Building the FreeBSD OS from scratch

[Siseneg]

After it reboots log into your user account and enter the following command to bring up your desktop:

startx

If all went well, and it should if you've followed my instructions, you'll be presented with the fluxbox Window Manager screen, an Eterm terminal, and xfe file manager already open on the desktop. If you see a green and white WM you've logged in as root by mistake and need to reboot.

From now on you can enter the root account through Eterm. Do so and update your ports tree now:

portsnap fetch update

Check to see if there are any vulnerabilities in your *rd party programs by entering the following command:

pkg audit -F

It's doubtful any have been found in the relatively short time since you got started, but is something you want to do on a regular basis once you get things going. When vulnerabilities are found use portmas ter to update the file or remove it using the deinstall command.

There are still several things you need to do. Look through xfe to familiarize yourself with the directory structure, ports tree, etc. We will be tweaking files to harden the system as well.

First we need to create a couple files and edit rc.conf, this time using leafpad. You should still be in your root account in Eterm, so enter:

leafpad

To bring up that text editor as root. Copy this text into leafpad:

[devfsrules_common=7]

add path 'ad*' mode 0666 group operator
add path 'da*' mode 0666 group operator
add path 'acd*' mode 0666 group operator
add path 'cd*' mode 0666 group operator
add path 'mmcsd*' mode 0666 group operator
add path 'pass*' mode 0666 group operator
add path 'xpt*' mode 0666 group operator
add path 'ugen*' mode 0666 group operator
add path 'usbctl' mode 0666 group operator
add path 'usb*' mode 0666 group operator
add path 'lpt*' mode 0666 group operator
add path 'ulpt*' mode 0666 group operator
add path 'unlpt*' mode 0666 group operator
add path 'fd*' mode 0666 group operator
add path 'uscan*' mode 0666 group operator
add path 'video*' mode 0666 group operator
add path 'dvb/*' mode 0666 group operator

And save it as /etc/devfs.rules

That's in the /etc directory, the filename is devfs.rules

Now enter the following commands:

echo 'devd_enable="YES"' >> /etc/rc.conf
echo 'devfs_system_ruleset="devfsrules_common"' >> /etc/rc.conf

And reboot using the shutdown command.

Now you should be able to access a Flash drive. Enter the mount command for it:

mount -v -t msdosfs /dev/da0s* /media/da0s*

And unmount it before removing the drive to prevent problems:

umount -v -t msdosfs /dev/da0s* /media/da0s*

Now that we've got the basics done and closer to surfing the net lets tweak the pf.conf file to harden our firewall. Your internet interface designation should be something like ath0 or msk0 and can be found using the following command:

ifconfig

Now navigate to /etc/pf.conf as root with leafpad and change it to the following.

###macro name for external interface
ext_if = "Your Internet Interface Designation Goes Here"

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all

### Pass loopback
set skip on lo0

### Block spoof
antispoof for lo0
antispoof for $ext_if inet

### Keep and modulate state of outbound traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

Save, exit leafpad, and reboot through Eterm to make the changes take effect:

shutdown -r now

Open /etc/ttys in leafpad and change every instance of secure to insecure.

Open /etc/ssh/sshd_config in leafpad and change the following lines to read as below. Uncomment the first two by removing the # at the beginning of the line and change the third to no:

PermitRootLogin no
Protocol 2
X**Forwarding no

Open /etc/passwd and delete the line of the toor account, then save and exit the file.




You should now be well on your way to having a fully functional UNIX-like system. There are several more programs you'll want to build so you can continue to do anything you were doing on Windows, with more security and style, like VLC to watch movies, GIMP to manipulate images, nmap to scan (or zenmap for a GUI), bcrypt to encrypt password files, Firefox to browse the web, ePDFview to access PDF files, rkhunter to scan for rootkits, feh to change your desktop background, etc.


Familiarize yourself with the ports tree and the programs it contains, the directory structure and its contents, and START STUDYING the FreeBSD Handbook on how to use your new OS. There is a FreeBSD forum that can be a valuable source of information, too.

Whether or not you become proficient with FreeBSD is entirely up to you. If you have any problems or questions feel free to post and I'll do my best to answer them for you or direct you to the proper resource.