Embed Size (px)
Citation preview
System Administration HW1System Administration HW1
huanghs
Com
pu
ter C
en
ter, C
S, N
CTU
2
Requirements
Basic• Install FreeBSD and upgrade to up-to-date –RELEASE
• Recompile your kernel with pf (Packet Filter) support and enable it
(not by kernel module)
• Change kernel IDENT
• Set your machine to current time zone and adjust current time
Optional• Enable sshd
• Customized kernel
Com
pu
ter C
en
ter, C
S, N
CTU
3
Update FreeBSD (1/3)
Update source tree• Backup original supfile or copy to other directory
Prepare /usr/local/etc/src-supfile && /usr/local/etc/ports-supfile
• /etc/make.conf SUP_UPDATE= yes SUP= /usr/bin/csup SUPFLAGS= -L 2 SUPHOST= freebsd.cs.nctu.edu.tw SUPFILE= /usr/local/etc/src-supfile PORTSSUPFILE= /usr/local/etc/ports-supfile KERNCONF= SABSD CPUTYPE?= core2
• Run “make update” in /usr/src
Com
pu
ter C
en
ter, C
S, N
CTU
4
Update FreeBSD (2/3)
Edit kernel config (with pf support)• Copy /usr/src/sys/arch/conf/GENERIC to name-you-want
arch maybe is i386, ia64, amd64…..depend on your cpu
• Change IDENT
• Add the following device pf //Enable support for the “Packet Filter” firewall device pflog //Can be used to store the logging information to disk device pfsync //Monitor “state changes” options ALTQ //Enable the ALTQ framework(not supported by all of the
available network card drivers) options ALTQ_CBQ //enables Class Based Queuing (CBQ)
• References http://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html http://www.freebsd.org/doc/zh_TW/books/handbook/firewalls-pf.html http://forum.icst.org.tw/phpbb/viewtopic.php?t=10404
Com
pu
ter C
en
ter, C
S, N
CTU
5
Update FreeBSD (3/3)
Build new world & kernel• http://www.freebsd.org/doc/en/books/handbook/makeworld.html
• http://www.freebsd.org/doc/zh_TW/books/handbook/makeworld.html
Com
pu
ter C
en
ter, C
S, N
CTU
6
Timezone
tzsetup sysinstall Find right timezone file in /usr/share/zoneinfo and copy
to /etc/localtime
Com
pu
ter C
en
ter, C
S, N
CTU
7
Hint: Kernel Config
Customized kernel• Remove unneeded kernel config
IPv6 support, scsi device, firewire …etc.
• What I need ? /var/run/dmesg.boot
Don’t remove em in config file
Com
pu
ter C
en
ter, C
S, N
CTU
8
FAQ (1/4)
make: don't know how to make buildworld. Stop in /usr/src• Makefile
• Fetch source first (at least Makefile & Makefile.incl in /usr/src) Copy Makefile & Makefile.incl from other host and make update Use sysinstall -> Configure -> Distributions -> src -> all or base
and choose installation media
…update:## do something when make update#kernel: buildkernel installkernel…
Com
pu
ter C
en
ter, C
S, N
CTU
9
FAQ (2/4)
/usr is empty or Read-only file system in single user mode Only root filesystem will be mounted and is readonly
Mount other fs manually by
• mount –a
Mount failed “Filesystem is not clean - run fsck”• fsck –y //Filesystem check, -y is auto repair
Com
pu
ter C
en
ter, C
S, N
CTU
10
FAQ (3/4)
Error when make buildkernel• Some device/option is necessary or require by others
• Read comment before remove it
# PCI Ethernet NICs that use the common MII bus controller code.# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!device miibus # MII bus supportdevice ae # Attansic/Atheros L2 FastEthernetdevice age # Attansic/Atheros L1 Gigabit Ethernetdevice alc # Atheros AR8131/AR8132 Ethernet
….
Com
pu
ter C
en
ter, C
S, N
CTU
11
FAQ (4/4)
Adjust current time• ntpdate(8) //non-continuous
or
• ntpd(8) //continuous http://www.freebsd.org/doc/en/books/handbook/network-ntp.html
• Server time.stdtime.gov.tw tick.stdtime.gov.tw tock.stdtime.gov.tw watch.stdtime.gov.tw
Com
pu
ter C
en
ter, C
S, N
CTU
12
Help!
Newsgroup cs.course.sysadm BS2 board CS-SysAdmin CSCC
