HxHippy

FreeBSD Post-Installation Setup

Essential steps after installing FreeBSD: updates, user setup, and basic configuration.

Last updated: 2025-01-15

Initial System Update

# Update base system
freebsd-update fetch
freebsd-update install

# Bootstrap pkg package manager
pkg bootstrap

# Update packages
pkg update
pkg upgrade

User Setup

# Create a regular user (interactive)
adduser

# Add user to wheel group for sudo
pw groupmod wheel -m yourusername

# Install and configure sudo
pkg install sudo
visudo
# Uncomment: %wheel ALL=(ALL) ALL

Essential Packages

# Install essentials
pkg install vim nano               # Editors
pkg install bash                   # Bash shell
pkg install git                    # Version control
pkg install htop                   # Process viewer
pkg install curl wget              # HTTP clients
pkg install tmux                   # Terminal multiplexer
pkg install rsync                  # File sync

Configure Shell

# Change default shell to bash
chsh -s /usr/local/bin/bash

# Or add to ~/.profile for login shell
echo 'export SHELL=/usr/local/bin/bash' >> ~/.profile
exec /usr/local/bin/bash

SSH Configuration

# Enable SSH server
sysrc sshd_enable="YES"
service sshd start

# Harden SSH (/etc/ssh/sshd_config)
PermitRootLogin no
PasswordAuthentication no  # After setting up keys

Time Zone and NTP

# Set timezone (interactive)
tzsetup

# Or manually
cp /usr/share/zoneinfo/America/Denver /etc/localtime

# Enable NTP
sysrc ntpd_enable="YES"
service ntpd start

Firewall Setup (PF)

# Enable PF firewall
sysrc pf_enable="YES"
sysrc pflog_enable="YES"

# Create basic ruleset /etc/pf.conf
cat > /etc/pf.conf << 'EOF'
# Macros
ext_if = "em0"  # Change to your interface

# Options
set skip on lo0
set block-policy drop

# Normalization
scrub in all

# Default deny
block all

# Allow outbound
pass out quick on $ext_if

# Allow SSH
pass in on $ext_if proto tcp to port 22

# Allow ICMP ping
pass in on $ext_if inet proto icmp icmp-type echoreq
EOF

# Start firewall
service pf start

Enable ZFS (if not already)

# ZFS is usually configured at install
# Check ZFS pools
zpool list
zfs list

# If you need to import existing pool
zpool import

# Enable ZFS services
sysrc zfs_enable="YES"

System Maintenance Cron

# FreeBSD has periodic scripts
# Enable daily/weekly/monthly maintenance
# Already enabled by default, check /etc/periodic.conf

# View default tasks
cat /etc/defaults/periodic.conf
beginner Getting Started Updated 2025-01-15
  • freebsd
  • installation
  • setup
  • configuration
  • post-install