Tambahkan berikut pada kernel

MOUNTING A CD-ROM DISK

We need to set up a directory before we can mount the CD, so let's go to the OS root directory by entering:

cd /
mkdir /cdrom
mount -t cd9660 /dev/acd0c /cdrom

READ A DIRECTORY LISTING
The CD-ROM disk is now mounted. To test, enter:
ls -lt /cdrom

This should give us a listing of the files on the CD.
COPY OR MOVE FILES
cp -p /cdrom/somefile.conf /some/directory/on/hard/drive/

UNMOUNT CD-ROM DISK
Once we are finished using the CD-ROM disk, before we remove it, enter:
umount /cdrom

Berawal dari insiden matinya source streaming server saya kemarin, saya tak tahu kalau mati *dudulzmodeon*, HP lagi masuk bengkel ples sore itu saya sedang mengunjungi bu dokter jadi tidak ada koneksi internet sama sekali.
Dari dokter gigi saya ke matos ma adek..baru tahu setelah yang shift call ke hp adekQ. Fyuh.. matinya lmy lama *sighhh* gara2 yg jaga juga kagak ngerti adudududu...

So, hari ini otakku yang makin lama makin aus karena jrg digunakan :P mulai dikit2 bekerja.. gimana kalo dibuatin script aja biar ngecek tiap bbrp menit sekali.

Nih contohnya scriptnya, kasih aja nama /etc/cekecek
#!/bin/sh
SERVICE=httpd;
if ps ax | grep -v grep | grep $SERVICE > /dev/null
then
echo "$SERVICE service running, everything is fine"
else
echo "$SERVICE is not running"
/etc/rc.d/http
fi

Masukin ke crontab, oven tiap 1 jam sekali :P
59 * * * * /etc/cekecek

Sodara2 sering remote dan tiba² pas lagi khusyuk²nya install sesuatu tiba-tiba koneksi putus. Jadi sebel bin ambien kan...
Hehehe kebetulan setelah ngintip blognya om Giest ada solusinya niy. Yups, qta bisa nginstall yg namanya screen, tutor berikut diambil dari postingannya om Giest.


#cd /usr/ports/sysutils/screen
make install clean

PEMAKAIAN

Perintah-perintah di screen yang penting sbb :

screen

ctrl a c = membuat session screen baru
ctrl a p = berpindah antar screen session
ctrl a d = keluar dari screen session tanpa mematikan proses yang sedang dilakukan.
exit = keluar dari screen setelah proses yang sedang dilakukan selesai

CONTOH

Ketikan screen untuk memulai screen session, apabila pertama kali maka ini adalah screen session satu-satunya sementara apabila anda pernah membuat screen session sebelumnya, maka perintah ini akan memulai screen session baru tanpa mengganggu session sebelumnya.

kemudian ketikan perintah yang ingin anda lakukan misalnya top, setelah top berjalan kemudian andaketikan ctrl a c untuk membuat screen baru dan anda akan mendapatkan screen kosong yang lain. Disini anda bisa melakukan perintah yang lain seperti misalnya ping ke host yang anda inginkan.

Setelah semua proses diatas berjalan untuk berpindah antar screen tadi (dari perintah top ke ping) anda cukup mengetikan ctrl a p dan anda pun sudah kembali ke screen berikutnya.

Untuk keluar dari screen tanpa mematikan proses screen tadi, anda cukup mengetikan ctrl a d maka anda akan kembali ke shell dan bukan di screen lagi. Apabila anda kemudian keluar atau mematikan remote koneksi maka session screen anda tetap berjalan.
Apabila anda karena alasan tertentu putus koneksi dengan server yang anda remote anda dan belum sempat keluar dari screen jangan takut karena proses yang anda lakukan tetap berjalan anda tinggal melanjutkan nya saja.

Untuk melanjutkan session screen pertama anda harus login dengan user yang membuat screen session. User yang lain tidak akan bisa melanjutkan (resume) session screen milik user yang lain.

Setelah anda login dengan user bersangkutan sekarang ketikan screen -r apabila anda sebelumnya memiliki session screen lebih dari satu silahkan cek terlebih dahulu dengan cara seperti berikut ini

/usr/local/bin/screen screen -ls
There are screens on:
96050.ttyp0.giest (Detached)
96172.ttyp0.giest (Detached)
2 Sockets in /tmp/screens/S-root.
/usr/local/bin/screen screen -ls
There are screens on:
96050.ttyp0.giest (Detached)
96172.ttyp0.giest (Detached)
2 Sockets in /tmp/screens/S-root.

Seperti terlihat bahwa ada dua session screen yang aktif untuk masuk dan mempergunakan session yang aktif lakukan perintah berikut ini

screen -r 96172.ttyp0.giest
screen -r 96172.ttyp0.giest
maka anda sekarang akan bekerja di screen tersebut sementara screen session yang lain tetap aman.

Ok sekarang tidak perlu lagi takut melakukan pekerjaan yang memerlukan waktu lama secara remote cukup buka screen dan koneksi putus bukan masalah lagi.

taken from giest.org

make pretty-print-build-depends-list
make pretty-print-run-depends-list

make -V RUN_DEPENDS and make -V BUILD_DEPENDS

You can use this to check for the value of any make variable (LIB_DEPENDS, OPTIONS, WITH_*, WITHOUT_*, etc).


# cd /usr/ports/category/port
# make build-depends-list
# make run-depends-list

Learn some of the basic steps you can take to make your FreeBSD system more secure.
1. set additional flags on your /tmp and /home directories. I will show you how to see your current flags and how to change them[root]# mount/dev/ad0s1a on / (ufs, local)/dev/ad0s1f on /tmp (ufs, local, nodev, nosuid, soft-updates)/dev/ad0s1g on /usr (ufs, local, soft-updates)/dev/ad0s1e on /var (ufs, local, soft-updates)/dev/ad0s1h on /home (ufs, local, nosuid, with quotas, soft-updates)procfs on /proc (procfs, local)
The two partitions above are the ones we will be adding flags for. As you can see I added nodev and nosuid on /tmp and nosuid and quotas on /home
nodev - stops character or block special devices on the filesystemnosuid - disables suid programs from being run from this filesystemquotas - to limit the amount of disk space that your users may use
You can set these flags in /etc/fstab file
the /tmp directory is a world writable directory so taking these additional steps is a good idea
2. Set your system security level. For most machines there is no reason to run in securelevel -1, unless you wish to run X-Windows on the machine. If you would like to run a server it is best NOT to run X and step up your kernel security level to 1.
Changing this to 1 will mean that you may no longer replace the kernel without being in single user mode (system immutable and system append-only flags are also enforced), KLD's may not be loaded/unloaded and /dev/mem and /dev/kmem may not be opened for writing. To change the security level do the following:
[root]# sysctl kern.securelevel=1
to make this change permanent add the following to/etc/rc.conf:
kern_securelevel_enable="YES"kern_securelevel="1"
3.Remove the toor user.
By default, FreeBSD ships with an additional user that has a UID of 0. This user is known as toor (root backwards), and is intended as a backup user, so that if you mistakenly broke (for eg) root's shell, you could log in using this user and fix things. The account is disabled (passwordless) by default, and hence of no use UNLESS you change it's password. You may either choose to set a password for it, or remove it.
It should be noted that the rmuser(8) command will not allow the deletion of an account with a UID of 0, so you will need to use vipw(8) to remove this account.
4. Shutdown and services you are not using
[root]# netstat -na grep LISTENtcp46 0 0 *.80 *.* LISTENtcp4 0 0 *.22 *.* LISTENtcp46 0 0 *.22 *.* LISTEN
This shows that http(80) and ssh(22) are listening. If you have a process listening and you're unsure of what process is keeping that port open you may use sockstat(1) to list open sockets and provide you with the relevant information
You can all see anything listening for UDPnetstat -nap udpudp4 0 0 *.514 *.*
Here, you see that syslogd is listening on port 514 (UDP). You can disable syslogd from listening on a port by changing/etc/rc.confsyslogd_enable="YES"syslogd_flags="-ss"
5. Setup packets being sent to non-listening ports to be ignored and go to a 'Black Hole'
[root]# sysctl net.inet.tcp.blackhole=1
to make this change permanent modify/etc/rc.conf
net.inet.tcp.blackhole=1net.inet.udp.blackhole=1
6. KEEP YOUR PACKAGES AND OS CURRENT.
I have an article here on how to automatically update your freeBSD box. I would suggest you set this up!

Pertama install dulu freebsd-update
# whereis freebsd-update
freebsd-update: /usr/local/sbin/freebsd-update
# cd /usr/local/sbin/freebsd-update
make install clean

cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf
# rehash
# freebsd-update fetch
# freebsd-update install

Untuk mengetahui jenis shell yang sedang kita gunakan ketik :
# echo $SHELL
/bin/csh

atau dgn perintah berikut :

office-mlg# ps -p $$
PID TT STAT TIME COMMAND
59155 p0 S 0:00.04 /bin/csh

Untuk melihat shell apa saja yang tersedia di FreeBSDBox-mu ketik :
# more /etc/shells
/bin/sh
/bin/csh
/bin/tcsh
/usr/local/bin/bash

Ada satu tips lagih.. coba aja :

chmod 0750 `which curl` 2 > & - ; chmod 0750 `which fetch` 2 > & - ; chmod 0750 `which wget` 2 > & -

#!/bin/bash
USERS="$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}'
/etc/passwd2 | cut -d: -f1)"
for u in $USERS
do
pw lock $u
done

Where
NF : Total number of record (so only continue if we have more than one record in password file)
$1 : First field in /etc/master.passwd
$2 : Second filed in /etc/master.passwd
$1 !~ /^[#+-]/ : It compares first field (user login name) and make sure it does not starts with either +,- or # symbol

How does it work?
1) Awk statement read each line in /etc/master.passwd where fields separated by : symbol
2) Account has no password if password field ($2) in /etc/master.passwd is empty

Once you found all such passwordless account., you can Lock user account with the following command:
pw lock {username}

# pw lock s2099msFor unlocking the account use:
pw unlock {username}

# pw unlock s2099ms

Sebelumnya install rkhunter paling engga, qta musti punya : wget | curl | elinks | links | lynx bget GET

# fetch http://optusnet.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
unpack the tarball and, as root, run the installation script:
tar zxf rkhunter-.tar.gz
cd rkhunter
./installer.sh --layout default --install
atau
./installer.sh --layout custom /usr/local/ --install

To show where files are installed using the "oldschool" layout run:

./installer.sh --layout oldschool --show
PREFIX: /usr/local
Application: /usr/local/bin
Configuration file: /usr/local/etc
Documents: /usr/local/rkhunter/lib/rkhunter/docs
Man page: /usr/local/rkhunter/lib/man/man8
Scripts: /usr/local/rkhunter/lib/rkhunter/scripts
Databases: /usr/local/rkhunter/lib/rkhunter/db
Temporary files: /usr/local/rkhunter/lib/rkhunter/tmp

./rkhunter --update
./rkhunter -c

Before running RKH you will need to fill the file properties database by
running the following command:

rkhunter --propupd


To run RKH, as root, simply enter the following command:

rkhunter --check


By default, the log file '/var/log/rkhunter.log' will be created. It
will contain the results of the checks made by RKH.

To see what other options can be used with rkhunter, enter:

rkhunter --help


NOTE: The first run of 'rkhunter' after installation may give some
warning messages. Please see the FAQ file for more details
about this.

Uninstall

tar zxf rkhunter-.tar.gz
cd rkhunter
./installer.sh --layout default --remove

If you chose a different layout, for example '/usr', then run the
installer using:

./installer.sh --layout /usr --remove

"ls -G", "ls -F" atau "ls -FG"
Gunakan untuk directory listing berwarna ;)

'set autolist'
pada tcsh shell digunakan u/ scr otomatis menampilkan semua kemungkinan saat melakukan ekspansi file/directory

'set autologout = 30'
jika idle lbh dari 30 menit akan dilogout (u/ tcsh shell)

`set filec'
mengaktifkan (file completion) dlm tcsh dengan menekan TAB

`set watch = (0 any any)'
Untuk mengaktifkan notifikasi jika ada user log in/out.

set prompt = '%n@%m:%/%# '
contoh tampilan rahm@server:/usr# u/ bold sbb : set prompt = '[%B%m%b] %B%~%b%# '

grep "string" filename1 [filename2 filename3 ...]
mencari suatu string dari suatu file

Setting alias u/ memendekkan perintah
alias lf="ls -FA"
alias ll="ls -lA"
alias su="su -m"

di csh or tcsh, spt ini :
alias lf ls -FA
alias ll ls -lA
alias su su -m
ketik 'alias' untuk melihat daftar alias yang ada

Lihat /etc/rc untuk melihat loading system.

whereis 'namaprog'
Gunakan untuk mencari binary, manual atau source dir. dari suatu program.

Ctrl-D
Gunakan untuk exit/logout dr shell.

"du -s * sort -n "
U. list directory dan sizenya.

Mixer
U. mengatur volume peripheral sound.

pkg_add -r
automatically download and install binary packages and it's dependency.


Mencari port tertentu?, ketik berikut pada dir. /usr/ports
"make search port="
or
"make search key=""


swapinfo
menampilkan virtual memory

"zcat" atau "zmore"
U/ membaca file terkompresi tanpa ekstraksi

du /partition_or_directory_name sort -rn head
Untuk melihat 10 file terbesar dlm dir. / partisi

file namafile
Untuk melihat apakah textfile, exe atau tipe file lain.

col -bx <> newfile
Untuk meremove karakter ^M pada DOS file

lock -p
Untuk melock terminal.

dig -x IP-address
U. melihat hostname suatu ip

Tambahkan berikut pada C Shell u/ melindungi core files dari penulisan.
limit coredumpsize 0

"leave +hhmm"
Untuk men-set reminder terminal

"sockstat -4l"
Need to see which daemons are listening for connection requests? Use
for IPv4, and "sockstat -l" for IPv4 and IPv6.

": > filename"
Untuk mengosongkan file

ls -R / more
melihat seluruh directory sistem


translated from : http://nixdoc.net/FreeBSD-Tips/