Posts Tagged ‘chpass’

FreeBSD post install configuration steps to make on fresh FreeBSD install to make ready for server and Desktop use

Saturday, October 28th, 2017

Reading Time: 3minutes


1. Update binary packages

First thing to do just like on any new operating system install is to update / patch the server

# freebsd-update fetch
# freebsd-update install


2. Update FreeBSD port packages

As a FreeBSD administrator you will need ports every now and then so make sure you have them at their latest release for your FBSD release


# pkg update
# pkg upgrade


3. Install editors and bash


# pkg install nano vim joe bash bash_completion


4. Install sudo

To be able to run commands without becoming superuser root just like on any Linux you will probably want to have sudo package installed

# pkg install sudo


Sudo config file is under /usr/local/etc/sudoers

To edit it with syntax check enabled use visudo


# visudo

# sudo pkg update


If you want a regular account to have root superuser edit / modify and do things permissions


# pw groupmod wheel -M your_user_name


Then to make the wheel permissions work add to sudoers:


%wheel    ALL=(ALL=ALL)    ALL

5. FreeBSD modify personal information for account


# chpass your_user_name

To change your account and others to use bash instead of default freebsd csh


# csh -s /bin/bash your_user_name


7. Set a Static IP address for a FreeBSD server and configure DNS

Edit /etc/rc.local to look something like so


ifconfig_em0="inet netmask"
# default gateway


/etc/rc.conf is also the file where you can easily enable / disable freebsd startup scripts

To restart network interafaces just like Debian Linux's /etc/init.d/networking restart type


# service netif restart
# service routing restart


To set Google DNS in FreeBSD just like in Linux add the IPs with nameserver prefix to /etc/resolv.conf


# echo 'nameserver' >> /etc/resolv.conf
# echo 'nameserver' >> /etc/resolv.conf
# echo 'search your-domain-name' >> /etc/resolv.conf


– If you need to change the hostname of the FreeBSD server change in /etc/rc.conf


– To add multiple IP addresses to a network interface on FBSD add line like below to /etc/rc.conf

ifconfig_em0_alias0=" netmask"
ifconfig_em0_alias1=" netmask"

To apply changes and bring up the newly set multiple IPs

# service netif restart

8. Setting up proper timezone

If for some reason the Time zone is improperly set during FreeBSD install, you can later set that with

# tzsetup

9. Set up ntp time server synchronization daemon

# vim /etc/rc.conf


First command will bring up NTP server at start up and second make it synchroniza with Internet NTP servers, to restart ntp so it set proper time

# service ntpd start

10. Add additional SWAP space to FreeBSD server after install

– First we need to create the swap file with command and then set up proper permissions for it

# truncate -S 3G /swapf
# chmod 0600 /swapf

– Then to make the swapf being used on boot we need to add it to /etc/fstab

# echo "md99 none swap sw,file=/swapf,late 0 0" >> /etc/fstab

To immediately apply the new added swap to be used by the system run:

# swapon -aqL

To check various things on how swap is configured use

# swapinfo -g

11. Configure Firewall in FreeBSD

# vim /etc/rc.conf


A very basic firewall to add to ipfw.rules file would be something like so:

    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any
    # open port ftp

    $IPF 110 allow tcp from any to any 21 in
    $IPF 120 allow tcp from any to any 21 out

    # 22 for ssh
    $IPF 130 allow tcp from any to any 22 in
    $IPF 140 allow tcp from any to any 22 out

    # mail port 25

    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out

    # dns (53) udp and tcp in
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in

    # dns (53) udp and tcp out
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out

    # http (80),
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    # deny and log everything
    $IPF 500 deny log all from any to any

To launch the firewall

# service ipfw start

To list current FreeBSD Firewall rules use

# ipfw list

Finally if you need to check your connections to the server just like Linux's netstat you might consider using sockstat comand

# sockstat -4 -6

– 4 -6 will list you network connections for ipv4 and ipv6 both tcp and udp