# FreeBS Server # Upgrade FreeBSD Upgrading FreeBSD from one minor version to another, such as from FreeBSD 14.0 to 14.2, can typically be done using the `freebsd-update` tool. Here’s a step-by-step guide on how to perform the upgrade: ## Step 1: Backup Your Data Before performing any upgrade, it's crucial to back up your important data and configuration files. You can use tools like `tar`, `cp`, or `rsync` to create backups. ## Step 2: Update Your Current System Make sure your current system is fully updated. Run the following commands: ```sh freebsd-update fetch freebsd-update install ``` ## Step 3: Upgrade to the New Version Now, you can upgrade to the new version. Run the following commands: ```sh freebsd-update fetch freebsd-update upgrade -r 14.2-RELEASE ``` ## Step 4: Install the Upgrade After fetching the upgrade, install it with: ```sh freebsd-update install ``` ## Step 5: Reboot the System Once the installation is complete, reboot your system to apply the changes: ```sh reboot ``` ## Step 6: Verify the Upgrade After rebooting, verify that the upgrade was successful by checking the FreeBSD version: ```sh uname -r ``` You should see 14.2-RELEASE as the output. ## Step 7: Clean Up After the upgrade, you can clean up any old files: ```sh freebsd-update clean ``` Additional Notes If you have custom kernel configurations or installed ports, you may need to rebuild or reconfigure them after the upgrade. Always refer to the official FreeBSD Handbook or release notes for any specific instructions or considerations related to your system. By following these steps, you should be able to successfully upgrade your FreeBSD system from version 14.0 to 14.2. # Change Hostname Changing the hostname in FreeBSD can be done in a few simple steps. Here’s how to do it: ## Step 1: Change the Hostname Temporarily To change the hostname temporarily (until the next reboot), you can use the hostname command. Open a terminal and run: ```sh sudo hostname new-hostname ``` Replace `new-hostname` with your desired hostname. ## Step 2: Change the Hostname Permanently To make the hostname change permanent, you need to edit the `/etc/rc.conf` file. Open the file in a text editor, such as `vi` or `nano`: ```sh sudo vi /etc/rc.conf ``` or ```sh sudo nano /etc/rc.conf ``` Look for a line that starts with hostname=. If it exists, change it to your new hostname. If it doesn’t exist, add the following line: ```sh hostname="new-hostname" ``` Again, replace `new-hostname` with your desired hostname. ## Step 3: Update the /etc/hosts File It’s also a good idea to update the /etc/hosts file to reflect the new hostname. Open the file: ```sh sudo vi /etc/hosts ``` or ```sh sudo nano /etc/hosts ``` Find the line that contains the old hostname and change it to the new hostname. It might look something like this: ```code 127.0.0.1 localhost 127.0.0.1 old-hostname ``` Change old-hostname to new-hostname: ```Code 127.0.0.1 localhost 127.0.0.1 new-hostname ``` ## Step 4: Reboot or Restart Networking To apply the changes, you can either reboot the system: ```sh sudo reboot ``` Or, you can restart the networking service: ```sh sudo service netif restart ``` ## Step 5: Verify the Change After rebooting or restarting the network, you can verify that the hostname has been changed by running: ```sh hostname ``` This should display your new hostname. By following these steps, you should be able to successfully change the hostname on your FreeBSD system. # First Steps # Add User ## To system ```sh root@balrock:~ # adduser Username: username Full name: Uid (Leave empty for default): Login group [username]: Login group is username. Invite username into other groups? []: wheel Login class [default]: Shell (sh csh tcsh bash rbash nologin) [sh]: bash Home directory [/home/username]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : username Password : ***** Full Name : Uid : 1001 Class : Groups : username wheel Home : /home/username Home Mode : Shell : /usr/local/bin/bash Locked : no OK? (yes/no) [yes]: adduser: INFO: Successfully added (username) to the user database. Add another user? (yes/no) [no]: Goodbye! ``` ## User SSH-Key Copy PC SSH KEY ```sh ssh-copy-id username@server-ip-address ``` Create SSH-Keypair ```sh ssh-keygen -t rsa -b 4096 ``` ## Configure SSHD ```sh vim /etc/ssh/sshd_config ``` ```bash # Authentication: #LoginGraceTime 2m PermitRootLogin no StrictModes yes MaxAuthTries 6 MaxSessions 10 AllowUsers username PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no ``` Then delete the line ```sh PasswordAuthentication yes ``` from the bottom of your `/etc/ssh/sshd_config` ## To Doas The configuration file for `doas` is typically located at `/usr/local/etc/doas.conf` or `/etc/doas.conf`. You can create or edit this file using a text editor: ```sh sudo vim /usr/local/etc/doas.conf ``` ```plaintext # Allow user john to execute root commands permit john ``` # Create Jail, Networking and NAT ## Step 1: Enable IP Forwarding First, you need to enable IP forwarding on your FreeBSD host. This allows the host to forward packets between the jail and the outside network. Edit the `/etc/sysctl.conf` file and add the following line: ```sh net.inet.ip.forwarding=1 ``` ### Apply the changes: ```sh sysctl net.inet.ip.forwarding=1 ``` ## Step 2: Configure the Host Network Interface You need to configure the host's network interface to allow NAT. ### Identify your network interface (e.g., em0, re0, etc.) using: ```sh ifconfig ``` ### Set up NAT using `pf` (Packet Filter). First, ensure that `pf` is enabled. Edit `/etc/rc.conf` and add: ```sh pf_enable="YES" ``` ### Create or edit the `/etc/pf.conf` file to include NAT rules. Here’s a basic example: ```sh ext_if="eth0" # Replace with your external interface jails_net="10.10.10.0/24" # Replace with your jail network # Set the default policy set block-policy return set loginterface $ext_if # Jail nat on $ext_if from $jails_net to any -> ($ext_if) pass in on $ext_if proto tcp from any to ($ext_if) port { 22, 80, 443 } # Block all incoming traffic by default block in all # Allow incoming traffic on specific ports pass in on $ext_if proto tcp from any to any port { 22, 80, 443 } # Allow all outgoing traffic pass out all ``` ### Load the `pf` rules: ```sh sysrc pf_enable="YES" kldload pf pfctl -f /etc/pf.conf pfctl -e ``` # Create Classic Jails ## Step 1: Enable the Jail Feature Make sure the jail feature is enabled in your FreeBSD system. You can check this by looking for the `jail` keyword in your `/etc/rc.conf` file. If it's not there, you can add it. ```sh echo 'jail_enable="YES"' >> /etc/rc.conf ``` ## Step 2: Create a Directory for the Jail Create a directory where the jail's filesystem will reside. This is typically done in `/usr/jails`. ```sh mkdir -p /usr/jails/website ``` ## Step 3: Install the Base System You need to populate the jail directory with a FreeBSD base system. You can use the `make` command to extract the base system into the jail directory. ```sh mkdir -p /usr/jails/website mkdir /usr/jail/media fetch https://download.freebsd.org/ftp/releases/amd64/amd64/14.2-RELEASE/base.txz -o /usr/jails/media/14.2-RELEASE-base.txz tar -xf /usr/jails/media/14.2-RELEASE-base.txz -C /usr/jails/website --unlink ``` ## Setp 4: Copy important Files & Update ```sh cp /etc/resolv.conf /usr/jails/website/etc/resolv.conf cp /etc/localtime /usr/jails/website/etc/localtime freebsd-update -b /usr/jails/website fetch install ``` ## Step 5: Create Network interface for Jail ```sh sysrc cloned_interfaces+="lo1" ``` ## Step 6: Configure the Jail in `/etc/jail.conf`: ```sh website { path = "/usr/jails/website"; sysvshm = "new"; host.hostname = "website.local"; ip4.addr = "lo1|10.10.10.100/24"; # Assign an IP from your jail network allow.raw_sockets; allow.socket_af; allow.mount; mount.devfs; devfs_ruleset = 111; exec.clean; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; } ``` ## Step 7: Reboot Reboot Host ```sh reboot ``` ## Step 8: Start the Jail ```sh jail -c website ``` ### Now you should have a jail with networking # Destroy Jail ```sh service jail stop website chflags -R 0 /usr/jails/website/ rm -rf /usr/jails/website/ ```