Brand New User question

Roland Smith rsmith at xs4all.nl
Mon Oct 27 21:54:18 UTC 2014 

On Mon, Oct 27, 2014 at 03:25:18PM -0500, Phil wrote:
> Hi folks,

> I'm just starting out with FreeBSD and very new to this environment.
> Could someone please point me in the direction of where I would find a
> "should- do" or "must-do" list after installing FreeBSD 10.0 for the
> first time. The key points would be security (the box is connected to the
> net)

Read security(7).

Unless you're logging into the console, set up ssh keys to log in to the
machine. Do not allow root logins over ssh, and mark all consoles as insecure in
/etc/ttys.

Set up a simple firewall at this point that denies incoming packets unless
they are related to earlier packets you sent yourself. A more elaborate setup
can come later.

Install whatever ports(7) that you need for convenience; vim, rsync, git (to
name a few).

In my opinion a really important thing is set to up a subdirectory in your
home-directory where you keep all relevant configuration files *under revision
control*. Restrict access to that directory to yourself only. Personally I
like to use git for revision control. But it doesn't really matter what system
you use (for text-based config files even RCS would be OK) as long as you use
*something*. This directory should include an installation script or Makefile
to install the config files in /etc, /usr/local/etc or whereever they need to
go. This is a great way to keep on top of changes and prevent oh-shit moments.
Start by importing en commiting every file that you need to change from /etc,
/usr/local/etc. Edit and test one config file at a time if possible.

At this time you can start installing and enabling the services that your
machine needs to run. Some services can run in a jail. Using that might be
worthwhile, especially for web servers and PHP.

Check if you can live with a kern.securelevel > 0. (This won't work if you
want to run X11.)

> and where / how can I get the latest updates.

That depends. You could use freebsd-update(8) for binary updates or track the
source tree using svnlite.

> Also, is it fair to
> assume that during the installation process, the boot drive was configured
> as ZFS? I saw no reference to that during the O/S load.

Only if you chose it in the partitioning screen in the installer on 10.x and
later.

Hope this helps.

Roland
-- 
R.F.Smith                                   http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93  FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20141027/6351a234/attachment.sig>

More information about the freebsd-questions mailing list