Post Install Configuration FreeBSD

Slides:

Advertisements

Similar presentations

Install. Will your hardware work? Most things are compatible - a few are known not to be.

Advertisements

FreeBSD startup and repair AfNOG 2007 Abuja, Nigeria Hervey Allen Materials from Brian Candler.

LinuxChix System Startup and Recovery. What happens at startup? ● The BIOS loads and runs the MBR ● A series of "bootstrap" programs are loaded – see.

LinuxChix Africa UNIX BASICS. To r00t or not to r00t ● Unix security is (in most cases) binary. Either you are root or you are not. – Effects on permissions.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

Exercise 1 – FreeBSD Installation Announced Date: 2006/9/20 Due Date: 2005/10/4.

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

System Administration: Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

Configuring the MagicInfo Pro Display

Partner Logo German Cancio – WP4-install LCFG HOW-TO - n° 1 WP4 hands-on workshop: EDG LCFGng exercises

NOC TOOLS rancid AfNOG Cairo, SI-E, 4 of 5 Sunday Folayan.

System Administration HW1 huanghs. Computer Center, CS, NCTU 2 Requirements  Basic Install FreeBSD and upgrade to up-to-date –RELEASE Recompile your.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

1 FreeBSD Installation ISOC/AfNOG Michuki Mwangi (Original materials by Hervey Allen – NSRC)

Maintain Installed Applications. Computer Center, CS, NCTU 2 In Ports Tree  / Makefile  COMMENT pkg-descr  WWW pkg-message  Shown after installed.

6 th Annual Focus Users’ Conference Manage Integrations Presented by: Mike Morris.

An Intro to Concurrent Versions System (CVS) ECE 417/617: Elements of Software Engineering Stan Birchfield Clemson University.

Keeping Up-to-date AfNOG X Cairo, Egypt. Recap on FreeBSD design Distribution includes kernel, and some user-land binaries (bind, shells, network tools,

T4L – NSW DET SOE Muticasting an Image. Problem New T4L computers use SATA HDD’s SATA drives are not recognised by Current DET Licensed version of Ghost.

PLANNING A MICROSOFT EXCHANGE SERVER 2003 INFRASTRUCTURE Chapter 2.

What is a port The Ports Collection is essentially a set of Makefiles, patches, and description files placed in /usr/ports. The port includes instructions.

1 FreeBSD Installation AFNOG X Cairo, Egypt May 2009 Hervey Allen.

IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.

1 FreeBSD Installation AFNOG Chix 2011 Blantyre, Malawi 31 st Oct - 4 th Nov 2011 Dorcas Muthoni and Evelyn Namara.

FreeBSD. Computer Center, CS, NCTU 2 Outline  FreeBSD version 8.1-RELEASE  Installing FreeBSD From CD-ROM  Build world and kernel Update source Rebuild.

SA-NA Junction. FreeBSD Branches/Tags Three parallel development branches: -RELEASE Latest Release version 7.0 January 2009, 6.3 November 2008

Installing Applications in FreeBSD lctseng. Computer Center, CS, NCTU 2 Before we start  Permission issue root: the super user Like administrator in.

Post Install Configuration FreeBSD SANOG 9 January 14, 2007 Colombo, Sri Lanka Hervey Allen.

Sys Admin Course Service Management Fourie Joubert.

IBM Express Runtime Quick Start Workshop © 2007 IBM Corporation Deploying a Solution.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.

Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.

SA-NA Junction FreeBSD. Computer Center, CS, NCTU 2 Outline  FreeBSD version  Installing FreeBSD  Update source and make world  Rebuild kernel.

PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.

FreeBSD Introduction Joel Jaeggli rehashed for pacnog 2006.

1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.

Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.

Updating FreeBSD Unix System Administration. Objectives At the end of this session you should be able to: 1. Understand the differences between the CURRENT.

Using Crontab with Ubuntu

Installing Applications in FreeBSD

CS1010: Intro Workshop.

Homework #01 FreeBSD Installation

PGP Key Management Basic Principals

Lab 05 Firewalls.

NTP, Syslog & Secure Shell

Drivers and the kernel UNIX system has three layers: Kernel

FreeBSD startup and repair

Keeping Up-to-date AfNOG X Cairo, Egypt.

Editing, vi and Configuration Files

Unix Systems Administration

PGP Key Management Basic Principals

Introduction to Networking

How to fix Update Failure Error “0x800f081f” on Windows 10 KB ?

3 Easy Methods to Remove Author Name from WordPress Posts Do you want to remove writer name from your WordPress post? By default, WordPress does not have.

Operating System Kernel Compilation

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

Configuring Internet-related services

Creating User Defined Fields (NDF)

Configuration Of A Pull Network.

SUSE Linux Enterprise Desktop Administration

PGP Key Management Basic Principles

Convergence IT Services Pvt. Ltd

Presentation transcript:

Post Install Configuration FreeBSD ccTLD Workshop February 14, 2007 Georgetown, Guyana Hervey Allen

One System Admin's Point of View Reduce to a minimun number of services Restrict SSH root access to public keys only Install your ssh public key(s) [we'll do later] Remove extraneous accounts and groups Configure /etc/rc.conf as needed Set up proper logging Update your source Update your ports collection Rebuild your operating system Reconfigure your kernel Rebuild your kernel

Point of View Cont. Reboot! ;-) You might not need a firewall... You might want to use inetd.

What Are we Going to Do? Here's one way to do things... Keep box off net Edit /etc/rc.conf Bring up net pkg_add rsync, ssh, other (or, portsnap, then build) Enable ssh Install ssh authorized keys for root Install hacked ssh config /etc/ssh/sshd_config Start new sshd Update source (cvsup) Build world Build custom kernel Portsnap to keep ports up-to-date These we'll do later after we discuss cryptography later in the week. These we'll show, the rest we'll do.

“More than one way to skin a cat” Updating Source “More than one way to skin a cat” In brief: Create a “supfile” with options you want Get the source as specified in supfile Create a custom kernel configuration file Run... make buildworld make kernel KERNCONF=SANOG9 make install KERNCONF=SANOG9 <reboot in to single user mode> cd /usr/src mergemaster -p make installworld make delete-old mergemaster <reboot>

Some Suggestions First A few things you really should read: less /usr/src/UPDATING man mergemaster /usr/share/doc/handbook/cvsup.html /usr/share/doc/handbook/kernelconfig.html And consider trying this on a test system once for practice.

How Would you do This? First, install “cvsup-without-gui” pkg_add -r cvsup-without-gui Regular cvsup requires a lot of extra stuff and it's not necessary. Use /usr/share/examples/cvsup/cvs-supfile to build your custom supfile. See if there's a FreeBSD cvs server near you. Build your custom file. Here's an example:

cvs supfile File Example* # Defaults that apply to all the collections *default host=cvsup2.za.freebsd.org *default base=/usr *default prefix=/usr *default release=cvs *default delete use-rel-suffi *default tag=RELENG_6 src-all *default tag=. doc-all ports-all *Actual file is longer with comments

cvsup Command Now to actually do it. If your file is called “cvs-supfile” and is in /usr/src type: # cvsup -g -L 2 supfile -g = no graphics -L 2 = full details on screen Once done, or during the process, you can create your customer Kernel config file.

FreeBSD Post Install Configuration Now we'll do the post-install exercises, part II...