Nethence Newdoc Olddoc Lab Your IP BBDock  

Warning: those guides are mostly obsolete, please have a look at the new documentation.


Configuring FreeBSD
Standard post-installation
Get rid of the freacking motd,
cd /etc/
mv motd motd.dist
Configure the time zone e.g.,
cd /etc/
ls -l localtime
diff ../usr/share/zoneinfo/Europe/Paris localtime
ln -sf ../usr/share/zoneinfo/Europe/Paris localtime
Switch from csh (default shell for root) and sh (default shell for users) to KSH for both,
uname -a
setenv PACKAGE_SITE ""
#setenv PACKAGESITE ""
pkg_add -r pdksh
cd /bin/
ls -l ksh
ln -s ../usr/local/bin/ksh
cd /etc/
echo '/bin/ksh' >> shells
chpass -s /bin/ksh root
chpass -s /bin/ksh ADMINUSER
#chsh -s /bin/ksh root
#chsh -s /bin/ksh ADMINUSER
However keep using SH (already the default for users) or CSH for ftp users,
#pw useradd -D -s /bin/csh
and also remove all skeletons for easy FTP user creation,
cd /etc/
mv skel/ skel.dist/
mkdir skel/
Setup the KSH environment,
ls -l /etc/profile
mkdir -p ~/.trash/
cd ~/
mv .cshrc .k5login .login .profile .trash/
mkdir -p /.trash/
cd /
mv .cshrc .profile .trash/
ftp -a
ftp -a
and apply,
cd ~/
ln -s ../.profile
. ./profile
. /.shrc
You can now relogin to check that everything is fine. Eventually proceed for users too (as user),
mkdir .trash/
mv .cshrc .login .login_conf .mail_aliases .mailrc .profile .rhosts .shrc .trash/  
ln -s ../../../.profile
. ./.profile
. /.shrc
Install a few more packages (back to root),
pkg_add -r screen wget mc lftp pwgen vim
cd /
ftp -a
cd ~/
ln -s ../.vimrc
cat .vimrc
cd /usr/local/etc/
mv screenrc screenrc.dist
ftp -a
cd /etc/
ln -s ../usr/local/etc/screenrc
  cd ~/
  ftp -a
ln -s ../../../.vimrc
cat .vimrc
Configure syslog,
cd /etc/
mv syslog.conf syslog.conf.dist
vi syslog.conf
*.* -/var/log/messages
*.emerg *
secure syslog,
cd /var/log/
ls -l messages
chmod o-r messages
ls -l messages
/etc/rc.d/syslogd restart
Note. default flags should be syslogd_flags=-ss already,
ps aux | grep syslog
Configure crontab,
cd /etc/
cp crontab crontab.dist
vi /etc/crontab
disable atrun, run newsyslog only once a day, enable daily file indexing and disable local time adjustments,
#*/5 * * * * root /usr/libexec/atrun 
10 0 * * * operator /usr/libexec/save-entropy
0 0 * * * root newsyslog
50 3 * * * root /usr/libexec/locate.updatedb 2>1 | grep -v '^>>>'
#1,31 0-5 * * * root adjkerntz -a 
Note. editing this file is enought, unlike 'conrtab -e' on other UNICES. You'll see this in the logs,
(*system*) RELOAD (/etc/crontab)
Switch to en_US.ISO8859-15 with the login class method,
locale -a | grep en_US
cd /etc/
ls -l login*
cp login.conf login.conf.dist
vi login.conf
at the setenv=MAIL=... line, add this before the last colon,
and after the umask line add,
apply and check the new login database date,
cap_mkdb login.conf
ls -l login.conf.db
Ref. Using UTF-8 (Unicode) on FreeBSD:
Or switch to en_US.ISO8859-15 with the shell startup method,
export LANG=en_US.ISO8859-15
export MM_CHARSET=ISO8859-15
Ref. 22.2. Using Localization:
Now tune your SSH client so it takes care of the locale you choosed, and re-login.
Proceed with a first indexing proceed as root,
cd ~/
Updating (patches only) the system
uname -r
freebsd-update fetch
freebsd-update install
Upgrading the system
Check your daemons,
vi /etc/rc.conf
vi /etc/rc.local (if you did the rc.local trick as mentioned before)
Check the upgrade configuration,
cd /etc/
cp freebsd-update.conf freebsd-update.conf.`date +%s`
vi freebsd-update.conf
Backup your kernel and configuration files,
cd /
ls -ld /boot/kernel*
rm -rf boot.tar.gz etc.tar.gz etc.old/
tar -czpf boot.tar.gz boot/; tar -czpf etc.tar.gz etc/
cp -Rp etc/ /etc.old/
cd /usr/local/
rm -f etc.tar.gz
tar -czpf etc.tar.gz etc/
Start the minor or major upgrade (check latest version available e.g.,
cd ~/
uname -r
freebsd-update fetch
freebsd-update install
freebsd-update upgrade -r 9.3-RELEASE
Does this look reasonable (y/n)? y
Attempting to automatically merge changes in files... done.
The following file could not be merged automatically: /etc/login.conf
Press Enter to edit this file in vi and resolve the conflicts
you cannot ^C at this point, you have to),
:q several times
Does this look reasonable (y/n)? y several times too
Review the changes between the upgrading RELEASE and the merged target,
cd /var/db/freebsd-update/merge/
diff -ru 9.3-RELEASE/ new/ | grep ^diff
diff -ru 9.3-RELEASE/ new/ | less
Eventually remove some local differences to stay as closed as possible to the release standards,
cp -pi 9.3-RELEASE/etc/login.conf new/etc/
Note. you can also review the changes among the releases,
diff -ru 8.4-RELEASE 9.3-RELEASE
You can now proceed with the kernel upgrade and restart the box,
/usr/sbin/freebsd-update install
ls -ld /boot/kernel*
shutdown -r now
Once restarted you can now update the userland (yes it's dumb but it's the same command). It is safer to check for badly altered files by freebsd-update in the first place,
cd /etc/
grep -r '^>>>>>>>' /etc/*
also, verify that the merged configuration files are now in place yet,
grep FreeBSD /etc/login.conf
and proceed,
/usr/sbin/freebsd-update install
grep FreeBSD /etc/login.conf
Then upgrade your packages (PKGNG, see below),
pkg upgrade
Eventually re-run install if the pkg upgrade asks for it (oh my god this is painful compared to NetBSD...),
/usr/sbin/freebsd-update install
Check again for unsolved merge conflict lines,
grep -r '^>>>>>>>' /etc/*
And eventually reboot a last time for the userland and package daemons to refresh,
shutdown -r now
You can now check that your services are up and running.
Also check that only the modified files of yours are different from the branded RELEASE,
freebsd-update IDS >> outfile.ids
cat outfile.ids | awk '{ print $1 }' | less
Note. you can always proceed with the old way,
make buildkernel && make buildworld && make installkernel
reboot to single user and,
make installworld
, then use mergemaster should still work just fine
Securing and updating the packages
Formaly you had to check packages' security with,
portaudit -Fda
note. the vulnerability database used to be updated by periodic(8)
but now with PKGNG it is,
pkg audit -F
With PKGNG update it all at once either brutally (generally after a major system upgrade and assuming it was already nearly up-to-date),
pkg-static update -f
pkg-static upgrade -f
or in a more gentle fashion,
pkg update
pkg upgrade
Updating the packages
Make sure you've got either the latest (using portsnap eventually),
cd /usr/
rm -rf ports*
portsnap fetch
portsnap extract
portsnap fetch update
or the stable port tree,
cd /usr/
rm -rf ports*
wget ""
tar xzpf ports.tgz
On FreeBSD without PKGNG,
pkg_add -r portmaster
pkg_add -r portupgrade
portmaster -L
#portmaster -G -af
echo $PKG_PATH
portupgrade -aPP
portupgrade -aP
and if it's just after a system upgrade, also "tie up the loose ends", damn, this is a freaking third reboot,
/usr/sbin/freebsd-update install
Update a package (-R for its dependencies) in particular,
#portupgrade -RPP gtk
Note. for some reason the PKG_PATH ftp repo doesn't work so,
pkg_delete gtk
pkg_add -r gtk
will do.
24.2. FreeBSD Update
5.5. Using the Ports Collection
Switching to PKGNG
Since FreeBSD 8.4 (by default since 9.2), install PKGNG using the bootstrap executable,
for odler systems,
cd /usr/ports/ports-mgmt/pkg
make install clean
and convert the former pkg database,
Finally for FreeBSD version earlier than 10.x,
echo "WITH_PKGNG=yes" >> /etc/make.conf
Official FreeBSD Binary Packages now available for pkgng
5.4. Using pkg for Binary Package Management
If you get this exact error while changing a user's password,
passwd: entry inconsistent
passwd: pam_chauthtok(): error in service module
check there is no duplicates with vipw then rebuild the password database,
cd /etc/
pwd_mkdb master.passwd
Additional notes
Auto boot delay
Speed up the autoboot,
cd /boot/defaults/
mv loader.conf loader.conf.dist
sed '/^[[:space:]]*#/d; /^[[:space:]]*$/d;' loader.conf.dist | tee loader.conf.dist.clean >> loader.conf
echo 'autoboot_delay="3"' >> loader.conf
diff loader.conf.dist.clean loader.conf
Kernel compilation
Create a kernel config,
cd /sys/i386/conf
conf=`echo ${HOSTNAME%%.*} | tr [a-z] [A-Z]`
cp GENERIC $conf
vi $conf
compile and install the kernel,
cd /usr/src
make buildkernel KERNCONF=$conf
make installkernel KERNCONF=$conf
shutdown -r now
note. possible other parameters,
note. those parameters can be written to "/etc/make.conf"
note. otherwise,
#make kernel=$conf
note. old school,
#config $conf
#cd ../compile/$conf
#make depend
#make install
#shutdown -r now
Tips & Tricks
Shutdown the system and power off,
shutdown -p now
Reload the system (faster than a reboot),
/bin/sh /etc/rc
Mount a CDROM,
grep cdrom /etc/fstab
mount /cdrom
mount -v -t cd9660 /dev/acd0 /mountpoint
Note. fielsystem type needs to be specified with FreeBSD (unlike NetBSD & Linux)
Mount an ISO image,
mdconfig -a -t vnode -f 7.0-RELEASE-i386-disc1.iso
mount -t cd9660 /dev/md0 /cdrom
and unmount it,
umount /data/jail1/cdrom
mdconfig -d -u 3
To mount NTFS filesystems, see
Note. it's not *that* stable...
Configure ~/.mailrc and use,
FreeNAS tweaks
You may install additionnal software on FreeNAS. If you need to run a caching DNS service on it, install,
- db3
- bind9 only caching and eventually bind8 instead for some real DNS service
- elvis or nvi
- sysinstall deeply sucks. NetBSD's OpenBSD's and Slackware's installer a much more intuitive
- pw useradd instead of useradd sucks. not mentioning the desperating adduser script
- no KSH93 package available as of today for 7.2
+ sysinstall makes a clean /etc/hosts
+ freacking "save-entropy" default crontab spamming the system logs
+ clean package system & deps
+ support for large hard drives (no bug for the 1.5TB seagate like w/ netbsd and openbsd)
+ linux /proc emulation is under /compat/linux/proc

(obsolete, see the new doc)