Post install actions: Difference between revisions
Jump to navigation
Jump to search
imported>Jacob (Created page with "FreeBSD post install actions Create the sjapkg poudriere package environment Create ssl and repository directory ># mkdir -p /usr/local/etc/pkg/repos/ ># mkdir -p /usr/local/...") |
|||
| (30 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<hr> | |||
<p style="text align:left;">Previous [[Freebsd Knowledge Base]] | |||
<span style="float:right;">Return [[Build Custom Kernel]]</span></p> | |||
<hr> | |||
Create the | == Create the [local] poudriere package environment == | ||
Create ssl and repository directory | Create ssl and repository directory | ||
<pre> | |||
># mkdir -p /usr/local/etc/pkg/repos/ | ># mkdir -p /usr/local/etc/pkg/repos/ | ||
># mkdir -p /usr/local/etc/ssl/poudriere/ | ># mkdir -p /usr/local/etc/ssl/poudriere/ | ||
</pre> | |||
The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. | The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. | ||
<pre> | |||
># vi /usr/local/etc/pkg/repos/freebsd.conf | ># vi /usr/local/etc/pkg/repos/freebsd.conf | ||
</pre> | |||
<pre> | |||
FreeBSD: { | FreeBSD: { | ||
enabled: no | |||
} | } | ||
># vi /usr/local/etc/pkg/repos/ | </pre> | ||
<pre> | |||
url: "http:// | ># vi /usr/local/etc/pkg/repos/mypkg.conf | ||
</pre> | |||
<pre> | |||
mypkg: { | |||
url: "http://mypkg.example.com/packages/12amd64-mypkg", | |||
mirror_type: "http", | mirror_type: "http", | ||
signature_type: "pubkey", | signature_type: "pubkey", | ||
pubkey: "/usr/local/etc/ssl/poudriere/ | pubkey: "/usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem", | ||
enabled: yes | enabled: yes | ||
} | } | ||
The ssl directory gets the public key of the | </pre> | ||
># vi /usr/local/etc/ssl/poudriere/ | The ssl directory gets the public key of the mypkg-repository. | ||
<pre> | |||
># vi /usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem | |||
</pre> | |||
<pre> | |||
-----BEGIN PUBLIC KEY----- | -----BEGIN PUBLIC KEY----- | ||
. | |||
. | |||
-----END PUBLIC KEY----- | -----END PUBLIC KEY----- | ||
</pre> | |||
Install packages | == Install packages == | ||
># pkg update | ># pkg update | ||
># pkg install bash vim-console sudo bsdstats | ># pkg install bash vim-console sudo bsdstats | ||
== Continue configuration == | |||
Enable the wheel group for sudo | |||
># visudo | ># visudo | ||
%wheel ALL=(ALL) ALL | %wheel ALL=(ALL) ALL | ||
For bash add to /etc/fstab: | |||
bash | fdesc /dev/fd fdescfs rw 0 0 | ||
add to /etc/fstab: | |||
add autoboot_delay=3” to /boot/loader.conf | add autoboot_delay=3” to /boot/loader.conf | ||
># vim /boot/loader.conf | ># vim /boot/loader.conf | ||
autoboot_delay="3" | autoboot_delay="3" | ||
change default shell for user & root: /usr/sh to: /usr/local/bin/bash | |||
change: /usr/sh to: /usr/local/bin/bash | ># chsh -s bash user | ||
># chsh -s bash root | |||
disable ctrl alt del reboot | disable ctrl alt del reboot | ||
># sysctl hw.syscons.kbd_reboot=0 | ># sysctl hw.syscons.kbd_reboot=0 | ||
Change motd and profile<br> | |||
Save original motd | |||
># mv /etc/motd /etc/motd.default | |||
># vim /etc/motd | |||
FreeBSD 12.1-RELEASE GENERIC | |||
Welcome to FreeBSD! | |||
Add below text to the bottom of /etc/profile | Add below text to the bottom of /etc/profile | ||
># vim /etc/profile | ># vim /etc/profile | ||
uname - | uname -vpn | ||
echo " " | echo " " | ||
date | date | ||
echo " " | echo " " | ||
echo " " | echo " " | ||
Change /etc/syslog.conf to enable console.log and all.log<br> | |||
enable encrypted ssh authentication | Uncomment the below lines: | ||
Prepare users | ># vim /etc/syslog.conf | ||
$ mkdir ~/.ssh | console.info /var/log/console.log | ||
*.* /var/log/all.log | |||
$ vim ~/.ssh/authorized_keys | Create the log files and set the acl. | ||
$ chmod -R 700 ~/.ssh | ># touch /var/log/console.log | ||
># touch /var/log/all.log | |||
># chmod 600 /var/log/all.log | |||
># chmod 600 /var/log/console.log | |||
Restart the log service | |||
># service syslogd restart | |||
== On iron enable encrypted ssh authentication.== | |||
Prepare users: | |||
>$ mkdir ~/.ssh | |||
Copy public keys from another host | |||
>$ vim ~/.ssh/authorized_keys | |||
>$ chmod -R 700 ~/.ssh | |||
Logout and login using key to see if all works. | Logout and login using key to see if all works. | ||
Force key authentication only | Force key authentication only | ||
# vim /etc/ssh/sshd_config | ># vim /etc/ssh/sshd_config | ||
ListenAddress XX.XX.XX.XX # changed to Nic address | ListenAddress XX.XX.XX.XX # changed to Nic address | ||
PermitRootLogin no # << Default: prohibit root login over ssh | PermitRootLogin no # << Default: prohibit root login over ssh | ||
PasswordAuthentication no # << Default: ssh key only authorization | PasswordAuthentication no # << Default: ssh key only authorization | ||
ChallengeResponseAuthentication no # changed to force key auth. only | ChallengeResponseAuthentication no # changed to force key auth. only | ||
UsePAM no # << Changed to set ssh key authorization only | UsePAM no # << Changed to set ssh key authorization only | ||
Restart the ssh service. | |||
># service sshd restart | |||
<hr> | |||
<p style="text align:left;">Previous [[Freebsd Knowledge Base]] | |||
<span style="float:right;">Return [[Build Custom Kernel]]</span></p> | |||
<center> Up [[Freebsd Knowledge Base]]</center> | |||
<hr> | |||
Latest revision as of 09:16, 20 March 2021
Previous Freebsd Knowledge Base Return Build Custom Kernel
Create the [local] poudriere package environment
Create ssl and repository directory
># mkdir -p /usr/local/etc/pkg/repos/ ># mkdir -p /usr/local/etc/ssl/poudriere/
The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository.
># vi /usr/local/etc/pkg/repos/freebsd.conf
FreeBSD: {
enabled: no
}
># vi /usr/local/etc/pkg/repos/mypkg.conf
mypkg: {
url: "http://mypkg.example.com/packages/12amd64-mypkg",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem",
enabled: yes
}
The ssl directory gets the public key of the mypkg-repository.
># vi /usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem
-----BEGIN PUBLIC KEY----- . . -----END PUBLIC KEY-----
Install packages
># pkg update ># pkg install bash vim-console sudo bsdstats
Continue configuration
Enable the wheel group for sudo
># visudo %wheel ALL=(ALL) ALL
For bash add to /etc/fstab:
fdesc /dev/fd fdescfs rw 0 0
add autoboot_delay=3” to /boot/loader.conf
># vim /boot/loader.conf autoboot_delay="3"
change default shell for user & root: /usr/sh to: /usr/local/bin/bash
># chsh -s bash user ># chsh -s bash root
disable ctrl alt del reboot
># sysctl hw.syscons.kbd_reboot=0
Change motd and profile
Save original motd
># mv /etc/motd /etc/motd.default ># vim /etc/motd FreeBSD 12.1-RELEASE GENERIC Welcome to FreeBSD!
Add below text to the bottom of /etc/profile
># vim /etc/profile uname -vpn echo " " date echo " " echo " "
Change /etc/syslog.conf to enable console.log and all.log
Uncomment the below lines:
># vim /etc/syslog.conf
console.info /var/log/console.log
*.* /var/log/all.log
Create the log files and set the acl.
># touch /var/log/console.log ># touch /var/log/all.log ># chmod 600 /var/log/all.log ># chmod 600 /var/log/console.log
Restart the log service
># service syslogd restart
On iron enable encrypted ssh authentication.
Prepare users:
>$ mkdir ~/.ssh
Copy public keys from another host
>$ vim ~/.ssh/authorized_keys >$ chmod -R 700 ~/.ssh
Logout and login using key to see if all works. Force key authentication only
># vim /etc/ssh/sshd_config ListenAddress XX.XX.XX.XX # changed to Nic address PermitRootLogin no # << Default: prohibit root login over ssh PasswordAuthentication no # << Default: ssh key only authorization ChallengeResponseAuthentication no # changed to force key auth. only UsePAM no # << Changed to set ssh key authorization only
Restart the ssh service.
># service sshd restart
Previous Freebsd Knowledge Base Return Build Custom Kernel