Installing FreeBSD on a Raspberry Pi.
FreeBSD is not a official Linux type of distribution.
FreeBSD
=====================================================================================================================================================
https://www.freebsd.org/where.html
https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.2/
https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.2/FreeBSD-12.2-RELEASE-arm-armv6-RPI-B.img.xz
https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.2/FreeBSD-12.2-RELEASE-arm-armv7-RPI2.img.xz
https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.2/FreeBSD-12.2-RELEASE-arm64-aarch64-RPI3.img.xz
https://www.freebsd.org/doc/handbook/
==================================================================================================================
===================================
Username: freebsd
Password: freebsd (initial password)
Username: root
Password: root (initial password)
===================================
su -
Password: root
###bsdinstall
bsdconfig Timezone; Networking Management:hostname, ip-address, gateway, DNS; Startup - startup-services: Enable ntpd,ntpdate,sshd DISABLE:motd
Disable direct root login (not with keys):
passwd root
passwd freebsd
ssh-keygen
cd .ssh
vi authorized_keys
chmod 400 authorized_keys
(Connect via ssh from remote system)
cat <SourceSystem>:/root/.ssh/id_rsa.pub > <TargetSystem>:/root/.ssh/authorized_keys
vi /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
PermitRootLogin yes
#VersionAddendum none
#Banner none
service sshd reload
> motd
freebsd-update fetch
freebsd-update install
pkg update
pkg upgrade
pkg install -y wget autoconf automake gmake gettext gcc openssl net-snmp p5-Net-SNMP-Util bind-tools dtrace-toolkit
pkg install -y sudo libmcrypt git lsof nmap arp-scan zip unzip mcrypt msmtp mailutils mutt iperf screen expect
pw groupadd pi -g 1000
pw useradd pi -u 1000 -g pi -G staff,wheel -c "Default pi user" -d /home/pi -m
passwd pi
###pkg clean -a && pkg upgrade -f
====================================================================================================================================
pkg info
pkg update: update the depository sources
pkg upgrade: upgrade the packages you are already using on the system
pkg search <string>: find the package you want to install, example:
pkg install <package>: install the package you want, example: pkg install nano
pkg remove <package>: uninstall any package on the system
pkg help: get a list of all other options available
====================================================================================================================================
vi /etc/fstab
proc /proc procfs rw 0 0
Update sudoers
ln -s /usr/local/etc/sudoers /etc/sudoers
ln -s /usr/local/bin/bash /bin/bash
root@sandbox:/etc # cat rc.conf
hostname="sandbox"
ifconfig_DEFAULT="DHCP"
sshd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
growfs_enable="YES"
ifconfig_ue0="inet 192.168.178.## netmask 255.255.255.0"
defaultrouter="192.168.178.1"
ntpd_enable="YES"
ntpdate_enable="YES"
update_motd="NO"
root@sandbox:/etc # cat resolv.conf
# Generated by resolvconf
nameserver 208.67.222.222
nameserver 208.67.220.220
vi /etc/hosts (disable all ip6 lines)
127.0.0.1 localhost
......
.....
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#127.0.1.1
==================================================================================================================
vi /etc/sysctl.conf
#vm.swappiness=1
#vm.min_free_kbytes=16384
service sysctl reload
sysctl -a (lists all settings)
pkg install freecolor
freecolor -t -m -o
echo "/usr/local/bin/freecolor -t -m -o" > /usr/local/bin/free
chmod 755 /usr/local/bin/free
ln -s /usr/local/bin/free /bin/free
ln -s /usr/local/bin/sudo /bin/sudo
freebsd-version
sysctl -a hw.model
ps -auxw
==================================================================================================================
shutdown -r now
=========================================================================================================
NRPE/NSCA client:
pw groupadd nagios -g 5666
pw useradd nagios -u 5666 -g nagios -c "Nagios user for monitoring" -d /usr/local/nagios -m
mkdir /usr/local/nagios
mkdir /usr/local/nagios/etc
mkdir /usr/local/nagios/etc/inputs
mkdir /usr/local/nagios/tmp
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/libexec
mkdir /usr/local/nagios/libexec/ak72
mkdir /usr/local/nagios/var
mkdir /usr/local/nagios/var/tmp
chown -R nagios:nagios /usr/local/nagios
pkg install procenv procmap
Nagios plugins:
tar zxvf nagios-plugins-2.3.3.tar.gz
cd ../nagios-plugins-2.#.#
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
check_load.c: In function 'cmpstringp':
../config.h:1999:58: error: 'procjid' undeclared (first use in this function); did you mean 'procpid'?
1999 | #define PS_VARLIST procstat,&procuid,&procpid,&procppid,&procjid,&procvsz,&procrss,&procpcpu,procprog,&pos
*** Error code 1
Stop.
make[2]: stopped in /root/nagios-plugins-2.3.3/plugins
*** Error code 1
*** Error code 1
vi config.h delete "&procjid," entry
/* Variable list for sscanf of 'ps' output */
#define PS_VARLIST procstat,&procuid,&procpid,&procppid,&procvsz,&procrss,&procpcpu,procprog,&pos
make
make install
cp -p /usr/local/nagios/libexec/check_http /usr/local/nagios/libexec/check_https
chown -R nagios:nagios /usr/local/nagios
NRPE Client:
tar zxvf nrpe-4.#.#.tar.gz
./configure
make all
make install
make install-config
make install-init
(/lib/systemd/system/nrpe.service)
service nrpe start
NSCA Client:
tar zxvf nsca-2.#.#.tar.gz
./configure
make all
#cp -p src/nsca /usr/local/nagios/bin/
#chown nagios:nagios /usr/local/nagios/bin/nsca
cp -p src/send_nsca /usr/local/nagios/libexec/
chown nagios:nagios /usr/local/nagios/libexec/send_nsca
#cp -p sample-config/nsca.cfg /usr/local/nagios/etc/
#chown nagios:nagios /usr/local/nagios/etc/nsca.cfg
#chmod 600 /usr/local/nagios/etc/nsca.cfg
scp -p unix4life:/usr/local/nagios/libexec/send_nsca.cfg <remotehost>:/usr/local/nagios/libexec/send_nsca.cfg
scp -p unix4life:/usr/local/nagios/etc/nrpe.cfg redberry:/usr/local/nagios/etc/
scp -p -r unix4life:/usr/local/nagios/libexec/eventhandlers redberry:/usr/local/nagios/libexec/
scp -p -r unix4life:/usr/local/nagios/libexec/ak72 redberry:/usr/local/nagios/libexec/
cp -p /usr/local/nagios/libexec/check_procs /usr/local/nagios/libexec/check_procs_OFF
cp -p /usr/local/nagios/libexec/ak72/ps_mon /usr/local/nagios/libexec/check_procs
chown -R nagios:nagios /usr/local/nagios
==================================================================================================================
Rsyslog config
vi /etc/rsyslog.conf => is now done via /etc/systemd/journald.conf
vi /etc/systemd/journald.conf
#Storage=none
MaxLevelStore=warning
MaxLevelSyslog=warning
MaxLevelKMsg=warning
MaxLevelConsole=warning
vi /etc/audit/auditd.conf
#write_logs = yes
write_logs = no
log_file = /var/log/audit/audit.log
service auditd reload
scp -p unix4life:/root/Check_cache_memory.ksh redberry:
Crontab:
crontab crontab_redberry
crontab -l
#Speedtest:
#download: ookla-speedtest-1.0.0-armhf-linux.tgz
#tar zxvf ookla-speedtest-1.0.0-armhf-linux.tgz
#mv speedtest /usr/bin/
==================================================================================================================
sysstat
http://pagesperso-orange.fr/sebastien.godard/
tar xf sysstat.....xz
cd sysstat...
./configure --prefix=/usr
make
make install
mkdir /var/log/sysstat
ln -s /usr/lib/sa /usr/lib/sysstat
scp -p unix4life:/etc/cron.d/sysstat redberry:/etc/cron.d/
scp -p unix4life:/etc/cron.daily/sysstat redberry:/etc/cron.daily/
scp -p unix4life:/etc/sysstat/sysstat redberry:/etc/sysconfig/
(in /etc/rc.d/rc.local enable the mount command)
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
sleep 1
restorecon /var/log/sysstat => Important SELinux!!!
==================================================================================================================
Configure mail:
touch /etc/msmtprc
chmod 640 /etc/msmtprc
vi /etc/msmtprc
# Gmail specifics
# Accounts will inherit settings from this section
defaults
auth on
tls on
tls_certcheck off
# tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
aliases /etc/aliases
# Gmail specifics
account gmail
host smtp.gmail.com
port 587
from <info@FQDN>
user <username>@gmail.com
password <Password>
# Default
account default : gmail
##########TOT HIER##################
portsnap fetch
portsnap update
f.e. : cd /usr/ports/misc/raspberrypi-userland/ ; make install