Thursday, June 16, 2005

FreeBSD Post-Installation Tasks

Last night I installed FreeBSD 5.4 on my Dell PowerEdge 2300 server. Immediately following cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tasks I performed. These are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same post-installation tasks I perform, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same order, on every FreeBSD system I build.

1. When I install FreeBSD, I create a user and give him cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 /bin/sh shell. I used Linux before I used FreeBSD, and I remain more familiar with bash. Therefore, I install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most recent package available. I do this using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PACKAGESITE environment variable. Notice how pkg_add satisfies dependencies automatically.

$ su -
Password:
janney# setenv PACKAGESITE
ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/
janney# pkg_add -r bash
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
Latest/bash.tbz... Done.
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
All/libiconv-1.9.2_1.tbz... Done.
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
All/gettext-0.14.4_1.tbz... Done.
janney# rehash

I need cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rehash command so root's shell can find bash, or any newly installed program. I now use chsh to my user's shell from /bin/sh to /usr/local/bin/bash. Thanks to erson from Sweden for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tip!

$ chsh -s /usr/local/bin/bash
Password:
chsh: user information updated

Now I install freebsd-update to facilitate fixing any kernel and OS security vulnerabilities.

janney# pkg_add -r freebsd-update
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
Latest/freebsd-update.tbz... Done.
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
All/bsdiff-4.2.tbz... Done.
janney# rehash
janney# cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf
janney# mkdir /usr/local/freebsd-update
janney# freebsd-update fetch
Fetching public key...
Fetching updates signature...
Fetching updates...
Fetching hash list signature...
Fetching hash list...
Examining local system...
Fetching updates...
/usr/bin/gunzip...
/usr/bin/gzcat...
/usr/bin/gzip...
/usr/bin/zcat...
/usr/include/machine/cpufunc.h...
/usr/sbin/tcpdump...
Updates fetched

To install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se updates, run: '/usr/local/sbin/freebsd-update install'

janney# freebsd-update install
Backing up /usr/bin/gunzip...
Installing new /usr/bin/gunzip...
Backing up /usr/bin/gzcat...
Recreating hard link from /usr/bin/gunzip to /usr/bin/gzcat...
Backing up /usr/bin/gzip...
Recreating hard link from /usr/bin/gunzip to /usr/bin/gzip...
Backing up /usr/bin/zcat...
Recreating hard link from /usr/bin/gunzip to /usr/bin/zcat...
Backing up /usr/include/machine/cpufunc.h...
Installing new /usr/include/machine/cpufunc.h...
Backing up /usr/sbin/tcpdump...
Installing new /usr/sbin/tcpdump...

All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se updates affected cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 userland. No changes to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel were made. If kernel changes were involved, I would have to reboot to have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m take effect.

I continue with portaudit. This program checks installed packages for security vulnerabilities. portaudit compares cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installed packages against a database it downloads.

janney# pkg_add -r portaudit
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/
Latest/portaudit.tbz... Done.

===> To check your installed ports for known vulnerabilities now, do:

/usr/local/sbin/portaudit -Fda

janney# rehash
janney# portaudit -Fda
auditfile.tbz 100% of 25 kB 79 kBps
New database installed.
Database created: Thu Jun 16 09:10:15 EDT 2005
0 problem(s) in your installed packages found.

Next I install portsnap to update my ports tree. I don't install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree on systems I build to be appliances. On general purpose servers, however, I like having cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree available. A current ports tree is needed if you want to use portupgrade (described later) to assess and update installed packages.

janney# pkg_add -r portsnap
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
Latest/portsnap.tbz... Done.
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
All/freebsd-sha256-20050310.tbz... Done.
janney# rehash
janney# cp /usr/local/etc/portsnap.conf.sample /usr/local/etc/portsnap.conf
janney# portsnap fetch
Fetching public key... done.
Fetching snapshot tag... done.
Fetching snapshot metadata... done.
Fetching snapshot generated at Wed Jun 15 20:51:48 EDT 2005:
2cae03da4bde1d1eb260ce3e6eb237f014d930245442fe100% of 34 MB 469 kBps 00m00s
Extracting snapshot... done.
Verifying snapshot integrity...
Fetching snapshot tag... done.
Fetching snapshot metadata... done.
Updating from Wed Jun 15 20:51:48 EDT 2005 to Thu Jun 16 06:39:30 EDT 2005.
Fetching 4 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 33 patches.....10....20....30. done.
Applying patches... done.
Fetching 5 new ports or files... done.
janney# portsnap extract
/usr/ports/.cvsignore
/usr/ports/CHANGES
/usr/ports/LEGAL
/usr/ports/MOVED
/usr/ports/Makefile
/usr/ports/Mk/bsd.autotools.mk
/usr/ports/Mk/bsd.emacs.mk
/usr/ports/Mk/bsd.gcc.mk
...edited...
Building new INDEX files... done.

Next I install portupgrade. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best way I've found to keep packages up-to-date.

janney# pkg_add -r portupgrade
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
Latest/portupgrade.tbz... Done.
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
All/ruby-1.8.2_3.tbz... Done.
...edited...
Fetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/
All/ruby18-bdb1-0.2.2.tbz... Done.

I run portversion to quickly see what packages need updating. I will take care of that later.

janney:/root# rehash
janney:/root# portversion -v -l "<"
[Rebuilding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pkgdb in /var/db/pkg ... - 32 packages foun.................... done]
[Updating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 portsdb in /usr/ports ... - 13089 port entries found
.........1000.........2000.........3000.........4000.........5000.........6000........
.7000.........8000.........9000.........10000.........11000.........12000.........
13000 ..... done]
expat-1.95.8 < needs updating (port has 1.95.8_3)
pkgconfig-0.15.0_1 < needs updating (port has 0.17.2)
png-1.2.8_1 < needs updating (port has 1.2.8_2)
portupgrade-20041226_3 < needs updating (port has 20041226_4)
xorg-server-6.8.2 < needs updating (port has 6.8.2_2)
xterm-200_2 < needs updating (port has 202)

I edit root's .cshrc as follows to change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prompt.

# set prompt = "`/bin/hostname -s`# "
set prompt = "%m:%/# "

The prompt will now look like this.

janney:/root#

I make a similar edit to my user prompt in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 .profile file for my user's bash shell/.

PS1='`hostname -s`:$PWD$ '; export PS1

The prompt will now look like this.

janney:/home/richard$

Finally I run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sockstat command to see if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are any listening services for which I cannot account. This box is running NFS by design, so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are more listening services that usual.

janney# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
richard sshd 56174 5 tcp4 192.168.2.7:22 192.168.2.5:55803
root sshd 56171 5 tcp4 192.168.2.7:22 192.168.2.5:55803
root sendmail 408 4 tcp4 127.0.0.1:25 *:*
root sshd 402 4 tcp4 *:22 *:*
root nfsd 326 3 tcp4 *:2049 *:*
root mountd 324 4 udp4 *:782 *:*
root mountd 324 5 tcp4 *:797 *:*
root rpcbind 257 9 udp4 *:111 *:*
root rpcbind 257 10 udp4 *:686 *:*
root rpcbind 257 11 tcp4 *:111 *:*
root syslogd 244 6 udp4 *:514 *:*

If I need to recompile cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel, I take that step next. On most systems I do not have to recompile cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel.

From here I begin adding packages and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r customizations to make this system perform its specific role.

16 comments:

Anonymous said...

I think you meant PACKAGEROOT instead of PACKAGESITE - seems that if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latter is defined, pkg_add will look in that exact location for 'package'.tbz instead of performing some kind of search for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 version, directory, etc.

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r great article, thanks - and just in time as I'm setting up a jail and seems that sysinstall can't be run from within a jail. You're ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r articles on keeping freebsd up to date and using portupgrade are also extremely useful!

Richard Bejtlich said...

Hello,

Interesting -- I've never used PACKAGEROOT before. As you can see, I use PACKAGESITE and ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/ as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory and everything works. Let us know how your jail goes!

Anonymous said...

Thanks for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 up-to-date info on updating!

Anonymous said...

Does such a process exist for OpenBSD? I use OpenBSD for my sensors and really dislike syncing source and rebuilding everything.

Richard Bejtlich said...

There are binary updates for OpenBSD that can be applied manually. Check out this previous blog entry.

Anonymous said...

I find it more readable if you
configure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prompt as such:
racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than, say,
[something]:$
add several :::
like
[something]:::curr_dir:::
so $pwd is always visible immediately

Anonymous said...

You might already know this but I'm sure ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs don't.

Instead of using vipw to change your shell you could use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command "chsh -s /usr/local/bin/bash". In my opinion a wee bit more neat than to directly edit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password file.

Great blog btw, I read it regularly and really like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se little freebsd howto:s that you put up now and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n.

Richard Bejtlich said...

Excellent advice -- I just altered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blog entry to reflect using chsh.

Anonymous said...

freebsd 4.11
# cd /usr/ports/security/portaudit
# make install
..... skip.....
# cd /usr/ports/sysutils/portupgrade
# make install
===> Extracting for portupgrade-20041226_4
=> Checksum OK for pkgtools-20041224.tar.bz2.
=> Checksum OK for pkgtools-20041224-20041226.diff.bz2.
===> portupgrade-20041226_4 depends on file: /usr/local/bin/ruby18 - not found
===> Verifying install for /usr/local/bin/ruby18 in /usr/ports/lang/ruby18
===> ruby-1.8.2_3 has known vulnerabilities:
=> ruby -- arbitrary command execution on XMLRPC server.
Reference: www.FreeBSD.org/ports/portaudit/594eb447-e398-11d9-a8bd-000cf18bbe54.html
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/ruby18.
*** Error code 1

Stop in /usr/ports/sysutils/portupgrade.

Richard Bejtlich said...

Apparently that version of Ruby (and it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest) has an unfixed security vulnerability. If you still want to install Ruby, override cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vuln check with make install -DDISABLE_VULNERABILITIES as explained here.

Anonymous said...

thank you

Anonymous said...

It may be helpful to note that if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bash shell is activated after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 chsh statetment, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PACKAGESITE env var will be gone and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "rehash" command not necessary. I logged out and back in after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "chsh" step and it confused me when I could not rehash. I realized shortly that rehash is probably part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 csh and not needed for bash(?).

Also, I have read articles about updating and rebuilding source after installs. This seems to add a whole lot of complexity compared to a package approach to upgrading/updating. What is your opinion to rebuilding source and kernel after installs (see Dru Lavigne's "Building a Unix Server" (http://www.onlamp.com/pub/a/bsd/2004/08/26/FreeBSD_Basics.html).

This is a good stuff and very helpful to get a noob like me started. Look forward to reading ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r FreeBSD stuff on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site. Thanks.

Richard Bejtlich said...

Hello,

I use bash only for user shells, not for root's shell. rehash is indeed not needed with bash.

I try to use packages and binary OS updates whenever possible, since my hardware is almost invariable old.

Check out my publications to see my articles on keeping cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD OS and applications up-to-date.

Anonymous said...

> janney:/root# portversion -v -l "<"

I think that should be pkg_version, not portversion.

Anonymous said...

Oops sorry, ignore that last comment. You learn something every day.

Anonymous said...
This comment has been removed by a blog administrator.