Freebsd-install

From FoppaWiki

Jump to: navigation, search


Contents

Pre Install

Get the bootonly image from http://www.freebsd.org/where.html

I choose the custom install and only select the required and recommended + 32bit compatible libs. I do this to get a minimal installation. Remember to select ftp passive if you are behind nat in any way, Basically from here i answer no to _all_ questions, except maybe the screensaver ;>

First thing i do after install is get the ports tree and make sure its up to date:

Post Install 

portsnap fetch extract
portsnap fetch update

I always find myself to do this next step, screen is obviously very optional, but I need portmaster, sudo and bash! Its easier to do it first because then I can add my user with bash shell right away, and I will propably need sudo also, so I can get away from the terminal. I update the locate database, and put the update in cron, hey call me lazy, but I need locate ;) 

/usr/libexec/locate.updatedb
cd /usr/ports/ports-mgmt/portmaster && make install clean
rehash
portmaster /usr/ports/security/sudo/
portmaster /usr/ports/shells/bash/
portmaster /usr/ports/sysutils/screen/
sshd_enable="YES" > /etc/rc.conf
/etc/rc.d/sshd start
adduser <USERNAME>
<USERNAME> ALL=(ALL) NOPASSWD: ALL > /usr/local/etc/sudoers

or 

pkg_add -v -r screen
pkg_add -v -r bash
pkg_add -v -r sudo
pkg_add -v -r nano

FreeBSD Update

To apply any security patches, use freebsd-update. If any patches to the kernel was applied, a reboot is required. 

freebsd-update fetch
freebsd-update install

Basic Cron 

#check freebsd-update om der er nye patches, sender en mail til root
#for at installere updates skriv freebsd-update install og evt. reboot
0       3       *       *       *       root    /usr/sbin/freebsd-update cron

#ports update min hour mday month wday who command
#-----------------------------------------------------------------------------
0       5       *       *       *       root    /usr/sbin/portsnap cron update && /usr/local/sbin/portversion -vl "<" && /usr/local/sbin/portmaster -L > /tmp/check_portmaster.tmp

# Update locate database every night at 2am
0       2       *       *       *       root    /usr/libexec/locate.updatedb

Basic rc.conf 

###RC.CONF

hostname="geden.foppa.dk"
keymap="danish.iso"
keyrate="fast"
saver="daemon"

## network
defaultrouter="89.104.194.129"
ifconfig_em0="inet 89.104.194.143  netmask 255.255.255.192"

sshd_enable="YES"
openntpd_enable="YES"

#pf firewall
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

snmpd_enable="YES"
snmpd_flags=""
snmpd_conffile="/usr/local/etc/snmpd.conf"
snmpd_pidfile="/var/run/snmpd.pid"

Basic pf.conf 

###PF.CONF

#### MACROS ####
ext_if="em0"
int_if="em1"

block log all
set skip on lo0
pass quick on $int_if all
pass out quick on $ext_if all

pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22
pass in quick on $ext_if inet proto icmp all icmp-type echoreq
Retrieved from "http://wiki.foppa.dk/index.php/Freebsd-install"
Personal tools
menu