# Looking for someone who would like to check the main configuration files of my two BSD-Systems.



## blackfoxx (Sep 18, 2022)

Hi there.

I'm looking for an BSD-veteran or expert who would like to check the main configuration files of my two BSD systems, for possible discrepancies and/or suggestions for improvement.
For example:
- This one setting should better be placed within loader.conf instead of sysctl.conf.
- This line is redundant because it's already set here or there or by default.
- This tweak/knob isn't necessary because your system doesn't support it.
- This setting makes no sense at all because of this or that...

One of these systems is a usual server, running apache with php and SQLite, providing calDAV, webDAV and some private file-sharing functionality for me, my family and some friends.
The other system is a multi purpose workstation for the usual office-, mail-, internet- and multi-media stuff.
Both are running (very well) with FreeBSD 13.1 RELEASE (recently).
The server is an Raspberry Pi 4B (arm64) and the workstation is an Intel (amd64) based system.

Some (personal) background informations for (better) understanding:
I started using FreeBSD around 3 years ago, as I set up my first own private server,
to keep my personal data (calendars, financial stuff, private shares, etc...) at my home and in my hands,
but cross-platform available to multiple mobile devices and workstations.
From 2002 to 2018 I did some "distro-hopping" in the linux world.
Started with debian, switched to mint (and some others in between) before I landed with devuan (because of systemd).
So around 20 years of experience with UNIX-like systems are given.
In 2018 I had some further educations to additionally become an "data protection officer" within my organization.
During that, the teachers provided some basic informations about BSD-systems, under aspects of system security, privacy and data integrity.
This made me curious and so I started my journey with BSD-systems. At first in private life only.
From the first moment I was enthusiastic with them, because I realized quickly that BSDs are the only REAL OPERATING SYSTEMS in this world.
I like their modular setup a lot - you get a very basic (but complete) OS from ONE hand and were able to create whatever you want/need/like on top of it.
And I just love this rock-solid base system, the separation of kernel, world, userland, (personal) settings and data,
as well as these countless opportunities of customization, those extreme detailed adjustments and everything else about it.
But because of that, I was a bit overloaded in the beginning.
So I started to study the whole FreeBSD manual along from A to Z for several times, alone on my own.
Additionally I did the same with the book "Absolute FreeBSD, 3rd Edition" by Michael W. Lucas as well as some forums, mailing lists, etc. pp...
Thereby I won a solid fundamental and a bit deeper understanding about FreeBSD in general.
The more I learned about it, the more I loved and enjoyed it.

Now I'm kind of stuck at a point where the configuration of my both systems seems to be finished, fixed, hardened, whatever...
With my current knowledge I don't know if there's still anything that could be optimized any further.
Maybe nothing, maybe something...
Unfortunately there's nobody in my region for personal conversation, assistance or support with FreeBSD.
So I would be thankful to get some confirmation, hints, tips or opinions about my setups from one or more expert(s) residing at this forum here!

In case of somebody would be interested to overlook my configuration files, I would prefer to transmit them within two compressed folders via E-Mail or PM.
These folders would contain all further informations about my systems too.
Such as the usual outputs of dmesg.boot, uname -a, pkg prime-list and so on.
As well as all available details about the hardware they're currently running on.

Thanks in advance and kind regards!
Bert (a little paranoid and very privacy-focused guy)
Age: 42
Job: health services officer at a medium-sized public health-care organization
Location: Ore Mountains, Germany


----------



## Alain De Vos (Sep 18, 2022)

Fyi,





						FreshPorts -- security/lynis: Security and system auditing tool
					

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.  This software aims in assisting automated...




					www.freshports.org


----------



## blackfoxx (Sep 19, 2022)

Alain De Vos said:


> Fyi,
> 
> 
> 
> ...


Thank you.
I already use lynis from the beginning and followed most of its suggestions 
Hardening Index is around 90 on both systems.
Anyway, it would be nice if some real human with some real knowledge would take a look too.


----------



## Alain De Vos (Sep 19, 2022)

You can copy/paste a part of a configuration file here on this forum if you have somewhere a special doubt.


----------



## blackfoxx (Sep 20, 2022)

Alain De Vos said:


> You can copy/paste a part of a configuration file here on this forum if you have somewhere a special doubt.


Okay. I'm going to overlook them once again at the weekend. Maybe everything's good, because there are no error messages at all.
Only 2 warnings in dmesg.boot where FreeBSD is complaining about something with the BIOS. But I've read that's nothing unusual because a lot of BIOSes are not well programmed.


----------



## blackfoxx (Oct 4, 2022)

I investigated the .conf files of my server and workstation last weekend again.
This time I was able to detect some inconsistencies with different sysctls. And FINALLY I found out what & why.
It were the differences between AMD64 and ARM64 platforms.
In my humble mind I never realized that there are such between them both when it comes to configuration.
For ARM64 some sysctls are available which aren't at AMD64 and vice versa.
Nevertheless, they do no harm if they're set. They just won't be recognized by the system.
But now I have clarity about that


----------



## flying-floridian (Oct 9, 2022)

You never really stop learning. A great example is the topic I posted about felling that using FreeBSD in a Virtual Machine made me a traitor, in which several off our fellow community members share there views both for and against virtualization as a viable  means of active involvement in the vibrant  community that surrounds FreeBSD. In closing I provided the example above to provide an example of the old adage It's never to late to leanr.


----------

