this is obsolete doc -- see http://doc.nethence.com/ instead
OpenBSD post-installation
Post-installation
Configure your network,
cd /etc/
ifconfig -a
echo 'inet IP NETMASK' > hostname.NETWORK_INTERFACE
echo 'GW' > mygate
echo 'search DOMAIN' >> resolv.conf
vi hosts
apply,
sh netstart
You should now be able to connect remotely through SSH.
Clean up a few things,
cd /etc/
mv motd motd.dist
mv skel/ skel.dist/
mkdir skel/
Note. On OpenBSD it’s necessary to create the skeleton directory again otherwise the useradd command will shout at you about the non-existing directory.
Configure your environment e.g.,
cd ~/
mkdir -p .trash/
mv .cshrc .Xdefaults .klogin .login .profile .trash/
# those symlinks will be useful shortly
ln -s ../.profile
ln -s ../.kshrc
ln -s ../.screenrc
cd /
rm -f .cshrc
cat >> .profile <<EOF9
export ENV=\$HOME/.kshrc
EOF9
cat > .kshrc <<EOF9
export PATH=$PATH:$HOME/bin
#export LANG=en_US.UTF-8
HOSTNAME=\${HOSTNAME:-`uname -n`}
[[ \$USER = root ]] \
&& PS1='\${HOSTNAME%%.*}# ' \
|| PS1='\${HOSTNAME%%.*}> '
alias ll='ls -alkF'
alias rm='rm -i'
alias mv='mv -i'
alias cp='cp -i'
[[ -x `whence vim 2>/dev/null` ]] && alias vi='vim'
[[ -x `whence pwgen 2>/dev/null` ]] && alias pwgen='pwgen -AnyB'
#set -o vi
bind -m '^L'='clear^M'
export PKG_PATH="ftp://ftp.fr.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/"
EOF9
note. Change the ftp mirror and the OpenBSD version accordingly in PKG_PATH.
note. The use of ‘export ENV=...’ seems to be mandatory to get the configurations to work in GNU Screen windows without forcing a login shell (with shell=-/bin/ksh).
apply,
. ./.profile
Configure GNU Screen,
cd /etc/
mv screenrc screenrc.dist
cat > screenrc <<EOF9
startup_message off
caption always '%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<'
bindkey ^[, prev
bindkey ^[; next
autodetach on
defscrollback 65000
vbell on
shell -/bin/ksh
EOF9
cd /
cat > .screenrc <<EOF9
screen -t "log" 0 tail -f /var/log/messages
EOF9
For convenience you may also simplify the system logs’ configuration,
cd /etc/
mv syslog.conf syslog.conf.dist
echo ‘*.* -/var/log/messages’ > syslog.conf
cd /var/log/
chmod o-r messages
apply,
/etc/rc.d/syslog restart
Change the cron tabs to your taste,
crontab -e
for a server with no heavy load, rotate the logs every first day of a month at 00:00 instead of every day,
#0 * * * * /usr/bin/newsyslog
0 0 1 * * /usr/bin/newsyslog
eventually index the file systems every night at 00:10,
10 0 * * * /usr/libexec/locate.updatedb
On a production system, you might prefer it to automatically reboot after a panic,
sysctl -w ddb.panic=0
cd /etc/
mv sysctl.conf sysctl.conf.dist
cat > sysctl.conf <<EOF9
ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
EOF9
Create a user for SSH remote access and read access to the logs (wheel group),
useradd -m -G wheel ADMINUSER
passwd ADMINUSER
su - ADMINUSER
ln -s ../../.profile
ln -s ../../.kshrc
ln -s ../../.screenrc
^D
Secure the SSH daemon even more,
cd /etc/ssh/
mv sshd_config sshd_config.dist
sed '/^#/d; /^$/d;' sshd_config.dist > sshd_config
cat >> sshd_config <<EOF9
Protocol 2
Port 2222
AllowGroups wheel
PermitRootLogin no
EOF9
apply,
/etc/rc.d/sshd restart
Install a few packages (assuming PKG_PATH has been defined),
pkg_add -i screen wget vim pwgen e2fsprogs
Fetch a few wrappers to handle the daemons more quickly,
cd ~/
mkdir -p bin/
cd bin/
wget http://pbraun.nethence.com/scripts/sysutils/openbsd/hup
wget http://pbraun.nethence.com/scripts/sysutils/openbsd/restart
chmod +x hup
chmod +x restart
Recompiling the kernel
Fetch the kernel source and edit the configuration (note the included file gets edited),
cd /usr/
ftp -a ftp://ftp.fr.openbsd.org/pub/OpenBSD/5.2/sys.tar.gz
ls -l src/
tar xzf sys.tar.gz -C src/
cd /src/sys/arch/amd64/conf/
cp GENERIC HOSTNAME
cp GENERIC.MP HOSTNAME.MP
vi HOSTNAME
vi HOSTNAME.MP
Note. E.g. to change the colors at boot (search for WSCOL in /sys/dev/ic/vga.c),
option WS_KERNEL_FG=WSCOL_RED
option WS_KERNEL_BG=WSCOL_BLACK
Compile the kernel,
config HOSTNAME.MP
cd ../compile/HOSTNAME.MP/
make depend
make
Install the kernel and reboot,
mv /bsd /bsd.old
cp bsd /
chmod 644 /bsd
shutdown -r now
Adding a possibly larger than 2TB storage disk
See what disks the kernel sees,
dmesg | grep ^sd
Check the current layout of the disk you want to initialize e.g. sd2,
fdisk sd2
Initialize the DOS partition table (needed only on x86 machines) for OpenBSD (create a single partition for the whole disk),
fdisk -i sd2
Now edit the BSD partition table,
disklabel -e sd2
Note. For one big BSD storage (not booting) partition, just add the d partition below c,
c: 5860533168 0 unused
d: 5860533105 63 4.2BSD 2048 16384 16
Note. Simply calculate total sectors minus 64 to get the size in sectors for the d partition.
Format it and configure a mount point e.g.,
newfs -O 2 /dev/rsd2d
mkdir -p /data/
cat >> /etc/fstab <<EOF9
/dev/sd2d /data ffs rw 1 1
EOF9
and apply,
mount /data/
Maintain an ext2 file system within OpenBSD
Make sure the e2fsprogs package is installed.
Identify the block device and the enabled features,
fdisk sd1 (there should be a ‘Linux files’ MBR partition)
disklabel sd1 (there should be a ‘ext2fs’ BSD partition)
tune2fs -l /dev/sd1i | grep features
Convert an ext4 filesystem to ext3,
tune2fs -O ^extent,^uninit_bg,^dir_index /dev/sd1i
fsck.ext3 -y /dev/sd1i
note. extent, not extents
note. hmm getting that error (sorry I found no solution by now),
Clearing filesystem feature 'extent' not supported.
refs.
https://ext4.wiki.kernel.org/index.php/Ext4_Howto
http://korben.info/comment-convertir-une-partition-ext3-vers-ext4.html
Convert an ext3 filesystem to ext2,
tune2fs -O ^has_journal /dev/sd1i
mount -t ext2 ...
cd ...
rm -f .journal
fsck.ext2 -y /dev/sd1i
ref http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-filesystem-ext2-revert.html