jump to navigation

Mengapa Harus Tasawuf ? 17 June, 2006

Posted by netlog in OpenBSD.
add a comment

Diakui atau tidak, modernitas (segala yang dianggap modern atau bahkan berbau modern) telah menjungkirbalikkan pemikiran, konsepsi dan pilihan manusia terhadap nilai-nilai. Nilai hidup sederhana dipertukarkan dengan ambisi yang kuat dan telah terhadap kemegahan duniawi. Nilai kesetiaan individual atau kelompok terhadap cita-cita spiritual bertukar dengan pola hidup yang mementingkan diri sendiri dan egoistik.

Dalam bidang politik misalnya, hasrat memenangkan pertarungan dengan lawan politik menjadi nilai yang dianggap luhur sehingga mengabaikan cara-cara yang patut dan bermoral. Kecuranganpun dianggap sebagai bagian dari strategi. Dalam bidang hukum, terlihat dengan jelas bagaimana hukum gagal mencegah kejahatan dan gagal pula menegakkan keadilan pasca kejahatan. Ambisi terhadap harta telah membuat hukum tidak dapat ditegakkan, demikian pula campur tangan politik telah membuat hukum menjadi semakin jauh dari nilai-nilai keadilan.

Di sisi lain, eksploitasi sumber daya alam telah mencapai titik nadir dengan pengaruh yang sangat destruktif terhadap ekologi. Tindakan eksploitatif itu terjadi karena bergesernya cita-cita mengelola alam demi kesejahteraan manusia menjadi kesengajaan untuk memupuk sifat rakus manusia. Dalam bidang seni, apresiasi artistik menjadi kabur maknanya oleh hasrat pemuasan nafsu birahi dan keinginan untuk mencari hiburan yang tidak bermoral. Dalam masyarakat yang modern, semakin terlihat gejala perubahan konsepsi di mana imoralitas mulai dianggap sebagai moralitas.

Sering dikatakan bahwa rasionalitas menjadi simbol supremasi manusia modern lebih dari kapanpun. Sepintas, rasionalitas memang cukup berjasa bagi pengentasan sebagian persoalan manusia. Tetapi menganggap rasionalitas sebagai satu-satunya dimensi manusia jelas merupakan anggapan yang lancung dan memiliki resiko yang gawat, yakni hilangnya dimensi kemanusiaan yang sangat berharga: spiritualitas. Sebab selain sebagai makhluk rasional maupun makhluk politik, manusia juga merupakan makhluk spiritual.
Mengapa Tasawuf?

Secara umum dapatlah dikatakan bahwa tasawuf merupakan upaya untuk mensistematisasi ajaran Islam, terutama yang berkaitan dengan tujuan seorang hamba untuk berada sedekat mungkin dengan Sang Pencipta. Kerangka dasar tasawuf adalah pengakuan batin terhadap adanya Allah dan kerinduan untuk bertemu dengan-Nya. Psikolog modern menyebut kedua hal di atas sebagai “utang psikologis” yang harus ditunaikan manusia.

Dalam perspektif sufistik, utang psikologis tersebut dilunasi dengan meng-Esa-kan dan menjadikan Allah sebagai tujuan akhir dalam kehidupan maupun peribadatan. Kaum sufi terkenal sebagai orang-orang yang mensucikan niat dan amal mereka dari hal-hal selain Allah. Bahkan dalam perkara yang mubah (yakni perkara yang tidak masuk dalam kategori larangan [haram] atau kewajiban [fardh]) seperti makan, minum dan sebagainya, kaum sufi selalu meniatkannya sebagai bagian dari ibadah kepada Allah.

Sementara itu, masyarakat modern ingin mendapatkan layanan serba instan dalam berbagai aspek kehidupan termasuk urusan makanan dan minuman.Tasawuf menjadikan rasa lapar sebagai bagian dari latihan untuk mensucikan jiwa dan raga dari kotoran-kotoran duniawi. Rasa lapar karena berpuasa menjadi instrumen dan sekaligus pula bukti bahwa kaum sufi lebih ingin menjaga kesucian batin daripada memenuhi kebutuhan diri sendiri dengan cara melanggar hak orang lain.

Dalam masyarakat modern, apa yang disebut sebagai “strategi” untuk memenuhi kebutuhan hidup sering secara implisit memuat istilah-istilah siasat, kelicikan dan bahkan penipuan. Kaum sufi memang sengaja meminimalkan hasrat karena mereka tahu bahwa hasrat akan menimbulkan lingkaran setan (infinite regress).

Fa ma qadha ahadun minha lihajatihi Wa ma 'intaha 'arabun illa ila 'arabin
(Tak seorang pun yang dapat memuaskan hasratnya sebab satu
hasrat hanya akan disusul oleh hasrat yang lain)

Kosakata yang berkembang dalam masyarakat modern biasanya bertumpu kepada upaya untuk mengatasi akibat-akibat tertentu jika suatu perbuatan kemudian terbukti sebagai perbuatan yang berakibat buruk. Dalam dunia tasawuf, penghindaran telah dilakukan pada tahapan yang metafisis dan preventif, yakni ketika akibat suatu perbuatan telah dibuktikan keburukannya meskipun perbuatan itu sendiri tergolong bukan sebagai perbuatan yang buruk. Cinta dunia dapat dikemukakan sebagai salah satu contohnya. Pada galibnya, cinta dunia bukanlah merupakan kesalahan (wrongness), keburukan (worse) apalagi kejahatan (evil), namun kaum sufi tetap menghindarinya karena cinta kepada dunia dapat berakibat buruk terhadap perjuangan meraih cita-cita tertinggi yakni berada dekat dengan Allah dan kemenangan di hari akhirat.
Jika masyarakat modern menunda kesenangannya saat ini demi kesenangan di masa yang akan datang dalam ranah kehidupan duniawi, kaum sufi malah meninggalkan seluruh kesenangan duniawi demi hari akhirat. Jika para ilmuwan modern telah melakukan riset untuk mengeksploitasi dunia, kaum sufi telah melakukan riset tentang kehampaan dunia jika dibandingkan dengan kehidupan akhirat.

Pilihan Yang Dilematis

Setiap pilihan yang bermakna (living option) pasti bersifat dilematis. Artinya, Anda hanya mungkin memilih salah satu dari dua hal yang menurut Anda sama pentingnya. Anda tidak dapat memilih kedua-duanya atau menunda pilihan. Dalam Exploring The Philosopy of Religion, David Stewart mengakui bahwa pilihan untuk beriman atau tidak beriman merupakan pilihan yang aktual mengingat tidak adanya kemungkinan untuk menunda pilihan karena dalam ranah ini, menunda pilihan berarti memilih untuk tidak beriman kepada Tuhan.

Dalam perspektif sufistik, orang dihadapkan kepada apakah dia akan memilih kehidupan duniawi atau kehidupan di negeri akhirat. Tak ada pilihan ketiga. Sekiranya Anda memilih salah satu dari keduanya, Anda akan kehilangan yang lain bahkan buat selama-lamanya. Pilihan kepada kekayaan duniawi akan menjadi harga mati yang dipertukarkan dengan kebahagiaan hidup di akhirat. Menurut kaum sufi, memilih kehidupan duniawi sama artinya dengan memilih sekerat bagian dari dunia yang kotor. Memilih kehidupan akhirat telah memustahilkan kaum sufi dari kemungkinan bersenang-senang dengan kehidupan duniawi dan mencintainya.

Kaum sufi memandang pilihan atas kehidupan akhirat merupakan pilihan yang cerdas. Syekh al-Nawawi pada bagian awal karyanya Riyâdh al-Shâlihin (Taman Orang-orang Saleh) menulis sebuah syair:

Sesungguhnya Allah memiliki hamba-hamba yang cerdas Yang meninggalkan dunia kerna takut fitnah Mereka mencermati dunia, tapi ketika mereka tahu bahwa dunia bukanlah tanah air bagi orang yang hidup, mereka memandangnya sebagai lautan yang dalam dan menjadikan amal saleh sebagai bahtera.

Dengan demikian, terminologi kecerdasan yang dikemukakan kaum sufi pun berbeda dari yang dikemukakan para psikolog modern. Pada yang terakhir, kecerdasan dipahami sebagai daya kuantitatif akal atau pikiran dalam mengingat, menjawab atau mencipta sesuatu dalam ranah duniawi. Pada yang pertama, kecerdasan adalah kemampuan untuk memilah yang baik dari yang buruk, yang kekal dari yang fana, yang hakiki dan sejati dari yang palsu dan lancung.

Kini terserah Anda, mana yang akan Anda pilih dan bagaimana Anda memilihnya.

—(ooo)—

Drs. Zaimul Am, MA-Dosen Metodologi Penelitian Fakultas Agama Islam UNIS Tangerang

Advertisements

Build a Dynamic Web Serving Platform with FreeBSD 16 May, 2006

Posted by netlog in OpenBSD.
4 comments

FreeBSD and its ports collection let you build a secure solution for hosting dynamic Web pages—without any out-of-pocket expense. Follow this step-by-step guide to installing and testing an open source solution based on Apache-modSSL, MySQL, and PHP. You'll serve dynamic Web pages quickly, reliably, securely, and efficiently from your own cost-free platform.
Looking for a secure solution for hosting dynamic Web pages but don't have much money to implement it? Use FreeBSD and its ports collection to install Apache-modSSL, MySQL, and PHP. This open source solution will have you serving dynamic Web pages quickly, reliably, securely, and efficiently—without any out-of-pocket expense. All you need are the following:
1. Root control of a FreeBSD box
2. A FreeBSD box connected to the Internet
3. An installed ports collection
4. An updated ports collection via CVsup

Although this solution may sound like a lot of work, compiling each application from source is actually painless with the FreeBSD ports system. This tutorial offers a simple paint-by-numbers guide to this server installation, which any developer, from the curious newbie to the seasoned Linux or Windows veteran, can use. As an added bonus, because FreeBSD can run on a 486 PC with just 16MB of RAM, it also enables you to turn an old computer into a PHP testing environment.

This article requires a running FreeBSD installation. To follow the instructions, you must be logged in as root and be able to navigate the command line. Some familiarity with both Unix and the computer you're working on is also required. The TYPE instruction means "at the root prompt." Do not type TYPE. Simply enter the data following the TYPE command ad verbatim on each line at the # root prompt. Press enter following each line of commands.

Connect Your FreeBSD Installation to the Internet
If you are already connected to the Internet skip ahead to the "Install CVsup to Stay Current" step. If you installed FreeBSD via CD-ROM, you need a configured Ethernet card to connect to the Internet. To configure your network connection:

TYPE /stand/sysinstall

Choose Configure then Networking from the list of options.

This installation requires the ports collection. If you haven't already, install the ports collection now. (See the FreeBSD handbook for an outline of how to install the ports collection.)

Install CVsup to Stay Current
If you have just installed the ports collection using a CD-ROM, you must upgrade to the latest releases of the ported software you need. If you have just installed FreeBSD and the ports collection via FTP, you are already current and you can skip ahead to the "Install Each Application from Source" section.

Fortunately, FreeBSD makes staying current extremely easy:

TYPE cd /usr/ports/net/cvsup-without-gui
TYPE make
TYPE make install
TYPE make clean

As root, copy /usr/share/examples/cvsup/ports-supfile to a new location. In this case, copy to /root on your home directory:

TYPE cp /usr/share/examples/cvsup/ports-supfile /root/ports-supfile

* Notice the space between ports-supfile and /root/ports-supfile.

Edit ports-supfile with your favorite editor:

TYPE ee /root/ports-supfile

Change the ports-supfile (line 50 or so) to look something like the following:

#*********************************************************************
*default host=cvsup.ca.FreeBSD.org.
*default base=/usr
*default prefix=/usr
*default release=cvs
*default delete use-rel-suffix
*default tag=.
src-all
#**********************************************************************

Pay particular attention to the first and last lines. Choosing a CVsup mirror that is located near you will save a lot of time. At the very least, download one from the country where you live. Click here for a list of mirrors.

After you've done this, press Escape and then Return to leave editor. Press Return to save your changes.

Before running CVsup, you have to reboot your system:

TYPE shutdown -r now

Once you have once again logged in as root:

Now it's time to run CVsup:

TYPE cvsup -g -L 2 /root/ports-supfile

This command upgrades all the skeletons in your ports collection. Depending on your Internet connection speed, the upgrade can take an hour or longer.

Install Apache-modSSL, MySQL, and PHP
Once you get the command prompt back, you can move on to the fun part. Enter the following commands one at a time, waiting for the command prompt between each instance of TYPE.

Install the Perl language (required for MySQL):

TYPE cd /usr/ports/lang/perl5
TYPE make
TYPE make test
TYPE make install
TYPE make clean
TYPE cd ~
TYPE rehash
TYPE use.perl port

The last three commands tells your FreeBSD machine to use the freshly upgraded Perl language and not the default that ships with your version of FreeBSD. If you ever need to switch back TYPE use.perl system.

Install the MySQL database:

TYPE cd /usr/ports/databases/mysql40-server
TYPE make
TYPE make install
TYPE make clean

It is a good idea to edit /etc/make.conf to tell various ports which versions of Berkeley DB and MySQL to use:

TYPE ee /etc/make.conf

Add the following two lines, one on top of the other as shown:

WITH_BDB_VER=40
WITH_MYSQL_VER=40

Editor's Note: Be sure to modify the code above, if necessary, to match the version number of MySQL that you are currently using.

Press Escape to exit, and save your changes before you leave the editor.

Install the Apache13x+mod_ssl server:

TYPE cd /usr/ports/www/apache13-modssl
TYPE make
TYPE make certificate

You'll see a series of self-explanatory on-screen directions here. Create an [R]SA server key for good performance. Change all of the snake-oil information to your own private information. When you are asked to encrypt this key, choose [y]es, and then:

TYPE make install
TYPE make clean

Install the PHP language:

TYPE cd /usr/ports/www/mod_php4
TYPE make

Now you get to choose your installation preferences. Notice that the MySQL dependent choices have been made for you. Certain options require a licensing fee (e.g., PDFlib). If you do not recognize a particular component, do not install it. Certain components create dependencies on other components. To simplify this installation and circumvent errors, stick to a minimal configuration. Include DOMXML and DOMXSLT support. PHP integrates well with XML. For universality amongst databases, choose the UNIXODBC support also. UNIXODBC will allow you to connect PHP with many databases:

TYPE make install
TYPE make clean

Congratulations! You have Apache-modSSL, MySQL, and PHP installed on your FreeBSD system. Wasn't that easy? Still skeptical? Then test it out.

Test Your Installation
To test the installation, you need a Web browser. I like to use LYNX.

Install LYNX-ssl Web Browser:

TYPE cd /usr/ports/www/lynx-ssl
TYPE make
TYPE make clean

Now, shutdown and reboot your machine to have Apache and MySQL start as daemon processes in the background. If you made a certificate, you will need to enter your local pass- key when prompted:

TYPE shutdown -r now
TYPE lynx 127.0.0.1

This command tells your Web browser to view the local Apache configuration. And what do you knowit worked! You should see the default congratulatory Apache screen. (Note: The keystroke Q or Control-C gets you out of LYNX.)

Three Steps to Enable Apache to Serve PHP
1. Edit the Apache httpd.conf file. Begin by getting back to the root command line:

TYPE cd ~
TYPE ee /usr/local/etc/apache/httpd.conf

Add the following lines anywhere within the Apache httpd.conf file, perhaps at the very top:

#***************************************
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .php3s
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
#***************************************

Find the line that says ServerAdmin and put your e-mail address there.

2. Create a PHP test file:

TYPE cd ~
TYPE ee /usr/local/www/data/index.php

Add the following code—exactly the way you see it here—to the editor window you just opened:

<html>
<head>
<title>PHP_TESTER</title>
</head>
<body>
<?php
phpinfo();
?>
</body>
</html>

Press Escape to leave the editor and save this file.

3. Test the PHP installation on a secure port: To test the PHP installation, you have to stop and restart the Apache server:

TYPE cd /usr/local/etc/apache
TYPE apachectl stop
* Note: In ctl, it is an "el" and not a one.
TYPE apacheclt start
TYPE lynx 127.0.0.1

If this worked, you should see the information about your new PHP/MySQL-enabled Apache Web server. Congratulations again! You now have a PHP-enabled Apache-modSSL Web server. The second-to-last step is adding a password to MySQL root and creating a simple test page that shows the connection between the PHP language and the MySQL database.

Add a Password to MySQL Root and Creating a Test Page
Set a MySQL root password:

TYPE mysqladmin -u root password your_password_here

Logging into MySQL as root now requires a password. Replace "your_password_here" with your own password (For more information about MySQL, see the online documentation):

TYPE mysql —user=root —password=your_password_here

You should now see the mysql> prompt:

Mysql>TYPE create database banking;
Mysql>TYPE show databases;
Mysql>TYPE quit

Make sure you add a semi-colon when required.

Now you are back to the root prompt. All that is left is to use PHP to connect to the newly created "banking" database. You need to invoke an editor again:

TYPE ee /usr/local/www/data/phpmysqlconnection.php

Then add the following code into the editor window (don't forget the semi-colons):

<html>
<head>
<title>PHP_MySQL_Connection</title>
</head>
<body>
<!— start PHP insert and create MySQL connection details as variables —>
<?php
// database access variables
$Server = "localhost";
$Username = "root";
$Pass = "yourpasswordhere";
$DataBaseName = "banking";
// connect PHP to MySQL
$Connection = mysql_connect ($Server, $Username, $Pass) or die ("Connection Denied");
// test the connection with a browser
if ($Connection) {
echo "<h3>Congratulations! You are ready to build dynamic database-driven Web sites</h3>";
} else {
echo "<h3>Back to the lab again*****Something went wrong</h3>";
}
// closing the connection is considered good form
mysql_close ($Connection);
// close the php
?>
</body>
</html>

Test this out:

TYPE lynx 127.0.0.1/phpmysqlconnection.php

Secure the Pages You Serve
# Your last step is to configure Apache-modSSL to serve truly secure pages to the outside world. Note: the traditional secure port is 443. The FAQ pages at the following Web sites provide more information: http://www.freebsd.org
# http://www.apache.org
# http://www.openssl.org
# http://www.modssl.org
# http://www.perl.org
# http://www.mysql.org
# http://www.php.net

Security is a process and not an end. Many of your configuration questions can be answered in the mod_ssl documentation included with the installation of Apache-modSSL. Further reading and support is available from a number of locations, including:
# http://www.devshed.com/Server_Side/PHP/DB_Basics
# http://www.programmingpub.com/php_forum_php_forums
# developer.netscape.com/tech/security/ssl/howitworks

Contribute to Open Source
FreeBSD and the other open-source projects used in this article rely on user contributions to evolve. If you find these products useful, financial and volunteer contributions are always welcome. FreeBSD is distributed under the BSD license, leaving you free to alter and distribute the source code so long as the BSD license remains intact. Click here for copyright information about FreeBSD and the GNU public license.

Secure Web Server with OpenBSD 16 May, 2006

Posted by netlog in OpenBSD.
2 comments

The OpenBSD team prides itself on producing one of the most—if not the most—secure operating systems in the world. If you are concerned about keeping the sensitive data within your organization protected, consider OpenBSD. As a member of the 4.4BSD-lite family of operating systems, OpenBSD sets itself apart by claiming to be "secure by default". The basis for this claim is the diligence of the OpenBSD code auditing team and the inclusion of military grade cryptography in the base system (including Kerbos, OpenSSH, and IPSec). OpenSSH runs best with this OpenBSD (as it was developed by the OpenBSD team).

You can install OpenBSD in a couple of ways. The easiest method is to order the OpenBSD CD-ROM from the OpenBSD ordering page. The OpenBSD team, headed by Theo de Raadt, relies on the sale of these CD-ROM packages for its financial survival, so it prefers that users choose this method. Installation via CD-ROM is outlined in detail inside the CD case.

The second—and faster—way of installing OpenBSD is over the Internet via FTP or HTTP. Though this install is free, a post-installation courtesy is to order the CD-ROM anyway, make a donation to OpenBSD, and / or buy a limited edition OpenBSD T-shirt or poster.

This tutorial demonstrates a network install of the OpenBSD operating system, along with PHP4 and MySQL. It presents an advanced system administrator build, which assumes basic knowledge of the VI editor.

[Author's Note: Because OpenBSD is a Canadian-made product, export of the security suite and source code is not restricted in any way. However, while U.S. readers can download (import) OpenBSD, exporting or re-exporting cryptographic software from the US is still a serious criminal offence. For those of you living in the US, do not attempt to export the OpenBSD operating system once you've downloaded it. If you are an American citizen located outside the US, do not download OpenBSD from an American site. You have been warned! Of course, downloading OpenBSD from an American site to an American location is fine. Always choose the server nearest you.]

Create OpenBSD Boot Floppy
OpenBSD runs on a number of hardware platforms. The following directions are somewhat specific to "IBM PC" aka "Intel/AMD" architecture machines. To install OpenBSD over the network, your host computer needs either a floppy or a CD-ROM drive and an Ethernet card that OpenBSD can recognize. So check your hardware first. If you use an Intel-based system, your information is under i386.

To create a bootable CD-ROM, you need a CD burner and CD creation software. To simplify the multi-step process of creating the floppy boot install disk on Windows, which is somewhat involved, I developed an installer package. I did not alter the boot installer in any way, but if you prefer to receive the software directly from the OpenBSD site, you'll find it in the tools section of the 3.6 release site. Navigate to your relevant hardware and download the necessary files.

To complete the example install, you need 1-3 floppy disks and a standard 1.44M floppy drive on your Windows computer. For a standard build, you need only the first disk. The second disk is for special RAID and SCUSI situations, and the third is for laptops. This tutorial uses Windows 2000, but floppy disk creation should work seamlessly with Windows NT and XP as well. If you use an older DOS system or Windows 95/98, then you must use the fdimage.exe file included in the downloadable openbsd36_floppy_install.zip file (with documentation).

The following steps will guide you through a Windows 2000, XP, and NT OpenBSD boot floppy creation:

1. Download the OpenBSD 3.6 floppy images.
2. Format your floppy disk: My computer –> 3 1/2 floppy A: –> right click –> format.
3. Place the directory openbsd36_floppy_install on your c:\ drive as C:\openbsd36_floppy_install.
4. Open a dos prompt and type:

cd C:\openbsd36_floppy_creation

5. Now that openbsd36_floppy_creation is your working directory type:

ntrw floppy36.fs a:

For a standard Intel architecture, you need only the first disk. If the first disk does not take you to the install screen (or you are using a laptop), you may have to make one or two more floppy boot disks. Again, format your second and third floppy disks then type the following, respectively (see Figure 1):

ntrw floppyB36.fs a:
ntrw floppyC36.fs a:
Figure 1. OpenBSD Floppy Creation (Win2000)

Put your newly created floppy boot installer in the a: drive of the computer on which you want to install OpenBSD. Make sure your CMOS is set up to boot from floppy first, and then boot from hard drive second.

To complete the install, you need an Ethernet card that OpenBSD supports. The networking setup procedure is quite straightforward. The following instructions explain how to set up DHCP for a DSL connection. At each listed prompt, just follow the instructions:

1. Would you like to (I)nstall, (U)pgrade, or (S)hell? Choose I. ENTER.
2. Terminal type? ENTER
3. Do you wish to select a keyboard-encoding table? Choose no. ENTER.
4. Proceed with install? Press y. ENTER.
5. Which one is the root disk? Choose "(or 'done')[wd0]". ENTER.
6. Do you want to use *all* of wd0 for OpenBSD? Choose no. ENTER.
7. fdisk: 1>q. ENTER.
8. Initial label editor (Enter '?' for help at this prompt.)
9. TYPE: ">?". ENTER.

The tools you see are part of the OpenBSD label/partition editor. The disk label editor screen might not look pretty, but it is very powerful. The most important commands for a basic install are 'a' for add partition, 'd' for delete partition, 'p' for print label, and 'q' for quit. OpenBSD requires a manual file system setup. During this process 'm' is for megabytes and 'g' is for gigabytes. This tutorial assumes you are installing OpenBSD on a system dedicated to OpenBSD. (For dual boot issues, see the FAQ.)

Configure the File Structure and the Network
Now on with the install. First, clear the possibility that OpenBSD recognized an existing partition on your hard-drive by typing the following:

z a. ENTER.

The "z" command zeroes the partitions, leaving only C. Author Note: Thanks to Joel Dinel for the partition zeroing hint.

Now you can add the file structure. This consists of /(root), /var, /swap, /usr, and /home. File size is an important consideration:

* The root / must be at least 150m; 500m is recommended.
* /tmp can be as small as 150m. Performance can increase if this is larger.
* /var should be larger for a server because /var/www and /var/mail can fill up quickly (especially if you expect to handle larger mail attachments).
* swap should be twice the size of the RAM you have or twice the size of the RAM you expect to have.
* 512MB of RAM makes a swap space of 1,024MB ideal. One gig of RAM makes two gigs of swap space.
* /usr and /home need to be larger if you are creating a desktop workstation with X Windows.

I am using a 10GB hard drive. You should use values that make sense for your situation. Keep in mind that the values for offset will differ depending on the size of your hard drive. The following instructions create the basic file structure for the operating system:

TYPE: a a. ENTER.
offset:[63]. ENTER.
size:500m. ENTER.
FS type: [4.2BSD]. ENTER.
mount point:[none] /. ENTER.

TYPE: a b. ENTER.
offset:[614880]. ENTER.
size: [19386045] 1024m. ENTER.
FS type: [swap]. ENTER.

TYPE: a d. ENTER.
offset: [2712528]. ENTER.
size: [17288397] 500m. ENTER.
FS type: [4.2BSD]. ENTER.
mount point: [none] /tmp. ENTER.

TYPE: a e. ENTER.
offset: [3327408]. ENTER.
size: [16673517] 3g. ENTER.
FS type: [4.2BSD]. ENTER.
mount point: [none] /var. ENTER.

TYPE: a f. ENTER.
offset:[5425056]. ENTER.
size: [14575869] 2g. ENTER.
FS type: [4.2BSD]. ENTER.
mount point: [none] /usr. ENTER.

TYPE: a g. ENTER.
offset: [9619344]. ENTER.
size: [10381581] 2g. ENTER.
FS type: [4.2BSD]. ENTER.
mount point: [none] /home. ENTER.

Now that you have created the file structure, write the changes:

TYPE: p. ENTER.

This shows the partitions you are about to create. Leave a little extra space for future changes (like RAM upgrades, or log files filling /var) or leave the size of the g partition unspecified and g will use up the rest of your hard disk:

TYPE: q. ENTER.
Write new label? Choose y. ENTER.

Now, cycle through the options you have created. Hit ENTER until the /home directory appears, then type "done".

The next step destroys all existing data on these partitions:

Are you sure that you're ready to proceed? TYPE: y. ENTER.

You will be prompted for a system hostname. Use any name you like. I used the name ftknox.

The following steps guide you through configuring the network using DHCP:

* Configure the network? Choose yes. ENTER.
* If you are using an Ethernet card that is supported by OpenBSD, then you should be prompted to initialize an interface. Press ENTER.
* Symbolic (host) name for vr0? TYPE: "([ftknox] dlink530TX)". ENTER. You should see the speed options for your Ethernet card.
* Do you want to change the media options? Choose no. ENTER.
* IPv4 address for vr0? (or 'none' or 'dhcp') TYPE: dhcp. ENTER.
* Enter your DNS domain name and the address of your DNS nameserver.
* Default IPv4 route? Choose dhcp. ENTER.
* Edit hosts with ed? Choose no. ENTER.
* Do you want to do any manual network configuration? Choose no. ENTER.
* Password for root account? Do not use any word in any language. Numbers and letters and special characters are best in combination.

Now that the network and file structure configuration is done, it is time to access an (F)TP server to install the operating system:

Where are the install sets? (or 'done') TYPE: f ENTER.
HTTP/FTP proxy URL? (e.g., 'http://proxy:8080&#39;. or 'none') Choose none. ENTER.
Display the list of known FTP servers? Choose yes. ENTER.

Find the server that is closest to you (heeding the warnings from the introduction regarding international distribution):

* Server? (IP address, hostname, list#, 'done' or '?') TYPE: "ftp.openbsd.org". ENTER.
* Does the server support passive mode FTP? Choose yes. ENTER.
* Server directory? Choose pub/OpenBSD/3.6/i386. ENTER.
* Login? Choose anonymous. ENTER.

The following sets are available:

* File name? (or 'done') [bsd.mp] TYPE all. ENTER.
* File name? (or 'done') TYPE: "-game36.tgz". ENTER.
* File name? (or 'done') TYPE: "done". ENTER.
* Ready to install sets? TYPE: "yes" ENTER.

And away you go. You are now installing the entire OpenBSD operating system over the Internet to your host (server) computer. So depending on your connection speed, this could take minutes or hours. If it works, you will see various messages about getting somefile.tgz, followed by a percentage. Of course, 100 percent is the target.

Then you will be prompted with the following questions:

* Where are the install sets? (or 'done') TYPE: done ENTER.
* Start sshd(8) by default? Choose yes. ENTER.
* Do you expect to run the X window System? Choose either yes or no. ENTER. (*/ I personally believe that X Windows has no place on a server, but you may think differently.\*)
* Change the default console to com0? Choose no ENTER.
* Set your time zone. This one's self-explanatory.

You should now have a congratulations screen and a root prompt. Take your boot floppy out of the a: drive and TYPE halt. Reboot your machine to start using OpenBSD. You will notice that because you started sshd by default that it will have generated a new dsa and rsa host key. This is excellent. OpenSSH runs seamlessly with OpenBSD because the same people make both. For further information, read the OpenSSH FAQ. The afterboot section of the man pages offers a wealth of information that you should read as well:

TYPE: "man afterboot".

One of the strengths of OpenBSD is the high quality of its man pages. Make sure you read these before attempting to post a question on any OpenBSD forum. (Browsing Hint: Page Up and Page Down move you through the man pages; ENTER scrolls one line; TYPE "q" to quit.)

Set Up SU
To use SU, you must first create a regular user, which you will regularly log in as:

1. Log in as root.
2. TYPE: "adduser".
3. Choose your favorite shell. I use the default [sh].
4. Use the default login class.
5. Use the default Home partition: [/home].

Continue using the defaults, unless you have a special situation. I choose not to send a message to myself and to be prompted for passwords by default. One thing I do change is the password encryption method. Blowfish is my algorithm of choice (and is likely the default). Enter username and full name when prompted.

Now continue as root:

1. TYPE: "vi /etc/group".
2. The top line should read: "wheel:*0:root".
3. TYPE "i" to enter vi insert mode.
4. Move to the end of the first line using the right arrow.
5. Add a comma and the username of the user you just created. (e.g., wheel:*0:root,user1)
6. Press ESC and TYPE ":wq" to write the file and exit vi.

Test this out:

1. Press CTRL-ALT-F2 to open a new login screen.
2. Log in as the new user you just created.
3. TYPE "su".
4. Enter your root password.

You should once again have a root prompt ‘#’. Use this prompt to install the ports and package collections. The following section shows you how.

Install Ports and the Package Collection
Now that su is installed and working, OpenBSD’s functionality considerably expands with the installation of both the ports and the package collections. Installing new functionality on OpenBSD requires Root or pseudo (su) Root privileges. All of the following instructions require that you be logged in as the SuperUser (root).

Issue the following commands to install several thousand program skeletons:

1. ftp ftp://ftp.openbsd.org/pub/OpenBSD/3.6/ports.tar.gz
2. mv ports.tar.gz /usr
3. cd /usr
4. tar -xzf ports.tar.gz

Pop back into your open root console:

TYPE: CTRL-ALT-F1.

Notice that true root keeps track of all uses of su. Press ENTER to get your prompt back, and type "login". Log in as the user you created. Type "su", enter the root password, and voila!

Using Ports: Invoking the tcsh Shell
All of the ports work in a similar fashion. Navigate to the port directory you want and type "make && make install" within the port directory that includes the Makefile. For example, to install the tcsh shell:

1. TYPE: "cd /usr/ports/shells/tcsh".
2. TYPE: "make && make install".

And that is the basic formula for installing ports. Many ports, like tcsh, have special instructions that appear during or following the install. In this case:

1. TYPE: "vi /etc/shells".
2. Add the line /bin/tcsh to this file.
3. Save and quit (ESC, :wq).

At the root prompt, type "/usr/local/bin/tcsh" to invoke the tcsh shell. I like this shell for its up-arrow command history function (never type the same thing twice). You can perform subsequent invocations of this shell by typing tcsh at the command prompt. I suggest continuing to use the tcsh shell for the rest of the tutorial.

Packages Collection
The packages collection is the preferred way of installing software onto your OpenBSD system. Packages "automagically" install the required dependencies. As with the Ports system, you must be logged in as the SuperUser (root). You can browse the packages online. (Note: Intel architecture is i386.) Tell pkg_add where to find the packages via FTP. Do not attempt to install packages from an older or a newer release number of OpenBSD. Because this tutorial builds OpenBSD version 3.6, make sure you get the packages from the version 3.6 folder (setenv as seen below):

TYPE setenv PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/3.6/packages/i386/

Install MySQL and PHP
Install MySQL4:

TYPE: "pkg_add mysql-server-4.0.20.tgz"

Note the instructions on the screen. You will return to this after you install PHP.

Install PHP4:

TYPE pkg_add php4-core-4.3.10.tgz

Enable the PHP4 module:

TYPE /usr/local/sbin/phpxs -s
TYPE cp /usr/local/share/doc/php4/php.ini-recommended /var/www/conf/php.ini

Install PHP4_MySQL4 connectivity:

TYPE pkg_add php4-mysql-4.3.10.tgz
TYPE /usr/local/sbin/phpxs -a mysql

Enable MCRYPT:

TYPE pkg_add php4-mcrypt-4.3.10.tgz
TYPE /usr/local/sbin/phpxs –a mcrypt

Enable MHASH:

TYPE pkg_add php4-mhash-4.3.10
TYPE /usr/loca./sbin/phpxs –a mhash

Enable IMAP:

TYPE pkg_add php4-imap-4.3.10.tgz
TYPE /usr/local/sbin/phpxs –a imap

Enable DOMXML:

TYPE pkg_add php4-domxml-4.3.10.tgz
TYPE /usr/local/sbin/phpxs –a domxml

Enable PEAR libraries:

TYPE pkg_add php4-pear-4.3.10.tgz

Use PHP to manipulate graphics:

TYPE pkg_add php4-gd-4.3.10-no_x11.tgz
TYPE /usr/local/sbin/phpxs –a gd

Enable CURL:

TYPE pkg_add php4-curl-4.3.10.tgz
TYPE /usr/local/sbin/phpxs –a curl

Create MYSQL passwords and user:

TYPE /usr/local/bin/mysqld_safe &
TYPE /usr/local/bin/mysqladmin -u root password mypassword

Access the server with your new password:

TYPE /usr/local/bin/mysql -u root –p

Enter your password at the prompt. You should see the mysql prompt. A problem with MySQL is it ships with two anonymous users who have no passwords. Change this within MySQL by entering the following (Note: the '' marks are two single quotation marks in a row):

mysql> TYPE SELECT Host, User FROM mysql.user;
mysql> TYPE SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
mysql> TYPE SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');

Change ''@'host_name' to the value that corresponds to the name you gave your system, displayed on your screen under Host where User = root (e.g., lockdown.cyborgspiders.com):

mysql> TYPE exit

Now that you are back at the '#' prompt, TYPE ps to verify that mysqld_safe is still running.

Edit APACHE httpd.conf file:

1. vi /var/www/conf/httpd.conf
2. Change the email address for ServerAdmin to you@youraddress.com.
3. Change your ServerName to a valid DNS entry. If you do not have a valid DNS name for your host, enter the IP address associated with your LAN.
4. TYPE ifconfig –a to find the INET address associated with your working Ethernet card.
5. Find the line that says inet 192.168.1.106 or some similar value.
6. AddType application/x-httpd-php .php and delete the comment tag '#'.
7. Also, you must add php to the Apache Directory Index: DirectoryIndex index.html index.php (Optionally, add index.phtml, index.php4, and index.php3.).
8. Exit VI and save forced.
9. Press ESC and TYPE ":wq!" ENTER.

Starting and Stopping APACHE as the SuperUser
To start Apache:

TYPE apachectl start (c as in current, t as in table, l as in linux)

To stop Apache:

TYPE apachectl stop (c as in current, t as in table, l as in linux)

Start Apache now. Then navigate to the htdocs directory to test PHP:

TYPE cd /var/www/htdocs
TYPE ls

You are now viewing the htdocs directory. This is the directory from which Apache serves files to the world:

TYPE lynx 127.0.0.1

This should show you a congratulations screen. Apache is running with the index.html file.

For PHP to work, you must create an index.php file:

TYPE vi index.html

Remember, press i for insert mode. Beneath the <body bgcolor="#ffffff"> tag, add <?php phpinfo(); ?>. Press ESC:wq index.php. This saves the file as index.php with your changes. Test this out:

TYPE lynx 127.0.0.1/index.php

You should see a very detailed display about your new PHP-enabled Apache Web server. Read through it. Notice how the variables in the httpd.conf file and the php.ini file affect the output. Depending on your purposes, you will want to make configuration changes to these files. (Note: the Apache documentation is installed by default. To avoid embarrassment (and death threats) on the mailing lists, RTFM.)

Connect to MySQL Using PHP
To connect to MySQL from PHP, you need to create a new PHP document:

vi mysql.php
<html>
<head>
<title>PHP MySQL connection test</title>
<body>
<?php
$connect = mysql_connect('localhost', 'root', 'yourpasswordhere');
// if no connect then die
if (!connect) {
die('something went wrong' .mysql_error());
}
echo 'It is time to enjoy your new OpenBSD Apache PHP MySQL powered web server.';
// good form to close the connection
mysql_close($connect);
// close the php
?>
</body>
</html>

Mission Accomplished
If you followed these directions correctly, you now have the magic key to OpenBSD 3.6, Apache 1.3.29 mod_ssl/2.8.16, OpenSSL/0.9.7d, MySQL 4.0.20, and PHP 4.3.10. NEVER GIVE UP ROOT! OpenBSD ships "secure by default", meaning all non-essential services are disabled. The OpenBSD code-auditing team promotes open source as the only real solution to a truly transparent security model. This working model greatly simplifies the system administrator’s security duties. Security becomes a consideration prior to implementing new services rather than an after-the-fact, hole-plugging technique.

OpenBSD also ships with Apache chrooted by default. While this will create some challenges for the system admin with certain programs, the benefit is that should Apache become compromised the cracker will not have write access to the operating system. Running Apache "jailed" restricts the daemon from "seeing" beyond the root directory of the chrooted directory (the cracker may not get beyond read access to Apache).

While not immune to security breaches, OpenBSD takes a proactive stance against cracking techniques. Buffer overflow attacks are historically a weak point in *nix systems, so OpenBSD has taken measures to protect the stack and to ensure that no page is both writeable and executable at the same time. It is a credit to the OpenBSD community that security announcements are few and far between.

Proactive security, however, is a continual process. Keeping up to date is important. To receive security announcements from OpenBSD, send an email to OpenBSD.org with "subscribe security-announce" in the message body.

Security concerns need to be based on the value of your data. My next article will demonstrate how to use SSH to remotely administer your OpenBSD/Apache/PHP/MySQL Web server.

sesuatu yang mungkin bermanfaat 21 March, 2006

Posted by netlog in OpenBSD.
add a comment

coretan ini adalah ringkasan dari hal-hal yang minimal harus menjadi perhatianmu sebelum mendalami OpenBSD. setelah selesai proses instalasi OpenBSD ada beberapa point yang harus diperhatikan untuk melangkah ke konfigurasi berikutnya.

anda akan menjadi cerdas dalam memahami OS OpenBSD jika Anda sudah menemukan halaman-halaman manual yang mengulas deatil tentang OpenBSD seperti yang diharapkan, dan para pengembang OpenBSD sendiri juga berusaha melengkapi proyek ini dengan dokumen-dokumen yang dapat dijadikan panduan.

pengetahuan dasar UNIX adalah syarat mutlak dalam anda belajar OpenBSD, didalam sistem OPenBSD sendiri telah memuat man page dan help yang berisi perintah-perintah dasar UNIX yang dapat dipahami dengan mudah.

Tidak Ada Orang Bodoh yang ada hanya orang MALAS…

prolog seorang newbie 21 March, 2006

Posted by netlog in OpenBSD.
1 comment so far

terlintas dipikiranku akan kebodohan dan kesombongan mereka, yang selalu bilang “cari di google”, “baca manual”, dan lainnya. Mungkin bagi sebagian orang mebaca manual di internet sangat membosankan sehingga bagi mereka bertanya adalah jalan pintas untuk bisa, Namun sibodoh yang sombong selalu berkilah dengan menjawab “cari di google aja” atau “baca manualnya” bahkan karena kesal mereka bilang “RTFM” (read the f**king manual) atau menurut bahasa kita “baca manual bodoh/baca manual b*ngs*t”, kata-kata yang sungguh tidak pantas diucapkan oleh seorang yang berpendidikan dan menguasai teknologi.

tulisan ini adalah bentuk dari keprihatinanku untuk masalah diatas, sehingga aku mencoba berbagi atas apa yang kuketahui meskipun aku menyadari bahwa aku adalah seorang yang bodoh. dengan harapan coretan ini dapat dengan mudah dipahami oleh siapapun yang tertarik menggunakan Operating System OpenBSD, tentunya dengan asumsi bahwa kalian telah berhasil melakukan instalasi OpenBSD meskipun dengan pengetahuan yang minim.

Kepintaran ada karena KEBODOHAN…

setelah semua aku hapus 21 March, 2006

Posted by netlog in OpenBSD.
add a comment

Pagi ini aku merasa bangga atas kebodohanku, karena semalem aku sudah bisa menyelesaikan seting konfigurasi untuk box OpenBSD dengan 3 ethernet, 2 routing (IIX dan Non IIX), dan 2 Koneksi (IIX dan Non IIX).

Di box itu juga aku seting bandwidth limiter dan firewall (altq with pf), tidak lupa aku pasang juga transparent proxy squid-2.5.STABLE12, Lega rasanya…. ternyata dengan kebodohanku toh aku tetep bisa melakukan semua itu.

Jangan BODOH, belajarlah dari kebodohanmu …