With a foreword by FFRREEEEBBSSDD:: AA BB SS OO LL UU TT EE ROBERT WATSON, NNOOTT JJUUSSTT FFOORR President of AALLPPHHAA GGEEEEKKSS the FreeBSD Foundation AANNYYMMOORREE!! FF RR EE EE BB SS DD® 22 NN DD EE DD II TT II OO NN AA FreeBSD—the powerful, flexible, and free Unix-like • Manage schedulers, remap shared libraries, and FF operating system—is the preferred server for many optimize your system for your hardware and your enterprises. But it can be even trickier to use than either workload BB T H E C O M P L E T E G U I D E T O F R E E B S D Unix or Linux, and harder still to master. RR • Build custom network appliances with embedded Absolute FreeBSD, 2nd Edition is your complete guide FreeBSD to FreeBSD, written by FreeBSD committer Michael SS M I C H A E L W . L U C A S W. Lucas. Lucas considers this completely revised and • Implement redundant disks, without special hardware 22EE NN rewritten second edition of his landmark work to be his • Integrate FreeBSD-specific SNMP into your network DD OO best work ever; a true product of his love for FreeBSD management system E EEE and the support of the FreeBSD community. Absolute Whether you’re just getting started with FreeBSD or DD FsereceuBriStyD, ,n 2entwdo Erdk itsieornv iccoevse, rssy sintesmta llpaetirofonr, mnaentwceo,r kkienrgn,e l you’ve been using it for years, you’ll find this book to ITITBBLL be the definitive guide to FreeBSD that you’ve been II tweaking, filesystems, SMP, upgrading, crash debugging, OO and much more, including coverage of how to: waiting for. NN UU ABOUT THE AUTHOR SS • Use advanced security features like packet filtering, virtual machines, and host-based intrusion detection Michael W. Lucas is a network engineer and system TT administrator responsible for a network that stretches DD • Build custom live FreeBSD CDs and bootable flash across the Western Hemisphere. He is the author of the • Manage network services and filesystems critically acclaimed Absolute OpenBSD, Cisco Routers EE for the Desperate, and PGP & GPG, all from No Starch • Use DNS and set up email, IMAP, web, and FTP Press. Despite being from Detroit, Michigan, he knows services for both servers and clients almost nothing about automobiles. He has been using • Monitor your system with performance-testing and Unix systems for over 20 years and FreeBSD since 1995. troubleshooting tools Fortunately for the rest of us, his writing keeps him too busy to implement his plans for world domination. • Run diskless systems L U C THE FINEST IN GEEK ENTERTAINMENT™ $59.95 ($65.95 CDN) A S www.nostarch.com OPERATINSHELVE IN “I LAY FLAT.” G SYSTEM: This book uses RepKover—a durable binding that won’t snap shut. S/UN IX Printed on recycled paper PRAISE FOR THE FIRST EDITION, ABSOLUTE BSD “Even longtime users of FreeBSD may be surprised at the power and features it can bring to bear as a server platform, and Absolute BSD is an excellent guide to harnessing that power.” —UNIXREVIEW.COM “ . . . provides beautifully written tutorials and reference material to help you make the most of the strengths of this OS.” —LINUXUSER & DEVELOPER MAGAZINE “ . . . a great resource for people new to BSD and those who have been using it for years. Michael Lucas has a writing style which is very easy to read and absorb.” —FRESHMEAT “A very fine piece of work, it isn’t about how to implement BSD solutions, but it is about managing systems in situ.” –;LOGIN: “ . . . packed with a lot of information.” —DAEMON NEWS PRAISE FOR ABSOLUTE OPENBSD BY MICHAEL LUCAS “Absolute OpenBSD by Michael Lucas is a broad and mostly gentle introduction into the world of the OpenBSD operating system. It is sufficiently complete and deep to give someone new to OpenBSD a solid footing for doing real work and the mental tools for further exploration. . . . The potentially boring topic of systems administration is made very readable and even fun by the light tone that Lucas uses.” —CHRIS PALMER, PRESIDENT, SAN FRANCISCO OPENBSD USERS GROUP “ . . . a well-written book that hits its market squarely on target. Those new to OpenBSD will appreciate the comprehensive approach that takes them from concept to functional execution. Existing and advanced users will benefit from the discussion of OpenBSD-specific topics such as the security features and pf administration.” —SLASHDOT “I recommend Absolute OpenBSD to all programmers and administrators working with the OpenBSD operating system (OS), or considering it.” —UNIXREVIEW.COM PRAISE FOR PGP & GPG BY MICHAEL LUCAS “PGP & GPG is another excellent book by Michael Lucas. I thoroughly enjoyed his other books due to their content and style. PGP & GPG continues in this fine tradition. If you are trying to learn how to use PGP or GPG, or at least want to ensure you are using them properly, read PGP & GPG.” —TAOSECURITY “The world’s first user-friendly book on email privacy. Unless you’re a cryptographer, or never use email, you should read this book.” —LEN SASSAMAN, CODECON FOUNDER “ Excellent tutorial, quick read, and enough humor to make it enjoyable.” —INFOWORLD “An excellent book that shows the end-user in an easy to read and often entertaining style just about everything they need to know to effectively and properly use PGP and OpenPGP.” —SLASHDOT PRAISE FOR CISCO ROUTERS FOR THE DESPERATE BY MICHAEL LUCAS “ . . . this book isn’t a reference—it’s a survival guide, a ‘break glass in case of emergency’ safety harness. . . . What I found remarkable was how it was obviously written for people like me—those of us who have little interest in router management but whose jobs depend on the consistent, trusted func- tioning of such infrastructure. —ASP.NETPRO “If only Cisco Routers for the Desperate had been on my bookshelf a few years ago! It would have definitely saved me many hours of searching for config- uration help on my Cisco routers. . . . I would strongly recommend this book for both IT Professionals looking to get started with Cisco routers, as well as anyone who has to deal with a Cisco router from time to time but doesn’t have the time or technological know-how to tackle a more in-depth book on the subject.” —BLOGCRITICS MAGAZINE A B S O L U T E F R E E B S D 2 N D E D I T I O N THE COM PLET E GUIDE TO FREEBSD by Michael W. Lucas ® San Francisco ABSOLUTE FREEBSD, 2ND EDITION. Copyright © 2008 by Michael W. Lucas. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed on recycled paper in the United States of America 11 10 09 08 07 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-151-4 ISBN-13: 978-1-59327-151-0 Publisher: William Pollock Production Editors: Christina Samuell and Megan Dunchak Cover and Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: John Baldwin Copyeditor: Dmitry Kirsanov Compositor: Riley Hoffman Proofreader: Alina Kirsanova Indexer: Nancy Guenther For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415.863.9900; fax: 415.863.9950; [email protected]; www.nostarch.com Library of Congress Cataloging-in-Publication Data Lucas, Michael, 1967- Absolute FreeBSD : the complete guide to FreeBSD / Michael W. Lucas. -- 2nd ed. p. cm. Includes index. ISBN-13: 978-1-59327-145-9 ISBN-10: 1-59327-145-X 1. FreeBSD. 2. UNIX (Computer file) 3. Internet service providers--Computer programs. 4. Web servers--Computer programs. 5. Client/server computing. I. Title. QA76.76.O63L83 2007 004'.36--dc22 2007036190 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The mark “FreeBSD” is a registered trademark of The FreeBSD Foundation and is used by Michael W. Lucas with the permission of The FreeBSD Foundation. The FreeBSD Logo is a trademark of The FreeBSD Foundation and is used by Michael W. Lucas with the permission of The FreeBSD Foundation. The BSD Daemon is copyright Marshall Kirk McKusick and is used with permission. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. For Liz. With luck, this one is the right size to plug that dang gopher hole. B R I E F C O N T E N T S Foreword by Robert N.M. Watson...............................................................................xxvii Acknowledgments.......................................................................................................xxix Introduction....................................................................................................................1 Chapter 1: Getting More Help........................................................................................19 Chapter 2: Installing FreeBSD.........................................................................................33 Chapter 3: Start Me Up! The Boot Process........................................................................61 Chapter 4: Read This Before You Break Something Else! (Backup and Recovery)...................89 Chapter 5: Kernel Games............................................................................................117 Chapter 6: The Network..............................................................................................145 Chapter 7: Securing Your System..................................................................................177 Chapter 8: Disks and Filesystems..................................................................................209 Chapter 9: Advanced Security Features.........................................................................261 Chapter 10: Exploring /etc..........................................................................................301 Chapter 11: Making Your System Useful........................................................................315 Chapter 12: Advanced Software Management...............................................................343 Chapter 13: Upgrading FreeBSD..................................................................................371 Chapter 14: The Internet Road Map: DNS.....................................................................411 Chapter 15: Small System Services...............................................................................439 Chapter 16: Spam, Worms, and Viruses (Plus Email, If You Insist).....................................467 Chapter 17: Web and FTP Services...............................................................................499 Chapter 18: Disk Tricks with GEOM..............................................................................529 Chapter 19: System Performance and Monitoring...........................................................569 Chapter 20: The Fringe of FreeBSD...............................................................................603 Chapter 21: System (and Sysadmin) Panics and Crashes.................................................637 Afterword...................................................................................................................655 Appendix: Some Interesting sysctlMIBs..........................................................................661 Index.........................................................................................................................675 viii Brief Contents