Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The first thing every system administrator should perform after a fresh installation of an
operating system is to make sure the system is up-to-date with the latest security patches and the
latest versions of the kernel, package manager and software packages.
In order to update FreeBSD, open a console in the system with root privileges and issue the
following commands.
# freebsd-update fetch
# freebsd-update install
To update “Ports” package manager and installed software run the below command.
# pkg update
# pkg upgrade
Update FreeBSD Packages
2. Install Editors and Bash
In order to ease the job managing the system from command line you should install the following
packages:
By default, FreeBSD SSH service won’t allow the root account to perform remote logins
automatically. Although, disallowing remote root logins via SSH measure is mainly designed to
secure the service and your system, there are cases where sometimes you need to authenticate via
SSH with root.
To change this behavior, open SSH main configuration file and update the
line PermitRootLogin from no to yesas illustrated in the below screenshot.
# nano /etc/ssh/sshd_config
File excerpt:
PermitRootLogin yes
Secure SSH on FreeBSD
Afterwards, restart SSH daemon to apply changes.
To test the configuration you can login from Putty Terminal or from remote Linux maching
using the following syntax.
To generate a new SSH key issue the following command. You can copy the public to another
server instance and securely login to the remote server without a password.
# ssh-keygen –t RSA
# ssh root@remote.IP
Generate SSH Key on FreeBSD
Sudo is a software which is designed to allow a common user to execute commands with the
security privileges of the superuser account. Sudo utility is not installed by default in FreeBSD.
To install sudo in FreeBSD run the following command.
In order to allow a regular system account to run command with root privileges,
open sudoers configuration file, located in /usr/local/etc/ directory, for editing by executing
visudo command.
Navigate through the content of the file and add the following line, normally after the root line:
Always use visudo command in order to edit sudoers file. Visudo utility contains build-in
capabilities to detect any error while editing this file.
Afterwards, save the file by pressing :wq! on your keyboard, login with the user who you’ve
granted root privileges and execute an arbitrary command by appending sudo in front the
command.
# su - yoursuer
# visudo
%wheel ALL=(ALL=ALL)ALL
Allow Sudo Access on User
6. Managing Users on FreeBSD
The process of adding a new user is pretty straightforward. Just run adduser command and
follow the interactive prompt in order to finalize the process.
In order to modify the personal information of a user account, run the chpass command against
a usernameand update the file. Save the file opened with vi editor by pressing :wq! keys.
# chpass your_user
Change User Info on FreeBSD
To update a user password, run passwd command.
# passwd your_user
To change an account default shell, first list all present shells in your system and then
execute chsh commandas illustrated below.
# cat /etc/shells
Regular FreeBSD permanent network settings can be manipulated by editing /etc/rc.conf file. In
order to configure a network interface with static IP address on FreeBSD.
First run ifconfig -a command to display a list of all NICs and identify the name of the interface
you want to edit.
Then, manually edit /etc/rc.conf file, comment the DHCP line and add your NIC’s IP settings as
illustrated below.
#ifconfig_em0="DHCP"
#Default Gateway
defaultrouter="192.168.1.1"
DNS nameserver resolvers can be manipulated via editing /etc/resolv.conf file as presented in the
below example.
nameserver your_first_DNS_server_IP
nameserver your_second_DNS_server_IP
search your_local_domain
hostname=”freebsdhost”
To add multiple IP address for a network interface on FreeBSD add the below line
in /etc/rc.conf file.
Services can be managed in FreeBSD via service command. To list all system-wide enabled
services issue the following command.
# service -e
List FreeBSD Services
To list all services scripts located in /etc/rc.d/ system path run the below command.
# service -l
List FreeBSD Service Scripts
To enable or disable a FreeBSD daemon during boot initialization process, use sysrc command.
Assuming that you want to enable SSH service, open /etc/rc.conf file and append the following
line.
sshd_enable=”YES”
# sysrc sshd_enable=”YES”
Enable and Disable Service on FreeBSD
To disable a service system-wide, append the NO flag for the disabled daemon as presented
below. The daemons flags are case insensitive.
# sysrc apache24_enable=no
Disable Service in FreeBSD
Is worth mentioning that some services on FreeBSD require special attention. For example, if
you want to only disable Syslog daemon network socket, issue the following command.
# sysrc syslogd_flags="-ss"
sysrc sendmail_enable="NO"
sysrc sendmail_submint_enable="NO"
sysrc sendmail_outbound_enable="NO"
sysrc sendmail_msp_queue_enable="NO"
In order to display a list of open ports in FreeBSD use the sockstat command.
List all IPv4 network sockets on FreeBSD.
# sockstat -4
List Ipv4 Ports on FreeBSD
Display all IPv6 network sockets on FreeBSD.
# sockstat -6
# sockstat -4 -6
List FreeBSD Open Ports
List all connected sockets on FreeBSD.
# sockstat -c
# sockstat -l
To display all IPv4 and IPv6 network sockets with lsof command, append the following flags.
Or run the command without -n flag in order to display the name of the opened sockets in
listening state.
Reference:
Cezar M. “10 Things to Do After Fresh Installation of FreeBSD”, 2017, retrived from
https://www.tecmint.com/things-to-do-after-installing-freebsd/