OpenBSD post-installation

Next Door Laboratories

| donate | html/css | terms of use

Post-installation

Configure your network,

cd /etc/

ifconfig -a

echo 'inet IP NETMASK' > hostname.NETWORK_INTERFACE

echo 'GW' > mygate

echo 'search DOMAIN' >> resolv.conf

vi hosts

apply,

sh netstart

You should now be able to connect remotely through SSH.

Clean up a few things,

cd /etc/

mv motd motd.dist

mv skel/ skel.dist/

mkdir skel/

Note. On OpenBSD it’s necessary to create the skeleton directory again otherwise the useradd command will shout at you about the non-existing directory.

Configure your environment e.g.,

cd ~/

mkdir -p .trash/

mv .cshrc .Xdefaults .klogin .login .profile .trash/

# those symlinks will be useful shortly

ln -s ../.profile

ln -s ../.kshrc

ln -s ../.screenrc

cd /

rm -f .cshrc

cat >> .profile <<EOF9

export ENV=\$HOME/.kshrc

EOF9

cat > .kshrc <<EOF9

export PATH=$PATH:$HOME/bin

#export LANG=en_US.UTF-8

HOSTNAME=\${HOSTNAME:-`uname -n`}

[[ \$USER = root ]] \

&& PS1='\${HOSTNAME%%.*}# ' \

|| PS1='\${HOSTNAME%%.*}> '

alias ll='ls -alkF'

alias rm='rm -i'

alias mv='mv -i'

alias cp='cp -i'

[[ -x `whence vim 2>/dev/null` ]] && alias vi='vim'

[[ -x `whence pwgen 2>/dev/null` ]] && alias pwgen='pwgen -AnyB'

#set -o vi

bind -m '^L'='clear^M'

export PKG_PATH="ftp://ftp.fr.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/"

EOF9

note. Change the ftp mirror and the OpenBSD version accordingly in PKG_PATH.

note. The use of ‘export ENV=...’ seems to be mandatory to get the configurations to work in GNU Screen windows without forcing a login shell (with shell=-/bin/ksh).

apply,

. ./.profile

Configure GNU Screen,

cd /etc/

mv screenrc screenrc.dist

cat > screenrc <<EOF9

startup_message off

caption always '%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<'

bindkey ^[, prev

bindkey ^[; next

autodetach on

defscrollback 65000

vbell on

shell -/bin/ksh

EOF9

cd /

cat > .screenrc <<EOF9

screen -t "log" 0 tail -f /var/log/messages

EOF9

For convenience you may also simplify the system logs’ configuration,

cd /etc/

mv syslog.conf syslog.conf.dist

echo ‘*.* -/var/log/messages’ > syslog.conf

cd /var/log/

chmod o-r messages

apply,

/etc/rc.d/syslog restart

Change the cron tabs to your taste,

crontab -e

for a server with no heavy load, rotate the logs every first day of a month at 00:00 instead of every day,

#0 * * * * /usr/bin/newsyslog

0 0 1 * * /usr/bin/newsyslog

eventually index the file systems every night at 00:10,

10 0 * * * /usr/libexec/locate.updatedb

On a production system, you might prefer it to automatically reboot after a panic,

sysctl -w ddb.panic=0

cd /etc/

mv sysctl.conf sysctl.conf.dist

cat > sysctl.conf <<EOF9

ddb.panic=0 # 0=Do not drop into ddb on a kernel panic

EOF9

Create a user for SSH remote access and read access to the logs (wheel group),

useradd -m -G wheel ADMINUSER

passwd ADMINUSER

su - ADMINUSER

ln -s ../../.profile

ln -s ../../.kshrc

ln -s ../../.screenrc

Secure the SSH daemon even more,

cd /etc/ssh/

mv sshd_config sshd_config.dist

sed '/^#/d; /^$/d;' sshd_config.dist > sshd_config

cat >> sshd_config <<EOF9

Protocol 2

Port 2222

AllowGroups wheel

PermitRootLogin no

EOF9

apply,

/etc/rc.d/sshd restart

Install a few packages (assuming PKG_PATH has been defined),

pkg_add -i screen wget vim pwgen e2fsprogs

Fetch a few wrappers to handle the daemons more quickly,

cd ~/

mkdir -p bin/

cd bin/

wget http://pbraun.nethence.com/scripts/sysutils/openbsd/hup

wget http://pbraun.nethence.com/scripts/sysutils/openbsd/restart

chmod +x hup

chmod +x restart

Recompiling the kernel

Fetch the kernel source and edit the configuration (note the included file gets edited),

cd /usr/

ftp -a ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.2/sys.tar.gz

ls -l src/

tar xzf sys.tar.gz -C src/

cd /src/sys/arch/amd64/conf/

cp GENERIC HOSTNAME

cp GENERIC.MP HOSTNAME.MP

vi HOSTNAME

vi HOSTNAME.MP

Note. E.g. to change the colors at boot (search for WSCOL in /sys/dev/ic/vga.c),

option WS_KERNEL_FG=WSCOL_RED

option WS_KERNEL_BG=WSCOL_BLACK

Compile the kernel,

config HOSTNAME.MP

cd ../compile/HOSTNAME.MP/

make depend

make

Install the kernel and reboot,

mv /bsd /bsd.old

cp bsd /

chmod 644 /bsd

shutdown -r now

Adding a possibly larger than 2TB storage disk

See what disks the kernel sees,

dmesg | grep ^sd

Check the current layout of the disk you want to initialize e.g. sd2,

fdisk sd2

Initialize the DOS partition table (needed only on x86 machines) for OpenBSD (create a single partition for the whole disk),

fdisk -i sd2

Now edit the BSD partition table,

disklabel -e sd2

Note. For one big BSD storage (not booting) partition, just add the d partition below c,

c: 5860533168 0 unused

d: 5860533105 63 4.2BSD 2048 16384 16

Note. Simply calculate total sectors minus 64 to get the size in sectors for the d partition.

Format it and configure a mount point e.g.,

newfs -O 2 /dev/rsd2d

mkdir -p /data/

cat >> /etc/fstab <<EOF9

/dev/sd2d /data ffs rw 1 1

EOF9

and apply,

mount /data/

Maintain an ext2 file system within OpenBSD

Make sure the e2fsprogs package is installed.

Identify the block device and the enabled features,

fdisk sd1 (there should be a ‘Linux files’ MBR partition)

disklabel sd1 (there should be a ‘ext2fs’ BSD partition)

tune2fs -l /dev/sd1i | grep features

Convert an ext4 filesystem to ext3,

tune2fs -O ^extent,^uninit_bg,^dir_index /dev/sd1i

fsck.ext3 -y /dev/sd1i

note. extent, not extents

note. hmm getting that error (sorry I found no solution by now),

Clearing filesystem feature 'extent' not supported.

refs.

https://ext4.wiki.kernel.org/index.php/Ext4_Howto

http://korben.info/comment-convertir-une-partition-ext3-vers-ext4.html

Convert an ext3 filesystem to ext2,

tune2fs -O ^has_journal /dev/sd1i

mount -t ext2 ...

cd ...

rm -f .journal

fsck.ext2 -y /dev/sd1i

ref http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-filesystem-ext2-revert.html