Table of Contents

NetBSD Install Afterboot

See man afterboot for a guideline as to what to do next

Starting out

  • man ls

As the man page suggests, going through these steps will give you a warm fuzzy that you've at least got the basics going. Like the man page, this also assumes you have a basic knowledge of UNIX.

Security alerts

Set system to automatically update the database of known vulnerable packages: 

echo fetch_pkg_vulnerabilities=YES >> /etc/daily.conf

Login

Root logins over SSH are disabled by default. You can enable them if you want: 

vi /etc/ssh/sshd_config
PermitRootLogin yes
:x!
/etc/rc.d/sshd restart

Root password

  • man passwd
  • man su

Change the root password if you didn't already do it during the install. 

/usr/bin/passwd

System date

  • man date

Change the system timezone if you need to: 

ln -fs /usr/share/zoneinfo/America/Denver /etc/localtime

See what the timezone is set to: 

readlink /etc/localtime

Console settings

  • man 5 wscons.conf

Setup your keyboard map and console settings, if needed. The defaults are most likely fine. 

vi /etc/wscons.conf

Check hostname

Set the system hostname, if needed. 

vi /etc/rc.conf
hostname=my-netbsd-server

Verify network interface configuration

  • man 8 ifconfig
  • man 8 dhclient
  • man 5 dhclient.conf

Run ifconfig to get your device name, and make sure the driver is loaded. The first word on the first line is the device name. For example, wm0.

Setup the system to get an IP address through DHCP: 

echo dhclient=YES >> /etc/rc.conf

Checking routing tables

Verify you can get online: 

netstat -rn

The default gateway address is set in the defaultroute variable in /etc/rc.conf or in the file /etc/mygate. If you edit either file, restart the network: 

/etc/rc.d/network restart

Secure Shell (SSH)

By default, all services are disabled on boot with a fresh install. Go ahead and start the SSH server if you haven't already, to get remote access: 

/etc/rc.d/sshd start

Update rc.conf to start sshd on boot: 

echo sshd=YES >> /etc/rc.conf

BIND Name Server (DNS)

Unless you want to setup a nameserver, you can ignore this.

RPC-based network services

Skip it for beginner setups.

YP (NIS) Setup

Skip it for beginner setups.

Check disk mounts

  • man 8 mount
  • man 8 umount
  • man df

Verify that everything is partitioned and mounted correctly. If this is a clean install, and you just booted into it, it'd be pretty obvious if it wasn't. 

cat /etc/fstab
mount
df
pstat -s

Concatenated disks (ccd)

Automounter daemon (AMD)

Clock synchronization

  • man date
  • man 8 ntpdate
  • man 8 ntpd
  • man 8 rdate
  • man 8 timed
echo ntpdate=YES >> /etc/rc.conf
echo ntpd=YES >> /etc/rc.conf

CHANGING /etc FILES

Add new users

  • man 8 useradd
  • man 8 groupadd
  • man 8 user

System boot scripts and /etc/rc.local

rc.conf

X Display Manager

Printers

Tighten up security

Kerberos

Mail aliases

Postfix

DHCP server

Bootparam server

NFS server

HP remote boot server

Daily, weekly, monthly scripts

Other files in /etc

Crontab (background running processes)

  • man 5 crontab

Next day cleanup

Packages

Check the running system

  • man ps
  • man netstat
  • man fstat
  • man systat
  • man top

SYSTEM TESTING

  • man 7 tests
  • man 7 atf
  • man atf-run
  • man atf-test-program

Download the tests.tgz file set, and extract it to the root directory. 

tar -C / -zxf tests.tgz

Run the system tests, saving the output for review: 

atf-run | tee ~/tests.log | atf-report

Trace: centos_apache_security netbsd_install_afterboot

Navigation
QR Code
QR Code netbsd_install_afterboot (generated for current page)