (15G)
	30629376    	# mediasize in sectors
	0           	# stripesize
	0           	# stripeoffset
	1906        	# Cylinders according to firmware.
	255         	# Heads according to firmware.
	63          	# Sectors according to firmware.
	USB SanDisk 3.2Gen1	# Disk descr.
	0401d35adeca736bcb13031ed3ec52718ba62977e6bc9346b77babe3dc0b8413cbd00000000000000000000073fbf77f0096801881558107632a548f	# Disk ident.
	umass-sim1  	# Attachment
	No          	# TRIM/UNMAP support
	Unknown     	# Rotation rate in RPM
	Not_Zoned   	# Zone Mode

user@freebsdsrv:~ %

Optional: Show the current partition information of the USB Memory Stick using this command:

user@freebsdsrv:~ % gpart show da0 [enter]
=>      63  30629313  da1  MBR  (15G)
        63      1985       - free -  (993K)
      2048  30625792    1  ntfs  (15G)
  30627840      1536       - free -  (768K)

user@freebsdsrv:~ %

N.B.: Your USB Memory Stick may have a different layout than this example!

WARNING: The next step will delete all information on the USB Memory Stick!

Destroy the partitioning scheme on the USB Memory Stick with the following:

user@freebsdsrv:~ % sudo gpart destroy -F da0 [enter]
da1 destroyed
user@freebsdsrv:~ %

Copy the FreeBSD image file to the USB Memory Stick

The image file FreeBSD-14.2-RELEASE-amd64-memstick.img is copied to the USB Memory Stick with the dd utility with this command:

user@freebsdsrv:~ % sudo sh -c 'dd if=FreeBSD-14.2-RELEASE-amd64-memstick.img of=/dev/da0 bs=4M conv=sync status=progress' [enter]
  1560281088 bytes (1560 MB, 1488 MiB) transferred 85.038s, 18 MB/s
372+0 records in
372+0 records out
1560281088 bytes transferred in 85.306856 secs (18290219 bytes/sec)
user@freebsdsrv:~ $

Delete downloaded files

user@freebsdsrv:~ % rm FreeBSD-14.2-*; rm CHECKSUM.SHA512-FreeBSD-14.2-* [enter]
user@freebsdsrv:~ %
Update USB Stick For Headless Server Installation

Update USB Stick For Headless Server Installation

List /dev setup on the USB stick da0 with:

user@freebsdsrv:~ $ ls /dev/da* [enter]
/dev/da0     /dev/da0s1   /dev/da0s2   /dev/da0s2a
user@freebsdsrv:~ $

In this example, /dev/da0s2a contains the FreeBSD-14.2-RELEASE-amd64 OS installation.

Mount /dev/da0s2a with read and write permissions on /mnt with:

user@freebsdsrv:~ $ sudo mount -o rw /dev/da0s2a /mnt [enter]
user@freebsdsrv:~ $

List directory contents of /mnt with:

user@freebsdsrv:~ $ ls -l /mnt [enter]
total 72
-r--r--r--   1 root wheel 6109 Nov 29 13:53 COPYRIGHT
drwxr-xr-x   2 root wheel 1024 Nov 29 13:51 bin
drwxr-xr-x  14 root wheel 1536 Nov 29 13:53 boot
dr-xr-xr-x   2 root wheel  512 Nov 29 13:50 dev
drwxr-xr-x  30 root wheel 2048 Nov 29 14:02 etc
drwxr-xr-x   4 root wheel 2048 Nov 29 13:51 lib
drwxr-xr-x   3 root wheel  512 Nov 29 13:50 libexec
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 media
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 mnt
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 net
dr-xr-xr-x   2 root wheel  512 Nov 29 13:50 proc
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 rescue
drwxr-x---   2 root wheel  512 Nov 29 13:53 root
drwxr-xr-x   2 root wheel 3072 Nov 29 13:51 sbin
drwxrwxrwt   2 root wheel  512 Nov 29 13:50 tmp
drwxr-xr-x  13 root wheel  512 Nov 29 13:53 usr
drwxr-xr-x  24 root wheel  512 Nov 29 13:50 var
user@freebsdsrv:~ $

Delete file /mnt/etc/rc.local with:

user@freebsdsrv:~ $ sudo rm /mnt/etc/rc.local [enter]
user@freebsdsrv:~ $

Update /etc/fstab

Update file fstab status from read-only to read-write with:

user@freebsdsrv:~ $ sudo sh -c 'sed -e "s/ro/rw/" -i "" /mnt/etc/fstab' ; cat /mnt/etc/fstab [enter]
/dev/ufs/FreeBSD_Install / ufs rw,noatime 1 1
user@freebsdsrv:~ $

Update /etc/rc.conf

Find a currently-unused IP address in your local network.
In this example, IP address 192.168.1.250 and netmask 255.255.255.0 will be hard-coded in file rc.conf.

user@freebsdsrv:~ $ sudo sh -c 'echo ifconfig_DEFAULT=\"inet 192.168.1.250 netmask 255.255.255.0\" >> /mnt/etc/rc.conf'; sudo sh -c 'echo defaultrouter=\"192.168.1.1\" >> /mnt/etc/rc.conf' ; sudo sh -c 'echo sshd_enable=\"YES\" >> /mnt/etc/rc.conf'; sudo sh -c 'echo keymap=\"se.kbd\" >> /mnt/etc/rc.conf'; cat /mnt/etc/rc.conf [enter]
sendmail_enable="NONE"
hostid_enable="NO"
ifconfig_DEFAULT="inet 192.168.1.250 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
sshd_enable="YES"
keymap="se.kbd"
user@freebsdsrv:~ $

Update /boot/loader.conf

Add autoboot_delay=”0″ to file /mnt/boot/loader.conf and verify entries to file /mnt/boot/loader.conf with:

user@freebsdsrv:~ $ sudo sh -c 'echo -e "autoboot_delay=\"0\"" >> /mnt/boot/loader.conf' ; cat /mnt/boot/loader.conf  [enter]
vfs.mountroot.timeout="10"
kernels_autodetect="NO"
loader_menu_multi_user_prompt="Installer"
autoboot_delay="0"
user@freebsdsrv:~ $

Update /etc/ssh/sshd_config

user@freebsdsrv:~ $ sudo sed -e "s/#PermitRootLogin no/PermitRootLogin yes/" -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#PasswordAuthentication no/PasswordAuthentication yes/' -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/' -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#UsePAM yes/UsePAM no/' -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#UseDNS yes/UseDNS no/' -i "" /mnt/etc/ssh/sshd_config ; cat /mnt/etc/ssh/sshd_config [enter]
#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
# Note that passwords may also be accepted via KbdInteractiveAuthentication.
PasswordAuthentication yes
PermitEmptyPasswords yes

# Change to no to disable PAM authentication
#KbdInteractiveAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
#VersionAddendum FreeBSD-20221019

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo umount /mnt [enter]
user@freebsdsrv:~ $

Insert the modified USB into the target machine, boot it, and wait for a minute or so. You should be able to SSH into it as root.

user@iMac ~ % ssh root@192.168.1.250 [enter]   
The authenticity of host '192.168.1.250 (192.168.1.250)' can't be established.
ED25519 key fingerprint is SHA256:fJc/6q4xKsatzWj5voqi/Pst6R3oPLZN0Tgrrnm2ujY.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes [enter]
Warning: Permanently added '192.168.1.250' (ED25519) to the list of known hosts.
FreeBSD 14.2-RELEASE (GENERIC) releng/14.2-n269506-c8918d6c7412

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List:        https://www.FreeBSD.org/lists/questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

To change this login announcement, see motd(5).
root@:~ #

bsdinstall

Run bsdinstall to install FreeBSD on the target machine.

root@:~ # bsdinstall [enter]

bsdconfig

If you’ve already installed FreeBSD, you may use bsdconfig to customise the server to suit your particular configuration. Most importantly, you can use the Package utility to load extra ‘3rd party’ software not provided in the base distributions.

root@:~ # bsdconfig [enter]
Webmin & Usermin

Webmin & Usermin

Webmin

Description

Webmin is a web-based system administration tool for Unix-like servers and services, and it has about 1,000,000 installations worldwide yearly. Using it, it is possible to configure operating system internals, such as users, disk quotas, services, or configuration files, as well as modify and control open-source apps, such as BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more.

Required packages

Since Webmin will be installed outside the package manager, ensure the following recommended Perl modules and packages are present:
Perl modules:
– DateTime, DateTime::Locale, DateTime::TimeZone, Data::Dumper
– Digest::MD5, Digest::SHA, Encode::Detect, File::Basename
– File::Path, Net::SSLeay, Time::HiRes, Time::Local, Time::Piece
– lib, open
Packages:
– openssl – Cryptography library with TLS implementation
– shared-mime-info – Shared MIME information database
– tar gzip unzip – File compression and packaging utilities

Install required packages with:

user@freebsdsrv:~ $ sudo pkg install -y perl5 p5-DateTime-Locale p5-DateTime-TimeZone p5-Data-Dumper p5-Digest-MD5 p5-Digest-SHA p5-Encode-Detect p5-File-Path p5-JSON-XS p5-Time-HiRes p5-Time-Local p5-Time-Piece p5-Authen-PAM p5-Net-LDAP-Express p5-Net-SSLeay p5-IO-Tty gzip unzip shared-mime-info [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 77 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	glib: 2.80.5_1,2
	gzip: 1.13_1
	libffi: 3.4.6
	libiconv: 1.17_1
	libxml2: 2.11.9
	mpdecimal: 4.0.0
	p5-Algorithm-C3: 0.11
	p5-Authen-PAM: 0.16_2
	p5-Authen-SASL: 2.17_1
	p5-B-Hooks-EndOfScope: 0.28
	p5-Class-C3: 0.35
	p5-Class-Data-Inheritable: 0.10
	p5-Class-Inspector: 1.36
	p5-Class-Method-Modifiers: 2.15
	p5-Class-Singleton: 1.6
	p5-Clone: 0.47
	p5-Convert-ASN1: 0.34
	p5-Data-Dumper: 2.183
	p5-Data-OptList: 0.114
	p5-DateTime-Locale: 1.44
	p5-DateTime-TimeZone: 2.63,1
	p5-Devel-StackTrace: 2.05
	p5-Digest-HMAC: 1.05
	p5-Digest-MD5: 2.59
	p5-Digest-SHA: 6.04
	p5-Dist-CheckConflicts: 0.11_1
	p5-Encode-Detect: 1.01_1
	p5-Eval-Closure: 0.14
	p5-Exception-Class: 1.45
	p5-File-Path: 2.18
	p5-File-ShareDir: 1.118
	p5-IO-Socket-IP: 0.43
	p5-IO-Socket-SSL: 2.089
	p5-IO-Tty: 1.20_1
	p5-JSON-XS: 4.03
	p5-MRO-Compat: 0.15
	p5-Module-Implementation: 0.09_1
	p5-Module-Runtime: 0.016
	p5-Mozilla-CA: 20240924
	p5-Net-LDAP-Express: 0.12_1
	p5-Net-SSLeay: 1.94
	p5-Package-Stash: 0.40
	p5-Package-Stash-XS: 0.30
	p5-Params-Util: 1.102
	p5-Params-ValidationCompiler: 0.31
	p5-Role-Tiny: 2.002004
	p5-Specio: 0.49
	p5-Sub-Exporter: 0.991
	p5-Sub-Exporter-Progressive: 0.001013
	p5-Sub-Identify: 0.14
	p5-Sub-Install: 0.929
	p5-Sub-Quote: 2.006008_1
	p5-Text-Soundex: 3.05
	p5-Time-HiRes: 1.9764,1
	p5-Time-Local: 1.35
	p5-Time-Piece: 1.3300
	p5-Try-Tiny: 0.32
	p5-Types-Serialiser: 1.01
	p5-URI: 5.31
	p5-Variable-Magic: 0.64
	p5-XML-Filter-BufferText: 1.01_1
	p5-XML-NamespaceSupport: 1.12
	p5-XML-SAX: 1.02
	p5-XML-SAX-Base: 1.09
	p5-XML-SAX-Writer: 0.57
	p5-XString: 0.005
	p5-common-sense: 3.75
	p5-namespace-autoclean: 0.31
	p5-namespace-clean: 0.27
	p5-perl-ldap: 0.6800
	pcre2: 10.43
	perl5: 5.36.3_2
	py311-packaging: 24.2
	python311: 3.11.11
	readline: 8.2.13_2
	shared-mime-info: 2.4_1
	unzip: 6.0_8

Number of packages to be installed: 77

The process will require 347 MiB more space.
57 MiB to be downloaded.
[1/77] Fetching p5-Try-Tiny-0.32.pkg: 100%   18 KiB  18.2kB/s    00:01    
[2/77] Fetching p5-XML-SAX-1.02.pkg: 100%   46 KiB  47.4kB/s    00:01    
[3/77] Fetching p5-Digest-MD5-2.59.pkg: 100%   20 KiB  20.5kB/s    00:01    
[4/77] Fetching p5-Net-SSLeay-1.94.pkg: 100%  281 KiB 288.2kB/s    00:01    
[5/77] Fetching p5-Sub-Quote-2.006008_1.pkg: 100%   25 KiB  25.2kB/s    00:01    
[6/77] Fetching gzip-1.13_1.pkg: 100%  177 KiB 181.4kB/s    00:01    
[7/77] Fetching p5-IO-Socket-SSL-2.089.pkg: 100%  194 KiB 198.7kB/s    00:01    
[8/77] Fetching p5-B-Hooks-EndOfScope-0.28.pkg: 100%   19 KiB  19.7kB/s    00:01    
[9/77] Fetching p5-Algorithm-C3-0.11.pkg: 100%   11 KiB  11.1kB/s    00:01    
[10/77] Fetching mpdecimal-4.0.0.pkg: 100%  156 KiB 159.3kB/s    00:01    
[11/77] Fetching p5-Module-Runtime-0.016.pkg: 100%   16 KiB  16.6kB/s    00:01    
[12/77] Fetching p5-perl-ldap-0.6800.pkg: 100%  305 KiB 311.9kB/s    00:01    
[13/77] Fetching p5-Package-Stash-XS-0.30.pkg: 100%   16 KiB  16.9kB/s    00:01    
[14/77] Fetching p5-Net-LDAP-Express-0.12_1.pkg: 100%   14 KiB  14.1kB/s    00:01    
[15/77] Fetching p5-IO-Socket-IP-0.43.pkg: 100%   29 KiB  29.3kB/s    00:01    
[16/77] Fetching p5-URI-5.31.pkg: 100%  101 KiB 103.0kB/s    00:01    
[17/77] Fetching p5-Digest-SHA-6.04.pkg: 100%   38 KiB  38.8kB/s    00:01    
[18/77] Fetching p5-Module-Implementation-0.09_1.pkg: 100%   10 KiB  10.2kB/s    00:01    
[19/77] Fetching p5-Params-Util-1.102.pkg: 100%   19 KiB  19.2kB/s    00:01    
[20/77] Fetching p5-Package-Stash-0.40.pkg: 100%   21 KiB  21.6kB/s    00:01    
[21/77] Fetching unzip-6.0_8.pkg: 100%  140 KiB 143.2kB/s    00:01    
[22/77] Fetching p5-Class-Method-Modifiers-2.15.pkg: 100%   19 KiB  19.1kB/s    00:01    
[23/77] Fetching p5-Data-OptList-0.114.pkg: 100%   14 KiB  14.4kB/s    00:01    
[24/77] Fetching p5-Class-Inspector-1.36.pkg: 100%   19 KiB  19.9kB/s    00:01    
[25/77] Fetching p5-XML-NamespaceSupport-1.12.pkg: 100%   17 KiB  17.0kB/s    00:01    
[26/77] Fetching pcre2-10.43.pkg: 100%    1 MiB   1.5MB/s    00:01    
[27/77] Fetching p5-Clone-0.47.pkg: 100%   11 KiB  11.3kB/s    00:01    
[28/77] Fetching p5-File-Path-2.18.pkg: 100%   25 KiB  26.0kB/s    00:01    
[29/77] Fetching libiconv-1.17_1.pkg: 100%  734 KiB 751.9kB/s    00:01    
[30/77] Fetching p5-XString-0.005.pkg: 100%   13 KiB  12.9kB/s    00:01    
[31/77] Fetching p5-Params-ValidationCompiler-0.31.pkg: 100%   21 KiB  21.8kB/s    00:01    
[32/77] Fetching p5-Time-Local-1.35.pkg: 100%   19 KiB  19.4kB/s    00:01    
[33/77] Fetching p5-Time-Piece-1.3300.pkg: 100%   31 KiB  31.8kB/s    00:01    
[34/77] Fetching p5-Types-Serialiser-1.01.pkg: 100%   12 KiB  12.7kB/s    00:01    
[35/77] Fetching p5-Class-Singleton-1.6.pkg: 100%   12 KiB  12.3kB/s    00:01    
[36/77] Fetching p5-Encode-Detect-1.01_1.pkg: 100%   81 KiB  82.9kB/s    00:01    
[37/77] Fetching p5-Authen-SASL-2.17_1.pkg: 100%   41 KiB  42.4kB/s    00:01    
[38/77] Fetching p5-Dist-CheckConflicts-0.11_1.pkg: 100%   10 KiB  10.4kB/s    00:01    
[39/77] Fetching libxml2-2.11.9.pkg: 100%  872 KiB 893.4kB/s    00:01    
[40/77] Fetching p5-DateTime-Locale-1.44.pkg: 100%    3 MiB   3.4MB/s    00:01    
[41/77] Fetching p5-Sub-Install-0.929.pkg: 100%   14 KiB  14.7kB/s    00:01    
[42/77] Fetching p5-XML-Filter-BufferText-1.01_1.pkg: 100%    7 KiB   7.0kB/s    00:01    
[43/77] Fetching p5-namespace-autoclean-0.31.pkg: 100%   11 KiB  10.9kB/s    00:01    
[44/77] Fetching p5-Time-HiRes-1.9764,1.pkg: 100%   29 KiB  30.0kB/s    00:01    
[45/77] Fetching py311-packaging-24.2.pkg: 100%  127 KiB 129.9kB/s    00:01    
[46/77] Fetching p5-Variable-Magic-0.64.pkg: 100%   33 KiB  33.4kB/s    00:01    
[47/77] Fetching p5-Class-Data-Inheritable-0.10.pkg: 100%    8 KiB   8.1kB/s    00:01    
[48/77] Fetching p5-Data-Dumper-2.183.pkg: 100%   41 KiB  42.4kB/s    00:01    
[49/77] Fetching p5-Sub-Exporter-0.991.pkg: 100%   53 KiB  53.9kB/s    00:01    
[50/77] Fetching glib-2.80.5_1,2.pkg: 100%    4 MiB   4.3MB/s    00:01    
[51/77] Fetching p5-Convert-ASN1-0.34.pkg: 100%   35 KiB  35.7kB/s    00:01    
[52/77] Fetching p5-Authen-PAM-0.16_2.pkg: 100%   24 KiB  24.6kB/s    00:01    
[53/77] Fetching p5-Role-Tiny-2.002004.pkg: 100%   20 KiB  20.5kB/s    00:01    
[54/77] Fetching p5-Exception-Class-1.45.pkg: 100%   28 KiB  28.6kB/s    00:01    
[55/77] Fetching perl5-5.36.3_2.pkg: 100%   15 MiB  16.1MB/s    00:01    
[56/77] Fetching p5-namespace-clean-0.27.pkg: 100%   13 KiB  13.7kB/s    00:01    
[57/77] Fetching p5-Sub-Identify-0.14.pkg: 100%   10 KiB  10.5kB/s    00:01    
[58/77] Fetching p5-JSON-XS-4.03.pkg: 100%   81 KiB  83.3kB/s    00:01    
[59/77] Fetching p5-Mozilla-CA-20240924.pkg: 100%  129 KiB 132.3kB/s    00:01    
[60/77] Fetching p5-Sub-Exporter-Progressive-0.001013.pkg: 100%   12 KiB  11.8kB/s    00:01    
[61/77] Fetching p5-Specio-0.49.pkg: 100%  129 KiB 132.1kB/s    00:01    
[62/77] Fetching libffi-3.4.6.pkg: 100%   45 KiB  46.0kB/s    00:01    
[63/77] Fetching readline-8.2.13_2.pkg: 100%  397 KiB 406.3kB/s    00:01    
[64/77] Fetching p5-Digest-HMAC-1.05.pkg: 100%   15 KiB  15.5kB/s    00:01    
[65/77] Fetching p5-MRO-Compat-0.15.pkg: 100%   11 KiB  11.0kB/s    00:01    
[66/77] Fetching p5-common-sense-3.75.pkg: 100%    8 KiB   8.6kB/s    00:01    
[67/77] Fetching shared-mime-info-2.4_1.pkg: 100%  631 KiB 645.7kB/s    00:01    
[68/77] Fetching p5-XML-SAX-Writer-0.57.pkg: 100%   22 KiB  22.9kB/s    00:01    
[69/77] Fetching p5-Devel-StackTrace-2.05.pkg: 100%   18 KiB  18.9kB/s    00:01    
[70/77] Fetching p5-File-ShareDir-1.118.pkg: 100%   18 KiB  18.8kB/s    00:01    
[71/77] Fetching p5-Class-C3-0.35.pkg: 100%   19 KiB  19.2kB/s    00:01    
[72/77] Fetching p5-DateTime-TimeZone-2.63,1.pkg: 100%  260 KiB 266.2kB/s    00:01    
[73/77] Fetching p5-Text-Soundex-3.05.pkg: 100%   17 KiB  17.8kB/s    00:01    
[74/77] Fetching python311-3.11.11.pkg: 100%   27 MiB  28.0MB/s    00:01    
[75/77] Fetching p5-XML-SAX-Base-1.09.pkg: 100%   25 KiB  25.2kB/s    00:01    
[76/77] Fetching p5-Eval-Closure-0.14.pkg: 100%   11 KiB  11.0kB/s    00:01    
[77/77] Fetching p5-IO-Tty-1.20_1.pkg: 100%   30 KiB  30.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/77] Installing perl5-5.36.3_2...
[1/77] Extracting perl5-5.36.3_2: 100%
[2/77] Installing p5-Params-Util-1.102...
[2/77] Extracting p5-Params-Util-1.102: 100%
[3/77] Installing p5-Sub-Install-0.929...
[3/77] Extracting p5-Sub-Install-0.929: 100%
[4/77] Installing p5-Data-OptList-0.114...
[4/77] Extracting p5-Data-OptList-0.114: 100%
[5/77] Installing p5-Try-Tiny-0.32...
[5/77] Extracting p5-Try-Tiny-0.32: 100%
[6/77] Installing p5-Module-Runtime-0.016...
[6/77] Extracting p5-Module-Runtime-0.016: 100%
[7/77] Installing p5-XML-NamespaceSupport-1.12...
[7/77] Extracting p5-XML-NamespaceSupport-1.12: 100%
[8/77] Installing p5-Sub-Exporter-0.991...
[8/77] Extracting p5-Sub-Exporter-0.991: 100%
[9/77] Installing p5-XML-SAX-Base-1.09...
[9/77] Extracting p5-XML-SAX-Base-1.09: 100%
[10/77] Installing p5-XML-SAX-1.02...
[10/77] Extracting p5-XML-SAX-1.02: 100%
could not find ParserDetails.ini in /usr/local/lib/perl5/site_perl/XML/SAX
[11/77] Installing p5-Algorithm-C3-0.11...
[11/77] Extracting p5-Algorithm-C3-0.11: 100%
[12/77] Installing mpdecimal-4.0.0...
[12/77] Extracting mpdecimal-4.0.0: 100%
[13/77] Installing p5-Package-Stash-XS-0.30...
[13/77] Extracting p5-Package-Stash-XS-0.30: 100%
[14/77] Installing p5-Module-Implementation-0.09_1...
[14/77] Extracting p5-Module-Implementation-0.09_1: 100%
[15/77] Installing p5-Dist-CheckConflicts-0.11_1...
[15/77] Extracting p5-Dist-CheckConflicts-0.11_1: 100%
[16/77] Installing p5-Variable-Magic-0.64...
[16/77] Extracting p5-Variable-Magic-0.64: 100%
[17/77] Installing p5-Sub-Exporter-Progressive-0.001013...
[17/77] Extracting p5-Sub-Exporter-Progressive-0.001013: 100%
[18/77] Installing libffi-3.4.6...
[18/77] Extracting libffi-3.4.6: 100%
[19/77] Installing readline-8.2.13_2...
[19/77] Extracting readline-8.2.13_2: 100%
[20/77] Installing p5-Net-SSLeay-1.94...
[20/77] Extracting p5-Net-SSLeay-1.94: 100%
[21/77] Installing p5-B-Hooks-EndOfScope-0.28...
[21/77] Extracting p5-B-Hooks-EndOfScope-0.28: 100%
[22/77] Installing p5-IO-Socket-IP-0.43...
[22/77] Extracting p5-IO-Socket-IP-0.43: 100%
[23/77] Installing p5-Package-Stash-0.40...
[23/77] Extracting p5-Package-Stash-0.40: 100%
[24/77] Installing p5-Class-Method-Modifiers-2.15...
[24/77] Extracting p5-Class-Method-Modifiers-2.15: 100%
[25/77] Installing p5-XString-0.005...
[25/77] Extracting p5-XString-0.005: 100%
[26/77] Installing p5-XML-Filter-BufferText-1.01_1...
[26/77] Extracting p5-XML-Filter-BufferText-1.01_1: 100%
[27/77] Installing p5-Class-Data-Inheritable-0.10...
[27/77] Extracting p5-Class-Data-Inheritable-0.10: 100%
[28/77] Installing p5-Mozilla-CA-20240924...
[28/77] Extracting p5-Mozilla-CA-20240924: 100%
[29/77] Installing p5-Digest-HMAC-1.05...
[29/77] Extracting p5-Digest-HMAC-1.05: 100%
[30/77] Installing p5-Devel-StackTrace-2.05...
[30/77] Extracting p5-Devel-StackTrace-2.05: 100%
[31/77] Installing p5-Class-C3-0.35...
[31/77] Extracting p5-Class-C3-0.35: 100%
[32/77] Installing python311-3.11.11...
[32/77] Extracting python311-3.11.11: 100%
[33/77] Installing p5-Sub-Quote-2.006008_1...
[33/77] Extracting p5-Sub-Quote-2.006008_1: 100%
[34/77] Installing p5-IO-Socket-SSL-2.089...
[34/77] Extracting p5-IO-Socket-SSL-2.089: 100%
[35/77] Installing p5-URI-5.31...
[35/77] Extracting p5-URI-5.31: 100%
[36/77] Installing p5-Class-Inspector-1.36...
[36/77] Extracting p5-Class-Inspector-1.36: 100%
[37/77] Installing pcre2-10.43...
[37/77] Extracting pcre2-10.43: 100%
[38/77] Installing p5-Clone-0.47...
[38/77] Extracting p5-Clone-0.47: 100%
[39/77] Installing libiconv-1.17_1...
[39/77] Extracting libiconv-1.17_1: 100%
[40/77] Installing p5-Authen-SASL-2.17_1...
[40/77] Extracting p5-Authen-SASL-2.17_1: 100%
[41/77] Installing py311-packaging-24.2...
[41/77] Extracting py311-packaging-24.2: 100%
[42/77] Installing p5-Convert-ASN1-0.34...
[42/77] Extracting p5-Convert-ASN1-0.34: 100%
[43/77] Installing p5-Role-Tiny-2.002004...
[43/77] Extracting p5-Role-Tiny-2.002004: 100%
[44/77] Installing p5-Exception-Class-1.45...
[44/77] Extracting p5-Exception-Class-1.45: 100%
[45/77] Installing p5-namespace-clean-0.27...
[45/77] Extracting p5-namespace-clean-0.27: 100%
[46/77] Installing p5-Sub-Identify-0.14...
[46/77] Extracting p5-Sub-Identify-0.14: 100%
[47/77] Installing p5-MRO-Compat-0.15...
[47/77] Extracting p5-MRO-Compat-0.15: 100%
[48/77] Installing p5-common-sense-3.75...
[48/77] Extracting p5-common-sense-3.75: 100%
[49/77] Installing p5-XML-SAX-Writer-0.57...
[49/77] Extracting p5-XML-SAX-Writer-0.57: 100%
[50/77] Installing p5-Text-Soundex-3.05...
[50/77] Extracting p5-Text-Soundex-3.05: 100%
[51/77] Installing p5-Eval-Closure-0.14...
[51/77] Extracting p5-Eval-Closure-0.14: 100%
[52/77] Installing p5-perl-ldap-0.6800...
[52/77] Extracting p5-perl-ldap-0.6800: 100%
[53/77] Installing p5-Params-ValidationCompiler-0.31...
[53/77] Extracting p5-Params-ValidationCompiler-0.31: 100%
[54/77] Installing p5-Types-Serialiser-1.01...
[54/77] Extracting p5-Types-Serialiser-1.01: 100%
[55/77] Installing p5-Class-Singleton-1.6...
[55/77] Extracting p5-Class-Singleton-1.6: 100%
[56/77] Installing libxml2-2.11.9...
[56/77] Extracting libxml2-2.11.9: 100%
[57/77] Installing p5-namespace-autoclean-0.31...
[57/77] Extracting p5-namespace-autoclean-0.31: 100%
[58/77] Installing glib-2.80.5_1,2...
[58/77] Extracting glib-2.80.5_1,2: 100%
[59/77] Installing p5-Specio-0.49...
[59/77] Extracting p5-Specio-0.49: 100%
[60/77] Installing p5-File-ShareDir-1.118...
[60/77] Extracting p5-File-ShareDir-1.118: 100%
[61/77] Installing p5-Digest-MD5-2.59...
[61/77] Extracting p5-Digest-MD5-2.59: 100%
[62/77] Installing gzip-1.13_1...
[62/77] Extracting gzip-1.13_1: 100%
[63/77] Installing p5-Net-LDAP-Express-0.12_1...
[63/77] Extracting p5-Net-LDAP-Express-0.12_1: 100%
[64/77] Installing p5-Digest-SHA-6.04...
[64/77] Extracting p5-Digest-SHA-6.04: 100%
[65/77] Installing unzip-6.0_8...
[65/77] Extracting unzip-6.0_8: 100%
[66/77] Installing p5-File-Path-2.18...
[66/77] Extracting p5-File-Path-2.18: 100%
[67/77] Installing p5-Time-Local-1.35...
[67/77] Extracting p5-Time-Local-1.35: 100%
[68/77] Installing p5-Time-Piece-1.3300...
[68/77] Extracting p5-Time-Piece-1.3300: 100%
[69/77] Installing p5-Encode-Detect-1.01_1...
[69/77] Extracting p5-Encode-Detect-1.01_1: 100%
[70/77] Installing p5-DateTime-Locale-1.44...
[70/77] Extracting p5-DateTime-Locale-1.44: 100%
[71/77] Installing p5-Time-HiRes-1.9764,1...
[71/77] Extracting p5-Time-HiRes-1.9764,1: 100%
[72/77] Installing p5-Data-Dumper-2.183...
[72/77] Extracting p5-Data-Dumper-2.183: 100%
[73/77] Installing p5-Authen-PAM-0.16_2...
[73/77] Extracting p5-Authen-PAM-0.16_2: 100%
[74/77] Installing p5-JSON-XS-4.03...
[74/77] Extracting p5-JSON-XS-4.03: 100%
[75/77] Installing shared-mime-info-2.4_1...
[75/77] Extracting shared-mime-info-2.4_1: 100%
[76/77] Installing p5-DateTime-TimeZone-2.63,1...
[76/77] Extracting p5-DateTime-TimeZone-2.63,1: 100%
[77/77] Installing p5-IO-Tty-1.20_1...
[77/77] Extracting p5-IO-Tty-1.20_1: 100%
==> Running trigger: gio-modules.ucl
Generating GIO modules cache
==> Running trigger: glib-schemas.ucl
Compiling glib schemas
No schema files found: doing nothing.
==> Running trigger: shared-mime-info.ucl
Building the Shared MIME-Info database cache
=====
Message from python311-3.11.11:

--
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py311-gdbm       databases/py-gdbm@py311
py311-sqlite3    databases/py-sqlite3@py311
py311-tkinter    x11-toolkits/py-tkinter@py311
user@freebsdsrv:~ $

Download Webmin Code

Download the current version of the Webmin code with:

user@freebsdsrv:~ $ fetch https://github.com/webmin/webmin/releases/download/2.202/webmin-2.202.tar.gz [enter]
webmin-2.202.tar.gz                                   44 MB   27 MBps    02s
user@freebsdsrv:~ $

Extract the Webmin code

user@freebsdsrv:~ $ tar zxvf webmin-2.202.tar.gz [enter]
x webmin-2.202/
x webmin-2.202/acl/
x webmin-2.202/acl/module.info.fi
...
x webmin-2.202/change-user/module.info.pt_BR.auto
x webmin-2.202/password_change.cgi
x webmin-2.202/config-irix
user@freebsdsrv:~ $

Webmin setup

Create directory /usr/local/etc/rc.d with:

user@freebsdsrv:~ $ sudo mkdir /usr/local/etc/rc.d [enter]
user@freebsdsrv:~ $

Change directory to the Webmin installation directory with:

user@freebsdsrv:~ $ cd webmin-2.202 [enter]
user@freebsdsrv:~/webmin-2.202 $

Run the Webmin installtion script with:

user@freebsdsrv:~/webmin-2.202 $ sudo ./setup.sh /usr/local/webmin [enter]
****************************************************************************
           Welcome to the Webmin setup script, version 2.202
****************************************************************************
Webmin is a web-based interface that allows Unix-like operating
systems and common Unix services to be easily administered.

Installing Webmin from /home/user/webmin-2.202 to /usr/local/webmin

****************************************************************************
Webmin uses separate directories for configuration files and log files.
Unless you want to run multiple versions of Webmin at the same time
you can just accept the defaults.

Config file directory [/etc/webmin]: [enter]
Log file directory [/var/webmin]: [enter]

****************************************************************************
Webmin is written entirely in Perl. Please enter the full path to the
Perl 5 interpreter on your system.

Full path to perl (default /usr/local/bin/perl): [enter]

Testing Perl ..
.. done

****************************************************************************
Operating system name:    FreeBSD
Operating system version: 14.2

****************************************************************************
Webmin uses its own password protected web server to provide access
to the administration programs. The setup script needs to know :
 - What port to run the web server on. There must not be another
   web server already using this port.
 - The login name required to access the web server.
 - The password required to access the web server.
 - If the web server should use SSL (if your system supports it).
 - Whether to start webmin at boot time.

Web server port (default 10000): [enter]
Login name (default admin): [enter]
Login password: AdminPassWd [enter]
Password again: AdminPassWd [enter]
Use SSL (y/n): y [enter]
Start Webmin at boot time (y/n): y [enter]

****************************************************************************
Copying files to /usr/local/webmin ..
.. done

Creating web server config files ..
.. done

Creating access control file ..
.. done

Inserting path to perl into scripts ..
.. done

Creating start and stop scripts ..
.. done

Copying config files ..
.. done

Configuring Webmin to start at boot time ..
.. done

Creating uninstall script /usr/local/etc/webmin/uninstall.sh ..
.. done

Changing ownership and permissions ..
.. done

Running postinstall scripts ..
.. done

Enabling background status collection ..
.. done

Attempting to start Webmin web server ..
.. done

****************************************************************************
Webmin has been installed and started successfully.

Since Webmin was installed outside the package manager, ensure the
following recommended Perl modules and packages are present:
 Perl modules:
  - DateTime, DateTime::Locale, DateTime::TimeZone, Data::Dumper
  - Digest::MD5, Digest::SHA, Encode::Detect, File::Basename
  - File::Path, Net::SSLeay, Time::HiRes, Time::Local, Time::Piece
  - lib, open
 Packages:
  - openssl - Cryptography library with TLS implementation
  - shared-mime-info - Shared MIME information database
  - tar gzip unzip - File compression and packaging utilities

Use your web browser to go to the following URL and login
with the name and password you entered previously:

  https://freebsdsrv:10000

Because Webmin uses SSL for encryption only, the certificate
it uses is not signed by one of the recognized CAs such as
Verisign. When you first connect to the Webmin server, your
browser will ask you if you want to accept the certificate
presented, as it does not recognize the CA. Say yes.

user@freebsdsrv:~/webmin-2.202 $

Change directory with:

user@freebsdsrv:~/webmin-2.202 $ cd [enter]
user@freebsdsrv:~ $

Configure permissions for access to the Webmin service with:

user@freebsdsrv:~ $ sudo sh -c 'echo -e "allow=127.0.0.1 192.168.1.0/24" >> /etc/webmin/miniserv.conf' ; sudo cat /etc/webmin/miniserv.conf [enter] 
port=10000
root=/usr/local/webmin
mimetypes=/usr/local/webmin/mime.types
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/log/webmin/miniserv.log
errorlog=/var/log/webmin/miniserv.error
pidfile=/var/log/webmin/miniserv.pid
logtime=168
ssl=0
no_ssl2=1
no_ssl3=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/usr/local/etc/webmin
env_WEBMIN_VAR=/var/log/webmin
atboot=1
logout=/usr/local/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
server=MiniServ/2.202
userfile=/usr/local/etc/webmin/miniserv.users
keyfile=/usr/local/etc/webmin/miniserv.pem
passwd_file=/etc/master.passwd
passwd_uindex=0
passwd_pindex=1
passwd_mode=0
preroot=authentic-theme
passdelay=1
logout_script=/usr/local/etc/webmin/logout.pl
cipher_list_def=1
login_script=/usr/local/etc/webmin/login.pl
failed_script=/usr/local/etc/webmin/failed.pl
allow=127.0.0.1 192.168.1.0/24
user@freebsdsrv:~ $

Restart the Webmin service with:

user@freebsdsrv:~ $ sudo service webmin.sh restart [enter]
Stopping Webmin server in /usr/local/webmin
Starting Webmin server in /usr/local/webmin
user@freebsdsrv:~ $

The Webmin service should be listening on port 10000. Verify this with:

user@freebsdsrv:~ $ sudo sockstat -4 -6 | grep 10000 [enter]
root     perl        3724 5   tcp4   *:10000               *:*
root     perl        3724 6   udp4   *:10000               *:*
user@freebsdsrv:~ $

You can now access the Webmin service at https://192.168.1.50:10000/ from a client computer in the network you allowed. When the Webmin login form is displayed, log in as the admin user you set during the installation.

Delete downloaded file

user@freebsdsrv:~ $ rm -R webmin-* [enter]
user@freebsdsrv:~ $

Usermin

Usermin is a web-based interface for webmail, password changing, mail filters, fetchmail and much more. It is designed for use by regular non-root users on a Unix system, and limits them to tasks that they would be able to perform if logged in via SSH or at the console.

Most users of Usermin are sysadmins looking for a simple webmail interface to offer their customers. Unlike most other webmail solutions, it can be used to change passwords, read email with no additional servers installed (like IMAP or POP3), and setup users’ configurations for forwarding, spam filtering and autoreponders.

Download Usermin Code

Download the current version of the Userbmin code with:

user@freebsdsrv:~ $ fetch https://github.com/webmin/usermin/releases/download/2.102/usermin-2.102.tar.gz [enter]
usermin-2.102.tar.gz                                    17 MB   36 MBps    00s
user@freebsdsrv:~ $

Extract the Usermin code

user@freebsdsrv:~ $ tar zxvf usermin-2.102.tar.gz [enter]
x usermin-2.102/
x usermin-2.102/update-from-repo.sh
x usermin-2.102/forward/
...
x usermin-2.102/ui-lib.pl
x usermin-2.102/password_change.cgi
x usermin-2.102/config-irix
user@freebsdsrv:~ $

Usermin setup

Change the directory to the Webmin installation directory with:

user@freebsdsrv:~ $ cd usermin-2.102 [enter]
user@freebsdsrv:~/usermin-2.102 $

Run the Userbmin installation script with:

user@freebsdsrv:~/usermin-2.102 $ sudo ./setup.sh /usr/local/usermin [enter]
****************************************************************************
          Welcome to the Usermin setup script, version 2.102
****************************************************************************
Usermin is a web-based interface that allows Unix-like operating
systems and common Unix services to be easily administered.

Installing Usermin from /root/usermin-2.102 to /usr/local/usermin

****************************************************************************
Usermin uses separate directories for configuration files and log files.
Unless you want to run multiple versions of Usermin at the same time
you can just accept the defaults.

Config file directory [/etc/usermin]: [enter]
Log file directory [/var/usermin]: [enter]

****************************************************************************
Usermin is written entirely in Perl. Please enter the full path to the
Perl 5 interpreter on your system.

Full path to perl (default /usr/local/bin/perl): [enter]

Testing Perl ..
.. done

****************************************************************************
Operating system name:    FreeBSD
Operating system version: 14.2

****************************************************************************
Usermin uses its own password protected web server to provide access
to the administration programs. The setup script needs to know :
 - What port to run the web server on. There must not be another
   web server already using this port.
 - If the web server should use SSL (if your system supports it).

Web server port (default 20000): [enter]

Use SSL (y/n): y [enter]
****************************************************************************
Copying files to /usr/local/usermin ..
.. done

Creating web server config files ..
.. done

Creating access control file ..
.. done

Inserting path to perl into scripts ..
.. done

Creating start and stop init scripts ..
.. done

Creating start and stop init symlinks to scripts ..
.. done

Copying config files ..
.. done

Creating uninstall script /usr/local/etc/usermin/uninstall.sh ..
.. done

Changing ownership and permissions ..
.. done

Attempting to start Usermin web server ..
.. done

****************************************************************************
Usermin has been installed and started successfully.

Since Usermin was installed outside the package manager, ensure the
following recommended Perl modules and packages are present:
 Perl modules:
  - DateTime, DateTime::Locale, DateTime::TimeZone, Data::Dumper
  - Digest::MD5, Digest::SHA, Encode::Detect, File::Basename
  - File::Path, Net::SSLeay, Time::HiRes, Time::Local, Time::Piece
  - lib, open
 Packages:
  - openssl - Cryptography library with TLS implementation
  - shared-mime-info - Shared MIME information database
  - tar gzip unzip - File compression and packaging utilities

Use your web browser to go to the following URL and login
with the name and password you entered previously:

  http://freebsdsrv:20000

user@freebsdsrv:~/usermin-2.102 $

Change directory with:

user@freebsdsrv:~/usermin-2.102 $ cd [enter]
user@freebsdsrv:~ $

Enable Usermin to start on system boot with:

user@freebsdsrv:~ $ sudo sysrc usermin_enable="YES" [enter]
usermin_enable: -> YES
user@freebsdsrv:~ $

Configure permissions for access to the Usermin service with:

user@freebsdsrv:~ $ sudo sh -c 'echo -e "allow=127.0.0.1 192.168.1.0/24" >> /etc/usermin/miniserv.conf' ; sudo cat /etc/usermin/miniserv.conf [enter]
port=20000
root=/usr/local/usermin
mimetypes=/usr/local/usermin/mime.types
addtype_cgi=internal/cgi
realm=Usermin Server
logfile=/var/usermin/miniserv.log
errorlog=/var/usermin/miniserv.error
pidfile=/var/usermin/miniserv.pid
logtime=168
ppath=
ssl=1
no_ssl2=1
no_ssl3=1
env_WEBMIN_CONFIG=/etc/usermin
env_WEBMIN_VAR=/var/usermin
atboot=
logout=/etc/usermin/logout-flag
listen=20000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
session=1
unixauth=user
pam=usermin
premodules=WebminCore
server=MiniServ/2.102
userfile=/etc/usermin/miniserv.users
keyfile=/etc/usermin/miniserv.pem
passwd_file=/etc/master.passwd
passwd_uindex=0
passwd_pindex=1
passwd_mode=2
sidname=usid
preroot=authentic-theme
passdelay=1
allow=127.0.0.1 192.168.1.0/24
user@freebsdsrv:~ $

The Usermin service should be listening on port 20000. Verify this with:

user@freebsdsrv:~ $ sudo sockstat -4 -6 | grep 20000 [enter]
root     perl        4619 4   tcp4   *:20000               *:*
root     perl        4619 5   udp4   *:20000               *:*
user@freebsdsrv:~ $

You can now access the Usermin service at https://192.168.1.50:20000/ from a client computer in the network you allowed. When the Usermin login form is displayed, log in as a local FreeBSD Server user.

Delete downloaded file

user@freebsdsrv:~ $ rm -R usermin-* [enter]
user@freebsdsrv:~ $
Upgrade currently installed PHP packages to version 7.1

Upgrade currently installed PHP packages to version 7.1

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!


Add all currently installed PHP packages to file ‘installed-php-ports-list’ and then display the list with:

[root@server /usr/home/user]# pkg info \*php\* > ~/installed-php-ports-list; cat ~/installed-php-ports-list [enter]
php70-7.0.21
php70-bz2-7.0.21
php70-ctype-7.0.21
php70-curl-7.0.21
php70-dom-7.0.21
php70-extensions-1.1
php70-filter-7.0.21
php70-ftp-7.0.21
php70-gd-7.0.21
php70-hash-7.0.21
php70-iconv-7.0.21
php70-json-7.0.21
php70-mbstring-7.0.21_1
php70-mcrypt-7.0.21
php70-mysqli-7.0.21
php70-opcache-7.0.21
php70-openssl-7.0.21
php70-pdo-7.0.21
php70-pdo_sqlite-7.0.21
php70-phar-7.0.21
php70-posix-7.0.21
php70-session-7.0.21
php70-simplexml-7.0.21
php70-sqlite3-7.0.21
php70-tokenizer-7.0.21
php70-xml-7.0.21
php70-xmlreader-7.0.21
php70-xmlwriter-7.0.21
php70-zip-7.0.21
php70-zlib-7.0.21
mod_php70-7.0.21
[root@server /usr/home/user]#

N.B.: The next command will delete all PHP packages listed in file installed-php-ports-list WITHOUT any confirmation from you!

Delete all currently installed packages listed in file installed-php-ports-list with:

[root@server /usr/home/user]# cat ~/installed-php-ports-list | xargs pkg delete -fy [enter]
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 31 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
        php70-7.0.21
        php70-bz2-7.0.21
        php70-ctype-7.0.21
        php70-curl-7.0.21
        php70-dom-7.0.21
        php70-extensions-1.1
        php70-filter-7.0.21
        php70-ftp-7.0.21
        php70-gd-7.0.21
        php70-hash-7.0.21
        php70-iconv-7.0.21
        php70-json-7.0.21
        php70-mbstring-7.0.21_1
        php70-mcrypt-7.0.21
        php70-mysqli-7.0.21
        php70-opcache-7.0.21
        php70-openssl-7.0.21
        php70-pdo-7.0.21
        php70-pdo_sqlite-7.0.21
        php70-phar-7.0.21
        php70-posix-7.0.21
        php70-session-7.0.21
        php70-simplexml-7.0.21
        php70-sqlite3-7.0.21
        php70-tokenizer-7.0.21
        php70-xml-7.0.21
        php70-xmlreader-7.0.21
        php70-xmlwriter-7.0.21
        php70-zip-7.0.21
        php70-zlib-7.0.21
        mod_php70-7.0.21

Number of packages to be removed: 31

The operation will free 28 MiB.
[1/31] Deinstalling php70-extensions-1.1...
[2/31] Deinstalling php70-pdo_sqlite-7.0.21...
[2/31] Deleting files for php70-pdo_sqlite-7.0.21: 100%
[3/31] Deinstalling php70-phar-7.0.21...
[3/31] Deleting files for php70-phar-7.0.21: 100%
[4/31] Deinstalling php70-xmlreader-7.0.21...
[4/31] Deleting files for php70-xmlreader-7.0.21: 100%
[5/31] Deinstalling php70-bz2-7.0.21...
[5/31] Deleting files for php70-bz2-7.0.21: 100%
[6/31] Deinstalling php70-ctype-7.0.21...
[6/31] Deleting files for php70-ctype-7.0.21: 100%
[7/31] Deinstalling php70-curl-7.0.21...
[7/31] Deleting files for php70-curl-7.0.21: 100%
[8/31] Deinstalling php70-dom-7.0.21...
[8/31] Deleting files for php70-dom-7.0.21: 100%
[9/31] Deinstalling php70-filter-7.0.21...
[9/31] Deleting files for php70-filter-7.0.21: 100%
[10/31] Deinstalling php70-ftp-7.0.21...
[10/31] Deleting files for php70-ftp-7.0.21: 100%
[11/31] Deinstalling php70-gd-7.0.21...
[11/31] Deleting files for php70-gd-7.0.21: 100%
[12/31] Deinstalling php70-hash-7.0.21...
[12/31] Deleting files for php70-hash-7.0.21: 100%
[13/31] Deinstalling php70-iconv-7.0.21...
[13/31] Deleting files for php70-iconv-7.0.21: 100%
[14/31] Deinstalling php70-json-7.0.21...
[14/31] Deleting files for php70-json-7.0.21: 100%
[15/31] Deinstalling php70-mbstring-7.0.21_1...
[15/31] Deleting files for php70-mbstring-7.0.21_1: 100%
[16/31] Deinstalling php70-mcrypt-7.0.21...
[16/31] Deleting files for php70-mcrypt-7.0.21: 100%
[17/31] Deinstalling php70-mysqli-7.0.21...
[17/31] Deleting files for php70-mysqli-7.0.21: 100%
[18/31] Deinstalling php70-opcache-7.0.21...
[18/31] Deleting files for php70-opcache-7.0.21: 100%
[19/31] Deinstalling php70-openssl-7.0.21...
[19/31] Deleting files for php70-openssl-7.0.21: 100%
[20/31] Deinstalling php70-pdo-7.0.21...
[20/31] Deleting files for php70-pdo-7.0.21: 100%
[21/31] Deinstalling php70-posix-7.0.21...
[21/31] Deleting files for php70-posix-7.0.21: 100%
[22/31] Deinstalling php70-session-7.0.21...
[22/31] Deleting files for php70-session-7.0.21: 100%
[23/31] Deinstalling php70-simplexml-7.0.21...
[23/31] Deleting files for php70-simplexml-7.0.21: 100%
[24/31] Deinstalling php70-sqlite3-7.0.21...
[24/31] Deleting files for php70-sqlite3-7.0.21: 100%
[25/31] Deinstalling php70-tokenizer-7.0.21...
[25/31] Deleting files for php70-tokenizer-7.0.21: 100%
[26/31] Deinstalling php70-xml-7.0.21...
[26/31] Deleting files for php70-xml-7.0.21: 100%
[27/31] Deinstalling php70-xmlwriter-7.0.21...
[27/31] Deleting files for php70-xmlwriter-7.0.21: 100%
[28/31] Deinstalling php70-zip-7.0.21...
[28/31] Deleting files for php70-zip-7.0.21: 100%
[29/31] Deinstalling php70-zlib-7.0.21...
[29/31] Deleting files for php70-zlib-7.0.21: 100%
[30/31] Deinstalling php70-7.0.21...
[30/31] Deleting files for php70-7.0.21: 100%
[31/31] Deinstalling mod_php70-7.0.21...
[preparing module `php7' in /usr/local/etc/apache24/httpd.conf]
[31/31] Deleting files for mod_php70-7.0.21: 100%
Install all packages deleted with the new version as in this example with:
[root@server /usr/home/user]#
[root@server /usr/home/user]# pkg install php71 php71-bz2 php71-ctype php71-curl php71-dom php71-extensions php71-filter php71-ftp php71-gd php71-hash php71-iconv php71-json php71-mbstring php71-mcrypt php71-mysqli php71-opcache php71-openssl php71-pdo php71-pdo_sqlite php71-phar php71-posix php71-session php71-simplexml php71-sqlite3 php71-tokenizer php71-xml php71-xmlreader php71-xmlwriter php71-zip php71-zlib mod_php71 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 31 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        php71: 7.1.7
        php71-bz2: 7.1.7
        php71-ctype: 7.1.7
        php71-curl: 7.1.7
        php71-dom: 7.1.7
        php71-extensions: 1.0
        php71-filter: 7.1.7
        php71-ftp: 7.1.7
        php71-gd: 7.1.7
        php71-hash: 7.1.7
        php71-iconv: 7.1.7
        php71-json: 7.1.7
        php71-mbstring: 7.1.7_1
        php71-mcrypt: 7.1.7
        php71-mysqli: 7.1.7
        php71-opcache: 7.1.7
        php71-openssl: 7.1.7
        php71-pdo: 7.1.7
        php71-pdo_sqlite: 7.1.7
        php71-phar: 7.1.7
        php71-posix: 7.1.7
        php71-session: 7.1.7
        php71-simplexml: 7.1.7
        php71-sqlite3: 7.1.7
        php71-tokenizer: 7.1.7
        php71-xml: 7.1.7
        php71-xmlreader: 7.1.7
        php71-xmlwriter: 7.1.7
        php71-zip: 7.1.7
        php71-zlib: 7.1.7
        mod_php71: 7.1.7

Number of packages to be installed: 31

The process will require 29 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/31] Fetching php71-7.1.7.txz: 100%    2 MiB   1.1MB/s    00:02
[2/31] Fetching php71-bz2-7.1.7.txz: 100%   11 KiB  10.9kB/s    00:01
[3/31] Fetching php71-ctype-7.1.7.txz: 100%    6 KiB   6.6kB/s    00:01
[4/31] Fetching php71-curl-7.1.7.txz: 100%   27 KiB  27.9kB/s    00:01
[5/31] Fetching php71-dom-7.1.7.txz: 100%   54 KiB  55.3kB/s    00:01
[6/31] Fetching php71-extensions-1.0.txz: 100%    1 KiB   1.1kB/s    00:01
[7/31] Fetching php71-filter-7.1.7.txz: 100%   18 KiB  18.9kB/s    00:01
[8/31] Fetching php71-ftp-7.1.7.txz: 100%   22 KiB  22.5kB/s    00:01
[9/31] Fetching php71-gd-7.1.7.txz: 100%  130 KiB 133.5kB/s    00:01
[10/31] Fetching php71-hash-7.1.7.txz: 100%  119 KiB 121.6kB/s    00:01
[11/31] Fetching php71-iconv-7.1.7.txz: 100%   18 KiB  18.0kB/s    00:01
[12/31] Fetching php71-json-7.1.7.txz: 100%   20 KiB  20.4kB/s    00:01
[13/31] Fetching php71-mbstring-7.1.7_1.txz:  66%  472 KiB 483.3kB/s    00:00 ET[13/31] Fetching php71-mbstring-7.1.7_1.txz: 100%  714 KiB 730.7kB/s    00:01   
[14/31] Fetching php71-mcrypt-7.1.7.txz: 100%   15 KiB  14.9kB/s    00:01
[15/31] Fetching php71-mysqli-7.1.7.txz: 100%   39 KiB  40.1kB/s    00:01
[16/31] Fetching php71-opcache-7.1.7.txz: 100%  143 KiB 146.8kB/s    00:01
[17/31] Fetching php71-openssl-7.1.7.txz: 100%   53 KiB  53.9kB/s    00:01
[18/31] Fetching php71-pdo-7.1.7.txz: 100%   43 KiB  44.1kB/s    00:01
[19/31] Fetching php71-pdo_sqlite-7.1.7.txz: 100%   12 KiB  12.1kB/s    00:01   
[20/31] Fetching php71-phar-7.1.7.txz: 100%  102 KiB 104.9kB/s    00:01
[21/31] Fetching php71-posix-7.1.7.txz: 100%   11 KiB  11.4kB/s    00:01
[22/31] Fetching php71-session-7.1.7.txz: 100%   31 KiB  32.1kB/s    00:01
[23/31] Fetching php71-simplexml-7.1.7.txz: 100%   23 KiB  23.3kB/s    00:01
[24/31] Fetching php71-sqlite3-7.1.7.txz: 100%   17 KiB  17.8kB/s    00:01
[25/31] Fetching php71-tokenizer-7.1.7.txz: 100%    9 KiB   8.8kB/s    00:01
[26/31] Fetching php71-xml-7.1.7.txz: 100%   20 KiB  20.1kB/s    00:01
[27/31] Fetching php71-xmlreader-7.1.7.txz: 100%   13 KiB  12.9kB/s    00:01
[28/31] Fetching php71-xmlwriter-7.1.7.txz: 100%   13 KiB  13.1kB/s    00:01
[29/31] Fetching php71-zip-7.1.7.txz: 100%   20 KiB  20.4kB/s    00:01
[30/31] Fetching php71-zlib-7.1.7.txz: 100%   17 KiB  17.6kB/s    00:01
[31/31] Fetching mod_php71-7.1.7.txz: 100%    1 MiB   1.2MB/s    00:01
Checking integrity... done (0 conflicting)
[1/31] Installing php71-7.1.7...
[1/31] Extracting php71-7.1.7: 100%
[2/31] Installing php71-dom-7.1.7...
[2/31] Extracting php71-dom-7.1.7: 100%
[3/31] Installing php71-hash-7.1.7...
[3/31] Extracting php71-hash-7.1.7: 100%
[4/31] Installing php71-pdo-7.1.7...
[4/31] Extracting php71-pdo-7.1.7: 100%
[5/31] Installing php71-ctype-7.1.7...
[5/31] Extracting php71-ctype-7.1.7: 100%
[6/31] Installing php71-filter-7.1.7...
[6/31] Extracting php71-filter-7.1.7: 100%
[7/31] Installing php71-iconv-7.1.7...
[7/31] Extracting php71-iconv-7.1.7: 100%
[8/31] Installing php71-json-7.1.7...
[8/31] Extracting php71-json-7.1.7: 100%
[9/31] Installing php71-opcache-7.1.7...
[9/31] Extracting php71-opcache-7.1.7: 100%
[10/31] Installing php71-pdo_sqlite-7.1.7...
[10/31] Extracting php71-pdo_sqlite-7.1.7: 100%
[11/31] Installing php71-phar-7.1.7...
[11/31] Extracting php71-phar-7.1.7: 100%
[12/31] Installing php71-posix-7.1.7...
[12/31] Extracting php71-posix-7.1.7: 100%
[13/31] Installing php71-session-7.1.7...
[13/31] Extracting php71-session-7.1.7: 100%
[14/31] Installing php71-simplexml-7.1.7...
[14/31] Extracting php71-simplexml-7.1.7: 100%
[15/31] Installing php71-sqlite3-7.1.7...
[15/31] Extracting php71-sqlite3-7.1.7: 100%
[16/31] Installing php71-tokenizer-7.1.7...
[16/31] Extracting php71-tokenizer-7.1.7: 100%
[17/31] Installing php71-xml-7.1.7...
[17/31] Extracting php71-xml-7.1.7: 100%
[18/31] Installing php71-xmlreader-7.1.7...
[18/31] Extracting php71-xmlreader-7.1.7: 100%
[19/31] Installing php71-xmlwriter-7.1.7...
[19/31] Extracting php71-xmlwriter-7.1.7: 100%
[20/31] Installing php71-bz2-7.1.7...
[20/31] Extracting php71-bz2-7.1.7: 100%
[21/31] Installing php71-curl-7.1.7...
[21/31] Extracting php71-curl-7.1.7: 100%
[22/31] Installing php71-extensions-1.0...
[23/31] Installing php71-ftp-7.1.7...
[23/31] Extracting php71-ftp-7.1.7: 100%
[24/31] Installing php71-gd-7.1.7...
[24/31] Extracting php71-gd-7.1.7: 100%
[25/31] Installing php71-mbstring-7.1.7_1...
[25/31] Extracting php71-mbstring-7.1.7_1: 100%
[26/31] Installing php71-mcrypt-7.1.7...
[26/31] Extracting php71-mcrypt-7.1.7: 100%
[27/31] Installing php71-mysqli-7.1.7...
[27/31] Extracting php71-mysqli-7.1.7: 100%
[28/31] Installing php71-openssl-7.1.7...
[28/31] Extracting php71-openssl-7.1.7: 100%
[29/31] Installing php71-zip-7.1.7...
[29/31] Extracting php71-zip-7.1.7: 100%
[30/31] Installing php71-zlib-7.1.7...
[30/31] Extracting php71-zlib-7.1.7: 100%
[31/31] Installing mod_php71-7.1.7...
Extracting mod_php71-7.1.7: 100%
[activating module `php7' in /usr/local/etc/apache24/httpd.conf]
Message from php71-dom-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-dom.ini
configuration file to automatically load the installed extension:

extension=dom.so

****************************************************************************
Message from php71-hash-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-hash.ini
configuration file to automatically load the installed extension:

extension=hash.so

****************************************************************************
Message from php71-pdo-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-pdo.ini
configuration file to automatically load the installed extension:

extension=pdo.so

****************************************************************************
Message from php71-ctype-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ctype.ini
configuration file to automatically load the installed extension:

extension=ctype.so

****************************************************************************
Message from php71-filter-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-filter.ini
configuration file to automatically load the installed extension:

extension=filter.so

****************************************************************************
Message from php71-iconv-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-iconv.ini
configuration file to automatically load the installed extension:

extension=iconv.so

****************************************************************************
Message from php71-json-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-json.ini
configuration file to automatically load the installed extension:

extension=json.so

****************************************************************************
Message from php71-opcache-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-10-opcache.ini
configuration file to automatically load the installed extension:

zend_extension=opcache.so

****************************************************************************
Message from php71-pdo_sqlite-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-30-pdo_sqlite.ini
configuration file to automatically load the installed extension:

extension=pdo_sqlite.so

****************************************************************************
Message from php71-phar-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-30-phar.ini
configuration file to automatically load the installed extension:

extension=phar.so

****************************************************************************
Message from php71-posix-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-posix.ini
configuration file to automatically load the installed extension:

extension=posix.so

****************************************************************************
Message from php71-session-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-18-session.ini
configuration file to automatically load the installed extension:

extension=session.so

****************************************************************************
Message from php71-simplexml-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-simplexml.ini
configuration file to automatically load the installed extension:

extension=simplexml.so

****************************************************************************
Message from php71-sqlite3-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-sqlite3.ini
configuration file to automatically load the installed extension:

extension=sqlite3.so

****************************************************************************
Message from php71-tokenizer-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-tokenizer.ini
configuration file to automatically load the installed extension:

extension=tokenizer.so

****************************************************************************
Message from php71-xml-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-xml.ini
configuration file to automatically load the installed extension:

extension=xml.so

****************************************************************************
Message from php71-xmlreader-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-30-xmlreader.ini
configuration file to automatically load the installed extension:

extension=xmlreader.so

****************************************************************************
Message from php71-xmlwriter-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-xmlwriter.ini
configuration file to automatically load the installed extension:

extension=xmlwriter.so

****************************************************************************
Message from php71-bz2-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-bz2.ini
configuration file to automatically load the installed extension:

extension=bz2.so

****************************************************************************
Message from php71-curl-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-curl.ini
configuration file to automatically load the installed extension:

extension=curl.so

****************************************************************************
Message from php71-ftp-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-ftp.ini
configuration file to automatically load the installed extension:

extension=ftp.so

****************************************************************************
Message from php71-gd-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-gd.ini
configuration file to automatically load the installed extension:

extension=gd.so

****************************************************************************
Message from php71-mbstring-7.1.7_1:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mbstring.ini
configuration file to automatically load the installed extension:

extension=mbstring.so

****************************************************************************
Message from php71-mcrypt-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mcrypt.ini
configuration file to automatically load the installed extension:

extension=mcrypt.so

****************************************************************************
Message from php71-mysqli-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-mysqli.ini
configuration file to automatically load the installed extension:

extension=mysqli.so

****************************************************************************
Message from php71-openssl-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-openssl.ini
configuration file to automatically load the installed extension:

extension=openssl.so

****************************************************************************
Message from php71-zip-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-zip.ini
configuration file to automatically load the installed extension:

extension=zip.so

****************************************************************************
Message from php71-zlib-7.1.7:
****************************************************************************

The following line has been added to your /usr/local/etc/php/ext-20-zlib.ini
configuration file to automatically load the installed extension:

extension=zlib.so

****************************************************************************
Message from mod_php71-7.1.7:
***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php

<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source


***************************************************************
[root@server /usr/home/user]#

Restart the Apache Web service with:

[root@server /usr/home/user]# service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 2375.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
[root@server /usr/home/user]#

…and verify that the new PHP version is used by accessing the Web server from your browser with:

http://server.example.net/info.php

Finally, delete file installed-php-ports-list with:

[root@server /usr/home/user]# rm ~/installed-php-ports-list [enter]
[root@server /usr/home/user]#
Disk Imaging and Partitioning Utilities

Disk Imaging and Partitioning Utilities

Description

So what do you do when you do not have an optical drive for a computer or server and you would like to install Linux?

You have two options, use a USB device (CD-ROM, Hard Drive, or Thumb drive) or PXE booting and doing a full network install. This article will discuss the latter.

Requirements

The following application(s) must be installed, configured and running before tftp-hpa is installed:

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

The server used in this example is configured to contain one partition called /tftpboot used for PXE related files.

Add the Disk Imaging and Partitioning Utility option to the PXE Boot Main Menu with:

[root@server /usr/home/user]# ee /tftpboot/pxelinux.cfg/default [enter]

…the add the following text, example:

...
MENU COLOR HOTKEY 0 #ff00ff00 #ee000000 std
MENU COLOR HOTSEL 0 #ffffffff #85000000 std

LABEL f1
MENU LABEL ^1)  Disk Imaging and Partitioning Utilities
KERNEL vesamenu.c32
APPEND top.cfg f01.cfg bottom.cfg

LABEL blank
MENU LABEL
...

The PXE Boot Sub-Menu for Disk Imaging and Partitioning Utilities is defined in file /tftpboot/f01.cfg.

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and then add the following text, example:

MENU TITLE  Disk Imaging and Partitioning Utilities

Change file modes

Change file modes for file /tftpboot/f01.cfg with:

[root@server ~]# chmod -R 755 /tftpboot/f01.cfg [enter]
[root@server /usr/home/user]#

Create a folder for Disk Imaging and Partitioning Utilities files with:

[root@server /usr/home/user]# mkdir /tftpboot/f01 [enter]
[root@server /usr/home/user]#

NFSv4 Server Setup

Service start on boot

List installed NFS services with:

[root@server /usr/home/user]# service -r | grep /nfs [enter]
/etc/rc.d/nfsclient
/etc/rc.d/nfsuserd
/etc/rc.d/nfsd
/etc/rc.d/nfscbd
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfsclient with:

[root@server /usr/home/user]# /etc/rc.d/nfsclient rcvar [enter]
# nfsclient : NFS client setup
#
nfs_client_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfsuserd with:

[root@server /usr/home/user]# /etc/rc.d/nfsuserd rcvar [enter]
# nfsuserd : Load user and group information into the kernel for NFSv4 services and support manage-gids for all NFS versions
#
nfsuserd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfsd with:

[root@server /usr/home/user]# /etc/rc.d/nfsd rcvar [enter]
# nfsd : Remote NFS server
#
nfs_server_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfscbd with:

[root@server /usr/home/user]# /etc/rc.d/nfscbd rcvar [enter]
# nfscbd : NFSv4 client side callback daemon
#
nfscbd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

N.B.: Since an NFSv4 mount uses the host uuid to identify the client uniquely to the server, you cannot safely do an NFSv4 mount when
it is set to hostid_enable=”NO”!

Add the following to /etc/rc.conf, assuming they’re not already there:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# NFS Server' >> /etc/rc.conf; echo 'rpcbind_enable="YES"' >> /etc/rc.conf; echo 'mountd_enable="YES"' >> /etc/rc.conf; echo 'nfs_server_enable="YES"' >> /etc/rc.conf; echo 'nfsv4_server_enable="YES"' >> /etc/rc.conf; echo 'nfsuserd_enable="YES"' >> /etc/rc.conf [enter]

Export Settings

Now we need to create an NFS export settings file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and the add the following text:

V4: /
/tmp \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

This example assumes your network is 192.168.1.0/24; if it’s something else, you’ll need to make appropriate changes.

Now start all of the above services:

[root@server /usr/home/user]# service rpcbind start [enter]
Starting rpcbind.
[root@server /usr/home/user]#
[root@server /usr/home/user]# service mountd start [enter]
Starting mountd.
[root@server /usr/home/user]#
[root@server /usr/home/user]# service nfsd start [enter]
Starting nfsd.
[root@server /usr/home/user]#

Verify that the NFS mount is being exported with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tmp                               192.168.1.0
[root@server /usr/home/user]#

After you have performed an update of file /etc/exports, re-read the exports settings with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

If your NFS exported directories will not be accessed locally (and Samba counts as local access), then you can enable NFSv4 delegations to improve performance. On a FreeBSD NFS server, they may be enabled globally for all exports by adding the following line to /etc/sysctl.conf with:

[root@server /usr/home/user]# echo 'vfs.nfsd.issue_delegations=1' >> /etc/sysctl.conf [enter]
[root@server /usr/home/user]#

packet filter (pf)

Access to the tftpd service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add port information to enable access to the NFS service from clients on the local network as in this example:

...
# Ports:
...
#  111 TCP UDP   Open Network Computing Remote Procedure Call (ONC RPC, sometimes referred to as Sun RPC)
...
# 2049 TCP UDP	Network File System (NFS)
...
tcp_pass="{ ... 111, ... 2049, ... }"
udp_pass="{ ... 111, ... 2049, ... }"
...

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload  [enter]
Reloading pf rules.
[root@server /usr/home/user]#

GParted Live

GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.

GParted Live is a small bootable GNU/Linux distribution for x86 based computers.

It enables you to use all the features of the latest versions of the GParted application.

WWW: http://gparted.sourceforge.net/livecd.php/.

Files: https://sourceforge.net/projects/gparted/files/.

Requirements

GParted is a free partition manager that enables you to resize, copy, and move partitions without data loss.

amd64

The 64-bit version of GParted runs on x86-64 based computers, with the ability to access more than 4 gigabytes of memory, and supports the use of multiple processor cores.

For newer (>2010) computers with UEFI instead of legacy BIOS try this one.

Download gparted-live-0.28.1-1-amd64.zip, 271 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/gparted/files/gparted-live-stable/0.28.1-1/gparted-live-0.28.1-1-amd64.zip [enter]

Create direcory /tftpboot/f01/gparted with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]#

Extract zip file gparted-live-0.28.1-1-amd64.zip into directory /tftpboot/f01/gparted/i686/ with:

[root@server /usr/home/user]# unzip gparted-live-0.28.1-1-amd64.zip live/* -d /tftpboot/f01/gparted/amd64 [enter]
Archive:  gparted-live-0.28.1-1-amd64.zip
 extracting: /tftpboot/f01/gparted/amd64/live/memtest  
 extracting: /tftpboot/f01/gparted/amd64/live/GParted-Live-Version  
 extracting: /tftpboot/f01/gparted/amd64/live/initrd.img  
 extracting: /tftpboot/f01/gparted/amd64/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/gparted/amd64/live/filesystem.packages  
 extracting: /tftpboot/f01/gparted/amd64/live/vmlinuz  
 extracting: /tftpboot/f01/gparted/amd64/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded zip files with:

[root@server /usr/home/user]# rm gparted-live-0.28.1-1-amd64.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/gparted/amd64/live [enter]
[root@server /usr/home/user]#

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

…and add the following lines:

LABEL f1
MENU LABEL ^1)  GParted Live v. 0.28.1-1-amd64
MENU PASSWD
TEXT HELP
GParted is used for creating, reorganizing and deleting disk partitions.
The amd64 version runs on x86-64 based computers, with ability to access
more than 4 gigabytes of memory and supports use of multiple processor cores.
For newer (>2010) computers with UEFI instead of legacy BIOS 
ENDTEXT
KERNEL f01/gparted/amd64/live/vmlinuz
APPEND initrd=f01/gparted/amd64/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/gparted/amd64/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
/tftpboot/f01/gparted/amd64 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tftpboot/f01/gparted/amd64        192.168.1.0
[root@server /usr/home/user]#

i686 PAE (Physical Address Extension)

The 32-bit version of Gparted runs on x86 (i686 and higher) and x86-64 based computers, with Physical Address Extension to access more than 4 gigabytes of memory, and supports the use of multiple processor cores.

Download 0.28.1-1-i686-pae, 273 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/gparted/files/gparted-live-stable/0.28.1-1/gparted-live-0.28.1-1-i686-pae.zip [enter]

Extract zip file ~/gparted-live-0.28.1-1-i686-pae.zip into directory /tftpboot/f01/gparted/i686-pae/ with:

[root@server /usr/home/user]# unzip gparted-live-0.28.1-1-i686-pae.zip live/* -d /tftpboot/f01/gparted/i686-pae [enter]
Archive:  gparted-live-0.28.1-1-i686-pae.zip
 extracting: /tftpboot/f01/gparted/i686-pae/live/memtest  
 extracting: /tftpboot/f01/gparted/i686-pae/live/GParted-Live-Version  
 extracting: /tftpboot/f01/gparted/i686-pae/live/initrd.img  
 extracting: /tftpboot/f01/gparted/i686-pae/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/gparted/i686-pae/live/filesystem.packages  
 extracting: /tftpboot/f01/gparted/i686-pae/live/vmlinuz  
 extracting: /tftpboot/f01/gparted/i686-pae/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded zip files with:

[root@server /usr/home/user]# rm gparted-live-0.28.1-1-i686-pae.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/gparted/i686-pae/live [enter]
[root@server /usr/home/user]#

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

…and add the following lines:

LABEL f2
MENU LABEL ^2)  GParted Live v. 0.28.1-1-i686-pae (Physical Address Extension)
MENU PASSWD
TEXT HELP
GParted is used for creating, reorganizing and deleting disk partitions.
The i686-pae version runs on x86 (i686 and higher) and x86-64 based computers, with
Physical Address Extension to access more than 4 gigabytes of memory, and supports
use of multiple processor cores.
ENDTEXT
KERNEL f01/gparted/i686-pae/live/vmlinuz
APPEND initrd=f01/gparted/i686-pae/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=788 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/gparted/i686-pae/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
/tftpboot/f01/gparted/amd64 \
/tftpboot/f01/gparted/i686-pae \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tftpboot/f01/gparted/i686-pae     192.168.1.0
/tftpboot/f01/gparted/amd64        192.168.1.0
[root@server /usr/home/user]#

i686

32-bit version of GParted runs on x86 and x86-64 based computers, limited to physical address space of 4 gigabytes, and uses one processor only.

If in doubt, try this one first!

Download gparted-live-0.28.1-1-i686.zip, 272 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/gparted/files/gparted-live-stable/0.28.1-1/gparted-live-0.28.1-1-i686.zip [enter]

Extract zip file ~/gparted-live-0.28.1-1-i686.zip into directory /tftpboot/f01/gparted/i686/ with:

[root@server /usr/home/user]# unzip gparted-live-0.28.1-1-i686.zip live/* -d /tftpboot/f01/gparted/i686 [enter]
Archive:  gparted-live-0.28.1-1-i686.zip
 extracting: /tftpboot/f01/gparted/i686/live/memtest  
 extracting: /tftpboot/f01/gparted/i686/live/GParted-Live-Version  
 extracting: /tftpboot/f01/gparted/i686/live/initrd.img  
 extracting: /tftpboot/f01/gparted/i686/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/gparted/i686/live/filesystem.packages  
 extracting: /tftpboot/f01/gparted/i686/live/vmlinuz  
 extracting: /tftpboot/f01/gparted/i686/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded zip files with:

[root@server /usr/home/user]# rm gparted-live-0.28.1-1-i686.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/gparted/i686/live [enter]
[root@server /usr/home/user]#

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

…and add the following lines:

LABEL f3
MENU LABEL ^3)  GParted Live v. 0.28.1-1-i686
MENU PASSWD
TEXT HELP
GParted is used for creating, reorganizing and deleting disk partitions.
The i686 version runs on x86 and x86-64 based computers, limited to physical
address space of 4 gigabytes, and uses one processor only.
-- If in doubt, try this one first! --
ENDTEXT
KERNEL f01/gparted/i686/live/vmlinuz
APPEND initrd=f01/gparted/i686/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=788 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/gparted/i686/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
/tftpboot/f01/gparted/amd64 \
/tftpboot/f01/gparted/i686-pae \
/tftpboot/f01/gparted/i686 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tftpboot/f01/gparted/i686-pae     192.168.1.0 
/tftpboot/f01/gparted/i686         192.168.1.0 
/tftpboot/f01/gparted/amd64        192.168.1.0
[root@server /usr/home/user]#

Clonezilla Live

You’re probably familiar with the popular proprietary commercial package Norton Ghost®. The problem with this kind of software packages is that it takes a lot of time to massively clone systems to many computers. You’ve probably also heard of Symantec’s solution to this problem, Symantec Ghost Corporate Edition® with multicasting. Well, now there is an OpenSource clone system (OCS) solution called Clonezilla with unicasting and multicasting!

Clonezilla, based on DRBL, Partclone and udpcast, allows you to do bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the cloning efficiency. At the NCHC’s Classroom C, Clonezilla SE was used to clone 41 computers simultaneously. It took only about 10 minutes to clone a 5.6 GBytes system image to all 41 computers via multicasting!

WWW: http://clonezilla.org/.

Files: https://sourceforge.net/projects/clonezilla/files/.

amd64

Download Clonezilla Live Stable amd64, 187 MB, optimized for use on PCs with amd64 CPU computers with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/2.5.0-25/clonezilla-live-2.5.0-25-amd64.zip [enter]

Create direcory /tftpboot/f01/clonezilla/amd64 with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/clonezilla/amd64 [enter]
[root@server /usr/home/user]#

Extract zip file clonezilla-live-2.5.0-25-amd64.zip to /tftpboot/f01/clonezilla/amd64 with:

[root@srvgw ~]# unzip clonezilla-live-2.5.0-25-amd64.zip live/* -d /tftpboot/f01/clonezilla/amd64 [enter]
Archive:  /clonezilla-live-2.5.0-25-amd64.zip
 extracting: /tftpboot/f01/clonezilla/amd64/live/ipxe.efi  
 extracting: /tftpboot/f01/clonezilla/amd64/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/clonezilla/amd64/live/vmlinuz  
 extracting: /tftpboot/f01/clonezilla/amd64/live/ipxe.lkn  
 extracting: /tftpboot/f01/clonezilla/amd64/live/initrd.img  
 extracting: /tftpboot/f01/clonezilla/amd64/live/freedos.img  
 extracting: /tftpboot/f01/clonezilla/amd64/live/filesystem.packages  
 extracting: /tftpboot/f01/clonezilla/amd64/live/memtest  
 extracting: /tftpboot/f01/clonezilla/amd64/live/Clonezilla-Live-Version  
 extracting: /tftpboot/f01/clonezilla/amd64/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded .zip file with;

[root@server /usr/home/user]# rm clonezilla-live-2.5.0-25-amd64.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/clonezilla/amd64/live [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/clonezilla/amd64/live [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg

..and add the following text, example:

LABEL f4
MENU LABEL ^4)  CloneZilla v. 2.5.0-25 amd64
MENU PASSWD
TEXT HELP
Cloning of PC hard disks for backup or deploy a common setup on a number
of PCs using a Server.
The amd64 version runs on x86-64 based computers, with ability to access more
than 4 gigabytes of memory and supports use of multiple processor cores.
ENDTEXT
KERNEL f01/clonezilla/amd64/live/vmlinuz
APPEND initrd=f01/clonezilla/amd64/live/initrd.img boot=live toram union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/clonezilla/amd64/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/clonezilla/amd64 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/clonezilla/amd64     192.168.1.0
[root@server /usr/home/user]#

i686-PAE (Physical Address Extension)

Download Clonezilla Live Stable i686-pae, 188 MB, optimized for use on PCs with i686 CPU computers with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/2.5.0-25/clonezilla-live-2.5.0-25-i686-pae.zip [enter]

Create directory /tftpboot/f01/clonezilla/i686-pae with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/clonezilla/i686-pae [enter]
[root@server /usr/home/user]#

Extract zip file clonezilla-live-2.5.0-25-i686-pae.zip to /tftpboot/f01/clonezilla/i686-pae with:

[root@srvgw ~]# unzip clonezilla-live-2.5.0-25-i686-pae.zip live/* -d /tftpboot/f01/clonezilla/i686-pae [enter]
Archive:  /clonezilla-live-2.5.0-25-i686-pae.zip
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/ipxe.efi  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/filesystem.packages-remov  |
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/vmlinuz  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/ipxe.lkn  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/initrd.img  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/freedos.img  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/filesystem.packages  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/memtest  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/Clonezilla-Live-Version  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded .zip file with;

[root@server /usr/home/user]# rm clonezilla-live-2.5.0-25-i686-pae.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/clonezillai686-pae/live [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/clonezilla/i686-pae/live [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f5
MENU LABEL ^5)  CloneZilla v. 2.5.0-25 i686-pae (Physical Address Extension)
MENU PASSWD
TEXT HELP
Cloning of PC hard disks for backup or deploy a common setup on a number
of PCs using a Server.
The i686-pae version runs on x86 (i686 and higher) and x86-64 based computers, with
Physical Address Extension to access more than 4 gigabytes of memory, and supports
use of multiple processor cores.
ENDTEXT
KERNEL f01/clonezilla/i686-pae/live/vmlinuz
APPEND initrd=f01/clonezilla/i686-pae/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/clonezilla/i686-pae/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/clonezilla/amd64 \
/tftpboot/f01/clonezilla/i686-pae \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/clonezilla/i686-pae  192.168.1.0
/tftpboot/f01/clonezilla/amd64     192.168.1.0
[root@server /usr/home/user]#

i686

Download Clonezilla Live Stable i686, 188 MB, optimized for use on PCs with i686 CPU computers with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/2.5.0-25/clonezilla-live-2.5.0-25-i686.zip [enter]

Create directory /tftpboot/f01/clonezilla/i686 with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/clonezilla/i686 [enter]
[root@server /usr/home/user]#

Extract zip file clonezilla-live-2.5.0-25-i686.zip to /tftpboot/f01/clonezilla/i686 with:

[root@srvgw ~]# unzip clonezilla-live-2.5.0-25-i686.zip live/* -d /tftpboot/f01/clonezilla/i686 [enter]
Archive:  /clonezilla-live-2.5.0-25-i686.zip
 extracting: /tftpboot/f01/clonezilla/i686/live/ipxe.efi  
 extracting: /tftpboot/f01/clonezilla/i686/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/clonezilla/i686/live/vmlinuz  
 extracting: /tftpboot/f01/clonezilla/i686/live/ipxe.lkn  
 extracting: /tftpboot/f01/clonezilla/i686/live/initrd.img  
 extracting: /tftpboot/f01/clonezilla/i686/live/freedos.img  
 extracting: /tftpboot/f01/clonezilla/i686/live/filesystem.packages  
 extracting: /tftpboot/f01/clonezilla/i686/live/memtest  
 extracting: /tftpboot/f01/clonezilla/i686/live/Clonezilla-Live-Version  
 extracting: /tftpboot/f01/clonezilla/i686/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded .zip file with;

[root@server /usr/home/user]# rm clonezilla-live-2.5.0-25-i686.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/clonezilla/i686/live [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/clonezilla/i686/live [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f6
MENU LABEL ^6)  CloneZilla v. 2.5.0-25 i686
MENU PASSWD
TEXT HELP
Cloning of PC hard disks for backup or deploy a common setup on a number
of PCs using a Server.
The i686 version runs on x86 and x86-64 based computers, limited to physical
address space of 4 gigabytes, and uses one processor only.
-- If in doubt, try this one first! --
ENDTEXT
KERNEL f01/clonezilla/i686/live/vmlinuz
APPEND initrd=f01/clonezilla/i686/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/clonezilla/i686/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/clonezilla/amd64 \
/tftpboot/f01/clonezilla/i686-pae \
/tftpboot/f01/clonezilla/i686 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/clonezilla/i686-pae  192.168.1.0
/tftpboot/f01/clonezilla/i686      192.168.1.0
/tftpboot/f01/clonezilla/amd64     192.168.1.0
[root@server /usr/home/user]#

G4L

G4L is a hard disk and partition imaging and cloning tool. The created images are optionally compressed and transferred to an FTP server or cloned locally. CIFS(Windows), SSHFS and NFS support included, and udpcast and fsarchiver options.

WWW: https://sourceforge.net/projects/g4l/.

Download

Download ISO CD-ROM Image g4l-v0.52.iso, 99 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/g4l/files/g4l%20ISO%20images/g4l-v0.52.iso -P /tftpboot/f01/ [enter]

Change file mode with:

[root@server /usr/home/user]# chmod 755 /tftpboot/f01/g4l-v0.52.iso [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

The PXE Boot Sub-Menu for PXE Boot for G4L is defined in file /tftpboot/f01.cfg.

Edit this file with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f7
MENU LABEL ^7)  G4L v. 0.52
TEXT HELP
G4L is a hard disk and partition imaging and cloning tool.
The created images are optionally compressed and transferred
to an FTP server or cloned locally.
ENDTEXT
KERNEL memdisk
APPEND initrd=f01/g4l-v0.52.iso iso raw

G4U (“ghosting for unix”)

G4U is a hard disk and partition imaging and cloning tool. The created images are optionally compressed and transferred to an FTP server or cloned locally. CIFS(Windows), SSHFS and NFS support included, and udpcast and fsarchiver options.

WWW: http://fehu.org/~feyrer/g4u/.

Download

Download ISO CD-ROM Image g4u-2.5.iso, 4.9 MB, with:

[root@server /usr/home/user]# wget http://fehu.org/~feyrer/g4u/g4u-2.5.iso -P /tftpboot/f01/ [enter]
[root@server /usr/home/user]# chmod 755 /tftpboot/f01/g4u-2.5.iso [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

The PXE Boot Sub-Menu for PXE Boot for G4U is defined in file /tftpboot/f01.cfg.

Edit this file with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f8
MENU LABEL ^8)  G4U v. 2.5
TEXT HELP
G4U is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of
PC harddisks to deploy a common setup on a number of PCs using FTP. 
ENDTEXT
KERNEL memdisk
APPEND initrd=f01/g4u-2.5.iso iso raw

SystemRescueCd 32bit and 64bit kernel

SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the hard disk partitions. It comes with a lot of Linux software such as system tools (parted, partimage, fstools, …) and basic tools (editors, midnight commander, network tools). It requires no installation. It can be used on Linux servers, Linux desktops or windows boxes. The kernel supports the important file systems (ext2/ext3/ext4, reiserfs, reiser4, btrfs, xfs, jfs, vfat, ntfs, iso9660), as well as network filesystems (samba and nfs).

WWW: http://www.sysresccd.org/.

Files: https://sourceforge.net/projects/systemrescuecd/files/.

Download and Install

Download systemrescuecd-x86-4.9.3.iso, 492 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/systemrescuecd/files/sysresccd-x86/4.9.3/systemrescuecd-x86-4.9.3.iso [enter]

Create a memory disk out of the cd9660 image file systemrescuecd-x86-4.9.3.iso, using the first available md(4) device, with:

[root@server /usr/home/user]# mdconfig -a -t vnode -f systemrescuecd-x86-4.9.0.iso [enter]
md0
[root@server /usr/home/user]#

…and then mount it with:

[root@server /usr/home/user]# mount -t cd9660 /dev/md0 /mnt [enter]
[root@server /usr/home/user]#

Create a new directory for the content of the iso image, using this command:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/rescuecd [enter]
[root@server /usr/home/user]#

Copy the content of the iso file to the new directories, using this commands:

[root@server /usr/home/user]# rsync -e ssh -avz --delete /mnt/ /tftpboot/f01/rescuecd/ [enter]
sending incremental file list
./
readme.txt
...
usb_inst/xorriso

sent 504,580,569 bytes  received 6,810 bytes  32,554,024.45 bytes/sec
total size is 514,891,736  speedup is 1.02
[root@server /usr/home/user]#

Unmount the iso image, using this command:

[root@server /usr/home/user]# umount /mnt [enter]
[root@server /usr/home/user]#

List configured and enabled memory disks on your system, using this command:

[root@server /usr/home/user]# mdconfig -lv [enter]
md0	vnode	  492M	/usr/home/user/systemrescuecd-x86-4.9.3.iso
[root@server /usr/home/user]#

Delete memory disk – in this example md0– with this command:

[root@server /usr/home/user]# mdconfig -d -u 0 [enter]
[root@server /usr/home/user]#

Delete the SystemRescueCd iso image with:

[root@server /usr/home/user]# rm systemrescuecd-x86-4.9.3.iso [enter]
[root@server /usr/home/user]#

Edit file ‘/tftpboot/f01.cfg’ and add the following lines:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]
LABEL f9
MENU LABEL ^9)  SystemRescueCd 64bit kernel v. 4.9.3
MENU PASSWD
TEXT HELP
SystemRescueCd is a Linux system rescue disk available for administrating or
repairing your system and data after a crash.
ENDTEXT
KERNEL f01/rescuecd/isolinux/rescue64
APPEND setkmap=se initrd=f01/rescuecd/isolinux/initram.igz dodhcp dostartx netboot=nfs://$nfsserverIP:/tftpboot/f01/rescuecd
LABEL f0
MENU LABEL ^0)  SystemRescueCd 32bit kernel v. 4.9.3
MENU PASSWD
TEXT HELP
SystemRescueCd is a Linux system rescue disk available for administrating or
repairing your system and data after a crash.
ENDTEXT
KERNEL f01/rescuecd/isolinux/rescue32
APPEND setkmap=se initrd=f01/rescuecd/isolinux/initram.igz dodhcp dostartx netboot=nfs://$nfsserverIP:/tftpboot/f01/rescuecd
LABEL f9
MENU LABEL ^9)  Hardware Detection Tool v. 0.5.0
MENU PASSWD
TEXT HELP
Reports S.M.A.R.T. data, firmware errorlog, runs firmware tests, scans surface
reporting access times per sector and much more.
ENDTEXT
KERNEL memdisk
APPEND initrd=f01/rescuecd/bootdisk/hdt.img

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/rescuecd \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/rescuecd             192.168.1.0
[root@server /usr/home/user]#
PXE Boot Menu with Sub-menus

PXE Boot Menu with Sub-menus

Description

A simple GUI menu system with sub-menus is used for selecting between different tasks.

WWW: http://syslinux.zytor.com/wiki/index.php/Menu.

Files: https://www.kernel.org/pub/linux/utils/boot/syslinux/.

Syslinux 5 Changelog:http://www.syslinux.org/wiki/index.php/Syslinux_6_Changelog#Changes_in_6.03/Menu.

Requirements

The following application(s) must be installed, configured and running before tftp-hpa is installed:

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Download

Download file syslinux-6.03.tar.xz, about 6.5M, with;;

[root@server /usr/home/user]# wget https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.tar.xz --no-check-certificate [enter]
--2017-03-02 17:46:01--  https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.tar.xz
Resolving www.kernel.org (www.kernel.org)... 199.204.44.194, 149.20.4.69, 198.145.20.140, ...
Connecting to www.kernel.org (www.kernel.org)|199.204.44.194|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6855224 (6,5M) [application/x-xz]
Saving to: ‘syslinux-6.03.tar.xz’

syslinux-6.03.tar.xz                         100%[============================================================================================>]   6,54M   765KB/s    in 9,8s    

2017-03-02 17:46:12 (683 KB/s) - ‘syslinux-6.03.tar.xz’ saved [6855224/6855224]
[root@server /usr/home/user]#

Wait for download to be completed and than extract ~/syslinux-6.03.tar.xz with:

[root@server /usr/home/user]# tar -xf syslinux-6.03.tar.xz [enter]
[root@server /usr/home/user]#

Installation

For the lwIP embedded TCP/IP network stack copy file syslinux-6.03/bios/core/pxelinux.0 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/core/pxelinux.0 /tftpboot/ [enter]
[root@server /usr/home/user]#

For the new lwIP embedded TCP/IP network stack copy file ~/syslinux-6.03/bios/core/lpxelinux.0 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/core/lpxelinux.0 /tftpboot/ [enter]
[root@server /usr/home/user]#

For the legacy TCP/IP network stack copy file syslinux-6.03/bios/gpxe/gpxelinux.0 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/gpxe/gpxelinux.0 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/lib/libcom32.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/lib/libcom32.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/libutil/libutil.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/libutil/libutil.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/menu/menu.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/menu/menu.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/menu/vesamenu.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/menu/vesamenu.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/modules/linux.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/modules/linux.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/elflink/ldlinux/ldlinux.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/elflink/ldlinux/ldlinux.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/modules/reboot.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/modules/reboot.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/chain/chain.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/chain/chain.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/sample/syslinux_splash.jpg to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/sample/syslinux_splash.jpg /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/memdisk/memdisk to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/memdisk/memdisk /tftpboot/ [enter]
[root@server /usr/home/user]#

Display files in directory /tftpboot with:

[root@server /usr/home/user]# ls -l /tftpboot/ [enter]
total 1343
-rwxr-xr-x  1 root  wheel   24560 Mar  2 18:48 chain.c32
-rw-r--r--  1 root  wheel  111334 Mar  2 18:44 gpxelinux.0
drwxr-xr-x  2 root  wheel       2 Mar  2 11:37 images
-rwxr-xr-x  1 root  wheel  122308 Mar  2 18:48 ldlinux.c32
-rwxr-xr-x  1 root  wheel  186500 Mar  2 18:44 libcom32.c32
-rwxr-xr-x  1 root  wheel   24148 Mar  2 18:44 libutil.c32
-rwxr-xr-x  1 root  wheel    4660 Mar  2 18:44 linux.c32
-rw-r--r--  1 root  wheel   91550 Mar  2 18:43 lpxelinux.0
-rw-r--r--  1 root  wheel   26140 Mar  2 18:49 memdisk
-rwxr-xr-x  1 root  wheel   26596 Mar  2 18:44 menu.c32
-rw-r--r--  1 root  wheel   46909 Mar  2 18:41 pxelinux.0
drwxr-xr-x  2 root  wheel       2 Mar  2 11:37 pxelinux.cfg
-rwxr-xr-x  1 root  wheel    1376 Mar  2 18:48 reboot.c32
-rw-r--r--  1 root  wheel   56299 Mar  2 18:49 syslinux_splash.jpg
-rwxr-xr-x  1 root  wheel   27104 Mar  2 18:44 vesamenu.c32
[root@server /usr/home/user]#

Delete the extracted folder and the downloaded .xz file with;

[root@server /usr/home/user]# rm -R syslinux-6.03; rm syslinux-6.03.tar.xz [enter]
[root@server /usr/home/user]#

Configuration

Critical Tasks Password

openssl passwd command can be used to compute the MD5-based hash of password used in the PXE Boot Menus.

[root@server /usr/home/user]# openssl passwd -1 passwd
$1$./xB0ZYM$EaUHney4jC51AtxBjdln2/
[root@server /usr/home/user]#

PXE Boot Main Menu

The PXE Boot Main Menu is defined in file /tftpboot/pxelinux.cfg/default.

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/pxelinux.cfg/default

…and add the following text:

DEFAULT vesamenu.c32
PROMT 0
NOESCAPE 1
TIMEOUT 300
TOTALTIMEOUT 450

MENU WIDTH 78
MENU MARGIN 1
MENU ROWS 20
MENU TIMEOUTROW 25
MENU HELPMSGROW 26

MENU BACKGROUND syslinux_splash.jpg

MENU MASTER PASSWD $1$./xB0ZYM$EaUHney4jC51AtxBjdln2/
MENU PASSPROMT Enter Password

MENU TITLE PXE Boot Main Menu - server.example.net

MENU COLOR BORDER 0 #ffffffff #ee000000 std
MENU COLOR TITLE 0 #ffffffff #ee000000 std
MENU COLOR SEL 0 #ff00ff00 #ff000000 std
MENU COLOR UNSEL 0 #ffffffff #ee000000 std
MENU COLOR PWDHEADER 0 #ff000000 #99ffffff rev
MENU COLOR PWDBORDER 0 #ff000000 #99ffffff rev
MENU COLOR PWDENTRY 0 #ff000000 #99ffffff rev
MENU COLOR HOTKEY 0 #ff00ff00 #ee000000 std
MENU COLOR HOTSEL 0 #ffffffff #85000000 std

LABEL blank
MENU LABEL

LABEL hd
MENU LABEL ^H)  Boot to Local Hard Disk
LOCALBOOT 0x80

LABEL floppy
MENU LABEL ^F)  Boot to Local Floppy Disk
LOCALBOOT 0x00

LABEL cr
MENU LABEL ^R)  Coold Reboot
COM32 reboot.c32

LABEL wr
MENU LABEL ^W)  Warm Reboot
COM32 reboot.c32
APPEND -w

LABEL next
MENU LABEL ^N)  Skip PXE Boot (Boot Next Device)
MENU DEFAULT
LOCALBOOT -1

N.B.: Remember to change MENU MASTER PASSWD and MENU TITLE PXE!

PXE Boot Sub-Menus – Top Part

PXE Boot Sub-Menus top part is defined in file tftpboot/top.cfg:

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/top.cfg

…and add the following text:

DEFAULT vesamenu.c32
PROMT 0
NOESCAPE 1
TIMEOUT 300
TOTALTIMEOUT 450

MENU WIDTH 78
MENU MARGIN 1
MENU ROWS 20
MENU TIMEOUTROW 25
MENU HELPMSGROW 26

MENU BACKGROUND syslinux_splash.jpg

MENU MASTER PASSWD $1$./xB0ZYM$EaUHney4jC51AtxBjdln2/
MENU PASSPROMT Enter Password

MENU COLOR BORDER 0 #ffffffff #ee000000 std
MENU COLOR TITLE 0 #ffffffff #ee000000 std
MENU COLOR SEL 0 #ff00ff00 #ff000000 std
MENU COLOR UNSEL 0 #ffffffff #ee000000 std
MENU COLOR PWDHEADER 0 #ff000000 #99ffffff rev
MENU COLOR PWDBORDER 0 #ff000000 #99ffffff rev
MENU COLOR PWDENTRY 0 #ff000000 #99ffffff rev
MENU COLOR HOTKEY 0 #ff00ff00 #ee000000 std
MENU COLOR HOTSEL 0 #ffffffff #85000000 std

N.B.: Remember to change MENU MASTER PASSWD!

PXE Boot Sub-Menus – Bottom Part

PXE Boot Sub-Menus bottom part is defined in file tftpboot/bottom.cfg:

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/bottom.cfg

…and add the following text:

LABEL blank
MENU LABEL

LABEL hd
MENU LABEL ^H)  Boot to Local Hard Disk
localboot 0x80

LABEL floppy
MENU LABEL ^F)  Boot to Local Floppy Disk
localboot 0x00

LABEL cr
MENU LABEL ^R)  Coold Reboot
COM32 reboot.c32

LABEL wr
MENU LABEL ^W)  Warm Reboot
COM32 reboot.c32
APPEND -w

LABEL  return
MENU LABEL ^R)  Return to PXE Boot Main Menu
MENU DEFAULT
KERNEL vesamenu.c32
APPEND ~

Change file modes

Change file modes for all files in directory /tftpboot with:

[root@server ~]# chmod -R 755 /tftpboot [enter]
[root@server /usr/home/user]#

The sub-menus in this example will be named tftpboot/f01.cfg, tftpboot/f02.cfg,… and any files used in the sub-menus will be stored in directory named tftpboot/f01, tftpboot/f02, …

tftp-hpa – BSD derived TFTP Server

tftp-hpa – BSD derived TFTP Server

Description

tftp-hpa is portable, BSD derived tftp server. It supports advanced options such as blksize, blksize2, tsize, timeout, and utimeout. It also supported rule-based security options.

Requirements

The following application(s) must be installed, configured and running before tftp-hpa is installed:

  • None

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]
N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for tftp in the remote package repositories with:

[root@server /usr/home/user]# pkg search tftp  [enter]
atftp-0.7_3                    Advanced tftp server and client
nagios-check_tftp-1.0.1        Nagios plugin to check tftp servers
p5-TFTP-1.0                    TFTP client in Perl as described in RFC783
py27-tftpy-0.6.2               Pure Python TFTP Implementation
tftp-hpa-5.2                   Advanced tftp server
tftpgrab-0.2                   TFTP stream extractor
utftpd-0.2.4_2                 secure tftpd server with fine grained access and revision control
[root@server /usr/home/user]##

In this example, tftp-hpa will be installed.

Install port tftp-hpa with;

[root@server /usr/home/user]# pkg install tftp-hpa [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	tftp-hpa: 5.2

Number of packages to be installed: 1

38 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching tftp-hpa-5.2.txz: 100%   38 KiB  39.3kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing tftp-hpa-5.2...
[1/1] Extracting tftp-hpa-5.2: 100%
[root@server /usr/home/user]#

Configuration

packet filter (pf)

Access to the tftpd service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add port information to enable access to the TFTP service from clients on the local network as in this example:

...
# Ports:
#  53 TCP UDP   Domain Name System (DNS)
#  67 TCP UDP	Bootstrap Protocol (BOOTP) server
#  69 TCP UDP   Trivial File Transfer Protocol (TFTP)
# 123 TCP       Network Time Protocol
...
tcp_pass="{ 53,  67, 69, 123 }"
udp_pass="{ 53,  67, 69, }"
...
# Pass specified tcp traffic in to this server from LAN clients
pass in on $lan_if proto tcp from $lan_if:network to $lan_if port $tcp_pass

# Pass specified udp  traffic in to this server from LAN clients
pass in on $lan_if proto udp from $lan_if:network to $lan_if port $udp_pass

# Pass SSH traffic from LAN clients (for Admin)
pass in on $lan_if proto tcp from $lan_if:network to $lan_if port ssh
...

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#

/tftpboot Directory

List current ZFS pool information with:

[root@server /usr/home/user]# zpool list [enter]
NAME    SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
zroot  5,44T   254G  5,19T         -     2%     4%  1.00x  ONLINE  -
[root@server /usr/home/user]#

In this example, zroot pool was found.

Creates a dataset where the tftpboot files will be stored with:

[root@server /usr/home/user]# zfs create -o compression=lz4 -o mountpoint=/tftpboot zroot/tftpboot [enter]
[root@server /usr/home/user]#
[root@server /usr/home/user]# chown tftpd:tftpd /tftpboot [enter]
[root@server /usr/home/user]#
[root@server /usr/home/user]# chmod u=rwx,g=rx,o= /tftpboot [enter]
[root@server /usr/home/user]#

tftpd User

Create a separate user tftpd with group tftpd, no login shell and the home directory set to /nonexistent for running tftpd with:

Add a separate user group tftpd for running the tftpd service with:

[root@server /usr/home/user]# pw groupadd tftpd  [enter]
[root@server /usr/home/user]#

Add a separate user tftpd in group tftpd, no login shell and the home directory set to /nonexistent for running the tftpd service with:

[root@server /usr/home/user]# pw useradd tftpd -c tftp_manager -d /nonexistent -g tftpd -s /usr/sbin/nologin [enter]
[root@server /usr/home/user]#
[root@server /usr/home/user]# vipw [enter]
...
tftpd:*:4004:4003::0:0:tftp_manager:/nonexistent:/usr/sbin/nologin
...
[root@server /usr/home/user]#

Enable tftpd Service

List installed tftpd services with:

[root@server /usr/home/user]# service -r | grep tftpd [enter]
/usr/local/etc/rc.d/tftpd
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf with:

[root@server /usr/home/user]# /usr/local/etc/rc.d/tftpd rcvar [enter]
# tftpd
#
tftpd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start tftpd at system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# tftpd-hpa' >> /etc/rc.conf; echo 'tftpd_enable="YES"' >> /etc/rc.conf; echo 'tftpd_flags="--ipv4 --secure --create --user tftpd --umask 027 --permissive --address 0.0.0.0:69 /tftpboot"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Optional: Add –blocksize 1468 to the tftpd_flags may improve the performance on some systems.

Display full list of tftpd options with:

[root@server /usr/home/user]# man in.tftpd [enter]

Start

Manually start tftpd with:

[root@server /usr/home/user]# service tftpd start [enter]
Starting tftpd.
[root@server /usr/home/user]#

Verify and Test

Check whether the tftpd service daemon is running:

[root@server /usr/home/user]# ps -x | grep tftp | grep -v grep [enter]
 2970  -  Is       0:00,00 /usr/local/libexec/in.tftpd --ipv4 --secure --create --user tftpd --umask 027 --permissive --address 0.0.0.0:69 /tftpboot -P /var/run/tftpd.pid -l
[root@server /usr/home/user]#

You should now have an operational TFTP server. Since your FreeBSD system also has a TFTP client, you can test that the server is running.

First, tftp to the address of your TFTP server as a regular user. Here, we will use the tftp client from the same computer, that is the TFTP server.

Connect to the TFTP service on the local host with:

[root@server /usr/home/user]# tftp localhost [enter]

If the server responds, your prompt will change to:

tftp>

If you type ?, you’ll get a list of command that the tftp client supports:

tftp> ? [enter]
Commands may be abbreviated.  Commands are:

connect 	connect to remote tftp
mode    	set file transfer mode
put     	send file
get     	receive file
quit    	exit tftp
verbose 	toggle verbose mode
status  	show current status
binary  	set mode to octet
ascii   	set mode to netascii
rexmt   	set per-packet retransmission timeout[-]
timeout 	set total retransmission timeout
trace   	enable 'debug packet'[-]
debug   	enable verbose output
blocksize	set blocksize[*]
blocksize2	set blocksize as a power of 2[**]
rollover	rollover after 64K packets[**]
options 	enable or disable RFC2347 style options
help    	print help information
packetdrop	artificial packetloss feature
?       	print help information

[-] : You shouldn't use these ones anymore.
[*] : RFC2347 options support required.
[**] : Non-standard RFC2347 option.
tftp>

Exit the tftp client with:

tftp> q [enter]
[root@server /usr/home/user]#