Installing FreeBSD
Purpose
This document describes how to:
- install FreeBSD
- configure sane system defaults
- install the Packages system
- install and configure some packages
The FreeBSD Handbook is an excellent resource for questions about configuring, using, and developing for FreeBSD.
Installing the OS
FreeBSD Installer
Initial Installation
Attach the FreeBSD Installer Image you downloaded to a VM or physical machine and boot from it.
The installer will start. On the first screen, hit enter to choose: <Install>.
You will be asked about a keymap. Hit enter to: >>> Continue with default keymap
Provide a hostname. Use an FQDN if you can. This can be changed later by editing the hostname= parameter in /etc/rc.conf.
You will be asked which optional components to install. Deselect all of them and continue.
Next, you will be asked about the disk layout. Choosing the default Auto (ZFS) Guided Root-on-ZFS is fine.
Hit enter on the next screen to accept the defaults for the ZFS settings.
Choose stripe Stripe - No Redundancy for the ZFS virtual device type.
Hit the space bar to select the storage device to use for the OS installation. Hit enter to continue. Accept that any data on the target storage device will be lost and hit enter to proceed.
The operating system will be installed on the target disk.
Setting the Root Password
The FreeBSD Installer will ask you for a root password. Enter it twice to proceed.
Configure Network
Select the network interface you wish to configure.
Answer the questions about IPv4, DHCP on IPv4, IPv6, and DHCP on IPv6.
Set a search domain (if you want one), and configure your default DNS resolver(s).
Configure Time/Date
Use the menus to select the timezone your system is in.
Skip the date and time screens; your system will use NTP to configure its clock.
Boot Services
The following services should be set to enabled/disabled:
| Service | Enabled/Disabled |
|---|---|
local_unbound |
disabled |
sshd |
enabled |
moused |
disabled |
ntpdate |
enabled |
ntpd |
enabled |
powerd |
disabled |
dumpdev |
disabled |
System Hardening
This screen has options for hardening the system.
Enable them all.
| Option | Enabled/Disabled |
|---|---|
hide_uids |
enabled |
hide_gids |
enabled |
hide_jail |
enabled |
read_msgbuf |
enabled |
proc_debug |
enabled |
random_pid |
enabled |
clear_tmp |
enabled |
disable_syslogd |
enabled |
disable_sendmail |
enabled |
secure_console |
enabled |
disable_ddtrace |
enabled |
Adding Users
You will be asked if you want to add a user to the system. Select < Yes >.
Provide the installer with a username for your non-root account. It's safe to leave the Full name blank as it's an informational field.
Accept the default values for the UID, GID, and Login group values.
When asked if you want to invite the user into other groups, type wheel and hit enter. If you do not do this, your userland account will be unable to su - to become the root user.
Accept the default value for Login class.
Choose your shell and continue. If you are unsure, hit enter to select sh.
Accept the default value for Home directory and its permissions.
Choose 'yes' to use password-based authentication. You probably do not want an empty password, so select 'no' and either let the system generate a random password for you or enter one yourself.
Do not lock the account after creation.
Answer 'yes' to create the user account.
Answer 'no' because you don't want to create another user.
Completing the OS Installation
You've completed installing FreeBSD on the target system.
Select Exit to exit the installer. You'll be asked if you want a last-minute shell. Select 'No' and then 'Reboot' to reboot.
Post-Install Configuration
Install PKGs
FreeBSD installs 3rd party software using either the ports collection (build software from source) or the package system (pre-built binary packages).
This guide uses packages, as there is no need to recompile any of the software needed to build this machine.
Bootstrap the packages system so you can use it to install software later in this guide:
Install a few packages that make the system a bit nicer to use:
Install a nice screerc file for FreeBSD systems into /usr/local/etc/screenrc: