Install FreeBSD 13.1 on Oracle Cloud

sycuredsycured
2 min read

Oracle Cloud doesn't propose FreeBSD like a lot of providers so we need to install it using a direct flash.

This is my initial setup phase and everything starts with an Always-Free running Oracle Linux.

Flashing FreeBSD 13.1

Connected using ssh and using root:

  1. You need to check that you have wget installed otherwise you need to install it: dnf install wget -y
  2. Identify your disk with fdisk -l, in my case it's /dev/sda
  3. Flashing: depends of your VM (AMD64 or AARCH64), you need to use the good one ```bash

    AMD64

    wget https://download.freebsd.org/ftp/releases/VM-IMAGES/13.1-RELEASE/amd64/Latest/FreeBSD-13.1-RELEASE-amd64.raw.xz -O - | xz -dc | dd of=/dev/sda bs=1M cov=fdatasync

AARCH64

wget https://download.freebsd.org/ftp/releases/VM-IMAGES/13.1-RELEASE/aarch64/Latest/FreeBSD-13.1-RELEASE-arm64-aarch64.raw.xz -O - | xz -dc | dd of=/dev/sda bs=1M cov=fdatasync


4. Initiate the reboot using the dashboard: https://cloud.oracle.com

FreeBSD is now installed

## Post-install steps

Using the console using the dashboard, let's do a quick config and enable ssh.

### Switch from quarterly to the latest repository (optional)

Depending if the version in quarterly is valid for your usage or not.

```bash
sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf

Update the system

freebsd-update fetch install
pkg update
reboot

Install packages

Let's install a text editor, tmux, a sudo alternative, a DHCP client doing IPv4 and IPv6 and OpenSSH

pkg install -y doas dual-dhclient-daemon openssh-portable tmux vim

sudo is also available but on FreeBSD, I prefer doas

Config doas for group wheel

echo "permit :wheel" > /usr/local/etc/doas.conf

Config ssh server

vim /usr/local/etc/ssh/sshd_config

In my case, I force post-install (before the configuration management run (ansible/saltstack)):

  • PubkeyAuthentication yes
  • PasswordAuthentication no
  • PermitEmptyPasswords no
  • VersionAddendum sycured

Tune the boot time

/etc/loader.conf

autoboot_wait="0"
autoboot_delay="0"
beastie_disable="YES"
boot_serial="YES"
loader_logo="none"
cryptodev_load="YES"

Tune the system and services at boot

/etc/rc.conf

hostname="oci-test"
ifconfig_DEFAULT="DHCP inet6 accept_rtadv"
ipv6_activate_all_interfaces="YES"
dhclient_enable="YES"
dhclient_program="/usr/local/sbin/dual-dhclient"
growfs_enable="YES"
sshd_enable="NO"
openssh_enable="YES"

Create opc user

pw user add -n opc -d /home/opc -G wheel -m -s /bin/sh

Change the password

passwd opc

Add you ssh public key

mkdir -p /home/opc/.ssh
echo "MY_PUBLIC_KEY" > /home/opc/.ssh/authorized_keys
chown -R opc:opc /home/opc/.ssh
chmod 600 /home/opc/.ssh/authorized_keys

And finally, run the last reboot

Conclusion

This is a working way to have a FreeBSD when your provider doesn't offer it.

I haven't added a part about the firewall because the VM is already protected using security rules at the subnet level.

But you've 2 possibilities about the firewall:

  • stateful: pf
  • stateless: ipfw

If you want more information about pf, you can look at Packet Filter - OpenBSD Handbook.

0
Subscribe to my newsletter

Read articles from sycured directly inside your inbox. Subscribe to the newsletter, and don't miss out.

FreeBSD

Written by

sycured
sycured

Designing, building, and running secure infrastructure on public, hybrid, and private clouds.