FreeBsdConfigurationGuidelines - HUDORA Cybernetics Public Code - Trac

Wiki Navigation

This aims to collect our wisdom in setting up a FreeBSD system.

Make sure no problems arise:

killall sendmail inetd
ntpdate ntp1.ptb.de pool.ntp.org
/usr/libexec/locate.updatedb &

Use only one tmp directory, instead of two as usually on FreeBSD. Also secure permissions somewhat.

mv /var/tmp/* /tmp/
rm -rf /var/tmp
ln -s /tmp /var/tmp
chmod 600 /root

Get current ports:

portsnap fetch
portsnap extract

Install basic infrastructure

mkdir /usr/ports/packages
(cd /usr/ports/sysutils/lsof; make package-recursive)
(cd /usr/ports/shells/bash; make package-recursive)
(cd /usr/ports/editors/joe; make package-recursive)
(cd /usr/ports/security/sudo; make package-recursive)
(cd /usr/ports/editors/vim-lite; make package-recursive)
(cd /usr/ports/sysutils/screen; make install)
(cd /usr/ports/sysutils/pwgen2; make package-recursive)
(cd /usr/ports/net/rsync; make package-recursive)
(cd /usr/ports/sysutils/pstree; make package-recursive)
(cd /usr/ports/sysutils/service-config; make install)
(cd /usr/ports/security/nmap; make package-recursive)
(cd /usr/ports/net/socat; make package-recursive)
(cd /usr/ports/ftp/wget; make package-recursive)
(cd /usr/ports/ftp/curl; make package-recursive)
(cd /usr/ports/ftp/lftp; make package-recursive)
(cd /usr/ports/devel/subversion; make package-recursive)
(cd /usr/ports/net-mgmt/net-snmp; make package-recursive)
(cd /usr/ports/sysutils/ucspi-tcp; make package-recursive)
(cd /usr/ports/net/jwhois; make package-recursive)
(cd /usr/ports/lang/python25; make package-recursive)
(cd /usr/ports/databases/py-gdbm; make package-recursive)
(cd /usr/ports/databases/py-sqlite3; make package-recursive)
(cd /usr/ports/databases/py-bsddb; make package-recursive)
(cd /usr/ports/devel/py-setuptools; make package-recursive)
(cd /usr/ports/www/py-httplib2; make package-recursive)
(cd /usr/ports/devel/py-pyutil; make package-recursive)
(cd /usr/ports/devel/py-ro; make package-recursive)
(cd /usr/ports/devel/py-simplejson; make package-recursive)
(cd /usr/ports/lang/py-mx-base; make package-recursive)
(cd /usr/ports/net/py-ldap2; make package-recursive)
(cd /usr/ports/graphics/py-imaging; make WITHOUT_TKINTER=yes package)

Set up basic Services

pw groupadd -n service -g 200
pw groupadd -n servicel -g 300
echo "service:coredumpsize-cur=0:openfiles-cur=512:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin:priority=3:host.allow=localhost:tc=default:" >> /etc/login.conf
echo "servicel:coredumpsize-cur=0:openfiles-cur=512:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin:priority=3:host.allow=localhost:tc=default:" >> /etc/login.conf
cap_mkdb /etc/login.conf

(cd /usr/ports/sysutils/daemontools; make install)
mkdir /var/service
mkdir /service
echo '#!/bin/sh' > /usr/local/bin/svlog
echo "gtail --follow=name -n 25 /service/$1/log/main/current | tai64nlocal" >> /usr/local/bin/svlog
chmod 755 /usr/local/bin/svlog
echo "svscan_enable=YES" >> /etc/rc.conf
sh /usr/local/etc/rc.d/svscan.sh start

NTP

(cd /usr/ports/net/openntpd; make package clean)
echo "servers de.pool.ntp.org" > /usr/local/etc/ntpd.conf
echo 'openntpd_enable="YES"' >> /etc/rc.conf
ntpdate ntp1.ptb.de pool.ntp.org
sh /usr/local/etc/rc.d/openntpd start

DNS

(cd /usr/ports/dns/djbdns; make package) 
pw useradd -n dnsc -u 200 -c dnscache -d /var/service/dnscache -g service -s /nonexistent -L service
pw useradd -n dnscl -u 300 -c dnscache -d /var/service/dnscache -g servicel -s /nonexistent -L servicel
dnscache-conf dnsc dnscl /var/service/dnscache
ln -s /var/service/dnscache /service 
echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo "nameserver 192.168.0.1" >> /etc/resolv.conf

Download in other formats:

Plain Text