From owner-freebsd-questions@FreeBSD.ORG Mon Oct 27 21:54:18 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DE7B3D7 for ; Mon, 27 Oct 2014 21:54:17 +0000 (UTC) Received: from smtp-vbr8.xs4all.nl (smtp-vbr8.xs4all.nl [194.109.24.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8EA65A76 for ; Mon, 27 Oct 2014 21:54:16 +0000 (UTC) Received: from slackbox.erewhon.home (slackbox.xs4all.nl [83.162.243.5]) by smtp-vbr8.xs4all.nl (8.13.8/8.13.8) with ESMTP id s9RLsEXs075332; Mon, 27 Oct 2014 22:54:14 +0100 (CET) (envelope-from rsmith@xs4all.nl) Received: by slackbox.erewhon.home (Postfix, from userid 1001) id 1C28A12426; Mon, 27 Oct 2014 22:54:14 +0100 (CET) Date: Mon, 27 Oct 2014 22:54:14 +0100 From: Roland Smith To: Phil Subject: Re: Brand New User question Message-ID: <20141027215414.GB53021@slackbox.erewhon.home> Mail-Followup-To: Phil , freebsd-questions@freebsd.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FkmkrVfFsRoUs1wW" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2014 21:54:18 -0000 --FkmkrVfFsRoUs1wW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 27, 2014 at 03:25:18PM -0500, Phil wrote: > Hi folks, > I'm just starting out with FreeBSD and very new to this environment. > Could someone please point me in the direction of where I would find a > "should- do" or "must-do" list after installing FreeBSD 10.0 for the > first time. The key points would be security (the box is connected to the > net) Read security(7). Unless you're logging into the console, set up ssh keys to log in to the machine. Do not allow root logins over ssh, and mark all consoles as insecu= re in /etc/ttys. Set up a simple firewall at this point that denies incoming packets unless they are related to earlier packets you sent yourself. A more elaborate set= up can come later. Install whatever ports(7) that you need for convenience; vim, rsync, git (to name a few). In my opinion a really important thing is set to up a subdirectory in your home-directory where you keep all relevant configuration files *under revis= ion control*. Restrict access to that directory to yourself only. Personally I like to use git for revision control. But it doesn't really matter what sys= tem you use (for text-based config files even RCS would be OK) as long as you u= se *something*. This directory should include an installation script or Makefi= le to install the config files in /etc, /usr/local/etc or whereever they need = to go. This is a great way to keep on top of changes and prevent oh-shit momen= ts. Start by importing en commiting every file that you need to change from /et= c, /usr/local/etc. Edit and test one config file at a time if possible. At this time you can start installing and enabling the services that your machine needs to run. Some services can run in a jail. Using that might be worthwhile, especially for web servers and PHP. Check if you can live with a kern.securelevel > 0. (This won't work if you want to run X11.) > and where / how can I get the latest updates. That depends. You could use freebsd-update(8) for binary updates or track t= he source tree using svnlite. > Also, is it fair to > assume that during the installation process, the boot drive was configured > as ZFS? I saw no reference to that during the O/S load. Only if you chose it in the partitioning screen in the installer on 10.x and later. Hope this helps. Roland --=20 R.F.Smith http://rsmith.home.xs4all.nl/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0) --FkmkrVfFsRoUs1wW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUTr8FAAoJEED21dyjijPgICUP/00V7SuEKBpTsd6OKzKE9Eff x5CelgEF+mpsKIj3UK3BWZoCE+H11jG0Kld9pWAdF19r6C2zmgMb51jKoRWFfH8Z RA9L/HJJmGMp5CZEbuaNA7kXDH3Xz36RFNuyx7Rio9YSjxyWDmMB7lT2/ukm0nj3 jclu7wEl0xXTRi8V1Loj4mXGINlplUCFOd8bE4k41Hyrwdgh2W6RBx0AvYlFX4/N GcsMYBFmi+A6Es9tjHVJbJ8ceTyU1QaiqQWJgb7IjIFSXwMRoIjj90CTI4TeAmum 4HGjZT+m5m4V84mOeFw3ab1j1VM55hEoxmmPvTHWLgG/cC2D19+nXOzw0abtYGs3 3PGnVUqr0ogLPbRG05ljwnu5e/qVvb/ms2th8oVupYdYC6KuP+tn4Bpk88qSxRQF 18gUJ/H5F0MM9baAb5fnCxjCn51DAkYxcHUusPOMEeB8Mm+WPhJ1Deq/XaqJbgQe +w8aOXHHxk1nW9LKA4+qmZhqvMFb9DOxOdHKClQtywFKFGW1drcf9BrfgV71Vb6h ZESUO4hNj/EdrIYJ2q5EnX2jk9qN9S9tG7wVCo1cQ/Gyk/+bKT97+pYByyYIHb0l EC9FBuju7p5wTO57cx05LeC33bC9KTA8MkU2xNzhBxj/g6+HVo3VotYHC3h11yd9 CwJ2QBmAiOmtctEB4sXp =5GWV -----END PGP SIGNATURE----- --FkmkrVfFsRoUs1wW--