Home
|
UNIX
|
Oracle
|
Code
|
Practical
|
Private
FreeBSD configuration
Installation
Boot from the CDROM (disk1 is enought) and proceed,
Express installation
fdisk : create one slice to use all available space (a, q)
bsdlabel : create / and a swap, at least (c > 7000M > /, c > rest of the available space > swap, q)
Standard - install standard mbr (no boot manager)
Kern-Developper
proceed with the post-config menu and reboot,
Set the root password
Timezone
Network interfaces > Interfaces
Post installation in brief
- motd
- network configuration
- ssh configuration
- additional packages
- shell configuration
- optimizations
Motd
Get rid of the welcome message,
cd /etc
mv motd motd.dist
Network configuration
Setup the hostname, IP and gateway,
vi /etc/rc.conf
add,
hostname=bsdoracle.example.net
ifconfig_le0="inet 10.1.1.31 netmask 255.255.255.0"
defaultrouter=10.1.1.254
apply immediately,
hostname bsdoracle.example.net
cd /etc
rc.d/netif restart
rc.d/routing restart
Setup static hostname resolution,
vi /etc/hosts
like,
::1 localhost localhost.example.net
127.0.0.1 localhost localhost.example.net
10.1.1.254 gw gw.example.net
10.1.1.31 bsdoracle bsdoracle.example.net
Note. please define the gateways's name otherwise you may experience lagging while connecting through SSH unless your DNS config is fine, but it's preferable to define it here anyways.
Setup DNS name resolution,
domain example.net
nameserver 192.168.1.1
#nameserver 127.0.0.1
SSH
Configure SSH,
cd /etc/ssh
cd /etc
vi rc.conf # add sshd_enable=yes
rc.d/sshd start
Additionnal packages
Install additionnal packages,
# Note the trailing slash
# Note. you need to use the exact release version to avoid library errors
#setenv http_proxy=http://...:8080
#setenv ftp_proxy=http://...:8080
setenv PACKAGESITE ftp://ftp.free.fr/mirrors/ftp.freebsd.org/ports/i386/packages-7.2-release/Latest/
pkg_add -r pdksh bash wget lftp lynx mc portaudit
#pkg_add -r apache #rc.conf: apache_enable=yes
#pkg_add -r apache22 #rc.conf: apache22_enable=yes
# Note. ntpdate and ntpd are included in FreeBSD already
If some binary package is missing (screen here), use the current port tree,
cd ~/
wget http://ftp.free.fr/mirrors/ftp.freebsd.org/ports/ports-current/ports.tar.gz
rm -rf /usr/ports
tar xzf ports.tar.gz -C /usr
rm ports.tar.gz
cd /usr/ports/sysutils/screen
make install distclean
Configure screen,
cd /usr/local/etc
mv screenrc screenrc.dist
cd /etc
ln -s ../usr/local/etc/screenrc
Check for vulnerable packages,
portaudit -Fda
Shell configuration
Choose your shell,
cd /bin
ln -s ../usr/local/bin/ksh
ln -s ../usr/local/bin/bash
vi /etc/shells # add '/bin/ksh' and '/bin/bash'
chpass -s /bin/bash
Clean up dotfiles everywhere. On root directory,
cd /
mkdir .trash
mv -f .cshrc .profile COPYRIGHT .trash
cat > .profile <<EOF9
. ./.bashrc
EOF9
cat > .bashrc <<EOF9
export USERNAME=`id -urn`
export HOSTNAME=`uname -n`
(( `id -ur` == 0 )) \
&& PS1='$USERNAME@${HOSTNAME%%.*}# ' \
|| PS1='$USERNAME@${HOSTNAME%%.*}> '
alias cp='cp -i'
alias mv='mv -i'
alias rm='rm -i'
alias ll='ls -alF'
export PACKAGESITE=ftp://ftp.free.fr/mirrors/ftp.freebsd.org/ports/i386/packages
-7.2-release/Latest/
#http_proxy=http://...:8080
#ftp_proxy=http://...:8080
#export http_proxy ftp_proxy
EOF9
note. 'id -urn' or 'whoami' needed when logging in as user
on root's home directory,
cd ~/
mkdir .trash
mv .cshrc .k5login .login .profile .trash
ln -s ../.profile
ln -s ../.bashrc
on etc/,
cd /etc
mv profile profile.dist
and the skeleton directory,
cd /usr/share
mv skel skel.dist
mkdir skel
mkdir skel.shellusers
cd skel.shellusers
ln -s /.profile
ln -s /.bashrc
#pw groupadd users
#pw useradd -D -s /bin/bash -g users # /etc/pw.conf
#pw useradd USERNAME -m -g users -G wheel -k /usr/share/skel.shellusers
#passwd USERNAME
Note. if using KSH, edit password file (with 'vipw') to change to user's homedir to the correct path, '/usr/home/...' not '/home/...'.
Note. no skel file by default for FTP users
Optimizations
Speed up the autoboot,
vi /boot/defaults/loader.conf
like,
autoboot_delay=3
Configure syslog,
cd /etc
mv syslog.conf syslog.conf.dist
vi syslog.conf
like,
*.* /var/log/messages
secure syslog,
chmod 640 /var/log/messages
vi /etc/rc.conf # add syslogd_flags=-ss
apply,
/etc/rc.d/syslogd restart
Disable at and adjkerntz and configure newsyslog once a day,
vi /etc/crontab
comment,
#*/5 * * * * root /usr/libexec/atrun
0 0 * * * root newsyslog
#1,31 0-5 * * * root adjkerntz -a
Note. editing this file is enought, unlike 'conrtab -e' on other UNICES.
Make a first indexation,
/usr/libexec/locate.updatedb
Other tweaks and configurations
NFS server configuration
Configure an NFS share,
cd /etc
vi exports
like,
mkdir -p /share
/share -network 10.1.1.0/24 -alldirs -maproot=root
note. "-ro" for read-only
enable the daemons,
cd /etc
vi rc.conf
add,
rpcbind_enable=yes
nfs_server_enable=yes
mountd_enable=yes
mountd_flags=-r
rpc_lockd_enable=yes
rpc_statd_enable=yes
Stop the NFS daemons,
cd /etc
rc.d/statd stop
rc.d/lockd stop
rc.d/nfsd stop
killall mountd
rc.d/rpcbind stop
Start the NFS daemons,
cd /etc
rc.d/rpcbind start
rc.d/nfsd start
rc.d/lockd start
rc.d/statd start
rc.d/mountd start
check,
showmount -e
note. after editing the 'exports' file, you need to reload (no exportfs command here),
#rc.d/mountd onereload
note. to start the NFS daemons manually,
#rpcbind
#nfsd -u -t -n 4
#mountd -r
#rc.d/lockd start
#rc.d/statd start
NFS client configuration
Proceed,
vi /etc/rc.conf # nfs_client_enable=yes
nfsiod -n 4
showmont -e 10.1.1.31
mkdir -p /mnt/nfs
vi /etc/fstab # 10.1.1.31:/share /mnt/nfs nfs rw 0 0
mount /mnt/nfs
Kernel compilation
Create a kernel config,
cd /sys/i386/conf
conf=`echo ${HOSTNAME%%.*} | tr [a-z] [A-Z]`
cp GENERIC $conf
vi $conf
compile and install the kernel,
cd /usr/src
make buildkernel KERNCONF=$conf
make installkernel KERNCONF=$conf
shutdown -r now
note. possible other parameters,
#NO_MODULES=true
note. those parameters can be written to "/etc/make.conf"
note. otherwise,
#make kernel=$conf
note. old school,
#config $conf
#cd ../compile/$conf
#make depend
#make
#make install
#shutdown -r now
Samba configuration
Install and configure Samba,
#setenv PACKAGESITE ...
pkg_add -r samba33
cd /usr/local/etc
mv smb.conf smb.conf.dist
sed '/^$/d;/^#/d;/^;/d' smb.conf.dist > smb.conf
chmod 644 smb.conf
vi smb.conf
like,
[global]
workgroup = YUG
server string = Samba Server
security = user
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = no
[data]
path = /data
valid users = elge
public = no
writable = yes
printable = no
add the unix and smb user,
adduser elge
cat samba/smbpasswd
smbpasswd -a elge
cat samba/smbpasswd
chown -R elge:elge /data
make the easy links,
cd /etc
ln -s ../usr/local/etc/smb.conf
ln -s ..//usr/local/etc/samba
cd rc.d
ln -s ../../usr/local/etc/rc.d/samba
enable the daemons,
vi /etc/rc.conf
add,
samba_enable=yes
and start them,
/etc/rc.d/samba start
Tips & Tricks
Shutdown the system and power off,
shutdown -p now
Reload the system (faster than reboot),
/bin/sh /etc/rc
Mount a CDROM,
grep cdrom /etc/fstab
mount /cdrom
or,
mount -v -t cd9660 /dev/acd0 /mountpoint
Note. fielsystem type needs to be specified with FreeBSD (unlike NetBSD & Linux)
Mount an ISO image,
mdconfig -a -t vnode -f 7.0-RELEASE-i386-disc1.iso
mount -t cd9660 /dev/md0 /cdrom
and unmount it,
umount /data/jail1/cdrom
mdconfig -d -u 3
Note. it's not *that* stable...
Configure ~/.mailrc and use,
mail
FreeBSD tweaks
You may install additionnal software on FreeNAS. If you need to run a caching DNS service on it, install,
- db3
- bind9 only caching and eventually bind8 instead for some real DNS service
- elvis or nvi
Comparison
- sysinstall deeply sucks. NetBSD's OpenBSD's and Slackware's installer a much more intuitive
- pw useradd instead of useradd sucks. not mentioning the desperating adduser script
- no KSH93 package available as of today for 7.2
+ sysinstall makes a clean /etc/hosts
+ freacking "save-entropy" default crontab spamming the system logs
+ clean package system & deps
+ support for large hard drives (no bug for the 1.5TB seagate like w/ netbsd and openbsd)
+ linux /proc emulation is under /compat/linux/proc
References