DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th August 2010
sharris sharris is offline
Package Pilot
 
Join Date: Jun 2010
Posts: 146
Thanked 0 Times in 0 Posts
Default XFCE on a production Web-Server?

Hello again!

I got another problem .. I'm HOOK. I learned so many BSD commands that I like command-line mode and fear that I might mess things up by installing X-Windows because this is my "MAIN" "practice install" that will go into production someday with the claim of being a very secure system running some great web services, namely Apache, MySql and other needed light-weight web applications. It may be only one of the millions of lonely servers out there but it would make me feel sooooooo good inside that my claim is true. I realize that it's not hard to make FreeBSD un-secure by running or even having the wrong applications on it. My question is, is it common place to install XFCE on a production web-server but never use it while in production because all services will be jailed tight anyway? Are there others? Are there any security issues by installing these applications? Will it slow the machine down while in production even if XFCE is turn-off? I think by including a small Windows-Manager I can get to things quicker and test things at any time than shut it off, put it back in production like nothing never happen. Is this the way it is done? Or does it still have an effect on speed and security even while off?

Also, what are the most recommended programs to be installed based on running as a production web-server? I don't mean to burn up the FORUM by posting every other day but things are about to get hot and I don't want to screw up my most important image of FreeBSD-64. I hope some people will address a few of these question if not all.

Thanks again in advance


This is what got me going.

http://freebsd-custom.wikidot.com/start
Reply With Quote
  #2   (View Single Post)  
Old 20th August 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Full disclosure: my first thought at seeing this thread title was, "Are you kidding?".


If X/Xfce are not running they will waste nothing but disk space; +/- resources used to keep them up to date. You can tell better than anyone on the forum, whether or not that waste is an issue for you.


If an attacker is able to gain sufficient access that they can start the X server and gain an Xfce session, you've already lost part of the battle. Similar arguments hold for having development tools installed (gcc, autotools, perl, python, ruby, ...)

You sound like you don't need Xfce to manage your system, so I'm not sure what your interest is in it, based on what you've written anyway. You can always remove Xfce later if needed; such as using it as a temporary workstation during testing and later moving it out as a dedicated server.

I would not recommend running Xfce while the machine is deployed and under a serious load.


To the rest (e.g. apps), all I can say without quoting Frodo Baggins, is specifics matter.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #3   (View Single Post)  
Old 20th August 2010
sharris sharris is offline
Package Pilot
 
Join Date: Jun 2010
Posts: 146
Thanked 0 Times in 0 Posts
Default

Thanks TerryP, The great thing about googling and a forum is n00b's hear it from people of experence. For the average, we only pick-up/get the bits and pieces in the class room. After 3:00PM the teacher beat us out the door. It take years to finally experience what we learn by being on the job that require you to have 20 years experience with 12 years of school (programming in 20 lang). Do a INTERNET job search these days and you see what I mean. It's insane and all for less than 6-figures in the U.S. since 1989! I read here that you was raise or "LIVE" around computers for most of your life. It might be second nature to you but your words are pure gold to me and others like me. Thanks putting up with this n00b of n00b's.

Quote:
If an attacker is able to gain sufficient access that they can start the X server and gain an Xfce session, you've already lost part of the battle. Similar arguments hold for having development tools installed (gcc, autotools, perl, python, ruby, ...)
So as long as we use "STRONG" pw most BSD's, can truly takes care of its own. Since I plan to only offer Apache running web-site for each user with-in jails stronger than the Alcatraz Penitentiary, users will not have acess to c++, gcc, autotools, perl, python, ruby, etc. I may even delete them at production time where root can't even use them . If a user need something, build it or place the order, upload your own .. Catch is, it get scanned first.

Quote:
You sound like you don't need Xfce to manage your system, so I'm not sure what your interest is in it, based on what you've written anyway.
To program in c++, asm and perl and to run a very secure web-server that I can understand and monitor every piece of it as if it was only a simple hobby and not a job, and to know how to network with this remote dedicated server like the back of my hand, securely.

Quote:
You can always remove Xfce later if needed; such as using it as a temporary workstation during testing and later moving it out as a dedicated server.
Someone gave me a clue in a recent thread but I didn't completely understand so I asked again. "temporary workstation" now I get it ... and to know that off means OFF is GREAT. I'm from the world of Windows and that's not the case with windows because it leave traces all over the machine than keep sub-hidden history (the kind of sh*t that pops up behind un-standard style coding making the coder think he got a bug. I saw it all and tried to tell others who did not believe it) but that's another story. For now it's enough to know that for BSD the only concern is what's left over in /tmp. I can live with that. No more "hidden for OS use only" sub-sub-sub sh*t.

Quote:
I would not recommend running Xfce while the machine is deployed and under a serious load.

To the rest (e.g. apps), all I can say without quoting Frodo Baggins, is specifics matter.
I'm going to install manolis world soon. Thanks for lifting all my fears about X-WINDOWS TerryP. I don't plan to run nothing even close to like that at production.

I never thought of this until now: All I got to do it hit the switch to run a script that will swap rc.conf and loader.conf and/or loader.rc . It be like having two FreeBSD's build into one .. WoW Behind some serious set-up I think this is the way to do it with ease ..
Reply With Quote
  #4   (View Single Post)  
Old 21st August 2010
sharris sharris is offline
Package Pilot
 
Join Date: Jun 2010
Posts: 146
Thanked 0 Times in 0 Posts
Default

Quote:
You sound like you don't need Xfce to manage your system, so I'm not sure what your interest is in it, based on what you've written anyway.
Only for gEdit or something more useable to write scripts and programs with. I ready don't want to install it. Is there an editor for screen that you don't have to install x-windows to make it work? vi is no fun. ee is alright. I guest is i'm stuck or install a window-manage.

Last edited by sharris; 21st August 2010 at 06:44 PM.
Reply With Quote
  #5   (View Single Post)  
Old 21st August 2010
Pjoter's Avatar
Pjoter Pjoter is offline
Shell Scout
 
Join Date: Sep 2008
Posts: 92
Thanked 7 Times in 7 Posts
Default

Emacs?
Reply With Quote
  #6   (View Single Post)  
Old 22nd August 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

For coding, (n)vi is the best editor in the FreeBSD base system IMHO, but it isn't for everyone. I use vim.

I would suggest taking a look at 'mg', it's a very simple (and small) emacs style editor. OpenBSD wrote it, and includes it along side nvi in much the same way FreeBSD has ee - you can install editors/mg from FreeBSD ports.

Others to look at include nano, pico, uemacs, and jove. All can be found in ports and are easy to use. Jove is the most complex, as it's closer to GNU Emacs and XEmacs. Which are also usable from a terminal.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #7   (View Single Post)  
Old 22nd August 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by TerryP View Post
OpenBSD wrote it...
Almost.

The OpenBSD project now maintains mg(1), but it did not originate there. From the README:
Code:
Mg (mg) is a Public Domain EMACS style editor.  It is "broadly"
compatible with GNU Emacs, the latest creation of Richard M.
Stallman, Chief GNUisance and inventor of Emacs.  GNU Emacs (and other
portions of GNU as they are released) are essentially free, (there are
handling charges for obtaining it) and so is Mg.  You may never have
to learn another editor.  (But probably will, at least long enough to
port Mg...)  Mg was formerly named MicroGnuEmacs, the name change was
done at the request of Richard Stallman.
For entertainment:
  • Invoke the editor.
  • Enter "Alt-x theo" & press "Return" twice.
  • Continuing to press "Return" displays notable random quotes from Theo de Raadt.
  • Entering "Ctrl-x Ctrl-c" exits the editor.
All quotes/rants can be found in mg's theo.c.

Reply With Quote
  #8   (View Single Post)  
Old 23rd August 2010
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 330
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by ocicat View Post
All quotes/rants can be found in mg's theo.c.
I really, really shouldn't have taken the time to read those quotes. I'm left with a sense of confusion now at this one: "I would rather run Windows than use vi."

Wow.
Reply With Quote
  #9   (View Single Post)  
Old 23rd August 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Everyone has their own editor preference, there is a reason why OpenBSD includes both a vi implementation and a minimal emacs clone.

Some of the other developers started the theo.c file just because of some of the funny & clever things he says sometimes, on the lists and in private.
Reply With Quote
Old 23rd August 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Quote:
Originally Posted by ocicat View Post
Almost.
Ahh, sorry; thoguht it was a from-scratcher. Guess it is possible to shrink something down to size after all, hehehe.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
Old 24th August 2010
sharris sharris is offline
Package Pilot
 
Join Date: Jun 2010
Posts: 146
Thanked 0 Times in 0 Posts
Default

I decided to go ahead and install XFCE4 to use Mousepad so i can write scripts and programs quicker. I ran into something kind of strange. Since reading nearly everywhere I go, they say "you can remove the entire local folder if nothing is in it but X11 and XFCE4 and you would actually be removed everything system related for it except what you wrote in rc.conf". I just found out it's only a roomer.

This is what I did:

I copied the /usr/local to a flash drive yesterday. This morning I made 5 shortcuts on the desktop,(Application Finder, Mousepad, Thunbar etc). Just a few hours ago I deleted the entire /usr/local than rebooted "for clean memory" since I knew I had a back-up. After rebooting, I typed "pkg_add" on the command-line and it showed all the files that I installed in the /usr/local and the files are not even on the machine. So, I pop in my flash drive and I put the /usr/local directory back on the machine. I typed startxfce4 on the command-line. Would you believe all 5 shortcut were in place with the same font setting that I had changed far difference that what I saved yesterday.

This proves that all files was not installed in /usr/local and I used "pkg_add -L a", which gives you the FullPathName of all files, so all needed information was not given by the system it seems. Glad I did this. I like knowing where everything is. Do anyone know where is FreeBSD keeping these setting? The FreeBSD documentation says nothing about this, including X11 and XFCE4.

I think I'm going to try Emacs. I always wanted to try it but didn't know how to install anything that seem too technical. Now that I installed XFCE ... the third INSTALL gave me the minimize button in the title-bar ALL because of the order of INSTALL, now I'm ready to try them ALL

http://freebsd-custom.wikidot.com/start

The trick was to install one set at a time .. X11 than XFCE instead of checking everything at one time during pkg_add. I got the clue from here but I lost the original page that said "Order is Important".

http://www.xfce.org/documentation/4.2/manuals/xfdesktop
Reply With Quote
Old 24th August 2010
sharris sharris is offline
Package Pilot
 
Join Date: Jun 2010
Posts: 146
Thanked 0 Times in 0 Posts
Default

I guest you live and you learn... I change the name of a file with the word terminal in /var/log and when I went back to XFCE the terminal was white and had no menu but it still worked. But I still can't find what holds the pkg_add entries. Here's a few other files I found. Now I see ... Programs use var and tmp so there no reason to document it.

Code:
/tmp/fam-root			empty folder
/var/log/ConsoleKit		empty folder
/var/log/Xorg.0.log		log file
/var/log/cups			empty folder

/var/tmp/.xfsm-ICE-SQA9HV	txt file > remove protoname=ICE protodata etc, etc
/var/tmp/dbus-3LmXfGNHtA	srwxrwxrwx	0byte 11 files of same type
/var/tmp/cache	hald dir with running exec - cups dir empty
Reply With Quote
Old 25th August 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

pkg_add and company uses the files in /var/db/pkg. Opening the files in the relavent sub directory will usually turn up most things. If you use portupgrade, you will also have a database file in BDB format, named something like pkgdb.db.

Could you be a little more specific about what you are looking far? :-).
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO: Lightest XFCE - Making XFCE lighter and faster vermaden Guides 27 2nd September 2010 12:24 PM
FreeBSD ZFS considered production ready in FreeBSD 8 aleunix News 1 24th November 2009 04:11 PM
consider OpenVPN production-grade solution? nimnod Off-Topic 1 26th March 2009 12:22 AM
xfce darken FreeBSD Ports and Packages 4 31st July 2008 05:28 PM
production server upkeep question goku FreeBSD Installation and Upgrading 3 10th June 2008 02:37 AM


All times are GMT. The time now is 12:12 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick