Páginas

viernes, 12 de mayo de 2017

Particionar instalar Arch Linux UEFI 2017 KDE

Arrancar el instalador en modo UEFI

Comprobar que está conectado a la red
# ping -c 2 www.freebsd.org

Instalar fuente terminus-font y activar durante la instalación


# pacman -S terminus-font
# pacman -Ql terminus-font
# setfont ter-v32n

Q = Consulta a la basde de datos de paquetes
l = listar todos los archivos pertenecientes a un paquete

Listar discos (dispositivos de bloque)

# lsblk

parted - linea de comando


# parted /dev/sda      # abrir parted y seleccionar el disco
# mklabel gpt          # configrurar disco GPT


Particionar disco


# mkpart ESP 1MiB 513MiB          # crear /boot 512MB /dev/sda1
# set 1 boot on                   # marcar /boot como partición de arranque
# mkpart linux-swap 513MiB 2.5GiB # crear swap 2.5GB (8GB RAM)
# mkpart ext4 2.5GiB 50GiB        # partición raiz /
# mkpart ext4 50GiB 100%          # resto espacio libre /home


salir parted

Crear los sistemas de ficheros

    mkfs.vfat /dev/sda1 # EF00
    mkfs.ext4 /dev/sda2 # 8300
    mkfs.ext4 /dev/sda4 # 8300


Activar partición swap

    mkswap /dev/sda3 # 8200
    swapon /dev/sda3


Montar particiones

    mount /dev/sda2 /mnt
    mkdir -p /mnt/boot
    mount /dev/sda1 /mnt/boot
    mkdir -p /mnt/home
    mount /dev/sda4 /mnt/home


Elegir lista de mirror

# pacman -Sy
# pacman -S reflector
# reflector --verbose -l 5 --sort rate --save /etc/pacman.d/mirrorlist

Install los paquetes básicos arch linux

# pacstrap -i /mnt base base-devel

Configurar fstab

# genfstab -U -p /mnt >> /mnt/etc/fstab

Entorno chroot

chroot /mnt
# arch-chroot /mnt

Configurar lenguaje y ubicación

nano /etc/locale.gen # descomentar


es_ES.UTF-8 UTF-8  
es_ES ISO-8859-1  
es_ES@euro ISO-8859-15
# locale-gen
# export LANG=es_ES.UTF8-8 > /etc/locale.conf
# export LC_TIME=es_ES.UTF-8 >> /etc/locale.conf

Establecer zona horaria

# ln -s /usr/share/zoneinfo/Europe/Madrid > /etc/localtime

# hwclock --systohc --utc

El repositorio

# nano /etc/pacman.conf
Descomentar las lineas: [multilib] e include = /etc/pacman.d/mirrorlist

# pacman -Sy

Nombre de host

# echo archlinux > /etc/hostname

Contraseña de root y crear un nuevo usuario

# passwd

# pacman -S sudo bash-completion

# useradd -m -s /bin/bash -g users -G wheel,storage,power carles

# passwd carles

Permitir a los usuarios del grupo wheel tareas administrativas con sudo

# visudo
Descomentar la linea %wheel% ALL=(ALL)

Consola en español

# echo KEYMAP=es >> /etc/vconsole.conf 
# echo FONT >> /etc/vconsole.conf
# echo FONT_MAP= >> /etc/vconsole.conf

# mkinitcpio -p linux

Instalar y Configurar bootloader

# bootctl --path=/boot install

Opciones por defecto bootloader

# nano /boot/loader/loader.conf

default arch
timeout 0 # segundos de espera Elegir kernel/OS
editor  0 # segundos de espera para editar parametros del kernel


Buscar PARTUUID de la partición raiz y crear una entrada en bootloader

# blkid -s PARTUUID -o value /dev/sda2 >> /boot/loader/entries/arch.conf

64f369f2-608a-4f5c-bb4c-27d7146ef482


Edite ese archivo

# nano /boot/loader/entries/arch.conf

title   Arch LInux
linux   /vmlinuz-linux
initrd  /initramfs-linux.img
options root=PARTUUID=64f369f2-608a-4f5c-bb4c-27d7146ef482 rw


Recrear Initramfs

# mkinitcpio -p linux

Actualizar el bootloader

# bootctl update

Salir del entorno chroot

# exit

Desmontar particiones

# umount -R /mnt

# reboot

Continuar con la instalación

username root
passwd

# ip addr

# systemctl enable dhcpcd

# systemctl start dhcpcd

# ping -c 2 www.freebsd.org

# pacman -S xorg

# pacman -S xterm xorg-xclock xorg-twm xorg-xinit xorg-server-utils

# pacman -S plasma kdebase

# pacman -S ttf-freefont ttf-linux-libertine-g artwiz-fonts

# pacman -S ttf-ubuntu-font-family cantarell-fonts freetype2

# pacman -S ttf-droid ttf-linux-libertine ttf-liberation

# pacman -S ttf-fira-mono ttf-fira-sans ttf-gentium fontsproto

# pacman -S ttf-dejavu noto-fonts font-bitstream-speedo

# systemctl enable sddm

# reboot

Intercambiar teclado es y us con la combinación de teclas alt-shift

# nano /etc/X11/xorg.conf.d/10-keyboard.conf

Section "InputClass"
        Identifier "system-keyboard"
        MatchIsKeyboard "on"
        Option "XkbLayout"  "es,us"
        Option "XkbModel"   "pc104"
        Option "XkbVariant" "deadtilde,"
        Option "XkbOptions" "grp:alt_shift_toggle"
EndSection


# pacman -S libreoffice libreoffice-es

# pacman -S kdegraphics-okular firefox firefox-i18n-es-es

# pacman -S vlc gimp k3b kaffeine dia spectacle

VPN - PIA

Tunel VPN - Private Internet Access

Instalar openvpn

# pacman -S openvpn

Crear el directorio

# mkdir -p /etc/private-internet-access
# cd /etc/private-internet-access

Descargar el archivo openvpn.zip

# wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
# unzip openvpn.zip

Copiar los archivos necesarios

# cd /etc/private-internet-access
# cp /etc/ca.rsa.2048.crt crl.rsa.2048.pem . # no olvide el punto final

El archivo que contiene el nombre de usuario y contraseña de PIA

# touch password.conf
# vi password.conf
username
password

# chown root:root /etc/private-internet-access/password.conf
# chmod 600 /etc/private-internet-access/password.conf

El archivo de configuración PIA

# cp /etc/openvpn/France.ovpn /etc/private-internet-access/pia_vpn.con
# nano /etc/private-internet-access/pia_vpn.conf

client
dev tun
proto udp4
remote france.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/private-internet-access/crl.rsa.2048.pem
ca /etc/private-internet-access/ca.rsa.2048.crt
disable-occ
auth-user-pass /etc/private-internet-access/password.conf
auth-nocache

Llegados a este punto vamos a comprobar openvpn

# openvpn --config /etc/private-internet-access/pia_vpn.conf


Crear un script de conexión:

# nano cat openvpn-pia.sh
#!/bin/bash
openvpn --config /etc/private-internet-access/pia_vpn.conf > /dev/null 2>&1 &

Otorgar permisos de ejecución

# chmod +x openvpn-pia.sh

Ejecutar el script
# ./openvpn-pia.sh

# ip addr

$ hostname
archlinux

Portátil con dos discos duros ssd, (Intel sata3 60GB y Samsumg EVO sata3 120GB) y dos S.O. instalados, FreeBSD 11 y Arch LInux 2017. Desde la BIOS elijo con cual arrancar. El segundo disdo duro (instalado con un adaptador CADDY) en el lugar reservado a la unidad óptica (DVD).

Listar discos (dispositivos de bloque)

# lsblk

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:16   0 111,8G  0 disk 
├─sda1   8:17   0   512M  0 part /boot
├─sda2   8:18   0  49,5G  0 part /
├─sda3   8:19   0   2,5G  0 part [SWAP]
└─sda4   8:20   0  59,3G  0 part /home
sdb      8:0    0  55,9G  0 disk 
├─sdb1   8:1    0   512K  0 part 
├─sdb2   8:2    0    53G  0 part 
└─sdb3   8:3    0   2,8G  0 part 


# pacman -S parted
# parted /dev/sda


Model: ATA Samsung SSD 840 (scsi)
Disk /dev/sda: 120GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Numero  Inicio  Fin     Tamaño  Sistema de ficheros  Nombre  Banderas
 1      1049kB  538MB   537MB   fat32                        arranque, esp
 2      538MB   53,7GB  53,1GB  ext4
 3      53,7GB  56,4GB  2684MB  linux-swap(v1)
 4      56,4GB  120GB   63,7GB  ext4


Ayuda parted

 (parted) m                                                                
  align-check TYPE N                        check partition N for TYPE(min|opt) alignment
  help [COMMAND]                           print general help, or help on COMMAND
  mklabel,mktable LABEL-TYPE               create a new disklabel (partition table)
  mkpart TIPO-PART [TIPO-SF] INICIO FIN     crea una partición
  name NUMBER NAME                         name partition NUMBER as NAME
  print [devices|free|list,all|NUMBER]     display the partition table, available devices, free
    space, all found partitions, or a particular partition
  quit                                     exit program
  rescue START END                         rescue a lost partition near START and END
  resizepart NUMBER END                    resize partition NUMBER
  rm NUMBER                                delete partition NUMBER
  select DEVICE                            choose the device to edit
  disk_set FLAG STATE                      change the FLAG on selected device
  disk_toggle [FLAG]                       toggle the state of FLAG on selected device
  set NUMBER FLAG STATE                    change the FLAG on partition NUMBER
  toggle [NUMBER [FLAG]]                   toggle the state of FLAG on partition NUMBER
  unit UNIT                                set the default unit to UNIT
  version                                  display the version number and copyright information
        of GNU Parted


FreeBSD es genial!.

domingo, 30 de abril de 2017

Instalar FreeBSD 11 Xfce PF

FreeBSD como sistema operativo, escritorio xfce4 y pf


Instalar FreeBSD https://www.freebsd.org/

Disco duro Intel SSD 60Gb

He añadido a continuación algunos puntos de referencia

# diskinfo -c -t -v ada0

ada0
 512          # sectorsize
 60022480896  # mediasize in bytes (56G)
 117231408    # mediasize in sectors
 0            # stripesize
 0            # stripeoffset
 116301       # Cylinders according to firmware.
 16           # Heads according to firmware.
 63           # Sectors according to firmware.
 CVLI2505023Z060K # Disk ident.
 Not_Zoned    # Zone Mode

I/O command overhead:
 time to read 10MB block      0.029355 sec =    0.001 msec/sector
 time to read 20480 sectors   1.160798 sec =    0.057 msec/sector
 calculated command overhead   =    0.055 msec/sector

Seek times:
 Full stroke:   250 iter in   0.037406 sec =    0.150 msec
 Half stroke:   250 iter in   0.039282 sec =    0.157 msec
 Quarter stroke:   500 iter in   0.071750 sec =    0.143 msec
 Short forward:   400 iter in   0.042250 sec =    0.106 msec
 Short backward:   400 iter in   0.031437 sec =    0.079 msec
 Seq outer:  2048 iter in   0.119019 sec =    0.058 msec
 Seq inner:  2048 iter in   0.096423 sec =    0.047 msec
Transfer rates:
 outside:       102400 kbytes in   0.333264 sec =   307264 kbytes/sec
 middle:        102400 kbytes in   0.232805 sec =   439853 kbytes/sec
 inside:        102400 kbytes in   0.230457 sec =   444335 kbytes/sec


# pkg install blogbench
# mkdir /root/BLOG
# cd /root
# blogbench -i 10 -d BLOG


Frequency = 10 secs
Scratch dir = [BLOG]
Spawning 3 writers...
Spawning 1 rewriters...
Spawning 5 commenters...
Spawning 100 readers...
Benchmarking for 10 iterations.
The test will run during 1 minutes.

  Nb blogs   R articles    W articles    R pictures    W pictures    R comments    W comments
        35       139328          1991         79359          1656         72427          5855
        35       172008           248        100568           112        109986          2096
        35       149286           233         88331           109        110745          1615
        35       116916           182         71146            85         86253          2935
        35       113976           394         72354           196         91373          2436
        36       119877           324         78673           183        108347          2535
        36       135859           307         88955           148        121805          3611
        36       146624           268         98854           130        132046           690
        36       141039           211         98031           137        131306          2144
        36       149424           182        105312            88        136755          1132

Final score for writes:            36
Final score for reads :         27401

Actualizar el sistema

# freebsd-update fetch install

src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching public key from update4.freebsd.org... done.
Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 70 patches.....10....20....30....40....50....60....70... done.
Applying patches... done.
...
Installing updates... done.

# pkg install wget

Xorg puede ser instalado como paquete o construir e instalar desde la colección de puertos (ports). Cualquiera de estas instalaciones da como resultado la instalación completa del sistema Xorg. Los paquetes binarios son la mejor opción para la mayoría de los usuarios.

# pkg install xorg

La tarjeta de video, monitor y dispositivos de entrada son automáticamente detectados y no requiere configuración manual.

Agregar usuario al grupo video y wheel. Lea las recomendaciones de seguridad https://www.freebsd.org/doc/es/books/handbook/book.html#securing-freebsd

# pw groupmod video -m carles || pw groupmod wheel -m carles

XFce es un entorno de escritorio basado en el «toolkit» GTK utilizado por GNOME pero es mucho más ligero y está pensado para aquellos que quieran un escritorio sencillo, eficiente y fácil de utlizar y configurar. Visualmente es muy parecido a CDE, que podemos encontrar en sistemas UNIX® comerciales

# pkg install xfce

Paquetes disponibles para instalar
# pkg search xfce4


xfce4-appfinder-4.12.0         Application launcher and finder
xfce4-battery-plugin-1.0.5_4   Battery monitor panel plugin for Xfce4
xfce4-bsdcpufreq-plugin-0.2_1  Displays the current CPU clock frequency in the panel
xfce4-calculator-plugin-0.6.0  Simple calculator for the Xfce panel
xfce4-clipman-plugin-1.4.1     Clipboard manager for the Xfce panel
xfce4-conf-4.12.1              D-Bus-based configuration storage system
xfce4-cpugraph-plugin-1.0.5_4  Graphical representation of the CPU load
xfce4-dashboard-0.6.1          GNOME shell like dashboard for the Xfce desktop
xfce4-datetime-plugin-0.7.0    Datetime panel plugin for the Xfce desktop
xfce4-desktop-4.12.3_2         Xfce's desktop manager
xfce4-dev-tools-4.12.0_1       Xfce development tools
xfce4-dict-plugin-0.7.2        Xfce4 plugin to query different dictionaries
xfce4-diskperf-plugin-2.6.1    Graphical representation of the disk IO
xfce4-embed-plugin-1.6.0       Embed arbitrary windows into the Xfce panel
xfce4-equake-plugin-1.3.8.1    Earthquake monitor plugin for the Xfce panel
xfce4-fsguard-plugin-1.1.0     Panel plugin which displays free space of mountpoint
xfce4-generic-slider-0.0.20100827_7 Slider plugin to adjust and/or monitor any numeric variable
xfce4-genmon-plugin-4.0.0      Generic Monitor Xfce4 panel plugin
xfce4-goodies-4.12             Meta-port for software and artwork from the Xfce4 Goodies Project
xfce4-mailwatch-plugin-1.2.0_8 Mail notification applet for the Xfce panel
xfce4-mixer-4.11.0_3           Volume control for the Xfce desktop
xfce4-mount-plugin-1.1.2       Mount and umount utility for the Xfce4 panel
xfce4-mpc-plugin-0.5.0         Musicpd client plugin for the Xfce panel
xfce4-netload-plugin-1.3.1     Network Load plugin for Xfce4
xfce4-notes-plugin-1.8.1       Notes plugin for the Xfce panel
xfce4-notifyd-0.3.6            Visually-appealing notification daemon for Xfce
xfce4-panel-4.12.1             Xfce's panel
xfce4-power-manager-1.6.0      Power manager for the Xfce Desktop
xfce4-print-4.6.1_14           Print system support for the Xfce Desktop
xfce4-pulseaudio-plugin-0.2.4  Panel plugin for controlling PulseAudio mixer
xfce4-quicklauncher-plugin-1.9.4_17 Quicklauncher plugin for Xfce
xfce4-screenshooter-plugin-1.8.2_2 Application and panel plugin to take screenshots
xfce4-session-4.12.1_3         Xfce's session manager
xfce4-settings-4.12.1          Xfce 4 settings application
xfce4-smartbookmark-plugin-0.5.0 Query search engines from the Xfce panel
xfce4-systemload-plugin-1.2.1  System Load plugin for Xfce4 panel
xfce4-taskmanager-1.2.0_1      Task manager for the Xfce desktop
xfce4-terminal-0.8.4           Terminal emulator for the X windowing system
xfce4-time-out-plugin-1.0.2_1  Timer out plugin for Xfce
xfce4-timer-plugin-1.6.0_1     Timer plugin for Xfce
xfce4-tumbler-0.1.31_5         Thumbnail service for Xfce desktop
xfce4-vala-4.10.3_3            Vala binding for the Xfce core libraries
xfce4-verve-plugin-1.1.0_1     Command line plugin for the Xfce Desktop
xfce4-volumed-0.1.13_2         Volume management daemon for the Xfce desktop
xfce4-volumed-pulse-0.2.2      Volume management daemon for Xfce using PulseAudio
xfce4-wavelan-plugin-0.6.0     Displays various information about a WaveLAN device
xfce4-weather-plugin-0.8.9     Weather plugin for the Xfce panel
xfce4-whiskermenu-plugin-1.7.1 Alternate menu for the Xfce Desktop
xfce4-wm-4.12.3                Xfce's window manager
xfce4-wm-themes-4.10.0_1       Additional themes for xfwm4
xfce4-wmdock-plugin-0.6.0_2    WMdock plugin for Xfce
xfce4-xkb-plugin-0.7.1         Keyboard layout switching plugin for the Xfce panel

# pkg install gnome-icons-faenza
# pkg install numix-theme xfce4-mount-plugin
# pkg install xfce4-xkb-plugin gimp libreoffice firefox gedit
# pkg install xdg-user-dirs

Como usuario normal se crean los directorios de usuario:
$ xdg-user-dirs-update

# echo 'hald_enable="YES"'>>/etc/rc.conf
# echo 'dbus_enable="YES"'>>/etc/rc.conf

Como usuario no privilegiado:
$ echo "exec /usr/local/bin/startxfce4 --with-ck-launch" > ~/.xinitrc

# service hald start
# service dbus start

Español como idioma por defecto:

$ cd
$ ee .login_conf

me:
        :charset=iso-8859-15:
        :lang=es_ES.ISO8859-15:
        :tc=default:

$ ee .profile

LANG=es_ES.ISO8859-15; export LANG
MM_CHARSET=ISO-8859-15; export MM_CHARSET

$ ee .xinitrc

LANG=es_ES.ISO8859-15; export LANG
setenv LANG es_ES.ISO8859-15
 
Iniciar con startx
login:
carles
password
$ startx


Cambiar el tema por defecto:
Aplicaciones>Configuración>Apariencia>Estilo>Numix

Utilizar el gestor de ventanas Numix
Aplicaciones>Gestor de ventanas>Numix

Kernel Mode settings (KMS) - handbook FreeBSD

Cuando la computadora cambia de mostrar la consola a una resolución de pantalla más alta para X, debe configurar el modo de salida de vídeo. Las versiones recientes de Xorg utilizan un sistema dentro del kernel para realizar estos cambios de modo más eficientemente. Las versiones anteriores de FreeBSD utilizan sc (4), que no tiene conocimiento del sistema KMS. El resultado final es que después de cerrar X, la consola del sistema está en blanco, aunque todavía está funcionando. La nueva vt (4) consola evita este problema.

Agregar esta linea a /boot/loader.conf
kern.vty=vt

$ echo $SHELL
/bin/sh

Algunos alias útiles:

$ cat .shrc

...
alias ls="ls -FGA"
alias ll="ls -lAG"
alias su="su -m"

su -m :: Deja el ambiente sin modificar. El shell invocado es su shell de inicio de sesión y no se realizan cambios de directorio. Como precaución de seguridad, si el shell del usuario objetivo es un shell no estándar (como se define por getusershell (3)) y el uid real de la persona que llama es distinto de cero, su fallará.

Al iniciar como single-user init le pregunta por el password de root
# ee /etc/ttys

# name  getty  type  status comments
#
# Cambiar secure por insecure
console none   unknown off insecure

Añadir un grupo usando pw

# pw groupadd docent
# pw groupshow docent
docent:*:1003:

El número 1003 en el ejemplo anterior es el ID de grupo del grupo docent.
Ahora mismo docent no tiene miembros, y es por tanto bastante inútil.
Cambiemos eso invitando a axel a formar parte del grupo docent.

Añadir un usuario a un grupo usando pw

# pw groupmod docent -M axel
# pw groupshow docent
docent:*:1003:axel

# cat /etc/fstab

# Device Mountpoint FStype Options Dump Pass#
/dev/ada0p2 /    ufs   rw,noatime 1 1
/dev/ada0p3 none    swap   sw  0 0
fdesc  /dev/fd    fdescfs  rw  0 0
proc  /proc    procfs  rw  0 0
tmpfs  /tmp    tmpfs  rw,mode=01777 0 0
/dev/cd0        /cdrom     cd9660    ro,noauto       0       0

# cat /etc/rc.conf

sendmail_enable="NONE"
hostname="fbsd11.linux.bcn"
#keymap="spanish.iso.kbd"
keymap="es"
#ifconfig_re0="DHCP"
ifconfig_re0="192.168.3.11 netmask 255.255.255.128"
defaultrouter="192.168.3.1"
moused_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
dbus_enable="YES"
hald_enable="YES"
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/pia_openvpn/pia_vpn.conf"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfiles="/var/log/pflog"
# Webcam disable daemon 
webcamd_enable="NO"
powerd_enable="YES"

Puede inhabilitar el pitido (beep) en la terminal tcsh tecleando
# set nobeep 

Conocer más del diseño del sistema de archivos
# man hier

Quitar permiso de ejecución a Sendmail

# chmod -x /etc/rc.d/sendmail 
# ls -l /etc/rc.d/sendmail 
-r--r--r--  1 root  wheel  6446 29 sept.  2016 /etc/rc.d/sendmail

# service powerd status
powerd is not running.
# service powerd start
Starting powerd.
# service powerd status
powerd is running as pid 1011.

# cat /etc/resolv.conf

# Generated by resolvconf
search unix.bcn
nameserver 192.168.3.1
nameserver 209.222.18.218

# chflags schg /etc/resolv.conf

# ls -lo /etc/resolv.conf
-rw-r--r--  1 root  wheel  schg 92 21 abr.  20:55 /etc/resolv.conf
# chflags noschg /etc/resolv.conf
# ls -lo /etc/resolv.conf
-rw-r--r--  1 root  wheel  - 92 21 abr.  20:55 /etc/resolv.conf

# pkg install findutils

# pkg install firefox
# pkg search firefox
# pkg install firefox-i18n-53.0

Cambiar idioma Firefox

Firefox about:config
Buscar: general.useragent.locale
Nombre de la preferencia    valor de la cadena
general.useragent.locale    es-ES

# pkg search vlc

fpc-libvlc-3.0.2               Free Pascal interface to vlc media player library
npapi-vlc-2.0.6_4              Embeds vlc-player in web-browsers
phonon-vlc-0.9.1               VLC backend for Phonon
qt5-phonon-vlc-0.9.1           VLC backend for Phonon 4 Qt 5
vlc-2.2.4_12,4                 Qt based multimedia player and streaming server
vlc-qt4-2.2.4_12,4             Qt 4 based multimedia player and streaming server

# pkg install vlc npapi-vlc icedtea-web

Túnel VPN. Lo configuramos en un artículo anterior
Configurar PIA VPN FreeBSD

# pkg install openvpn
# cat /usr/local/etc/pia_openvpn/pia_vpn.conf

client
dev tun
proto udp4
remote france.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify /usr/local/etc/pia_openvpn/crl.rsa.2048.pem
ca /usr/local/etc/pia_openvpn/ca.rsa.2048.crt
disable-occ
auth-user-pass /usr/local/etc/pia_openvpn/password_pia.txt
auth-nocache


# cat /etc/sysctl.conf

# sed -e '/^[ ]*#/d' -e '/^$/d' /etc/sysctl.conf 
kern.ipc.shm_allow_removed=1
vfs.usermount=1
kern.ipc.shmmax=67108864
kern.ipc.shmall=32768
kern.sched.preempt_thresh=120
kern.maxfiles=200000
hw.syscons.bell=0
hw.snd.default_unit=0
kern.logsigexit=0
security.bsd.see_other_uids=0

Firewall para un solo host. Mostrar sin comentarios ni líneas en blanco:

$ sed -e '/^[ ]*#/d' -e '/^$/d' /etc/pf.conf
 
 ext_if="re0"
 icmp_types = "{echoreq, unreach}"
 state_tcp="flags S/SA keep state"
 state_udp="keep state"
  set block-policy drop
  set skip on lo0
  scrub in on $ext_if all fragment reassemble
  block in all
  pass out quick modulate state
  antispoof quick for $ext_if inet
  block in from urpf-failed to any
  block in quick on $ext_if from any to 255.255.255.255
  pass inet proto icmp all icmp-type $icmp_types keep state

# service pf start
# service pflog start

Reporte sobre reglas de filtrado y state

$ pfctl -s rules

scrub in on re0 all fragment reassemble
block drop in all
pass out quick all flags S/SA modulate state
block drop in quick on ! re0 inet from 192.168.3.0/25 to any
block drop in quick inet from 192.168.3.11 to any
block drop in from urpf-failed to any
block drop in quick on re0 inet from any to 255.255.255.255
pass inet proto icmp all icmp-type echoreq keep state
pass inet proto icmp all icmp-type unreach keep state

$ pfctl -s state

all udp 192.168.3.11:36221 -> 108.61.122.156:1198       MULTIPLE:MULTIPLE
all tcp 10.47.10.6:37967 -> 213.138.116.73:80       CLOSING:FIN_WAIT_2
all tcp 10.47.10.6:33762 -> 213.138.116.73:80       CLOSING:FIN_WAIT_2
all tcp 10.47.10.6:47438 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:62397 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:38273 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:64746 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20193 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20195 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20196 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20197 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20198 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20199 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20200 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20201 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20204 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20205 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20206 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20207 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20208 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20209 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20210 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.3.11:20211 -> 192.168.3.1:22       ESTABLISHED:ESTABLISHED
all tcp 10.47.10.6:20192 -> 213.138.116.73:80       TIME_WAIT:TIME_WAIT
all tcp 10.47.10.6:20194 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20202 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2
all tcp 10.47.10.6:20203 -> 213.138.116.73:80       FIN_WAIT_2:FIN_WAIT_2

$ cat /etc/devfs.rules

[devfsrules_devcom=7]
  add path 'ad[0-9]\*'    mode 666
  add path 'ada[0-9]\*'    mode 666
  add path 'da[0-9]\*'    mode 666
  add path 'acd[0-9]\*'    mode 666
  add path 'cd[0-9]\*'    mode 666
  add path 'mmcsd[0-9]\*'  mode 666
  add path 'pass[0-9]\*'   mode 666
  add path 'xpt[0-9]\*'    mode 666
  add path 'ugen[0-9]\*'   mode 666
  add path 'usbctl'    mode 666
  add path 'usb/\*'    mode 666
  add path 'lpt[0-9]\*'    mode 666
  add path 'ulpt[0-9]\*'   mode 666
  add path 'unlpt[0-9]\*'  mode 666
  add path 'fd[0-9]\*'    mode 666
  add path 'uscan[0-9]\*'  mode 666
  add path 'video[0-9]\*'  mode 666
  add path 'tuner[0-9]*'   mode 666
  add path 'dvb/\*'    mode 666
  add path 'cx88*'     mode 0660
  add path 'cx23885*'     mode 0660
  add path 'iicdev*'     mode 0660
  add path 'uvisor[0-9]*'  mode 0660

$ cat /etc/devfs.conf

# Allow members of group operator to cat things to the speaker
own speaker root:operator
perm speaker 0660

# Allow all users to access optical media
perm    /dev/acd0       0666
perm    /dev/acd1       0666
perm    /dev/cd0        0666
perm    /dev/cd1        0666
     
# Allow all USB Devices to be mounted
perm    /dev/da0        0666
perm    /dev/da1        0666
perm    /dev/da2        0666
perm    /dev/da3        0666
perm    /dev/da4        0666
perm    /dev/da5        0666
     
# Misc other devices
perm    /dev/pass0      0666
perm    /dev/xpt0       0666
perm    /dev/uscanner0  0666
perm    /dev/video0     0666
perm    /dev/tuner0     0666
perm    /dev/dvb/adapter0/demux0    0666
perm    /dev/dvb/adapter0/dvr       0666
perm    /dev/dvb/adapter0/frontend0 0666

# echo 'devfs_system_ruleset="devfsrules_devcom"'>>/etc/rc.conf
# service devfs start

A /etc/periodic.conf añadir:

daily_clean_preserve_enable="NO"
daily_backup_pkgdb_enable="NO"
daily_backup_aliases_enable="NO"
daily_status_security_ipfwdenied_enable="NO"
daily_status_security_ipfdenied_enable="NO"
daily_status_security_chkmounts_enable="NO"
daily_status_security_pfdenied_enable="NO"
weekly_status_pkg_enable="NO"
monthly_accounting_enable="NO"
weekly_locate_enable="NO"
weekly_whatis_enable="NO"
weekly_noid_enable="NO"
daily_status_security_chksetuid_enable="NO"
daily_clean_rwho_enable="NO"
daily_status_security_chkportsum_enable="NO"
daily_status_security_neggrpperm_enable="NO"
monthly_statistics_enable="NO"
monthly_statistics_report_devices="NO"

Averiguar componentes (hardware) tiene su máquina?:

# lshal
# pciconf -lv
# pciconf -l
# dmesg | grep -i usb
# lsvfs
# camcontrol devlist

Cuales controladores de sonido tiene actualmente en uso?

$ dmesg | grep ^hda

$ cat /boot/loader.conf

loader_logo="beastie"
autoboot_delay="2"
kern.ipc.shmseg=1024
kern.ipc.shmmni=1024
kern.maxproc=100000
tmpfs_load="YES"
cuse4bsd_load="NO"
net.inet.tcp.hostcache.cachelimit=0
net.link.ifqmaxlen=200
net.inet.tcp.soreceive_stream=1
hw.igb.num_queues=2
kern.hz=100
kern.vty=vt

# gpart show ada0

=>       40  117231328  ada0  GPT  (56G)
         40       1024     1  freebsd-boot  (512K)
       1064  111148032     2  freebsd-ufs  (53G)
  111149096    5861376     3  freebsd-swap  (2.8G)
  117010472     220896        - free -  (108M)

Eliminar usuario toor
# vipw
toor...
...
:q!
vipw: password list updated


https://www.bsdnow.tv/tutorials/the-desktop
https://www.freebsd.org/doc/handbook/firewalls-pf.html

FreeBSD es genial!.