Greetings All,

I am now in a position to change my laptop over (an IBM G41)completely over to FreeBSD. I have been a Linux user for the last eight years and, after a recent situation, as can been seen on "When Installs go Bad" Monday evenings at 8pm, where I upgraded from Slackware 10.2 to 11.0 and lost my entire file system: even the root partition was unreadable and the rescue floppies were worthless as fd0 no longer existed. Even PHLACK, Knoppix and Morphix, 3 unique live CDs were unable to save the system. Needless to say, after losing all of my files (saved on back-up, of course) and continually reviewing multiple vanity copies of Debian, Red hat, or Slackware (all called "distributions" these days with little difefrence between them), I have chosen to move on to FreeBSD, where the security, stability, and community exist and I have few, if any, bugs to worry about and a more than supportive professional community for support.

My question is this: I have dabbled in FreeBSD in the past, but have always been a bit confused by how the initial lock-down and port installation should be handled. Yes, I have RTFMs, researched online, and even toyed with this on live systems, but would like one clear, expert method of how to secure the system, update the existing system (6.1), and the most useful way to acquire ports.

As usual, this is a very intelligent and informative community and I respect your individual opinions. Thank you in advance for any and all replies.

Yours, -- The Good Doctor, always curing what ails you!:wink:

I'm just going to try to give you an overview to get you started.

The file system is going to be about the same with some differences. /etc is still your configs, but really only for core packages. When you install new ports that use configs usually heald in /etc, you might be surprised to find some in /usr/local/etc. /home is just symlink, and the full path is /usr/home.

Like many Linux ditros, FreeBSD has it's own CLI system manager, sysinstall. This manager is the exact same as the initial installation. You can install ports from this, but you will not want to do this later on. You will also be able to install various other things from this manager, such as the ports tree, kernel source, older branch compatiblity, etc. You can also control various other parts of the system as well.

First you would want to optimize your system. Start off by customizing your own kernel. Make sure that you have the kernel source installed, and go to the /usr/src/sys/i386/conf directory. Copy the GENERIC kernel config file as another file (such as CUSTOM-KERN), and edit the new file. A lot of the settings are self-explanitory, and you might find some specific to your laptop. You can check /usr/src/sys/i386/conf/NOTES for explainations of several options. Compiling is always a quick thing with FreeBSD.

cd /usr/src
make buildkernel KERNCONF=CUSTOM-KERN
make installkernel KERNCONF=CUSTOM-KERN

Anyways, to use the ports, you can install them in many ways, but two specifically. First is using the pkg_add command, and the second is installing from the port in the local tree. Ports are held in /usr/ports. To install a port, you just have to simply move to the directory of the port you want to install, and install it. For example:

cd /usr/ports/x11/ion
make install clean

That's it. You can also search for ports, from the /usr/ports directory:

make search key="<search string>"

If you want to use the latest greatest ports, be sure to install /usr/ports/net/cvsup-without-gui (or cvsup if you want to X11 version).

As for security, you will probably want to start with the default IPFW firewall. It resembles iptables, so the transition will be east. Most would recommend PF, which I would as well, but not until later (PF options also have to be compiled into the kernel).

When you were using Linux you were probably use to using lsmod to watch loaded modules. FreeBSD uses kldstat, and kldload/klduload to load and unload modules.

As for updating the system, this is the method I use:

First, make sure you don't have any modules loading from the /boot/loader.conf file. If you do, and they don't update, you are going to have to load a shell from a full boot CD, and edit the file if the kernel does not like the old module (will happen with the Nvidia module).
Update your source to the version of FreeBSD you want to upgrade to, and run then type:

make buildworld
make buildkernel KERNCONF=KERNEL // replace KERNEL with your kernel config name
make installkernel KERNCONF=KERNEL

Reboot the system into Single-User mode:

fsck -p
mount -u /
mount -a -t ufs
swapon -a
make installworld
mergemaster -a


I think I went a little overboard, but I hope that I at least pointed out the path for you.