NetBSD configuration

cnhnln

http://pbraun.nethence.com/doc/sysutils_bsd/netbsd.html

NetBSD configuration

Pierre-Philipp Braun <pbraun@nethence.com>

A] Basic setup

Network configuration
Setup the hostname,
echo lala.example.com > /etc/myname  # for next reboot
Check if kernel has recognized the network interface,
ifconfig -a
# and eventually dmesg | less
Setup IP/Netmask,
    echo "10.0.0.6 netmask 255.0.0.0 media auto" > /etc/ifconfig.fxp0
Setup your gateway,
echo 10.0.0.1 > /etc/mygate
Setup your name resolutions,
vi /etc/hosts
  ::1    localhost  localhost.
  127.0.0.1  localhost  localhost.
  10.0.0.2    lala    lala.example.com
vi /etc/resolv.conf
  search example.com
  nameserver DNS_IP
  nameserver DNS_IP
Note /etc/nsswitch.conf defines the "/etc/hosts file, then dns" order.

Once this is all done,
/etc/rc.d/network restart

Ping the net,
ping club.fr
ping 194.117.200.10

Same configs but for troubbleshooting, immediate & temporary changes,
hostname lala.example.com
ifconfig fxp0 10.0.0.2 netmask 255.255.255.0 up  # immediately
route delete default; route add default 10.0.0.1

As for a dynamic attributed IP, use this,
vi /etc/rc.conf
  dhclient=yes
  dhclient_flags="fxp0"
or more simply,
vi /etc/ifconfig.fxp0
  !dhclient $int &

As for PPPOE internet access, intead of using the rp-pppoe, use the built-int thing.  Rather use the examples from,
man pppoectl
than those from the doc, www.netbsd.org/Documentation/network/pppoe/

As for wireless network use ifconfig too (man ifconfig).
Note one has to use current to get some Intel cards working (damien.bergamini.free.fr/ipw/download.html).


The SSH Daemon
Eventuallypermit the root user to login remotely. This may be convenient fortesting servers. Otherwise it's just for users (which can su -) whichis prefered on production server so you can trace who made "su -" andchanges from the logs.
    vi /etc/ssh/sshd_config
  PermitRootLogin yes
After setting the hostname, you can start SSHD for the first time.  It will generate the keys,
vi /etc/rc.conf
  sshd=yes
/etc/rc.d/sshd start
Note you can now do the rest remotely.  For example using PuTTY from some Windows workstation.


motd
Remove the anying login welcome message,
mv /etc/motd /etc/motd.dist


Syslog
On small testing servers (low load), it's convenient to have as much logs as possible in the same terminal or screen window,
mv /etc/syslog.conf /etc/syslog.conf.dist
vi /etc/syslog.conf
  *.* -/var/log/messages
chmod 640 /var/log/messages
/etc/rc.d/syslogd restart


Crontabs
Unlessyou're using "at" regulary and are ok with the useless syslog messageevery 10 minutes, comment the at line. Second, tweak the newsyslog lineaccordingly (for a very low-load server once a month is alright) andalso uncomment the monthly check,
crontab -e
  #*/10 * * * * /usr/libexec/atrun
  0 0 1 * * /usr/bin/newsyslog
  [...]
  30 5 1 * * /bin/sh /etc/monthly 2>&1 | tee /var/log/monthly.out | sendmail -t
Note indexing (/usr/libexec/locate.updatedb) is already called once a week from the weekly line.


Time sync
Besides using date to set the time, e.g.,
date 200808141119
ntpdate will do,
ntpdate ntp.obspm.fr  # or your favorite NTP server or mirror
Also for crontab, each day,
0 6 * * *       ntpdate ntp1.dedibox.fr > /dev/null
Note. man ntpdate for specific options (-b for bootime, -u for firewall bypass, -s for syslog output)


Base system security
Regulary check netbsd.org/support/security/and see if you're concerned. There's no use for patching all the timeif none of your services are concerned. Just wait for the next releaseand perform a binary update (see B] below). Also so see security(,
man 8 security


Package management
See pbraun.nethence.com/doc/sysutils/NetBSD_pkgsrc.html


B] Updating the system

First, fetch the NetBSD sets from your prefered mirror to some directory.
Note misc.tgz and etc.tgz are links (to ../../../share) so a simple "ftp/prompt/mget *" won't do it.
Then update the kernel,
mv /netbsd /netbsd.old
tar xvzpfe kern-GENERIC.tgz -C /
shutdown -r now   # don't do "reboot" on BSD systems
Note reboot with the new kernel before extracting the sets.  Otherwise "tar", "gunzip" and basic commands may segfault.

Proceed with userland's update thereafter,
tar xzpfe base.tgz -C /
tar xzpfe comp.tgz -C /
tar xzpfe man.tgz -C /
tar xzpfe misc.tgz -C /
tar xzpfe text.tgz -C /
mkdir /root/etc
tar xzpfe etc.tgz -C /root/etc
etcupdate -b /root/etc
# or "etcupdate -s etc.tgz"
cd /dev
sh MAKEDEV all
cd /
shutdown -r now    # don't do "reboot" on BSD systems

Tospeed up that par of the update, just after new kernel's extraction,reboot in single user mode. At booloader's prompt, enter,
boot -s
Once you get the shell,
mount -o rw /
Do the actual system update with "tar" and "etcupdate" (see above) and continue booting afterwards,
cd /dev
sh MAKEDEV all
cd /
sync
sh /etc/rc

Notethere's also "postinstall" but it removes old libs and does things w/oasking. I just do etcupdate (and MAKEDEV) and it is fine.



C] Additionnal tweaks

Softdep
You may speed up harddisk i/o performance activating soft depedencies (safter than async),
vi /etc/fstab
  /dev/wd0a  /  ffs  rw,softdep  1 1


ATA Harddrive standby (for idling NAS or a laptop)
/sbin/atactl wd0 smart enable
/sbin/atactl wd1 smart enable
/sbin/atactl wd2 smart enable

/sbin/atactl wd0 setidle 602
/sbin/atactl wd1 setidle 601
/sbin/atactl wd2 setidle 600

/sbin/atactl wd0 setstandby 902
/sbin/atactl wd1 setstandby 901
/sbin/atactl wd2 setstandby 900


Cdrom
If you're inserting CDroms very often,
mkdir /mnt/cdrom
vi /etc/fstab
  /dev/cd0a /mnt/cdrom cd9660 ro,noauto 0 0


wscons
Ifyou're not working remotely and prefer the console over X11, you mayneed to activate wscons mouse support and some larger screen resolution.

To activate wscons' mouse,
cp /usr/share/examples/wsmoused/wsmoused.conf /etc
vi /etc/wsmoused.conf
echo wsmoused=yes >> /etc/rc.conf
/etc/rc.d/wsmoused start
Ref. www.netbsd.org/docs/guide/en/chap-cons.html#chap-cons-wscons

To get a larger resolution on terminals >1,
vi /etc/wscons.conf
uncomment,
  font ibm - 8 ibm /usr/share/wscons/fonts/vt220l.808
and edit those lines,
#screen 0 - vt100
screen 1 80x50 vt100
screen 2 80x50 vt100
screen 3 80x50 vt100
screen 4 - -
Note. if this isn't enought,
/etc/rc.d/wscons restart
then just reboot the machine,
shutdown -r now


Changing shell
Changes one's shell.  Once the wanted shell is available (installed and listed in /etc/shells),
vipw
  username:......:/usr/pkg/bin/bash
Basically, vipw just does
vi /etc/master.passwd && pwd_mkdb /etc/master.passwd
Note you could also use those commands but (vipw is more convenient),
chsh username
chpass -s /usr/pkg/bin/bash username
Note you users' creating time default shell,
useradd -D -s /usr/pkg/bin/bash
or
vi /etc/usermgt.conf
  shell           /usr/pkg/bin/bash


Bootloader
To speed up bootloader timeout, update the primary bootstrap,
    installboot -v -o timeout=1 /dev/rwd0a /usr/mdec/bootxx_ffsv1
Note this is for FFSv1.  To check your filesystem do e.g.,
dd if=/dev/rwdOd bs=300 count=1 | grep -i ffs
Note the seconday bootstrap file is there,
ls -l /boot/boot
If not do,
cp /usr/mdec/boot /boot

Besides, if you're having multiboot,
fdisk -B
Note. to erase MBR see pbraun.nethence.com/doc/sysutils/mbr_dos_floppy.html


Indexing
Indexing is already activated in weekly's crontab.  If you need to update it immediately,
/usr/libexec/locate.updatedb
You may then use "locate" instead of find.


Serial console
You can switch to serial console from the start, at bootloader's prompt,
consdev com0

Spit the boot message to the serial port,
installboot -v -o timeout=3 -o console=com0 -o speed=9600 /dev/rwd0a /usr/mdec/bootxx_ffsv1
Note '-o' needs to be repeated.

Spit some consoles on the serial port,
vi /etc/ttys
  tty00 "/usr/libexec/getty std.9600" unknown on secure

Ref. also see wiki.gcu.info/doku.php?id=netbsd:serial_console


The NetBSD FTP Daemon (tnftpd, formaly known as lukemftpd)
See pbraun.nethence.com/doc/net/lukemftpd.html


Backups
See pbraun.nethence.com/doc/sysutils/backup.html


Other things
- After editing /etc/login.conf do,
cap_mkdb /etc/login.conf
- For disks concatenation, like RAID-0 but more flexible see pbraun.nethence.com/doc/sysutils/ccd.html
- To regain root access see pbraun.nethence.com/doc/sysutils/regain_root.html


D] Build NetBSD from source
Instead of CVS I like to use the stable sets.  And build as user, not root.
Make sure you're as user,
whoami
Fetch all the tarballs (but xsrc),
wget ftp.fr.netbsd.org/pub/NetBSD/NetBSD-4.0/source/sets/src.tgz
wget ftp.fr.netbsd.org/pub/NetBSD/NetBSD-4.0/source/sets/syssrc.tgz
wget ftp.fr.netbsd.org/pub/NetBSD/NetBSD-4.0/source/sets/gnusrc.tgz
wget ftp.fr.netbsd.org/pub/NetBSD/NetBSD-4.0/source/sets/sharesrc.tgz
Extract them,
tar xzf src.tgz
tar xzf syssrc.tgz
tar xzf gnusrc.tgz
tar xzf sharesrc.tgz
Move the source where you like to and go inside,
mv usr/src ~/; rmdir usr
cd ~/src
Make your changes to the source,
vi etc/rc.d/somescript
vi etc/rc.conf
Build the distro,
./build.sh -h | less
./build.sh -U release
#./build.sh -U iso-image
./build.sh -U iso-image-sources

If anything fails, cleanup and retry differently,
make cleandir

Refs.
Make the ISO yourself : www.netbsd.org/docs/bootcd.html#i386image
Build a live CD : www.reedmedia.net/misc/netbsd/live-cd.html


Export regulations
In theory, you're not allowed to download the whole NetBSD distribution (USA crypto) : ftp.netbsd.org/pub/NetBSD/.message


References
NetBSD Documentation : www.netbsd.org/docs/guide/en/
NetBSD Community Blog : blog.onetbsd.de/
NetBSD News Beat : netbsd.gw.com/
FreeBSD vs NetBSD tips : home.nyc.rr.com/computertaijutsu/netbsd.html


BSD list
NetBSD
FreeBSD, PicoBSD, MidnightBSD, DesktopBSD, PC-BSD
OpenBSD, MirOS/MirBSD


Licences
en.wikipedia.org/wiki/ISC_licence
en.wikipedia.org/wiki/MIT_licence
en.wikipedia.org/wiki/BSD_licence