Things to do after the first complete boot of FreeBSD

From Notes to self
Revision as of 03:08, 26 December 2024 by Verbovet (talk | contribs) (Network)
Jump to navigation Jump to search

Setting up the root account

  • $ ssh-copy-id -i ~/.ssh/id_rsa.pub (from a remote machine)
  • /etc/ssh/sshd_config
Port 26
AddressFamily inet
ListenAddress x.x.x.x
PermitRootLogin no/prohibit-password
PasswordAuthentication no
KbdInteractiveAuthentication no
PrintMotd no
PrintLastLog no
  • /etc/ssh/ssh_config
Host *
AddressFamily inet
  • Switch pkg(8) from Quarterly to Latest:
# mkdir -p /usr/local/etc/pkg/repos
# echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' > /usr/local/etc/pkg/repos/FreeBSD.conf
  • # pkg install bash bash-completion bash-completion-freebsd
  • # ln -s bash /usr/local/bin/sh
  • # passwd toor
  • # chsh -s /usr/local/bin/sh toor
  • /usr/local/etc/profile
# vim:ft=sh

EDITOR=ee
if [ -x /usr/local/bin/vim ]; then
  EDITOR=vim
fi
export EDITOR
export VISUAL="${EDITOR}"
export PAGER=less
export LESS="I"
export HISTSIZE=1000
export HISTFILESIZE=2000
export HISTCONTROL=ignoreboth:erasedups

# set ENV to a file invoked each time sh is started for interactive use.
export ENV=/usr/local/etc/shrc
  • /usr/local/etc/shrc
# vim:ft=sh

currid=$(id -u)

if [ "$EDITOR" = "vim" ]; then
  alias vi='vim'
fi
alias h='fc -l'
alias history='fc -l'
alias m="$PAGER"
alias ls='ls -FG'
alias ll='ls -Al'
alias mc='mc -u'
alias cal='LC_TIME=ru_RU.UTF-8 ncal'
alias man='LC_ALL=en_US.UTF-8 man'
alias myip='fetch -q4o - https://api.nic.ru/dyndns/checkip/ \
  | rev | cut -d" " -f1 | rev | cut -d"<" -f1'
alias myip2='fetch -q4o - http://whatismyip.akamai.com/; printf "\n"'
if [ "$currid" = 0 ]; then
  alias updatedb='/etc/periodic/weekly/310.locate'
fi

# disable XON/XOFF flow control (ctrl-s, ctrl-q)
stty -ixon

if [ "$(ps -o comm= -p $$)" = "bash" ]; then
  shopt -s checkwinsize histappend
  if [ -f /usr/local/share/bash-completion/bash_completion.sh ]; then
    . /usr/local/share/bash-completion/bash_completion.sh
  fi
fi

PS1="\u@\h:\w \\$ "

mkcd() {
  if [ "$#" -eq 1 ]; then
    mkdir -p "$1"
    cd "$1"
  else
    echo "mkcd expects exactly one argument"
  fi
  find . -type d -prune ! -empty \
    -exec printf "%s\n" "Directory '$1' is not empty." \;
}

if [ -f /usr/local/etc/shrc.local ]; then
  . /usr/local/etc/shrc.local
fi

unset currid
  • /usr/local/etc/shrc.local
# vim:ft=sh

if tty | fgrep -q pts && [ "$(ps -o comm= -p $$)" = "bash" ]; then
  case ${currid} in
    0) PS1="\[\e]2;\u@\h:\w\a$(tput setaf 5)\]\u@\h:\w #\[$(tput sgr0)\] ";;
    *) PS1="\[\e]2;\u@\h:\w\a$(tput setaf 2)\]\u@\h:\w $\[$(tput sgr0)\] ";;
  esac
fi
  • In /etc/login.conf
  • To setenv, add to the end
LC_COLLATE=C.UTF-8,\
LC_MESSAGES=en_US.UTF-8,\
LC_MONETARY=en_US.UTF-8,\
LC_NUMERIC=en_US.UTF-8,\
LC_TIME=en_GB.UTF-8:\
  • substitute :lang=C.UTF-8: with :lang=ru_RU.UTF-8:
  • add :hushlogin:
  • change path if necessary
  • # cap_mkdb /etc/login.conf
  • # pkg install git
  • $ mkdir -p ~/.config/vim/pack/vendor/start
  • $ scp vimrc ksync:.config/vim (from a remote machine)
  • $ cd ~/.config/vim/pack/vendor/start
  • $ git clone --depth 1 https://github.com/ojroques/vim-oscyank
  • /root/.config/bash_completion
# vim:ft=sh

### mkcd ###
_mkcd()
{
  local cur prev words cword split
  _init_completion -s || return
  $split && return 0
  _filedir -d
}
complete -F _mkcd mkcd

# pkg install terminfo-db

System mail

/etc/dma/dma.conf 

SMARTHOST smtp.yandex.ru
PORT 465
AUTHPATH /etc/dma/auth.conf
SECURETRANSFER
MASQUERADE <ya-user>@yandex.ru
  • /etc/dma/auth.conf
<ya-user>@yandex.ru|smtp.yandex.ru:<password>
  • chgrp mail /etc/dma/auth.conf
  • chmod 640 /etc/dma/auth.conf
  • /etc/mail/aliases
: alik@ejik.org
  • # pkg install procmail
  • /etc/mail/mailer.conf
#
# mailer.conf for use with dma(8)
#

sendmail        /usr/local/libexec/dma_f
mailq           /usr/libexec/dma
newaliases      /usr/libexec/dma
  • /usr/local/libexec/dma_f
#!/bin/sh
IFS="" read -t 0 -r fl
if [ -n "$fl" ] && [ -x /usr/local/bin/formail ] ; then
  ( printf "%s\n" "$fl" && cat ) | /usr/local/bin/formail -bfI \
    "From: $(hostname -s) <"ya-user"@yandex.ru>" | /usr/libexec/dma "$@"
else
  /usr/libexec/dma "$@"
fi

Network

  • /etc/hosts.allow
sshd : ALL : allow
ALL : ALL : deny
  • # sysrc pf_enable=yes
  • /etc/pf.conf
# Macros
ext_if = "igc0"
icmp_types = "{ echoreq, unreach, redir, timex }"

# Tables

# Options
set skip on lo0

# Ethernet Filtering

# Traffic Normalization
scrub in all

# Queueing

# Translation

# Packet Filtering
antispoof quick for { lo0 $ext_if }
block all
pass out quick inet
pass in quick on $ext_if inet proto icmp to ($ext_if) icmp-type $icmp_types
pass in quick on $ext_if inet proto tcp to ($ext_if) port 26
  • # service pf start
  • sysrc kld_list+="tcp_bbr"
  • /etc/sysctl.conf
# use the bbr tcp stack
net.inet.tcp.functions_default=bbr

Further configuration

  • # pkg install smartmontools
  • /usr/local/etc/smartd.conf
/dev/ada...  -a -o on -S on -I 9 -I 190 -I 194 -m root -s (S/../.././04)

For SSD, substitute S in parentheses with L. Attributes not tracked:

9   power-on hours
190 temperature
194 also temperature
  • # sysrc smartd_enable="YES"

Setting up users accounts

  • ~/.config/bash_completion
# vim:ft=sh

### mkcd ###
_mkcd()
{
  local cur prev words cword split
  _init_completion -s || return
  $split && return 0
  _filedir -d
}
complete -F _mkcd mkcd

### toor ###
source /usr/local/share/bash-completion/completions/sudo
complete -F _comp_cmd_sudo toor
Retrieved from "https://alik.ejik.org/index.php?title=Things_to_do_after_the_first_complete_boot_of_FreeBSD&oldid=2596"