From owner-freebsd-security@freebsd.org Fri Feb 26 14:56:38 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61BCFAB4510 for ; Fri, 26 Feb 2016 14:56:38 +0000 (UTC) (envelope-from robert.ayrapetyan@gmail.com) Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 34B6E848 for ; Fri, 26 Feb 2016 14:56:38 +0000 (UTC) (envelope-from robert.ayrapetyan@gmail.com) Received: by mail-pf0-x22b.google.com with SMTP id x65so53353655pfb.1 for ; Fri, 26 Feb 2016 06:56:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:references:cc:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=v3HKcu7fO6u2KTWVWvYhqqA+UJyEc+kXsh9y4SnArro=; b=OIVyr368MLphjI8zhO5g7dEMWD0K1Qy0rmwTpe4H8rKN+RfdGQac1q7LAvHASN3r+f BWAnUFeOGEjleN6w/P3ErqB+1r/hoariLTQa2Ka4+Af6w+2SBcI+UiXrkWpPnSrtzYlu Whnz9DnSP4Nqx3GE1HTwT3yWB+23zU4wnqqfB1yv+dC0+Jif1aFBLibyyzQBOI/+Civ2 wZoPtBb8hk1/MCeWuNvc33KCJWTpgcmqabvMW7izZtVRGb8nKIQzjYiTLMAkKxF2ImCR 3B7h457I4jSYbEDKZlRvoMKEC3wyM6M6OdGgnMTCh7V8WgV7UsM07HbGCkysiuHpJPd0 kvug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:references:cc:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=v3HKcu7fO6u2KTWVWvYhqqA+UJyEc+kXsh9y4SnArro=; b=Cad0oL6OZorH4iykAV0VO4iTrHnivi4CjmYZjDu3U9y9D2v09v9bw8q4ZjRz9iSehY 3uU7DThqxwlgzZQY3/lBzapTjJhXWkRZApQM0Eep6FmP8MPAlXaMWPKI2kKdaEh2wYHj c6xbh1n8jOo1zWhRW+6DR3ofYPdWtWd9CovsEvZUcNCW0yfCSZyz1/oCypKoj+DAZwPu bk0P3UiDik0OTHSBP406e/bYOeL+Ypof8COy3sk+UPvyL+Db0xmoNqKaX+O0cHsConVz csD7iECwCtEkFY9sUPPCFTwVoxJvCuBDxeHofrSzeNqP+6NpmEOzeL7E2eSuA4GpooJF i5cA== X-Gm-Message-State: AD7BkJIpUw/JYBAs9BL8w5d7HSYdWk6vsEmzlPEUgGag+xXX1Xnvsyhjkiu9iUwwathl8g== X-Received: by 10.98.33.77 with SMTP id h74mr2593362pfh.157.1456498597690; Fri, 26 Feb 2016 06:56:37 -0800 (PST) Received: from [192.168.1.116] (c-50-156-112-176.hsd1.ca.comcast.net. [50.156.112.176]) by smtp.googlemail.com with ESMTPSA id b63sm20058285pfj.25.2016.02.26.06.56.36 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 26 Feb 2016 06:56:37 -0800 (PST) From: Robert Ayrapetyan To: Terje Elde Subject: Re: verify FreeBSD installation References: <56CD2EE3.5080009@gmail.com> <56CFE7AE.3080507@gmail.com> <0977BC22-D5FC-42FB-B75F-455215479F86@elde.net> Cc: freebsd-security@freebsd.org Message-ID: <56D067A4.2060200@gmail.com> Date: Fri, 26 Feb 2016 06:56:36 -0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <0977BC22-D5FC-42FB-B75F-455215479F86@elde.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2016 14:56:38 -0000 I'm using a following very simple and clear way instead of mfsBSD: - Reboot into "rescue mode" (feature provided by any hoster) - SSH to remote machine rebooted in "rescue mode" and run two commands: - wget ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64 /ISO-IMAGES/10.2/FreeBSD-10.2-RELEASE-amd64-bootonly.iso - kvm -curses -m 13000 -hda /dev/sda -hdb /dev/sdb -cdrom ~/FreeBSD-10.2-RELEASE-amd64-bootonly.iso -boot d That's all lol ). From this moment you just follow standard FreeBSD installation procedure (I prefer ZfsOnRoot mode). On 02/25/16 23:30, Terje Elde wrote: > > > On 26 Feb 2016, at 06:50, Robert Ayrapetyan > wrote: > > > > Yeah, finally I've decided to re-install from an official iso. > > I've found some services in crontab I didn't liked at all - they > were submitting a lot of info to a third-party servers (officially for > monitoring purposes). > > p.s. Under "instance" I mean a dedicated unmanaged server. > > With a dedicated unmanaged, a reinstall would be my preference as > well. There's an interesting option for this, called mfsBSD. It can be > a bit of hassle to set it up the first time (just a bit), but once > it's up, it'll give you an image that you can simply dd onto the > harddrive(s), and boot from. It then runs only in memory, no longer > dependent on the drives, and allows you to ssh in, and do an install > just like you would from a dvd. > > The reason that it can be a slight hassle, is that unless your > provider has DHCP, you'd have to configure IP etc in the image, so > it'd be able to bring up networking correctly. > > Other options that can be interesting for setups like this, is using > geli for disk-encryption. > > Terje >