Τετάρτη, Οκτωβρίου 03, 2007
Securing FreeBSD ( 1 )
Login: root
password: password
# ee /usr/X11R6/bin/startx
CHANGE the following
serverargs=""
to
serverargs="-nolisten tcp"
Save and Quit [ esc a a ]
# ee /etc/mail/sendmail.cf
CHANGE the following
O DaemonPortOptions=Port=587, Name=MSA, M=E
to
#O DaemonPortOptions=Port=587, Name=MSA, M=E
Save and Quit [ esc a a ]
# killall -HUP sendmail
# ee /etc/ssh/sshd_config
CHANGE the following
#Protocol 2
to
Protocol 2
and CHANGE the following
#PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
# touch /var/account/acct
# accton /var/account/acct
# echo 'accounting_enable="YES"' >> /etc/rc.conf
# echo "net.inet.tcp.blackhole=2" >> /etc/sysctl.conf
# echo "net.inet.udp.blackhole=1" >> /etc/sysctl.conf
# echo "net.inet.icmp.drop_redirect=1">> /etc/sysctl.conf
# echo "net.inet.icmp.log_redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.ip.accept_sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.icmp.bmcastecho=0">> /etc/sysctl.conf
# echo "net.inet.tcp.log_in_vain=1">> /etc/sysctl.conf
# echo "net.inet.udp.log_in_vain=1">> /etc/sysctl.conf
# echo "kern.ipc.somaxconn=1024">> /etc/sysctl.conf
# echo "net.link.ether.inet.max_age=600">> /etc/sysctl.conf
# echo "net.inet.tcp.sack.enable=0 ">> /etc/sysctl.conf
# echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf
# echo "net.inet.ip.check_interface=1">> /etc/sysctl.conf
# echo"net.inet.tcp.syncookies=0">> /etc/sysctl.conf
#echo "net.inet.icmp.maskrepl=0">> /etc/sysctl.conf
# ee /etc/sysctl.conf
CHANGE the following
# security.bsd.see_other_uids=0
to
security.bsd.see_other_uids=0
Save and Quit [ esc a a ]
# ee /etc/login.conf
CHANGE the following
:passwd_format=md5:\
to
:passwd_format=blf:\
Save and Quit [ esc a a ]
# cap_mkdb /etc/login.conf
# passwd username
# more /etc/master.passwd
# ee /etc/auth.conf
CHANGE the following
crypt_default = md5
to
crypt_default = blf
Save and Quit [ esc a a ]
Secure rc.conf
# ee /etc/rc.conf
sendmail_enable="NO"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
update_motd="NO"
inetd_enable="NO"
clear_tmp_enable="YES"
accounting_enable="YES"
fsck_y_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"
#reboot
password: password
# ee /usr/X11R6/bin/startx
CHANGE the following
serverargs=""
to
serverargs="-nolisten tcp"
Save and Quit [ esc a a ]
# ee /etc/mail/sendmail.cf
CHANGE the following
O DaemonPortOptions=Port=587, Name=MSA, M=E
to
#O DaemonPortOptions=Port=587, Name=MSA, M=E
Save and Quit [ esc a a ]
# killall -HUP sendmail
# ee /etc/ssh/sshd_config
CHANGE the following
#Protocol 2
to
Protocol 2
and CHANGE the following
#PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
# touch /var/account/acct
# accton /var/account/acct
# echo 'accounting_enable="YES"' >> /etc/rc.conf
# echo "net.inet.tcp.blackhole=2" >> /etc/sysctl.conf
# echo "net.inet.udp.blackhole=1" >> /etc/sysctl.conf
# echo "net.inet.icmp.drop_redirect=1">> /etc/sysctl.conf
# echo "net.inet.icmp.log_redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.redirect=0">> /etc/sysctl.conf
# echo "net.inet.ip.sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.ip.accept_sourceroute=0">> /etc/sysctl.conf
# echo "net.inet.icmp.bmcastecho=0">> /etc/sysctl.conf
# echo "net.inet.tcp.log_in_vain=1">> /etc/sysctl.conf
# echo "net.inet.udp.log_in_vain=1">> /etc/sysctl.conf
# echo "kern.ipc.somaxconn=1024">> /etc/sysctl.conf
# echo "net.link.ether.inet.max_age=600">> /etc/sysctl.conf
# echo "net.inet.tcp.sack.enable=0 ">> /etc/sysctl.conf
# echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf
# echo "net.inet.ip.check_interface=1">> /etc/sysctl.conf
# echo"net.inet.tcp.syncookies=0">> /etc/sysctl.conf
#echo "net.inet.icmp.maskrepl=0">> /etc/sysctl.conf
# ee /etc/sysctl.conf
CHANGE the following
# security.bsd.see_other_uids=0
to
security.bsd.see_other_uids=0
Save and Quit [ esc a a ]
# ee /etc/login.conf
CHANGE the following
:passwd_format=md5:\
to
:passwd_format=blf:\
Save and Quit [ esc a a ]
# cap_mkdb /etc/login.conf
# passwd username
# more /etc/master.passwd
# ee /etc/auth.conf
CHANGE the following
crypt_default = md5
to
crypt_default = blf
Save and Quit [ esc a a ]
Secure rc.conf
# ee /etc/rc.conf
sendmail_enable="NO"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
update_motd="NO"
inetd_enable="NO"
clear_tmp_enable="YES"
accounting_enable="YES"
fsck_y_enable="YES"
syslogd_enable="YES"
syslogd_flags="-ss"
#reboot
Τρίτη, Οκτωβρίου 02, 2007
OpenBSD : Updating and building your system and kernel
Login: root
password: password
# export PKG_PATH=ftp://filoktitis.noc.uoa.gr/pub/OpenBSD/4.1/packages/i386/
# pkg_add -v cvsup-16.1hp0-no_x11.tgz
#pkg_add -v ee-1.4.6p1.tgz
# cd /usr
# ee cvsup-file-src
Write the following
# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1
# If your network link is a T1 or faster, comment out the following line.
# *default compress
#OpenBSD-ports
#OpenBSD-all
OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
#OpenBSD-xf4
#OpenBSD-xenocara
Save and Quit [ esc a a ]
# cvsup -g -L 2 cvsup-file-src
# cp /bsd /bsd.old
# cd /usr/src/sys/arch/i386/conf/
# config GENERIC
# cd /usr/src/sys/arch/i386/compile/GENERIC/
# make clean && make depend && make && make install
# reboot
Login: root
password: password
# rm -rf /usr/obj/*
# cd /usr/src
# make obj
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build
# cd /usr/
# ee cvsup-file-ports
Write the following
# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1
# If your network link is a T1 or faster, comment out the following line.
# *default compress
OpenBSD-ports
#OpenBSD-all
#OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
#OpenBSD-xf4
#OpenBSD-xenocara
Save and Quit [ esc a a ]
# cvsup -g -L 2 cvsup-file-ports
# cd /usr/ports/infrastructure/build/
# ./out-of-date
# cd/usr
# ee cvsup-file-xf4
Write the following
# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1
# If your network link is a T1 or faster, comment out the following line.
# *default compress
#OpenBSD-ports
#OpenBSD-all
#OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
OpenBSD-xf4
#OpenBSD-xenocara
Save and Quit [ esc a a ]
# cvsup -g -L 2 cvsup-file-xf4
# export PKG_PATH=ftp://filoktitis.noc.uoa.gr/pub/OpenBSD/4.1/packages/i386/
#pkg_add -v tk-8.4.7p1.tgz
# rm -rf /usr/Xbld
# mkdir -p /usr/Xbld
# cd /usr/Xbld
# lndir ../XF4
# make build
Login: root
password: password
# find /usr/ports/ -name opera
# cd /usr/ports/www/opera/
# make update
password: password
# export PKG_PATH=ftp://filoktitis.noc.uoa.gr/pub/OpenBSD/4.1/packages/i386/
# pkg_add -v cvsup-16.1hp0-no_x11.tgz
#pkg_add -v ee-1.4.6p1.tgz
# cd /usr
# ee cvsup-file-src
Write the following
# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1
# If your network link is a T1 or faster, comment out the following line.
# *default compress
#OpenBSD-ports
#OpenBSD-all
OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
#OpenBSD-xf4
#OpenBSD-xenocara
Save and Quit [ esc a a ]
# cvsup -g -L 2 cvsup-file-src
# cp /bsd /bsd.old
# cd /usr/src/sys/arch/i386/conf/
# config GENERIC
# cd /usr/src/sys/arch/i386/compile/GENERIC/
# make clean && make depend && make && make install
# reboot
Login: root
password: password
# rm -rf /usr/obj/*
# cd /usr/src
# make obj
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build
# cd /usr/
# ee cvsup-file-ports
Write the following
# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1
# If your network link is a T1 or faster, comment out the following line.
# *default compress
OpenBSD-ports
#OpenBSD-all
#OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
#OpenBSD-xf4
#OpenBSD-xenocara
Save and Quit [ esc a a ]
# cvsup -g -L 2 cvsup-file-ports
# cd /usr/ports/infrastructure/build/
# ./out-of-date
# cd/usr
# ee cvsup-file-xf4
Write the following
# Defaults that apply to all the collections
*default release=cvs
*default delete use-rel-suffix
*default umask=002
*default host=anoncvs2.de.openbsd.org
*default base=/usr
*default prefix=/usr
*default tag=OPENBSD_4_1
# If your network link is a T1 or faster, comment out the following line.
# *default compress
#OpenBSD-ports
#OpenBSD-all
#OpenBSD-src
#OpenBSD-www
#OpenBSD-x11
OpenBSD-xf4
#OpenBSD-xenocara
Save and Quit [ esc a a ]
# cvsup -g -L 2 cvsup-file-xf4
# export PKG_PATH=ftp://filoktitis.noc.uoa.gr/pub/OpenBSD/4.1/packages/i386/
#pkg_add -v tk-8.4.7p1.tgz
# rm -rf /usr/Xbld
# mkdir -p /usr/Xbld
# cd /usr/Xbld
# lndir ../XF4
# make build
# reboot
Login: root
password: password
# find /usr/ports/ -name opera
# cd /usr/ports/www/opera/
# make update
Πέμπτη, Σεπτεμβρίου 27, 2007
FreeBSD: Colourful console
Rise history size to 1000. Change console text to green. Read inverted documentation as yellow. Kernel messages will be blue.
Recompile kernel with these options:
options SC_HISTORY_SIZE=1000
options SC_NORM_ATTR=(FG_LIGHTGREENBG_BLACK)
options SC_NORM_REV_ATTR=(FG_YELLOWBG_BLACK)
options SC_KERNEL_CONS_ATTR=(FG_LIGHTBLUEBG_BLACK)
options SC_KERNEL_CONS_REV_ATTR=(FG_LIGHTREDBG_BLACK)
2) Dialup firewalling with FreeBSD ( IPFW)
Marc Silver
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
options TCP_DROP_SYNFIN
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="your_profile"
Save and Quit [ esc a a ]
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Firewall rules
# Written by Marc Silver (marcs@draenor.org)
# http://draenor.org/ipfw
# Freely distributable
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp0
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example specifically allows connections
# to ssh and apache.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0
# Allow them back in with the answers... :)
$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work). You may wish to
# disallow this, but I feel it suits my needs to keep them in.
$fwcmd add allow icmp from any to any
# Deny all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
options TCP_DROP_SYNFIN
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="your_profile"
Save and Quit [ esc a a ]
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Firewall rules
# Written by Marc Silver (marcs@draenor.org)
# http://draenor.org/ipfw
# Freely distributable
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp0
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example specifically allows connections
# to ssh and apache.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0
# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0
# Allow them back in with the answers... :)
$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0
# Allow ICMP (for ping and traceroute to work). You may wish to
# disallow this, but I feel it suits my needs to keep them in.
$fwcmd add allow icmp from any to any
# Deny all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
1) Dialup firewalling with FreeBSD ( IPFW )
Marc Silver
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile=""your_profile"
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Define our outside interface. With userland-ppp this
# defaults to tun0.
oif="tun0"
# Define our inside interface. This is usually your network
# card. Be sure to change this to match your own network
# interface.
iif="fxp0"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath
# Allow all connections that we initiate, and keep their state.
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and 80.
# This example specifically allows connections to the sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
marcs@draenor.org
Login: root
password: password
Recompile kernel with these options:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
# ee /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile=""your_profile"
# mkdir -p /etc/firewall
# cd /etc/firewall
# ee fwrules
Write the following
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Define our outside interface. With userland-ppp this
# defaults to tun0.
oif="tun0"
# Define our inside interface. This is usually your network
# card. Be sure to change this to match your own network
# interface.
iif="fxp0"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath
# Allow all connections that we initiate, and keep their state.
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and 80.
# This example specifically allows connections to the sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
Save and Quit [ esc a a ]
# reboot
FreeBSD: Rebuild the World, and Recompile the Kernel ( STABLE)
Login: root
password: password
Install cvsup-without-gui
# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
If you want to install these items via ports, the way would be like this "but as I mentioned, you can use the pkg_add method for these 2 applications without fear"
# cd /usr/ports/net/cvsup-without-gui; make install clean
# cd /usr/ports/sysutils/fastest_cvsup; make install clean
# ee /etc/ssh/sshd_config
CHANGE the following
# Protocol 2
to
Protocol 2
and CHANGE the following
# PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
changes the console to not logout
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
Install ports tree
# cp /usr/share/examples/cvsup/ports-supfile /root/
# cp /usr/share/examples/cvsup/stable-supfile /root/
# ee /root/ports-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
# ee /root/stable-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
Setup scripts for maintaining systems
# mkdir /root/scripts
# cd /root/scripts
# ee ports-update.sh
Write the following
#!/bin/sh
# updating port
echo "Beginning Ports Update"
/usr/local/bin/cvsup -g -L 2 /etc/ports-supfile
echo "Ports Update Complete"
Save and Quit [ esc a a ]
# ee src-update.sh
Write the following
#!/bin/sh
# updating source
echo "Beginning Source Update"
/usr/local/bin/cvsup -g -L 2 /etc/stable-supfile
echo "Source Update Complete"
Save and Quit [ esc a a ]
# chmod +x *.sh
# cp /root/ports-supfile /etc/
# cp /root/stable-supfile /etc/
# chmod 640 /etc/ports-supfile
# chmod 640 /etc/stable-supfile
Rebuild the entire machine and Kernel
# /root/scripts/src-update.sh
# cd /usr/src/sys/i386/conf
# cp GENERIC CUSTOM
# cd /usr/src/
# make buildworld
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot
Login: root
password: password
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster
# reboot
Login: root
password: password
# cd /usr/src
# make clean
Update ports now
# pkg_add -r portupgrade
# /usr/local/bin/portupgrade -a
Adding applications
# pkg_add -r portaudit
# pkg_add -r zsh
# pkg_add -r wget
# pkg_add -r screen
If pkg_add -r screen fails try the following
# cd /usr/ports/sysutils/screen
# make install clean
# pkg_add -r sudo
# pkg_add -r pcre
# cd /root/scripts
# ee check-ports.sh
Write the following
#!/bin/sh
#check ports
/usr/local/sbin/portaudit -Fda
Save and Quit [ esc a a ]
# chmod +x check-ports.sh
password: password
Install cvsup-without-gui
# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
If you want to install these items via ports, the way would be like this "but as I mentioned, you can use the pkg_add method for these 2 applications without fear"
# cd /usr/ports/net/cvsup-without-gui; make install clean
# cd /usr/ports/sysutils/fastest_cvsup; make install clean
# ee /etc/ssh/sshd_config
CHANGE the following
# Protocol 2
to
Protocol 2
and CHANGE the following
# PermitRootLogin no
to
PermitRootLogin no
Save and Quit [ esc a a ]
changes the console to not logout
# ee /etc/ttys
CHANGE the following
console none unknown off secure
to
console none unknown off insecure
Save and Quit [ esc a a ]
Install ports tree
# cp /usr/share/examples/cvsup/ports-supfile /root/
# cp /usr/share/examples/cvsup/stable-supfile /root/
# ee /root/ports-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
# ee /root/stable-supfile
CHANGE the following
*default host=CHANGE_THIS.FreeBSD.org
to
*default host=cvsup4.FreeBSD.org
Save and Quit [ esc a a ]
Setup scripts for maintaining systems
# mkdir /root/scripts
# cd /root/scripts
# ee ports-update.sh
Write the following
#!/bin/sh
# updating port
echo "Beginning Ports Update"
/usr/local/bin/cvsup -g -L 2 /etc/ports-supfile
echo "Ports Update Complete"
Save and Quit [ esc a a ]
# ee src-update.sh
Write the following
#!/bin/sh
# updating source
echo "Beginning Source Update"
/usr/local/bin/cvsup -g -L 2 /etc/stable-supfile
echo "Source Update Complete"
Save and Quit [ esc a a ]
# chmod +x *.sh
# cp /root/ports-supfile /etc/
# cp /root/stable-supfile /etc/
# chmod 640 /etc/ports-supfile
# chmod 640 /etc/stable-supfile
Rebuild the entire machine and Kernel
# /root/scripts/src-update.sh
# cd /usr/src/sys/i386/conf
# cp GENERIC CUSTOM
# cd /usr/src/
# make buildworld
# make buildkernel KERNCONF=GENERIC
# make installkernel KERNCONF=GENERIC
# reboot
Login: root
password: password
# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# cd /usr/src
# mergemaster -p
# make installworld
# mergemaster
# reboot
Login: root
password: password
# cd /usr/src
# make clean
Update ports now
# pkg_add -r portupgrade
# /usr/local/bin/portupgrade -a
Adding applications
# pkg_add -r portaudit
# pkg_add -r zsh
# pkg_add -r wget
# pkg_add -r screen
If pkg_add -r screen fails try the following
# cd /usr/ports/sysutils/screen
# make install clean
# pkg_add -r sudo
# pkg_add -r pcre
# cd /root/scripts
# ee check-ports.sh
Write the following
#!/bin/sh
#check ports
/usr/local/sbin/portaudit -Fda
Save and Quit [ esc a a ]
# chmod +x check-ports.sh
Εγγραφή σε:
Αναρτήσεις (Atom)