this is obsolete doc -- see http://doc.nethence.com/ instead
Configuring FreeBSD
Standard post-installation
Get rid of the freacking motd,
cd /etc/
mv motd motd.dist
Configure the time zone e.g.,
cd /etc/
ls -l localtime
diff ../usr/share/zoneinfo/Europe/Paris localtime
ln -sf ../usr/share/zoneinfo/Europe/Paris localtime
Switch from csh (default shell for root) and sh (default shell for users) to KSH for both,
uname -a
setenv PACKAGE_SITE "ftp://ftp.free.fr/mirrors/ftp.freebsd.org/ports/amd64/packages-8.3-release/Latest/"
#setenv PACKAGESITE "ftp://ftp.free.fr/mirrors/ftp.freebsd.org/ports/amd64/packages-8.3-release/Latest/"
pkg_add -r pdksh
cd /bin/
ls -l ksh
ln -s ../usr/local/bin/ksh
cd /etc/
echo '/bin/ksh' >> shells
chpass -s /bin/ksh root
chpass -s /bin/ksh ADMINUSER
#chsh -s /bin/ksh root
#chsh -s /bin/ksh ADMINUSER
However keep using SH (already the default for users) or CSH for ftp users,
#pw useradd -D -s /bin/csh
and also remove all skeletons for easy FTP user creation,
cd /etc/
mv skel/ skel.dist/
mkdir skel/
Setup the KSH environment,
ls -l /etc/profile
mkdir -p ~/.trash/
cd ~/
mv .cshrc .k5login .login .profile .trash/
mkdir -p /.trash/
cd /
mv .cshrc .profile .trash/
ftp -a http://pbraun.nethence.com/configs/.profile
ftp -a http://pbraun.nethence.com/configs/.shrc
and apply,
cd ~/
ln -s ../.profile
. ./profile
. /.shrc
You can now relogin to check that everything is fine. Eventually proceed for users too (as user),
mkdir .trash/
mv .cshrc .login .login_conf .mail_aliases .mailrc .profile .rhosts .shrc .trash/
ln -s ../../../.profile
. ./.profile
. /.shrc
Install a few more packages (back to root),
pkg_add -r screen wget mc lftp pwgen vim
cd /
ftp -a http://pbraun.nethence.com/configs/editors/.vimrc
cd ~/
ln -s ../.vimrc
cat .vimrc
cd /usr/local/etc/
mv screenrc screenrc.dist
ftp -a http://pbraun.nethence.com/configs/misc/screenrc
cd /etc/
ln -s ../usr/local/etc/screenrc
and as ADMINUSER,
cd ~/
ftp -a http://pbraun.nethence.com/configs/misc/.screenrc
ln -s ../../../.vimrc
cat .vimrc
Configure syslog,
cd /etc/
mv syslog.conf syslog.conf.dist
vi syslog.conf
like,
*.* -/var/log/messages
*.emerg *
secure syslog,
cd /var/log/
ls -l messages
chmod o-r messages
ls -l messages
apply,
/etc/rc.d/syslogd restart
Note. default flags should be syslogd_flags=-ss already,
ps aux | grep syslog
Configure crontab,
cd /etc/
cp crontab crontab.dist
vi /etc/crontab
disable atrun, run newsyslog only once a day, enable daily file indexing and disable local time adjustments,
#*/5 * * * * root /usr/libexec/atrun
10 0 * * * operator /usr/libexec/save-entropy
0 0 * * * root newsyslog
50 3 * * * root /usr/libexec/locate.updatedb 2>1 | grep -v '^>>>'
#1,31 0-5 * * * root adjkerntz -a
Note. editing this file is enought, unlike 'conrtab -e' on other UNICES. You'll see this in the logs,
(*system*) RELOAD (/etc/crontab)
Switch to en_US.ISO8859-15 with the login class method,
locale -a | grep en_US
cd /etc/
ls -l login*
cp login.conf login.conf.dist
vi login.conf
at the setenv=MAIL=... line, add this before the last colon,
,LC_COLLATE=C
and after the umask line add,
\
:charset=ISO8859-15:\
:lang=en_US.ISO8859-15:
apply and check the new login database date,
cap_mkdb login.conf
date
ls -l login.conf.db
Ref. Using UTF-8 (Unicode) on FreeBSD: https://www.b1c1l1.com/blog/2011/05/09/using-utf-8-unicode-on-freebsd/
Or switch to en_US.ISO8859-15 with the shell startup method,
export LANG=en_US.ISO8859-15
export MM_CHARSET=ISO8859-15
export LC_COLLATE=C
Ref. 22.2. Using Localization: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html
Now tune your SSH client so it takes care of the locale you choosed, and re-login.
Proceed with a first indexing proceed as root,
cd ~/
/usr/libexec/locate.updatedb
Updating (patches only) the system
Simple,
uname -r
freebsd-update fetch
freebsd-update install
Upgrading the system
Check your daemons,
vi /etc/rc.conf
vi /etc/rc.local (if you did the rc.local trick as mentioned before)
Check the upgrade configuration,
cd /etc/
cp freebsd-update.conf freebsd-update.conf.`date +%s`
vi freebsd-update.conf
Backup your kernel and configuration files,
cd /
ls -ld /boot/kernel*
rm -rf boot.tar.gz etc.tar.gz etc.old/
tar -czpf boot.tar.gz boot/; tar -czpf etc.tar.gz etc/
cp -Rp etc/ /etc.old/
cd /usr/local/
rm -f etc.tar.gz
tar -czpf etc.tar.gz etc/
Start the minor or major upgrade (check latest version available e.g. ftp://ftp.fr.freebsd.org/mirrors/ftp.freebsd.org/releases/amd64/),
cd ~/
uname -r
freebsd-update fetch
freebsd-update install
freebsd-update upgrade -r 9.3-RELEASE
Does this look reasonable (y/n)? y
Attempting to automatically merge changes in files... done.
The following file could not be merged automatically: /etc/login.conf
Press Enter to edit this file in vi and resolve the conflicts
manually...
you cannot ^C at this point, you have to),
:q several times
then,
Does this look reasonable (y/n)? y several times too
Review the changes between the upgrading RELEASE and the merged target,
cd /var/db/freebsd-update/merge/
diff -ru 9.3-RELEASE/ new/ | grep ^diff
diff -ru 9.3-RELEASE/ new/ | less
Eventually remove some local differences to stay as closed as possible to the release standards,
cp -pi 9.3-RELEASE/etc/login.conf new/etc/
Note. you can also review the changes among the releases,
diff -ru 8.4-RELEASE 9.3-RELEASE
You can now proceed with the kernel upgrade and restart the box,
/usr/sbin/freebsd-update install
ls -ld /boot/kernel*
shutdown -r now
Once restarted you can now update the userland (yes it's dumb but it's the same command). It is safer to check for badly altered files by freebsd-update in the first place,
cd /etc/
grep -r '^>>>>>>>' /etc/*
also, verify that the merged configuration files are now in place yet,
grep FreeBSD /etc/login.conf
and proceed,
/usr/sbin/freebsd-update install
grep FreeBSD /etc/login.conf
Then upgrade your packages (PKGNG, see below),
pkg upgrade
Eventually re-run install if the pkg upgrade asks for it (oh my god this is painful compared to NetBSD...),
/usr/sbin/freebsd-update install
Check again for unsolved merge conflict lines,
grep -r '^>>>>>>>' /etc/*
And eventually reboot a last time for the userland and package daemons to refresh,
shutdown -r now
You can now check that your services are up and running.
Also check that only the modified files of yours are different from the branded RELEASE,
freebsd-update IDS >> outfile.ids
cat outfile.ids | awk '{ print $1 }' | less
Ref. https://www.freebsd.org/releases/9.3R/installation.html
Note. you can always proceed with the old way,
make buildkernel && make buildworld && make installkernel
reboot to single user and,
make installworld
, then use mergemaster should still work just fine
Securing and updating the packages
Formaly you had to check packages' security with,
portaudit -Fda
note. the vulnerability database used to be updated by periodic(8)
ref. https://svnweb.freebsd.org/doc/release/8.4.0/en_US.ISO8859-1/books/handbook/security/chapter.xml?revision=41336&view=markup&pathrev=41380
but now with PKGNG it is,
pkg audit -F
ref. https://www.freebsd.org/doc/handbook/security-pkg.html
With PKGNG update it all at once either brutally (generally after a major system upgrade and assuming it was already nearly up-to-date),
pkg-static update -f
pkg-static upgrade -f
or in a more gentle fashion,
pkg update
pkg upgrade
Updating the packages
Make sure you've got either the latest (using portsnap eventually),
cd /usr/
rm -rf ports*
portsnap fetch
portsnap extract
portsnap fetch update
or the stable port tree,
cd /usr/
rm -rf ports*
wget "http://ftp.free.fr/mirrors/ftp.freebsd.org/releases/amd64/8.4-RELEASE/ports/ports.tgz"
tar xzpf ports.tgz
On FreeBSD without PKGNG,
echo $PACKAGESITE
pkg_add -r portmaster
pkg_add -r portupgrade
portmaster -L
#portmaster -G -af
echo $PKG_PATH
portupgrade -aPP
portupgrade -aP
and if it's just after a system upgrade, also "tie up the loose ends", damn, this is a freaking third reboot,
/usr/sbin/freebsd-update install
Update a package (-R for its dependencies) in particular,
#portupgrade -RPP gtk
Note. for some reason the PKG_PATH ftp repo doesn't work so,
pkg_delete gtk
pkg_add -r gtk
will do.
24.2. FreeBSD Update
https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html#freebsdupdate-portsrebuild
5.5. Using the Ports Collection
https://www.freebsd.org/doc/handbook/ports-using.html
Switching to PKGNG
Since FreeBSD 8.4 (by default since 9.2), install PKGNG using the bootstrap executable,
/usr/sbin/pkg
for odler systems,
cd /usr/ports/ports-mgmt/pkg
make
make install clean
and convert the former pkg database,
pkg2ng
Finally for FreeBSD version earlier than 10.x,
echo "WITH_PKGNG=yes" >> /etc/make.conf
Official FreeBSD Binary Packages now available for pkgng
https://lists.freebsd.org/pipermail/freebsd-pkg/2013-October/000107.html
5.4. Using pkg for Binary Package Management
https://www.freebsd.org/doc/handbook/pkgng-intro.html
If you get this exact error while changing a user's password,
passwd: entry inconsistent
passwd: pam_chauthtok(): error in service module
check there is no duplicates with vipw then rebuild the password database,
cd /etc/
pwd_mkdb master.passwd
Ref. https://lists.freebsd.org/pipermail/freebsd-security/2005-March/002771.html
Additional notes
Auto boot delay
Speed up the autoboot,
cd /boot/defaults/
mv loader.conf loader.conf.dist
sed '/^[[:space:]]*#/d; /^[[:space:]]*$/d;' loader.conf.dist | tee loader.conf.dist.clean >> loader.conf
echo 'autoboot_delay="3"' >> loader.conf
diff loader.conf.dist.clean loader.conf
Kernel compilation
Create a kernel config,
cd /sys/i386/conf
conf=`echo ${HOSTNAME%%.*} | tr [a-z] [A-Z]`
cp GENERIC $conf
vi $conf
compile and install the kernel,
cd /usr/src
make buildkernel KERNCONF=$conf
make installkernel KERNCONF=$conf
shutdown -r now
note. possible other parameters,
#NO_MODULES=true
note. those parameters can be written to "/etc/make.conf"
note. otherwise,
#make kernel=$conf
note. old school,
#config $conf
#cd ../compile/$conf
#make depend
#make
#make install
#shutdown -r now
Tips & Tricks
Shutdown the system and power off,
shutdown -p now
Reload the system (faster than a reboot),
/bin/sh /etc/rc
Mount a CDROM,
grep cdrom /etc/fstab
mount /cdrom
or,
mount -v -t cd9660 /dev/acd0 /mountpoint
Note. fielsystem type needs to be specified with FreeBSD (unlike NetBSD & Linux)
Mount an ISO image,
mdconfig -a -t vnode -f 7.0-RELEASE-i386-disc1.iso
mount -t cd9660 /dev/md0 /cdrom
and unmount it,
umount /data/jail1/cdrom
mdconfig -d -u 3
To mount NTFS filesystems, see http://pbraun.nethence.com/doc/filesystems/ntfs.html
Note. it's not *that* stable...
Configure ~/.mailrc and use,
Ref. http://germantown.lib.ny.us/.mailrc
FreeNAS tweaks
You may install additionnal software on FreeNAS. If you need to run a caching DNS service on it, install,
- db3
- bind9 only caching and eventually bind8 instead for some real DNS service
- elvis or nvi
Comparison
- sysinstall deeply sucks. NetBSD's OpenBSD's and Slackware's installer a much more intuitive
- pw useradd instead of useradd sucks. not mentioning the desperating adduser script
- no KSH93 package available as of today for 7.2
+ sysinstall makes a clean /etc/hosts
+ freacking "save-entropy" default crontab spamming the system logs
+ clean package system & deps
+ support for large hard drives (no bug for the 1.5TB seagate like w/ netbsd and openbsd)
+ linux /proc emulation is under /compat/linux/proc
References
http://home.nyc.rr.com/computertaijutsu/netbsd.html
http://people.math.jussieu.fr/~jas/imap.html
http://people.freebsd.org/~kris/scaling/dfly.html
https://neon1.net/misc/minibsd.html
http://www.freebsdmadeeasy.com/