-
Notifications
You must be signed in to change notification settings - Fork 30
Sample Installation
Soner Tari edited this page Aug 12, 2021
·
1 revision
This is the output of a sample installation on a Raspberry Pi 4 Model B, with a USB wifi adapter based on the RTL8192EU chipset.
The installation img file for the arm64 arch contains all the required drivers. So, if you use the same hardware and install UTMFW as follows, you should be able to obtain a working UTMFW.
Welcome to the OpenBSD/arm64 6.9 installation program.
(I)nstall or (S)hell? i
At any prompt except password prompts you can escape to a shell by
typing '!'. Default answers are shown in []'s and are selected by
pressing RETURN. You can exit this program at any time by pressing
Control-C, but this can leave your system in an inconsistent state.
Terminal type? [vt220]
System hostname? (short form, e.g. 'foo') utmfw
Available network interfaces are: bse0 bwfm0 urtwn0 vlan0.
Which network interface do you wish to configure? (or 'done') [bse0] urtwn0
Access point? (ESSID, 'any', list# or '?') [any] myap
Security protocol? (O)pen, (W)EP, WPA-(P)SK [O] P
WPA passphrase? (will echo) extifpassphrase
IPv4 address for urtwn0? (or 'dhcp' or 'none') [dhcp]
urtwn0: 192.168.1.2 lease accepted from 192.168.1.1 (xx:xx:xx:xx:xx:xx)
IPv6 address for urtwn0? (or 'autoconf' or 'none') [none]
Available network interfaces are: bse0 bwfm0 urtwn0 vlan0.
Which network interface do you wish to configure? (or 'done') [bse0] bwfm0
ifconfig: SIOCS80211NWKEY: Operation not supported by device
Access point? (ESSID, 'any', list# or '?') [any] utmfw
Security protocol? (O)pen, (W)EP, WPA-(P)SK [O] P
WPA passphrase? (will echo) intifpassphrase
Symbolic (host) name for bwfm0? [utmfw]
IPv4 address for bwfm0? (or 'dhcp' or 'none') [dhcp] 192.168.0.1
Netmask for bwfm0? [255.255.255.0]
IPv6 address for bwfm0? (or 'autoconf' or 'none') [none]
Available network interfaces are: bse0 bwfm0 urtwn0 vlan0.
Which network interface do you wish to configure? (or 'done') [done]
DNS domain name? (e.g. 'example.com') [my.domain] comixwall.org
DNS nameservers? (IP address list or 'none') [192.168.1.1]
Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes]
Since no user was setup, root logins via sshd(8) might be useful.
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] yes
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0]
Disk: sd0 geometry: 3880/255/63 [62333952 Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
-------------------------------------------------------------------------------
*0: 0C 2 10 9 - 4 20 16 [ 32768: 32768 ] FAT32L
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
3: A6 4 20 17 - 3880 27 51 [ 65536: 62268416 ] OpenBSD
Use (W)hole disk or (E)dit the MBR? [whole]
Creating a msdos partition and an OpenBSD partition for rest of sd0...done.
/dev/rsd0i: 32668 sectors in 8167 FAT16 clusters (2048 bytes/cluster)
bps=512 spc=4 res=1 nft=2 rde=512 mid=0xf8 spf=32 spt=63 hds=255 hid=32768 bsec=32768
The auto-allocated layout for sd0 is:
# size offset fstype [fsize bsize cpg]
a: 2048.0M 65536 4.2BSD 2048 16384 1 # /
b: 7869.1M 4259840 swap
c: 30436.5M 0 unused
d: 1664.2M 20375808 4.2BSD 2048 16384 1 # /tmp
e: 6156.9M 23784096 4.2BSD 2048 16384 1 # /usr
f: 12666.3M 36393408 4.2BSD 2048 16384 1 # /var
i: 16.0M 32768 MSDOS
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
/dev/rsd0a: 2048.0MB in 4194304 sectors of 512 bytes
11 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd0d: 1664.2MB in 3408288 sectors of 512 bytes
9 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd0e: 6156.9MB in 12609312 sectors of 512 bytes
31 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd0f: 12666.3MB in 28630544 sectors of 512 bytes
63 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
Available disks are: sd1.
Which disk do you wish to initialize? (or 'done') [done]
/dev/sd0a (2c4868064ab16295.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd0d (2c4868064ab16295.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0e (2c4868064ab16295.e) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
/dev/sd0f (2c4868064ab16295.f) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
Let's install the sets!
Location of sets? (disk http nfs or 'done') [http] disk
Is the disk partition already mounted? [yes] no
Available disks are: sd0 sd1.
Which disk contains the install media? (or 'done') [sd1]
a: 1366720 49152 4.2BSD 2048 16384 16174
i: 16384 32768 MSDOS
Available sd1 partitions are: a i.
Which sd1 partition has the install sets? (or 'done') [a]
Pathname to the sets? (or 'done') [6.9/arm64]
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
[X] bsd [X] bsd.rd [X] man69.tgz [X] xfont69.tgz
[X] bsd.mp [X] base69.tgz [X] xbase69.tgz [X] site69.tgz
Set name(s)? (or 'abort' or 'done') [done]
Verifying SHA256.sig 100% |**************************| 917 00:00
Signature Verified
Verifying bsd 100% |**************************| 13338 KB 00:00
Verifying bsd.mp 100% |**************************| 13409 KB 00:00
Verifying bsd.rd 100% |**************************| 16958 KB 00:01
Verifying base69.tgz 100% |**************************| 219 MB 00:14
Verifying man69.tgz 100% |**************************| 7561 KB 00:00
Verifying xbase69.tgz 100% |**************************| 2051 KB 00:00
Verifying xfont69.tgz 100% |**************************| 203 KB 00:00
Verifying site69.tgz 100% |**************************| 441 KB 00:00
Installing bsd 100% |**************************| 13338 KB 00:01
Installing bsd.mp 100% |**************************| 13409 KB 00:01
Installing bsd.rd 100% |**************************| 16958 KB 00:02
Installing base69.tgz 100% |**************************| 219 MB 01:08
Extracting etc.tgz 100% |**************************| 254 KB 00:00
Installing man69.tgz 100% |**************************| 7561 KB 00:07
Installing xbase69.tgz 100% |**************************| 2051 KB 00:00
Extracting xetc.tgz 100% |**************************| 7103 00:00
Installing xfont69.tgz 100% |**************************| 203 KB 00:00
Installing site69.tgz 100% |**************************| 441 KB 00:00
Location of sets? (disk http nfs or 'done') [done]
What timezone are you in? ('?' for list) [Canada/Mountain] Turkey
Saving configuration files... done.
Making all device nodes... done.
Multiprocessor machine; using bsd.mp instead of bsd.
Relinking to create unique kernel... done.
Welcome to the UTMFW install program.
This program will help you install UTMFW. Default answers are shown
in []'s and are selected by pressing RETURN. At any time you can exit this
program by pressing Control-C, but exiting during an install can leave your
system in an inconsistent state.
IS YOUR DATA BACKED UP? As with anything that modifies disk contents, this
program can cause SIGNIFICANT data loss.
Proceed with install? [yes]
After install completes, full logs can be found at:
/root/utmfw69_arm64_install.log
Let's install the packages!
Location of packages? (cd disk ftp http nfs or 'done') [cd] disk
Is the disk partition already mounted? [no]
Available disks are: sd0 sd1.
Which one contains the install media? (or 'done') [sd0] sd1
a: 1366720 49152 4.2BSD 2048 16384 16174
i: 16384 32768 MSDOS
Available sd1 partitions are: a i.
Which one has the install sets? (or 'done') [a]
Pathname to the packages? (or 'done') [packages]
Select packages by entering a package file name (shown in parentheses),
a file name pattern or 'all'. De-select packages by prepending
a '-' to the package name, file name pattern or 'all'. Selected
packages are labelled '[X]'.
[X] DNS Forwarder -> (dnsmasq-2.85.tgz)
[X] SSL Proxy -> (sslproxy-0.8.3.tgz)
[X] Virus Scanner -> (clamav-0.103.2.tgz)
[X] Virus Database -> (clamavdb.tar.gz)
[X] SPAM Scanner -> (p5-Mail-SpamAssassin-3.4.5.tgz)
[X] POP3 Proxy -> (p3scan-2.3.2.tgz)
[X] SMTP Proxy -> (smtp-gated-1.4.20.0.tgz)
[X] Web Filter -> (e2guardian-5.3.5.tgz)
[X] Web Filter Blacklists -> (blacklists.tar.gz)
[X] IDP: IDS and Inline IPS -> (snort-2.9.17.1.tgz)
[X] IDP Rules -> (snortrules.tar.gz)
[X] Passive IPS -> (snortips-6.2.2.tgz)
[X] IM Proxy -> (imspector-0.9.tgz)
[X] OpenVPN -> (openvpn-2.5.1.tgz)
[X] SOCKS Proxy -> (dante-1.4.2p0.tgz)
[X] System Monitoring -> (symon-2.88p6.tgz)
[X] Network Monitoring -> (pmacct-1.7.6.tgz)
[X] System Statistics -> (collectd-5.12.0p0.tgz)
[X] Packet Filter Monitoring -> (pftop-0.7p19.tgz)
[X] PHP -> (php-8.0.3.tgz)
[X] Web Administration Interface -> (utmfw-webif-6.9.tar.gz)
[X] Configuration Files -> (utmfw-config-6.9.tar.gz)
Package name? (or 'done') [done]
Ready to install packages? [yes]
Installing dnsmasq-2.85.tgz ...
The following new rcscripts were installed: /etc/rc.d/dnsmasq
See rcctl(8) for details.
Installing sslproxy-0.8.3.tgz ...
Installing clamav-0.103.2.tgz ...
The following new rcscripts were installed: /etc/rc.d/clamav_milter /etc/rc.d/clamd /etc/rc.d/freshclam
See rcctl(8) for details.
Installing clamavdb.tar.gz ...
clamavdb.tar.gz 100% |**********************************| 216 MB 00:35
Installing p5-Mail-SpamAssassin-3.4.5.tgz ...
useradd: Warning: home directory `/var/db/spamassassin' doesn't exist, and -m was not specified
The following new rcscripts were installed: /etc/rc.d/spamassassin
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/glib2
/usr/local/share/doc/pkg-readmes/gnupg
/usr/local/share/doc/pkg-readmes/p5-Mail-SpamAssassin
Installing p3scan-2.3.2.tgz ...
--- p3scan-2.3.2 -------------------
To run as a transparent proxy, you also need pf rules to redirect
POP3 traffic to p3scan, and /dev/pf must be readable by p3scan:
chmod 644 /dev/pf
To start p3scan automatically, add these lines to /etc/rc.local
if [ -x /usr/local/sbin/p3scan ]; then
echo -n ' p3scan';
install -d -o _p3scan /var/run/p3scan
/usr/local/sbin/p3scan -f /etc/p3scan/p3scan.conf
fi
Post-processing for p3scan-2.3.2.tgz: Setting /dev/pf permissions...
Installing smtp-gated-1.4.20.0.tgz ...
Post-processing for smtp-gated-1.4.20.0.tgz: Setting /dev/pf permissions...
Installing e2guardian-5.3.5.tgz ...
Installing blacklists.tar.gz ...
blacklists.tar.gz 100% |********************************| 9631 KB 00:04
Installing snort-2.9.17.1.tgz ...
The following new rcscripts were installed: /etc/rc.d/snort
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/snort
Installing snortrules.tar.gz ...
snortrules.tar.gz 100% |********************************| 4190 KB 00:06
Installing snortips-6.2.2.tgz ...
Installing imspector-0.9.tgz ...
--- imspector-0.9 -------------------
You also need pf rules to redirect IM traffic to IMSpector.
To start imspector automatically, add these lines to /etc/rc.local
if [ -x /usr/local/sbin/imspector ]; then
mkdir /tmp/imspector
chown -R _imspector:_imspector /tmp/imspector
echo -n ' imspector';
/usr/local/sbin/imspector -c /etc/imspector/imspector.conf &
fi
Post-processing for imspector-0.9.tgz: Setting /dev/pf permissions...
Installing openvpn-2.5.1.tgz ...
The following new rcscripts were installed: /etc/rc.d/openvpn
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/openvpn
Installing dante-1.4.2p0.tgz ...
The following new rcscripts were installed: /etc/rc.d/sockd
See rcctl(8) for details.
Installing symon-2.88p6.tgz ...
The following new rcscripts were installed: /etc/rc.d/symon
See rcctl(8) for details.
Installing symux...
The following new rcscripts were installed: /etc/rc.d/rrdcached /etc/rc.d/symux
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/rrdtool
--- symux-2.88p4 -------------------
An example configuration for symux has been installed in
/usr/local/share/examples/symon.
RRD files can be obtained by running
/usr/local/share/examples/symon/c_smrrds.sh
Installing pmacct-1.7.6.tgz ...
Installing rrdtool...
Installing collectd-5.12.0p0.tgz ...
The following new rcscripts were installed: /etc/rc.d/collectd
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/collectd
Installing collectd plugins...
Installing pftop-0.7p19.tgz ...
Installing php-8.0.3.tgz ...
The following new rcscripts were installed: /etc/rc.d/php80_fpm
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/femail-chroot
/usr/local/share/doc/pkg-readmes/php-8.0
Installing utmfw-webif-6.9.tar.gz ...
utmfw-webif-6.9.tar.gz 100% |***************************| 52816 KB 00:23
Installing utmfw-config-6.9.tar.gz ...
Installing rsync...
The following new rcscripts were installed: /etc/rc.d/rsyncd
See rcctl(8) for details.
utmfw-config-6.9.tar.gz 100% |**************************| 150 KB 00:00
missing: var (created)
missing: var/cron (created)
missing: var/cron/tabs (created)
missing: var/db (created)
missing: var/db/clamav (created)
missing: var/log (created)
missing: var/log/e2guardian (created)
missing: var/log/httpd (created)
missing: var/log/imspector (created)
missing: var/log/snort (created)
missing: var/log/sslproxy (created)
missing: var/www (created)
missing: var/www/htdocs (created)
missing: var/www/htdocs/utmfw (created)
missing: var/www/htdocs/utmfw/View (created)
missing: var/www/htdocs/utmfw/View/cgi-bin (created)
missing: etc (created)
missing: etc/collectd (created)
missing: etc/e2guardian (created)
missing: etc/e2guardian/contentscanners (created)
missing: etc/e2guardian/downloadmanagers (created)
missing: etc/e2guardian/lists (created)
missing: etc/imspector (created)
missing: etc/mail (created)
missing: etc/mail/spamassassin (created)
missing: etc/openvpn (created)
missing: etc/p3scan (created)
missing: etc/pfre (created)
missing: etc/php-8.0 (created)
missing: etc/pmacct (created)
missing: etc/snort (created)
missing: etc/sslproxy (created)
missing: usr (created)
missing: usr/local (created)
missing: usr/local/share (created)
missing: usr/local/share/e2guardian (created)
missing: usr/local/share/e2guardian/languages (created)
missing: usr/local/share/e2guardian/languages/chinese (created)
missing: usr/local/share/e2guardian/languages/dutch (created)
missing: usr/local/share/e2guardian/languages/russian-utf8 (created)
missing: usr/local/share/e2guardian/languages/turkish (created)
missing: usr/local/share/e2guardian/languages/ukenglish (created)
missing: var/log/httpd (created)
missing: var/log/imspector (created)
missing: var/log/snort (created)
missing: var/log/sslproxy (created)
missing: etc/collectd (created)
missing: etc/imspector (created)
missing: etc/openvpn (created)
missing: etc/pfre (created)
missing: etc/pmacct (created)
missing: etc/sslproxy (created)
missing: usr/local/share/e2guardian/languages/chinese (created)
missing: usr/local/share/e2guardian/languages/russian-utf8 (created)
Saved old file as /etc/e2guardian/contentscanners/clamdscan.conf.orig
Saved old file as /etc/e2guardian/downloadmanagers/default.conf.orig
Saved old file as /etc/e2guardian/lists/bannedsitelist.orig
Saved old file as /etc/e2guardian/lists/domainsnobypass.orig
Saved old file as /etc/e2guardian/lists/bannedurllist.orig
Saved old file as /etc/e2guardian/lists/exceptionsitelist.orig
Saved old file as /etc/e2guardian/lists/exceptionurllist.orig
Saved old file as /etc/e2guardian/lists/greysitelist.orig
Saved old file as /etc/e2guardian/lists/greyurllist.orig
Saved old file as /etc/e2guardian/lists/weightedphraselist.orig
Saved old file as /etc/e2guardian/e2guardian.conf.orig
Saved old file as /etc/e2guardian/e2guardianf1.conf.orig
Saved old file as /etc/mail/aliases.orig
Saved old file as /etc/mail/smtpd.conf.orig
Saved old file as /etc/p3scan/p3scan.conf.orig
Saved old file as /etc/snort/snort.conf.orig
Saved old file as /etc/clamd.conf.orig
Saved old file as /etc/dnsmasq.conf.orig
Saved old file as /etc/freshclam.conf.orig
Saved old file as /etc/motd.orig
Saved old file as /etc/newsyslog.conf.orig
Saved old file as /etc/pf.conf.orig
Saved old file as /etc/php-8.0.ini.orig
Saved old file as /etc/php-fpm.conf.orig
Saved old file as /etc/rc.orig
Saved old file as /etc/sockd.conf.orig
Saved old file as /etc/symon.conf.orig
Saved old file as /etc/symux.conf.orig
Saved old file as /etc/syslog.conf.orig
Saved old file as /usr/local/share/e2guardian/languages/dutch/fancydmtemplate.html.orig
Saved old file as /usr/local/share/e2guardian/languages/dutch/messages.orig
Saved old file as /usr/local/share/e2guardian/languages/dutch/template.html.orig
Saved old file as /usr/local/share/e2guardian/languages/turkish/fancydmtemplate.html.orig
Saved old file as /usr/local/share/e2guardian/languages/turkish/messages.orig
Saved old file as /usr/local/share/e2guardian/languages/turkish/template.html.orig
Saved old file as /usr/local/share/e2guardian/languages/ukenglish/fancydmtemplate.html.orig
Saved old file as /usr/local/share/e2guardian/languages/ukenglish/template.html.orig
Saved old file as /var/cron/tabs/root.orig
Location of packages? (cd disk ftp http nfs or 'done') [done]
Updating ld.so hints...
Running post-install script...
Interface assignment:
internal= bse0 (not configured)
external= bwfm0 (inet 192.168.0.1 255.255.255.0)
WARNING: There are unconfigured interfaces
Internal interface (bse0, bwfm0, urtwn0 or enter) [bse0] bwfm0
Interface assignment:
internal= bwfm0 (inet 192.168.0.1 255.255.255.0)
external= bse0 (not configured)
WARNING: There are unconfigured interfaces
External interface (bse0, bwfm0, urtwn0 or enter) [bse0] urtwn0
Interface assignment:
internal= bwfm0 (inet 192.168.0.1 255.255.255.0)
external= urtwn0 (dhcp)
Type 'done' to accept or press enter to try again: done
Internal interface bwfm0 is a Wi-fi interface
Enable hostap on bwfm0 (make sure bwfm(4) supports Host AP mode)? [yes]
Hostap enabled on bwfm0.
Password for WUI users 'admin' and 'user', and SSLproxy user 'utmfw'
To use the WUI, log in as 'admin' or 'user' with this password
To access the Internet, log in as 'utmfw' with the same password
You can change user passwords and add/delete network users on the WUI:
Password? (will not echo)
Password? (again)
Successfully created WUI users: 'admin' and 'user'.
Successfully created network user 'utmfw'.
Generating the SSL key pairs for httpd, openvpn, and sslproxy
Set serial to? [1] 10
Setting serial to 10
You can generate the SSL key pairs on the WUI too.
If the system has enough memory, you can mount /var/log as MFS
Enable MFS? [yes]
MFS /var/log enabled.
MFS size of 1024m or more is recommended
Set MFS size to (you can use k/m/g or K/M/G suffix)? [1024m]
Setting MFS size to 1024m
MFS /var/log can be set to persist, so its contents are not lost on shutdown
Note that syncing /var/log to disk can take some time
Enable persistent MFS? [yes]
Persistent MFS enabled.
Successfully configured the system.
Updating mandoc.db ...
CONGRATULATIONS! Your UTMFW install has been successfully completed!
CONGRATULATIONS! Your OpenBSD install has been successfully completed!
When you login to your new system the first time, please read your mail
using the 'mail' command.
Exit to (S)hell, (H)alt or (R)eboot? [reboot]
CTRL-A Z for help | 115200 8N1 | NOR | Minicom 2.7.1 | VT102 | Offline | ttyUSB0