[src/trunk]: src add afterboot(8) manpage - things to check after the first c...

[jdolecek <jdolecek%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9c8b554900a8
branches:  trunk
changeset: 539993:9c8b554900a8
user:      jdolecek <jdolecek%NetBSD.org@localhost>
date:      Sat Nov 30 14:09:50 2002 +0000

description:
add afterboot(8) manpage - things to check after the first complete boot

adapted from OpenBSD by Julio Merino in PR misc/16745, with some further
changes by me

diffstat:

 distrib/sets/lists/man/mi  |    4 +-
 share/man/man8/afterboot.8 |  903 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 906 insertions(+), 1 deletions(-)

diffs (truncated from 932 to 300 lines):

diff -r 61397af16350 -r 9c8b554900a8 distrib/sets/lists/man/mi
--- a/distrib/sets/lists/man/mi Sat Nov 30 13:52:14 2002 +0000
+++ b/distrib/sets/lists/man/mi Sat Nov 30 14:09:50 2002 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.530 2002/11/29 18:00:54 martin Exp $
+# $NetBSD: mi,v 1.531 2002/11/30 14:09:51 jdolecek Exp $
 ./usr/share/info/am-utils.info                 man-amd-info
 ./usr/share/info/as.info                       man-computil-info
 ./usr/share/info/awk.info                      man-util-info
@@ -1269,6 +1269,7 @@
 ./usr/share/man/cat8/acorn32/MAKEDEV.0         man-sysutil-catman
 ./usr/share/man/cat8/acorn32/makedev.0         man-sysutil-catman
 ./usr/share/man/cat8/adduser.0                 man-sysutil-catman
+./usr/share/man/cat8/afterboot.0               man-sysutil-catman
 ./usr/share/man/cat8/algor/MAKEDEV.0           man-sysutil-catman
 ./usr/share/man/cat8/algor/makedev.0           man-sysutil-catman
 ./usr/share/man/cat8/alpha/MAKEDEV.0           man-sysutil-catman
@@ -3036,6 +3037,7 @@
 ./usr/share/man/man8/acorn32/MAKEDEV.8         man-sysutil-man
 ./usr/share/man/man8/acorn32/makedev.8         man-sysutil-man
 ./usr/share/man/man8/adduser.8                 man-sysutil-man
+./usr/share/man/man8/afterboot.8               man-sysutil-man
 ./usr/share/man/man8/algor/MAKEDEV.8           man-sysutil-man
 ./usr/share/man/man8/algor/makedev.8           man-sysutil-man
 ./usr/share/man/man8/alpha/MAKEDEV.8           man-sysutil-man
diff -r 61397af16350 -r 9c8b554900a8 share/man/man8/afterboot.8
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/share/man/man8/afterboot.8        Sat Nov 30 14:09:50 2002 +0000
@@ -0,0 +1,903 @@
+.\"    $NetBSD: afterboot.8,v 1.1 2002/11/30 14:09:50 jdolecek Exp $
+.\"
+.\" Copyright (c) 2002 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"    This product includes software developed by the NetBSD
+.\"    Foundation, Inc. and its contributors.
+.\" 4. Neither the name of The NetBSD Foundation nor the names of its
+.\"    contributors may be used to endorse or promote products derived
+.\"    from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\"    $OpenBSD: afterboot.8,v 1.72 2002/02/22 02:02:33 miod Exp $
+.\"
+.\" Originally created by Marshall M. Midden -- 1997-10-20, m4%umn.edu@localhost
+.\" Adapted to NetBSD by Julio Merino -- 2002-05-10, jmmv%hispabsd.org@localhost
+.\"
+.Dd Nov 30, 2002
+.Dt AFTERBOOT 8
+.Os
+.Sh NAME
+.Nm afterboot
+.Nd things to check after the first complete boot
+.Sh DESCRIPTION
+.Ss Starting Out
+This document attempts to list items for the system administrator
+to check and set up after the installation and first complete boot of the
+system.
+The idea is to create a list of items that can be checked off so that you have
+a warm fuzzy feeling that something obvious has not been missed.
+A basic knowledge of
+.Ux
+is assumed.
+.Pp
+Complete instructions for correcting and fixing items is not provided.
+There are manual pages and other methodologies available for doing that.
+For example, to view the man page for the
+.Xr ls 1
+command, type:
+.Bd -literal -offset indent
+.Ic man 1 ls
+.Ed
+.Pp
+Administrators will rapidly become more familiar with
+.Nx
+if they get used to using the manual pages.
+.Ss Security alerts
+By the time that you have installed your system, it is quite likely that
+bugs in the release have been found.
+All significant and easily fixed problems will be reported at
+.Pa http://www.netbsd.org/Security/ .
+It is recommended that you check this page regularly.
+.Ss Login
+Login as
+.Dq Ic root .
+You can do so on the console, or over the network using
+.Xr ssh 1 .
+If you wish to allow root logins over the network (if you have
+enabled the ssh daemon), edit the
+.Pa /etc/ssh/sshd_config
+file and set
+.Cm PermitRootLogin
+to
+.Dq yes
+(see
+.Xr sshd 8 ) .
+The default is to not permit root logins over the network
+after fresh install in
+.Nx .
+Note defaults on other operating systems might be different.
+.Pp
+Upon successful login on the console, you may see the message
+.Dq We recommend creating a non-root account... .
+For security reasons, it is bad practice to login as root during
+regular use and maintenance of the system.
+Instead, administrators are encouraged to add a
+.Dq regular
+user, add said user to the
+.Dq wheel
+group, then use the
+.Ic su
+and
+.Ic sudo
+commands when root privileges are required.
+This process is described in more detail later.
+.Ss Root password
+Change the password for the root user.
+(Note that throughout the documentation, the term
+.Dq superuser
+is a synonym for the root user.)
+Choose a password that has numbers, digits, and special characters (not space)
+as well as from the upper and lower case alphabet.
+Do not choose any word in any language.
+It is common for an intruder to use dictionary attacks.
+Type the command
+.Ic /usr/bin/passwd
+to change it.
+.Pp
+It is a good idea to always specify the full path name for both the
+.Xr passwd 1
+and
+.Xr su 1
+commands as this inhibits the possibility of files placed in your execution
+.Ev PATH
+for most shells.
+Furthermore, the superuser's
+.Ev PATH
+should never contain the current directory
+.Po Dq \&.
+.Pc .
+.Ss System date
+Check the system date with the
+.Xr date 1
+command.
+If needed, change the date, and/or change the symbolic link of
+.Pa /etc/localtime
+to appropriate time zone in the
+.Pa /usr/share/zoneinfo
+directory.
+.Pp
+Examples:
+.Bl -tag -width date
+.It Cm date 200205101820
+Set the current date to May 10th, 2002 6:20pm.
+.It Cm ln -fs /usr/share/zoneinfo/Europe/Helsinki /etc/localtime
+Set the time zone to Eastern Europe Summer Time.
+.El
+.Ss Console settings
+One of the first things you will likely need to do is to setup your
+keyboard map (and maybe some other aspects about the system console).
+To change your keyboard encoding, edit the
+.Va Dq encoding
+variable found in
+.Pa /etc/wscons.conf .
+.Pp
+.Xr wscons.conf 5
+contains more information about this file.
+.Ss Check hostname
+Use the
+.Ic hostname
+command to verify that the name of your machine is correct.
+See the man page for
+.Xr hostname 1
+if it needs to be changed.
+You will also need to change the contents of the
+.Va Dq hostname
+variable in
+.Pa /etc/rc.conf
+or edit the
+.Pa /etc/myname
+file
+to have it stick around for the next reboot. Note that
+hostname is supposed to be FQDN commonly and should
+not be confused with YP
+.Xr domainname 8 .
+.Ss Verify network interface configuration
+The first thing to do is an
+.Ic ifconfig -a
+to see if the network interfaces are properly configured.
+Correct by editing
+.Pa /etc/ifconfig. Ns Ar interface
+(where
+.Ar interface
+is the interface name, e.g.,
+.Dq le0 )
+and then using
+.Xr ifconfig 8
+to manually configure it
+if you do not wish to reboot.
+Read the
+.Xr ifconfig.if 5
+man page for more information on the format of
+.Pa /etc/ifconfig. Ns Ar interface
+files.
+The loopback interface will look something like:
+.Bd -literal -offset indent
+lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
+       inet 127.0.0.1 netmask 0xff000000
+       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
+       inet6 ::1 prefixlen 128
+.Ed
+.Pp
+an Ethernet interface something like:
+.Bd -literal -offset indent
+le0: flags=9863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
+       inet 192.168.4.52 netmask 0xffffff00 broadcast 192.168.4.255
+       inet6 fe80::5ef0:f0f0%le0 prefixlen 64 scopeid 0x1
+.Ed
+.Pp
+and, a PPP interface something like:
+.Bd -literal -offset indent
+ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>
+        inet 203.3.131.108 --> 198.181.0.253 netmask 0xffff0000
+.Ed
+.Pp
+See
+.Xr netstart 8
+for instructions on configuring multicast routing.
+.Pp
+See
+.Xr dhcp 8
+for instructions on configuring interfaces with DHCP.
+.Ss Check routing tables
+Issue a
+.Ic netstat -rn
+command.
+The output will look something like:
+.Bd -literal -offset indent
+Routing tables
+
+Internet:
+Destination    Gateway           Flags  Refs     Use  Mtu  Interface
+default        192.168.4.254     UGS      0 11098028    -  le0
+127            127.0.0.1         UGRS     0        0    -  lo0
+127.0.0.1      127.0.0.1         UH       3       24    -  lo0
+192.168.4      link#1            UC       0        0    -  le0
+192.168.4.52   8:0:20:73:b8:4a   UHL      1     6707    -  le0
+192.168.4.254  0:60:3e:99:67:ea  UHL      1        0    -  le0
+
+Internet6:
+Destination        Gateway       Flags  Refs  Use     Mtu  Interface
+::/96              ::1           UGRS     0     0   32972  lo0 =>
+::1                ::1           UH       4     0   32972  lo0
+::ffff:0.0.0.0/96  ::1           UGRS     0     0   32972  lo0
+fc80::/10          ::1           UGRS     0     0   32972  lo0
+fe80::/10          ::1           UGRS     0     0   32972  lo0
+fe80::%le0/64      link#1        UC       0     0    1500  le0
+fe80::%lo0/64      fe80::1%lo0   U        0     0   32972  lo0
+ff01::/32          ::1           U        0     0   32972  lo0
+ff02::%le0/32      link#1        UC       0     0    1500  le0
+ff02::%lo0/32      fe80::1%lo0   UC       0     0   32972  lo0
+
+.Ed
+.Pp
+The default gateway address is stored in the
+.Va Dq defaultroute
+variable
+.Pa /etc/rc.conf ,
+or in the file
+.Pa /etc/mygate .
+If you need to edit this file, a painless way to reconfigure the network
+afterwards is to issue
+.Bd -literal -offset indent
+.Ic /etc/rc.d/network restart
+.Ed
+.Pp
+Or, you may prefer to manually configure using a series of
+.Ic route add
+and
+.Ic route delete