Presentation is loading. Please wait.

Presentation is loading. Please wait.

Post Install Configuration FreeBSD

Published byMaud Stella Bell Modified over 5 years ago

Similar presentations

Presentation on theme: "Post Install Configuration FreeBSD"— Presentation transcript:

1 Post Install Configuration FreeBSD
ccTLD Workshop February 14, 2007 Georgetown, Guyana Hervey Allen

2 One System Admin's Point of View
Reduce to a minimun number of services Restrict SSH root access to public keys only Install your ssh public key(s) [we'll do later] Remove extraneous accounts and groups Configure /etc/rc.conf as needed Set up proper logging Update your source Update your ports collection Rebuild your operating system Reconfigure your kernel Rebuild your kernel

3 Point of View Cont. Reboot! ;-) You might not need a firewall...
You might want to use inetd.

4 What Are we Going to Do? Here's one way to do things...
Keep box off net Edit /etc/rc.conf Bring up net pkg_add rsync, ssh, other (or, portsnap, then build) Enable ssh Install ssh authorized keys for root Install hacked ssh config /etc/ssh/sshd_config Start new sshd Update source (cvsup) Build world Build custom kernel Portsnap to keep ports up-to-date These we'll do later after we discuss cryptography later in the week. These we'll show, the rest we'll do.

5 “More than one way to skin a cat”
Updating Source “More than one way to skin a cat” In brief: Create a “supfile” with options you want Get the source as specified in supfile Create a custom kernel configuration file Run... make buildworld make kernel KERNCONF=SANOG9 make install KERNCONF=SANOG9 <reboot in to single user mode> cd /usr/src mergemaster -p make installworld make delete-old mergemaster <reboot>

6 Some Suggestions First
A few things you really should read: less /usr/src/UPDATING man mergemaster /usr/share/doc/handbook/cvsup.html /usr/share/doc/handbook/kernelconfig.html And consider trying this on a test system once for practice.

7 How Would you do This? First, install “cvsup-without-gui”
pkg_add -r cvsup-without-gui Regular cvsup requires a lot of extra stuff and it's not necessary. Use /usr/share/examples/cvsup/cvs-supfile to build your custom supfile. See if there's a FreeBSD cvs server near you. Build your custom file. Here's an example:

8 cvs supfile File Example*
# Defaults that apply to all the collections *default host=cvsup2.za.freebsd.org *default base=/usr *default prefix=/usr *default release=cvs *default delete use-rel-suffi *default tag=RELENG_6 src-all *default tag=. doc-all ports-all *Actual file is longer with comments

9 cvsup Command Now to actually do it. If your file is called “cvs-supfile” and is in /usr/src type: # cvsup -g -L 2 supfile -g = no graphics -L 2 = full details on screen Once done, or during the process, you can create your customer Kernel config file.

10 FreeBSD Post Install Configuration
Now we'll do the post-install exercises, part II...

Download ppt "Post Install Configuration FreeBSD"

Similar presentations

Install. Will your hardware work? Most things are compatible - a few are known not to be.

Install. Will your hardware work? Most things are compatible - a few are known not to be.
FreeBSD startup and repair AfNOG 2007 Abuja, Nigeria Hervey Allen Materials from Brian Candler.

FreeBSD startup and repair AfNOG 2007 Abuja, Nigeria Hervey Allen Materials from Brian Candler.
LinuxChix System Startup and Recovery. What happens at startup? ● The BIOS loads and runs the MBR ● A series of bootstrap programs are loaded – see.

LinuxChix System Startup and Recovery. What happens at startup? ● The BIOS loads and runs the MBR ● A series of "bootstrap" programs are loaded – see.
LinuxChix Africa UNIX BASICS. To r00t or not to r00t ● Unix security is (in most cases) binary. Either you are root or you are not. – Effects on permissions.

LinuxChix Africa UNIX BASICS. To r00t or not to r00t ● Unix security is (in most cases) binary. Either you are root or you are not. – Effects on permissions.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Exercise 1 – FreeBSD Installation Announced Date: 2006/9/20 Due Date: 2005/10/4.

Exercise 1 – FreeBSD Installation Announced Date: 2006/9/20 Due Date: 2005/10/4.
SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
System Administration: Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.

System Administration: Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Configuring the MagicInfo Pro Display

Configuring the MagicInfo Pro Display
Partner Logo German Cancio – WP4-install LCFG HOW-TO - n° 1 WP4 hands-on workshop: EDG LCFGng exercises

Partner Logo German Cancio – WP4-install LCFG HOW-TO - n° 1 WP4 hands-on workshop: EDG LCFGng exercises
NOC TOOLS rancid AfNOG 2009 - Cairo, SI-E, 4 of 5 Sunday Folayan.

NOC TOOLS rancid AfNOG Cairo, SI-E, 4 of 5 Sunday Folayan.
System Administration HW1 huanghs. Computer Center, CS, NCTU 2 Requirements  Basic Install FreeBSD and upgrade to up-to-date –RELEASE Recompile your.

System Administration HW1 huanghs. Computer Center, CS, NCTU 2 Requirements  Basic Install FreeBSD and upgrade to up-to-date –RELEASE Recompile your.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
1 FreeBSD Installation ISOC/AfNOG Michuki Mwangi (Original materials by Hervey Allen – NSRC)

1 FreeBSD Installation ISOC/AfNOG Michuki Mwangi (Original materials by Hervey Allen – NSRC)
Maintain Installed Applications. Computer Center, CS, NCTU 2 In Ports Tree  / Makefile  COMMENT pkg-descr  WWW pkg-message  Shown after installed.

Maintain Installed Applications. Computer Center, CS, NCTU 2 In Ports Tree  / Makefile  COMMENT pkg-descr  WWW pkg-message  Shown after installed.
6 th Annual Focus Users’ Conference Manage Integrations Presented by: Mike Morris.

6 th Annual Focus Users’ Conference Manage Integrations Presented by: Mike Morris.

Similar presentations

Ads by Google