Configuração de um servidor NTP no OpenBSD 5.0

Procedimento

No arquivo /etc/ntpd.conf descomente a linha listen * e no lugar do * coloque o IP da interface da rede local, ficando assim:

listen 192.168.0.1
No arquivo /etc/rc.conf.local coloque a linha:

ntpd_flags=”-s”
Inicie o serviço executando:

/etc/rc.d/ntpd start

OpenBSD 5.0: Dual Boot (OpenBSD 5.0 x Windows 7 Ultimate) »

PessoALL, como um bom novato tenho a obrigação de documentar a compartilhar os conhecimentos adquiridos nesse início da minha jornada com o OpenBSD. Hoje irei compartilhar com vocês uma das maneiras de se instalar OpenBSD 5.0 e Windows 7 Ultimate configurando-os como Dual Boot.

1. Instalação e…

Aplicando a 1a atualização do OpenBSD 5.0

Saiu uma atualização para o Bind. Como proceder se você possui o OpenBSD?

O Bind faz parte da árvore do OpenBSD. Isto significa que o Bind possui patches feitos pela equipe de desenvolvedores para torná-lo mais seguro/estável. Portanto, para fazer atualização dele, basta seguir as instruções do patch de atualização. Por exemplo, se você usa a versão 5.0 do OpenBSD, você já tem 1(uma) atualização pra fazer.

Organizando os fontes da árvore do OpenBSD

Para tornar seu OpenBSD estável (stable) Execute o seguinte procedimento,como root: cd /root ftp -V ftp://ftp.openbsd.org/pub/OpenBSD/5.0/sys.tar.gz ftp -V ftp://ftp.openbsd.org/pub/OpenBSD/5.0/src.tar.gz cd /usr/src tar -zxvf /root/sys.tar.gz tar -zxvf /root/src.tar.gz

Fazendo a atualização do Bind

Quando um patch de segurança para a ávore do OpenBSD é corrigido, o mesmo é divulgado imediatamente na lista security-announce, algumas horas depois aparece no site.

Você encontrará uma correção. Baixe o arquivo para o host OpenBSD usando , como root, os comandos:

cd /root
ftp -V http://ftp.openbsd.org/pub/OpenBSD/patches/5.0/common/001_bind.patch"

E siga a instruções contidas no arquivo:

Apply by doing:
    cd /usr/src
    patch -p0 < /root/001_bind.patch

And then rebuild and install bind:
    cd usr.sbin/bind
    make -f Makefile.bsd-wrapper obj
    make -f Makefile.bsd-wrapper depend
    make -f Makefile.bsd-wrapper

michael:

Building VPN’s with OpenBSD and IPSEC

Antonio Feitosa: Boot do OpenBSD em micros com mais de 4GB de RAM »

0xac0:

Data: 2011-09-15 14:54:00 -03:00

Preâmbulo

Definitivamente, estive em apuros por causa duma limitação do gerenciador de boot do OpenBSD. A falha consistia em travar o computador no momento do boot do CD, no momento em que ele tenta reconhecer a memória RAM do computador.

Local do arquivo

Ao…

Antonio Feitosa: O que são os ramos do OpenBSD »

0xac0:

Data: 2011-09-13 13:12:00 -03:00

Introdução

É comum usuários de outros sistemas operacionais, principalmente os Unix-Like, quando começam usar o OpenBSD se perguntarem como se faz a para deixar o sistema atualizado. -Como se dá o “apt-get upgrade”? -Eles perguntam. Isto em geral ocorre pelo fato…

firemyst demistifying: OAMP / mongodb-php-apache on openbsd 5.0 »

firemyst:

this aims for a very lean install of php and mongo on openbsd (dated 11-2011)

so real quick without pear, pecl and unnecessary garbage -install or upgrade to your preferred openbsd flavor (stable, release, current)
 $ sudo pkg_add -vi php $ sudo pkg_add -vi mongodb
this should get you php 5.3x…

O que há de novo no OpenBSD 5.0

Com data prevista de lançamento previsto para 1 de Novembro de 2011, a nova versão traz consigo mais de 770 alterações, entre novas funcionalidades e correções.

Segue abaixo algumas:

Drivers

Added dfs(4/MACPPC) driver to support the Dynamic Frequency Switching feature found on some laptops.
Support additional L2C variants and L1D (AR813x/AR815x chips) in alc(4).
Update to sendmail(8) 8.14.5.
Various drivers have been adjusted to use PCI Message Signaled Interrupts on amd64, i386, macppc and sparc64.
New AMD K10/K11 pstate driver allows setperf and apm to change CPU frequences on newer AMD CPUs.
Unified various macppc gpio(4) access methods that take an offset relative to the mac-io bus base address. Needed for upcoming dfs(4/MACPPC) support.
Fixed arguments to arm pmap(9) poolinit: alignment of alignment of L2TABLESIZEREAL is at offset 0 and not at offset L2TABLESIZE_REAL.
Make pci(4) pass flags down the PCI bus hierarchy.
Added pci(4) register definitions for PCI MSI capability.
Stop leaking swapslots in uvm(9) when doing a uvmkmpgremove and a page is in swap only.
Removed uvm(9) vmpagelookup_freelist().
Implemented correct prologue and epilogue for hppa64 machine-dependent init.
Make mips common kernel code set octeon’s internal counter clock speed to its processor clock.
Fixed aucat(1) option handling and enable TCP in midicat(1).
Refactored queue allocation and initialization into wdc(4) wdcallocqueue() function, and let attachment code call this rather than malloc(9). This prevents re-initialization of the queue in shared queue chipsets.
Initialize the wdc(4) atadrivedatas structures earlier in wdcattach() so that chip-specific drv_probe routines can assume they’ve already been initialized.
Make sndio(7) siopsleep() use an array of SIOMAXNFDS pollfd structures rather than a single one.
Initialize the ‘pstate’ field of the aucat(1) wav structure.
Fixed a few minor issues in i386 hibernate support code relating to improper swap device determination and memory range calculation.
Fix memory handling in octeon machine-dependent code.
Eliminated a few unused wdc(4) capability flags (WDCCAPABILITYHWLOCK, WDCCAPABILITYATANOSTREAM, and WDCCAPABILITYATAPINOSTREAM).
Simplified physio(9) thanks to the fact that buffers now come out of a pool rather than a global list of statically allocated structures and aren’t shared.
Removed uvm_pglist.h from the tree.
Make ubsec(4) interrupt routine acknowledge only the interrupts it can process.
Make sure amd64 AES session id checks look at the lower 32 bits of crp_sid.
Make hppa64 gateway page accessible to all userland processes.
Reverted atapiscsi(4) to only attempting on IDENTIFY command against directly attached devices as in the pre-port-multiplier code.
Make the “mute” key work on macppc keyboards.
Make urndis(4) attach to Samsung Galaxy S.
Make sure hppa64 restore sr4 at the very end of locore.S to avoid further loads from the trapframe to be done at the wrong address space.
Make scsi(4) skip leading blanks and collapse multiple white spaces into when when printing scsi device ids.

X11

Fixed client and group cycle defines in cwm(1).
Fixed xf86-input-ws on xserver 1.9 and earlier.
Enabled xf86-input-synaptics on i386 and amd64.
Added support to new wscons(4) ioctl WSMOUSEIO_SETMODE in xf86-input-synaptics.
Updated xf86-input-acecad to version 1.5.0, xf86-video-chips to 1.2.4, xf86-video-vmware to 11.0.3, xf86-video-siliconmotion to 1.7.5, xlsclients to 1.1.2.
On cwm(1) map, prevent it from warping the windows that are marked as ignored.
Put back cwm(1) window resize back to 60 Hz.
Make cwm(1) menu window aware of xinerama(3) info.
Keep synaptics touchpad to the current wscons(4) behaviour until WSMOUSEIO_SETMODE ioctl is issued to switch to synaptics mode.

Rede

Change ‘set skip on <…>’ to work with interface groups.
Disable pipex for L2TP on disconnect.
Pre-allocate memory in ipsec(4) package to avoid sleeping after performing a lookup, which may lead to a race.
Make pfsync(4) use timeout(9) timeout_del return value to check if the timeout is actually removed when undeferring a packet.
Make tftp-proxy(8) use ‘divert-to’.

Comandos

In addition to relative resizing, allow absolute resizing of partitions in auto-allocated labels with disklabel(8).
Allow specifying k/m/g/… suffixes in newfs(8) -S and -s options.
Fixed some warnings in adduser(8).
Make ssh(1) use FD_CLOEXEC consistently.
Cleaned up adduser(8) handling of email messages.
Make gdb(1) handle lazy relocation stubs as Linux does.
Make tmux(1) reset last pane on break-pane. Fixes a problem reported in Debian bug #622677.
Make tmux(1) reset last pane on swap-pane across windows. Fixes a crash.
Prevent tmux(1) from dragging on click, only select.
Make ssh(1) warn on unexpected key type in keyparseprivate_type().
Removed support for authorized_keys2, a relic from the early days of protocol V2, in ssh(1).
Make dhclient(8) more friendly to sequential option processing by always starting DHCP packet options with DHODHCPMESSAGE_TYPE. Improved working with Nortel NetIP DHCP server.
Fixed memory leaks in tmux(1) command capture pane.
Fixed a memory leak in tmux(1) commands if cmdpanesession succeed.
Added a new option to tmux(1), mouse-resize-pane which, when on, allows panes to be resized by dragging their borders.
Make tmux(1) use the tsl and fsl terminfo(5) capabilities to update terminal title and automatically fill them in on terminals with the XT capability.
Added a small memory optimization in fsck_ffs(8).
Improved tmux(1) behaviour when TTY allocation fails: if RequestTTY is set to ‘auto’ make it not treat a TTY allocation error as fatal and just restore the local TTY.
Make more silent ssh(1) debug() logs by detecting that it’s trying to load a private key in keytryload_public() and returning early.
Make sure sysmerge(8) handle first /etc/group and /etp/master.passwd in case it need to install files or directories with newly added user/group ownerships.
Introduced a ‘freeze’ flag in tmux(1) which make it ignore any move or resize requests made on the windows it’s applied.
Added a RequestTTY ssh_config(5) option to allow configuration-based control over tty(4) allocation, like ssh [-tT].
Make ssh_config(5) support negated host matching.
Added a %L expansion (short-form of the local host name) for ssh(1) ControlPath.
Set ssh(1) traffic class for IPv6 traffic as it’s done for IPv4 TOS. Fixes bz#1855.
Make sysmerge(8) create the directory holding the link it’s about to create if it does not exist.
Fixed memory leak in ssh(1). Fixes bz#1849.
Added disklabel(8) support in tunefs(8).
Make ssh(1) gracefully fall back when ControlPath is too large for a sockaddr_un.
Allow ssh-add(1) to read key from standard input with ssh-add - .
Make atactl(8) capable of reading disklabel(8) UIDs.
Make tmux(1) change window with mouse wheel over status line if mouse-select-window is on.
Prevent use of strnvis(3) in tmux(1) title as it breaks UTF-8.
Make tmux(1) check if mouse-select-pane is on, not off when setting mouse flags.

Daemons

Fixed reload support in relayd(8).
Fixed type warnings reported by clang in smtpd(8).
Fixed wrong id for UDPENCAPTRANSPORT_DRAFT in isakmpd(8).
Fixed an off-by-one that made smtpd(8) skip an “invalid” bucket that was actually valid.
Make relayd(8) use the proc.c privsep API/commodity functions based on work for iked(8) and smtpd(8).
Fixed segfault in smtpd(8) newaliases after global env move.
Prevent security(8) from complaining about a group(5) line with a single “+” as “wrong number of fields”, that abbreviated syntax for NIS map of groups is explicitly allowed by group(5). Warn if this isn’t the last line of group(5) though.
Started a work in ospfd(8) to support opaque LSA.
Force loopback interfaces to IFSTALOOPBACK in ospf6d(8).
Updated relayd(8) logging and debug functions to use the C99 func macro instead of static function names.
Allow a user to specify relayd(8) root priority.
Fixed check of errors in bgpd(8) sessions.
Make iscsid(8) handle logins more correctly.
Prevent smtpd(8) from fork-bombing on startup when there are lots of mails in the offline queue by using a wait list to keep the number of forked processes below a reasonable limit when enqueueing.

Bibliotecas

Make calls to malloc(3) malloc_dump() safer by avoiding file pointer computation for stats.
Introduced leak detection code for MALLOC_STATS in malloc(3).
Fixed bug in glob(3).
Make timeout(9) timeout_del able to tell the caller if it actually did remove a timeout or not.
Added a wprintf(3) man pages.
Always free the multibyte->wchar conversion buffer allocated in vfwprintf(3) __mbsconv().
Make malloc(3) start scanning the bits of the chunk at a random position to take the first available free slots instead of starting from position zero and skipping a random number of free slots. Make things faster.