Post install actions

FreeBSD post install actions

Create the sjapkg poudriere package environment Create ssl and repository directory ># mkdir -p /usr/local/etc/pkg/repos/ ># mkdir -p /usr/local/etc/ssl/poudriere/ The repository directory gets 2 files to disable the FreeBSD- and enable the sjapkg-repository. ># vi /usr/local/etc/pkg/repos/freebsd.conf FreeBSD: {

   enabled: no

} ># vi /usr/local/etc/pkg/repos/sjapkg.conf sjapkg: { url: "http://sjapkg.sjakio.com/packages/12amd64-sjapkg", mirror_type: "http", signature_type: "pubkey", pubkey: "/usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem", enabled: yes } The ssl directory gets the public key of the sjapkg-repository. ># vi /usr/local/etc/ssl/poudriere/sjapkg.sjakio.com.pub.key.pem

BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYKLD2N12/1sOGKjjhOO z7sD1wO16HgebAwtnxeNGoDkzXqzAAgY4YY7Gv6t3fbpIncvoYH2GV7qOOtqDEj9 0YIUEA0R4EA0TtwjNkU9TVB7GE76Ok1zk5Hmw7C3xfIJZN+9BwdVewwL5BE6FbYZ Rt6y59kvMA/uyo78GqweE6JGbCrmX3ZcSypXjwsky7ApttiSyCKzMVRPNdpp1K/+ /DdrohqIQYjl3OnTi4n9DGgE1PJ4dRUs4A2Cfqx8hlslwe6pbYtLEfEdNbe65hwl HH00j4R6IAG/mkS5HMaSV0Bx8mdjBJhpmYabtuXRq5YR/cIduC1jxGNI1iwNZ0ce gwIDAQAB

END PUBLIC KEY-----

Install packages ># pkg update ># pkg install bash vim-console sudo bsdstats

uncomment the wheel group in sudo ># visudo %wheel ALL=(ALL) ALL

bash add to /etc/fstab: fdesc /dev/fd fdescfs rw 0 0

add autoboot_delay=3” to /boot/loader.conf ># vim /boot/loader.conf autoboot_delay="3"

># vipw change: /usr/sh to: /usr/local/bin/bash for jac & root

disable ctrl alt del reboot ># sysctl hw.syscons.kbd_reboot=0

Change motd and profile Save motd ># mv /etc/motd /etc/motd.default ># vim /etc/motd FreeBSD 12.0-RELEASE-p3 GENERIC

Welcome to FreeBSD!

Add below text to the bottom of /etc/profile ># vim /etc/profile uname -a echo " " date echo " " echo " "

Change /etc/syslog.conf to enable console.log and all.log

1. vim /etc/syslog.conf

Uncomment the lines with

   console.info                                    /var/log/console.log
   *.*                                             /var/log/all.log

1. touch /var/log/console.log
2. touch /var/log/all.log
3. chmod 600 /var/log/all.log
4. chmod 600 /var/log/console.log

1. service syslogd restart

enable encrypted ssh authentication on iron. Prepare users $ mkdir ~/.ssh copy public keys from another host $ vim ~/.ssh/authorized_keys $ chmod -R 700 ~/.ssh Logout and login using key to see if all works.

Force key authentication only

1. vim /etc/ssh/sshd_config

ListenAddress XX.XX.XX.XX # changed to Nic address PermitRootLogin no              # << Default: prohibit root login over ssh PasswordAuthentication no       # << Default: ssh key only authorization ChallengeResponseAuthentication no      # changed to force key auth. only UsePAM no                       # << Changed to set ssh key authorization only

1. service sshd restart