Tag Archives: FreeBSD

Quick and Dirty: Installing Htop on FreeBSD 10.x

Htop is an interactive system-monitor process-viewer written for Linux. On most of my servers I have it up and running continually if I’m not actively on the box. It’s great to be able to quickly glance up and see the current state of a particular server or to see if something I’m running has gotten out of hand (I’m looking at you Bro). On FreeBSD 10.x the install is pretty straight forward with some minor tweaks.

Simply run the following commands:

$ sudo pkg install htop

Now create the proper folders:

mkdir -p /usr/compat/linux/proc
ln -s /usr/compat /compat

Once this is done you’ll need to add the following line to /etc/fstab

linproc /compat/linux/proc linprocfs rw,late 0 0

Lastly we need to mount it using

mount linproc

Now you should be able to run Htop from your command line.

htop

FreeBSD pkg_add little trick

So don’t ask me why but I decided to run FreeBSD 6.0 on an older Dell Latitude laptop. Install goes fine. But now I’ve got an issue. When trying to install a package I get the troublesome ftp error (cannot find this location dummy). But this was quickly resolved with the following.

You can also see which ftp directory your FreeBSD system is currently using by reading the error received when you try to install a bogus package:

# pkg_add -r test
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-release/Latest/abc.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch ‘ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-release/Latest/abc.tbz’ by URL

In this case, the system is using packages-6-release/Latest which contains the 6.9 version of xorg instead of packages-6-stable which contains the latest or 7.2 version of xorg. Take a peek in both directories on the ftp site, you’ll see for yourself.

You can ask pkg_add to go to a different location by modifying the PACKAGESITE environmental variable by typing this as one line:

# setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/

And Eureka! No more install issues.

Stopping FTP Brute Force Attacks in FreeBSD and OpenBSD

This is a great little article that I came across talking about stopping FTP brute force attacks in OpenBSD or FreeBSD (both of my favorite OS’s). It assumes that your using PF as your firewall (which you should!).

You can easily stop bruteforce attacks by limiting connections per IP using pf
firewall under FreeBSD or OpenBSD.

Open /etc/pf.conf

# vi /etc/pf.conf

Update it as follows:

# the lists of known FTPD attackers
table persist file “/etc/pf.ftp.block.list”

# block all incoming connections from attackers on FTPD
block in quick on $ext_if from

# Let us allow FTP with bruteforce protection
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 21 keep state (max-src-conn-rate 5/40, overload flush global)

Above will block FTP connections more than 5 times in 40 seconds. Also append the following line to /etc/rc.shutdown to keep changes after the reboot:

# echo '/sbin/pfctl -t ftp-attacks -T show > /etc/pf.ftp.block.list' >> /etc/rc.shutdown

Finally, reload pf firewall:

# /etc/rc.d/pf reload

To list currently blocked IP (attackers IP), enter:

# pfctl -t ftp-attacks -T show