FreeBSD howto examples

How to install a FreeBSD Jail (also known as a FreeBSD VPS). This page was first written using a 6.4 version of freebsd. A Jail on freebsd is the perfect solution for separating services; that is, if one Jail is compromised by an attacker, the rest of the machine will be just fine.

I very much suggest reading: #man jail .The examples section is full of useful information!

I want to create my jail in the directory “/path/myjail” All the files in the jail system will be created inside this directory on my freebsd host system. Making world can take considerable time, so to shorten that time, you can edit your /etc/make.conf and ADD some lines like:

NO_ACPI= true # do not build acpiconf(8) and related programs NO_BLUETOOTH= true # do not build Bluetooth related stuff NO_FORTRAN= true # do not build g77 and related libraries

However, there is NO guarantee that what you leave out will Not be neaded some time in the future. Here, we are assuming you HAVE a /usr/src on your system. If not, go find the tutorial that tells you how to obtain it.

#mkdir  /path/myjail
#cd /usr/src/
#make world DESTDIR=/path/myjail
#make distribution DESTDIR=/path/myjail

In order to start the Jail on boot, in your Host system /etc/rc.conf you must have something like:

syslogd_flags="-ss"
ifconfig_em0="inet 192.168.1.5  netmask 255.255.255.0"  # the HOSTS ip address
defaultrouter="192.168.1.1"                            
ifconfig_em0_alias0="inet 192.168.1.10 netmask 255.255.255.0"  #an ALIAS for the jail
 
jail_enable="YES"
jail_interface="em0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_list="myjail"         #this can be: "myjail myotherjail thirdjail"

jail_myjail_rootdir="/path/myjail"          #NOTE how the setting is jail_MY-JAIL_..
jail_myjail_hostname="myjail.example.com"   #this jail's hostname
jail_myjail_ip="192.168.1.10"                #same as the alias above
jail_myjail_exec_start="/bin/sh /etc/rc"
jail_myjail_devfs_enable="YES"
jail_myjail_devfs_ruleset="devfsrules_jail"  #im not sure what this is for
jail_socket_unixiproute_only="YES"

In the JAIL’s /etc/rc.conf : (which would be /path/to/myjail/etc/rc.conf)

#ee /etc/rc.conf


hostname="myjail.example.com"
ifconfig_em0="inet 192.168.1.10 netmask 255.255.255.0"
defaultrouter="192.168.1.1"


rpcbind_enable="NO"
sshd_enable="YES"

syslogd_flags="-ss"
sendmail_enable="NONE"

In order for JAILS to work, on the Host system there MUST Not be any daemon listening on * (all interfaces). To see if there is any use

#netstat -an 
or 
#sockstat

Personally I had syslogd, sshd and mysqld listening on :*. For syslogd the fix is to set the “-ss” in /etc/rc.conf (on the host). For sshd you must edit /etc/ssh/sshd_config

ListenAddress 192.168.1.5

1. /etc/rc.d/sshd restart

For mysql you must edit my.cnf and add

bind-address=192.168.1.5

I could NOT add more than ONE address which made my a little furious with mysql. You could also have sendmail listnening, I didnt.

To list running jails you can use : (here it is showing one jail running)

# jls 
  JID  IP Address      Hostname                      Path
     1  192.168.1.10  myjail-hostname             /path/to/myjail
#jls -v
   JID  Hostname                      Path
        Name                          State
        CPUSetID
        IP Address(es)
     2  subdomain.domain.com             /date/path
                                      ALIVE
        3
        192.x.x.39
        192.x.x.33
        192.x.x.34
        192.x.x.35

In order for jails to work, they need some special filesystems mounted:

#mount -t devfs devfs  /path/myjail/dev
#mount -t procfs procfs  /path/myjail/proc
#df -h
 Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/da0s1a    7.6G    6.5G    465M    93%    /
devfs          1.0K    1.0K      0B   100%    /dev
devfs          1.0K    1.0K      0B   100%    /path/myjail/dev
procfs         4.0K    4.0K      0B   100%    /path/myjail/proc

To start or stop a jail : (myjail is the name from the list in rc.conf)

1. /etc/rc.d/jail start myjail

or

1. /etc/rc.d/jail stop myjail

NOTE: if you want to SSH into your jail, you might want to PERMITROOTlogin yes, but watch out for security.

In the Jail you need to:

1. touch /etc/fstab

and copy /etc/resolv.conf

You can execute commands in the JAIL from the HOST system using jexec:

1. jexec 1 passwd

1 is the JID of the jail(from jls), and passwd is the command to Change the root password in the JAIL !

You can start a jail manually with:

1. jail /path/myjail myjail.example.com 192.168.1.10 /bin/sh

Once INSIDE the jail do:

1. /bin/sh /etc/rc

To install stuff you need: (in the HOST)

mount_nullfs /usr/ports  /path/myjail/usr/ports
mount_nullfs /usr/src    /path/myjail/usr/src

If you need to use ping inside jail, you must set sysctl security.jail.allow_raw_sockets=1 (add security.jail.allow_raw_sockets=1 in hosts sysctl.conf).

sysctl -a | grep jail

To delete a jail you need to check if the immutable bit is set on files in the jail (which appears to be the case in the jail /lib)

/path/myjail/lib#ls -lo
-r--r--r--  1 root  wheel  schg 1184384 Sep  6 18:05 libc.so.7
-r--r--r--  1 root  wheel  -     102024 Sep  6 18:06 libcam.so.4
-r--r--r--  1 root  wheel  schg   33008 Sep  6 18:06 libcrypt.so.4

libc.so.7 ans libcrypt have the immbutable bit set
to delete these files you must remove the bit first

/path/myjail#chflags -R noschg *
The combination "no"+flags_name turns off the flag. There are more flags:

The flags are specified as an octal number or a comma separated list of
     keywords.	The following keywords are currently defined:

	   arch    set the archived flag (super-user only)
	   opaque  set the opaque flag (owner or super-user only)
	   nodump  set the nodump flag (owner or super-user only)
	   sappnd  set the system append-only flag (super-user only)
	   schg    set the system immutable flag (super-user only)
	   sunlnk  set the system undeletable flag (super-user only)
	   uappnd  set the user append-only flag (owner or super-user only)
	   uchg    set the user immutable flag (owner or super-user only)
	   uunlnk  set the user undeletable flag (owner or super-user only)

Cool links related: http://en.jnlin.org/2008/06/07/12/

http://www.freebsd.org/doc/en/books/handbook/jails-build.html

http://www.openaddict.com/node/36

http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail

http://wiki.freebsd.org/Jails

http://blog.innerewut.de/2005/08/25/freebsd-jails



To view how much disk IO each process is creating :

# top -m io

-m display          Display either 'cpu' or 'io' statistics.  Default is 'cpu'.

 # freecolor -m

Physical  : [#################..................] 50%  (250/499)

Swap      : [###################################] 100%

 # grep -i cpu /var/run/dmesg.boot



CPU: Dual-Core AMD Opteron(tm) Processor 2210 (1794.65-MHz K8-class CPU)

FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs

 cpu0 (BSP): APIC ID:  0

 cpu1 (AP): APIC ID:  1

cpu0:  on acpi0

acpi_throttle0:  on cpu0

powernow0:  on cpu0

cpu1:  on acpi0

acpi_throttle1:  on cpu1

powernow1:  on cpu1

SMP: AP CPU #1 Launched!

cpu_reset: Stopping other CPUs

.....

...

tar xf foo.tar.bz2  or .gz

tar -xzf /mnt/vmware-freebsd-tools.tar.gz -C /tmp

 #shutdown -p now

pfctl -e

pfctl -f /etc/pf.conf

pfctl -v -v -s rules

pfctl -t nume-tabel -vTshow

pfctl -vvsTables

#ipfw show

#kldstat

  defaultrouter="192.168.1.1"  

route add default 192.168.1.1

root@bsd ~#/etc/rc.d/routing restart

default              192.168.1.1       done

add net default: gateway 192.168.1.1

Additional routing options:.

root@bsd ~# netstat -rn

 # route delete default 192.168.x.x

delete net default: gateway 192.168.x.x

      #route add default 192.168.z.z

add net default: gateway 192.168.z.z

.....

...

Added group "quagga".

Added user "quagga".

===>     installing quagga startup file...

Add the following lines to /etc/rc.conf to enable quagga:

defaultrouter="NO"

quagga_enable="YES"



Also, you may wish to set the following options:

quagga_daemons="zebra bgpd etc..."

quagga_flags="...."

quagga_extralibs_path="/path1 /path2"

router_enable="NO"

watchquagga_enable="YES"

watchquagga_flags="..."



Note!!! Since 0.96.4_5 port uses new id for quagga user and group.

        So, You need to manually chown files:

        in /usr/local/etc/quagga

        and /var/run/quagga

        if You had never do this before. Or run

        make changeuser

mysqladmin -u root password NEW-PASSWORD

or

mysqld_safe --skip-grant-tables &

mysql> use mysql;

mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';

mysql> flush privileges;

touch /etc/COPYRIGHT

#apachectl start

[Thu Jul 09 11:28:01 2009] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter

accf_http_load="YES" >> /boot/loader.conf

mysql -uroot -p

mysql> FLUSH LOGS;

mysql> RESET MASTER;

D:\cygwin\bin>ssh -R localhost:7869:localhost:7869 root@sshdserver

#ls -li

807916 -rw-r--r--   1 root  wheel   1840 Nov 12 20:41 .htaccess

#find ./ -inum 807916

./.htaccess

#pw userdel

#pw useradd help

to get help



-n name        login name

-u uid         user id

-c comment     user name/comment

-d directory   home directory

-g grp         initial group

-G grp1,grp2   additional groups

-m [ -k dir ]  create and set up home

-s shell       name of login shell



#pw useradd -n amavisscan -c iuzerpentruamavisd -d /var/amavisd -g amavisscan -m

#passwd amavisscan

(i added a swapfile as shown freebsd.org/doc/en_US.ISO8859-1/books/handbook/adding-swap-space.html)

#swapinfo -m

Device          1M-blocks     Used    Avail Capacity

/dev/da0s1b           189        0      189     0%

/dev/md0             1024        0     1024     0%

Total                1213        0     1213     0%

(the new one that wasnt there before is /dev/md0)

(did this because i was getting: swap_pager_getswapspace(5): failed

pid 66554 (mysqld), uid 88, was killed: out of swap space             )

#ln -s /path/to/existingfile  linkname

#unlink link

#ln /path/to/existingfile /path/to/link

If you do this and type make in the command line (which in BSD obviously means BSD make) then make will do nothing since it will not “see” GNUmakefile. So, you must issue the command gmake and GNUmake will check for the existance of the GNUmakefile file (first, so i think even if Makefile exists it does Not have precedence)

#file main.bin

main.bin: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD),

 for FreeBSD 6.4, dynamically linked (uses shared libs), FreeBSD-style, not stripped

#mdconfig -a -t vnode -f /stuff/freebsd.iso -u 0
#mkdir /mnt/iso
#mount -t cd9660 /dev/md0 /mnt/iso
#cp vmware-freebsd-tools.tar.gz /stuff/
#untar..
Install freebsd6 compat from  ports/ports/misc/compat6x
/usr# porteasy -u misc/compat6x
#cd ports/misc/compat6x ; make install clean
#ln -s /usr/local/lib/compat/libc.so.6 /lib
(it looks for it there)
And finally
~/vmware-tools-distrib#./vmware-install.pl
just say yes to the defaults

http://www.vmadmin.co.uk/resources/35-esxserver

defaultrouter="192.168.0.1"

hostname="Server"
ifconfig_em0="inet 192.168.0.5 netmask 255.255.255.0"
ifconfig_em0_alias0="inet 192.168.9.5 netmask 255.255.254.0"
gateway_enable="YES"
#ifconfig_bge0="DHCP"

sshd_enable="YES"

mysql_enable="YES"
apache22_enable="YES"
pureftpd_enable="YES"

# ipfw firewall
firewall_enable="YES"
firewall_script="/path/to/ipfw.firewall.script"
firewall_type="open"
firewall_quiet="NO"
firewall_logging="YES"
firewall_flags=""

#pf firewall
#pf_enable="YES"
#pf_rules="/etc/pf.conf"
#pflog_enable="YES"
#pflog_logfile="/var/log/pflog"
pf_flags=""
pflog_flags=""


syslogd_enable="YES"
syslogd_flags="-ss"
accounting_enable="YES"
clear_tmp_enable="YES"
update_motd="NO"


ntpdate_enable="YES"
ntpdate_hosts=" en .pool.ntp.org"

ext_if="em0"
int_if="em1"
bsdmic="192.168.2.2"
calc2="192.168.2.3"
localnet=$int_if:network

table <tabel> { 194.102.255.9/32, 91.189.88.39/32 }



altq on $int_if hfsc bandwidth 1024Kb queue { DOWNLOAD, DOWNLOAD_tabel, other }
altq on $ext_if hfsc bandwidth 512Kb queue { UPLOAD, UPLOAD_tabel,    otherupload }


queue UPLOAD           bandwidth 32Kb priority 0 hfsc (upperlimit 256Kb)
queue UPLOAD_tabel     bandwidth 32Kb priority 0 hfsc (upperlimit 64Kb)
queue otherupload bandwidth 10% priority 1 hfsc (default upperlimit 500Kb)


queue DOWNLOAD        bandwidth 64Kb priority 0 hfsc (upperlimit 512Kb)
queue DOWNLOAD_tabel  bandwidth 32Kb priority 2 hfsc (upperlimit 128Kb)
queue other           bandwidth 10% priority 1 hfsc (default upperlimit 1000Kb)



rdr on $ext_if proto tcp from any to $ext_if port 80 tag throttled_traf  -> 192.168.2.2/32

nat on $ext_if from 192.168.2.2 to <tabel>       tag  tabel       -> ($ext_if)
nat on $ext_if from 192.168.2.2 to any      tag throttled_traf       -> ($ext_if)

pass proto tcp from any to 192.168.2.2/32 port 80  tag throttled_traf            synproxy state



# UPLOAD
pass out  on $ext_if  from any to  any    tagged throttled_traf  flags S/SA   \
    modulate  state        queue (UPLOAD)
pass out  on $ext_if  from any to  any    tagged tabel  flags S/SA   \
    modulate  state        queue (UPLOAD_tabel)

# DownLoad
pass out on $int_if from any   to 192.168.2.2     tagged tabel   modulate  state   queue DOWNLOAD_tabel

pass out on $int_if from  any to  192.168.2.2    tagged throttled_traf  modulate state        queue DOWNLOAD

EXT_NIC="em0"
porturi_allow_eu ="{22, 3306, 80}"

table <dinamice> persist file "/root/dinamicDNS/hosturi.rezolvate"


#scrub in on $EXT_NIC all fragment reassemble
#scrub out on $EXT_NIC all fragment reassemble random-id no-df




pass out quick on $EXT_NIC proto { tcp, udp }  from $EXT_NIC  to any port { 80, 22 }  modulate state

pass in  quick    on $EXT_NIC proto tcp   from <dinamice> to any port $porturi_allow_eu
#block in  quick    on $EXT_NIC proto tcp   from any to any port $porturi_allow_eu


pass in log all keep state
pass out log all keep state

I dont like to have the ENTIRE ports tree in my /usr/ports. For those like me, read “Hack 82 Build a Port Without the Ports Tree” from Dru Lavignes book “BSD Hacks”.

I use a very simple tool to install applications from ports on my FreeBSD machine.
It is called porteasy. (really is easy). It is located at /usr/ports/ports-mgmt/porteasy http://www.freebsd.org/cgi/cvsweb.cgi/ports/ports-mgmt/porteasy/

#  pkg_add -r porteasy
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.4-release/Latest/porteasy.tbz... Done.
#  pkg_info | grep porte
porteasy-2.8.4      A tool for fetching and building ports

From man porteasy (read it pls):

    The port names listed on the command line may be either unqualified or
    fully qualified.  A fully qualified port name is the path to the port
    directory relative to the root of the ports tree (i.e. the port's cate-
    gory and name separated by a slash).  An unqualified port name is the
    name of the package built by the intended port, or part of that name.

    Unqualified names need to be looked up in the ports index, which is usu-
    ally slightly out of date, so fully qualified names should be used when-
    ever possible.

How to connect to an anonymous cvs server

To add an anonymous cvs server as an environment variable (there is a list to pick from, but sometimes some dont work :( ): http://www.freebsd.org/doc/en/books/handbook/anoncvs.html (this is for bash shells, if you use csh you use setenv CVSROOT blablabla)

#export CVSROOT=:pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs
#touch /root/.cvspass
#cvs login
(password is anoncvs)   

To add an anonymous cvs server as an environment variable (there is a list to pick from, but sometimes some dont work :( ): http://www.freebsd.org/doc/en/books/handbook/anoncvs.html (this is for bash shells, if you use csh you use setenv CVSROOT blablabla)

1. export CVSROOT=:pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs
2. touch /root/.cvspass
3. cvs login

(password is anoncvs)

” Let’s assume you have a minimum install and don’t have an existing /usr/ports directory structure. To install a port, you need the Mk and Templates directories as well as the port’s Makefile. Use the cvs checkout command to retrieve the necessary files from the CVS server: ”

To “check out a ports skeleton” :

# cd /usr
# cvs checkout -A -P -l ports/Mk

cvs checkout: Updating ports/Mk U ports/Mk/bsd.apache.mk U ports/Mk/bsd.autotools.mk U ports/Mk/bsd.cmake.mk …….some 41 lines….. U ports/Mk/bsd.xfce.mk U ports/Mk/bsd.xorg.mk

1. cvs checkout -A -P -l ports/Templates

U ports/Templates/BSD.local.dist U ports/Templates/README.category U ports/Templates/README.port U ports/Templates/README.top U ports/Templates/config.guess U ports/Templates/config.sub

The book also describes how to find each ports dependencies. Go read the book!

To install a port with porteasy :

1. cd /usr
2. porteasy -u shells/bash

This will retirieve the e2fsprogs port AND its dependencies. (Sometimes not ALL dependencies are downloaded so you may have to do porteasy -u some-dependency) Now you can :

1. cd /usr/ports/sysutils/e2fsprogs (OR WHATEVER PORT)
2. make install

You can install porteasy with porteasy :))

1. cd /usr

/usr# porteasy -u ports-mgmt/porteasy ? INDEX-6 ? INDEX-6.bz2 P UPDATING U ports-mgmt/Makefile U porteasy/Makefile U porteasy/pkg-descr U porteasy/pkg-plist U porteasy/src/porteasy.8 U porteasy/src/porteasy.pl P lang/Makefile P perl5.8/Makefile U perl5.8/files/patch-bug64562

This will create the ports-mgmt directory in /usr/ports. Now install:

1. cd /usr/ports/ports-mgmt/porteasy
2. make

===> Extracting for porteasy-2.8.4 ===> porteasy-2.8.4 depends on file: /usr/local/bin/perl5.8.8 – found ===> Patching for porteasy-2.8.4 ===> porteasy-2.8.4 depends on file: /usr/local/bin/perl5.8.8 – found

1. make install

===> Installing for porteasy-2.8.4 ===> porteasy-2.8.4 depends on file: /usr/local/bin/perl5.8.8 – found ===> Generating temporary packing list ===> Checking if ports-mgmt/porteasy already installed ===> Compressing manual pages for porteasy-2.8.4 ===> Registering installation for porteasy-2.8.4

porteasy -Iu should update all ports(?)

To update the sources of your FreeBSD system you can use cvsup. You can install cvsup using porteasy from ports from /usr/ports/net/cvsup-without-gui.

/usr # porteasy -u net/cvsup-without-gui  

To use cvsup you need a configuration file called a supfile. This file configures WHAT you want to update. A supfile that updates the sources of your system to FreeBSD 6.4  :

• default host=cvsup.at.FreeBSD.org
• default base=/usr/local/etc/cvsup
• default prefix=/usr
• default release=cvs tag=RELENG_6_4
• default delete use-rel-suffix
• default compress

src-all

1. mkdir /usr/local/etc/cvsup
2. cvsup -L2 -g /path/to/supfile

… .. .

/usr/src/sys/amd64/conf

ident XXX device pf device pflog device pfsync options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build

1. cd /usr/src/
2. make buildworld
3. make buildkernel KERNCONF=myKERNEL
4. make installkernel KERNCONF=myKERNEL

shutdown -r now mount -a -t ufs mergemaster -p

cd /usr/src
make installworld

mergemaster -i

“ Let’s assume you have a minimum install and don’t have an existing /usr/ports directory structure. To install a port, you need the Mk and Templates directories as well as the port’s Makefile. Use the cvs checkout command to retrieve the necessary files from the CVS server: ”

To “check out a ports skeleton” :

 # cd /usr
 # cvs checkout -A -P -l ports/Mk

cvs checkout: Updating ports/Mk
U ports/Mk/bsd.apache.mk
U ports/Mk/bsd.autotools.mk
U ports/Mk/bsd.cmake.mk
.......some 41 lines.....
U ports/Mk/bsd.xfce.mk
U ports/Mk/bsd.xorg.mk

# cvs checkout -A -P -l ports/Templates

U ports/Templates/BSD.local.dist
U ports/Templates/README.category
U ports/Templates/README.port
U ports/Templates/README.top
U ports/Templates/config.guess
U ports/Templates/config.sub

The book also describes how to find each ports dependencies. Go read the book!

To install a port with porteasy :

# cd /usr 
# porteasy -u shells/bash

This will retirieve the e2fsprogs port AND its dependencies. (Sometimes not ALL dependencies are downloaded so you may have to do porteasy -u some-dependency) Now you can :

# cd /usr/ports/sysutils/e2fsprogs      (OR WHATEVER PORT)
#make install 

You can install porteasy with porteasy :))

#cd /usr
/usr#   porteasy -u ports-mgmt/porteasy
? INDEX-6
? INDEX-6.bz2
P UPDATING
U ports-mgmt/Makefile
U porteasy/Makefile
U porteasy/pkg-descr
U porteasy/pkg-plist
U porteasy/src/porteasy.8
U porteasy/src/porteasy.pl
P lang/Makefile
P perl5.8/Makefile
U perl5.8/files/patch-bug64562

This will create the ports-mgmt directory in /usr/ports. Now install:

# cd /usr/ports/ports-mgmt/porteasy
#make
===>  Extracting for porteasy-2.8.4
===>   porteasy-2.8.4 depends on file: /usr/local/bin/perl5.8.8 - found
===>  Patching for porteasy-2.8.4
===>   porteasy-2.8.4 depends on file: /usr/local/bin/perl5.8.8 - found
#make install
===>  Installing for porteasy-2.8.4
===>   porteasy-2.8.4 depends on file: /usr/local/bin/perl5.8.8 - found
===>   Generating temporary packing list
===>  Checking if ports-mgmt/porteasy already installed
===>   Compressing manual pages for porteasy-2.8.4
===>   Registering installation for porteasy-2.8.4

porteasy -Iu should update all ports(?)

Go buy http://www.amazon.com/BSD-Hacks-Dru-Lavigne/dp/0596006799 lots of cool stuff from Dru Lavigne!

 From   http://www.faqs.org/docs/Linux-mini/Linux+FreeBSD.html#ss2.1  :

FreeBSD needs one of the four entries in the partition table on your PC's hard drive. This primary 
partition is called a ``slice'' in FreeBSD terminology. It then uses the disklabel program to make up 
to eight partitions in this primary partition. These logical partitions are called ``partitions'' in 
FreeBSD terminology. This concept is similar to the way Linux (and DOS) handles logical partitions in 
an extended partition. You cannot install FreeBSD in an extended partition made by Linux (or DOS). 
Note that the Linux fdisk program doesn't display the BSD partitions in a FreeBSD slice from the main 
menu, but it can display BSD disklabel information if you give the command `b'. 

root@bsd ~#cat /var/run/dmesg.boot
ad0: 15360MB <VBOX HARDDISK 1.0> at ata0-master UDMA33
ad1: 3686MB <VBOX HARDDISK 1.0> at ata0-slave UDMA33
acd0: DVDROM <VBOX CD-ROM/1.0> at ata1-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a

     #df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1a    9.7G    2.8G    6.1G    31%    /
devfs          1.0K    1.0K      0B   100%    /dev

#fdisk -BI /dev/ad1

******* Working on device /dev/ad1 *******
fdisk: invalid fdisk partition table found
fdisk: Geom not found

    bsdlabel -w [-An] [-m machine] disk [type]

#bsdlabel -B -w ad1s1 auto

   #bsdlabel -e ad1s1

# /dev/ad1s1:
8 partitions:
#        size   offset    fstype   [fsize bsize bps/cpg]
  a:  7548833       16    unused        0     0
  c:  7548849        0    unused        0     0         # "raw" part, don't edit

Nota bene: `a' designates the root partition, `b' designates the swap partition, 
while `c' designates the whole slice.

#newfs /dev/ad1s1a

/dev/ad1s1a: 3686.0MB (7548832 sectors) block size 16384, fragment size 2048
        using 21 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 160, 376512, 752864, 1129216, 1505568, 1881920, 2258272, 2634624, 3010976, 3387328, 3763680,
 4140032, 4516384, 4892736, 5269088, 5645440, 6021792, 6398144, 6774496, 7150848, 7527200


#bsdlabel -e ad1s1

  GNU nano 2.0.8                File: /tmp/EdDk.GB2qRYLFv4

# /dev/ad1s1:
8 partitions:
#        size   offset    fstype   [fsize bsize bps/cpg]
  a:  7548833       16    4.2BSD     2048 16384 28552
  c:  7548849        0    unused        0     0         # "raw" part, don't edit

   
#mount /dev/ad1s1a  /path/to/mount/point

#df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ad0s1a    9.7G    2.8G    6.1G    31%    /
devfs          1.0K    1.0K      0B   100%    /dev
/dev/ad1s1a    3.5G    6.0K    3.2G     0%    /hdd1

 #umount /hdd1

mount -r -t ufs -o ufstype=ufs2 /dev/hdb5 /mnt 

   #cd /usr/ports/www/awstats
   #make install
   #cp -R /usr/ports/www/awstats/work/awstats-6.9/ /usr/local/etc/awstats   (??)
   #/usr/local/etc/awstats/tools/configure.pl  (necesar?)

I suggest you TRY to add the following in the vhosts.conf file. Perhaps in a virtual host ???


  Add 'Alias /awstatsclasses "/usr/local/etc/awstats/wwwroot/classes/"'
  Add 'Alias /awstatscss "/usr/local/etc/awstats/wwwroot/css/"'
  Add 'Alias /awstatsicons "/usr/local/etc/awstats/wwwroot/icon/"'
  Add 'ScriptAlias /awstats/ "/usr/local/etc/awstats/wwwroot/cgi-bin/"'
  Add '<Directory>' directive
  AWStats directives added to Apache config file.

   (answer yes to generate a New config file)

   # cd /etc/awstats      ( the generated config file )

   # ee awstats.www.example.com.conf

  # crontab -e
1 * * * *  /usr/local/etc/awstats/wwwroot/cgi-bin/awstats.pl  -config=www.website.com
  # mkdir /var/log/awstats
  # /usr/local/www/awstats/cgi-bin/awstats.pl -config=www.website.com    2>&1 > /dev/null

or  >/dev/null 2>&1 (dunno yet which is better)

#crontab -e

#export EDITOR=/usr/bin/ee

#whereis nano
nano: /usr/local/bin/nano /usr/local/man/man1/nano.1.gz
#export EDITOR=/usr/local/bin/nano
#echo $EDITOR
/usr/local/bin/nano
.
.
.

VEARY USEFUL tool. You can view multiple logs(files) at once on the same screen.
Install multitail from ports:

# cd /usr
/usr#porteasy -u sysutils/multitail
.
.
.
/usr#cd ports/sysutils/
/usr/ports/sysutils#d
./ ../ CVS/ Makefile multitail/ php5-posix/
#cd multitail
#make install

and use:
#multitail -f path.log other.log
And now you can watch multiple logs AT ONCE on the same terminal screen.It creates multiple windows on your console (with ncurses).