FreeBSD 6.3 Build

Introduction

This document contains basic instructions on building a system using FreeBSD 6.3. This covers security standards, configuration options, networking configuration, etc. The information used in this example probably doesn’t match your environment or hardware exactly. Verify your network, hardware and other internal system build standards before using the information contained here. Use this document at your own risk.

This document assumes technical knowledge of FreeBSD, especially in regards to kernel configuration (which is highly dependant on server hardware, application usage, and expected functionality.)

Before You Begin

Make sure that you have the following items completed and available for the installation:

  1. FreeBSD 6.3-RELEASE disc
  2. Hardware has been updated with the correct configuration for its type (see hardware preparation documentation specific for the platform and model.)
  3. Obtained server name and IP addresses

Operating System Installation

  1. Boot from FreeBSD 6.3-RELEASE installation media. Ignore Boot Loader when it is loaded.
  2. Country Selection – United States
  3. Choose “Custom” under the Main Installation Screen
    1. Select “Partition”
      1. Select free space and choose “A” to use the entire disk
      2. Set the partition as bootable with “S”
      3. Select “Q” to finish
  4. When prompted on the Boot Manager Screen, select “Standard”
  5. Select “Label” to begin assigning and labeling disk slices
    1. Use the following partition scheme:
      • swap – 512 MB
      • / – 1024 MB
      • /usr – 8192 MB (This can be more if needed, but I use 8192MB as a minimum)
      • /var – 1024 MB (Running a large MySQL database will require an increase here)
      • /tmp – 512 MB
      • /home – 4096 MB
      • /opt – What ever is left.
    2. Hit “Q” to finish
  6. Choose “Distributions” under the Main Installation Screen
    1. Select only the following distributions:
      • Minimal
      • Custom
      • base
      • kernels
      • dict
      • doc
      • man
      • catman
      • proflibs
      • src – ALL
      • ports
      • local
    2. Back out to the Main Installation Screen
  7. Select “Media”
    1. Choose “CD-ROM”
  8. Select “Commit” to finalize these settings
    1. Verify the settings by choosing “Yes”
    2. The operating system will now be installed from CD-ROM
  9. After installation, when prompted to set last options, choose “Yes”
    1. Set root password
    2. Set the time zone. I use the Pacific time zone in the US as an example here.
      1. Select “No” when asked to set the clock to UTC
      2. Select America – North and South
      3. United States
      4. Pacific Time – Confirm abbreviation of the time zone
  10. Configure “Networking”
    1. Enable ssh, leave the rest at defaults
    2. Select “Interfaces”
      1. Select interface you wish to configure
      2. Do not enable Ipv6 (unless you need it)
      3. Do not enable DHCP (unless you need it)
      4. Enter hostname
      5. Enter domain name
      6. Enter Gateway – Appropriate gateway for the network you are on
      7. Enter DNS server(s)
      8. Enter IP address and subnet mask
      9. Select Yes to bring up the interface
      10. Exit back up out of Interfaces
    3. Configure “Startup”
      1. Unselect “quotas”
  11. Select “Exit” twice, followed by “Exit Install”, then “Yes”
  12. The server will be automatically rebooted, finishing the installation

Operating System Configuration

  1. On startup the server will prompt you to type in random junk to provide a seed value for the SSH keys. Just pound on the keyboard until you get bored.
  2. Log into the server as root
  3. vi /etc/rc.conf and ensure the following options are set:
    • check_quotas=”NO”
    • defaultrouter=”x.x.x.x”
    • hostname=”hostname”
    • ifconfig_=”x.x.x.x netmask x.x.x.x”
    • xntpd_enable=”YES”
    • xntpd_program=”ntpd”
    • xntpd_flags=”-c /etc/ntpd.conf -p /var/run/ntpd.pid”
  4. Note: Instances of “x.x.x.x” should be replaced with the proper IP address or network mask

  5. vi /etc/resolv.conf and ensure the following lines are set:
    • domain domain.com
    • nameserver x.x.x.x
    • nameserver x.x.x.x
    • search search.com domains.com
  6. Configure the message of the day (MOTD) to something appropriate
  7. run “chpass”
    1. Change “Charlie &” to read “HOSTNAME &”
  8. Disable unneeded terminals
    1. vi /etc/ttys
    2. Comment out (or delete) everything in the Virtual Terminal section except the following ttyvs:
      • ttyv0
      • ttyv1
      • ttyv2
    3. Save and quit vi
    4. killall -HUP init
  9. Install bash
    1. pkg_add -r bash
  10. Install cvsup-without-gui
    1. pkg_add -r cvsup-without-guiv
    2. vi /etc/cvsupfile and enter the following:
      • *default tag=RELENG_6_3
      • *default host=cvsup12.freebsd.org
      • *default prefix=/usr
      • *default base=/var/db
      • *default release=cvs delete use-rel-suffix compress
      • src-all
      • ports-all
      • docs-all
    3. Save and quit
    4. Run CVSup
      1. /usr/local/bin/cvsup /etc/cvsupfile
      2. This will take a fair amount of time; leave the install and go do something else for awhile
  11. Update your world
    1. cd /usr/src
    2. Check to see if the obj subdirectory exists; remove it (and all of its contents) if it does
    3. make buildworld
    4. This will take even longer than the cvsup; find something better to do then watch the pretty text scrolling by
    5. cp /usr/src/sys/i386/conf/SMP /usr/src/sys/i386/conf/MYCUSTOMKERNEL
    6. If you want to be able to connect to shares on Windows systems, edit MYCUSTOMKERNEL and add the following options:
      • # Compile in SMBFS support
      • options SMBFS
      • options LIBMCHAIN
      • options LIBICONV
      • options NETSMB
      • options NETSMBCRYPTO
    7. cd /usr/src – (just to make sure we are still in the right place)
    8. make buildkernel KERNCONF= MYCUSTOMKERNEL
    9. This will also take a while, but not nearly as long as buildworld. Once it finishes compiling, we next type
    10. make installkernel KERNCONF= MYCUSTOMKERNEL
    11. make installworld
    12. Once this completes it is time to reboot into our newly updated OS.
    13. init 6
    14. Once the box comes back online, log in as root again and merge our config files
    15. mergemaster
    16. This will install new files and walk you through the process of merging changes into existing files. My general rule of thumb is to install all files that I have not modified
  12. Install basic packages
    1. pkg_add -r sudo
    2. pkg_add -r portupgrade
    3. pkg_add -r portsnap
  13. run portsnap and upgrade packages as needed with portupgrade.
  14. visudo and verify that privileges are set correctly.
  15. Configure portupgrade and verify that all ports are up to date:
    1. portsdb -Uu
    2. portversion
  16. Configure NTP
    1. ntpdate local.time.server
    2. vi /etc/ntpd.conf, erase all contents (if any) and insert the following:
      • server local.time.server
      • driftfile /etc/ntp/drift
      • multicastclient
      • broadcastdelay 0.008
      • restrict X.X.X.X mask X.X.X.X nomodify notrap
  17. Configure aliases
    1. vi /etc/aliases and change
      • root: sysadmin@somedomain.com
    2. Write and quit
    3. newaliases
  18. init 6 ; manually cycle server power
  19. Make sure everything starts up properly on boot
  20. Done