Several Things To Do After Installing FreeBSD

SEVERAL THINGS TODO AFTER INSTALLING FREEBSD ON YOUR SERVER

 

After reading the article about installing FreeBSD 12.0 you probably want to know a set of commands that you can run to get good FreeBSD usability right after install. FreeBSD UNIX is straight forward to setup and install if you have good up to date guides. So that is what we will make here for you. A guide what to do with FreeBSD 12.0 after install.

1) First update and pkg install

First thing we need to do is install pkg for package management. That step is automatically, you need only to run any update. Following command will do:

pkg update

Next lets check if there are new patches for FreeBSD kernel and main system librarires:

freebsd-update fetch install

Then we can install them:

pkg update &&  pkg upgrade

2) Making su work on FreeBSD 12.0

Next thing we want is to get ssh login. By default FreeBSD only allows normal user login. If you try to login as root, you will fail. Also when you SSH as normal non-privileged user, you wont be able to use su to switch to root. It will give you message like this:

$ su
su: Sorry

FreeBSD by default does not provide a way to log in and take control of computer from remote, for security reasons. But that exactly what we need to do, so to remove sorry message, we would need to add your user to wheel group. If you did not create user already, create it with adduser command and go trough the prompt to set up password and other options. After you have done that, you just run

pw usermod hendo -G wheel

Offcourse, change hendo for the name of your user account.

If you want to add more users to wheel group, you just that command once for each username. Now normal user should be able to use su to switch to root.

 

3) Enabling Sudo

Next lets install sudo. It is not included by default.

pkg install sudo

The wheel group only works for su. For sudo, we would need to edit sudoers file with visudo command.

Type

visudo

when vi shows up, navigate to the line that says root ALL=(ALL) ALL and then press i to get into insert mode for vi. Then add another line bellow root that is same as root one except it is your username instead root. I higlighted the added line

root ALL=(ALL) ALL
hendo ALL=(ALL) ALL

Press Esc and then type :wq to save the file. Now try to use sudo

4) Setting up the time zone

Time zone is usually set up during install of the FreeBSD 12.0 but if you didn’t set it correctly, here is how to do it afterwards. FreeBSD has package called tzsetup. It is a ncurses program that simplifies this as much as possible. Logged as your non-root user which is now a sudoer, type

sudo tzsetup

From there you select continent, then country and it will give you timezone. Mine is CEST.

5) Setting up NTP daemon

Next we want to make sure that time is always correct. If your FreeBSD install is VM instance like in my ase, then returning back the snapshot can mess up your time. But if we use ntp to sync regularly, then we can circumvent this issue. For easier editing, lets install nano:

sudo pkg install nano

And then lets edit a file that is responsible for starting of programs at boot. I am talking about rc.conf

sudo nano /etc/rc.conf

There we need to add following lines:

ntpd_enable=”YES”
ntpd_sync_on_start=”YES”

That will make ntp daemon start at boot, and second line will automatically sync with ntp servers when daemon starts. Now you can restart your computer to test this, or if that is not an option, you can simply start ntpd service with following command:

sudo service ntpd start

6) Making a swap file

If you didn’t create swap partition, or if it is too small, you would want to create swap file. As in Linux, in FreeBSD swapr file or partition is used as an addition to RAM, and can help with system stability, although will not save you if your RAM is too small. Performance of swaping is limited to your HDD or SSD speed, whatever OS you use. The swap file can be made anywhere, and named anyhow, but we are now going to make one in / directory and name it swapf. It will be 2GB in size. generally you want swap file about the size of your RAM or little bigger

sudo truncate -s 2G /swapf

After creation, we set permissions for swap file

sudo chmod 0600 /swapf

Next we need to add a device that is linked to this new file and get it configured to mount at boot.

 sudo sh -c ‘echo “md99 none swap sw,file=/swapf,late 0 0” >> /etc/fstab’

We can check if this has been appended to fstab

$ cat /etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0s1a / ufs rw 1 1
/dev/ada0s1b none swap sw 0 0
md99 none swap sw,file=/swapf,late 0 0

Last line is there, so we can perform swapon

sudo swapon -aqL

After this have been done, we can check swapinfo whether we have the swap file set up:

sudo swapinfo -g

 

The new device linked to our file is here.

7) Setting up the firewall

We are going to set up ipfw as our firewall for FreeBSD 12.0 system. First we need to edit rc.conf to make firewall start at boot.

sudo nano /etc/rc.conf

next we add those two lines:

firewall_enable=”YES”
firewall_script=”/usr/local/etc/ipfw.rules”

First one is to start firewall at boot, second one is to show the firewall there to look for rules. Like you probably guessed, next we are going to edit ipfw rules file.

sudo nano /usr/local/etc/ipfw.rules

File is probably empty, so add the following script to it:

$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# open port ftp

$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out

# 22 for ssh
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out

# mail port 25

$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out

# dns (53) udp and tcp in
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in

# dns (53) udp and tcp out
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out

# http (80),
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
# deny and log everything
$IPF 500 deny log all from any to any

Save and exit. Next we start the firewall with following command

sudo service ipfw start

That is it, the firewall is on. To see your rules, type:

sudo ipfw list

8) Installing bash

If you are really used to GNU/Linux and cant live without bash (like me) then let me show you how to install bash on FreeBSD. First we install package

sudo pkg install bash

It will warn you that it requires file descriptor file system, so lets make it and add it to fstab with this one-liner

sudo sh -c ‘echo “fdesc /dev/fd fdescfs rw 0 0” >> /etc/fstab

Finally we mount it.

sudo mount -a

From here, if you want bash to be your default shell upon every boot for both root and user account

sudo chsh -s /usr/local/bin/bash hendo
chsh: user information updated
sudo chsh -s /usr/local/bin/bash root
chsh: user information updated

you will need to change “hendo” to your username.

You can invoke bash now from shell or reboot your computer

$ bash
[hendo@linoxide /usr/home/hendo]$ cd
[miki@cabaukan ~]$

Conclusion

This are the basic things that should be done after installing FreeBSD 12. Depending whether you will use your system as server or desktop, from here you can install apache and mysql, or maybe Mate or GNOME. In the pipeline is another article on how to use FreeBSD ports with portmaster. As for this article, this is all, thank you for reading and have a good day.

Leave a Reply

Your email address will not be published. Required fields are marked *