4:20 PM - i386 packages updated for 1.2
We finally fixed a number of issues with the package build and i386 packages were refreshed.
MidnightBSD Developer Journal
Lists all of the journal entries for the day.
Fri, 3 Jul 2020
4:21 PM - New wiki
We now have a new wiki for MidnightBSD at http://wiki.midnightbsd.org/
4:22 PM - Overriding DNS server changes when dhcp is enabled.
By default, /etc/resolv.conf is updated when DHCP is enabled for an interface. This is useful for WiFi or laptops where you frequently change networks. However, it can be problematic sometimes when different DNS servers are required.
For static IP addresses, this is not modified automatically.
Preventing Automatic Config Changes
Methods to try:
Use a static IP address
Make /etc/resolv.conf immutable
Override the dhclient configuration
Turn off resolvconf
Static IP
Simply edit your /etc/rc.conf and replace DHCP in your ifconfig line with a static IP configuration
Immutable resolv.conf
chflags schg /etc/resolv.conf
Override the dhclient config
place the following in /etc/dhclient.conf, but change the name of the interface as appropriate. This example uses OpenDNS with an Intel Gigabit NIC.
interface "em0" {
supersede domain-name-servers 208.67.222.222,208.67.220.220;
}
You will need to restart the dhclient for changes to take effect.
service dhclient restart em0
Disable resolvconf(8)
Create a file
/etc/resolvconf.conf
Place this in the file
resolv_conf="/dev/null"
resolvconf="NO"
4:23 PM - Enable Duo 2FA for SSH on MidnightBSD
Enabling two factor authentication on MidnightBSD for SSH.
Recently, we added a security/duo port in mports.
When setting up two factor authentication, we recommend using the login duo setup. It's much easier to get going and we noticed some segfaults with the duo pam module.
Steps:
Setup a Duo account
Install the security/duo port. If you only want to use SSHD, you can avoid the SUID port option. However, for testing it can be helpful
Obtain the appropriate API host, skey and ikey and add them to the /usr/local/etc/login_duo.conf file.
Fix the permissions on the login_duo.conf file so that they are 600 and owned by sshd if you are only using with SSHD. if you did choose SUID option in the mport, then own by root.
In the /etc/ssh/sshd_config, you will need to add a line with ForceCommand /usr/local/sbin/login_duo
If you wish to protect all logins, you can leave ForceCommand line global. However, you can also choose to only protect certain users or groups. For instance, if you want to protect the wheel group for admins
Match group wheel ForceCommand /usr/local/sbin/login_duo
Duo also has instructions on setting up on FreeBSD and this works with MidnightBSD as well.
Login Duo https://duo.com/docs/loginduo
PAM https://duo.com/docs/duounix
Using it
When logging into ssh the first time, you'll get an activation link that you'll want to load in a browser. It will walk you through configuring your phone. You'll probably want the duo app installed so you can do push notifications.
After that, you'll see a menu asking if you want a push as you attempt to ssh into a box.
4:24 PM - Setup multicast dns on midnightbsd using mDNSresponder
MidnightBSD includes mDNSresponder in base. You can configure your local machine to access resources on your local network. This can be useful to ssh into Apple Mac systems, etc. This is sometimes called Bonjour.
To see other systems with mdns enabled on your network
Edit /etc/nsswitch.conf and add
mdns
to hosts line. It should read
hosts: files mdns dns
add mdnsd_enable="YES" to /etc/rc.conf
start mdnsd with service mdnsd start
To advertise services on your local machine
Add mdnsresponder_enable="YES" to /etc/rc.conf
create a new file called /etc/mdnsresponder.conf in /etc/
file contents:
# # Example services file parsed by mDNSResponderPosix. # # Lines beginning with '#' are comments/ignored. # Blank lines indicate the end of a service record specification. # The first character of the service name can be a '#' if you escape it with # backslash to distinguish if from a comment line. # ie, "\#serviceName" will be registered as "#serviceName". # Note that any line beginning with white space is considered a blank line. # # The record format is: # ## . # # # # # # Examples shown below. # #serviceName1 #_afpovertcp._tcp. #548 #name=val1 SSH _ssh._tcp. 22 #FTP #_ftp._tcp. #21 #HTTP #_http._tcp. #80 samba _smb._tcp 445 adisk _adisk._tcp 0 dk1=adVN=TimeMachine adVF=0x82 deviceinfo _device-info._tcp 0 model=Xserve
4:25 PM - Migrating from bugzilla to jira
Bug reporting change: We've migrated from bugzilla to Atlassian Jira. URL hasn't changed. Note: we decided not to migrate old bugs. Most were closed or for very old releases. https://bugreport.midnightbsd.org
Please report issues using the new jira to us. File OS bugs in MidnightBSD project (MNBSD), website bugs in WWW project and mports issues in the mports project.
4:26 PM - mport bug
We just discovered a bug with the ca_root_nss port and mport package manager. It seems that the symlink isn't generated correctly in /usr/local/openssl Manual fix for now is cd /usr/local/openssl && ln -s /usr/local/share/certs/ca-root-nss.crt cert.pem This fixes lynx
4:27 PM - Helping out
If you're interested in helping the project, here's a list of ideas http://wiki.midnightbsd.org/display/MD/Ways+to+Contribute… We need translators, website design, documentation, porting apps, etc.