Diff for /wikisrc/the_netbsd_system_manager__39__s_manual.mdwn between versions 1.1 and 1.2

version 1.1, 2011/11/21 03:22:58 version 1.2, 2012/02/05 07:14:36
Line 1 Line 1
 This is the NetBSD System Manager's Manual, derived from the [bsdwiki book](http://bsdwiki.reedmedia.net/).  This is the NetBSD System Manager's Manual, derived from the [bsdwiki book](http://bsdwiki.reedmedia.net/). 
   
 **Contents**  **Contents**
   
 [[!toc levels=3]]  [[!toc levels=3]]
   
 #  Installing and Upgrading NetBSD  #  Installing and Upgrading NetBSD 
   
 ##  Recognize the installation program used by NetBSD  ##  Recognize the installation program used by NetBSD 
   
 ##  Recognize which commands are available for upgrading  ##  Recognize which commands are available for upgrading 
   
 ##  Understand the difference between a pre-compiled binary and compiling from source  ##  Understand the difference between a pre-compiled binary and compiling from source 
   
 ##  Understand when it is preferable to install a pre-compiled binary and how to do so  ##  Understand when it is preferable to install a pre-compiled binary and how to do so 
   
 if cpu power is low and or disk space is limited.  if cpu power is low and or disk space is limited. 
   
 ##  Recognize the available methods for compiling a customized binary  ##  Recognize the available methods for compiling a customized binary 
   
 ##  Determine what software is installed on a system  ##  Determine what software is installed on a system 
   
 To obtain a list of all third-party software installed on a NetBSD system using the [pkgsrc](http://www.pkgsrc.org) package management system, execute the [pkg_info(1)](http://netbsd.gw.com/cgi-bin/man-cgi?pkg_info++NetBSD-current) command with no arguments.  To obtain a list of all third-party software installed on a NetBSD system using the [pkgsrc](http://www.pkgsrc.org) package management system, execute the [pkg_info(1)](http://netbsd.gw.com/cgi-bin/man-cgi?pkg_info++NetBSD-current) command with no arguments. 
   
 $ pkg_info  $ pkg_info
          
   
 ##  Determine which software requires upgrading  ##  Determine which software requires upgrading 
   
 To determine which software requires upgrading, you have to install pkg_chk first, which is available in [pkgtools/pkg_chk](http://pkgsrc.se/pkgtools/pkg_chk) from pkgsrc. When done, asure that your pkgsrc tree is up to date and enter:  To determine which software requires upgrading, you have to install pkg_chk first, which is available in [pkgtools/pkg_chk](http://pkgsrc.se/pkgtools/pkg_chk) from pkgsrc. When done, asure that your pkgsrc tree is up to date and enter: 
   
     # pkg_chk -q -u      # pkg_chk -q -u
          
   
 to see which packages needs to be upgraded.  to see which packages needs to be upgraded. 
   
 ##  Upgrade installed software  ##  Upgrade installed software 
   
 There are many ways to upgrade installed software use one of the following  There are many ways to upgrade installed software use one of the following 
   
   * pkgtools/[pkg_rolling-replace](http://pkgsrc.se/pkgtools/pkg_rolling-replace)    * pkgtools/[pkg_rolling-replace](http://pkgsrc.se/pkgtools/pkg_rolling-replace)
   * pkgtools/[pkg_chk](http://pkgsrc.se/pkgtools/pkg_chk)    * pkgtools/[pkg_chk](http://pkgsrc.se/pkgtools/pkg_chk)
   
 or use `make update` in the pkgsrc directory of the package that needs to be updated.  or use `make update` in the pkgsrc directory of the package that needs to be updated. 
   
 ##  Determine which software have outstanding security advisories  ##  Determine which software have outstanding security advisories 
   
 You can use pkgsrc's auditing feature to (periodicaly) check for package vulnerabilites.  You can use pkgsrc's auditing feature to (periodicaly) check for package vulnerabilites. 
   
 Install [security/audit-packages](http://pkgsrc.se/security/audit-packages) first.  Install [security/audit-packages](http://pkgsrc.se/security/audit-packages) first. 
   
 _If you dont know how to install a package, read the section about installing packages, or the [pkgsrc user guide](http://www.netbsd.org/docs/pkgsrc/).  _If you dont know how to install a package, read the section about installing packages, or the [pkgsrc user guide](http://www.netbsd.org/docs/pkgsrc/).
   
 To audit the packages, you have to download the vulnerability list:  To audit the packages, you have to download the vulnerability list: 
          
     # download-vulenability-list      # download-vulenability-list
          
   
 You can put the following to your crontab to automate this:  You can put the following to your crontab to automate this: 
          
     0 3 * * * /usr/pkg/sbin/download-vulnerability-list >/dev/null 2>&1      0 3 * * * /usr/pkg/sbin/download-vulnerability-list >/dev/null 2>&1
          
   
 This will update the vulnerability list every day at 3AM. You may wish to do this more often than once a day.  This will update the vulnerability list every day at 3AM. You may wish to do this more often than once a day. 
   
 You can also ask NetBSD to include the vulnerability check in the security report:  You can also ask NetBSD to include the vulnerability check in the security report: 
   
 Put this into `/etc/security.local`:  Put this into `/etc/security.local`: 
          
     if [ -x /usr/pkg/sbin/audit-packages ]; then      if [ -x /usr/pkg/sbin/audit-packages ]; then
             /usr/pkg/sbin/audit-packages              /usr/pkg/sbin/audit-packages
     fi      fi
          
   
 ##  Follow the instructions in a security advisory to apply a security patch  ##  Follow the instructions in a security advisory to apply a security patch 
   
 #  Securing the NetBSD Operating System  #  Securing the NetBSD Operating System 
   
 ##  Determine the system's security level  ##  Determine the system's security level 
   
 See the value of `kern.securelevel` (cf. [sysctl(8)](http://netbsd.gw.com/cgi-bin/man-cgi?sysctl+8+NetBSD-current)) :  See the value of `kern.securelevel` (cf. [sysctl(8)](http://netbsd.gw.com/cgi-bin/man-cgi?sysctl+8+NetBSD-current))
   
 $ sysctl kern.securelevel  $ sysctl kern.securelevel
     kern.securelevel = 1      kern.securelevel = 1
          
   
 ##  Recognize basic recommended access methods  ##  Recognize basic recommended access methods 
   
 ##  Configure an SSH server according to a set of requirements  ##  Configure an SSH server according to a set of requirements 
   
 Edit `/etc/ssh/sshd_config`. When all seems fine, relaunch [sshd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?sshd++NetBSD-current) daemon with :  Edit `/etc/ssh/sshd_config`. When all seems fine, relaunch [sshd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?sshd++NetBSD-current) daemon with : 
   
     # /etc/rc.d/sshd restart      # /etc/rc.d/sshd restart
          
   
 If you are working remotely via an SSH connexion, don't worry: with privileges separation (as default), your working connexion won't be claused.  If you are working remotely via an SSH connexion, don't worry: with privileges separation (as default), your working connexion won't be claused. 
   
 ##  Configure an SSH server to use a key pair for authentication  ##  Configure an SSH server to use a key pair for authentication 
   
 In `/etc/ssh/sshd_config`, uncomment lines:  In `/etc/ssh/sshd_config`, uncomment lines: 
          
     PasswordAuthentication no      PasswordAuthentication no
     PermitEmptyPasswords no      PermitEmptyPasswords no
          
   
 If you want to connect as root (don't do this), at least use keys with:  If you want to connect as root (don't do this), at least use keys with: 
          
     PermitRootLogin without-password      PermitRootLogin without-password
          
   
 Don't forget to relaunch daemon.  Don't forget to relaunch daemon. 
   
 ##  Preserve existing SSH host keys during a system upgrade  ##  Preserve existing SSH host keys during a system upgrade 
   
 The SSH keys live under `/etc/ssh`. Just [tar(1)](http://netbsd.gw.com/cgi-bin/man-cgi?atr++NetBSD-current) up all key files and extract the archive on the new system.  The SSH keys live under `/etc/ssh`. Just [tar(1)](http://netbsd.gw.com/cgi-bin/man-cgi?atr++NetBSD-current) up all key files and extract the archive on the new system. 
   
 ##  Recognize alternate authentication mechanisms  ##  Recognize alternate authentication mechanisms 
   
 ##  Recognize alternate authorization schemes  ##  Recognize alternate authorization schemes 
   
 ##  Recognize firewalls and rulesets  ##  Recognize firewalls and rulesets 
   
 To see input rules:  To see input rules: 
          
     # ipfstat -hin      # ipfstat -hin
          
   
 `-o` (instead of `-i`) option gives output rules. `-6` option manipulates IPv6 rules. `-n` display groups and rules numbers, useful when searching from logs.  `-o` (instead of `-i`) option gives output rules. `-6` option manipulates IPv6 rules. `-n` display groups and rules numbers, useful when searching from logs. 
   
 IPNAT rules can be listed with:  IPNAT rules can be listed with: 
          
     # ipnat -l      # ipnat -l
          
   
 ##  Recognize utilities that shape traffic or control bandwidth  ##  Recognize utilities that shape traffic or control bandwidth 
   
 ##  Recognize mechanisms for encrypting devices  ##  Recognize mechanisms for encrypting devices 
          
     $ man cgd      $ man cgd
          
   
 ##  Recognize methods for verifying the validity of binaries  ##  Recognize methods for verifying the validity of binaries 
   
 By default, `/etc/daily` launch `/etc/security` which uses [mtree(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mtree++NetBSD-current).  By default, `/etc/daily` launch `/etc/security` which uses [mtree(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mtree++NetBSD-current). 
   
   
 To check if [veriexec(4)](http://netbsd.gw.com/cgi-bin/man-cgi?veriexec++NetBSD-current) is up:  To check if [veriexec(4)](http://netbsd.gw.com/cgi-bin/man-cgi?veriexec++NetBSD-current) is up: 
          
   
 $ sysctl kern.veriexec.strict  $ sysctl kern.veriexec.strict
     kern.veriexec.strict=1      kern.veriexec.strict=1
          
   
 Read [veriexec chapter](http://www.netbsd.org/docs/guide/en/chap-veriexec.html) from [NetBSD Guide](http://www.netbsd.org/docs/guide/en/) for more information.  Read [veriexec chapter](http://www.netbsd.org/docs/guide/en/chap-veriexec.html) from [NetBSD Guide](http://www.netbsd.org/docs/guide/en/) for more information. 
   
 ##  Enable exploit mitigation  ##  Enable exploit mitigation 
   
 Follow advices in [security(8)](http://netbsd.gw.com/cgi-bin/man-cgi?security++NetBSD-current) man page.  Follow advices in [security(8)](http://netbsd.gw.com/cgi-bin/man-cgi?security++NetBSD-current) man page. 
   
   
 ##  Recognize methods for restraining a service  ##  Recognize methods for restraining a service 
   
   * [chroot(8)](http://netbsd.gw.com/cgi-bin/man-cgi?chroot+8+NetBSD-current)    * [chroot(8)](http://netbsd.gw.com/cgi-bin/man-cgi?chroot+8+NetBSD-current)
   * [systrace(1)](http://netbsd.gw.com/cgi-bin/man-cgi?systrace+1+NetBSD-current)    * [systrace(1)](http://netbsd.gw.com/cgi-bin/man-cgi?systrace+1+NetBSD-current)
   * [Xen](http://www.netbsd.org/ports/xen)    * [Xen](http://www.netbsd.org/ports/xen)
   
 ##  Modify the system banner  ##  Modify the system banner 
   
 Edit `/etc/motd`.  Edit `/etc/motd`. 
   
 You can also add a banner before SSH connexion; to do that, add:  You can also add a banner before SSH connexion; to do that, add: 
          
     Banner /etc/ssh/issue      Banner /etc/ssh/issue
          
   
 in `/etc/ssh/sshd_config` and put what you want to be displayed before SSH auth in file `/etc/ssh/issue`.  in `/etc/ssh/sshd_config` and put what you want to be displayed before SSH auth in file `/etc/ssh/issue`. 
   
 #  Files, Filesystems and Disks  #  Files, Filesystems and Disks 
   
 ##  Mount or unmount local filesystems  ##  Mount or unmount local filesystems 
   
 To mount a file system, use the [mount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mount++NetBSD-current) command. The general syntax is:  To mount a file system, use the [mount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mount++NetBSD-current) command. The general syntax is: 
          
   
     # mount [options] device_node mount_point      # mount [options] device_node mount_point
          
   
 The available options may be found in the man page. Typically, it will be necessary to at least use the `-t` command to specify the type of filesystem to be mounted. For example, to mount a CD-ROM device, specify the ISO 9660 format with a command like the following:  The available options may be found in the man page. Typically, it will be necessary to at least use the `-t` command to specify the type of filesystem to be mounted. For example, to mount a CD-ROM device, specify the ISO 9660 format with a command like the following: 
          
     # mount -t cd9660 /dev/cd0d /mnt/cdrom      # mount -t cd9660 /dev/cd0d /mnt/cdrom
          
   
 To unmount a mounted filesystem, use the [umount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?umount++NetBSD-current) command. To unmount the mounted filesystem `/mnt/cdrom`, simply execute:  To unmount a mounted filesystem, use the [umount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?umount++NetBSD-current) command. To unmount the mounted filesystem `/mnt/cdrom`, simply execute: 
          
     # umount /mnt/cdrom      # umount /mnt/cdrom
          
   
 Note that unmounting a filesystem will fail if any running process has a directory in that filesystem as its present working directory. For example:  Note that unmounting a filesystem will fail if any running process has a directory in that filesystem as its present working directory. For example: 
          
     # mount -t cd9660 /dev/cd0d /mnt/cdrom      # mount -t cd9660 /dev/cd0d /mnt/cdrom
     # cd /mnt/cdrom      # cd /mnt/cdrom
     # umount /mnt/cdrom      # umount /mnt/cdrom
     umount: /mnt/cdrom: Device busy      umount: /mnt/cdrom: Device busy
     # cd      # cd
     # umount /mnt/cdrom      # umount /mnt/cdrom
     #      #
          
   
 ##  Configure data to be available through NFS  ##  Configure data to be available through NFS 
   
 Let's share `/export/data`. Create the file `/etc/exports` as:  Let's share `/export/data`. Create the file `/etc/exports` as: 
          
     $ cat /etc/exports      $ cat /etc/exports
     /export/data -maproot=nobody -ro -network 192.168.1.0 -mask 255.255.255.0      /export/data -maproot=nobody -ro -network 192.168.1.0 -mask 255.255.255.0
          
   
 Here, the file system will be read only (option `-ro`), available only for clients from `192.168.1.0/24` and root access from clients will be mapped as `nobody` access on server (we don't have confidence with our clients). The syntax and options are documented in [exports(5)](http://netbsd.gw.com/cgi-bin/man-cgi?exports+5+NetBSD-current).  Here, the file system will be read only (option `-ro`), available only for clients from `192.168.1.0/24` and root access from clients will be mapped as `nobody` access on server (we don't have confidence with our clients). The syntax and options are documented in [exports(5)](http://netbsd.gw.com/cgi-bin/man-cgi?exports+5+NetBSD-current). 
   
 We have to start [rpcbind(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpcbind+8+NetBSD-current), [mountd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mountd+8+NetBSD-current), [rpc.lockd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.lockd+8+NetBSD-current), [nfsd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?nfsd+8+NetBSD-current) and [rpc.statd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.statd+8+NetBSD-current). In order to do that, edit `/etc/rc.conf` and set:  We have to start [rpcbind(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpcbind+8+NetBSD-current), [mountd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mountd+8+NetBSD-current), [rpc.lockd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.lockd+8+NetBSD-current), [nfsd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?nfsd+8+NetBSD-current) and [rpc.statd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.statd+8+NetBSD-current). In order to do that, edit `/etc/rc.conf` and set: 
          
 rpcbind=YES   rpcbind_flags="-l"  rpcbind=YES   rpcbind_flags="-l"
     mountd=YES      mountd=YES
     nfs_server=YES      nfs_server=YES
     statd=YES      statd=YES
     lockd=YES      lockd=YES
          
   
 The flag `-l` tells [rpcbind(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpcbind+8+NetBSD-current) to use _libwrap_ ([hosts_options(5)](http://netbsd.gw.com/cgi-bin/man-cgi?hosts_options+5+NetBSD-current)). Edit the `/etc/hosts.access` and set:  The flag `-l` tells [rpcbind(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpcbind+8+NetBSD-current) to use _libwrap_ ([hosts_options(5)](http://netbsd.gw.com/cgi-bin/man-cgi?hosts_options+5+NetBSD-current)). Edit the `/etc/hosts.access` and set: 
          
 rpcbind: 192.168.1.0/255.255.255.0 ALLOW  rpcbind: 192.168.1.0/255.255.255.0 ALLOW
          
   
 to allow clients to connect to the server.  to allow clients to connect to the server. 
   
 On the clients, we have to start [rpcbind(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpcbind+8+NetBSD-current), [rpc.statd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.statd+8+NetBSD-current) and [rpc.lockd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.lockd+8+NetBSD-current); edit `/etc/rc.conf` and set:  On the clients, we have to start [rpcbind(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpcbind+8+NetBSD-current), [rpc.statd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.statd+8+NetBSD-current) and [rpc.lockd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rpc.lockd+8+NetBSD-current); edit `/etc/rc.conf` and set: 
          
 rpcbind=YES   rpcbind_flags="-l"  rpcbind=YES   rpcbind_flags="-l"
     nfs_client=YES      nfs_client=YES
     statd=YES      statd=YES
     lockd=YES      lockd=YES
          
   
 Now, lets mount the file system on the client:  Now, lets mount the file system on the client: 
          
     # mount -o ro server:/export/data /data      # mount -o ro server:/export/data /data
     $ mount | grep data      $ mount | grep data
     server:/export/data on /data type nfs (read-only)      server:/export/data on /data type nfs (read-only)
          
   
 Don't forget to add a line in `/etc/fstab` ([fstab(5)](http://netbsd.gw.com/cgi-bin/man-cgi?fstab+5+NetBSD-current)):  Don't forget to add a line in `/etc/fstab` ([fstab(5)](http://netbsd.gw.com/cgi-bin/man-cgi?fstab+5+NetBSD-current)): 
          
   
 server:/export/data /data nfs ro 0 0  server:/export/data /data nfs ro 0 0
          
   
 to mount the file system at boot time. That's all.  to mount the file system at boot time. That's all. 
   
 See the NetBSD Guide [[1]](http://www.netbsd.org/docs/guide/en/chap-net-misc.html#chap-net-misc-nfs) for more details.  See the NetBSD Guide [[1]](http://www.netbsd.org/docs/guide/en/chap-net-misc.html#chap-net-misc-nfs) for more details. 
   
 ##  Determine which filesystems are currently mounted and which will be mounted at system boot  ##  Determine which filesystems are currently mounted and which will be mounted at system boot 
   
 A list of currently mounted filesystems can be obtained by running the [mount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mount++NetBSD-current) command without any arguments.  A list of currently mounted filesystems can be obtained by running the [mount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mount++NetBSD-current) command without any arguments. 
   
 The file [fstab(5)](http://netbsd.gw.com/cgi-bin/man-cgi?fstab++NetBSD-current) in `/etc` contains information about which files are mounted at system boot and what options they are mounted with, whether they should be [fsck(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fsck++NetBSD-current)ed and if so in what order, etc.  The file [fstab(5)](http://netbsd.gw.com/cgi-bin/man-cgi?fstab++NetBSD-current) in `/etc` contains information about which files are mounted at system boot and what options they are mounted with, whether they should be [fsck(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fsck++NetBSD-current)ed and if so in what order, etc. 
   
 ##  Determine disk capacity and which files are consuming the most disk space  ##  Determine disk capacity and which files are consuming the most disk space 
   
 Disk capacity:  Disk capacity: 
          
     $ df -h      $ df -h
          
   
 Find the size of files in a directory:  Find the size of files in a directory: 
          
     $ du -sk      $ du -sk
          
   
 Report by file size:  Report by file size: 
          
     $ du -k | sort -n      $ du -k | sort -n
          
   
 ##  Create and view symbolic or hard links  ##  Create and view symbolic or hard links 
   
 Symbolic link:  Symbolic link: 
          
     $ ln -s sourcefile targetfile      $ ln -s sourcefile targetfile
          
   
 Hard link:  Hard link: 
          
     $ ln sourcefile targetfile      $ ln sourcefile targetfile
          
   
 ##  View file permissions and modify them using either symbolic or octal mode  ##  View file permissions and modify them using either symbolic or octal mode 
   
 View file permissions:  View file permissions: 
          
     $ ls -l filename      $ ls -l filename
          
   
 Change file permissions  Change file permissions 
          
     $ chmod 644 filename      $ chmod 644 filename
          
   
 ##  Modify a file's owner or group  ##  Modify a file's owner or group 
   
 The [chown(8)](http://netbsd.gw.com/cgi-bin/man-cgi?chown++NetBSD-current) command can be used to modify a file's owner or group.  The [chown(8)](http://netbsd.gw.com/cgi-bin/man-cgi?chown++NetBSD-current) command can be used to modify a file's owner or group. 
   
   
 To change the owner of the file `somefile` to the user `someuser`, execute:  To change the owner of the file `somefile` to the user `someuser`, execute: 
          
     chown someuser somefile      chown someuser somefile
          
   
 Similarly, to change the group of the file `somefile` to the group `somegroup`, execute:  Similarly, to change the group of the file `somefile` to the group `somegroup`, execute: 
          
     chown :somegroup somefile      chown :somegroup somefile
          
   
 If you like, can change both the group and owner of a file with a single command. To implement both of the modifications made by the two commands above, execute:  If you like, can change both the group and owner of a file with a single command. To implement both of the modifications made by the two commands above, execute: 
          
     chown someuser:somegroup somefile      chown someuser:somegroup somefile
          
   
 Note that there is also a [chgrp(1)](http://netbsd.gw.com/cgi-bin/man-cgi?chgrp++NetBSD-current) command to change the group of a file.  Note that there is also a [chgrp(1)](http://netbsd.gw.com/cgi-bin/man-cgi?chgrp++NetBSD-current) command to change the group of a file. 
   
   
 To change the group of the file `somefile` to the group `somegroup`, execute:  To change the group of the file `somefile` to the group `somegroup`, execute: 
          
     chgrp somegroup somefile      chgrp somegroup somefile
          
   
 ##  Backup and restore a specified set of files and directories to local disk or tape  ##  Backup and restore a specified set of files and directories to local disk or tape 
   
 Create your (compressed) archive with:  Create your (compressed) archive with: 
          
     $ tar cvfz backup.tgz somedirectory/      $ tar cvfz backup.tgz somedirectory/
          
   
   * `c` option: create the archive,    * `c` option: create the archive, 
   * `z` option: compress the archive whith [gzip(1)](http://netbsd.gw.com/cgi-bin/man-cgi?gzip++NetBSD-current),    * `z` option: compress the archive whith [gzip(1)](http://netbsd.gw.com/cgi-bin/man-cgi?gzip++NetBSD-current), 
   * `f` option: output to a file; if you miss this option, [tar(1)](http://netbsd.gw.com/cgi-bin/man-cgi?tar++NetBSD-current) will output archive to `/dev/st0` (default tape),    * `f` option: output to a file; if you miss this option, [tar(1)](http://netbsd.gw.com/cgi-bin/man-cgi?tar++NetBSD-current) will output archive to `/dev/st0` (default tape), 
   * `v` option: verbose output ie. files added to archive will be displayed.    * `v` option: verbose output ie. files added to archive will be displayed. 
   
 To restore, use:  To restore, use: 
          
     $ tar xzpf backup.tgz      $ tar xzpf backup.tgz
          
   
   * `x` option: extract the archive,    * `x` option: extract the archive, 
   * `p` option: preserve ownership.    * `p` option: preserve ownership. 
   
 See also [pax(1)](http://netbsd.gw.com/cgi-bin/man-cgi?pax++NetBSD-current) and [cpio(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cpio++NetBSD-current).  See also [pax(1)](http://netbsd.gw.com/cgi-bin/man-cgi?pax++NetBSD-current) and [cpio(1)](http://netbsd.gw.com/cgi-bin/man-cgi?cpio++NetBSD-current). 
   
 ##  Backup and restore a file system  ##  Backup and restore a file system 
          
     # dump 0f - | (cd /altroot; retore rf -)      # dump 0f - | (cd /altroot; retore rf -)
          
   
 See [dump(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dump++NetBSD-current) and [restore(8)](http://netbsd.gw.com/cgi-bin/man-cgi?restore++NetBSD-current).  See [dump(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dump++NetBSD-current) and [restore(8)](http://netbsd.gw.com/cgi-bin/man-cgi?restore++NetBSD-current). 
   
   
 ##  Backup using ffs snapshots  ##  Backup using ffs snapshots 
   
 Snapshots allows to work with an atomic file system copy taken at a the time of the snapshot. This is very useful to for instance backup a file system on which there may be running database applications such as PostgreSQL, without the need to stop and restart the database application.  Snapshots allows to work with an atomic file system copy taken at a the time of the snapshot. This is very useful to for instance backup a file system on which there may be running database applications such as PostgreSQL, without the need to stop and restart the database application. 
   
 See [fssconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fssconfig++NetBSD-current) and [fss(4)](http://netbsd.gw.com/cgi-bin/man-cfi?fss++NetBSD-current) for more details. Here for the sake of an example we will suppose that we want to backup a live `/` file system using `rsync` to a `/backup` file system.  See [fssconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fssconfig++NetBSD-current) and [fss(4)](http://netbsd.gw.com/cgi-bin/man-cfi?fss++NetBSD-current) for more details. Here for the sake of an example we will suppose that we want to backup a live `/` file system using `rsync` to a `/backup` file system. 
   
   
 Let's first create the "atomic" snapshot of the `/` file system:  Let's first create the "atomic" snapshot of the `/` file system: 
          
     # fssconfig -cx fss0 / /tmp/back      # fssconfig -cx fss0 / /tmp/back
          
   
 We now have configured the device `/dev/fss0` to be a snapshot mirror of the `/` file system, using a temporary log of `/tmp/back` to which new writes will be added for as long as the snapshot device is configured. This file will be automatically deleted at device unconfiguration because of the optional `-x` switch. You may now use that device with the `dump` command or mount it and use other backup commands such as `pax`, `tar` or `rsync` as you wish.  We now have configured the device `/dev/fss0` to be a snapshot mirror of the `/` file system, using a temporary log of `/tmp/back` to which new writes will be added for as long as the snapshot device is configured. This file will be automatically deleted at device unconfiguration because of the optional `-x` switch. You may now use that device with the `dump` command or mount it and use other backup commands such as `pax`, `tar` or `rsync` as you wish. 
          
     # mount -o ro /dev/fss0 /mnt      # mount -o ro /dev/fss0 /mnt
          
   
 We have now mounted the atomic copy of the file system to `/mnt`. Let's update our `/backup` file system from it:  We have now mounted the atomic copy of the file system to `/mnt`. Let's update our `/backup` file system from it: 
          
     # rsync -vaHx --delete /mnt/ /backup/      # rsync -vaHx --delete /mnt/ /backup/
          
   
 So our "atomic" live backup is done and we now no longer need our snapshot:  So our "atomic" live backup is done and we now no longer need our snapshot: 
          
     # umount /mnt      # umount /mnt
     # fssconfig -u fss0      # fssconfig -u fss0
          
   
 ##  Determine the directory structure of a system  ##  Determine the directory structure of a system 
   
 ##  Manually run the file system checker and repair tool  ##  Manually run the file system checker and repair tool 
   
 For FFS filesystems (example, in this case is the first slice on your first IDE hard disk):  For FFS filesystems (example, in this case is the first slice on your first IDE hard disk): 
          
     # fsck /dev/rwd0a      # fsck /dev/rwd0a
          
   
 The `-y` option should be added with caution: [fsck(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fsck+8+NetBSD-current) assumes yes as the default answer for all its questions. Use it at your own risks.  The `-y` option should be added with caution: [fsck(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fsck+8+NetBSD-current) assumes yes as the default answer for all its questions. Use it at your own risks. 
   
   
 ##  View and modify file flags  ##  View and modify file flags 
   
 use chflags to modify file flags, for example:  use chflags to modify file flags, for example: 
          
     $ chflag uchange pkgsrc.tar.gz      $ chflag uchange pkgsrc.tar.gz
     $ ls -lo pkgsrc.tar.gz      $ ls -lo pkgsrc.tar.gz
     -rw-r--r--  1 zafer  users  uchg 32072480 May 19 09:12 pkgsrc.tar.gz      -rw-r--r--  1 zafer  users  uchg 32072480 May 19 09:12 pkgsrc.tar.gz
          
   
 ##  Monitor the virtual memory system  ##  Monitor the virtual memory system 
   
 #  Users and Accounts Management  #  Users and Accounts Management 
   
 ##  Protect authentication data  ##  Protect authentication data 
   
 ##  Create, modify and remove user accounts  ##  Create, modify and remove user accounts 
   
 create  create 
          
     # useradd -m johndoe      # useradd -m johndoe 
          
   
 delete  delete 
          
     # userdel johndoe      # userdel johndoe
          
   
 modify  modify 
          
     # usermod -m -d /home/foo johndoe      # usermod -m -d /home/foo johndoe
          
   
 ##  Create a system account  ##  Create a system account 
   
 ##  Control which files are copied to a new user's home directory during account creation  ##  Control which files are copied to a new user's home directory during account creation 
   
 The _-k_ option of the [useradd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?useradd++NetBSD-current) command can be used to specify a "skeleton directory". The contents of the specified skeleton directory will be copied to the new user's home directory. If no skeleton directory is specified with _-k_, the default of `/usr/skel/` is used.  The _-k_ option of the [useradd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?useradd++NetBSD-current) command can be used to specify a "skeleton directory". The contents of the specified skeleton directory will be copied to the new user's home directory. If no skeleton directory is specified with _-k_, the default of `/usr/skel/` is used. 
   
   
 ##  Change a password  ##  Change a password 
   
 The [passwd(1)](http://netbsd.gw.com/cgi-bin/man-cgi?passwd++NetBSD-current) command can be used to change a password.  The [passwd(1)](http://netbsd.gw.com/cgi-bin/man-cgi?passwd++NetBSD-current) command can be used to change a password. 
   
   
 Executing passwd with no arguments will change the password of the executing user. The existing password must be supplied before changes can be made. The new password must be entered identically twice, to ensure the password is not set to a misspelling of the intended password. The process looks something like this - note that passwords do not echo:  Executing passwd with no arguments will change the password of the executing user. The existing password must be supplied before changes can be made. The new password must be entered identically twice, to ensure the password is not set to a misspelling of the intended password. The process looks something like this - note that passwords do not echo: 
          
     $ passwd      $ passwd
     Changing local password for user.      Changing local password for user.
     Old password:      Old password:
     New password:      New password:
     Retype new password:      Retype new password:
          
   
 The superuser may change the password of an arbitrary user by supplying that user's name as the only argument to passwd. Root does not need to supply the user's existing password, and may simply supply a new one. The process looks something like this:  The superuser may change the password of an arbitrary user by supplying that user's name as the only argument to passwd. Root does not need to supply the user's existing password, and may simply supply a new one. The process looks something like this: 
          
     # passwd user      # passwd user
     Changing local password for user.      Changing local password for user.
     New password:      New password:
     Retype new password      Retype new password
          
   
 ##  Force the user to change their password upon next login  ##  Force the user to change their password upon next login 
          
     # usermod -F johndoe      # usermod -F johndoe
          
   
 ##  Change the encryption algorithm used to encrypt the password database  ##  Change the encryption algorithm used to encrypt the password database 
   
 The encryption algorithm or algorithms used to encrypt the password database are specified in the [passwd.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?passwd.conf++NetBSD-current) file in `/etc`.  The encryption algorithm or algorithms used to encrypt the password database are specified in the [passwd.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?passwd.conf++NetBSD-current) file in `/etc`. 
   
   
 The syntax of the file is straightforward and is made clear by the following example, taken from the man page:  The syntax of the file is straightforward and is made clear by the following example, taken from the man page: 
   
 _Use MD5 as the local cipher and old-style DES as the YP cipher. Use blowfish with 2^5 rounds for root:_  _Use MD5 as the local cipher and old-style DES as the YP cipher. Use blowfish with 2^5 rounds for root:_
          
           default:            default:
                localcipher = md5                 localcipher = md5
                ypcipher = old                 ypcipher = old
          
          
           root:            root:
                localcipher = blowfish,5                 localcipher = blowfish,5
          
   
 The algorithm choices are: `old', `newsalt,<rounds>', `md5', `sha1,<rounds>', and `blowfish,<rounds>'. Consult the man page for details on allowable round parameters.  The algorithm choices are: `old', `newsalt,<rounds>', `md5', `sha1,<rounds>', and `blowfish,<rounds>'. Consult the man page for details on allowable round parameters. 
   
 ##  Change a user's default shell  ##  Change a user's default shell 
   
 Make your market in `/etc/shells` file and pick up one. For example, we want to change the shell of _johndoe_ to `/bin/ksh`:  Make your market in `/etc/shells` file and pick up one. For example, we want to change the shell of _johndoe_ to `/bin/ksh`: 
          
     # chsh -s /bin/ksh johndoe      # chsh -s /bin/ksh johndoe
          
   
 or  or 
          
     # chpass -s /bin/ksh johndoe      # chpass -s /bin/ksh johndoe
          
   
 See [chsh(1)](http://netbsd.gw.com/cgi-bin/man-cgi?chsh+1+NetBSD-current) for mor details.  See [chsh(1)](http://netbsd.gw.com/cgi-bin/man-cgi?chsh+1+NetBSD-current) for mor details. 
   
   
 ##  Lock a user account or reset a locked user account  ##  Lock a user account or reset a locked user account 
   
 Lock  Lock 
          
     # usermod -C yes johndoe      # usermod -C yes johndoe
          
   
 Unlock  Unlock 
          
     # usermod -C no johndoe      # usermod -C no johndoe
          
   
 ##  Determine identity and group membership  ##  Determine identity and group membership 
          
     $ id      $ id
          
   
 ##  Determine who is currently on the system or the last time a user was on the system  ##  Determine who is currently on the system or the last time a user was on the system 
   
 Enter  Enter 
          
     $ w      $ w
          
   
 to determine who is currently on the system.  to determine who is currently on the system. 
   
 Enter  Enter 
          
     $ last      $ last
          
   
 to determine the last time a user was on the system.  to determine the last time a user was on the system. 
   
 ##  Enable accounting and view system usage statistics  ##  Enable accounting and view system usage statistics 
   
 #  Basic System Administration  #  Basic System Administration 
   
 ##  Determine which process are consuming the most CPU  ##  Determine which process are consuming the most CPU 
   
 The [top(1)](http://netbsd.gw.com/cgi-bin/man-cgi?top++NetBSD-current) command displays and regularly updates a list of top CPU consuming processes. The list includes details such as the command used to create the process, the user who ran that command, the process' PID, what state the process is currently in and how much memory and CPU time the process is consuming.  The [top(1)](http://netbsd.gw.com/cgi-bin/man-cgi?top++NetBSD-current) command displays and regularly updates a list of top CPU consuming processes. The list includes details such as the command used to create the process, the user who ran that command, the process' PID, what state the process is currently in and how much memory and CPU time the process is consuming. 
   
   
 ##  View and send signals to active processes  ##  View and send signals to active processes 
   
 The [ps(1)](http://netbsd.gw.com/cgi-bin/man-cgi?ps++NetBSD-current) command can be used to view a list of names and details (such as PID) currently active processes. Exactly which processes and what details about them are displayed can be customised using the options described in the man page. To get the default details of _all_ processes, execute:  The [ps(1)](http://netbsd.gw.com/cgi-bin/man-cgi?ps++NetBSD-current) command can be used to view a list of names and details (such as PID) currently active processes. Exactly which processes and what details about them are displayed can be customised using the options described in the man page. To get the default details of _all_ processes, execute: 
   
   
     $ ps ax      $ ps ax
          
   
 Sending signals to processes is done using the [kill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?kill++NetBSD-current) command. The signal to be sent may be specified either by name (e.g. HUP, INT, QUIT, ABRT, KILL, ALRM, TERM; see also `kill -l` output) or by an integer code, as specified in the man page.  Sending signals to processes is done using the [kill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?kill++NetBSD-current) command. The signal to be sent may be specified either by name (e.g. HUP, INT, QUIT, ABRT, KILL, ALRM, TERM; see also `kill -l` output) or by an integer code, as specified in the man page. 
   
   
 The simplest syntax for [kill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?kill++NetBSD-current) is:  The simplest syntax for [kill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?kill++NetBSD-current) is: 
   
   
 $ kill {signal name or code} pid  $ kill {signal name or code} pid
          
   
 where `pid` is the PID of the process to be killed. Note that if no signal name or code is specified (i.e. just `kill pid` is used) then a TERM signal is sent by default.  where `pid` is the PID of the process to be killed. Note that if no signal name or code is specified (i.e. just `kill pid` is used) then a TERM signal is sent by default. 
   
 Note that it is not typical to immediately know the PID of a process one wants to signal. One can either use the [ps(1)](http://netbsd.gw.com/cgi-bin/man-cgi?ps++NetBSD-current) command as described above to find the pid (perhaps with the assistance of [grep(1)](http://netbsd.gw.com/cgi-bin/man-cgi?grep++NetBSD-current), or one can use the [pkill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?pkill++NetBSD-current) command, which works like [kill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?kill++NetBSD-current) except that it accepts a process name rather than a PID.  Note that it is not typical to immediately know the PID of a process one wants to signal. One can either use the [ps(1)](http://netbsd.gw.com/cgi-bin/man-cgi?ps++NetBSD-current) command as described above to find the pid (perhaps with the assistance of [grep(1)](http://netbsd.gw.com/cgi-bin/man-cgi?grep++NetBSD-current), or one can use the [pkill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?pkill++NetBSD-current) command, which works like [kill(1)](http://netbsd.gw.com/cgi-bin/man-cgi?kill++NetBSD-current) except that it accepts a process name rather than a PID. 
   
 ##  Use an rc(8) script to determine if a service is running and start, restart or stop it as required  ##  Use an rc(8) script to determine if a service is running and start, restart or stop it as required 
   
 To see if a service is running, execute that service's [rc(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rc++NetBSD-current) script with an argument of `status`. The output will indicate if that service is running. Not all rc scripts have a `status` option. For example:  To see if a service is running, execute that service's [rc(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rc++NetBSD-current) script with an argument of `status`. The output will indicate if that service is running. Not all rc scripts have a `status` option. For example: 
   
   
     # /etc/rc.d/sshd status                                                            # /etc/rc.d/sshd status                                                      
     sshd is not running.      sshd is not running.
     # /etc/rc.d/sshd start      # /etc/rc.d/sshd start
     # /etc/rc.d/sshd status                                                          # /etc/rc.d/sshd status                                                    
     sshd is running as pid 383.      sshd is running as pid 383.
     # /etc/rc.d/sshd stop      # /etc/rc.d/sshd stop
          
   
      
 Note that while every script in `/etc/rc.d` is _supposed_ to accept the `status` argument, many do not.  Note that while every script in `/etc/rc.d` is _supposed_ to accept the `status` argument, many do not. 
   
 If a service is not running, it can be started by executing its [rc(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rc++NetBSD-current) script with an argument of `start`. Once a service is running, it can be restarted or stopped in a similar manner, using the arguments `restart` and `stop`.  If a service is not running, it can be started by executing its [rc(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rc++NetBSD-current) script with an argument of `start`. Once a service is running, it can be restarted or stopped in a similar manner, using the arguments `restart` and `stop`. 
   
   
 Note that an rc script can not launch a service if this service is not marked as runable in `/etc/rc.conf` (via `service=YES` entry).  Note that an rc script can not launch a service if this service is not marked as runable in `/etc/rc.conf` (via `service=YES` entry). 
   
 ##  Configure a service to start at boot time  ##  Configure a service to start at boot time 
   
 Add or copy the rc skript to /etc/rc.d/ and then add the service to your /etc/rc.conf  Add or copy the rc skript to /etc/rc.d/ and then add the service to your /etc/rc.conf 
   
 ##  View and configure system hardware  ##  View and configure system hardware 
   
 View pci bus (use pci0 - 2)  View pci bus (use pci0 - 2) 
          
     $ pcictl /dev/pci0 list      $ pcictl /dev/pci0 list
          
   
 ##  View, load, or unload a kernel module  ##  View, load, or unload a kernel module 
   
 View  View 
          
     $ modstat      $ modstat
          
   
 Load  Load 
          
     # modload file      # modload file
          
   
 Unload  Unload 
          
     # modunload -i id      # modunload -i id
          
   
 See the manual page for lkm.conf(5) for information on how to automatically load modules at boot time. Please note that for this to work, lkm=YES must be set in /etc/rc.conf. Also note the critical_filesystems_local setting in rc.conf(5), which may be required for bootloaded modules located under /usr if /usr is on a separate partition than /.  See the manual page for lkm.conf(5) for information on how to automatically load modules at boot time. Please note that for this to work, lkm=YES must be set in /etc/rc.conf. Also note the critical_filesystems_local setting in rc.conf(5), which may be required for bootloaded modules located under /usr if /usr is on a separate partition than /. 
   
 ##  Modify a kernel parameter on the fly  ##  Modify a kernel parameter on the fly 
          
     # sysctl -w <variable>=<value>      # sysctl -w <variable>=<value>
          
   
 ##  View the status of a software RAID mirror or stripe  ##  View the status of a software RAID mirror or stripe 
   
 Verify parity:  Verify parity: 
          
     # raidctl -p raid0      # raidctl -p raid0
     /dev/rraid0c: Parity status: clean      /dev/rraid0c: Parity status: clean
          
   
 View configuration and state:  View configuration and state: 
          
     # raidctl -s raid0      # raidctl -s raid0
          
   
 [raidctl(8)](http://netbsd.gw.com/cgi-bin/man-cgi?raidctl++NetBSD-current) man page is very useful, don't miss it.  [raidctl(8)](http://netbsd.gw.com/cgi-bin/man-cgi?raidctl++NetBSD-current) man page is very useful, don't miss it. 
   
 ##  Configure system logging  ##  Configure system logging 
   
 Verify that [syslogd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?syslogd++NetBSD-current) is running. If not, enable it in `/etc/rc.conf` and launch it:  Verify that [syslogd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?syslogd++NetBSD-current) is running. If not, enable it in `/etc/rc.conf` and launch it: 
          
   
     # /etc/rc.d/syslogd start      # /etc/rc.d/syslogd start
          
   
 The logging daemon is configured with `/etc/syslog.conf` (see [syslog.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf++NetBSD-current). When you have modified this file, you have to tell to the daemon to reread it:  The logging daemon is configured with `/etc/syslog.conf` (see [syslog.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf++NetBSD-current). When you have modified this file, you have to tell to the daemon to reread it: 
          
   
     # pkill -HUP syslogd      # pkill -HUP syslogd 
          
   
 by sending a `SIGHUP`.  by sending a `SIGHUP`. 
   
 If you add files in `/etc/syslog.conf`, don't forget to configure rotation in `/etc/newsyslog.conf` ([newsyslog.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?newsyslog.conf++NetBSD-current)).  If you add files in `/etc/syslog.conf`, don't forget to configure rotation in `/etc/newsyslog.conf` ([newsyslog.conf(5)](http://netbsd.gw.com/cgi-bin/man-cgi?newsyslog.conf++NetBSD-current)). 
   
   
 If the original daemon's filtering features are too poor for you, try [sysutils/syslog-ng](http://pkgsrc.se/sysutils/syslog-ng) package.  If the original daemon's filtering features are too poor for you, try [sysutils/syslog-ng](http://pkgsrc.se/sysutils/syslog-ng) package. 
   
 To log signals sent to processes:  To log signals sent to processes: 
          
     # sysctl -w kern.logsigexit=1      # sysctl -w kern.logsigexit=1
          
   
 ##  Review log files to troubleshoot and monitor system behavior  ##  Review log files to troubleshoot and monitor system behavior 
          
     $ tail -f /var/log/messages |grep daemon      $ tail -f /var/log/messages |grep daemon
          
   
 Try also these packages:  Try also these packages: 
   
   * [misc/root-tail](http://pkgsrc.se/misc/root-tail) or [misc/xtail](http://pkgsrc.se/misc/xtail) if you use X11,    * [misc/root-tail](http://pkgsrc.se/misc/root-tail) or [misc/xtail](http://pkgsrc.se/misc/xtail) if you use X11, 
   * [misc/colortail](http://pkgsrc.se/misc/colortail) or [misc/mail](http://pkgsrc.se/misc/mtail) if you want colors,    * [misc/colortail](http://pkgsrc.se/misc/colortail) or [misc/mail](http://pkgsrc.se/misc/mtail) if you want colors, 
   * [sysutils/wtail](http://pkgsrc.se/sysutils/wtail) or [misc/multitail](http://pkgsrc.se/misc/multitail) to view multiples files.    * [sysutils/wtail](http://pkgsrc.se/sysutils/wtail) or [misc/multitail](http://pkgsrc.se/misc/multitail) to view multiples files. 
   
 ##  Determine which MTA is being used on the system  ##  Determine which MTA is being used on the system 
          
     $ less /etc/mailer.conf      $ less /etc/mailer.conf
          
   
 ##  Create or modify email aliases for Sendmail or Postfix  ##  Create or modify email aliases for Sendmail or Postfix 
   
 ##  View the Sendmail or Postfix mail queue  ##  View the Sendmail or Postfix mail queue 
          
     $ mailq      $ mailq
          
   
 ##  Read mail on the local system  ##  Read mail on the local system 
          
     $ mail      $ mail
          
   
 ##  Understand basic printer troubleshooting  ##  Understand basic printer troubleshooting 
   
 ##  Halt, reboot, or bring the system to single-user mode  ##  Halt, reboot, or bring the system to single-user mode 
   
 to halt enter:  to halt enter: 
          
     # shutdown -h now      # shutdown -h now
          
   
 to reboot enter either:  to reboot enter either: 
          
     # reboot      # reboot
          
   
 or  or 
          
     # shutdown -r now      # shutdown -r now
          
   
 to bring the system to single-user mode press any key during boot countdown and then enter:  to bring the system to single-user mode press any key during boot countdown and then enter: 
          
     boot -s      boot -s
          
   
 From multi-user mode, you should:  From multi-user mode, you should: 
          
     # kill -TERM 1      # kill -TERM 1
          
   
 to return to single-user mode.  to return to single-user mode. 
   
 ##  Recognize the difference between hard and soft limits and modify existing resource limits  ##  Recognize the difference between hard and soft limits and modify existing resource limits 
   
 ##  Recognize common, possibly third-party, server configuration files  ##  Recognize common, possibly third-party, server configuration files 
   
 ##  Configure the scripts that run periodically to perform various system maintenance tasks  ##  Configure the scripts that run periodically to perform various system maintenance tasks 
   
 ##  Determine the last system boot time and the workload on the system  ##  Determine the last system boot time and the workload on the system 
          
     $ uptime      $ uptime
          
   
 or  or 
          
     $ w      $ w
          
   
 ##  Monitor disk input/output  ##  Monitor disk input/output 
          
     $ iostat -w 1      $ iostat -w 1
          
   
 ##  Deal with busy devices  ##  Deal with busy devices 
   
 ##  Determine information regarding the operating system  ##  Determine information regarding the operating system 
          
     $ uname -a      $ uname -a
          
   
 ##  Understand the advantages of using a BSD license  ##  Understand the advantages of using a BSD license 
   
 #  Network Administration  #  Network Administration 
   
 ##  Determine the current TCP/IP settings on a system  ##  Determine the current TCP/IP settings on a system 
   
 First, see the interfaces which are connected:  First, see the interfaces which are connected: 
          
     $ ifconfig -ls      $ ifconfig -ls
     wm0 wm1 wm2 wm3 wm4 lo0 pflog0 vlan0 vlan1 vlan2 vlan3      wm0 wm1 wm2 wm3 wm4 lo0 pflog0 vlan0 vlan1 vlan2 vlan3
          
   
 To see the IP adress of an interface:  To see the IP adress of an interface: 
          
     $ ifconfig vlan3      $ ifconfig vlan3
     vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500      vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            vlan: 847 parent: wm4             vlan: 847 parent: wm4
            address: 00:04:23:af:f1:e4             address: 00:04:23:af:f1:e4
            inet 172.17.13.254 netmask 0xfffffe00 broadcast 172.17.13.255             inet 172.17.13.254 netmask 0xfffffe00 broadcast 172.17.13.255
          
   
 We have the MAC (hardware adress, here `00:04:23:af:f1:e4`) and the IP adress with netmask (here `172.17.13.254` with `255.255.254.0`).  We have the MAC (hardware adress, here `00:04:23:af:f1:e4`) and the IP adress with netmask (here `172.17.13.254` with `255.255.254.0`). 
   
 Now, we want to know IPv4 routing settings:  Now, we want to know IPv4 routing settings: 
          
     $ netstat -rn -f inet | head -5      $ netstat -rn -f inet | head -5
     Routing tables      Routing tables
          
     Internet:      Internet:
     Destination        Gateway            Flags    Refs      Use    Mtu  Interface      Destination        Gateway            Flags    Refs      Use    Mtu  Interface
     default            172.16.200.130     UG1         0  9607369      -  wm0      default            172.16.200.130     UG1         0  9607369      -  wm0
          
   
 The default route is tagged `default`, here it is `172.16.200.130` on `wm0` interface.  The default route is tagged `default`, here it is `172.16.200.130` on `wm0` interface. 
   
 See [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current) and [netstat(8)](http://netbsd.gw.com/cgi-bin/man-cgi?netstat+8+NetBSD-current) for more details.  See [ifconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ifconfig+8+NetBSD-current) and [netstat(8)](http://netbsd.gw.com/cgi-bin/man-cgi?netstat+8+NetBSD-current) for more details. 
   
 ##  Set a system's TCP/IP settings  ##  Set a system's TCP/IP settings 
          
     # ifconfig fxp0 192.168.0.1 netmask 255.255.255.0 up      # ifconfig fxp0 192.168.0.1 netmask 255.255.255.0 up
          
   
 ##  Determine which TCP or UDP ports are open on a system  ##  Determine which TCP or UDP ports are open on a system 
          
     $ sockstat -cl      $ sockstat -cl
          
   
 ##  Verify the availability of a TCP/IP service  ##  Verify the availability of a TCP/IP service 
          
     $ sockstat -l      $ sockstat -l
          
   
 ##  Query a DNS server  ##  Query a DNS server 
   
 Find responsible nameservers for a given domain  Find responsible nameservers for a given domain 
          
     $ dig ns netbsd.org      $ dig ns netbsd.org
          
   
 Query a DNS server  Query a DNS server 
          
     $ dig @adns1.berkeley.edu A www.netbsd.org      $ dig @adns1.berkeley.edu A www.netbsd.org
          
   
 ##  Determine who is responsible for a DNS zone  ##  Determine who is responsible for a DNS zone 
   
 Use [dig(1)](http://netbsd.gw.com/cgi-bin/man-cgi?dig+1+NetBSD-current) to check the SOA section:  Use [dig(1)](http://netbsd.gw.com/cgi-bin/man-cgi?dig+1+NetBSD-current) to check the SOA section: 
          
   
 $ dig www.netbsd.org soa  $ dig www.netbsd.org soa
     ; <<>> DiG 9.3.2 <<>> www.netbsd.org soa      ; <<>> DiG 9.3.2 <<>> www.netbsd.org soa
     ;; global options:  printcmd      ;; global options:  printcmd
     ;; Got answer:      ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
     ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
          
     ;; QUESTION SECTION:      ;; QUESTION SECTION:
     ;www.netbsd.org.                        IN      SOA      ;www.netbsd.org.                        IN      SOA
          
     ;; AUTHORITY SECTION:      ;; AUTHORITY SECTION:
     netbsd.org.             10800   IN      SOA     ns.netbsd.org. hostmaster.netbsd.org.  2007032701 21600 10800 2419200 86400      netbsd.org.             10800   IN      SOA     ns.netbsd.org. hostmaster.netbsd.org.  2007032701 21600 10800 2419200 86400
          
     ;; Query time: 163 msec      ;; Query time: 163 msec
     ;; SERVER: 191.168.1.1#53(191.168.1.1)      ;; SERVER: 191.168.1.1#53(191.168.1.1)
     ;; WHEN: Sun Jul  1 11:56:27 2007      ;; WHEN: Sun Jul  1 11:56:27 2007
     ;; MSG SIZE  rcvd: 92      ;; MSG SIZE  rcvd: 92
          
   
 The master server is `ns.netbsd.org` and the responsible is `hostmaster [at] netbsd [dot] org`.  The master server is `ns.netbsd.org` and the responsible is `hostmaster [at] netbsd [dot] org`. 
   
 ##  Change the order of name resolution  ##  Change the order of name resolution 
   
 You live in `home.org` but you often work on hosts in `work.com`. To avoid typing FQDN all the time, put this in `/etc/resolv.conf`:  You live in `home.org` but you often work on hosts in `work.com`. To avoid typing FQDN all the time, put this in `/etc/resolv.conf`: 
          
     nameserver 1.2.3.4      nameserver 1.2.3.4
     nameserver 5.6.7.8      nameserver 5.6.7.8
     domain home.org      domain home.org
     search home.org work.com      search home.org work.com
          
   
 The first two lines say which DNS servers to use. The third says that the resolver has to search host first in `home.org`. The last tells it search also in `work.com`. After that, you should have:  The first two lines say which DNS servers to use. The third says that the resolver has to search host first in `home.org`. The last tells it search also in `work.com`. After that, you should have: 
          
     $ host www      $ host www
     www.work.com has address 192.168.1.2      www.work.com has address 192.168.1.2
          
   
 ##  Convert a subnet mask between dotted decimal, hexadecimal or CIDR notation  ##  Convert a subnet mask between dotted decimal, hexadecimal or CIDR notation 
   
 Use either:  Use either: 
   
   * [net/ipcalc](http://pkgsrc.se/net/ipcalc)    * [net/ipcalc](http://pkgsrc.se/net/ipcalc)
   * [net/cidr](http://pkgsrc.se/net/cidr)    * [net/cidr](http://pkgsrc.se/net/cidr)
   * [net/sipcalc](http://pkgsrc.se/net/sipcalc)    * [net/sipcalc](http://pkgsrc.se/net/sipcalc)
   
   
 ##  Gather information using an IP address and subnet mask  ##  Gather information using an IP address and subnet mask 
   
 ##  Understand IPv6 address theory  ##  Understand IPv6 address theory 
   
 ##  Demonstrate basic tcpdump(1) skills  ##  Demonstrate basic tcpdump(1) skills 
          
     # tcpdump -i fxp0 not port 22      # tcpdump -i fxp0 not port 22
          
   
 ##  Manipulate ARP and neighbor discovery caches  ##  Manipulate ARP and neighbor discovery caches 
   
 View ARP cache  View ARP cache 
          
     $ arp -a      $ arp -a
          
   
 ##  Configure a system to use NTP  ##  Configure a system to use NTP 
   
   * Edit `/etc/ntp.conf` and choose from the list at least two servers, or add two new ones. The time servers should be located as close as possible (network topology) to your server.    * Edit `/etc/ntp.conf` and choose from the list at least two servers, or add two new ones. The time servers should be located as close as possible (network topology) to your server. 
   
   * Add `ntpd=yes` to `/etc/rc.conf`    * Add `ntpd=yes` to `/etc/rc.conf`
   
   * Start the ntp daemon by entering: `/etc/rc.d/ntpd start`    * Start the ntp daemon by entering: `/etc/rc.d/ntpd start`
   
   * Verify the service, by entering `ntpq` and then `peers`.    * Verify the service, by entering `ntpq` and then `peers`. 
   
 ##  View and renew a DHCP lease  ##  View and renew a DHCP lease 
   
 View a DHCP lease  View a DHCP lease 
          
     $ less /var/db/dhclient.leases      $ less /var/db/dhclient.leases
          
   
 Renew a DHCP lease  Renew a DHCP lease 
          
     # dhclient -r      # dhclient -r
     # dhclient      # dhclient
          
   
 ##  Recognize when and how to set or remove an interface alias  ##  Recognize when and how to set or remove an interface alias 
   
 set alias  set alias 
          
     # ifconfig fxp0 inet 192.168.0.2 netmask 255.255.255.0 alias      # ifconfig fxp0 inet 192.168.0.2 netmask 255.255.255.0 alias
          
   
 remove alias  remove alias 
          
     # ifconfig fxp0 inet 192.168.0.2 netmask 255.255.255.0 -alias      # ifconfig fxp0 inet 192.168.0.2 netmask 255.255.255.0 -alias
          
   
 #  Basic Unix Skills  #  Basic Unix Skills 
   
 ##  Demonstrate proficiency in using redirection, pipes and tees  ##  Demonstrate proficiency in using redirection, pipes and tees 
   
 ###  Output redirection  ###  Output redirection 
          
     $ ls > myfiles.txt      $ ls > myfiles.txt
          
   
 runs `ls` and redirects the output in the file myfiles.txt  runs `ls` and redirects the output in the file myfiles.txt 
          
     $ ls >> myfiles.txt      $ ls >> myfiles.txt
          
   
 runs `ls` and appends the output to the file myfiles.txt  runs `ls` and appends the output to the file myfiles.txt 
   
 ###  Pipes  ###  Pipes 
          
     $ ls -l | wc -l      $ ls -l | wc -l
          
   
 runs `ls -l` and uses its output as the input for the command `wc -l`  runs `ls -l` and uses its output as the input for the command `wc -l`
   
 ##  Recognize, view and modify environmental variables  ##  Recognize, view and modify environmental variables 
   
 ###  Viewing environmental variables  ###  Viewing environmental variables 
   
 On sh based shells like sh, ksh, bash this is done with the command `export`  On sh based shells like sh, ksh, bash this is done with the command `export`
          
     $ export      $ export
          
   
 On csh, tcsh with `env`  On csh, tcsh with `env`
          
     $ env      $ env
          
   
 ###  Modifying environmental variables  ###  Modifying environmental variables 
   
 On sh based shells you assign the variable on the left side the value on the right side using an equal sign.  On sh based shells you assign the variable on the left side the value on the right side using an equal sign. 
          
     $ export MYVAR="hello kitty"      $ export MYVAR="hello kitty"
          
   
 On csh, tcsh to assign use a single space instead of an equal sign.  On csh, tcsh to assign use a single space instead of an equal sign. 
          
     $ setenv MYVAR "hello kitty"      $ setenv MYVAR "hello kitty"
          
   
 ##  Be familiar with the vi(1) editor  ##  Be familiar with the vi(1) editor 
   
 hjkl movement  hjkl movement 
   
 i insert  i insert 
   
 0 beginning of line  0 beginning of line 
   
 $ end of line  $ end of line 
   
 o/O insert new line  o/O insert new line 
   
 x/X delete char  x/X delete char 
   
 w/W Word  w/W Word 
   
 e/E End of word  e/E End of word 
   
 b/B begin of word  b/B begin of word 
   
 dd delete a line  dd delete a line 
   
 yy yank a line  yy yank a line 
   
 ##  Determine if a file is a binary, text, or data file  ##  Determine if a file is a binary, text, or data file 
   
 The [file(1)](http://netbsd.gw.com/cgi-bin/man-cgi?file++NetBSD-current) command is capable of discerning between executable (binary) files, text files and data files. In many cases it is able to determine further information about data files, e.g. it can recognise image files as being GIFs or JPGs.  The [file(1)](http://netbsd.gw.com/cgi-bin/man-cgi?file++NetBSD-current) command is capable of discerning between executable (binary) files, text files and data files. In many cases it is able to determine further information about data files, e.g. it can recognise image files as being GIFs or JPGs. 
          
   
 $ file /bin/sh  $ file /bin/sh
     /bin/sh: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for NetBSD 4.99.72, dynamically linked (uses shared libs), not stripped      /bin/sh: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for NetBSD 4.99.72, dynamically linked (uses shared libs), not stripped
          
          
     $ file /etc/wscons.conf      $ file /etc/wscons.conf
     /etc/wscons.conf: ASCII English text      /etc/wscons.conf: ASCII English text
          
          
     $  file AnsweringMachine.ogg      $  file AnsweringMachine.ogg
     AnsweringMachine.ogg: Ogg data, Vorbis audio, stereo, 44100 Hz, ~256000 bps, created by: Xiph.Org libVorbis I (1.1.0 RC1)      AnsweringMachine.ogg: Ogg data, Vorbis audio, stereo, 44100 Hz, ~256000 bps, created by: Xiph.Org libVorbis I (1.1.0 RC1)
          
          
     $ file photo.jpg      $ file photo.jpg
     photo.jpg: JPEG image data, JFIF standard 1.01      photo.jpg: JPEG image data, JFIF standard 1.01
          
   
 ##  Locate files and binaries on a system  ##  Locate files and binaries on a system 
   
 Binaries  Binaries 
          
     $ whereis netstat      $ whereis netstat
          
   
 ##  Overcome command line length limitations  ##  Overcome command line length limitations 
   
 ##  Find a file with a given set of attributes  ##  Find a file with a given set of attributes 
   
 ##  Create a simple Bourne shell script  ##  Create a simple Bourne shell script 
          
     vi myshellscript.sh      vi myshellscript.sh
          
   
 ##  Find appropriate documentation  ##  Find appropriate documentation 
          
     $ apropos keyword      $ apropos keyword
     $ man command      $ man command
          
   
 ##  Recognize the different sections of the manual  ##  Recognize the different sections of the manual 
   
 Sections are from 1 to 9  Sections are from 1 to 9 
   
   * 1 General commands manual    * 1 General commands manual 
          
     $ man 1 df      $ man 1 df
          
   
   * 2 System calls manual    * 2 System calls manual 
          
     $ man 2 lseek      $ man 2 lseek
          
   
   * 3 Library functions manual    * 3 Library functions manual 
          
     $ man 3 sprintf      $ man 3 sprintf
          
   
   * 4 Kernel interfaces manual    * 4 Kernel interfaces manual 
          
     $ man 4 null      $ man 4 null
          
   
   * 5 File formats manual    * 5 File formats manual 
          
     $ man 5 exports      $ man 5 exports
          
   
   * 6 Games manual    * 6 Games manual 
          
     $ man 6 tetris      $ man 6 tetris
          
   
   * 7 Miscellanea    * 7 Miscellanea 
          
     $ man 7 me      $ man 7 me
          
   
   * 8 System manager's manual    * 8 System manager's manual 
          
     $ man 8 reboot      $ man 8 reboot
          
   
   * 9 Kernel developer's manual    * 9 Kernel developer's manual 
          
     $ man 9 kauth      $ man 9 kauth
          
   
 ##  Verify a file's message digest fingerprint (checksum)  ##  Verify a file's message digest fingerprint (checksum) 
   
 Depending on what sort of digest is used enter either:  Depending on what sort of digest is used enter either: 
          
     $ md5 _filename_      $ md5 _filename_
          
   
 or  or 
          
     $ sha1 _filename_      $ sha1 _filename_
          
   
 and compare the output.  and compare the output. 
   
 ##  Demonstrate familiarity with the default shell  ##  Demonstrate familiarity with the default shell 
   
 ##  Use job control  ##  Use job control 
   
 List jobs  List jobs 
          
     $ jobs -l      $ jobs -l
          
   
 Put job into background  Put job into background 
          
     # /usr/libexec/locate.updatedb &      # /usr/libexec/locate.updatedb &
          
   
 Put job into foreground  Put job into foreground 
          
     # fg pid      # fg pid
          
   
 Put job into background  Put job into background 
          
     # bg pid      # bg pid
          
   
 ##  Demonstrate proficiency with regular expressions  ##  Demonstrate proficiency with regular expressions 
   
 ##  Understand various "domain" contexts  ##  Understand various "domain" contexts 
   
 ##  Configure an action to be scheduled by cron(8)  ##  Configure an action to be scheduled by cron(8) 
   
 There are two ways to accomplish this task. You either put the cronjob in the global crontab file `/etc/crontab` or you edit your own crontab with `crontab -e`.  There are two ways to accomplish this task. You either put the cronjob in the global crontab file `/etc/crontab` or you edit your own crontab with `crontab -e`. 
          
     $ crontab -e      $ crontab -e
          
   
 (this command invokes your favorite text editor specified by `$EDITOR` environment variable or `VISUAL`, by default `/usr/bin/vi`).  (this command invokes your favorite text editor specified by `$EDITOR` environment variable or `VISUAL`, by default `/usr/bin/vi`). 
   
 Add a cronjob:  Add a cronjob: 
          
     0 23 * * *     sh /my/home/shellskript      0 23 * * *     sh /my/home/shellskript
          
   
 Here, the script will be run all days at 23:00. The fields order is minute, hour, day of month, month and day of week; the last field is the command to run. See [crontab(5)](http://netbsd.gw.com/cgi-bin/man-cgi?crontab+5+NetBSD-current) for details. List your current crontab:  Here, the script will be run all days at 23:00. The fields order is minute, hour, day of month, month and day of week; the last field is the command to run. See [crontab(5)](http://netbsd.gw.com/cgi-bin/man-cgi?crontab+5+NetBSD-current) for details. List your current crontab: 
          
   
 $ crontab -l  $ crontab -l
          
   
 As root you can see and edit any users crontab by supplying `-u` username  As root you can see and edit any users crontab by supplying `-u` username 
          
     # crontab -l -u john      # crontab -l -u john
          
   
 or edit it  or edit it 
          
     # crontab -e -u john      # crontab -e -u john
          
   
 When using the global `/etc/crontab` you have to supply the user who is executing the cronjob:  When using the global `/etc/crontab` you have to supply the user who is executing the cronjob: 
          
     # vi /etc/crontab      # vi /etc/crontab
     0 22 * * *    john    sh /johns/work/shellskript      0 22 * * *    john    sh /johns/work/shellskript
          
   

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb