Installing FreeBSD 5.4

This is a quick and dirty description of how I installed FreeBSD 5.4.

Let me make it absolutely clear, and beyond any mistake, that I am still a newbie myself. Everything on these pages, is mainly here as a reference for me. Use my notes as a guideline, not as a definitive answer to how things are done ... and remember to blame yourself for any mistakes you make along the way ;-)

New releases of FreeBSD comes in 3 steps. First it's released as CURRENT, then when the most serious errors are fixed, it goes into the STABLE state. At this point, it is still being testet. When a version has been reliable for a sertain amount of time, it will be available as RELEASE.

The CURRENT is only relevant for people who contributes to the system. Since the STABLE is also still undergoing tests, it is safest to choose a RELEASE.

If in doubt, take a look at the main page of www.freebsd.org.

Make sure that your hardware is supported by FreeBSD. Check out the hardware notes for your release at www.freebsd.org/releases/.

Remember that the following is an installation of version 5.4 ... if you install another version it may be slightly different.

Installation

The easiest way to install is by CD. You can download an *.iso from ftp.freebsd.org. The full *.iso is over 600 mb. It is of course also possible to do a network based installation, but that isn't covered here.

Put the CD it in the drive and boot the machine (make sure that it will boot from the CD-rom drive).

The first thing that happens after a successfull boot is a greeting "Welcome to FreeBSD" and a list of choices. Choose 1. Boot FreeBSD [Default]

Below is the steps you'll go through:

1. sysinstall Main Menu
   Standard - Begin a standard installation (recommended)
2. Message (partioning)
   In the next menu, you will need to set up a DOS-style ("fdisk") partitioning scheme for your hard disk. If you simply wish to devote all disk space to FreeBSD (overwriting anything else that might be on the disk(s) selected) then use the (A)ll command to select the default patitioing shceme followed by a (Q)uit. If you wish to allocate only free space to FreeBSD, move to a partition marked "unused" and use the (C)reate command.
3. Message (disk warning)
   WARNING: A geometry of 70780/16/63 for ad1 is incorrect. Using a more likely geometry. If this geometry is incorrect or you are unsure as to whether aor not it's correct, please consult the Hardware Guide in the Documentation submenu or use the (G)eometry comand to change it now.
   Remember: you need to enter whatever your BIOS thinks the geometry is! For IDE, it's what you where told in the BIOS setup. For SCSI, it's the translation mode your controller is using. Do NOT use a 'physical geometry'.
   
   I Googled this subject and found that most people just ignores it
4. FDISK Partition Editor
   Follow the instructions on the screen, and don't forget to select the line where Subtype is 165 and press (S) = Set Bootable
5. Install Boot Manager for drive ad1
   Standard Install a standard MBR (no boot manager)
   You'll only choose BootMgr if you want multiple operating systems on the computer, and you would like to be able to choose which system to boot
6. Message (partitioning)
   Now you need to create BSD partitions...bla..bla...
7. FreeBSD Disklabel Editor
   (A)uto Defaults
   (D)elete lines /usr, /tmp, and /var
   (go to the very top of the screen)
   (C)reate
   Write 1G and press [OK], choose "FS A file system" and write /var
   (C)reate
   Write 1G and press [OK], choose "FS A file system" and write /tmp
   (C)reate
   Press [OK], choose "FS A file system" and write /usr
   (Q)uit
8. Choose Distributions
   Custom
   [X] base
   [X] dict
   [X] man
   The above choices is the minimum installation
   [OK]
   <<< X EXIT
10. Choose Installation Media
    FTP Install from an FTP Server
11. Please select a FreeBSD FTP distribution site
    Denmark ftp.dk.freebsd.org (Choose a site near you)
12. Network interface information required
    de0 DEC DE435 PCI NIC or other DC21040-AA based card
    Choose whatever reflects your network interface
13. User Confirmation Requested
    Do you want to try IPv6 configuration of the interface? [NO]
    Do you want to try DHCP configuration of the interface? [YES]
    Scanning for DHCP servers....
14. Network Configuration
    Host: name.domain.tld
    Domain: domain.tld
    The rest should be filled automatically.. else ask your network administrator
    Looking up host ftp.dk.freebsd.org...
15. User Confirmation Requested (Last change..)
    Last Chance! Are you SURE you want to continue the installation? [YES]
    Installation starts... make a cup of coffee, lean back and relax for a few minutes
16. ...waiting... waiting...
17. Message
    Congratulations! You now have FreeBSD installed on your system. We will now move on to the final configuration questions. For any option you do wish to configure, simply select No. If you wish to re-enter this utility after the system is up, you may do so by typing: /usr/sbin/sysinstall.
18. User Confirmation Requested (network gateway)
    Do you want this machine to function as a network gateway? [NO]
19. User Confirmation Requested (inetd)
    Do you want to configure inetd and the network services that it provides? [NO]
20. User Confirmation Requested (SSH)
    Would you like to enable SSH login? [YES]
21. User Confirmation Requested (FTP)
    Do you want to have anonymous FTP access to this machine? [NO]
22. User Confirmation Requested (NFS server)
    Do you want to configure this machine as an NFS server? [NO]
23. User Confirmation Requested (NFS client)
    Do you want to configure this machine as an NFS client? [NO]
24. User Confirmation Requested (console)
    Would you like to customize your system console settings? [YES]
25. System Console Configuration
    Keymap Choose an alternate keyboard map -> Danish ISO
    Repeat Set the rate at which keys repeat -> Normal
    Saver Configure the screen saver -> Daemon
    [OK]
    X Exit
26. User Confirmation Requested (time)
    Would you like to set this machine's time zone now? [YES]
27. Set local or UTC (Greenwich Mean Time) clock
    Is this machine's CMOS clock set to UTC? If it is set to local time, or you don't know, please choose NO here! [NO]
28. Time Zone Selector
    Europe ­> Countries in Europe -> Denmark
29. Confirmation
    Does the abbreviation 'CEST' look reasonable? [YES]
30. User Confirmation Requested (Linux binary)
    Would you like to enable Linux binary compatibility? [NO]
31. User Confirmation Requested (mouse)
    Does this system have a PS/2, serial, or bus mouse? [YES]
32. Please configure your mouse
    Enable Test and run the mouse daemon...
33. User Confirmation Requested (mouse test)
    Now move the mouse and see if it works...
    [YES]
    X Exit
34. User Confirmation Requested (Ports)
    The FreeBSD package collection is a collection of thousands of ready-to-run applications, from text editors to games to WEB servers and more.
    Would you like to browse the collection now? [NO]
35. User Confirmation Requested (add user)
    Would you like to add any initial user accounts to the system? ... [YES]
36. User and Group Management
    User Add a new user to the system
37. User and Group Management
    Login ID: user id
    UID: 1001
    Group: 0
    Password: secret password
    Full name: Your full name
    [OK]
    X Exit
38. Message (root password)
    Now you must set the system manager's password. This is the password you'll use to log in as "root".
    New Password: very secret password
    Retype New Password: very secret password
39. User Confirmation Requested (last options)
    Visit the general configuration menu for a chance to set any last options? [NO]
40. sysinstall Main Menu
    [X Exit Install]
41. User Confirmation Requested (exit)
    Are you sure you wish to exit? The system will reboot (be sure to remove any floppies/CDs/DVDs/ from the drives). [YES]
    Remove the CD

After booting for the first time, you'll be asked to type a full screenful of random junk. This is used to generate the key pair for SSH.

Here's a little extra information regarding inetd (step 20):
Quote from http://www.defcon1.org/html/Security/Secure-Guide/secure-guide.html:

"inetd is also on by default. inetd usually controls alot of legacy and therefore insecure services such as telnet, ntalk and finger. There are more modern and superior replacements for inetd. However FreeBSD's inetd is actually one of the better ones around. However, unless you need any of these services, I'd suggest disabling it completely. Check /etc/inetd.conf to see if any of these services are needed by you. FTP for example can also be run in daemon mode, and doesn't require inetd."

Since I'm no security expert (at all), I skipped inetd.

A note on step 36 (adding a user)
The user root is automatically created. Since root is the king of your system (has power to do anything), it is a very good idea also to create a user on system administration level, which you can use when you work with stuff that doesn't require root access.

You can choose a UID (numeric user ID) or leave it blank to let the system make one for you. The group 0 is called "wheel". The wheel group is where you place system administrators.

The VI editor
From now on, you will need to edit a lot of files. Therefore this would be a good time to get familiar with the basic commands of a text editor. The most commonly used is VI, since this editor is part of the FreeBSD installation. There is a lot of VI tutorials and faqs on the web... just Google for it.

SSH root login is a security risk which should be disabled:

vi /etc/ssh/sshd_config
PermitRootLogin no
Remove # to un-comment the line

OpenSSL

A good friend of mine recommended to install OpenSSL with the WITH_MYSQL argument set, prior to installing anything else. But first you must get the ports collection