Beginners Guide - How To Set Up A FreeBSD Desktop From Scratch

teo

Well-Known Member

Reaction score: 11
Messages: 475

Open /etc/aliases and set the root mailbox address to:
Code:
root: username@machinename
and run the newaliases command. Your daily messages will then be available to read as root in the /var/mail directory.

Finally, open /etc/rc.conf in leafpad and add the following entries to what's already there:
Code:
mouse_type="auto"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
powerd_enable="YES"
powerd_flags="-b adaptive -a hiadaptive"
sendmail_enable="NO"
fsck_y_enable="YES"
swapexd_enable="YES"
mixer_enable="YES"
snddetect_enable="YES"
syslogd_flags="-c -ss"
linux_enable="YES"
clear_tmp_enable="YES"
clean_tmp_X="YES"
avahi_daemon_enable="YES"
This will allow you to receive security updates via sendmail as root, enable Linux emulation for any programs you might install that need it, clear tmp files, etc. (It looks like sendmail is disabled but that takes the NONE variable.) Reboot one final time to ensure the file changes you've made go into affect.

Hello Trihexagonal, with respect to Sendmail, it is advisable to disable (NO) in the /etc/rc.conf configuration file after modifying the /etc/aliases file? Or remain by default NONE in the /etc/rc.conf file ?

example:

# ee /etc/rc.conf
Code:
sendmail_enable="NONE"
Or:

# ee /etc/rc.conf
Code:
sendmail_enable="NO"
 
OP
OP
Trihexagonal

Trihexagonal

Daemon

Reaction score: 865
Messages: 1,487

Hello Trihexagonal, with respect to Sendmail, it is advisable to disable (NO) in the /etc/rc.conf configuration file after modifying the /etc/aliases file? Or remain by default NONE in the /etc/rc.conf file ?
If you want to be able to continue receiving your local daily mail reports it needs to be left as I have outlined it in /etc/rc.conf:

Code:
sendmail_enable="NO"
The "NONE" variable is what turns it off completely.

To only disable Sendmail's incoming mail service, use only this entry in /etc/rc.conf:

sendmail_enable="NO"

 

teo

Well-Known Member

Reaction score: 11
Messages: 475

If you want to be able to continue receiving your local daily mail reports it needs to be left as I have outlined it in /etc/rc.conf:

Code:
sendmail_enable="NO"
The "NONE" variable is what turns it off completely.
Very kind, with your generosity helps to solve the difficulties. 🙂
 
OP
OP
Trihexagonal

Trihexagonal

Daemon

Reaction score: 865
Messages: 1,487

BTW, I block TCP port 25 with pf, still get my daily mail as root and did recently as today.

Running sockstat -l4 shows it listening on that port:

Code:
root     sendmail   12345 3  tcp4   127.0.0.1:25          *:*
 

rube2112

New Member


Messages: 5

ok....this kind of tutorial ticks me off....why? because none of the disks I've tried even have the option to install......that makes it worthless for me
 

rube2112

New Member


Messages: 5

ok someone deleted my comment. You don't think its important to specify which download is the one used in this tutorial? Am I supposed to guess? None of the images I've downloaded even have the option to install start as single user, multi user etc....no install option.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,515
Messages: 30,196

Settle down rube2112 . Nothing was deleted, your posts were held for moderation (as they do for every new member).

I strongly suggest you start reading the handbook regarding the installation of FreeBSD: Chapter 2. Installing FreeBSD.
I also suggest you actually read the announcement as it includes details which download you should use.

You should also read the release notes and errata:

If you came here expecting to be spoon fed, then I have some bad news for you. We don't do that. Nobody learns anything from blindly typing in a bunch of commands. We expect you to be smart enough to actually read the documentation and figure things out on your own. If you have any specific questions regarding the documentation or if the documentation is unclear you're free to ask.

If you want something that installs a nice desktop out-of-the-box I suggest you go have a look at TrueOS.
 

hukadan

Well-Known Member

Reaction score: 269
Messages: 417

If you want something that installs a nice desktop out-of-the-box I suggest you go have a look at TrueOS.
I am not sure this is still the case. According to this blog post "We know that some of you will still be looking for an out-of-the-box solution similar to legacy PC-BSD and TrueOS. We’re happy to announce that Project Trident will take over graphical FreeBSD development going forward."
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,515
Messages: 30,196

I wasn't aware of that. I'll keep that in mind the next time :D
 

rube2112

New Member


Messages: 5

I read the article on which image to use, which is the one I have......I hate to break it to you, but there is no option to install.
 

tommiie

Active Member

Reaction score: 59
Messages: 213

I read the article on which image to use, which is the one I have......I hate to break it to you, but there is no option to install.
Perhaps provide some more information then, instead of just stating that "it does not work."
 

rube2112

New Member


Messages: 5

The information is, the tutorial says put in your boot disk and select the install option. There is no install option. It says single user, multi user. A few other options, none of which are install. And I disagree with the statement above about being "spoon fed" I'm pretty good with linux. The key thing that many developers have had to be taught over and over, are that most people don't want to become experts on how to set something up. They just want to use operating system so they can then make a determination about whether or not its something they'd like to use. I've never been able to get freebsd to run on anything. Last attempt was about 5 years ago. I got pretty good at linux, not by trying to figure out how to set it up, but by someone finally creating disks that would actually help you set it up. Using the OS is what made me a better user.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,515
Messages: 30,196

The information is, the tutorial says put in your boot disk and select the install option. There is no install option. It says single user, multi user. A few other options, none of which are install.
You're looking at the loader menu. Sit back and wait. Or hit enter if you don't want to wait 10 seconds.
 
OP
OP
Trihexagonal

Trihexagonal

Daemon

Reaction score: 865
Messages: 1,487

ok....this kind of tutorial ticks me off....why? because none of the disks I've tried even have the option to install......that makes it worthless for me
FreeBSD RELEASE is the only version supported here.

I have a Thinkpad T61 sitting next to me I finished building FreeBSD 12.0-RELEASE on last night using the FreeBSD-12.0-RELEASE-amd64-dvd1.iso with all my programs compiled waiting for when I have time to boot to the desktop and proceed from there.
 

teo

Well-Known Member

Reaction score: 11
Messages: 475

Hello Trihexagonal, what I don't understand is where 255....2555 is generated and has continuation of the rest of the number in the next row. I don't know how to replace the numbers of those lines with the data I provide.


For example the IP of the system default:


# ifconfig
Code:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
    ether 08:00:27:b2:7f:86
    inet 192.168.0.17 netmask 0xffffff00 broadcast 192.168.0.255 
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
    groups: pflog 
#

In his example he's like this:

Code:
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 80, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all


### Pass loopback
set skip on lo0

### Block spooks

antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in quick log on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any

### Block all IPv6
block in quick inet6 all
block out quick inet6 all

### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0

### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp
 
OP
OP
Trihexagonal

Trihexagonal

Daemon

Reaction score: 865
Messages: 1,487

Hello Trihexagonal, what I don't understand is where 255....2555 is generated and has continuation of the rest of the number in the next row. I don't know how to replace the numbers of those lines with the data I provide.

snip
Code:
block in quick on $ext_if from any to 255.255.255.255
block in quick log on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any
Is this what you mean? Those are bogons:

Bogon filtering is the practice of filtering bogons, which are bogus (fake) IP addresses of a computer network. Bogons include IP packets on the public Internet that contain addresses that are not in any range allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated regional Internet registry (RIR) and allowed for public internet use. The areas of unallocated address space are called the bogon space.

Bogons also include reserved private address[1] and link-local address ranges, such as those in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16, which are reserved for private networks,[1] sometimes also known as Martian packets.

I must admit I'm not familiar with the 169.254.0.0/16 entry but it doesn't show mine for 255.255.255.255 either.

Point being, those packets have no business coming from the WAN into your LAN. pf may block them by default, I'm not certain, but I know they're blocked this way. You don't need to change or enter anything unless you have a use for the ports I have blocked in my macro or allow services I don't use on my machines.

That's the same ruleset I use, with the addition off the egress line you left out. It works on OpenBSD with a slight syntax change for egress, too.

You don't see many port 0 rules but there is a reason I block it and have carried that rule over from my Win98 days with ConSeal PC Firewall, the first piece of software I ever loved.

 
OP
OP
Trihexagonal

Trihexagonal

Daemon

Reaction score: 865
Messages: 1,487

I plan to change it to installing x11/rxvt-unicode as a terminal instead of x11/eterm like I currently run when I get around to it. I'm at the upper limit for characters in a post now so I might have to delete non-essential text to do it
 

teo

Well-Known Member

Reaction score: 11
Messages: 475

Open /etc/ttys in leafpad as root and change every instance of secure to insecure to require the root password to logon in Single User Mode.
For example this is the /etc/ttys directory, what should it look like?

# vi /etc/ttys
Code:
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none                            unknown off insecure
#
ttyv0   "/usr/libexec/getty Pc"         xterm   onifexists secure
# Virtual terminals
ttyv1   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv2   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv3   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv4   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv5   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv6   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv7   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv8   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
ttyu0   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
 

toorski

Member

Reaction score: 8
Messages: 47

My FreeBSD desktop is Lumina, for local and remote GUI/DE play – plain and simple.
I use QTerminal as my gateway to FreeBSD. I install other GUI toys when I need it.

Although I do have KDE5 in FreeBSD too, though I seldom use it. And when I do, I always wonder why - I guess because it’s there and I can look at it - lol
 

Attachments

Top