Re... In the coming weekend, I'll be updating the newuser FAQ (for things like PPP and 2.2). I'm sure a post-install checklist would be a welcome addition. B U T . . . . Not everyone runs things like Kerberos or DNS. Keep in mind that many people use OpenBSD for many things and in many environs. The OpenBSD setup on my firewall at the office is much different than the Sparc, Alpha, and P5/133 I run it on at home. The setup on my router machine at home is also much different than the other machines in my house. There are ways people have setup OpenBSD on embeded systems to do things like manage the fuel/air mix ratio on their Corvettes (OK, one person I know of planned that, but couldn't get the financing for the car...) I hope that draws the picture. As for the verification after install, that is sort of "auto-manditory"-- if a filesystem isn't mounted right, /etc/fstab has to be checked out. If the network doesn't work, the network files must be examined to "make it go." As oopposed to attacking this as a checklist, how about it is attacked as "If networking doesn't work, check hostname.(interface)"-- but there is more to that then just files in /etc (boot -c in order to reconfigure hardware addresses) /---------------------------------------------------------------- / Jonathan Katz, jkatz@cpio.org / http://www.cpio.org / Student, Unix geek, Security guy / http://posse.cpio.org / President and Founder: Corinne Posse / http://jon.katz.com / Phone: +1 (317) 590-7092 / "OpenBSD: Secure!" / "The meek may inherit the earth, / but Gale and I will seize the stars!" On Wed, 15 Oct 1997, Marshall Midden wrote:

Is there a checklist someplace on what to do after the install of OpenBSD 2.2?

I'm thinking like: 1) Go into /etc a) Verify disks and network interfaces configured correctly. Files: fstab, hosts, myname, hostname.le0, mygate, resolv.conf, defaultdomain. You might wish to turn off multicast routing in /etc/netstart. b) Edit motd to make lawyers comfortable and delete "Welcome". c) Fix passwd via "vipw" to change passwords, set up users, etc. Make sure password on "root". Default is no password from console, and disabled from network. Make sure to edit "group" for any user groups, and to put people into the wheel group if they need root access. d) Any local configuration change in: rc.conf, rc.local e) printcap, hosts.lpd Get printers set up f) Tighten security: fbtab Set security for X inetd.conf Turn off extra stuff, add that which is really needed. rc.securelevel Turn on Network Time Protocol. g) kerberosIV Get kerberos configured. Remember to get a srvtab. h) aliases Local mail delivery (set postmaster, etc). Run newaliases after changes. i) bootptab If this is a bootp server. j) ccd.conf If using concatenated disks (striped, etc). k) exports If this is an NFS server. m) NIS (old yellow pages), hosts.equiv, defaultdomain, etc. n) ifaliases for www, etc. o) daily, weekly, monthly. p) "amd" directory if using this package. q) rbootd if needed for remote booting (ethernet MAC address to IP translation). r) Any other files and directories in /etc.

2) crontab -l. Do you need anything else? 3) After the first nights security run, change ownerships and permissions on things. Best bet is to have permissions as in the security list.