Introduction
This document contains basic instructions on building a system using FreeBSD 7.0. This covers security standards, configuration options, networking configuration, etc. The information used in this example probably doesn’t match your environment or hardware exactly. Verify your network, hardware and other internal system build standards before using the information contained here. Use this document at your own risk.
This document assumes technical knowledge of FreeBSD, especially in regards to kernel configuration (which is highly dependant on server hardware, application usage, and expected functionality.)
Before You Begin
Make sure that you have the following items completed and available for the installation:
- FreeBSD 7.0-RELEASE disc
- Hardware has been updated with the correct configuration for its type (see hardware preparation documentation specific for the platform and model.)
- Obtained server name and IP addresses
Operating System Installation
- Boot from FreeBSD 7.0-RELEASE installation media. Accept the Boot Loader default when it is loaded.
- Country Selection – United States
- Choose “Custom” under the Main Installation Screen
- Select “Partition”
- Select free space and choose “A” to use the entire disk. You will need to allocate disk differently if you have particular storage requirements, such as direct attached storage.
- Set the partition as bootable with “S”
- Select “Q” to finish
- Select “Partition”
- When prompted on the Boot Manager Screen, select “Standard”
- Select “Label” to begin assigning and labeling disk slices
- The following is an example. I tend to make /var, /home and /opt separate slices so that if something fills that volume up, it doesn’t cause problems with the rest of the system. Customize this as you need to.
- As an example, use the following partition scheme:
- swap – 512 MB
- / – 1024 MB
- /usr – 8192 MB (This can be more if needed, but I use 8192MB as a minimum)
- /var – 1024 MB (Running a large MySQL database will require an increase here)
- /tmp – 512 MB
- /home – 4096 MB
- /opt – What ever is left. I generally push large databases, applications or other data here so it doesn’t interfere with normal system operations.
- Hit “Q” to finish
- Choose “Distributions” under the Main Installation Screen
- Select only the following distributions:
- Minimal
- Custom
- base
- kernels
- dict
- doc
- info
- man
- catman
- proflibs
- src – ALL
- ports
- local
- Back out to the Main Installation Screen
- Select only the following distributions:
- Select “Media”
- Choose “CD-ROM”
- Select “Commit” to finalize these settings
- Verify the settings by choosing “Yes”
- The operating system will now be installed from CD-ROM
- After installation, when prompted to set last options, choose “Yes”
- Set root password
- Set the time zone. I use the Pacific time zone in the US as an example here.
- Select “No” when asked to set the clock to UTC
- Select America – North and South
- United States
- Pacific Time – Confirm abbreviation of the time zone
- Configure “Networking”
- Enable sshd
- Select “Interfaces”
- Select interface you wish to configure
- Do not enable Ipv6 (unless you need it)
- Do not enable DHCP (unless you need it)
- Enter hostname
- Enter domain name
- Enter Gateway – Appropriate gateway for the network you are on
- Enter DNS server(s)
- Enter IP address and subnet mask
- Select Yes to bring up the interface
- Exit back up out of Interfaces
- Configure “Startup”
- Unselect “quotas”
- Select “Exit” twice, followed by “Exit Install”, then “Yes”
- The server will be automatically rebooted, finishing the installation
Operating System Configuration
- Log into the server as root
- vi /etc/rc.conf and ensure the following options are set:
- check_quotas=”NO”
- defaultrouter=”x.x.x.x”
- hostname=”hostname”
- ifconfig_=”x.x.x.x netmask x.x.x.x”
- xntpd_enable=”YES”
- xntpd_program=”ntpd”
- xntpd_flags=”-c /etc/ntpd.conf -p /var/run/ntpd.pid”
- vi /etc/resolv.conf and ensure the following lines are set:
- domain domain.com
- nameserver x.x.x.x
- nameserver x.x.x.x
- search search.com domains.com
- Configure NTP
- ntpdate local.time.server
- vi /etc/ntpd.conf, erase all contents (if any) and insert the following:
- server server 0.north-america.pool.ntp.org
- server server 1.north-america.pool.ntp.org
- server server 2.north-america.pool.ntp.org
- driftfile /etc/ntpd/drift
- multicastclient
- broadcastdelay 0.008
- restrict X.X.X.X mask X.X.X.X nomodify notrap
- Configure the message of the day (MOTD) to something appropriate
- run “chpass”
- Change “Charlie &” to read “HOSTNAME &”
- Disable unneeded terminals
- vi /etc/ttys
- Comment out (or delete) everything in the Virtual Terminal section except the following ttyvs:
- ttyv0
- ttyv1
- ttyv2
- Save and quit vi
- killall -HUP init
- Install basic packages
- pkg_add -r bash
- Install cvsup-without-gui
- pkg_add -r sudo
- pkg_add -r portupgrade
- Configure cvsUp
- vi /etc/cvsupfile and enter the following:
- *default tag=RELENGE_6_3
- *default host=cvsup12.freebsd.org
- *default prefix=/usr
- *default base=/var/db
- *default release=cvs delete use-rel-suffix compress
- src-all
- ports-all
- docs-all
- Save and quit
- vi /etc/cvsupfile and enter the following:
- Run CVSup
- /usr/local/bin/cvsup /etc/cvsupfile
- This will take a fair amount of time; leave the install and go do something else for awhile
- Update your world
- cd /usr/src
- Check to see if the obj subdirectory exists; remove it (and all of its contents) if it does
- make buildworld
- This will take even longer than the cvsup; find something better to do then watch the pretty text scrolling by
- cp /usr/src/sys/i386/conf/SMP /usr/src/sys/i386/conf/MYCUSTOMKERNEL
- If you want to be able to connect to shares on Windows systems, edit MYCUSTOMKERNEL and add the following options:
- options SMBFS
- options LIBMCHAIN
- options LIBICONV
- options NETSMB
- options NETSMBCRYPTO
- cd /usr/src – (just to make sure we are still in the right place)
- make buildkernel KERNCONF= MYCUSTOMKERNEL
- This will also take a while, but not nearly as long as buildworld. Once it finishes compiling, we next type
- make installkernel KERNCONF= MYCUSTOMKERNEL
- make installworld
- Once this completes it is time to reboot into our newly updated OS.
- init 6
- Once the box comes back online, log in as root again and merge our config files
- mergemaster
- This will install new files and walk you through the process of merging changes into existing files. My general rule of thumb is to install all files that I have not modified
- run portsnap and upgrade packages as needed with portupgrade.
- Configure portupgrade and verify that all ports are up to date:
- portsdb -Uu
- portversion
- Configure users
- adduser – follow the prompts
- visudo
- Add the user create a user alias and add your new user to the alias.
- copy the line for root privileges, paste below and change to your user alias
- Configure aliases
- vi /etc/aliases and change
- root: sysadmin@somedomain.com
- Write and quit
- newaliases
- vi /etc/aliases and change
- init 6 ; manually cycle server power
- Make sure everything starts up properly on boot
- Done
Note: Instances of “x.x.x.x” should be replaced with the proper IP address or network mask
- Why Don’t We Hear About Western Cyber-Attacks? - September 17, 2023
- Interview with Carrie Roberts - March 27, 2020
- Interview with Michael Santarcangelo - March 4, 2020