Topic 711: BSD Installation and Software Management
This topic covers installing and upgrading the major BSD operating systems (FreeBSD, NetBSD, and OpenBSD), managing packages or ports, configuring system startup, handling hardware configuration, and setting kernel parameters/security levels.
711.1: BSD Operating System Installation
Key knowledge areas
- Install the FreeBSD, NetBSD, and OpenBSD operating systems using default options.
- Upgrade an existing installation.
-
Identify the type and version of the OS (using
uname, etc.).
FreeBSD installation
-
Prepare installation media
- Create a bootable ISO or USB stick.
-
Boot from installation media
- At the FreeBSD boot menu, proceed with the default selection.
-
Start the installer
bsdinstallThe installer will guide you through partitioning (GPT recommended), selecting distributions (base, kernel, etc.), and configuring network/time zone/services.
-
Set the root password
- The installer prompts you to create a strong root password.
-
Reboot
- After installing, remove the installation media and reboot into your new FreeBSD system.
Tip: Common partitions on FreeBSD
/(root): Main filesystem- swap: Virtual memory
-
/varand/usr: Optional separate partitions for logs or user programs
Upgrading FreeBSD
Use the built-in freebsd-update utility to apply security patches or upgrade to a newer release:
freebsd-update fetch
freebsd-update install
If a new kernel is installed, you may need to reboot and re-run freebsd-update install to complete the process.
Checking the BSD version
uname -aOutputs kernel name, hostname, version, and other info. Useful for verifying you’re on the correct FreeBSD, NetBSD, or OpenBSD release.
NetBSD installation
-
Boot from installation media
- NetBSD’s
sysinstutility starts automatically.
- NetBSD’s
-
Partition the disk
- Choose MBR or GPT.
-
Select base sets
-
e.g.,
base,etc,comp,man, etc.
-
e.g.,
-
Configure networking
- Set hostname, enable DHCP (if needed), etc.
- Set root password and time zone
-
Reboot
- Remove installation media and boot into your new NetBSD system.
OpenBSD installation
-
Boot from installation media
- The OpenBSD installer starts automatically.
-
Disklabel partitioning
-
OpenBSD uses
disklabelfor partitioning. The installer will prompt you to create partitions for/,swap,/home, etc.
-
OpenBSD uses
- Configure root password, user accounts, and networking
-
Finish and reboot
- Remove installation media. OpenBSD will now boot into the newly installed system.
Note: The minimal installer bsd.rd is used for both installations and upgrades.
Upgrading OpenBSD
-
Reboot into
bsd.rd - Choose (u)pgrade from the text menu
- Follow prompts for sets, disk, etc.
- Reboot once done
711.2: BSD Software and Package Management
Objective summary
The candidate should be able to install, query, remove, and upgrade software on BSD systems, using both binary package management and source-based ports/pkgsrc.
Key knowledge areas
- Binary package installation and removal.
- Ports or pkgsrc usage for compiling software.
- Tracking vulnerabilities and upgrades.
FreeBSD packages and ports
Binary package management:
# Install a package
pkg install <package_name>
# List installed packages
pkg info
# Remove a package
pkg delete <package_name>
# Upgrade installed packages
pkg upgradeCompiling from ports
-
Ensure ports tree is updated (e.g.,
portsnap fetch update). -
Navigate to
/usr/ports/category/<portname>and run:make install clean
NetBSD (pkgsrc)
Binary packages:
pkg_add <package_name> # install
pkg_info # list installed
pkg_delete <package_name> # remove
# Check package integrity or vulnerabilities:
pkg_admin check
pkg_admin check-pkg-vulnerabilities /var/db/pkg/pkg-vulnerabilitiesCompiling from pkgsrc:
cd /usr/pkgsrc/<category>/<portname>
make install cleanOpenBSD packages and ports
Binary packages:
pkg_add <package_name>
pkg_info
pkg_delete <package_name>Compiling from ports:
cd /usr/ports/<category>/<portname>
make installTip: Checking for updates & security alerts
-
FreeBSD:
pkg audit -Fhelps identify vulnerabilities. -
NetBSD:
pkg_admin fetch-pkg-vulnerabilities+pkg_admin auditchecks for known issues. -
OpenBSD: Use
syspatchesfor base system patches (depending on release), andpkg_info -ato see if new package versions are available.
711.3: BSD System Startup Configuration
Objective summary
Understand how the BSD boot process works, manage services, and configure which daemons start at boot. Know how to reboot, shut down, or enter single-user mode.
Key knowledge areas
- Boot process and bootloader stages.
- rc scripts and configuration files.
- Starting/stopping services.
- Single-user mode and system restarts/shutdown.
Boot process overview
-
A bootloader (e.g., FreeBSD’s loader, OpenBSD’s
boot(8)) loads the kernel into memory. -
The kernel then starts
init, which launches system-wide startup scripts in/etc/rc,/etc/rc.d/, etc.
Common startup configuration
-
/etc/rc.conf: Often contains flags to enable or disable services (e.g.,sshd_enable="YES"on FreeBSD). -
Scripts in
/etc/rc.d/: Start or stop individual services.
Managing services on different BSDs
FreeBSD
service sshd start
service sshd stop
service sshd status
# Enable service at boot:
echo 'sshd_enable="YES"' >> /etc/rc.confNetBSD
service sshd start
service ntpd status
# Similarly use /etc/rc.conf for enabling servicesOpenBSD
rcctl enable sshd
rcctl disable ntpd
rcctl start sshd
rcctl stop httpd
Note: rcctl modifies /etc/rc.conf.local behind the scenes.
Single-user mode
At the bootloader prompt, specify -s (or use boot -s) to enter single-user mode (useful for maintenance or emergency repairs).
711.4: Hardware Configuration
Objective summary
Investigate system hardware, manage kernel modules, and understand how BSD handles PCI, ATA, and SCSI devices.
Key knowledge areas
-
Identify installed hardware and boot-time messages (
dmesg). - Load/unload kernel modules.
- Probe PCI, ATA, and SCSI devices.
Common tools
dmesg | less: Review hardware and kernel messages from boot./boot/loader.conf(FreeBSD) or other loader configs: For loading modules at boot.
FreeBSD examples
# List loaded kernel modules
kldstat
# Load a module
kldload if_bridge
# Unload a module
kldunload if_bridge
# Check PCI devices
pciconf -lv
# SCSI details
camcontrol devlistNetBSD examples
# List loaded modules
modstat
# Load a module
modload /path/to/module
# Unload a module
modunload <module_name>
# PCI devices
pcictl pci0 list
# SCSI scanning
scsictl scsibus0 scanOpenBSD examples
- OpenBSD uses far fewer loadable kernel modules by default.
-
ATA:
atactl wd0 identify -
SCSI:
scsi /dev/rsd0c
711.5: BSD Kernel Parameters and System Security Level
Objective summary
Understand and configure kernel parameters (via MIBs) and BSD security levels. Know how to view and set parameters at runtime or permanently.
Key knowledge areas
- sysctl usage for viewing/setting kernel parameters.
- /etc/sysctl.conf for persistent parameters.
- BSD security levels (securelevel) concepts and restrictions.
Kernel MIBs (management information base)
-
View all parameters:
sysctl -a -
Set a parameter (runtime):
sysctl kern.maxfiles=50000 -
Make persistent: Add the parameter to
/etc/sysctl.conf(e.g.,kern.maxfiles=50000).
Security levels
- -1: No restrictions
- 0: Default (allows some changes but restricts raw disk writes)
- 1+: Increasingly restrictive, often used to harden the system
- Once raised, you typically cannot lower the securelevel without rebooting.
OpenBSD note
On OpenBSD, you can also configure the securelevel in /etc/boot.conf or via boot-time options. Higher levels can prevent even root from altering certain files or kernel parameters at runtime.