FreeBSD Deployment

System Upgrade

Upgrade to the latest RELEASE of FreeBSD:

freebsd-update -r 9.0-RELEASE upgrade
freebsd-update -r 9.0-RELEASE install
reboot
freebsd-update -r 9.0-RELEASE install

Services

  • Add postfix to startup
  • Add httpd module to be loaded from kernel
  • Start SSH, Apache in rc.conf
DenyHosts
echo denyhosts_enable=YES >> /etc/rc.conf

Add to /etc/hosts.allow:

sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow

Create file:

touch /etc/hosts.deniedssh

Warning:

syslogd should ideally be run with the -c option; this will ensure that denyhosts notices multiple repeated login attempts.

To do this, add syslogd_flags=-c to /etc/rc.conf

Research

Add these files to ports lists if needed:

  • sysutils/logrotate
  • sysutils/syslog-ng

Need:

  • firewall
  • backup-manager
  • Automated way to install kernel sources, mount linuxproc for htop
  • install PEAR