dayid.org-v37.0

Install NetBSD 5.0 through liveboot CD
Telnet into new server
```
telnet 10.0.0.160
```
Change root password
```
passwd
```

Enable sshd

vi /etc/rc.local
echo -n 'OpenSSH daemon:'
[ -x /usr/sbin/sshd ] && /usr/sbin/sshd && echo "started."

Create ssh keys for the server

ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''

Create ssh keys for root
```
ssh-keygen
```

Setup the sshd_config

vi /etc/ssh/sshd_config
Port 22
Protocol 2
Hostkey /etc/ssh/ssh_host_rsa_key
Hostkey /etc/ssh/ssh_host_dsa_key
LoglLevel INFO
LoginGraceTime 60
PermitRootLogin yes
MaxAuthTries 3
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
X11Forwarding no
AllowTcpForwarding no
PrintMotd yes
PrintLastLog yes
UsePAM yes
Banner /etc/welcome.txt
Subsystem sftp /usr/libexec/sftp-server

Reboot (to verify that sshd is working before disabling telnet)
```
reboot
```
ssh into new server
```
ssh root@10.0.0.160
```

Add my own user

useradd -b /usr/home/ -m dayid
usermod -G wheel dayid
passwd dayid

Change PermitRootLogin in /etc/ssh/sshd_config to "without-password"

Create /usr/pkgsrc, give my user ownership, and grab the pkgsrc tree

mkdir /usr/pkgsrc && \
chown dayid /usr/pkgsrc && \
su - dayid && \
export CVSROOT="anoncvs@anoncvs.netbsd.org:/cvsroot" && \
export CVS_RSH="ssh" && \
cd /usr && \
cvs checkout -P pkgsrc

Grab and install uptimed (back as root again)

sftp dayid@dayid.org
get /home/dayid.org/public_html/pub/installs/uptimed-0.3.11.tgz
exit
mkdir /usr/src
mv uptimed* /usr/src/
cd /usr/src/
tar -xvzf uptimed-0.3.11.tgz
cd uptimed-0.3.16
./configure && make && make install

Make uptimed start on boot

vi /etc/rc.local
echo -n 'Uptimed:'
[ -x /usr/local/sbin/uptimed ] && /usr/local/sbin/uptimed -bm 500 && echo "started."

Set root's cron to DL package vulnerability list

crontab -e
0 3 * * * /usr/pkg/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1

Configure ssh keys for my user (already generated on another machine

scp clugg:/home/dayid/.ssh/id_rsa.pub ~/.ssh/dayid.clugg.pub
cat ~/.ssh/dayid.clugg.pub >> ~/.ssh/authorized_keys

Create /etc/ifconfig.tlp0
```
inet 10.0.0.61 netmask 255.255.255.0
```
Create /etc/resolv.conf
```
nameserver 4.2.2.1
nameserver 4.2.2.2
```
Edit /etc/inetd.conf
Comment out (#) the telnet lines.
Uncomment the ident line.
Uncomment the finger line for tcp (not tcp6).
Make dhclient=NO in /etc/rc.conf

Install some favourite things

alpine
apache
bash
bitlbee
bunzip
bzip2
curl
emacs
gawk
irssi
links
lynx
mutt
naim
nano
perl
pico
rsync
rtorrent
screen
sudo
tmux
unzip
vim
zip
zsh

Copy in my screenrc

scp dayid@clugg:/etc/screenrc /etc/screenrc

Allow wheel group to use sudo
```
visudo
```
Update entire system to the latest stable release (from my notes)