Sysadmin > FreeBSD > FreeBSDAfterboot

FreeBSD Afterboot

sshd.conf

within bsdinstall shell!
ssh
   ssh port
   allow root

Some common best practice files

create ~/CHANGES
   # logfile for every major change   
create ~/TODO
   # stack of todos you have to remember while installing something
create ~/EXPL
   # seldom used but interesting or usefull commands

ZFS

usefull zfs commands
zfs create zroot/usr/local
zfs create -o mountpoint=/opt zroot/opt
zfs create -o mountpoint=/opt/pkg zroot/opt/pkg
# zfs (Solaris)
# ZFS
# snapshots
zfs snapshot tank/home/ahrens@friday
zfs list -t snapshot
zfs destroy tank/home/ahrens@now
zfs rollback tank/home/ahrens@tuesday
zfs rollback -r tank/home/ahrens@tuesday
zfs rollback -f tank/home/ahrens@tuesday

migrate with rsync

rsync -rvpEt /mnt/<pool name>/<dataset name>/<directory> /mnt/<pool name>/<new dataset name>/

configure a proxy

Add this to /etc/csh.cshrc
setenv HTTP_PROXY http://10.130.16.196:3128/
setenv HTTPS_PROXY https://10.130.16.196:3128/

Add this to ~/.subversion/servers
http-proxy-host = 10.130.16.196
http-proxy-port = 3128

update FreeBSD from source

Checkout

svnlite checkout https://svn.FreeBSD.org/base/stable/12 /usr/src
with proxy in ~/.subversion/servers

 rm -rf /usr/src/*
 svn checkout https://svn.freebsd.org/base/stable/12 /usr/src
# or head
 svn checkout https://svn.freebsd.org/base/head /usr/src
 svn checkout https://svn.freebsd.org/ports/head /usr/ports
 svn checkout https://svn.freebsd.org/doc/head /usr/doc
#
   cd /usr/src 
   /usr/bin/make -j4 buildworld buildkernel

Update
https://www.freebsd.org/doc/handbook/makeworld.html

 svn update /usr/src
check /usr/src/UPDATING
 cd /usr/src
 make -j4 buildworld
 make -j4 buildkernel
make installkernel
shutdown -r now
 cd /usr/src
 make installworld
 mergemaster -Ui
 shutdown -r now

ports

zfs create zroot/usr/local

pkg update
pkg upgrade
pkg prime-list
pkg prime-origins
pkg install vim-console
pkg install tmux
pkg install lsof

more aliases in usr/local/etc/pkg.conf

example commands
 svn checkout https://svn.freebsd.org/ports/head /usr/ports
pkg search wordpress
pkg install wordpress
pkg version
pkg update

pkg audit -F %D% _check for updates_

packages you might want to install
pkg install vim-console
pkg install tmux
pkg install lsof

portsnap fetch
portsnap extract
portsnap update

ntp

ntpq -p
# leapsecond
fetch http://www.ietf.org/timezones/data/leap-seconds.list
fetch --no-verify-peer http://www.ietf.org/timezones/data/leap-seconds.list
mv leap-seconds.list /var/db/ntpd.leap-seconds.list
service ntpd restart
or 
/etc/rc.d/ntpd restart
tail /var/log//messages | grep leapsecond

May 21 11:47:32 myhost ntpd[72908]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
May 21 11:47:32 myhost ntpd[72908]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2017-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
May 21 11:47:32 myhost ntpd[72908]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): expired less than 510 days ago

May 21 11:50:57 myhost ntpd[93714]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
May 21 11:50:57 myhost ntpd[93714]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2019-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37

fetch http://www.ietf.org/timezones/data/leap-seconds.list
Certificate verification failed for /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
34370654208:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1924:
fetch: http://www.ietf.org/timezones/data/leap-seconds.list: Authentication error

Jails

zfs create -o mountpoint=/jail zroot/jail
mkdir /zroot/tmpl
cd /usr/src
make installworld DESTDIR=/jail/tmpl
pkg install cpdup
cpdup /usr/src /jail/tmpl/usr/src
cpdup /usr/ports /jail/tmpl/usr/ports


pkgsrc

/cd /usr
ftp ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc.tar.gz
tar xvfz pkgsrc.tar.gz

# zfs partition
zfs create -o mountpoint=/opt zroot/opt
zfs create -o mountpoint=/opt/pkg zroot/opt/pkg

# bootstrap pkgsrc
cd /usr/pkgsrc/bootstrap
   ./bootstrap --pkgdbdir /opt/pkg/db/pkg --prefix /opt/pkg --sysconfdir /opt/pkg/etc --workdir=/tmp/work --varbase /var/opt/pkg --full

# set PATH
# add /opt/pkg/sbin:/opt/pkg/bin to PATH
setenv PATH /opt/pkg/sbin:/opt/pkg/bin:$PATH in .cshrc or in /etc/?

# add to /opt/pkg/etc/mk.conf
   PACKAGES=               /opt/packages
   DISTDIR=                /opt/distfiles

# install the first set of packages
   cd ../../devel/subversion-base; bmake install package
   cd ../../scmcvs/; bmake install package
   cd ../../editors/vim;  echo "ACCEPTABLE_LICENSES+= vim-license" >> /opt/pkg/etc/mk.conf  ; bmake install package
   cd ../../pkgtools/pkgclean;
   cd ../../misc/tmux
   cd ../../sysutils/ipmitool

update pkgsrc repository

# initial
cd /usr && cvs -q -z2 -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -r pkgsrc-2019Q1 -P pkgsrc
# 
cd /usr/pkgsrc && cvs update -dP
cd /usr/pkgsrc && cvs update -dP -rpkgsrc-2019Q1
cd /usr/pkgsrc && cvs update -dP -rpkgsrc-

update packages

pkg_chk -i

#Update pkgsrc packages
setenv ALLOW_VULNERABLE_PACKAGES
pkg_rolling-replace -ksuvX bmake,bootstrap-mk-files,pax,pkg_install
/usr/bin/make update CLEANDEPENDS=yes
cd ../../devel/bmake
bmake USE_DESTDIR=yes package
pkg_add -uu /usr/pkgsrc/packages/All/bmake...tgz



Update the ports tree
portsnap fetch update
Eventually upgrade pkg
cd /usr/ports/ports-mgmt/pkg; make install clean
Then convert your /var/db/pkg database to the new pkg format
pkg2ng
Install update tool
cd /usr/ports/ports-mgmt/portmaster; make install clean
List categories and search for updates
portmaster -L
upgrade all outdated ports
portmaster -a