さくらVPS FreeBSDセットアップメモ
管理者権限を付与
-- /etc/group
wheel:*:0:root,[username]
shellをbashへ変更
# cd /usr/ports/shells/bash
# make config-recursive
# make install clean
# chsh -s /usr/local/bin/bash
時間を合わせる
-- /etc/rc.conf
ntpd_enable="YES"
ntpサーバーを指定。
-- /etc/ntp.conf
server -4 ntp1.jst.mfeed.ad.jp
server -4 ntp2.jst.mfeed.ad.jp
server -4 ntp3.jst.mfeed.ad.jp
restrict default ignore
restrict 127.0.0.1
restrict 210.173.160.27 nomodify nopeer noquery notrap
restrict 210.173.160.57 nomodify nopeer noquery notrap
restrict 210.173.160.87 nomodify nopeer noquery notrap
Run:
# /etc/rc.d/ntpd restart
# ntpq -p
Firewallを設定
-- /etc/rc.conf
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
たちまちはssh, http, ntpのポートを空けておく。
-- /usr/local/etc/ipfw.rules
#! /bin/sh
IPF="ipfw -q add"
ipfw -q -f flush
# loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# ssh
$IPF 110 allow tcp from any to any 443 in
$IPF 115 allow tcp from any to any 443 out
# http
$IPF 120 allow tcp from any to any 80 in
$IPF 125 allow tcp from any to any 80 out
# ntp
$IPF 130 allow udp from any to any 123 in
$IPF 135 allow udp from any to any 123 out
# deny and log everything
$IPF 500 deny log all from any to any
Run:
# /etc/rc.d/ipfw start
sshdを設定
- portを変更
- 公開鍵認証へ変更
Edit:
-- /etc/rc.conf
sshd_enable="YES"
scpなどでアップロードしておいたssh鍵を登録。
$ cat id_rsa.pub >> ~/.ssh/authorized_keys
Edit:
-- /etc/ssh/sshd_config
Port 443
PasswordAuthentication no
ChallengeResponseAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Run:
# /etc/rc.d/sshd restart
ssh鍵を生成
一応作っておく。
$ ssh-keygen -t rsa -C "email@example.com"