Архивы по Категориям: Фря

shadowsocks, v2ray, cloudflare

для чего оно надо писать не буду. кому надо тот поймет.
по настройкам клаудфлары и регистрации домена на фрином почитайте.

root@mx2/usr/local/etc/shadowsocks-libev> cat config.json
{
    "server":"94.XXXX.XXXX.XXXX",
    "server_port":80,
    "local_port":1080,
    "password":"GXXXXXXXXXXXXz",
    "timeout":600,
    "method":"chacha20-ietf-poly1305",
    "fast_open": true,
    "dns":"1.1.1.1",
    "nameserver": "1.1.1.1",
    "reuse_port": true,
    "mode": "tcp_and_udp",
    "plugin":"/usr/local/etc/shadowsocks-libev/v2ray-plugin_freebsd_amd64",
    "plugin_opts": "server;host=XXXXXXXXX.cf" <- Freenom!!!
}
root@mx2/usr/local/etc/shadowsocks-libev>

обратим внимание что в строке plugin_opts мы указываем “левый” домен для клаудфлары

внимание, в качестве сервера указываем любой IP-адрес клаудфлары (https://www.cloudflare.com/ips/).
опции плагина http;obfs-host=XXXXXXXXX.cf; (тот домен что регали на фриноме)

заморачиваться с сертификатами не хотел. может потом как нибудь сделаю.

Shadowsocks, v2ray, letsencrypt, tls

root@mx2/usr/local/etc/shadowsocks-libev> cat config.json
{
"server":"94.XXX.XXX.90",
"server_port":443,
"local_port":1080,
"password":"GXXXXXXXXXXXXz",
"timeout":600,
"method":"chacha20-ietf-poly1305",
"fast_open": true,
"dns":"1.1.1.1",
"nameserver": "1.1.1.1",
"reuse_port": true,
"mode": "tcp_and_udp",
"plugin":"/usr/local/etc/shadowsocks-libev/v2ray-plugin_freebsd_amd64",
"plugin_opts": "server;tls;host=sat-XXXXX.com;cert=/usr/local/etc/letsencrypt/live/sat-XXXXX.com/fullchain.pem;key=/usr/local/etc/letsencrypt/live/sat-XXXXX.com/privkey.pem"
}

Установка SIP003 plugin for shadowsocks на FreeBSD

скачиваем плагин

root@mx2/usr/local/etc/shadowsocks-libev> wget -c https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.1.0/v2ray-plugin-freebsd-amd64-v1.1.0.tar.gz

распаковываем и присваиваем атрибуты

tar -xvzf v2ray-plugin-freebsd-amd64-v1.1.0.tar.gz
chown root:wheel v2ray-plugin_freebsd_amd64

правим конфиг

root@mx2/usr/local/etc/shadowsocks-libev>cat config.json
{
"server":"94.XXX.XXX.XXX",
"server_port":993,
"local_port":1080,
"password":"GXXXXXXXXXXXXXXXXXXz",
"timeout":600,
"method":"chacha20-ietf-poly1305",
"fast_open": true,
"dns":"1.1.1.1",
"nameserver": "1.1.1.1",
"reuse_port": true,
"mode": "tcp_and_udp",
"plugin":"/usr/local/etc/shadowsocks-libev/v2ray-plugin_freebsd_amd64",
"plugin_opts":"server"
}
root@mx2/usr/local/etc/shadowsocks-libev&gt;

тестовый запуск

root@mx2/usr/local/etc/shadowsocks-libev&gt; /usr/local/bin/ss-server -c /usr/local/etc/shadowsocks-libev/config.json
2019-06-03 10:46:21 ERROR: tcp fast open is not supported by this environment
2019-06-03 10:46:21 INFO: plugin "/usr/local/etc/shadowsocks-libev/v2ray-plugin_freebsd_amd64" enabled
2019-06-03 10:46:21 INFO: UDP relay enabled
2019-06-03 10:46:21 INFO: initializing ciphers... chacha20-ietf-poly1305
2019-06-03 10:46:21 INFO: using nameserver: 1.1.1.1
2019-06-03 10:46:21 INFO: tcp server listening at 127.0.0.1:21673
2019-06-03 10:46:21 INFO: tcp port reuse enabled
2019-06-03 10:46:21 INFO: udp server listening at 94.XXX.XXX.XXX:993
2019-06-03 10:46:21 INFO: udp port reuse enabled
2019-06-03 10:46:21 INFO: running from root user
2019/06/03 10:46:21 V2Ray 4.16 (Po) Custom
2019/06/03 10:46:21 A unified platform for anti-censorship.
2019/06/03 10:46:21 [Warning] v2ray.com/core: V2Ray 4.16 started
2019/06/03 10:48:16 tcp:178.XXX.XX.XXX:53085 accepted tcp:127.0.0.1:0
2019/06/03 10:48:16 tcp:178.XXX.XX.XXX:53086 accepted tcp:127.0.0.1:0
2019/06/03 10:48:43 tcp:178.XXX.XX.XXX:53094 accepted tcp:127.0.0.1:0
2019/06/03 10:48:43 tcp:178.XXX.XX.XXX:53093 accepted tcp:127.0.0.1:0
2019/06/03 10:49:16 tcp:178.XXX.XX.XXX:53102 accepted tcp:127.0.0.1:0
2019/06/03 10:49:16 tcp:178.XXX.XX.XXX:53103 accepted tcp:127.0.0.1:0

Качаем и добавляем плагин к виндовому клиенту ShadowSocks

Named & DNSSEC


root@mx2/usr/local/etc> cd namedb/
root@mx2/usr/local/etc/namedb> ls -l
total 154
-rw-r--r-- 1 root wheel 2761 30 сент. 04:48 bind.keys
drwxr-xr-x 2 bind bind 2 4 нояб. 2016 dynamic
drwxr-xr-x 2 root wheel 9 4 окт. 13:42 master
-rw-r--r-- 1 root wheel 23811 6 марта 2018 named.conf
-rw-r--r-- 1 root wheel 21682 30 сент. 04:48 named.conf.sample
-rw-r--r-- 1 root wheel 3402 30 сент. 04:48 named.root
-rw-r--r-- 1 root wheel 868 30 сент. 04:48 rndc.conf.sample
-rw------- 1 bind wheel 97 1 дек. 2016 rndc.key
drwxr-xr-x 2 bind bind 2 4 нояб. 2016 slave
drwxr-xr-x 2 bind bind 4 4 окт. 13:42 working
root@mx2/usr/local/etc/namedb> mkdir keys
root@mx2/usr/local/etc/namedb> chown bind:bind keys/

root@mx2/usr/local/etc/namedb> cd keys/
root@mx2/usr/local/etc/namedb/keys> dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE sat-expert.com
Generating key pair..................................+++ .....+++
Ksat-expert.com.+005+62341
root@mx2/usr/local/etc/namedb/keys> ls -l
total 18
-rw-r--r-- 1 root bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 root bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private

root@mx2/usr/local/etc/namedb/keys> chown bind:bind *
root@mx2/usr/local/etc/namedb/keys> ls -l
total 18
-rw-r--r-- 1 bind bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 bind bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private
root@mx2/usr/local/etc/namedb/keys>

root@mx2/usr/local/etc/namedb/keys> dnssec-keygen -a RSASHA1 -b 2048 -n ZONE sat-expert.com
Generating key pair.......+++ ..........+++
Ksat-expert.com.+005+09855
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys> ls -l
total 36
-rw-r--r-- 1 root bind 611 26 окт. 09:28 Ksat-expert.com.+005+09855.key
-rw------- 1 root bind 1774 26 окт. 09:28 Ksat-expert.com.+005+09855.private
-rw-r--r-- 1 bind bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 bind bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys> chown bind:bind *
root@mx2/usr/local/etc/namedb/keys>

root@mx2/usr/local/etc/namedb/keys> dnssec-dsfromkey Ksat-expert.com.+005+62341
sat-expert.com. IN DS 62341 5 1 3CC84FB07C5612D4689D047400AF16B95BCB8E26
sat-expert.com. IN DS 62341 5 2 FD2D55BF60B8AC0808751E2CDAC8123F3748F05F7C9190BB21A24C3ED5BB416F
root@mx2/usr/local/etc/namedb/keys>

dig sat-expert.com +dnssec

dig +dnssec -t any @a.gtld-servers.net sat-expert.com.

&nbsp;

Установка StrongSwan на FreeBSD c максимальной совместимостью IKEv2

DisclaimerСтатья не более чем заметка для самого себя. Вопросы Почему Фря, почему Strongswan – не обсуждаются.

Что такое IPSec\IKEv2 гугль знает все. В данной конфигурации strongswan мы получаем максимальную совместимость со всеми платформами IOS/Mac OS/Windows/Android без установки сторонних приложений и клиентов.

Уточню, я уже использую сертификаты LetsEncrypt c Apache/Nginx/Postfix/Dovecote поэтому буду использовать их с StrongSwan.

pkg install strongswan

в /etc/rc.conf добавляем

strongswan_enable="YES"
#
gateway_enable="YES"

создаем симлинки на существующие сертификаты letsencrypt

cd /usr/local/etc/ipsec.d/cacerts
ln -sf /usr/local/etc/letsencrypt/live/site.com/chain.pem chain.pem
cd ../certs/
ln -sf /usr/local/etc/letsencrypt/live/site.com/fullchain.pem fullchain.pem
cd /usr/local/etc/ipsec.d/private
ln -sf /usr/local/etc/letsencrypt/live/site.com/privkey.pem privkey.pem

приводим файл /usr/local/etc/ipsec.conf к виду

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug = ike 3, cfg 3

conn %default
dpdaction=clear
dpddelay=35s
dpdtimeout=2000s

fragmentation=yes
rekey=no
keyexchange=ikev2
auto=add
reauth=no
compress=yes

left=%any
leftsubnet=0.0.0.0/0
leftcert=fullchain.pem
leftfirewall=yes
leftsendcert=always

right=%any
rightsourceip=192.168.103.0/24
rightdns=213.133.98.98,213.133.99.99,213.133.100.100

eap_identity=%identity

# IKEv2
conn IPSec-IKEv2
keyexchange=ikev2
auto=add

# BlackBerry, Windows, Android
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2

# macOS, iOS
conn IKEv2-MSCHAPv2-Apple
also="IPSec-IKEv2"
rightauth=eap-mschapv2
leftid=mx2.sat-expert.com

# Android IPsec Hybrid RSA
conn IKEv1-Xauth
keyexchange=ikev1
rightauth=xauth
auto=add

ipsec.secrets к виду

root@mx2/usr/local/etc> cat ipsec.secrets
# filename of private key located in /usr/local/etc/ipsec.d/private/
: RSA privkey.pem

# syntax is `username : EAP "plaintextpassword"`
usr1 : EAP "password1"
usr2 : EAP "password2"
usr3 : EAP "password3"
#user2 : XAUTH "password2"
root@mx2/usr/local/etc>

в правила pf добавляем правила нат-а для впн подсети

table <it> persist { 192.168.103.0/24 }
ext_if="em0"
nat on $ext_if inet from <it> to any port != smtp -> ($ext_if)

на фв не забываем открыть UDP порты 500/4500

запускаем strongswan и смотрим что у нас происходит

ipsec start –nofork

Пока можем настроить удаленный клиент.

Пример для IOS

Пример для Mac OS

пробуем коннектится удаленным клиентом. если все нормально – запускаем strongswan как сервис.

service strongswan start

в противном случае смотрим лог и пользуемся tcpdump

Удачи 🙂

Сертификаты Let’s Encrypt и их практическое применение.

Наконец вышел из бетты проект Let’s Encrypt по выдаче бесплатных сертификатов для всех желающих.

Let’s Encrypt — это некоммерческая инициатива, предоставляющая бесплатный, автоматизированный и открытый CA (certificate authority — центр сертификации), созданный ISRG на благо общества.

Решил опробовать его на своем блоге. В итоге по тесту SSLLabs имеем класс секретности “А”

Снимок экрана 2015-12-08 в 15.17.24

Вместе с изучением первоисточников процесс установки занял пару часов. Не будем спорить о принципе работы центра сертификации, сроках жизни сертификатов, необходимости автоматизировать процесс их получения да и вообще о том что продажа сертификатов в моем понимании приравнивается к продаже воздуха по заоблачным ценам.

Респект и уважуха проекту Let’s Encrypt.

В процессе использовались материалы:
Let’s Encrypt on a FreeBSD NGINX reverse proxy
Let’s Encrypt выходит в публичную бету: HTTPS всюду, каждому, отныне и навсегда бесплатно
Setting up HSTS in nginx

Лег диск в рейде на hetzner

В очередной раз. С момента прошлой замены прошло 224 дня.

camcontrol devlist

&lt;ST3750528AS CC46&gt; at scbus0 target 0 lun 0 (ada0,pass0)
&lt;WDC WD7500AALX-009BA0 15.01H15&gt; at scbus1 target 0 lun 0 (ada1,pass1)

root@mx1/root&gt; ls /dev/ada?
/dev/ada0 /dev/ada1

root@mx1/root&gt; gmirror status
Name Status Components
mirror/gm0 DEGRADED ada1s1 (ACTIVE)
root@mx1/root&gt;

битый диск прожил 23757 hours (989 days + 21 hours). ну что ж…

[su_spoiler]

root@mx1/usr/home/vvs>
root@mx1/usr/home/vvs> /usr/local/sbin/smartctl -a /dev/ada0
smartctl 6.4 2015-06-04 r4109 [FreeBSD 9.3-STABLE amd64] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Blue
Device Model: WDC WD7500AALX-009BA0
Serial Number: WD-WCATR7461233
LU WWN Device Id: 5 0014ee 25b4c70ec
Firmware Version: 15.01H15
User Capacity: 750 156 374 016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is: Tue Jul 28 10:03:05 2015 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (11100) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 130) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SCT capabilities: (0x3037) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0027 199 178 021 Pre-fail Always - 3050
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 31
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0
7 Seek_Error_Rate 0x002e 100 253 000 Old_age Always - 0
9 Power_On_Hours 0x0032 070 070 000 Old_age Always - 22524
10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0
11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 28
192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 24
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 6
194 Temperature_Celsius 0x0022 107 090 000 Old_age Always - 40
196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 22513 -
# 2 Extended offline Completed without error 00% 22506 -
# 3 Extended offline Completed without error 00% 21234 -
# 4 Extended offline Completed without error 00% 21160 -
# 5 Extended offline Completed without error 00% 17275 -
# 6 Extended offline Completed without error 00% 17249 -
# 7 Extended offline Completed without error 00% 12639 -
# 8 Extended offline Completed without error 00% 11053 -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

root@mx1/usr/home/vvs>

[/su_spoiler]

[su_spoiler]

root@mx1/usr/home/vvs>
root@mx1/usr/home/vvs> /usr/local/sbin/smartctl -a /dev/ada0
smartctl 6.4 2015-06-04 r4109 [FreeBSD 9.3-STABLE amd64] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Blue
Device Model: WDC WD7500AALX-009BA0
Serial Number: WD-WCATR7461233
LU WWN Device Id: 5 0014ee 25b4c70ec
Firmware Version: 15.01H15
User Capacity: 750 156 374 016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is: Tue Jul 28 10:03:05 2015 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (11100) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 130) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SCT capabilities: (0x3037) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0027 199 178 021 Pre-fail Always - 3050
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 31
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0
7 Seek_Error_Rate 0x002e 100 253 000 Old_age Always - 0
9 Power_On_Hours 0x0032 070 070 000 Old_age Always - 22524
10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0
11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 28
192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 24
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 6
194 Temperature_Celsius 0x0022 107 090 000 Old_age Always - 40
196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 22513 -
# 2 Extended offline Completed without error 00% 22506 -
# 3 Extended offline Completed without error 00% 21234 -
# 4 Extended offline Completed without error 00% 21160 -
# 5 Extended offline Completed without error 00% 17275 -
# 6 Extended offline Completed without error 00% 17249 -
# 7 Extended offline Completed without error 00% 12639 -
# 8 Extended offline Completed without error 00% 11053 -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

root@mx1/usr/home/vvs>

[/su_spoiler]

разбираем gmirror

gmirror forget gm0

и пишем письмо в поддержку.
Good day.
We are experiencing problems with the hard drive Seagate Barracuda w serial number 9VP2SZL7.
It is subject to physical change. Kindly requested to replace the drive as quickly as possible.

Please don’t take any other actions except HDD replacement – don’t install recoverty image, etc.

Thanks in advance!

ну что я могу сказать – заменили за пол часа.
после замены

[su_spoiler]

root@mx1/usr/home/vvs>
root@mx1/usr/home/vvs> /usr/local/sbin/smartctl -a /dev/ada0
smartctl 6.4 2015-06-04 r4109 [FreeBSD 9.3-STABLE amd64] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Blue
Device Model: WDC WD7500AALX-009BA0
Serial Number: WD-WCATR7461233
LU WWN Device Id: 5 0014ee 25b4c70ec
Firmware Version: 15.01H15
User Capacity: 750 156 374 016 bytes [750 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is: Tue Jul 28 10:03:05 2015 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (11100) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 130) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SCT capabilities: (0x3037) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0027 199 178 021 Pre-fail Always - 3050
4 Start_Stop_Count 0x0032 100 100 000 Old_age Always - 31
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - 0
7 Seek_Error_Rate 0x002e 100 253 000 Old_age Always - 0
9 Power_On_Hours 0x0032 070 070 000 Old_age Always - 22524
10 Spin_Retry_Count 0x0032 100 253 000 Old_age Always - 0
11 Calibration_Retry_Count 0x0032 100 253 000 Old_age Always - 0
12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 28
192 Power-Off_Retract_Count 0x0032 200 200 000 Old_age Always - 24
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 6
194 Temperature_Celsius 0x0022 107 090 000 Old_age Always - 40
196 Reallocated_Event_Count 0x0032 200 200 000 Old_age Always - 0
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0030 200 200 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x0032 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - 0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 22513 -
# 2 Extended offline Completed without error 00% 22506 -
# 3 Extended offline Completed without error 00% 21234 -
# 4 Extended offline Completed without error 00% 21160 -
# 5 Extended offline Completed without error 00% 17275 -
# 6 Extended offline Completed without error 00% 17249 -
# 7 Extended offline Completed without error 00% 12639 -
# 8 Extended offline Completed without error 00% 11053 -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

root@mx1/usr/home/vvs>

[/su_spoiler]
диск впердолили такой же старый. за новый просят 41 ойро.

9 Power_On_Hours 0x0032 070 070 000 Old_age Always – 22524

попробуем сколько протянет этот диск.

вставляем его в gmirror и ждем конца синхронизации …

root@mx1/usr/home/vvs&gt; gmirror insert gm0 /dev/ada0

root@mx1/usr/home/vvs&gt; gmirror status
Name Status Components
mirror/gm0 DEGRADED ada1s1 (ACTIVE)
ada0 (SYNCHRONIZING, 0%)
root@mx1/usr/home/vvs&gt;

freebsd, php, extensions.ini

cat /usr/local/etc/php/extensions.ini | sort > /usr/local/etc/php/extensions.ini_new

cp /usr/local/etc/php/extensions.ini_new /usr/local/etc/php/extensions.ini

apachectl restart

еще можно переносить в самый конец

extension=mysql.so
extension=mysqli.so
extension=imap.so
extension=sockets.so
extension=memcache.so

 

spamassassin, razor

Razor2 port 2307 TCP – открыть

#mkdir /usr/local/var/razor
#razor-admin -home=/usr/local/var/razor -register
#razor-admin -home=/usr/local/var/razor -create
#razor-admin -d -home=/usr/local/var/razor -discover

spamassassin
local.cf

#razor
use_razor2 1
razor_config /usr/local/var/razor/razor-agent.conf

score RAZOR2_CHECK 2.500
score PYZOR_CHECK 2.500
score DCC_CHECK 4.000

vim /usr/local/var/razor/razor-agent.conf

добавить
razorhome = /usr/local/var/razor/

проверяем

spamassassin -t -D razor2 < 111.eml spamassassin -t -D dcc < 111.eml

найти самые большие 10 файлов

[cce]
du -a /var | sort -n -r | head -n 15
[/cce]