Post install actions: Difference between revisions
Jump to navigation
Jump to search
imported>Jacob No edit summary |
|||
| (15 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<hr> | |||
<p style="text align:left;">Previous [[Freebsd Knowledge Base]] | |||
<span style="float:right;">Return [[Build Custom Kernel]]</span></p> | |||
<hr> | |||
== Create the [local] poudriere package environment == | |||
== Create the | |||
Create ssl and repository directory | Create ssl and repository directory | ||
<pre> | |||
># mkdir -p /usr/local/etc/pkg/repos/ | |||
># mkdir -p /usr/local/etc/ssl/poudriere/ | |||
</pre> | |||
The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. | The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. | ||
<pre> | |||
># vi /usr/local/etc/pkg/repos/freebsd.conf | |||
</pre> | |||
<pre> | |||
FreeBSD: { | |||
enabled: no | |||
} | |||
</pre> | |||
<pre> | |||
># vi /usr/local/etc/pkg/repos/mypkg.conf | |||
</pre> | |||
<pre> | |||
The ssl directory gets the public key of the | mypkg: { | ||
url: "http://mypkg.example.com/packages/12amd64-mypkg", | |||
mirror_type: "http", | |||
signature_type: "pubkey", | |||
pubkey: "/usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem", | |||
enabled: yes | |||
} | |||
</pre> | |||
The ssl directory gets the public key of the mypkg-repository. | |||
<pre> | |||
># vi /usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem | |||
</pre> | |||
<pre> | |||
-----BEGIN PUBLIC KEY----- | |||
. | |||
. | |||
-----END PUBLIC KEY----- | |||
</pre> | |||
== Install packages == | == Install packages == | ||
># pkg update | ># pkg update | ||
| Line 48: | Line 55: | ||
autoboot_delay="3" | autoboot_delay="3" | ||
change default | change default shell for user & root: /usr/sh to: /usr/local/bin/bash | ||
># chsh -s bash | ># chsh -s bash user | ||
># chsh -s bash root | ># chsh -s bash root | ||
| Line 59: | Line 66: | ||
># mv /etc/motd /etc/motd.default | ># mv /etc/motd /etc/motd.default | ||
># vim /etc/motd | ># vim /etc/motd | ||
FreeBSD 12. | FreeBSD 12.1-RELEASE GENERIC | ||
Welcome to FreeBSD! | Welcome to FreeBSD! | ||
| Line 99: | Line 106: | ||
Restart the ssh service. | Restart the ssh service. | ||
># service sshd restart | ># service sshd restart | ||
<hr> | |||
<p style="text align:left;">Previous [[Freebsd Knowledge Base]] | |||
<span style="float:right;">Return [[Build Custom Kernel]]</span></p> | |||
<center> Up [[Freebsd Knowledge Base]]</center> | |||
<hr> | |||
Latest revision as of 09:16, 20 March 2021
Previous Freebsd Knowledge Base Return Build Custom Kernel
Create the [local] poudriere package environment
Create ssl and repository directory
># mkdir -p /usr/local/etc/pkg/repos/ ># mkdir -p /usr/local/etc/ssl/poudriere/
The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository.
># vi /usr/local/etc/pkg/repos/freebsd.conf
FreeBSD: {
enabled: no
}
># vi /usr/local/etc/pkg/repos/mypkg.conf
mypkg: {
url: "http://mypkg.example.com/packages/12amd64-mypkg",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem",
enabled: yes
}
The ssl directory gets the public key of the mypkg-repository.
># vi /usr/local/etc/ssl/poudriere/mypkg.example.com.pub.key.pem
-----BEGIN PUBLIC KEY----- . . -----END PUBLIC KEY-----
Install packages
># pkg update ># pkg install bash vim-console sudo bsdstats
Continue configuration
Enable the wheel group for sudo
># visudo %wheel ALL=(ALL) ALL
For bash add to /etc/fstab:
fdesc /dev/fd fdescfs rw 0 0
add autoboot_delay=3” to /boot/loader.conf
># vim /boot/loader.conf autoboot_delay="3"
change default shell for user & root: /usr/sh to: /usr/local/bin/bash
># chsh -s bash user ># chsh -s bash root
disable ctrl alt del reboot
># sysctl hw.syscons.kbd_reboot=0
Change motd and profile
Save original motd
># mv /etc/motd /etc/motd.default ># vim /etc/motd FreeBSD 12.1-RELEASE GENERIC Welcome to FreeBSD!
Add below text to the bottom of /etc/profile
># vim /etc/profile uname -vpn echo " " date echo " " echo " "
Change /etc/syslog.conf to enable console.log and all.log
Uncomment the below lines:
># vim /etc/syslog.conf
console.info /var/log/console.log
*.* /var/log/all.log
Create the log files and set the acl.
># touch /var/log/console.log ># touch /var/log/all.log ># chmod 600 /var/log/all.log ># chmod 600 /var/log/console.log
Restart the log service
># service syslogd restart
On iron enable encrypted ssh authentication.
Prepare users:
>$ mkdir ~/.ssh
Copy public keys from another host
>$ vim ~/.ssh/authorized_keys >$ chmod -R 700 ~/.ssh
Logout and login using key to see if all works. Force key authentication only
># vim /etc/ssh/sshd_config ListenAddress XX.XX.XX.XX # changed to Nic address PermitRootLogin no # << Default: prohibit root login over ssh PasswordAuthentication no # << Default: ssh key only authorization ChallengeResponseAuthentication no # changed to force key auth. only UsePAM no # << Changed to set ssh key authorization only
Restart the ssh service.
># service sshd restart
Previous Freebsd Knowledge Base Return Build Custom Kernel