My FreeBSD Post-Installation Steps

Whenever I install a FreeBSD server, I usually perform the same steps right after installation. This post outlines these steps, for me to remember. Nothing new or complex, all of this has been shared already somewhere.

Copy SSH Key

For key-based SSH login, the public SSH key is to be copied from a local machine to the post installation machine. In order to do this, copy the public key from a local machine where SSH key is already configured to your <user> on the remote <host>:

ssh-copy-id <user>@<host>

Configure sudo

Package installations and ˋvisudoˋ must be done as root, therefore su - to become root.

su -
pkg install sudo
visudo
# uncomment # %wheel ALL=(ALL:ALL) ALL
exit
sudo id # test sudo config

Note: this requires to be member of the wheel group. I usually configure that during installing FreeBSD, when adding a non-privileged user.

Update and Upgrade FreeBSD

Update:

sudo freebsd-update fetch
sudo freebsd-update install

Upgrade, if needed:

# e.g. <release> = 13.2-RELEASE
sudo freebsd-update -r <release> upgrade
sudo freebsd-update install
sudo reboot
# login after reboot
sudo freebsd-update install

Always update before upgrade.

Enable NTP

This is only needed if ntpd has not been configured during installing FreeBSD.

sudo sysrc ntpd_enable="YES"
sudo sysrc ntpd_sync_on_start="YES"
sudo service ntpd start
service ntpd status # check if ntpd is running

By default ntpd will use NTP time servers assigned via the freebsd.pool.ntp.org pool.

Install packages

sudo pkg install git vim htop

Disable MOTD and fortune

sudo chmod -x /usr/bin/fortune
sudo touch /root/.hushlogin
touch ~/.hushlogin

Disable atime on zroot

It is a good idea to disable atime if FreeBSD is installed with a ZFS root filesystem. It is not particularly interesting to record when a file was read the last time.

Check that atime is off:

zfs get all|grep atime

Done.