FreeBSDインストール後のスクリプト

自宅サバをどうしようかなぁと、理想サバを考えてたらちょうどいいものがなくって、ないなら自作すればいいじゃないかーと価格コムとかでいろいろパーツを拾って見積もりをしてたんだけど、だいたいの構成が決まったから最後にもっかい検索したら、それに近いBTOがあってw 結局そっちの方がコストが安かった!

もう自作の時代は終わったのかと。ソケットがLGA1155のBTOにしといたらしばらくは問題ないだろうし。
パーツだけグレードアップすればまったく問題ないしなあ。

余談でした。

本題は、結構前にFreeBSDをいろいろ触ってた時に、インストール後の作業をスクリプト化してて、それがデスクトップにぽろっと置いたままだったので、サーバーのメモなのでアップしようと思います。
IPアドレスはアスタリスクで伏せたのと、もともと手入力のところもあるのでそのままでは使えないのであしからずなり。

コンソールログイン

-------------------------------------
/etc/netstart
service sshd start

echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
echo 'UsePAM no' >> /etc/ssh/sshd_config
service sshd restart
-------------------------------------

ターミナルログイン

vi setup.sh
chmod 755 setup.sh
./setup.sh
===================================================
#!/bin/sh

portsnap fetch
portsnap extract
portsnap update

cd `whereis vim | awk '{ print $2 }'`
make BATCH=yes NO_GUI=yes install clean
rehash

cd `whereis portupgrade | awk '{ print $2 }'`
make BATCH=yes install clean
rehash
chmod 640 /usr/local/etc/pkgtools.conf

freebsd-update fetch
freebsd-update install

cd `whereis sudo | awk '{ print $2 }'`
make BATCH=yes install clean
rehash

cd `whereis logrotate | awk '{ print $2 }'`
make BATCH=yes install clean
rehash
cd
cp /usr/local/etc/logrotate.conf.sample /usr/local/etc/logrotate.conf
mkdir /usr/local/etc/logrotate.d

kldload ipl
echo 'ipl_load="YES"' >> /boot/loader.conf
echo 'ipfilter_enable="YES"' >> /etc/rc.conf
echo 'ipfilter_rules="/etc/ipf.rules"' >> /etc/rc.conf
echo 'ipfilter_flags=""' >> /etc/rc.conf
echo 'ipmon_enable="YES"' >> /etc/rc.conf
echo 'ipmon_flags="-D /var/log/ipflog"' >> /etc/rc.conf

perl /usr/share/examples/ipfilter/mkfilters | grep -v inet6 > /etc/ipf.rules.sample
cp /etc/ipf.rules.sample /etc/ipf.rules

mkdir /usr/share/skel/public_html
mkdir /usr/share/skel/log
mkdir /usr/share/skel/etc/
cp -p /etc/localtime /usr/share/skel/etc/
chmod 555 /usr/share/skel/etc/

cat << EOF >> /etc/crontab
30      *       *       *       *       root    /usr/sbin/ntpdate ntp1.sakura.ad.jp
0       3       *       *       *       root    /usr/sbin/portsnap cron && portsnap updte > /dev/null
0       4       *       *       *       root    /usr/sbin/freebsd-update cron
0       2       *       *       *       root    /usr/local/sbin/logrotate /usr/local/etc/logrotate.conf > /dev/null 2>&1
EOF

crontab /root/cron.txt

pw useradd takeken -m -d /home/takeken
passwd takeken
chmod 701 /home/takeken
/usr/libexec/locate.updatedb

cat << EOF > /etc/ipf.rules
#
# The following routes should be configured, if not already:
#
# route add ***.***.***.*** localhost 0
#

block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short

########################################################
pass in on em0 all head 100

block in from 127.0.0.0/8 to any group 100
block in from ***.***.***.***/32 to any group 100

block in proto udp all group 100

pass in quick proto tcp all flags A/A group 100

block return-rst in quick proto tcp from any to any port = 113 group 100

# FTP
pass in quick proto tcp from any to any port = 20 flags S/SA keep state group 100
pass in quick proto tcp from any to any port = 21 flags S/SA keep state group 100

# SSH
pass in quick proto tcp from any to any port = 22 flags S/SA group 100

# SMTP
pass in quick proto tcp from any to any port = 25 flags S/SA group 100

#pass in quick proto tcp from any to any port = 53 flags S/SA group 100
#pass in quick proto udp from any to any port = 53 group 100

# HTTP
pass in quick proto tcp from any to any port = 80 flags S/SA group 100

# POP3
pass in quick proto tcp from any to any port = 110 flags S/SA group 100

# IMAP
pass in quick proto tcp from any to any port = 143 flags S/SA group 100

# HTTPS
pass in quick proto tcp from any to any port = 443 flags S/SA group 100

# SMTPS
pass in quick proto tcp from any to any port = 465 flags S/SA group 100

# IMAPS
pass in quick proto tcp from any to any port = 993 flags S/SA group 100

# POP3S
pass in quick proto tcp from any to any port = 995 flags S/SA group 100

# FTP PASV
pass in quick proto tcp from any to any port 4000 >< 4029 flags S/SA keep state group 100

block in log quick proto tcp all flags S/SA group 100

pass in proto udp from any port = 53 to any group 100

pass in proto udp from any port = 123 to any group 100

block in log quick proto icmp all group 100
pass in log quick proto icmp all icmp-type 0 group 100

# RFC2979
pass in proto icmp all icmp-type 3 group 100

########################################################
pass out on em0 all head 150
block out from 127.0.0.0/8 to any group 150
block out from any to 127.0.0.0/8 group 150
block out from any to ***.***.***.***/32 group 150

########################################################
pass in quick on lo0 all
pass out quick on lo0 all

EOF

ipf -Fa -Z -f /etc/ipf.rules

sudo reboot
===================================================
ここから手動

vi /usr/local/etc/pkgtools.conf  
MAKE_ARGS = {
        '*' => [
        'WITH_BDB_VER=42',
        'WITHOUT_IPV6=yes',
        'WITHOUT_X11=yes',
        ],
        'www/apache22' => 'WITH_SUEXEC=yes SUEXEC_DOCROOT=/home',
        'databases/mysql55-server' => 'WITH_CHARSET=utf8',
        'lang/php5' => 'WITH_APACHE=yes',
        'lang/php5-extensions' => 'WITH_GD=yes WITH_MBSTRING=yes WITH_MYSQL=yes',
  }

vi .cshrc
alias vi    vim
setenv    EDITOR vim
if ($?prompt) then
     set prompt = "[%n@%m %c]% "
     ↑追加
    endif

vi ~/.vimrc
set nocompatible
set number
syntax enable

visudo

wheelOKに変更

pw useradd takeken -m -d /home/takeken
passwd takeken
chmod 701 /home/takeken

# vi /etc/group
    wheel:*:0:root,takeken

loginしなおし

chsh
Shell: /bin/csh
↑変更する

vi .cshrc
alias vi    vim
setenv    EDITOR vim
if ($?prompt) then
     set prompt = "[%n@%m %c]% "
     ↑追加
    endif

# vi ~/.vimrc
set nocompatible
set number
syntax enable

# vi ~/.vimrcset nocompatibleset numbersyntax enable

終わりー。

Similar Posts:


Leave a Reply

Your email address will not be published. Required fields are marked *