自宅サバをどうしようかなぁと、理想サバを考えてたらちょうどいいものがなくって、ないなら自作すればいいじゃないかーと価格コムとかでいろいろパーツを拾って見積もりをしてたんだけど、だいたいの構成が決まったから最後にもっかい検索したら、それに近いBTOがあってw 結局そっちの方がコストが安かった!
もう自作の時代は終わったのかと。ソケットがLGA1155のBTOにしといたらしばらくは問題ないだろうし。
パーツだけグレードアップすればまったく問題ないしなあ。
余談でした。
本題は、結構前にFreeBSDをいろいろ触ってた時に、インストール後の作業をスクリプト化してて、それがデスクトップにぽろっと置いたままだったので、サーバーのメモなのでアップしようと思います。
IPアドレスはアスタリスクで伏せたのと、もともと手入力のところもあるのでそのままでは使えないのであしからずなり。
コンソールログイン ------------------------------------- /etc/netstart service sshd start echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config echo 'UsePAM no' >> /etc/ssh/sshd_config service sshd restart ------------------------------------- ターミナルログイン vi setup.sh chmod 755 setup.sh ./setup.sh
=================================================== #!/bin/sh portsnap fetch portsnap extract portsnap update cdwhereis vim | awk '{ print $2 }'make BATCH=yes NO_GUI=yes install clean rehash cdwhereis portupgrade | awk '{ print $2 }'make BATCH=yes install clean rehash chmod 640 /usr/local/etc/pkgtools.conf freebsd-update fetch freebsd-update install cdwhereis sudo | awk '{ print $2 }'make BATCH=yes install clean rehash cdwhereis logrotate | awk '{ print $2 }'make BATCH=yes install clean rehash cd cp /usr/local/etc/logrotate.conf.sample /usr/local/etc/logrotate.conf mkdir /usr/local/etc/logrotate.d kldload ipl echo 'ipl_load="YES"' >> /boot/loader.conf echo 'ipfilter_enable="YES"' >> /etc/rc.conf echo 'ipfilter_rules="/etc/ipf.rules"' >> /etc/rc.conf echo 'ipfilter_flags=""' >> /etc/rc.conf echo 'ipmon_enable="YES"' >> /etc/rc.conf echo 'ipmon_flags="-D /var/log/ipflog"' >> /etc/rc.conf perl /usr/share/examples/ipfilter/mkfilters | grep -v inet6 > /etc/ipf.rules.sample cp /etc/ipf.rules.sample /etc/ipf.rules mkdir /usr/share/skel/public_html mkdir /usr/share/skel/log mkdir /usr/share/skel/etc/ cp -p /etc/localtime /usr/share/skel/etc/ chmod 555 /usr/share/skel/etc/ cat << EOF >> /etc/crontab 30 * * * * root /usr/sbin/ntpdate ntp1.sakura.ad.jp 0 3 * * * root /usr/sbin/portsnap cron && portsnap updte > /dev/null 0 4 * * * root /usr/sbin/freebsd-update cron 0 2 * * * root /usr/local/sbin/logrotate /usr/local/etc/logrotate.conf > /dev/null 2>&1 EOF crontab /root/cron.txt pw useradd takeken -m -d /home/takeken passwd takeken chmod 701 /home/takeken /usr/libexec/locate.updatedb cat << EOF > /etc/ipf.rules # # The following routes should be configured, if not already: # # route add ***.***.***.*** localhost 0 # block in log quick from any to any with ipopts block in log quick proto tcp from any to any with short ######################################################## pass in on em0 all head 100 block in from 127.0.0.0/8 to any group 100 block in from ***.***.***.***/32 to any group 100 block in proto udp all group 100 pass in quick proto tcp all flags A/A group 100 block return-rst in quick proto tcp from any to any port = 113 group 100 # FTP pass in quick proto tcp from any to any port = 20 flags S/SA keep state group 100 pass in quick proto tcp from any to any port = 21 flags S/SA keep state group 100 # SSH pass in quick proto tcp from any to any port = 22 flags S/SA group 100 # SMTP pass in quick proto tcp from any to any port = 25 flags S/SA group 100 #pass in quick proto tcp from any to any port = 53 flags S/SA group 100 #pass in quick proto udp from any to any port = 53 group 100 # HTTP pass in quick proto tcp from any to any port = 80 flags S/SA group 100 # POP3 pass in quick proto tcp from any to any port = 110 flags S/SA group 100 # IMAP pass in quick proto tcp from any to any port = 143 flags S/SA group 100 # HTTPS pass in quick proto tcp from any to any port = 443 flags S/SA group 100 # SMTPS pass in quick proto tcp from any to any port = 465 flags S/SA group 100 # IMAPS pass in quick proto tcp from any to any port = 993 flags S/SA group 100 # POP3S pass in quick proto tcp from any to any port = 995 flags S/SA group 100 # FTP PASV pass in quick proto tcp from any to any port 4000 >< 4029 flags S/SA keep state group 100 block in log quick proto tcp all flags S/SA group 100 pass in proto udp from any port = 53 to any group 100 pass in proto udp from any port = 123 to any group 100 block in log quick proto icmp all group 100 pass in log quick proto icmp all icmp-type 0 group 100 # RFC2979 pass in proto icmp all icmp-type 3 group 100 ######################################################## pass out on em0 all head 150 block out from 127.0.0.0/8 to any group 150 block out from any to 127.0.0.0/8 group 150 block out from any to ***.***.***.***/32 group 150 ######################################################## pass in quick on lo0 all pass out quick on lo0 all EOF ipf -Fa -Z -f /etc/ipf.rules sudo reboot ===================================================
ここから手動
vi /usr/local/etc/pkgtools.conf
MAKE_ARGS = {
'*' => [
'WITH_BDB_VER=42',
'WITHOUT_IPV6=yes',
'WITHOUT_X11=yes',
],
'www/apache22' => 'WITH_SUEXEC=yes SUEXEC_DOCROOT=/home',
'databases/mysql55-server' => 'WITH_CHARSET=utf8',
'lang/php5' => 'WITH_APACHE=yes',
'lang/php5-extensions' => 'WITH_GD=yes WITH_MBSTRING=yes WITH_MYSQL=yes',
}
vi .cshrc
alias vi vim
setenv EDITOR vim
if ($?prompt) then
set prompt = "[%n@%m %c]% "
↑追加
endif
vi ~/.vimrc
set nocompatible
set number
syntax enable
visudo
wheelOKに変更
pw useradd takeken -m -d /home/takeken
passwd takeken
chmod 701 /home/takeken
# vi /etc/group
wheel:*:0:root,takeken
loginしなおし
chsh
Shell: /bin/csh
↑変更する
vi .cshrc
alias vi vim
setenv EDITOR vim
if ($?prompt) then
set prompt = "[%n@%m %c]% "
↑追加
endif
# vi ~/.vimrc
set nocompatible
set number
syntax enable
# vi ~/.vimrcset nocompatibleset numbersyntax enable終わりー。
