la_vecchia_wiki_moinmoin/Caronte.html

212 lines
32 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Caronte</title>
<link rel="stylesheet" type="text/css" media="all" charset="utf-8" href="acaro/css/common.css">
<link rel="stylesheet" type="text/css" media="screen" charset="utf-8" href="acaro/css/screen.css">
<link rel="stylesheet" type="text/css" media="print" charset="utf-8" href="acaro/css/print.css">
<style type="text/css">
ul.pagetitle{
display: inline;
margin: 0;
padding: 0;
font-size: 1.5em;
}
li.pagetitle{
display: inline;
margin: 0;
}
td.noborder {
border: 0;
}
</style>
</head>
<body>
<table>
<tr>
<td class="noborder">
<img src="logo.png" width="85" height="85">
</td>
<td class="noborder">
<ul class="pagetitle">
<li class="pagetitle"><a class="backlink">Caronte</a>
</ul>
<br><br>
[<a href="FrontPage.html">FrontPage</a>]
</td>
</tr>
</table>
<hr>
<div id="page">
<div dir="ltr" id="content" lang="it"><span class="anchor" id="top"></span>
<span class="anchor" id="line-1-16"></span><span class="anchor" id="line-2-14"></span><span class="anchor" id="line-3-9"></span><p class="line867">
<h1 id="Caronte-1">Caronte</h1>
<span class="anchor" id="line-4-8"></span><span class="anchor" id="line-5-6"></span><p class="line874">Caronte è il router di Unit. Sarà anche il router di Macao? Verificare con <span class="anchor" id="line-6-6"></span>Accio. <span class="anchor" id="line-7-6"></span><span class="anchor" id="line-8-5"></span><p class="line867"><em>Nota: attualmente la macchina è accessibile solo tramite rete tor, in attesa <span class="anchor" id="line-9-4"></span>del setup definitivo della rete. Chiedere a <a href="./crudo.html">crudo</a> le credenziali.</em> <span class="anchor" id="line-10-4"></span><span class="anchor" id="line-11-4"></span><p class="line867">
<h2 id="Hardware">Hardware</h2>
<span class="anchor" id="line-12-4"></span><span class="anchor" id="line-13-4"></span><p class="line867"><em>To be done.</em> <span class="anchor" id="line-14-4"></span><span class="anchor" id="line-15-4"></span><p class="line867">
<h2 id="Installazione">Installazione</h2>
<span class="anchor" id="line-16-3"></span><span class="anchor" id="line-17-3"></span><p class="line874">Scaricare l'immagine di OpenBSD 6.0 amd64 <span class="anchor" id="line-18-2"></span>(<a class="http" href="http://openbsd.mirror.garr.it/pub/OpenBSD/6.0/amd64/install60.iso">mirror GARR</a>) <span class="anchor" id="line-19-1"></span>e masterizzarla su un CD. <span class="anchor" id="line-20-1"></span><span class="anchor" id="line-21-1"></span><p class="line874">Una volta avviato si presenterà un prompt che chiederà di avviare <span class="anchor" id="line-22-1"></span>l'installazione o ottenere una shell sulla live. Premere <tt class="backtick">S</tt> per ottenere la <span class="anchor" id="line-23-1"></span>shell. <span class="anchor" id="line-24-1"></span><span class="anchor" id="line-25-1"></span><p class="line862">Selezionare il layout della tastiera con il comando <tt class="backtick">kbd</tt>. Per una tastiera <span class="anchor" id="line-26-1"></span>italiana <tt class="backtick">kbd&nbsp;it</tt>. <span class="anchor" id="line-27-1"></span><span class="anchor" id="line-28-1"></span><p class="line862">Spostarsi in <tt class="backtick">/dev</tt> con <tt class="backtick">cd&nbsp;/dev</tt> ed eseguire i comandi <span class="anchor" id="line-29-1"></span><span class="anchor" id="line-30-1"></span><p class="line867"><span class="anchor" id="line-31-1"></span><span class="anchor" id="line-32-1"></span><span class="anchor" id="line-33-1"></span><span class="anchor" id="line-34-1"></span><pre><span class="anchor" id="line-1"></span>sh MAKEDEV sd0
<span class="anchor" id="line-2"></span>sh MAKEDEV sd1
<span class="anchor" id="line-3"></span>sh MAKEDEV sd2</pre><span class="anchor" id="line-35-1"></span><span class="anchor" id="line-36-1"></span><p class="line874">Il kernel creerà i device files necessari per il sistema. <span class="anchor" id="line-37-1"></span><span class="anchor" id="line-38-1"></span><p class="line867"><tt class="backtick">sd0</tt> e <tt class="backtick">sd1</tt> rappresentano i primi due devices SCSI che verranno inclusi nel <span class="anchor" id="line-39-1"></span>mirror, <tt class="backtick">sd2</tt> è il terzo disco SCSI spare, <tt class="backtick">sd3</tt> rappresenterà il device <span class="anchor" id="line-40-1"></span>virtuale del mirror dei primi due dischi. <span class="anchor" id="line-41-1"></span><span class="anchor" id="line-42-1"></span><p class="line874">Inizializzare una nuova tabella delle partizioni MBR su entrambi i dischi con <span class="anchor" id="line-43-1"></span><span class="anchor" id="line-44-1"></span><p class="line867"><span class="anchor" id="line-45-1"></span><span class="anchor" id="line-46-1"></span><span class="anchor" id="line-47-1"></span><pre><span class="anchor" id="line-1-1"></span>fdisk -iy sd0
<span class="anchor" id="line-2-1"></span>fdisk -iy sd1</pre><span class="anchor" id="line-48-1"></span><span class="anchor" id="line-49-1"></span><p class="line874">Quindi è necessario creare su entrambi i dischi due partizioni (nella corrente <span class="anchor" id="line-50-1"></span>installazione da 32GB) da usare per il mirror. <span class="anchor" id="line-51-1"></span><span class="anchor" id="line-52-1"></span><p class="line867"><span class="anchor" id="line-53-1"></span><span class="anchor" id="line-54-1"></span><span class="anchor" id="line-55-1"></span><span class="anchor" id="line-56-1"></span><span class="anchor" id="line-57-1"></span><span class="anchor" id="line-58-1"></span><span class="anchor" id="line-59-1"></span><span class="anchor" id="line-60-1"></span><span class="anchor" id="line-61-1"></span><span class="anchor" id="line-62-1"></span><span class="anchor" id="line-63-1"></span><span class="anchor" id="line-64"></span><span class="anchor" id="line-65"></span><span class="anchor" id="line-66"></span><span class="anchor" id="line-67"></span><span class="anchor" id="line-68"></span><pre><span class="anchor" id="line-1-2"></span>disklabel -E sd0
<span class="anchor" id="line-2-2"></span>&gt; a a
<span class="anchor" id="line-3-1"></span>&gt; offset: [enter]
<span class="anchor" id="line-4"></span>&gt; size: 32G
<span class="anchor" id="line-5"></span>&gt; FS type: RAID
<span class="anchor" id="line-6"></span>&gt; w
<span class="anchor" id="line-7"></span>&gt; x
<span class="anchor" id="line-8"></span>
<span class="anchor" id="line-9"></span>disklabel -E sd1
<span class="anchor" id="line-10"></span>&gt; a a
<span class="anchor" id="line-11"></span>&gt; offset: [enter]
<span class="anchor" id="line-12"></span>&gt; size: 32G
<span class="anchor" id="line-13"></span>&gt; FS type: RAID
<span class="anchor" id="line-14"></span>&gt; w
<span class="anchor" id="line-15"></span>&gt; x</pre><span class="anchor" id="line-69"></span><span class="anchor" id="line-70"></span><p class="line874">Inizializzare quindi il mirror: <span class="anchor" id="line-71"></span><span class="anchor" id="line-72"></span><p class="line867"><span class="anchor" id="line-73"></span><span class="anchor" id="line-74"></span><span class="anchor" id="line-75"></span><span class="anchor" id="line-76"></span><span class="anchor" id="line-77"></span><pre><span class="anchor" id="line-1-3"></span>bioctl -c 1 -l sd0a,sd1a softraid0
<span class="anchor" id="line-2-3"></span>sh MAKEDEV sd3
<span class="anchor" id="line-3-2"></span>dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
<span class="anchor" id="line-4-1"></span>fdisk -iy sd3</pre><span class="anchor" id="line-78"></span><span class="anchor" id="line-79"></span><p class="line874">I dischi sono pronti. Avviare quindi l'installazione guidata: <span class="anchor" id="line-80"></span><span class="anchor" id="line-81"></span><p class="line867"><span class="anchor" id="line-82"></span><span class="anchor" id="line-83"></span><span class="anchor" id="line-84"></span><span class="anchor" id="line-85"></span><span class="anchor" id="line-86"></span><span class="anchor" id="line-87"></span><span class="anchor" id="line-88"></span><span class="anchor" id="line-89"></span><span class="anchor" id="line-90"></span><span class="anchor" id="line-91"></span><span class="anchor" id="line-92"></span><span class="anchor" id="line-93"></span><span class="anchor" id="line-94"></span><span class="anchor" id="line-95"></span><span class="anchor" id="line-96"></span><span class="anchor" id="line-97"></span><span class="anchor" id="line-98"></span><span class="anchor" id="line-99"></span><span class="anchor" id="line-100"></span><span class="anchor" id="line-101"></span><span class="anchor" id="line-102"></span><span class="anchor" id="line-103"></span><span class="anchor" id="line-104"></span><span class="anchor" id="line-105"></span><span class="anchor" id="line-106"></span><span class="anchor" id="line-107"></span><span class="anchor" id="line-108"></span><span class="anchor" id="line-109"></span><span class="anchor" id="line-110"></span><span class="anchor" id="line-111"></span><span class="anchor" id="line-112"></span><span class="anchor" id="line-113"></span><span class="anchor" id="line-114"></span><span class="anchor" id="line-115"></span><span class="anchor" id="line-116"></span><span class="anchor" id="line-117"></span><span class="anchor" id="line-118"></span><span class="anchor" id="line-119"></span><span class="anchor" id="line-120"></span><span class="anchor" id="line-121"></span><span class="anchor" id="line-122"></span><span class="anchor" id="line-123"></span><span class="anchor" id="line-124"></span><span class="anchor" id="line-125"></span><span class="anchor" id="line-126"></span><span class="anchor" id="line-127"></span><span class="anchor" id="line-128"></span><span class="anchor" id="line-129"></span><span class="anchor" id="line-130"></span><span class="anchor" id="line-131"></span><span class="anchor" id="line-132"></span><span class="anchor" id="line-133"></span><span class="anchor" id="line-134"></span><span class="anchor" id="line-135"></span><span class="anchor" id="line-136"></span><span class="anchor" id="line-137"></span><span class="anchor" id="line-138"></span><span class="anchor" id="line-139"></span><span class="anchor" id="line-140"></span><span class="anchor" id="line-141"></span><span class="anchor" id="line-142"></span><span class="anchor" id="line-143"></span><span class="anchor" id="line-144"></span><span class="anchor" id="line-145"></span><pre><span class="anchor" id="line-1-4"></span>cd /
<span class="anchor" id="line-2-4"></span>
<span class="anchor" id="line-3-3"></span>install
<span class="anchor" id="line-4-2"></span>&gt; keyboard layout: it
<span class="anchor" id="line-5-1"></span>&gt; hostname: caronte
<span class="anchor" id="line-6-1"></span>&gt; network: done
<span class="anchor" id="line-7-1"></span>&gt; domain name: unit
<span class="anchor" id="line-8-1"></span>&gt; DNS: none
<span class="anchor" id="line-9-1"></span>&gt; root password: ****
<span class="anchor" id="line-10-1"></span>&gt; ssh: no
<span class="anchor" id="line-11-1"></span>&gt; X: no
<span class="anchor" id="line-12-1"></span>&gt; default console to com0: no
<span class="anchor" id="line-13-1"></span>&gt; setup user: no
<span class="anchor" id="line-14-1"></span>&gt; root disk: sd3
<span class="anchor" id="line-15-1"></span>&gt; choose partition: o
<span class="anchor" id="line-16"></span>&gt; choose layout: c
<span class="anchor" id="line-17"></span>
<span class="anchor" id="line-18"></span>&gt; a a
<span class="anchor" id="line-19"></span>&gt; offset: [enter]
<span class="anchor" id="line-20"></span>&gt; size: 5G
<span class="anchor" id="line-21"></span>&gt; FS type: [enter]
<span class="anchor" id="line-22"></span>&gt; mount point: /
<span class="anchor" id="line-23"></span>
<span class="anchor" id="line-24"></span>&gt; a e
<span class="anchor" id="line-25"></span>&gt; offset: [enter]
<span class="anchor" id="line-26"></span>&gt; size: 4G
<span class="anchor" id="line-27"></span>&gt; FS type: [enter]
<span class="anchor" id="line-28"></span>&gt; mount point: /var
<span class="anchor" id="line-29"></span>
<span class="anchor" id="line-30"></span>&gt; a f
<span class="anchor" id="line-31"></span>&gt; offset: [enter]
<span class="anchor" id="line-32"></span>&gt; size: 2G
<span class="anchor" id="line-33"></span>&gt; FS type: [enter]
<span class="anchor" id="line-34"></span>&gt; mount point: /usr
<span class="anchor" id="line-35"></span>
<span class="anchor" id="line-36"></span>&gt; a h
<span class="anchor" id="line-37"></span>&gt; offset: [enter]
<span class="anchor" id="line-38"></span>&gt; size: 4G
<span class="anchor" id="line-39"></span>&gt; FS type: [enter]
<span class="anchor" id="line-40"></span>&gt; mount point: /usr/local
<span class="anchor" id="line-41"></span>
<span class="anchor" id="line-42"></span>&gt; a j
<span class="anchor" id="line-43"></span>&gt; offset: [enter]
<span class="anchor" id="line-44"></span>&gt; size: 2G
<span class="anchor" id="line-45"></span>&gt; FS type: [enter]
<span class="anchor" id="line-46"></span>&gt; mount point: /usr/src
<span class="anchor" id="line-47"></span>
<span class="anchor" id="line-48"></span>&gt; a k
<span class="anchor" id="line-49"></span>&gt; offset: [enter]
<span class="anchor" id="line-50"></span>&gt; size: 2G
<span class="anchor" id="line-51"></span>&gt; FS type: [enter]
<span class="anchor" id="line-52"></span>&gt; mount point: /usr/obj
<span class="anchor" id="line-53"></span>
<span class="anchor" id="line-54"></span>&gt; w
<span class="anchor" id="line-55"></span>&gt; x
<span class="anchor" id="line-56"></span>
<span class="anchor" id="line-57"></span>&gt; other disks: done
<span class="anchor" id="line-58"></span>&gt; locations of sets: cd0
<span class="anchor" id="line-59"></span>&gt; pathname: [enter]
<span class="anchor" id="line-60"></span>&gt; -game60.tgz
<span class="anchor" id="line-61"></span>&gt; -x*
<span class="anchor" id="line-62"></span>&gt; done
<span class="anchor" id="line-63"></span>&gt; continue without verification: yes</pre><span class="anchor" id="line-146"></span><span class="anchor" id="line-147"></span><p class="line874">Una volta terminato si presenterà una shell. È necessario ora installare il <span class="anchor" id="line-148"></span>bootloader su entrambi i dischi: <span class="anchor" id="line-149"></span><span class="anchor" id="line-150"></span><p class="line867"><span class="anchor" id="line-151"></span><span class="anchor" id="line-152"></span><span class="anchor" id="line-153"></span><pre><span class="anchor" id="line-1-5"></span>installboot -v sd0 /mnt/usr/mdec/biosboot /mnt/usr/mdec/boot
<span class="anchor" id="line-2-5"></span>installboot -v sd1 /mnt/usr/mdec/biosboot /mnt/usr/mdec/boot</pre><span class="anchor" id="line-154"></span><span class="anchor" id="line-155"></span><p class="line874">Una buona idea è tenere la cartella /tmp in ram. Il parametro -s consente di <span class="anchor" id="line-156"></span>definire una dimensione: <span class="anchor" id="line-157"></span><span class="anchor" id="line-158"></span><p class="line867"><span class="anchor" id="line-159"></span><span class="anchor" id="line-160"></span><pre><span class="anchor" id="line-1-6"></span>echo "swap /tmp mfs rw,nodev,nosuid,-s=256M 0 0" &gt;&gt; /mnt/etc/fstab</pre><span class="anchor" id="line-161"></span><span class="anchor" id="line-162"></span><p class="line862">Il sistema è installato e pronto a bootare. Riavviare con <tt class="backtick">reboot</tt>. <span class="anchor" id="line-163"></span><span class="anchor" id="line-164"></span><p class="line867">
<h2 id="Cosa_ti_far.2BAOA_impazzire">Cosa ti farà impazzire</h2>
<span class="anchor" id="line-165"></span><span class="anchor" id="line-166"></span><ul><li><p class="line862">Il sistema <strong>non</strong> si spegne con <tt class="backtick">shutdown&nbsp;-h&nbsp;now</tt> come su Linux: <tt class="backtick">-h</tt> significa halt. Il che vuol dire che il kernel effettuerà le scritture in sul disco, terminerà i processi, e tutto ciò che è necessario, ma non spegnerà la macchina. Il comando per tirarla giù è <tt class="backtick">shutdown&nbsp;-p&nbsp;now</tt>, dove <tt class="backtick">-p</tt> sta per poweroff. <span class="anchor" id="line-167"></span><span class="anchor" id="line-168"></span></li></ul><p class="line867">
<h2 id="Update">Update</h2>
<span class="anchor" id="line-169"></span><span class="anchor" id="line-170"></span><p class="line862">Controlla che nel file <tt class="backtick">/etc/mk.conf</tt> sia presente: <span class="anchor" id="line-171"></span><span class="anchor" id="line-172"></span><p class="line867"><span class="anchor" id="line-173"></span><span class="anchor" id="line-174"></span><pre><span class="anchor" id="line-1-7"></span>SKIPDIR="games/"</pre><span class="anchor" id="line-175"></span><span class="anchor" id="line-176"></span><p class="line862">Se non hai mai aggiornato il sistema (<tt class="backtick">/usr/src</tt> vuota) allora esegui: <span class="anchor" id="line-177"></span><span class="anchor" id="line-178"></span><p class="line867"><span class="anchor" id="line-179"></span><span class="anchor" id="line-180"></span><span class="anchor" id="line-181"></span><pre><span class="anchor" id="line-1-8"></span>cd /usr
<span class="anchor" id="line-2-6"></span>cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_6_0 -P src</pre><span class="anchor" id="line-182"></span><span class="anchor" id="line-183"></span><p class="line874">Altrimenti esegui: <span class="anchor" id="line-184"></span><span class="anchor" id="line-185"></span><p class="line867"><span class="anchor" id="line-186"></span><span class="anchor" id="line-187"></span><span class="anchor" id="line-188"></span><pre><span class="anchor" id="line-1-9"></span>cd /usr/src
<span class="anchor" id="line-2-7"></span>cvs -q up -rOPENBSD_6_0 -Pd</pre><span class="anchor" id="line-189"></span><span class="anchor" id="line-190"></span><p class="line874">Quindi: <span class="anchor" id="line-191"></span><span class="anchor" id="line-192"></span><p class="line867"><span class="anchor" id="line-193"></span><span class="anchor" id="line-194"></span><span class="anchor" id="line-195"></span><span class="anchor" id="line-196"></span><span class="anchor" id="line-197"></span><span class="anchor" id="line-198"></span><span class="anchor" id="line-199"></span><span class="anchor" id="line-200"></span><span class="anchor" id="line-201"></span><span class="anchor" id="line-202"></span><span class="anchor" id="line-203"></span><span class="anchor" id="line-204"></span><span class="anchor" id="line-205"></span><span class="anchor" id="line-206"></span><span class="anchor" id="line-207"></span><span class="anchor" id="line-208"></span><span class="anchor" id="line-209"></span><span class="anchor" id="line-210"></span><pre><span class="anchor" id="line-1-10"></span>cd /sys/arch/i386/conf
<span class="anchor" id="line-2-8"></span>config GENERIC.MP
<span class="anchor" id="line-3-4"></span>cd ../compile/GENERIC.MP
<span class="anchor" id="line-4-3"></span>make clean
<span class="anchor" id="line-5-2"></span>make -j2
<span class="anchor" id="line-6-2"></span>make install
<span class="anchor" id="line-7-2"></span>reboot
<span class="anchor" id="line-8-2"></span>
<span class="anchor" id="line-9-2"></span>umount /usr/obj
<span class="anchor" id="line-10-2"></span>mewfs sd3k
<span class="anchor" id="line-11-2"></span>mount /usr/obj
<span class="anchor" id="line-12-2"></span>cd /usr/src
<span class="anchor" id="line-13-2"></span>make -j2 obj
<span class="anchor" id="line-14-2"></span>cd /usr/src/etc
<span class="anchor" id="line-15-2"></span>env DESTDIR=/ make distrib-dirs
<span class="anchor" id="line-16-1"></span>cd /usr/src
<span class="anchor" id="line-17-1"></span>make -j2 build</pre><span class="anchor" id="line-211"></span><span class="anchor" id="line-212"></span><p class="line867">
<h2 id="Partizione_cifrata">Partizione cifrata</h2>
<span class="anchor" id="line-213"></span><span class="anchor" id="line-214"></span><p class="line874">Il sistema non è totalmente cifrato. Questo permette che in caso di sospensione <span class="anchor" id="line-215"></span>della corrente elettrica o arresti (del sistema) inaspettati può tornare su da <span class="anchor" id="line-216"></span>solo senza intervento dell'utente. <span class="anchor" id="line-217"></span><span class="anchor" id="line-218"></span><p class="line874">Nella partizione cifrata andranno i dati che necessitano un certo livello di <span class="anchor" id="line-219"></span>privacy ma che non impediscono il funzionamento base della rete. <span class="anchor" id="line-220"></span><span class="anchor" id="line-221"></span><p class="line867">
<h3 id="Setup">Setup</h3>
<span class="anchor" id="line-222"></span><span class="anchor" id="line-223"></span><p class="line874">Aggiungere una partizione al mirror sd0: <span class="anchor" id="line-224"></span><span class="anchor" id="line-225"></span><p class="line867"><span class="anchor" id="line-226"></span><span class="anchor" id="line-227"></span><span class="anchor" id="line-228"></span><span class="anchor" id="line-229"></span><span class="anchor" id="line-230"></span><span class="anchor" id="line-231"></span><span class="anchor" id="line-232"></span><span class="anchor" id="line-233"></span><pre><span class="anchor" id="line-1-11"></span>disklabel -E sd3
<span class="anchor" id="line-2-9"></span>&gt; a n
<span class="anchor" id="line-3-5"></span>&gt; offset: [return]
<span class="anchor" id="line-4-4"></span>&gt; size: 4G
<span class="anchor" id="line-5-3"></span>&gt; FS type: RAID
<span class="anchor" id="line-6-3"></span>&gt; w
<span class="anchor" id="line-7-3"></span>&gt; x</pre><span class="anchor" id="line-234"></span><span class="anchor" id="line-235"></span><p class="line874">Inizializzare la partizione cifrata: <span class="anchor" id="line-236"></span><span class="anchor" id="line-237"></span><p class="line867"><span class="anchor" id="line-238"></span><span class="anchor" id="line-239"></span><span class="anchor" id="line-240"></span><span class="anchor" id="line-241"></span><span class="anchor" id="line-242"></span><span class="anchor" id="line-243"></span><span class="anchor" id="line-244"></span><span class="anchor" id="line-245"></span><span class="anchor" id="line-246"></span><span class="anchor" id="line-247"></span><span class="anchor" id="line-248"></span><span class="anchor" id="line-249"></span><span class="anchor" id="line-250"></span><span class="anchor" id="line-251"></span><span class="anchor" id="line-252"></span><span class="anchor" id="line-253"></span><span class="anchor" id="line-254"></span><span class="anchor" id="line-255"></span><span class="anchor" id="line-256"></span><pre><span class="anchor" id="line-1-12"></span>bioctl -c C -l sd3n softraid0
<span class="anchor" id="line-2-10"></span>&gt; passphrase: ****
<span class="anchor" id="line-3-6"></span>
<span class="anchor" id="line-4-5"></span>dd if=/dev/zero of=/dev/rsd4c bs=1m count=1
<span class="anchor" id="line-5-4"></span>fdisk -iy sd4
<span class="anchor" id="line-6-4"></span>
<span class="anchor" id="line-7-4"></span>disklabel -E sd4
<span class="anchor" id="line-8-3"></span>&gt; a a
<span class="anchor" id="line-9-3"></span>&gt; offset: [enter]
<span class="anchor" id="line-10-3"></span>&gt; size: [enter]
<span class="anchor" id="line-11-3"></span>&gt; FS type: [enter]
<span class="anchor" id="line-12-3"></span>&gt; w
<span class="anchor" id="line-13-3"></span>&gt; x
<span class="anchor" id="line-14-3"></span>
<span class="anchor" id="line-15-3"></span>newfs sd4a
<span class="anchor" id="line-16-2"></span>
<span class="anchor" id="line-17-2"></span>mkdir /crypto
<span class="anchor" id="line-18-1"></span>mount /dev/sd4a /crypto</pre><span class="anchor" id="line-257"></span><span class="anchor" id="line-258"></span><p class="line867">
<h3 id="Montare_la_partizione_quasi_automaticamente">Montare la partizione quasi automaticamente</h3>
<span class="anchor" id="line-259"></span><span class="anchor" id="line-260"></span><p class="line862">Lo script <tt class="backtick">/usr/local/bin/crypto_enable.sh</tt> (presente nel <tt class="backtick">PATH</tt>) fa tutto il <span class="anchor" id="line-261"></span>necessario per avere la partizione /crypto accessibile. <span class="anchor" id="line-262"></span><span class="anchor" id="line-263"></span><p class="line862">Se sono installati servizi che hanno bisogno dei dati cifrati essi <strong>non</strong> <span class="anchor" id="line-264"></span>partiranno all'avvio, ma saranno avviati dallo script menzionato poc'anzi. <span class="anchor" id="line-265"></span><span class="anchor" id="line-266"></span><p class="line867">
<h3 id="Smontare_la_partizione">Smontare la partizione</h3>
<span class="anchor" id="line-267"></span><span class="anchor" id="line-268"></span><p class="line874">Il sistema in fase di arresto smonterà tutti i dischi quindi non è davvero <span class="anchor" id="line-269"></span>necessaqrio smontare la partizione e rilasciarla. <span class="anchor" id="line-270"></span><span class="anchor" id="line-271"></span><p class="line874">Tuttavia, al fine documentativo i comandi sono: <span class="anchor" id="line-272"></span><span class="anchor" id="line-273"></span><p class="line867"><span class="anchor" id="line-274"></span><span class="anchor" id="line-275"></span><span class="anchor" id="line-276"></span><pre><span class="anchor" id="line-1-13"></span>umount /crypto
<span class="anchor" id="line-2-11"></span>bioctl -d sd4</pre><span class="anchor" id="line-277"></span><span class="anchor" id="line-278"></span><p class="line867">
<h2 id="Software">Software</h2>
<span class="anchor" id="line-279"></span><span class="anchor" id="line-280"></span><p class="line867">
<h3 id="Configurazione_interfacce_di_rete">Configurazione interfacce di rete</h3>
<span class="anchor" id="line-281"></span><span class="anchor" id="line-282"></span><p class="line874">Le interfacce di rete sono nominate in base al driver in grado di usarle (E.g.: <span class="anchor" id="line-283"></span>le schede Realtek hanno come nome re0, re1, etc; le schede Broadcom Gigabit <span class="anchor" id="line-284"></span>hanno come nome: bge0, bge1, etc.). <span class="anchor" id="line-285"></span><span class="anchor" id="line-286"></span><p class="line874">La loro configurazione va impostata in un file chiamato /etc/hostname.if, dove <span class="anchor" id="line-287"></span>al posto di if va messo il nome dell'interfaccia. Su ogni riga va inserito un <span class="anchor" id="line-288"></span>comando per ifconfig. È possibile eseguire un comando da shell inserendo un <span class="anchor" id="line-289"></span>punto esclamativo all'inizio della riga. <span class="anchor" id="line-290"></span><span class="anchor" id="line-291"></span><p class="line874">Esempio per /etc/hostname.bge0: <span class="anchor" id="line-292"></span><span class="anchor" id="line-293"></span><p class="line867"><span class="anchor" id="line-294"></span><span class="anchor" id="line-295"></span><span class="anchor" id="line-296"></span><span class="anchor" id="line-297"></span><span class="anchor" id="line-298"></span><pre><span class="anchor" id="line-1-14"></span>up
<span class="anchor" id="line-2-12"></span>inet 192.168.1.2 255.255.255.0 192.168.1.255
<span class="anchor" id="line-3-7"></span>description "MACAO network"
<span class="anchor" id="line-4-6"></span>!route add default 192.168.1.1</pre><span class="anchor" id="line-299"></span><span class="anchor" id="line-300"></span><p class="line874">E l'output di ifconfig bge0 sarà: <span class="anchor" id="line-301"></span><span class="anchor" id="line-302"></span><p class="line867"><span class="anchor" id="line-303"></span><span class="anchor" id="line-304"></span><span class="anchor" id="line-305"></span><span class="anchor" id="line-306"></span><span class="anchor" id="line-307"></span><span class="anchor" id="line-308"></span><span class="anchor" id="line-309"></span><span class="anchor" id="line-310"></span><span class="anchor" id="line-311"></span><pre><span class="anchor" id="line-1-15"></span>bge0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
<span class="anchor" id="line-2-13"></span> lladdr 00:00:00:00:00:00
<span class="anchor" id="line-3-8"></span> description: MACAO network
<span class="anchor" id="line-4-7"></span> index 1 priority 0 llprio 3
<span class="anchor" id="line-5-5"></span> groups: egress
<span class="anchor" id="line-6-5"></span> media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
<span class="anchor" id="line-7-5"></span> status: active
<span class="anchor" id="line-8-4"></span> inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255</pre><span class="anchor" id="line-312"></span><span class="anchor" id="line-313"></span><p class="line862">Per applicare le modifiche è sufficiente eseguire il comando <tt class="backtick">sh&nbsp;/etc/netstart</tt>. <span class="anchor" id="line-314"></span><span class="anchor" id="line-315"></span><p class="line867">
<h3 id="Firewall_.28pf.29">Firewall (pf)</h3>
<span class="anchor" id="line-316"></span><span class="anchor" id="line-317"></span><p class="line867"><em>To be done.</em> <span class="anchor" id="line-318"></span><span class="anchor" id="line-319"></span><p class="line867">
<h3 id="DNS_.28unbound.29">DNS (unbound)</h3>
<span class="anchor" id="line-320"></span><span class="anchor" id="line-321"></span><p class="line874">Come quasiquasi tutti i demoni di OpenBSD, unbound è eseguito con privilegi <span class="anchor" id="line-322"></span>minimi all'interno di un chroot (<tt class="backtick">/var/unbound</tt>). La configurazione è reperibile <span class="anchor" id="line-323"></span>quindi in <tt class="backtick">/var/unbound/etc/unbound.conf</tt>. <span class="anchor" id="line-324"></span><span class="anchor" id="line-325"></span><p class="line874">Il server dns è configurato come server dns recursive, caching, validating. Ciò <span class="anchor" id="line-326"></span>significa che è in grado di effettuare richieste per conto dei client che le <span class="anchor" id="line-327"></span>richiedono (attualmente limitato a 127.0.0.1 in attesa della configurazione di <span class="anchor" id="line-328"></span>rete), le tiene in cache per un periodo di 60 minuti e soprattutto verifica <span class="anchor" id="line-329"></span>l'autenticità delle risposte che riceve da altri server DNS usando DNSSEC. Il <span class="anchor" id="line-330"></span>software è configurato per fare prefetch delle query in cache in scadenza. <span class="anchor" id="line-331"></span><span class="anchor" id="line-332"></span><p class="line874">Altre misure di sicurezza implementate sono: non fornire nome e versione del <span class="anchor" id="line-333"></span>software DNS, randomizzare l'alternanza di maiuscole e minuscole nella query per <span class="anchor" id="line-334"></span>evitare DNS spoofing e l'uso esclusivo di DNSSEC per richieste verso l'esterno. <span class="anchor" id="line-335"></span><span class="anchor" id="line-336"></span><p class="line874">Attualmente l'unico server DNS a cui fa riferimento è <span class="anchor" id="line-337"></span><a class="https" href="https://dns.watch/">DNS.watch</a>. <span class="anchor" id="line-338"></span><span class="anchor" id="line-339"></span><p class="line874">Una volta autenticati sulla macchina è possibile usare il comando <span class="anchor" id="line-340"></span>unbound-control per ottenere informazioni sul funzionamento del server DNS. <span class="anchor" id="line-341"></span><span class="anchor" id="line-342"></span><p class="line867">
<h3 id="DHCP">DHCP</h3>
<span class="anchor" id="line-343"></span><span class="anchor" id="line-344"></span><p class="line867"><em>To be done.</em> <span class="anchor" id="line-345"></span><span class="anchor" id="bottom"></span></div>
</div>
<hr>
Ultimo cambiamento: 19-06-2017
</body>
</html>