2と3のリビジョン間の差分
2021-03-04 04:08:43時点のリビジョン2
サイズ: 5239
編集者: NorikatsuShigemura
コメント:
2021-03-04 07:39:31時点のリビジョン3
サイズ: 6507
編集者: NorikatsuShigemura
コメント:
削除された箇所はこのように表示されます。 追加された箇所はこのように表示されます。
行 41: 行 41:
+++ /etc/newsyslog.conf 2021-02-25 08:13:00.228193000 +0900 +++ /etc/newsyslog.conf 2021-03-04 06:43:50.764180000 +0900
行 47: 行 47:
+/var/log/auth.log 600 53 * $W0D0 XC +/var/log/auth.log 600 12 * $M1D0 XC
行 98: 行 98:
--- /etc/ssh/ssh_config.orig 2021-02-19 15:01:46.000000000 +0900
+++ /etc/ssh/ssh_config 2021-03-04 06:49:21.854238000 +0900
@@ -18,6 +18,14 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.

+Host *
+ ForwardAgent yes
+ EscapeChar none
+# Send locale-related environment variables
+ SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL
+
 # Host *
 # ForwardAgent no
 # ForwardX11 no
行 102: 行 119:
--- /etc/ssh/sshd_config.orig 2021-02-25 04:46:53.081176000 +0900
+++ /etc/ssh/sshd_config 2021-03-04 06:50:09.275221000 +0900
@@ -85,6 +85,11 @@
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM yes

+# Accept locale-related environment variables
+AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
+
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
行 150: 行 181:
{{{
make buildworld buildkernel
make installkernel installworld
certctl rehash
etcupdate
etcupdate resolve
}}}

FreeBSD13の初期設定

FreeBSD 13.0-RELEASEをインストールしてみる。 本記述は13.0-BEATA3時点での内容であるが、13.0がリリースされた後、微調整する。

目次

  1. FreeBSD13の初期設定
    1. 前提条件
    2. 設定目標
  2. 初期設定
    1. /boot/loader.conf
    2. /etc/cron.d/portsupdate
    3. /etc/newsyslog.conf
    4. /etc/newsyslog.conf.d/ntpd.conf
    5. /etc/newsyslog.conf.d/ports-svn-update.conf
    6. /etc/newsyslog.conf.d/sudo.conf
    7. /etc/periodic.conf
    8. /etc/ssh/ssh_config
    9. /etc/ssh/sshd_config
    10. /etc/sysctl.conf
    11. /etc/syslog.conf
    12. /etc/syslog.d/devd.conf
    13. /etc/syslog.d/ntp.conf
    14. /etc/syslog.d/sudo.conf
    15. /etc/syslog.d/user.conf
    16. /etc/ttys
  3. OSのリビルド
    1. /etc/make.conf
    2. OSの展開
  4. portsのインストール

前提条件

設定目標

  • TCP輻輳制御はDC-TCPを使用する。
  • 各種ログは1年間の保持を目指す。
  • またログローテーション期間はよく使う物について、月一をベースに、出力が多いサービスでは1週間または1日で切り替えるものとする。

初期設定

/boot/loader.conf

--- /boot/loader.conf.orig      2021-02-25 04:30:48.435918000 +0900
+++ /boot/loader.conf   2021-02-25 07:03:15.844423000 +0900
@@ -5,6 +5,7 @@

 zfs_load="YES"
 nullfs_load="YES"
+cc_dctcp_load="YES"
 geom_eli_load="YES"

 vfs.root.mountfrom="zfs:zroot"

/etc/cron.d/portsupdate

#minute hour    mday    month   wday    who             command
0       0       *       *       *       root            cd /usr/ports && sleep $(jot -r 1 0 86400) && (svnlite update && make index ) | logger -p user.notice -t ports-svn-update 2>&1

※2021年02月末日時点ではportsのGIT移行は未完了。

/etc/newsyslog.conf

--- /etc/newsyslog.conf.orig    2021-02-19 15:05:34.000000000 +0900
+++ /etc/newsyslog.conf 2021-03-04 06:43:50.764180000 +0900
@@ -16,21 +16,21 @@
 #
 # logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
 /var/log/all.log                       600  7     *    @T00  J
-/var/log/auth.log                      600  7     1000 @0101T JC
+/var/log/auth.log                      600  12    *    $M1D0 XC
 /var/log/console.log                   600  5     1000 *     J
-/var/log/cron                          600  3     1000 *     JC
+/var/log/cron                          600  12    *    $M1D0 XC
 /var/log/daily.log                     640  7     *    @T00  JN
 /var/log/debug.log                     600  7     1000 *     JC
 /var/log/init.log                      644  3     1000 *     J
 /var/log/kerberos.log                  600  7     1000 *     J
-/var/log/maillog                       640  7     *    @T00  JC
-/var/log/messages                      644  5     1000 @0101T JC
+/var/log/maillog                       640  12    *    $M1D0 XC
+/var/log/messages                      644  12    1000 $M1D0 XC
 /var/log/monthly.log                   640  12    *    $M1D0 JN
 /var/log/devd.log                      644  3     1000 *     JC
-/var/log/security                      600  10    1000 *     JC
+/var/log/security                      600  53    *    $W0D0 XC
 /var/log/utx.log                       644  3     *    @01T05 B
 /var/log/weekly.log                    640  5     *    $W6D0 JN
-/var/log/daemon.log                    644  5     1000 @0101T JC
+/var/log/daemon.log                    644  12    *    $M1D0 XC

 <include> /etc/newsyslog.conf.d/[!.]*.conf
 <include> /usr/local/etc/newsyslog.conf.d/[!.]*.conf

/etc/newsyslog.conf.d/ntpd.conf

# logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/ntpd.log                       644  12    *    $M1D0 XC

/etc/newsyslog.conf.d/ports-svn-update.conf

# logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/ports-svn-update.log           644  12    *    $M1D0 XC

/etc/newsyslog.conf.d/sudo.conf

# logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/sudo.log                        644  12    *    $M1D0 XC

/etc/periodic.conf

daily_scrub_zfs_enable="YES"
daily_status_zfs_enable="YES"

/etc/ssh/ssh_config

--- /etc/ssh/ssh_config.orig    2021-02-19 15:01:46.000000000 +0900
+++ /etc/ssh/ssh_config 2021-03-04 06:49:21.854238000 +0900
@@ -18,6 +18,14 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.

+Host *
+    ForwardAgent yes
+    EscapeChar none
+# Send locale-related environment variables
+    SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+    SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+    SendEnv LC_IDENTIFICATION LC_ALL
+
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no

/etc/ssh/sshd_config

--- /etc/ssh/sshd_config.orig   2021-02-25 04:46:53.081176000 +0900
+++ /etc/ssh/sshd_config        2021-03-04 06:50:09.275221000 +0900
@@ -85,6 +85,11 @@
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM yes

+# Accept locale-related environment variables
+AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
+
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no

/etc/sysctl.conf

--- /etc/sysctl.conf.orig       2021-02-19 15:00:35.000000000 +0900
+++ /etc/sysctl.conf    2021-02-25 07:07:39.965363000 +0900
@@ -7,3 +7,6 @@
 # Uncomment this to prevent users from seeing information about processes that
 # are being run under another UID.
 #security.bsd.see_other_uids=0
+
+net.inet.tcp.cc.algorithm=dctcp
+net.inet.tcp.ecn.enable=1

/etc/syslog.conf

/etc/syslog.d/devd.conf

!devd
*.>=notice                                      /var/log/devd.log

/etc/syslog.d/ntp.conf

ntp.*                                           /var/log/ntpd.log

/etc/syslog.d/sudo.conf



/etc/syslog.d/user.conf


user.*                                          /var/log/ports-svn-update.log


/etc/ttys






OSのリビルド




/etc/make.conf




OSの展開


make buildworld buildkernel
make installkernel installworld
certctl rehash
etcupdate
etcupdate resolve


portsのインストール


FreeBSD/FreeBSD13-initial-setup  (最終更新日時 2021-05-19 03:55:38 更新者 NorikatsuShigemura)