Freebsd Essentials

Updating the Base FreeBSD Operating System

freebsd-update fetch install



pkg info pkg (welche version ist installiert)
pkg info (alle installierten anzeigen)
pkg install packagename
pkg delete packagename
pkg upgrade (alle Pakete updaten)
pkg audit -F
pkg autoremove


portsnap fetch
portsnap update
portsnap fetch update

cd /usr/ports/sysutils/lsof
make config-recursive
make install
make clean

make deinstall

pkg version -l "<" (Ports mit verfügbaren Updates anzeigen)
portmaster -L (alle anzeigen)
portmaster -a (alle updaten)


Dateiausgabe ohne Kommentar -und Leerzeilen

Bei langen Konfigurationsdateien kann es manchmal hilfreich sein, die Kommentarzeilen und Leerzeilen zu entfernen um eine übersichtliche „saubere“ Konfig-Datei zu erzeugen.

Das folgende Kommando gibt die Datei namens filename auf der Kommandozeile aus:

egrep -v '^s*$|^#' filename

Will man direkt eine neue Datei erzeugen, so kann man den Output umleiten:

egrep -v '^s*$|^#' filename >


Mit sed sieht das Ganze dann so aus:

  • Ausgabe der Datei inputFile auf der Kommandozeile
sed -e 's/#.*$//' -e '/^$/d' filename
  • Direktes Editieren der Datei filename ohne Ausgabe (Die Anführungszeichen für den -i Parameter können bei Linux entfallen)
sed -i '' -e 's/#.*$//' -e '/^$/d' filename

Vorsicht! Fehlerhafte sed Expressions können die Datei beim inplace Editieren unbrauchbar machen. Wenn man sich nicht sicher ist, sollte man lieber ein Backup-Dateiendung beim Parameter -i nutzen.

sed -i.bak -e 's/#.*$//' -e '/^$/d' filename

Wenn die Kommentarzeichen in den Dateien keine Rauten sind, muss man die Zeichen in den Expressions entsprechend ersetzen.

0-Day Exploit „Apache-Killer“

Today I read about a 0-day exploit for the apache webserver on

A quick test if the webserver on my debian VPS is also vulnerable was successful. 🙁

But the proposed workaround works quite well for me.
Here are the steps, that I did to prevent my own apache webserver from being exploited (default apache2 installation debian squeeze):

#edit /etc/apache2/conf.d/security and add the following line (e.g. at the end of the file):
RequestHeader unset Range
#reload apache
/etc/init.d/apache2 reload


perl 50
host seems vuln
ATTACKING [using 50 forks]


perl 50
Host does not seem vulnerable

GREAT! 🙂 Simply trick, but works fine.

Ubuntu Surfstation

For a public surfstation available for free we needed to have a system, that just simply always works. No user should be able to reset any configuration-settins, change the wallpaper, modify favorites or anything like that. The decision of the operating system was easy: Linux! 🙂

The needed tasks to install this system are the following:

– Download and install Ubuntu (the „Gnome Edition“) with all updates (there should be tons of howtos for this in the net)

– During the installation create a user that will be automatically logged in.

– Disable all keyboard-shortcuts in the system-settings dialogue.

– Install the following two addons in Firefox: BlockSite and OpenKiosk
In the OpenKiosk Adminscreen (can be started directly from Firefox) you can customize your „hardened“ Firefox. I personally set fullscreen mode, increased the reset interval to 3 minutes, enabled a 30 seconds warning before the reset and removed the Print button and zoom controls.

– Configure Firefox to start automatically when the user logs in.

– Create the file /etc/X11/xorg.conf with the following content. This disables the Ctrl+Alt+F1,Ctrl+Alt+F2, etc. shortcuts for switching through the gettys.

Section "ServerFlags"
Option "DontVTSwitch" "true"

– Mount the root Filesystem readonly with the aufs Filesystem. This ensures that a reboot of the Surfstation/Terminal resets everything to default settings (although there shouldn’t be many changes besides the browser history) Here is a great Tutorial for that.

VMWare: Debian NICs don’t come up after removing and adding virtual network card

A long time has passed after the last post to this blog. But I’m still alive and today there will be another. 😉

Yesterday I stumbled upon some problems in our virtual infrastructure regarding the Debian Linux Servers. For several reasons (most important is a dedicated network for NFS) i needed to add another virtual network card to those servers. I also removed the existing card, because the type of that card was still „Flexible“ and I wanted to change that to „E1000“ anyway.

So in short: 1 card (Flexible) was removed, 2 cards (E1000) were added. Sounds easy, but it wasn’t! 🙁

SIOCSIFADDR: No such device
eth0: ERROR while getting interface flags: No such device
SIOCSIFADDR: No such device
SIOCSIFADDR: No such device
eth0: ERROR while getting interface flags: No such device
eth0: ERROR while getting interface flags: No such device

The interfaces don’t come up and i had no idea why!

After some investigation this issue seemed to be related to udev. The MAC address of the old NIC was still in the file /etc/udev/rules.d/z25_persistent-net.rules, but of course the MAC has changed after migrating to the new E1000 card.

The solution is to edit the above mentioned file and replace the wrong MAC address value(s) with the new ones.

After that the appropriate servies need to be restarted:

/etc/init.d/udev restart
/etc/init.d/networking restart

or in short:


That’s it! 🙂

How to create Colorkey images with GIMP

Note to myself:

1. File => Open
2. Image => Mode => Grayscale
3. Edit => Copy
4. Edit => Undo
5. Layer => New => Transparency => ok
6. Edit => Paste
7. Layer => Anchor Layer
8. Layer => Mask => Add Layer Mask => White (full opacitiy) => Add
9. Now use the Paintbrush-Tool to (re)color the parts of the image you like

Here’s a sample image:

Colorkey image made with GIMP
Colorkey image made with GIMP