|
サイズ: 6507
コメント:
|
サイズ: 9376
コメント:
|
| 削除された箇所はこのように表示されます。 | 追加された箇所はこのように表示されます。 |
| 行 72: | 行 72: |
| == /etc/newsyslog.conf.d/ntpd.conf == | == /etc/newsyslog.conf.d/ntp.conf == |
| 行 75: | 行 75: |
| /var/log/ntpd.log 644 12 * $M1D0 XC | /var/log/ntp.log 644 12 * $M1D0 XC |
| 行 94: | 行 94: |
| }}} == /etc/rc.conf == {{{#!highlight sysrc syslogd_flags="-s -O rfc5424" |
|
| 行 150: | 行 155: |
| }}} | --- /etc/syslog.conf.orig 2021-02-19 15:05:41.000000000 +0900 +++ /etc/syslog.conf 2021-03-09 10:10:59.070228000 +0900 @@ -5,8 +5,8 @@ # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. -*.err;kern.warning;auth.notice;mail.crit /dev/console -*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +*.err;kern.warning;auth.none;mail.none;user.none;ntp.none /dev/console +*.*;authpriv.none;kern.debug;lpr.info;mail.none;news.err;cron.none;daemon.none;ntp.none;auth.none;user.none;local2.none;local3.none /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog }}} * `mail.*`: メールシステムのログ(`sendmail` 他) * `auth.*`、`authpriv.*`: 認証システムのログ(`sshd`、`su` 他) * `cron.*`: cronログ(`cron`、`at`) * `daemon.*`: デーモンサービスのログ(各種) * `ntp.*`: NTPログ(`ntpd`) * `user.*`: ユーザーレベルのログ(`/etc/cron.d/portsupdate` にて使用) * `local2.*`: 任意のアプリでのログ(`sudo` 他) * `local3.*`: 任意のアプリでのログ() |
| 行 165: | 行 192: |
| local2.* /var/log/sudo.log | |
| 行 174: | 行 202: |
| --- /etc/ttys.orig 2021-02-19 15:00:30.000000000 +0900 +++ /etc/ttys 2021-03-09 10:00:54.967135000 +0900 @@ -31,13 +31,13 @@ # ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure # Virtual terminals -ttyv1 "/usr/libexec/getty Pc" xterm onifexists secure -ttyv2 "/usr/libexec/getty Pc" xterm onifexists secure -ttyv3 "/usr/libexec/getty Pc" xterm onifexists secure -ttyv4 "/usr/libexec/getty Pc" xterm onifexists secure -ttyv5 "/usr/libexec/getty Pc" xterm onifexists secure -ttyv6 "/usr/libexec/getty Pc" xterm onifexists secure -ttyv7 "/usr/libexec/getty Pc" xterm onifexists secure +ttyv1 "/usr/libexec/getty Pc" xterm off secure +ttyv2 "/usr/libexec/getty Pc" xterm off secure +ttyv3 "/usr/libexec/getty Pc" xterm off secure +ttyv4 "/usr/libexec/getty Pc" xterm off secure +ttyv5 "/usr/libexec/getty Pc" xterm off secure +ttyv6 "/usr/libexec/getty Pc" xterm off secure +ttyv7 "/usr/libexec/getty Pc" xterm off secure ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. |
FreeBSD13の初期設定
FreeBSD 13.0-RELEASEをインストールしてみる。 本記述は13.0-BEATA3時点での内容であるが、13.0がリリースされた後、微調整する。
目次
- FreeBSD13の初期設定
-
初期設定
- /boot/loader.conf
- /etc/cron.d/portsupdate
- /etc/newsyslog.conf
- /etc/newsyslog.conf.d/ntp.conf
- /etc/newsyslog.conf.d/ports-svn-update.conf
- /etc/newsyslog.conf.d/sudo.conf
- /etc/periodic.conf
- /etc/rc.conf
- /etc/ssh/ssh_config
- /etc/ssh/sshd_config
- /etc/sysctl.conf
- /etc/syslog.conf
- /etc/syslog.d/devd.conf
- /etc/syslog.d/ntp.conf
- /etc/syslog.d/sudo.conf
- /etc/syslog.d/user.conf
- /etc/ttys
- OSのリビルド
- portsのインストール
前提条件
設定目標
- TCP輻輳制御はDC-TCPを使用する。
- 各種ログは1年間の保持を目指す。
- またログローテーション期間はよく使う物について、月一をベースに、出力が多いサービスでは1週間または1日で切り替えるものとする。
初期設定
/boot/loader.conf
--- /boot/loader.conf.orig 2021-02-25 04:30:48.435918000 +0900
+++ /boot/loader.conf 2021-02-25 07:03:15.844423000 +0900
@@ -5,6 +5,7 @@
zfs_load="YES"
nullfs_load="YES"
+cc_dctcp_load="YES"
geom_eli_load="YES"
vfs.root.mountfrom="zfs:zroot"
/etc/cron.d/portsupdate
#minute hour mday month wday who command 0 0 * * * root cd /usr/ports && sleep $(jot -r 1 0 86400) && (svnlite update && make index ) | logger -p user.notice -t ports-svn-update 2>&1
※2021年02月末日時点ではportsのGIT移行は未完了。
/etc/newsyslog.conf
--- /etc/newsyslog.conf.orig 2021-02-19 15:05:34.000000000 +0900
+++ /etc/newsyslog.conf 2021-03-04 06:43:50.764180000 +0900
@@ -16,21 +16,21 @@
#
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/all.log 600 7 * @T00 J
-/var/log/auth.log 600 7 1000 @0101T JC
+/var/log/auth.log 600 12 * $M1D0 XC
/var/log/console.log 600 5 1000 * J
-/var/log/cron 600 3 1000 * JC
+/var/log/cron 600 12 * $M1D0 XC
/var/log/daily.log 640 7 * @T00 JN
/var/log/debug.log 600 7 1000 * JC
/var/log/init.log 644 3 1000 * J
/var/log/kerberos.log 600 7 1000 * J
-/var/log/maillog 640 7 * @T00 JC
-/var/log/messages 644 5 1000 @0101T JC
+/var/log/maillog 640 12 * $M1D0 XC
+/var/log/messages 644 12 1000 $M1D0 XC
/var/log/monthly.log 640 12 * $M1D0 JN
/var/log/devd.log 644 3 1000 * JC
-/var/log/security 600 10 1000 * JC
+/var/log/security 600 53 * $W0D0 XC
/var/log/utx.log 644 3 * @01T05 B
/var/log/weekly.log 640 5 * $W6D0 JN
-/var/log/daemon.log 644 5 1000 @0101T JC
+/var/log/daemon.log 644 12 * $M1D0 XC
<include> /etc/newsyslog.conf.d/[!.]*.conf
<include> /usr/local/etc/newsyslog.conf.d/[!.]*.conf
/etc/newsyslog.conf.d/ntp.conf
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/ntp.log 644 12 * $M1D0 XC
/etc/newsyslog.conf.d/ports-svn-update.conf
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/ports-svn-update.log 644 12 * $M1D0 XC
/etc/newsyslog.conf.d/sudo.conf
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] /var/log/sudo.log 644 12 * $M1D0 XC
/etc/periodic.conf
daily_scrub_zfs_enable="YES" daily_status_zfs_enable="YES"
/etc/rc.conf
1 sysrc syslogd_flags="-s -O rfc5424"
/etc/ssh/ssh_config
--- /etc/ssh/ssh_config.orig 2021-02-19 15:01:46.000000000 +0900
+++ /etc/ssh/ssh_config 2021-03-04 06:49:21.854238000 +0900
@@ -18,6 +18,14 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
+Host *
+ ForwardAgent yes
+ EscapeChar none
+# Send locale-related environment variables
+ SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL
+
# Host *
# ForwardAgent no
# ForwardX11 no
/etc/ssh/sshd_config
--- /etc/ssh/sshd_config.orig 2021-02-25 04:46:53.081176000 +0900
+++ /etc/ssh/sshd_config 2021-03-04 06:50:09.275221000 +0900
@@ -85,6 +85,11 @@
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes
+# Accept locale-related environment variables
+AcceptEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
+
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
/etc/sysctl.conf
--- /etc/sysctl.conf.orig 2021-02-19 15:00:35.000000000 +0900
+++ /etc/sysctl.conf 2021-02-25 07:07:39.965363000 +0900
@@ -7,3 +7,6 @@
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
+
+net.inet.tcp.cc.algorithm=dctcp
+net.inet.tcp.ecn.enable=1
/etc/syslog.conf
--- /etc/syslog.conf.orig 2021-02-19 15:05:41.000000000 +0900
+++ /etc/syslog.conf 2021-03-09 10:10:59.070228000 +0900
@@ -5,8 +5,8 @@
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
-*.err;kern.warning;auth.notice;mail.crit /dev/console
-*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
+*.err;kern.warning;auth.none;mail.none;user.none;ntp.none /dev/console
+*.*;authpriv.none;kern.debug;lpr.info;mail.none;news.err;cron.none;daemon.none;ntp.none;auth.none;user.none;local2.none;local3.none /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
mail.*: メールシステムのログ(sendmail 他)
auth.*、authpriv.*: 認証システムのログ(sshd、su 他)
cron.*: cronログ(cron、at)
daemon.*: デーモンサービスのログ(各種)
ntp.*: NTPログ(ntpd)
user.*: ユーザーレベルのログ(/etc/cron.d/portsupdate にて使用)
local2.*: 任意のアプリでのログ(sudo 他)
local3.*: 任意のアプリでのログ()
/etc/syslog.d/devd.conf
!devd *.>=notice /var/log/devd.log
/etc/syslog.d/ntp.conf
ntp.* /var/log/ntpd.log
/etc/syslog.d/sudo.conf
local2.* /var/log/sudo.log
/etc/syslog.d/user.conf
user.* /var/log/ports-svn-update.log
/etc/ttys
--- /etc/ttys.orig 2021-02-19 15:00:30.000000000 +0900
+++ /etc/ttys 2021-03-09 10:00:54.967135000 +0900
@@ -31,13 +31,13 @@
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
-ttyv1 "/usr/libexec/getty Pc" xterm onifexists secure
-ttyv2 "/usr/libexec/getty Pc" xterm onifexists secure
-ttyv3 "/usr/libexec/getty Pc" xterm onifexists secure
-ttyv4 "/usr/libexec/getty Pc" xterm onifexists secure
-ttyv5 "/usr/libexec/getty Pc" xterm onifexists secure
-ttyv6 "/usr/libexec/getty Pc" xterm onifexists secure
-ttyv7 "/usr/libexec/getty Pc" xterm onifexists secure
+ttyv1 "/usr/libexec/getty Pc" xterm off secure
+ttyv2 "/usr/libexec/getty Pc" xterm off secure
+ttyv3 "/usr/libexec/getty Pc" xterm off secure
+ttyv4 "/usr/libexec/getty Pc" xterm off secure
+ttyv5 "/usr/libexec/getty Pc" xterm off secure
+ttyv6 "/usr/libexec/getty Pc" xterm off secure
+ttyv7 "/usr/libexec/getty Pc" xterm off secure
ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
OSのリビルド
/etc/make.conf
OSの展開
make buildworld buildkernel make installkernel installworld certctl rehash etcupdate etcupdate resolve