From: “K.R. Lewis” <krl@vicomp.com>
To: “J. Joseph Max Katz” <m4@nts.umn.edu>
Message Hash: c0c08d055df60e2b65b8fa0ab5cfab90c78f27e94d8cc50e6c36294d0329722e
Message ID: <1.5.4.32.19971016122647.0099686c@192.168.1.15>
Reply To: N/A
UTC Datetime: 1997-10-16 18:02:47 UTC
Raw Date: Thu, 16 Oct 1997 11:02:47 -0700 (PDT)
From: "K.R. Lewis" <krl@vicomp.com>
Date: Thu, 16 Oct 1997 11:02:47 -0700 (PDT)
To: "J. Joseph Max Katz" <m4@nts.umn.edu>
Subject: Re: Document on Customizing OpenBSD after install
Message-ID: <1.5.4.32.19971016122647.0099686c@192.168.1.15>
MIME-Version: 1.0
Content-Type: text/plain
At 10:46 AM 10/15/97 -0700, J. Joseph Max Katz wrote: AND Randy Lewis has a remark
about JJMK's response....below
>Re...
>
>In the coming weekend, I'll be updating the newuser FAQ
>(for things like PPP and 2.2). I'm sure a post-install checklist would be
>a welcome addition.
>
>B U T . . . .
>
>Not everyone runs things like Kerberos or DNS. Keep in mind that many
>people use OpenBSD for many things and in many environs. The OpenBSD setup
>on my firewall at the office is much different than the Sparc, Alpha, and
>P5/133 I run it on at home. The setup on my router machine at home is also
>much different than the other machines in my house. There are ways people
>have setup OpenBSD on embeded systems to do things like manage the
>fuel/air mix ratio on their Corvettes (OK, one person I know of planned
>that, but couldn't get the financing for the car...) I hope that draws the
>picture.
>
>As for the verification after install, that is sort of "auto-manditory"--
>if a filesystem isn't mounted right, /etc/fstab has to be checked out. If
>the network doesn't work, the network files must be examined to "make it
>go." As oopposed to attacking this as a checklist, how about it is
>attacked as "If networking doesn't work, check hostname.(interface)"-- but
>there is more to that then just files in /etc (boot -c in order to
>reconfigure hardware addresses)
As a user of OpenBSD, and having tried to manage projects with it for
implementation of added features for customers...I could not agree with
the above position.
You see, if you are ALREADY familiar with OpenBSD then you will most likely
know exactly what to do when installing and seting up a system. New User's
Notes / Installation Checklist's will most likely be ignored by you.
However, if you are brand new to the system, then an Installation / Setup
Checklist (a good one) will prove to be essential. Wouldn't it be great if
just about every post to these groups from a new user was one like "..hey!
This OpenBSD thingy works great! The installation was a snap!.." or something
like that. We all know that hardly happens now...but, it could.....
I, for one, believe strongly that a good 'Overview', 'Setup Notes' and 'Installation
Checklist' must somehow find it's way into the distribution. It is also clear
that the machine / arch specific differences will require unique versions
for each.
Randy
>
>/----------------------------------------------------------------
>/ Jonathan Katz, jkatz@cpio.org / http://www.cpio.org
>/ Student, Unix geek, Security guy / http://posse.cpio.org
>/ President and Founder: Corinne Posse / http://jon.katz.com
>/ Phone: +1 (317) 590-7092 / "OpenBSD: Secure!"
>/ "The meek may inherit the earth,
>/ but Gale and I will seize the stars!"
>
>On Wed, 15 Oct 1997, Marshall Midden wrote:
>
>> Is there a checklist someplace on what to do after the install of OpenBSD 2.2?
>>
>> I'm thinking like:
>> 1) Go into /etc
>> a) Verify disks and network interfaces configured correctly.
>> Files: fstab, hosts, myname, hostname.le0, mygate, resolv.conf, defaultdomain.
>> You might wish to turn off multicast routing in /etc/netstart.
>> b) Edit motd to make lawyers comfortable and delete "Welcome".
>> c) Fix passwd via "vipw" to change passwords, set up users, etc.
>> Make sure password on "root". Default is no password from console, and
>> disabled from network. Make sure to edit "group" for any user groups,
>> and to put people into the wheel group if they need root access.
>> d) Any local configuration change in: rc.conf, rc.local
>> e) printcap, hosts.lpd Get printers set up
>> f) Tighten security:
>> fbtab Set security for X
>> inetd.conf Turn off extra stuff, add that which is really needed.
>> rc.securelevel Turn on Network Time Protocol.
>> g) kerberosIV Get kerberos configured. Remember to get a srvtab.
>> h) aliases Local mail delivery (set postmaster, etc). Run newaliases
>> after changes.
>> i) bootptab If this is a bootp server.
>> j) ccd.conf If using concatenated disks (striped, etc).
>> k) exports If this is an NFS server.
>> m) NIS (old yellow pages), hosts.equiv, defaultdomain, etc.
>> n) ifaliases for www, etc.
>> o) daily, weekly, monthly.
>> p) "amd" directory if using this package.
>> q) rbootd if needed for remote booting (ethernet MAC address to IP translation).
>> r) Any other files and directories in /etc.
>>
>> 2) crontab -l. Do you need anything else?
>> 3) After the first nights security run, change ownerships and permissions on things.
>> Best bet is to have permissions as in the security list.
>>
>
>
>.. .
() | Kenneth R. (Randy) Lewis
_/_/ _/_/ _/_/ | email: krl@vicomp.com
_/ _/ _/ | phone: +1 919 644 6306
_/ _/ _/ | fax: +1 919 644 6409
_/ _/ _/ | smail: V.I Computer, Inc.
_/ _/ _/ | 531 Encinitas Blvd
_/_/ _/ | Bldg 114
_/ _/_/_/ | Encinitas, CA 92024
. . computer corp. | http://www.vmepower.com
Return to October 1997
Return to ““K.R. Lewis” <krl@vicomp.com>”
1997-10-16 (Thu, 16 Oct 1997 11:02:47 -0700 (PDT)) - Re: Document on Customizing OpenBSD after install - “K.R. Lewis” <krl@vicomp.com>