Post install actions: Difference between revisions
Jump to navigation
Jump to search
imported>Jacob No edit summary |
imported>Jacob No edit summary |
||
| Line 1: | Line 1: | ||
FreeBSD post install actions | FreeBSD post install actions | ||
Create the sjapkg poudriere package environment | == Heading text == | ||
Create the sjapkg poudriere package environment<br> | |||
Create ssl and repository directory | Create ssl and repository directory | ||
># mkdir -p /usr/local/etc/pkg/repos/ | ># mkdir -p /usr/local/etc/pkg/repos/ | ||
| Line 7: | Line 9: | ||
The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. | The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. | ||
># vi /usr/local/etc/pkg/repos/freebsd.conf | ># vi /usr/local/etc/pkg/repos/freebsd.conf | ||
FreeBSD: { | |||
enabled: no | |||
} | |||
># vi /usr/local/etc/pkg/repos/sjapkg.conf | ># vi /usr/local/etc/pkg/repos/sjapkg.conf | ||
sjapkg: { | |||
url: "http://sjapkg.sjakio.com/packages/12amd64-sjapkg", | url: "http://sjapkg.sjakio.com/packages/12amd64-sjapkg", | ||
mirror_type: "http", | mirror_type: "http", | ||
| Line 17: | Line 19: | ||
pubkey: "/usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem", | pubkey: "/usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem", | ||
enabled: yes | enabled: yes | ||
} | |||
The ssl directory gets the public key of the sjapkg-repository. | The ssl directory gets the public key of the sjapkg-repository. | ||
># vi /usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem | ># vi /usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem | ||
-----BEGIN PUBLIC KEY----- | |||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYKLD2N12/1sOGKjjhOO | |||
z7sD1wO16HgebAwtnxeNGoDkzXqzAAgY4YY7Gv6t3fbpIncvoYH2GV7qOOtqDEj9 | |||
0YIUEA0R4EA0TtwjNkU9TVB7GE76Ok1zk5Hmw7C3xfIJZN+9BwdVewwL5BE6FbYZ | |||
Rt6y59kvMA/uyo78GqweE6JGbCrmX3ZcSypXjwsky7ApttiSyCKzMVRPNdpp1K/+ | |||
/DdrohqIQYjl3OnTi4n9DGgE1PJ4dRUs4A2Cfqx8hlslwe6pbYtLEfEdNbe65hwl | |||
HH00j4R6IAG/mkS5HMaSV0Bx8mdjBJhpmYabtuXRq5YR/cIduC1jxGNI1iwNZ0ce | |||
gwIDAQAB | |||
-----END PUBLIC KEY----- | |||
Install packages | Install packages | ||
| Line 34: | Line 36: | ||
># pkg install bash vim-console sudo bsdstats | ># pkg install bash vim-console sudo bsdstats | ||
Enable the wheel group for sudo | |||
># visudo | ># visudo | ||
%wheel ALL=(ALL) ALL | %wheel ALL=(ALL) ALL | ||
bash | For bash add to /etc/fstab: | ||
add to /etc/fstab: | fdesc /dev/fd fdescfs rw 0 0 | ||
add autoboot_delay=3” to /boot/loader.conf | add autoboot_delay=3” to /boot/loader.conf | ||
># vim /boot/loader.conf | ># vim /boot/loader.conf | ||
autoboot_delay="3" | |||
change: /usr/sh to: /usr/local/bin/bash for jac & root | change: /usr/sh to: /usr/local/bin/bash for jac & root | ||
| Line 52: | Line 53: | ||
># sysctl hw.syscons.kbd_reboot=0 | ># sysctl hw.syscons.kbd_reboot=0 | ||
Change motd and profile | Change motd and profile<br> | ||
Save original motd | Save original motd | ||
># mv /etc/motd /etc/motd.default | ># mv /etc/motd /etc/motd.default | ||
| Line 60: | Line 61: | ||
Welcome to FreeBSD! | Welcome to FreeBSD! | ||
Add below text to the bottom of /etc/profile | Add below text to the bottom of /etc/profile | ||
># vim /etc/profile | ># vim /etc/profile | ||
Revision as of 20:56, 26 May 2019
FreeBSD post install actions
Heading text
Create the sjapkg poudriere package environment
Create ssl and repository directory
># mkdir -p /usr/local/etc/pkg/repos/ ># mkdir -p /usr/local/etc/ssl/poudriere/
The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository.
># vi /usr/local/etc/pkg/repos/freebsd.conf
FreeBSD: {
enabled: no
}
># vi /usr/local/etc/pkg/repos/sjapkg.conf
sjapkg: {
url: "http://sjapkg.sjakio.com/packages/12amd64-sjapkg",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem",
enabled: yes
}
The ssl directory gets the public key of the sjapkg-repository.
># vi /usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYKLD2N12/1sOGKjjhOO z7sD1wO16HgebAwtnxeNGoDkzXqzAAgY4YY7Gv6t3fbpIncvoYH2GV7qOOtqDEj9 0YIUEA0R4EA0TtwjNkU9TVB7GE76Ok1zk5Hmw7C3xfIJZN+9BwdVewwL5BE6FbYZ Rt6y59kvMA/uyo78GqweE6JGbCrmX3ZcSypXjwsky7ApttiSyCKzMVRPNdpp1K/+ /DdrohqIQYjl3OnTi4n9DGgE1PJ4dRUs4A2Cfqx8hlslwe6pbYtLEfEdNbe65hwl HH00j4R6IAG/mkS5HMaSV0Bx8mdjBJhpmYabtuXRq5YR/cIduC1jxGNI1iwNZ0ce gwIDAQAB -----END PUBLIC KEY-----
Install packages
># pkg update ># pkg install bash vim-console sudo bsdstats
Enable the wheel group for sudo
># visudo %wheel ALL=(ALL) ALL
For bash add to /etc/fstab:
fdesc /dev/fd fdescfs rw 0 0
add autoboot_delay=3” to /boot/loader.conf
># vim /boot/loader.conf autoboot_delay="3"
change: /usr/sh to: /usr/local/bin/bash for jac & root
># vipw
disable ctrl alt del reboot
># sysctl hw.syscons.kbd_reboot=0
Change motd and profile
Save original motd
># mv /etc/motd /etc/motd.default ># vim /etc/motd FreeBSD 12.0-RELEASE-p3 GENERIC Welcome to FreeBSD!
Add below text to the bottom of /etc/profile
># vim /etc/profile uname -a echo " " date echo " " echo " "
Change /etc/syslog.conf to enable console.log and all.log
># vim /etc/syslog.conf
Uncomment the lines with
console.info /var/log/console.log
*.* /var/log/all.log
># touch /var/log/console.log ># touch /var/log/all.log ># chmod 600 /var/log/all.log ># chmod 600 /var/log/console.log
># service syslogd restart
On iron enable encrypted ssh authentication.
Prepare users:
>$ mkdir ~/.ssh
copy public keys from another host
>$ vim ~/.ssh/authorized_keys >$ chmod -R 700 ~/.ssh
Logout and login using key to see if all works.
Force key authentication only
># vim /etc/ssh/sshd_config ListenAddress XX.XX.XX.XX # changed to Nic address PermitRootLogin no # << Default: prohibit root login over ssh PasswordAuthentication no # << Default: ssh key only authorization ChallengeResponseAuthentication no # changed to force key auth. only UsePAM no # << Changed to set ssh key authorization only
># service sshd restart