JohnFerrell 2008 The FreeBSD Documentation Project $FreeBSD$ $FreeBSD$ &tm-attrib.freebsd; &tm-attrib.linux; &tm-attrib.intel; &tm-attrib.redhat; &tm-attrib.unix; &tm-attrib.general; This document is intended to quickly familiarize intermediate to advanced &linux; users with the basics of &os;. This document highlights some of the technical differences between &os; and &linux; so that intermediate to advanced &linux; users can quickly familiarize themselves with the basics of &os;. This document assumes that &os; is already installed. Refer to the Installing &os; chapter of the &os; Handbook for help with the installation process. &linux; users are often surprised to find that Bash is not the default shell in &os;. In fact, Bash is not even in the default installation. Instead, &os; uses &man.tcsh.1; as the default shell. However, Bash and other shells are available for installation using the &os; Packages and Ports Collection. After installing another shell, use &man.chsh.1; to change a user's default shell. It is recommended that the root user's default shell remain unchanged since shells which are not included in the base distribution are installed to /usr/local/bin. In the event of a problem, the file system where /usr/local/bin is located may not be mounted. In this case, root would not have access to its default shell, preventing root from logging in and fixing the problem. &os; provides two methods for installing applications: binary packages and compiled ports. Each method has its own benefits: Faster installation as compared to compiling large applications. Does not require an understanding of how to compile software. No need to install a compiler. Ability to customize installation options. Custom patches can be applied. If an application installation does not require any customization, installing the package is sufficient. Compile the port instead whenever an application requires customization of the default options. If needed, a custom package can be compiled from ports using make package. A complete list of all available ports and packages can be found here. Packages are pre-compiled applications, the &os; equivalents of .deb files on Debian/Ubuntu based systems and .rpm files on Red Hat/Fedora based systems. Packages are installed using pkg. For example, the following command installs Apache 2.4: &prompt.root; pkg install apache24 For more information on packages refer to section 5.4 of the &os; Handbook: Using pkgng for Binary Package Management. The &os; Ports Collection is a framework of Makefiles and patches specifically customized for installing applications from source on &os;. When installing a port, the system will fetch the source code, apply any required patches, compile the code, and install the application and any required dependencies. The Ports Collection, sometimes referred to as the ports tree, can be installed to /usr/ports using &man.portsnap.8;. Detailed instructions for installing the Ports Collection can be found in section 5.5 of the &os; Handbook. To compile a port, change to the port's directory and start the build process. The following example installs Apache 2.4 from the Ports Collection: &prompt.root; cd /usr/ports/www/apache24 &prompt.root; make install clean A benefit of using ports to install software is the ability to customize the installation options. This example specifies that the mod_ldap module should also be installed: &prompt.root; cd /usr/ports/www/apache24 &prompt.root; make WITH_LDAP="YES" install clean Refer to Using the Ports Collection for more information. Many &linux; distributions use the SysV init system, whereas &os; uses the traditional BSD-style &man.init.8;. Under the BSD-style &man.init.8;, there are no run-levels and /etc/inittab does not exist. Instead, startup is controlled by &man.rc.8; scripts. At system boot, /etc/rc reads /etc/rc.conf and /etc/defaults/rc.conf to determine which services are to be started. The specified services are then started by running the corresponding service initialization scripts located in /etc/rc.d/ and /usr/local/etc/rc.d/. These scripts are similar to the scripts located in /etc/init.d/ on &linux; systems. The scripts found in /etc/rc.d/ are for applications that are part of the base system, such as &man.cron.8;, &man.sshd.8;, and &man.syslog.3;. The scripts in /usr/local/etc/rc.d/ are for user-installed applications such as Apache and Squid. Since &os; is developed as a complete operating system, user-installed applications are not considered to be part of the base system. User-installed applications are generally installed using Packages or Ports. In order to keep them separate from the base system, user-installed applications are installed under /usr/local/. Therefore, user-installed binaries reside in /usr/local/bin/, configuration files are in /usr/local/etc/, and so on. Services are enabled by adding an entry for the service in /etc/rc.conf . The system defaults are found in /etc/defaults/rc.conf and these default settings are overridden by settings in /etc/rc.conf. Refer to &man.rc.conf.5; for more information about the available entries. When installing additional applications, review the application's install message to determine how to enable any associated services. The following entries in /etc/rc.conf enable &man.sshd.8;, enable Apache 2.4, and specify that Apache should be started with SSL. # enable SSHD sshd_enable="YES" # enable Apache with SSL apache24_enable="YES" apache24_flags="-DSSL" Once a service has been enabled in /etc/rc.conf, it can be started without rebooting the system: &prompt.root; service sshd start &prompt.root; service apache24 start If a service has not been enabled, it can be started from the command line using onestart: &prompt.root; service sshd onestart Instead of a generic ethX identifier that &linux; uses to identify a network interface, &os; uses the driver name followed by a number. The following output from &man.ifconfig.8; shows two &intel; Pro 1000 network interfaces (em0 and em1): &prompt.user; ifconfig em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet 10.10.10.100 netmask 0xffffff00 broadcast 10.10.10.255 ether 00:50:56:a7:70:b2 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet 192.168.10.222 netmask 0xffffff00 broadcast 192.168.10.255 ether 00:50:56:a7:03:2b media: Ethernet autoselect (1000baseTX <full-duplex>) status: active An IP address can be assigned to an interface using &man.ifconfig.8;. To remain persistent across reboots, the IP configuration must be included in /etc/rc.conf. The following /etc/rc.conf entries specify the hostname, IP address, and default gateway: hostname="server1.example.com" ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0" defaultrouter="10.10.10.1" Use the following entries to instead configure an interface for DHCP: hostname="server1.example.com" ifconfig_em0="DHCP" &os; does not use &linux; IPTABLES for its firewall. Instead, &os; offers a choice of three kernel level firewalls: PF IPFILTER IPFW PF is developed by the OpenBSD project and ported to &os;. PF was created as a replacement for IPFILTER and its syntax is similar to that of IPFILTER. PF can be paired with &man.altq.4; to provide QoS features. This sample PF entry allows inbound SSH: pass in on $ext_if inet proto tcp from any to ($ext_if) port 22 IPFILTER is the firewall application developed by Darren Reed. It is not specific to &os; and has been ported to several operating systems including NetBSD, OpenBSD, SunOS, HP/UX, and Solaris. The IPFILTER syntax to allow inbound SSH is: pass in on $ext_if proto tcp from any to any port = 22 IPFW is the firewall developed and maintained by &os;. It can be paired with &man.dummynet.4; to provide traffic shaping capabilities and simulate different types of network connections. The IPFW syntax to allow inbound SSH would be: ipfw add allow tcp from any to me 22 in via $ext_if There are two methods for updating a &os; system: from source or binary updates. Updating from source is the most involved update method, but offers the greatest amount of flexibility. The process involves synchronizing a local copy of the &os; source code with the &os; Subversion servers. Once the local source code is up-to-date, a new version of the kernel and userland can be compiled. Binary updates are similar to using yum or apt-get to update a &linux; system. In &os;, &man.freebsd-update.8; can be used fetch new binary updates and install them. These updates can be scheduled using &man.cron.8;. When using &man.cron.8; to schedule updates, use freebsd-update cron in the &man.crontab.1; to reduce the possibility of a large number of machines all pulling updates at the same time: 0 3 * * * root /usr/sbin/freebsd-update cron For more information on source and binary updates, refer to the chapter on updating in the &os; Handbook. In some &linux; distributions, one could look at /proc/sys/net/ipv4/ip_forward to determine if IP forwarding is enabled. In &os;, &man.sysctl.8; is instead used to view this and other system settings. For example, use the following to determine if IP forwarding is enabled on a &os; system: &prompt.user; sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 0 Use -a to list all the system settings: &prompt.user; sysctl -a | more If an application requires procfs, add the following entry to /etc/fstab: proc /proc procfs rw,noauto 0 0 Including noauto will prevent /proc from being automatically mounted at boot. To mount the file system without rebooting: &prompt.root; mount /proc Some common command equivalents are as follows: &linux; command (Red Hat/Debian) &os; equivalent Purpose yum install package / apt-get install package pkg install package Install package from remote repository rpm -ivh package / dpkg -i package pkg add package Install local package rpm -qa / dpkg -l pkg info List installed packages lspci pciconf List PCI devices lsmod kldstat List loaded kernel modules modprobe kldload / kldunload Load/Unload kernel modules strace truss Trace system calls This document has provided an overview of &os;. Refer to the &os; Handbook for more in-depth coverage of these topics as well as the many topics not covered by this document.