OpenSeaMap-dev:Server FreeBSD Base
Installation
Set timezone to UTC.
cp /usr/share/zoneinfo/UTC /etc/localtime
Disable virtual terminals (ttyv1 .. ttyv8).
vi /etc/ttys ttyv1 "/usr/libexec/getty Pc" cons25 off secure ... ttyv8 "/usr/libexec/getty Pc" cons25 off secure
Reduce autoboot delay.
vi /boot/loader.conf autoboot_delay="2"
Secure syslogd.
vi /etc/rc.conf syslogd_flags="-ss" /etc/rc.d/syslogd restart
Prevent building ports for X11.
vi /etc/make.conf WITHOUT_X11=yes
Redirect mails for root.
vi /etc/aliases root: <mail-address> newaliases
Create an administrator account.
pw groupadd <username> pw useradd <username> -g <username> -G wheel -m -s /bin/csh install -d -g <username> -o <username> -m 700 /home/<username>/.ssh install -g <username> -o <username> -m 400 /dev/null /home/<username>/.ssh/authorized_keys
Permit root login. Be sure to have a non root account which is allowed to login.
vi /etc/ssh/sshd_config PermitRootLogin no ChallengeResponseAuthentication no /etc/rc.d/sshd restart
Configure freebsd update.
vi /etc/freebsd-update.conf Components world kernel
Update base system.
freebsd-update fetch freebsd-update install (reboot)
Fetch and extract port files.
portsnap fetch portsnap extract
All ports have to be managed with portmaster.
cd /usr/ports/ports-mgmt/portmaster make install clean rehash
It is recommended to install ports in screen.
portmaster -d -B sysutils/screen rehash
Install these ports on every machine.
screen -S ports portmaster -d -B editors/vim ports-mgmt/portaudit sysutils/ezjail net/openntpd exit
Cronjob for freebsd update and portsnap.
vi /etc/crontab 0 7 * * * root /usr/sbin/freebsd-update cron 0 8 * * * root /usr/bin/portsnap cron
Configure packet filter.
TBD vi /etc/pf.conf nat on $ext_if proto {tcp udp icmp} from lo0 to any -> ($ext_if) nat on $int_if proto {tcp udp icmp} from lo0 to any -> ($int_if) pfctl -f /etc/pf.conf
Configure ntpd.
vi /usr/local/etc/ntpd.conf listen on 127.0.0.1 server 0.nl.pool.ntp.org server 1.nl.pool.ntp.org server 2.nl.pool.ntp.org server 3.nl.pool.ntp.org vi /etc/rc.conf openntpd_enable="YES" service openntpd start
Install base jail.
ezjail-admin install
Enable ejzail.
vi /etc/rc.conf ezjail_enable="YES"
Start ejzail.
service ejzail start
Maintenance
Update base system (world).
screen -S update freebsd-update fetch freebsd-update install exit
Release change. The install command has to be executed again after a reboot, to remove old files. Keep in mind to update all ports, jails and ports in jails, too.
screen -S update freebsd-update -r 9.1-RELEASE upgrade freebsd-update install exit (reboot) screen -S update freebsd-update install exit