freebsd

======================================================
FREEBSD 8.0 - Setup / Usage
======================================================

--------------------
1) FreeBSD Basics
2) FreeBSD Setup
3) NTPDate
4) Figlet / Bash
5) Jabber, Squid
6) Freebsd Update
7) Portupgrade
--------------------

"FreeBSD is an advanced operating system for x86 compatible
(including Pentium and Athlon), amd64 compatible (64bit),
ARM, IA-64, PowerPC, PC-98 and UltraSPARC architectures. It is
derived from BSD, the version of UNIX developed at the
University of California, Berkeley. It is developed and
maintained by a large team of individuals. Additional platforms
are in various stages of development.

FreeBSD offers advanced networking, performance, security and
compatibility features today which are still missing in other
operating systems, even some of the best commercial ones.

FreeBSD makes an ideal Internet or Intranet server. It provides
robust network services under the heaviest loads and uses memory
efficiently to maintain good response times for thousands of
simultaneous user processes.

With over 17,000 ported libraries and applications, FreeBSD
supports applications for desktop, server, appliance, and
embedded environments."

- http://www.freebsd.org/features.html - www.freebsd.org -

======================================================

Main differences between Linux and FreeBSD:
-------------------------------------------

1) "Philosophy" - Different licenses: BSD / Gnu GPL
(Berkeley Software Distribution, University of Berkeley
vs. GNU General Public License)

GNU General Public Licence

The GNU General Public Licence, or GPL as it's often called, is
the most popular free software licence and it's used by many
different projects, including the Linux kernel, the GNU tools
and literally hundreds of others.
Basically, you're allowed to use, redistribute and change
the software, but any changes you make must also be licensed under
the GPL. So that means you have to give everyone else the same
rights as you got. Fair's fair, right? The software can
be sold, but the source code must be included, for free.

The BSD Licence

In contrast to the GNU licences, the BSD licence is very
permissive. Used originally by the BSD operating system, it
covers a fair amount of software.

The BSD basically says "here's the source code, do whatever you
want with it, but if you have problems, it's your problem". That
means you can take BSD'ed code and turn it into a proprietary
application if you so wish - there's nothing saying you have to
give the code back (although it is nice to do so).

2) Software installation - Ports

Linux: every distribution with its own package manager
(apt/dpkg, rpm, yum, zypper, etc.)

BSD: ports tree and built-in tools.

3) Only 1 FreeBSD Distribution (Linux: 30-100)
(But: NetBSD: focus on multiple achitectures / OpenBSD:
focus on 100% security)

4) BSD is led by a "Core Team", Linux is (mostly) led by Linus
Torvalds.

5) Design: "Chaos vs. Order"

6) Excellent documentation - http://www.freebsd.org/ -> Handbook

7) Base System: kernel, libraries, sendmail, ntp, openssh, named
-> all included in the basic FreeBSD Setup (in /usr/).
Everything else comes in /usr/local/.

8) Runlevels and startup scripts

Software installation
---------------------

1) binary packages: pkg_add -v -r packagename
-> precompiled for some of the most popular packages

2) or from source via "ports":

cd /usr/ports
make search name=softwarename
cd www/php5
make -> will get the source code from
programmer webpage / ftp server,
and configure & compile everything.
make install -> will install the software on the
system (as "package"): pkg_info to
see the list of all installed packages
make clean -> cleanup the build environment

3) portupgrade/portinstall/portmaster: "high-level" tools
portinstall -rvp softwarename

4) package removal: pkg_delete packagename (exact name with version)

5) list of installed packages: pkg_info

Service startup / activation
----------------------------

1) Install the software, for example squid, from the ports

2) Look at the /usr/local/etc/rc.d/servicename startup script

3) Add a corresponding entry to /etc/rc.conf, for example
squid_enable="YES"

4) Configure the service under /usr/local/etc/(.../)

5) Start it with: /usr/local/etc/rc.d/servicename start

======================================================
======================================================

FreeBSD initial SETUP

(Detailed information:
http://www.freebsd.org/doc/en/books/handbook/install.html )

0) create new virtual machine (Type: BSD-FreeBSD, 512MB RAM or more, 6GB HD,
Network: Bridged). Then move the Virtual HD to a "SATA" Controler (create
new controler, connect drive: http://forums.virtualbox.org/viewtopic.php?f=8&t=19447 )
and mount ISO Image as CD:
http://mirror.switch.ch/ftp/mirror/FreeBSD/ISO-IMAGES-i386/8.0/8.0-RELEA...

1) insert the virtual-CD, boot

2) Boot FreeBSD (default)

3) Country Selection: Switzerland

4) Keymap: Swiss German ISO (accent)

5) Sysinstall Main Menu: read the "Usage" menu, and continue
with "Standard"

6) fdisk: OK

7) FDISK Partition Editor: "A" to select the whole drive, then "Q"

8) Boot Manager: "Standard" (not BootMgr)

9) Partitions: OK

10) Disklabel Editor: create a root partition "/" of 1GB:
"C", 1G, FS, "/", then press "A" to suggest the other
partitions, and "Q" to validate.

11) Distributions: Select "User" (with the space bar), no Documentation (X)
Ports: Yes, install, X, then Ok (Enter)

12) Installation Media: CD-Rom

13) Are you sure? -> Yes

14) ... installation ...

15) Congratulation! -> OK

16) Ethernet: Yes, then select your ethernet card (probably the
first choice in the list, for example Intel PRO/1000)
IpV6: no
DHCP: yes
Host: nachname Domain: cad.abbts.ch -> OK

17) Network Gateway funtion: NO

18) InetD: NO

19) SSH Login enable: YES

20) anonmyous FTP: NO

21) NFS Server/Client: No

22) Console Settings: No

23) Time Zone: Yes
UTC: NO
Switzerland (CET) -> Yes

25) Mouse: No

26) Browse Packages: No

27) Initial accounts: Yes, create an account for you
User -> ID = lastname
Member groups: wheel (-> to allow you a "su -")
Full name: type your name, the rest will be filled automaticaly
When finished: Ok, "X", Ok3

28) root Passwort: bsdTS2o1o

29) View menu: NO

30) X - Exit

31) Eject CD

32) Reboot: Yes

======================================================

Service Setup / Software installation
--------------------------------------

Connect via ssh to your new server, and get root rights with
"su - root".

An important command to keep in mind is "sysinstall" : useful
to setup new users, add packages "by menu", configure network
cards, keyboard, etc.

======================================================

1) NTPdate Setup
-------------

To make sure the server keeps the right time (like under linux),
the ntpdate program is available on the base system.

abbtsbsd8# /etc/rc.d/ntpdate start
abbtsbsd8#

-> nothing happens: it is because the service is not configured
yet. Check with "ps fawux" : per default, there is only
sendmail, dhclient (dhcpclient), cron and openssh.

abbtsbsd8# vi /etc/rc.conf (yes, no nano/pico yet :-)

and add these lines to /etc/rc.conf:

ntpdate_enable="YES"
ntpdate_hosts="1.pool.ntp.org"

Then test:

abbtsbsd8# cat /etc/rc.d/ntpdate (that would be the init script)
abbtsbsd8# /etc/rc.d/ntpdate start
Setting date via ntp. [...]
abbtsbsd8# date
Wed Mar 3 23:54:26 CET 2010
abbtsbsd8#

Note: init scripts for "system" services (available on the system
after a basic setup) are in /etc/rc.d/ (look at the list with
"ls -la /etc/rc.d/" to get an idea.

Init scripts for more complex services (installed by yourself)
are (will be) in /usr/local/etc/rc.d/.

======================================================

2) Figlet Setup / bash
-------------------

When you logged in before, the message from "/etc/motd" was displayed.
Let's replace it by something different, using "figlet".

mueller# figlet
figlet: Command not found.

-> we will install it with remote packages (it would also
be possible to get it from the CD)

mueller# pkg_add -v -r figlet
[...]
Attempting to record package into /var/db/pkg/figlet-2.2.1..
Package figlet-2.2.1 registered in /var/db/pkg/figlet-2.2.1
mueller#
mueller# figlet
figlet: Command not found.

-> Problem? no, it is just because the default shell is a little
bit basic and needs a "refresh" after an installation to
find the new available commands in the path.

mueller# rehash
mueller# figlet
test (Ctrl-D to end)
_ _
| |_ ___ ___| |_
| __/ _ \/ __| __|
| || __/\__ \ |_
\__\___||___/\__|

mueller#

-> now update your motd:

mueller# cp /etc/motd /etc/motd_original
mueller# figlet > /etc/motd
Welcome! (Enter + Ctrl-D)
mueller#

-> try to connect via ssh from another window... you should see the new motd.

Now to get a more "advanced" shell, please install bash with:
mueller# pkg_add -r bash

Then change your current shell with chsh:
mueller# chsh yourlastname
and then for root:
mueller# chsh
(replace /bin/csh by the location of the "bash" shell, and save.
make sure it's correct, otherwise you will not be able to become
root again later: watch the warnings if any!)

When done, logout, and login again, and watch the changes.

If you run "pkg_info", it will display the list of the packages
(incl. dependencies) you just installed:
[root@mueller ~]# pkg_info

======================================================

3) Portupgrade Setup
-----------------

Now please install the "portupgrade" package, as we will
use it later today:

[root@mueller ~]# pkg_add -r portupgrade

It is a tool written in Ruby which allow "painless" installation
of ports.

======================================================

4) Jabber Setup
------------

The traditional way to install software under FreeBSD is to
navigate in the /usr/ports tree, and to "build" the selected
software from source from there. Every ports directory contains
a Makefile and sometimes patches prepared by the "port maintainer"
to make the installation under FreeBSD possible.

We will try this to setup jabber on your system:

abbtsbsd8# cd /usr/ports
abbtsbsd8# du | less
abbtsbsd8# make search name=jabber
abbtsbsd8# make search name=jabber | grep Port
abbtsbsd8# cd /usr/ports/net-im/jabber
abbtsbsd8# ls -la
total 18
drwxr-xr-x 3 root wheel 512 Mar 4 13:57 .
drwxr-xr-x 136 root wheel 3072 Mar 4 13:57 ..
-rw-r--r-- 1 root wheel 3512 Aug 4 2007 Makefile
-rw-r--r-- 1 root wheel 229 Jul 23 2007 distinfo
drwxr-xr-x 2 root wheel 512 Mar 4 13:57 files
-rw-r--r-- 1 root wheel 424 Apr 5 2007 pkg-descr
-rw-r--r-- 1 root wheel 1744 Jul 18 2007 pkg-plist
abbtsbsd8# more Makefile
abbtsbsd8# more pkg-descr
abbtsbsd8# ls -la files
abbtsbsd8# make
(keep default values, no sql, no ipv6: TAB + Enter)

-> it will download, configure and build required
packages (gmake, then jabber). To speedup the process which
may take up to 15-60 minutes, please interrupt the setup,
and run
"pkg_add -r popt pth-hard libtasn1 libidn gnutls perl expat libtool"
and re-run "make" after.

abbtsbsd8# make install (watch the messages at the end!)
abbtsbsd8# make clean

Then activate it in /etc/rc.conf (jabber_enable="YES"),
setup the service like you did under linux, and test.
(update jabber.xml, ip adresse as hostname, start:
/usr/local/etc/rc.d/jabber start, find & check the logs)

======================================================

5) SQUID Proxy Setup
-----------------

Again like under linux, please setup squid, but this time by
using "portinstall":

abbtsbsd8# cd /usr/ports/
abbtsbsd8# make search name=squid | grep Port
Port: squidclam-0.11_5
Port: squidclamav-3.5
Port: lightsquid-1.7.1_1
Port: squid-2.7.4
Port: squid-2.6.21
Port: squid-3.0.8
[...]
abbtsbsd8#

abbtsbsd8# portinstall -rvbp squid
(
-r = recursive
-v = verbose
-b = backup older packages
-p = build packages in /usr/ports/packages
)

---> Found 3 ports matching 'squid':
www/squid
www/squid30
www/squid31
Install 'www/squid31'? [yes] no
Install 'www/squid'? [yes] yes
[Gathering depends for www/squid . done]
Install 'www/squid30'? [yes] no

Accept the default setup suggestions, and activate in /etc/rc.conf:

abbtsbsd8# vi /etc/rc.conf

squid_enable="YES"

abbtsbsd8# cd /usr/local/etc/squid/
abbtsbsd8# chmod u+w squid.conf (ist readonly per default)
abbtsbsd8#

By default, nothing is allowed, so you will need to update the
configuration.

abbtsbsd8# vi squid.conf

And add the following lines before "http_access deny all":
(search under vi = "/", or you can also install nano or pico...)

acl our_net src 10.0.0.0/255.0.0.0
http_access allow our_net
http_access allow localhost

abbtsbsd8# /usr/local/etc/rc.d/squid start
Starting squid.

(may happen:
FATAL: Could not determine fully qualified hostname. Please set
'visible_hostname'

Squid Cache (Version 2.6.STABLE18): Terminated abnormally.
CPU Usage: 0.001 seconds = 0.000 user + 0.001 sys
Maximum Resident Size: 1492 KB
Page faults with physical i/o: 0
Abort trap (core dumped)

-> Still not ok: a "visible_hostname" must be set:

abbtsbsd8# vi squid.conf

visible_hostname ipaddresse_of_your_server

abbtsbsd8# /usr/local/etc/rc.d/squid start
Starting squid.
)

abbtsbsd8#
abbtsbsd8# tail -f /usr/local/squid/logs/*.log

Something is still missing: check why in the logfile.
-> cache/ directories must be created.

abbtsbsd8# squid -z
abbtsbsd8# /usr/local/etc/rc.d/squid start
abbtsbsd8# tail -f /usr/local/squid/logs/*.log

Then test from your browser (port 3128) and watch the logs.

======================================================

6) Freebsd Update
--------------

To update ports (like apache, php, mysql), you will use the ports
tree (part 7 below). To apply security updates on system-level
(kernel, system tools, sendmail, etc.), since freebsd 7.0
there is a practical tool named "freebsd-update":
[root@mueller ~]# freebsd-update

It can be used to fetch security updates for the current version
of your system, or even to upgrade to a more recent release (8.0->8.1)

It will make an inventory of your system, and fetch only
the necessary files from an update server. Let's try it on your
system:

[root@mueller ~]# freebsd-update fetch

-> to get the patches and display the changes

[root@mueller ~]# freebsd-update install

-> to install the patches "for real"

[root@mueller ~]# shutdown -r now

-> to reboot and apply kernel patches (if there were some)

More information about current security issues:
http://www.freebsd.org/security/advisories.html

======================================================

7) PORTS UPDATE
------------

[root@mueller /usr/ports]# du|wc -l
27549
[root@mueller /usr/ports]#

-> there are about 27000 ports: some of them are updated frequently.

To remain "up-to-date", it's recommanded to update its ports tree
periodicaly, and then to update the ports too.

The traditional way to stay posted is to run "csup":

abbtsbsd8# cp /usr/share/examples/cvsup/ports-supfile \
/root/ports-supfile

Update the file with:

*default host=cvsup.ch.FreeBSD.org

And run csup:

abbtsbsd8# csup ports-supfile
(@school only a few minutes please... then stop with Ctrl-C)
Connected to 212.101.4.244
Updating collection ports-all/cvs
Edit ports/GIDs
Edit ports/KNOBS
Checkout ports/LEGAL
Checkout ports/MOVED
Edit ports/Mk/bsd.emacs.mk
Edit ports/Mk/bsd.gnustep.mk
Edit ports/Mk/bsd.lua.mk
Edit ports/Mk/bsd.php.mk
Edit ports/Mk/bsd.port.mk
[...]
Checkout ports/x11-wm/xmonad/pkg-plist
Checkout ports/x11-wm/xmonad-contrib/Makefile
Checkout ports/x11-wm/xmonad-contrib/distinfo
Checkout ports/x11-wm/xmonad-contrib/pkg-descr
Checkout ports/x11-wm/xmonad-contrib/pkg-plist
Finished successfully
abbtsbsd8#

Update the index:

abbtsbsd8# cd /usr/ports/
abbtsbsd8# make fetchindex
/usr/ports/INDEX-7.bz2 100% of 1160 kB 174 kBps
abbtsbsd8# /usr/local/sbin/portsdb -u
[Updating the portsdb in /usr/ports ... - 18139 port
entries found
.........1000.........2000.........3000.........4000.........5000.........600
0.........7000.........8000.........9000.........10000.........11000.........
12000.........13000.........14000.........15000.........16000.........17000..
.......18000. ..... done]
abbtsbsd8#

And to check if there are updates available:

abbtsbsd8# /usr/local/sbin/portversion -v -l "<"
bash-3.2.25 < needs updating (port has 3.2.33)
libgpg-error-1.5 < needs updating (port has 1.6)
libtasn1-1.1 < needs updating (port has 1.3)
portaudit-0.5.11 < needs updating (port has 0.5.12)
portupgrade-2.3.1,2 < needs updating (port has 2.4.3_2,2)
squid-2.6.16_1 < needs updating (port has 2.6.18)
abbtsbsd8#

Portaudit:
----------

To check for security updates, portaudit is recommended:

abbtsbsd8# pkg_add -v -r portaudit
Running post-install for portaudit-0.5.11..

===> To check your installed ports for known vulnerabilities now, do:

/usr/local/sbin/portaudit -Fda

Attempting to record package into /var/db/pkg/portaudit-0.5.11..
Package portaudit-0.5.11 registered in /var/db/pkg/portaudit-0.5.11

abbtsbsd8# /usr/local/sbin/portaudit -F
auditfile.tbz 100% of 47 kB 50 kBps
New database installed.
abbtsbsd8#

Check for security issues on the local ports:

abbtsbsd8# /usr/local/sbin/portaudit -a
0 problem(s) in your installed packages found.
abbtsbsd8#

Portupgrade:
------------

And to update all ports: (please try @home, not over the @abbts-net...)

abbtsbsd8# portupgrade -arvbp
---> Session started at: Tue, 11 Mar 2008 10:46:16 +0100
** No need to upgrade 'perl-5.8.8_1' (>= perl-5.8.8_1). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 1 ignored, 0 skipped and 0 failed
** No need to upgrade 'expat-2.0.0_1' (>= expat-2.0.0_1). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 2 ignored, 0 skipped and 0 failed
** No need to upgrade 'libtool-1.5.24' (>= libtool-1.5.24). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 3 ignored, 0 skipped and 0 failed
** No need to upgrade 'db41-4.1.25_4' (>= db41-4.1.25_4). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 4 ignored, 0 skipped and 0 failed
** No need to upgrade 'pkg-config-0.22_1' (>= pkg-config-0.22_1). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 5 ignored, 0 skipped and 0 failed
** No need to upgrade 'ruby-1.8.6.111_1,1' (>= ruby-1.8.6.111_1,1). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 6 ignored, 0 skipped and 0 failed
** No need to upgrade 'ruby18-bdb-0.6.2' (>= ruby18-bdb-0.6.2). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 7 ignored, 0 skipped and 0 failed
** No need to upgrade 'libiconv-1.11_1' (>= libiconv-1.11_1). (specify -f to force)
---> ** Upgrade tasks 19: 0 done, 8 ignored, 0 skipped and 0 failed
---> Upgrade of ports-mgmt/portaudit started at: Tue, 11 Mar 2008 10:46:18 +0100
---> Upgrading 'portaudit-0.5.11' to 'portaudit-0.5.12' (ports-mgmt/portaudit)
---> Build of ports-mgmt/portaudit started at: Tue, 11 Mar 2008 10:46:18 +0100
---> Building '/usr/ports/ports-mgmt/portaudit'
===> Cleaning for portaudit-0.5.12

[...]

===> Cleaning for bash-3.2.33
---> Removing temporary files and directories
---> Keeping old package in '/usr/ports/packages/All'
---> Installation of shells/bash ended at: Tue, 11 Mar 2008 10:55:12 +0100 (consumed
00:00:05)
---> Cleaning out obsolete shared libraries
[Updating the pkgdb in /var/db/pkg ... - 19 packages found (-0 +1) . done]
---> Upgrade of shells/bash ended at: Tue, 11 Mar 2008 10:55:13 +0100 (consumed 00:02:18)
---> ** Upgrade tasks 19: 6 done, 13 ignored, 0 skipped and 0 failed
---> Listing the results (+:done / -:ignored / *:skipped / !:failed)
- lang/perl5.8 (perl-5.8.8_1)
- textproc/expat2 (expat-2.0.0_1)
- devel/libtool15 (libtool-1.5.24)
- databases/db41 (db41-4.1.25_4)
- devel/pkg-config (pkg-config-0.22_1)
- lang/ruby18 (ruby-1.8.6.111_1,1)
- databases/ruby-bdb (ruby18-bdb-0.6.2)
- converters/libiconv (libiconv-1.11_1)
+ ports-mgmt/portaudit (portaudit-0.5.11)
- devel/gettext (gettext-0.16.1_3)
- devel/gmake (gmake-3.81_2)
- devel/popt (popt-1.7_4)
+ ports-mgmt/portupgrade (portupgrade-2.3.1,2)
+ www/squid (squid-2.6.16_1)
- dns/libidn (libidn-1.2)
+ security/libtasn1 (libtasn1-1.1)
- devel/pth-hard (pth-hard-2.0.7)
+ security/libgpg-error (libgpg-error-1.5)
+ shells/bash (bash-3.2.25)
---> Packages processed: 6 done, 13 ignored, 0 skipped and 0 failed
---> Session ended at: Tue, 11 Mar 2008 10:55:14 +0100 (consumed 00:08:58)
abbtsbsd8#

abbtsbsd8# pkg_info
bash-3.2.33 The GNU Project's Bourne Again SHell
db41-4.1.25_4 The Berkeley DB package, revision 4.1
expat-2.0.0_1 XML 1.0 parser written in C
gettext-0.16.1_3 GNU gettext package
gmake-3.81_2 GNU version of 'make' utility
libgpg-error-1.6 Common error values for all GnuPG components
libiconv-1.11_1 A character set conversion library
libidn-1.2 Internationalized Domain Names command line tool
libtasn1-1.3 ASN.1 structure parser library
libtool-1.5.24 Generic shared library support script
perl-5.8.8_1 Practical Extraction and Report Language
pkg-config-0.22_1 A utility to retrieve information about installed libraries
popt-1.7_4 A getopt(3) like library with a number of enhancements, fro
portaudit-0.5.12 Checks installed ports against a list of security vulnerabi
portupgrade-2.4.3_2,2 FreeBSD ports/packages administration and management tool s
pth-hard-2.0.7 GNU Portable Threads
ruby-1.8.6.111_1,1 An object-oriented interpreted scripting language
ruby18-bdb-0.6.2 Ruby interface to Sleepycat's Berkeley DB revision 2 or lat
squid-2.6.18 HTTP Caching Proxy
abbtsbsd8#

abbtsbsd8# /usr/local/sbin/portversion -v -l "<"
abbtsbsd8#

-> everything is "up to date".

All about freebsd ports:
http://www.freebsd.org/doc/en/books/handbook/ports.html

======================================================

Further things to try:

- setup apache and mysql
- setup phpmyadmin

freebsd

menu

User login

Who's new

Who's online