FreeBSD Adjust system settings

In FreeBSD systems, many settings require direct changes to the settings file, such as the system startup script rc.conf, the control terminal settings file/etc/ttys, and so on. Although most of the system's parameters can be set by the installer Sysinstall, changing the configuration file is more straightforward. And for administrators, only understand the configuration file is how to control the performance of the system in order to fundamentally solve the problems encountered in the actual operation.

Adjust console settings

The console is the most common place for individuals to operate with FreeBSD system users, so you should adjust the console settings so that they are best suited to your users ' habits. You can adjust settings on the console for display fonts, keyboard mappings, screen protection, virtual terminals, and so on. Some of these settings can be done through the installer Sysinstall, but some settings must be done in a command or change configuration file, and command-line mode has greater flexibility.

Virtual Terminal and TTYs Setup

The FreeBSD console has multiple virtual terminals that can be switched to virtual terminals using the ALT key plus the function key after system startup. The system defaults to only four virtual terminals, which has met the overwhelming majority of the needs. The fourth virtual terminal does not run the login program by default because X Server requires a virtual terminal when it is running, so you must leave a console terminal that has no process occupied to X window for use.

By changing the kernel's settings, FreeBSD can support 16 virtual terminal devices, and in fact only 12 virtual terminals are available because the PC only has 12 functional keys f1-f12. With the device files from Ttyv0 to Ttyv15, you can use Makedev to create these device files. To increase the number of virtual terminals, you need to edit the system file/etc/ttys in addition to changing the kernel settings and creating device files. The following content in this file is relevant:

# name　getty　　　　　　　　　　　　　 type　　status　　　　　comments
#
# This entry needed for asking password when init goes to single-user mode
# If you want to be asked for password, change "secure" to "insecure" here
console none　　　　　　　　　　　　　　unknown off secure
#
ttyv0　　 "/usr/libexec/getty Pc"　　　 cons25　　on　secure
ttyv1　　 "/usr/libexec/getty Pc"　　　 cons25　　on　secure
ttyv2　　 "/usr/libexec/getty Pc"　　　 cons25　　on　secure
ttyv3　　 "/usr/libexec/getty Pc"　　　 cons25　　off secure

Ttyv3 The fourth column of the corresponding row is "off", which means that the terminal does not run the Getty program, and the login prompt does not appear. Adding a virtual terminal means adding a corresponding set of lines to the file, such as adding a virtual terminal, and modifying the corresponding entry in the file to:

ttyv3　"/usr/libexec/getty Pc"　 cons25　on　secure
ttyv4　"/usr/libexec/getty Pc"　 cons25　off secure

After modifying this file, you need to reboot the system, and the system will add a virtual terminal under the support of the kernel.

If the user runs X window on the console, because X server also needs to control key combinations such as ALT plus function keys, the console leaves the key combinations to X window and no longer uses them to switch to other virtual terminals. The hotkey to switch to other virtual terminals at this point is CTRL plus ALT plus the corresponding function keys, while switching back to X window from other virtual terminals is still F4 for ALT + function key. This approach is not even limited to x Server, but also applies to other programs that directly use the console and retain the keyboard.

In the/etc/ttys file, you can see that the last parameter of each virtual terminal is "secure," which means that the terminal is located in a secure, trustworthy physical location, so that you can log in directly using the root account on this terminal, if you change it to "insecure", The root user will not be able to log on directly on this terminal. As the console is the most basic terminal equipment, usually only administrators or other trusted users to use, so corresponding to these virtual terminals, the setting is "secure."

In this way, once the physical security of the console is compromised, the system security is seriously affected. Because the system trusts the console, when the system uses Single-user mode to start, does not ask root password, this setting is controlled by the console item in the TTYs file, the corresponding "secure" in the console item in the TTYs file can be changed to "insecure". means that the console is not trustworthy, then the system will verify the root password when it enters the Single-user state. While the physical access control of the console is not guaranteed, this setting does not fully guarantee that the illegal user will not be able to enter the Single-user state and gain control of the system, but it provides a fairly important protection capability.

TTYs files, in addition to the settings for the virtual terminal, but also to the serial terminal TTYS0, for network connections, such as Pseudo terminal ttyp0, provided the settings. To add a corresponding terminal, similar to the console virtual terminal, in addition to changing the system kernel, device files, but also in the TTYs file to provide the appropriate access to the device.