8 things I do after installing FreeBSD

Last edited on 2023-12-15 Tagged under  #freebsd   #bsd 

Neofetch FreeBSD

After installing FreeBSD, these are some extra steps I take right away to get a system off to a good start!

1. Use a larger font in console

I find the default font size in the vconsole pretty small for my eyes on a 1920x1080-or-greater display. The base system includes a selection of console fonts in /usr/share/vt/fonts.

Try a different, larger font size ...

# vidcontrol -f terminus-b32

Here is a nice selection of terminus fonts of different sizes, converted for use in the FreeBSD console. Download, unpack, and place the fonts in /usr/share/vt/fonts.

Try the different sizes ...

# vidcontrol -f ter-u24

Make a selection permanent by adding to /etc/rc.conf ...

allscreens_flags="-f ter-u24"

Link: Fix small font in FreeBSD

2. Upgrade system

Run pkg-upgrade(8) to compare installed versions of packages to the versions in the ports tree, and generate a list of packages due for an upgrade ...

# pkg upgrade

3. Bash

Install the bash shell ...

# pkg install bash bash-completion coreutils

Enable the bash-completion library by first creating the ~/.bashrc file, then adding ...

[[ $PS1 && -f /usr/local/share/bash-completion/bash_completion.sh ]] && source /usr/local/share/bash-completion/bash_completion.sh

Create the ~/.bash_profile file, adding ...

source $HOME/.bashrc

Run chsh -s to directly set the specified shell without opening an editor. To change the shell to bash ...

$ chsh -s /usr/local/bin/bash

Log out and back in to start using the new shell.

4. Alias for root

As of FreeBSD 14.0, the default mail transport agent (MTA) is now the Dragonfly Mail Agent (dma(8)) rather than sendmail(8).

Rather than login to root to collect system mail, I forward the root user's mail to a non-root user's inbox.

Open the file /etc/aliases and look for the following line ...

# root: me@my.domain

Uncomment that line and replace me@my.domain with a username (example: foo) ...

root: foo

Let the MTA know about the change by running ...

# newaliases

Test whether mail is indeed being forwarded by using the mail command to send root a message ...

$ mail root
Subject: Test new alias 
Is it working?

Press CTRL-d to exit and send message.

It works!

$ mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/mail/foo": 1 message 1 new
>N  1 foo@foobox.myfbsd  Sun Dec 10 15:34  15/467   "Test new alias"

Link: How to Forward Root’s Mail

5. Extra Groups

Add my existing user to a group with pw groupmod <group_name> -m <username>.

Example: I grant privileges to shutdown/reboot the system to my non-root user account by adding user foo to the operator group ...

# pw groupmod operator -m foo

6. Package Manager: pkg

FreeBSD's base system contains a minimal pkg(7) command. Upon first use, it will download the full-featured pkg(8) tarball, install it, and bootstrap the local package database.

Example: I install the additional documentation package en-freebsd-doc (replace en with the language prefix of choice) ...

# pkg install en-freebsd-doc
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly, please wait...

7. SSH Keys

Disable password logins and switch to SSH key-based authentication to secure access to remote machines.

See: Secure remote access to FreeBSD servers using SSH keys

8. Execute commands as root: doas

Command doas(1) is a sudo alternative ported from OpenBSD. It's ideal for single-user systems that don't require the elaborate features - and more complex configuration - of sudo.

Install ...

# pkg install doas

A sample configuration exists at /usr/local/etc/doas.conf.sample.

Create the /usr/local/etc/doas.conf file and grant (example) user foo the privileges of root without asking for a password when executing the doas command ...

permit nopass foo as root

Now I can run commands as my user that would normally require root ...

$ doas pkg install <some_package>

You can like, share, or comment on this post on Mastodon 💬

Thanks for reading! Read other posts?

» Next: Encrypt a swap partition

« Previous: Secure remote access to FreeBSD servers using SSH keys