Post install actions: Difference between revisions

Revision as of 14:14, 25 January 2020

Previous Freebsd Knowledge Base Return Build Custom Kernel

Create the sjapkg poudriere package environment

Create ssl and repository directory

># mkdir -p /usr/local/etc/pkg/repos/
># mkdir -p /usr/local/etc/ssl/poudriere/

The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository.

># vi /usr/local/etc/pkg/repos/freebsd.conf 
 FreeBSD: {
     enabled: no
 }

># vi /usr/local/etc/pkg/repos/sjapkg.conf
 sjapkg: {
	url: "http://sjapkg.sjakio.com/packages/12amd64-sjapkg",
	url: "http://poud.sjakio.com/packages/121amd64-sjapkg",
	mirror_type: "http",
	signature_type: "pubkey",
	pubkey: "/usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem",
	enabled: yes
 }

Use one of the 2 urls depending if you are using 12 or 12.1 The ssl directory gets the public key of the sjapkg-repository.

># vi /usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYKLD2N12/1sOGKjjhOO
 z7sD1wO16HgebAwtnxeNGoDkzXqzAAgY4YY7Gv6t3fbpIncvoYH2GV7qOOtqDEj9
 0YIUEA0R4EA0TtwjNkU9TVB7GE76Ok1zk5Hmw7C3xfIJZN+9BwdVewwL5BE6FbYZ
 Rt6y59kvMA/uyo78GqweE6JGbCrmX3ZcSypXjwsky7ApttiSyCKzMVRPNdpp1K/+
 /DdrohqIQYjl3OnTi4n9DGgE1PJ4dRUs4A2Cfqx8hlslwe6pbYtLEfEdNbe65hwl
 HH00j4R6IAG/mkS5HMaSV0Bx8mdjBJhpmYabtuXRq5YR/cIduC1jxGNI1iwNZ0ce
 gwIDAQAB
 -----END PUBLIC KEY-----

Install packages

># pkg update
># pkg install bash vim-console sudo bsdstats

Continue configuration

Enable the wheel group for sudo

># visudo
%wheel ALL=(ALL) ALL

For bash add to /etc/fstab:

fdesc	/dev/fd	fdescfs	rw	0	0

add autoboot_delay=3” to /boot/loader.conf

># vim /boot/loader.conf
 autoboot_delay="3"

change default shellfor jac & root: /usr/sh to: /usr/local/bin/bash

># chsh -s bash jac 
># chsh -s bash root

disable ctrl alt del reboot

># sysctl hw.syscons.kbd_reboot=0

Change motd and profile
Save original motd

># mv /etc/motd /etc/motd.default
># vim /etc/motd
FreeBSD 12.0-RELEASE-p3 GENERIC 

Welcome to FreeBSD!

Add below text to the bottom of /etc/profile

># vim /etc/profile
uname -vpn
echo " "
date
echo " "
echo " "

Change /etc/syslog.conf to enable console.log and all.log
Uncomment the below lines:

># vim /etc/syslog.conf
    console.info                                    /var/log/console.log
    *.*                                             /var/log/all.log

Create the log files and set the acl.

># touch /var/log/console.log
># touch /var/log/all.log
># chmod 600 /var/log/all.log
># chmod 600 /var/log/console.log

Restart the log service

># service syslogd restart

On iron enable encrypted ssh authentication.

Prepare users:

>$ mkdir ~/.ssh

Copy public keys from another host

>$ vim ~/.ssh/authorized_keys
>$ chmod -R 700 ~/.ssh

Logout and login using key to see if all works. Force key authentication only

># vim /etc/ssh/sshd_config
ListenAddress XX.XX.XX.XX	       # changed to Nic address
PermitRootLogin no              # << Default: prohibit root login over ssh
PasswordAuthentication no       # << Default: ssh key only authorization
ChallengeResponseAuthentication no      # changed to force key auth. only
UsePAM no                       # << Changed to set ssh key authorization only

Restart the ssh service.

># service sshd restart

Previous Freebsd Knowledge Base Return Build Custom Kernel

Up Freebsd Knowledge Base

Post install actions: Difference between revisions

Revision as of 14:14, 25 January 2020

Contents

Create the sjapkg poudriere package environment

Install packages

Continue configuration

On iron enable encrypted ssh authentication.

Navigation menu

Post install actions: Difference between revisions

Revision as of 14:14, 25 January 2020

Create the sjapkg poudriere package environment

Install packages

Continue configuration

On iron enable encrypted ssh authentication.

Navigation menu

Search