01 - FreeBSD Server installation, basic customization, security fixes, ports update, kernel configuration

After a basic installation, it is advisable to update a FreeBSD server, kernel and packages, to avoid leaving open security holes. It's a good moment to select what parts of the operating systems are built when updating the kernel and base system from sources, to update the ports tree and to update the installed packages.

System update customization

# pkg_add -vr portupgrade
# cat << DELIMITER >> /etc/make.conf
SUP_UPDATE=
SUPFLAGS=       -L 2
SUPHOST=        cvsup.uk.FreeBSD.org
SUPFILE=        /usr/share/examples/cvsup/standard-supfile
PORTSSUPFILE=   /usr/share/examples/cvsup/ports-supfile
KERNCONF=CUSTOM
WRKDIRPREFIX=/var/tmp
DELIMITER


System components selection

# cat << DELIMITER >> /etc/src.conf
WITHOUT_ATM=
WITHOUT_BIND_DNSSEC=
WITHOUT_BIND_ETC=
WITHOUT_BIND_MTREE=
WITHOUT_BIND_NAMED=
WITHOUT_BLUETOOTH=
WITHOUT_INFO=
WITHOUT_IPFILTER=
WITHOUT_IPX=
WITHOUT_IPX_SUPPORT=
WITHOUT_KERBEROS=
WITHOUT_KERBEROS_SUPPORT=
WITHOUT_LPR=
WITHOUT_NCP=
WITHOUT_NDIS=
WITHOUT_PORTSNAP=
WITHOUT_PROFILE=
WITHOUT_ROUTED=
WITHOUT_WIRELESS=
WITHOUT_WIRELESS_SUPPORT=
WITHOUT_WPA_SUPPLICANT_EAPOL=
DELIMITER

Kernel configuration file

# cat << DELIMITER > /usr/src/sys/i386/conf/CUSTOM
include GENERIC
ident    CUSTOM
nocpu    I486_CPU
nomakeoptions    DEBUG
options    IPFIREWALL
options    IPFIREWALL_VERBOSE
options    IPFIREWALL_VERBOSE_LIMIT=1000
options    IPFIREWALL_DEFAULT_TO_ACCEPT
options    IPFIREWALL_FORWARD
options    DUMMYNET
# device    pf
# device    pflog
DELIMITER

System update

# cd /usr/src; make update; make -j4 buildworld; make -j4 buildkernel;
# cd /usr/src; make installkernel; reboot [single user]
# cd /usr/src; make installworld; exit|reboot
# mkdir -p /usr/ports/packages/All
# cd /usr/ports; make update; make fetchindex;
# cd /usr/ports/lang/perl5.16; portupgrade -Np
# pkgdb -F
[ remove pkg-config package if asked, it is now replaced by devel/pkgconf ]
# portupgrade -o devel/pkgconf pkgconfig
# portupgrade -rRbpia




Next: Install the database server, MySQL

Comments