The following is a “living work in progress” collection of scripts I use to make life with FreeBSD a bit better and potentially more secure. Some of these are taken straight from Bastille’s recommended settings.
If you’re not a developer you might want to change ‘git’ below to ‘git-lite’
# Disable Access Time on ZFS
zfs set atime=off zroot
# Disable Sendmail
sysrc sendmail_enable="NO"
sysrc sendmail_submit_enable="NO"
sysrc sendmail_outbound_enable="NO"
sysrc sendmail_msp_queue_enable="NO"
# Update FreeBSD base
freebsd-update fetch
freebsd-update install
pkg install -y vim git zsh bash neofetch htop doas rsync
# configure doas
echo "permit nopass :wheel" >> /usr/local/etc/doas.conf
# Disable Console Beep (silence is golden)
sysctl hw.syscons.bell=0
sysctl kern.vt.enable_bell=0
Disable DSA and other old ssh key encryption methods
# generate SSH keys
rm /etc/ssh/ssh_host_*
sysrc sshd_dsa_enable="no"
sysrc sshd_ecdsa_enable="no"
sysrc sshd_ed25519_enable="yes"
sysrc sshd_rsa_enable="yes"
service sshd keygen
service sshd restart
Don’t forget to change “jeff” to your username if you’re configuring zsh
# Change my shell from sh to zsh
chsh -s /usr/local/bin/zsh jeff
fetch https://git.io/antigen -o /usr/local/share/zsh/antigen.zsh
# configure a sane zsh shell
cat <<EOF>~jeff/.zshrc
source /usr/local/share/zsh/antigen.zsh
antigen use oh-my-zsh
antigen bundle zsh-users/zsh-syntax-highlighting
antigen bundle zsh-users/zsh-autosuggestions
antigen bundle zsh-users/zsh-completions
antigen theme gentoo
antigen bundle genpass
antigen apply
EOF
chown jeff:jeff ~jeff/.zshrc
Apps I (try to) use at least weekly
I use GoHugo for this website because static blog sites save energy!
pkg install -y gohugo