Post Install Configuration FreeBSD SANOG 9 January 14, 2007 Colombo, Sri Lanka Hervey Allen.

Slides:



Advertisements
Similar presentations
VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.
Advertisements

FreeBSD startup and repair AfNOG 2007 Abuja, Nigeria Hervey Allen Materials from Brian Candler.
LinuxChix Africa UNIX BASICS. To r00t or not to r00t ● Unix security is (in most cases) binary. Either you are root or you are not. – Effects on permissions.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Exercise 1 – FreeBSD Installation Announced Date: 2006/9/20 Due Date: 2005/10/4.
PacNOG 6: Nadi, Fiji Installing Ubuntu Server 9.04 Hervey Allen Network Startup Resource Center.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Installing Windows Vista Lesson 2. Skills Matrix Technology SkillObjective DomainObjective # Performing a Clean Installation Set up Windows Vista as the.
Using the “CLI” Unix / Linux Preparation Course May 25 Djibouti.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.
Hands-On Microsoft Windows Server 2008
Partner Logo German Cancio – WP4-install LCFG HOW-TO - n° 1 WP4 hands-on workshop: EDG LCFGng exercises
NOC TOOLS rancid AfNOG Cairo, SI-E, 4 of 5 Sunday Folayan.
System Administration HW1 huanghs. Computer Center, CS, NCTU 2 Requirements  Basic Install FreeBSD and upgrade to up-to-date –RELEASE Recompile your.
Geo CE-XM ch 4 Edited 10/14/05 1 The XM is the newest of the rovers, and unlike other units, it comes with software installed on the unit as well as using.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
1 FreeBSD Installation ISOC/AfNOG Michuki Mwangi (Original materials by Hervey Allen – NSRC)
Maintain Installed Applications. Computer Center, CS, NCTU 2 In Ports Tree  / Makefile  COMMENT pkg-descr  WWW pkg-message  Shown after installed.
Netbeans 6.0 version control configuration for AUV Workbench & various XMSF projects TODO: check changes in all Netbeans 5 screens Don Brutzman
CMSBrownBag,05/29/2007 B.Mangano How to “use” CMSSW on own Linux Box and be happy In this context “use” means: - check-out pre-compiled CMSSW code - run.
Netbeans 5.0 cvs configuration for AUV Workbench & various XMSF projects Don Brutzman 14 July 2006.
An Intro to Concurrent Versions System (CVS) ECE 417/617: Elements of Software Engineering Stan Birchfield Clemson University.
Keeping Up-to-date AfNOG X Cairo, Egypt. Recap on FreeBSD design Distribution includes kernel, and some user-land binaries (bind, shells, network tools,
T4L – NSW DET SOE Muticasting an Image. Problem New T4L computers use SATA HDD’s SATA drives are not recognised by Current DET Licensed version of Ghost.
PLANNING A MICROSOFT EXCHANGE SERVER 2003 INFRASTRUCTURE Chapter 2.
Netbeans 5.5 version control: cvs, svn configuration for AUV Workbench & various X3D, XMSF projects Don Brutzman 1 December 2007.
What is a port The Ports Collection is essentially a set of Makefiles, patches, and description files placed in /usr/ports. The port includes instructions.
1 FreeBSD Installation AFNOG X Cairo, Egypt May 2009 Hervey Allen.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
1 Network Information System (NIS). 2 Module – Network Information System (NIS) ♦ Overview This module focuses on configuring and managing Network Information.
IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.
12 CVS Mauro Jaskelioff (originally by Gail Hopkins)
Editing, vi and Configuration Files Introduction to Unix May 25, 2008 Rabat, Morocco Hervey Allen.
1 FreeBSD Installation AFNOG Chix 2011 Blantyre, Malawi 31 st Oct - 4 th Nov 2011 Dorcas Muthoni and Evelyn Namara.
FreeBSD. Computer Center, CS, NCTU 2 Outline  FreeBSD version 8.1-RELEASE  Installing FreeBSD From CD-ROM  Build world and kernel Update source Rebuild.
SA-NA Junction. FreeBSD Branches/Tags Three parallel development branches: -RELEASE Latest Release version 7.0 January 2009, 6.3 November 2008
Installing Applications in FreeBSD lctseng. Computer Center, CS, NCTU 2 Before we start  Permission issue root: the super user Like administrator in.
Disk Server Deployment at RAL Castor F2F RAL - Feb 2009 Martin Bly.
Sys Admin Course Service Management Fourie Joubert.
January 9, 2001 Router Plugins (Crossbow) 1 Washington WASHINGTON UNIVERSITY IN ST LOUIS Exercises.
Installing VERITAS Cluster Server. Topic 1: Using the VERITAS Product Installer After completing this topic, you will be able to install VCS using the.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
ALSMS Upgrade Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.
Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
SA-NA Junction FreeBSD. Computer Center, CS, NCTU 2 Outline  FreeBSD version  Installing FreeBSD  Update source and make world  Rebuild kernel.
PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.
Building programs LinuxChix-KE. What happens in your CPU? ● It executes a small set of instructions called "machine code" ● Each instruction is just a.
FreeBSD Introduction Joel Jaeggli rehashed for pacnog 2006.
Updating FreeBSD Unix System Administration. Objectives At the end of this session you should be able to: 1. Understand the differences between the CURRENT.
WebInspect Enterprise Installation process
Homework #01 FreeBSD Installation
PGP Key Management Basic Principals
NTP, Syslog & Secure Shell
FreeBSD startup and repair
Keeping Up-to-date AfNOG X Cairo, Egypt.
Unix Systems Administration
PGP Key Management Basic Principals
Operating System Kernel Compilation
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Configuring Internet-related services
Creating User Defined Fields (NDF)
Configuration Of A Pull Network.
SUSE Linux Enterprise Desktop Administration
Post Install Configuration FreeBSD
Presentation transcript:

Post Install Configuration FreeBSD SANOG 9 January 14, 2007 Colombo, Sri Lanka Hervey Allen

9 Colombo One System Admin's Point of View Reduce to a minimun number of services Restrict SSH root access to public keys only  Install your ssh public key(s) [we'll do later] Remove extraneous accounts and groups Configure /etc/rc.conf as needed  Set up proper logging Update your source Update your ports collection Rebuild your operating system Reconfigure your kernel Rebuild your kernel

9 Colombo Point of View Cont. Reboot! ;-) You might not need a firewall... You might want to use inetd.

9 Colombo What Are we Going to Do? Here's one way to do things... 1) Keep box off net 2) Edit /etc/rc.conf 3) Bring up net 4) pkg_add rsync, ssh, other (or, portsnap, then build) 5) Enable ssh 6) Install ssh authorized keys for root 7) Install hacked ssh config /etc/ssh/sshd_config 8) Start new sshd 9) Update source (cvsup) 10) Build world 11) Build custom kernel 12) Portsnap to keep ports up-to-date These we'll do later after we discuss cryptography. These we'll show, the rest we'll do.

9 Colombo Updating Source “More than one way to skin a cat” In brief:  Create a “supfile” with options you want  Get the source as specified in supfile  Create a custom kernel configuration file  Run... make buildworld make kernel KERNCONF=SANOG9 make install KERNCONF=SANOG9 cd /usr/src mergemaster -p make installworld make delete-old mergemaster

9 Colombo Some Suggestions First A few things you really should read: less /usr/src/UPDATING man mergemaster /usr/share/doc/handbook/cvsup.html /usr/share/doc/handbook/kernelconfig.html And consider trying this on a test system once for practice.

9 Colombo How Would you do This? First, install “cvsup-without-gui”  pkg_add -r cvsup-without-gui Regular cvsup requires a lot of extra stuff and it's not necessary. Use /usr/share/examples/cvsup/cvs-supfile to build your custom supfile. See if there's a FreeBSD cvs server near you. Build your custom file. Here's an example:

9 Colombo cvs supfile File Example* # Defaults that apply to all the collections *default host=cvsup2.za.freebsd.org *default base=/usr *default prefix=/usr *default release=cvs *default delete use-rel-suffi *default tag=RELENG_6 src-all *default tag=. doc-all ports-all *Actual file is longer with comments

9 Colombo cvsup Command Now to actually do it. If your file is called “cvs- supfile” and is in /usr/src type: # cvsup -g -L 2 supfile -g = no graphics -L 2 = full details on screen Once done, or during the process, you can create your customer Kernel config file.

9 Colombo FreeBSD Post Install Configuration Now we'll do the post-install exercises, part II...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.