• FreeBSD ¹⁾
• 14.2-RELEASE ²⁾

• freebsd
• Lastest pkgs freebsd-latest
• Oak = ASUS motherboard Legacy/MBR with Phenom II X4 (TODO: mobo name)

• https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/14.2/

FreeBSD-14.2-RELEASE-amd64-mini-memstick.img

• https://docs.freebsd.org/en/books/handbook/bsdinstall/#bsdinstall-partitioning

• ZFS
• stripe (1 SATA SSD)
• Not forced 4K Sectors
• GPT (BIOS)

• https://docs.freebsd.org/en/books/handbook/bsdinstall/#bsdinstall-sysconf

• [x] local_unbound
• [x] sshd
• [x] ntpd
• [x] ntpd_sync_on_start

• https://docs.freebsd.org/en/books/handbook/bsdinstall/#bsdinstall-hardening

• [x] Everything

• https://docs.freebsd.org/en/books/handbook/bsdinstall/#bsdinstall-addusers

• Invite to other groups: wheel
• Shell: sh

• Static on Ethernet (em0)

• Post-install

• https://docs.freebsd.org/en/books/handbook/cutting-edge/#freebsdupdate-security-patches

su -

freebsd-update fetch install

sync && reboot

su -

pkg update --force

pkg upgrade

freebsd-update fetch install && pkg update --force && pkg upgrade

su - 'root' -c 'freebsd-update fetch install && pkg update --force && pkg upgrade'

ssh '192.168.1.152' -t "su - 'root' -c 'freebsd-update fetch install && pkg update --force && pkg upgrade'"

su -

pkg install aria2 en-freebsd-doc htop libressl unar wget

• operator to allow general reboot/power-off

su -

pw groupmod 'operator' -m 'espionage724'

su -

ee '/boot/loader.conf'

security.bsd.allow_destructive_dtrace=0
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES"
zfs_load="YES"
autoboot_delay="2"
hw.usb.no_boot_wait="1"

su -

ee '/etc/rc.conf'

clear_tmp_enable="YES"
syslogd_flags="-ss"
hostname="Oak"
ifconfig_em0="inet 192.168.1.152 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
ifconfig_em0_ipv6="inet6 accept_rtadv"
local_unbound_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
moused_nondefault_enable="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"
nginx_enable="YES"
php_fpm_enable="YES"

• https://docs.freebsd.org/en/books/handbook/network/#configuring-nameserver
• Already done during install by local_unbound

cat '/etc/rc.conf' | grep 'local_unbound_enable'

cat '/etc/resolv.conf'

su -

ee '/etc/resolv.conf'

nameserver 127.0.0.1
options edns0

• TODO

• TODO zfs_nas_format

su -

gpart show

gpart destroy -F 'da1'

dd if='/dev/zero' of='/dev/da1' count='8096'

su -

camcontrol devlist

dmesg | grep 'ugen'

usbconfig -d '/dev/ugen0.6' power_off

awk -F":" '{print $1}' /etc/passwd

awk -F":" '{print $1}' /etc/group

su -

pw userdel 'x' -r

pw groupdel 'x'

• x is a package name

pkg info -l x

pkg autoremove

• TODO: Test

rm -f ~/'.sh_history' & exit

pkg info -l 'en-freebsd-doc'

ee '/usr/local/share/doc/freebsd/en/books/handbook'

su - root -c "sysctl 'dev.cpu.0.freq' 'dev.cpu.1.freq' 'dev.cpu.2.freq' 'dev.cpu.3.freq' 'dev.cpu.4.freq' 'dev.cpu.5.freq' 'dev.cpu.6.freq' 'dev.cpu.7.freq'"

su - root -c 'ntpd -g -q'

su -

'/etc/netstart'

service 'netif' restart

• https://bsd-hardware.info/
• https://bsd-hardware.info/?view=howto

su -

pkg install 'hw-probe'

hw-probe -all -upload

newsyslog -v -CC -N

cat '/dev/null' > '/var/log/all.log'

cat '/dev/null' > '/var/log/Xorg.0.log'

gio open '/var/log'

ls -la '/var/log'

• Uncomment

su -

ee '/etc/syslog.conf'

#*.*                                            /var/log/all.log

su -

touch '/var/log/all.log' && chmod '600' '/var/log/all.log'

su -

ee '/var/log/all.log'

• TODO