这样的表示在命令行下的输入和执行
这样表示的是选项

这样表示的是文件内容（如果原文件没有，本文有——请新增；如果原文件有，本文没有——保持不变；如果原文件有，本文也有——请按照范例修改；如果原文件跟本文都没有——自己看着办吧^_^）

# ntpdate clepsydra.dec.com

# pkg_add –r cvsup-without-gui ; rehash

# ee /usr/share/examples/cvsup/standard-supfile
# ee /usr/share/examples/cvsup/ports-supfile

# cvsup -L 2 -h cvsup3.tw.freebsd.org /usr/share/examples/cvsup/standard-supfile ; rehash ; # cvsup –L 2 –h cvsup3.tw.freebsd.org /usr/share/examples/cvsup/ports-supfile ; rehash

# dmesg | more                #获得当前设备资源列表
# cd /usr/src/sys/i386/conf
# cp GENERIC MYKERNEL
# ee MYKERNEL
# 具体选项请参考http://www.freebsd.org/doc/zh_CN.GB2312/books/handbook/kernelconfig-config.html

ident                MYKERNEL        #内核标记名称
options        QUOTA                #启用磁盘配额

# cd /usr/src
# make -j4 buildworld ; rehash ； make –j4 buildkernel KERNCONF=MYKERNEL ; rehash ; make –j4 installkernel KERNCONF=MYKERNEL ; reboot

# cd /usr/src
# mergemaster –p ; make –j4 installworld ; mergemaster ; reboot

#cd /usr/obj
#chflags -R noschg *
#rm -rf *

# ee /etc/sysctl.conf

net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
kern.ipc.somaxconn=32768
kern.ipc.maxsockbuf=2097152
net.inet.ip.redirect=0
net.inet.icmp.icmplim=100
net.inet.tcp.always_keepalive=1
net.inet.tcp.delayed_ack=1
net.inet.udp.maxdgram=65535
net.local.stream.sendspace=65535
net.local.stream.recvspace=65535
kern.maxfiles=65536
kern.maxfilesperproc=65536
net.inet.udp.checksum=1
net.inet.tcp.msl=7500
net.inet.tcp.syncookies=1
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
kern.securelevel=0

# ee /boot/loader.conf

kern.maxdsiz="536870912"
kern.ipc.maxsockets="4008"
kern.ipc.nmbclusters="32768"
kern.ipc.nmbufs="65535"
kern.ipc.nsfbufs="2496"
net.inet.tcp.tcbhashsize="2048"

# cd /usr/ports/ftp/axel
# make install clean ; rehash

# ee /etc/make.conf

FETCH_CMD=axel
FETCH_BEFORE_ARGS= -n 10 -a
FETCH_AFTER_ARGS=
DISABLE_SIZE=yes
MASTER_SITE_OVERRIDE?=\
http://ports.hshh.org/${DIST_SUBDIR}/\
ftp://ftp.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.jp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.freeBSDchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP}

# ee /.cshrc

setenv        EDITOR                ee
setenv        LC_ALL                zh_CN.GBK
setenv        LANG                zh_CN.GBK
setenv        LC_CTYPE        zh_CN.GBK

# cd /usr/ports/chinese/cce/
# make install clean ; rehash

# cd /usr/ports/lang/perl5.8
# make install clean ; rehash

# cd /usr/ports/security/openssl
# make install clean ; rehash

# cd /usr/ports/sysutils/portupgrade
# make install clean ; rehash

# cd /usr/ports/databases/mysql40-server
# make install clean ; rehash
# cd /usr/ports/databases/mysql40-scripts
# make install clean ; rehash
# /usr/local/bin/mysql_install_db
# ln -s /usr/local/lib/mysql/libmysqlclient.so.12 /usr/lib
# chown -R mysql /var/db/mysql
# chown -R root /var/db/mysql
# chown -R mysql:mysql /var/db/mysql
# chmod 700 /var/db/mysql

# ee /etc/my.cnf

[mysqld]
skip-networking
skip-innodb
skip-bdb
skip-name-resolve
skip-locking
#log-bin
# 以下选项基于2G内存
key_buffer=512M
max_allowed_packet=4M
table_cache=1024
thread_cache=64
join_buffer_size=32M
sort_buffer=32M
record_buffer=32M
max_connections=512
wait_timeout=120
interactive_timeout=120
max_connect_errors=30000
long_query_time=1
max_heap_table_size=256M
tmp_table_size=128M
thread_concurrency=8
myisam_sort_buffer_size=128M

# cp /usr/local/etc/rc.d/mysql-server /usr/local/etc/rc.d/mysql.sh
# ee /etc/rc.conf

mysql_enable="YES"

# /usr/local/etc/rc.d/mysql-server.sh start

# cd /usr/ports/www/apache22
# make install clean ; rehash

# ee /etc/rc.conf

apache22_enable="YES"

# /usr/local/etc/rc.d/apache22.sh start

# cd /usr/ports/lang/php5
# make install clean ; rehash

# cd /usr/ports/lang/php5-extensions
# make install clean ; rehash

# cd /usr/local/etc
# cp php.ini-recommended php.ini
# ee php.ini

; 基于安全考虑，禁用某些功能，根据自己情况修改
disable_functions = passthru, exec, phpinfo, system, ini_alter, readlink, symlink, leak, proc_open, popepassthru, chroot, scandir, chgrp, chown, escapeshellcmd, escapeshellarg, shell_exec, proc_get_status

# ee /usr/local/etc/apache22/httpd.conf

DocumentRoot "/usr/www"        # 网站主目录
<Directory "/usr/www">        # 网站主目录
Options FollowSymLinks
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm
</IfModule>
<IfModule mime_module>
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
AddDefaultCharset GB2312
ServerTokens Prod
ServerSignature Email
<IfModule prefork.c>        # 优化针对BSD的网络支持
StartServers 10
MinSpareServers 10
MaxSpareServers 15
ServerLimit 2000
MaxClients 1500
MaxRequestsPerChild 10000
</IfModule>

# ln -s /lib/libm.so.3 /lib/libm.so.2
# mount /cdrom
# cp -R /cdrom/Zend /usr/ports/devel/Zend
# cd /usr/ports/devel/zend
# ./install

# cd /usr/ports/databases/phpmyadmin
# make install clean ; rehash

# cp -R /usr/local/www/phpMyAdmin /usr/www/phpMyAdmin
# cd /usr/www/phpMyAdmin
# cp ./libraries/config.default.php config.inc.php
# ee config.inc.php

$cfg['PmaAbsoluteUri'] = 'http://192.168.163.130/phpMyAdmin/'        # 设置phpMyAdmin的绝对地址
$cfg['blowfish_secret'] = 'host';                                                                        # 设置cookie加密
$cfg['Servers'][$i]['auth_type'] = 'cookie'                                                # 设置认证方式

# chmod 755 config.inc.php

# ee /etc/inetd.conf

ftp        stream        tcp        nowait        root        /usr/libexec/ftpd        ftpd        -l -h

# ee /etc/rc.conf

inetd_enable="YES"

# killall -HUP inetd

# pw groupadd ftpgroup -g 10001

# adduser
Username:ftp
Full name:
Uid (Leave empty for default):1001
Login group [ftpuser]: ftpgroup
Login group is ftpgrou. Invite ftpuser into other groups? []:
Login class [default]:
Shell (sh csh tcsh zsh nologin) [sh]:
Home directory [/home/ftpuser]:/usr/www
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username                :        ftpuser
Password                :        *****
Full Name                :
Uid                                :        1001
Class                        :
Groups                        :        ftpgroup
Home                        :        /usr/www
Shell                        :        /bin/sh
Locked                        :        no
OK? (yes/no)        :        yes
adduser: INFO: Successfully added (ftpuser) to the user database.
Add another user? (yes/no): no
Goodbye!

# ee /etc/ftpusers

anonymous
@guest

# ee /etc/ftpchroot

ftpusr /usr/www

# ee /etc/rc.conf

enable_quotas="YES"
check_quotas="YES"

# ee /etc/fstab

/dev/ad0s1f        /usr        ufs                rw,userquota,groupquota                2        2

# quotacheck -av
# repquota –a
# edquota –u ftpuser

/usr: kbytes in use: 0, limits (soft = 100000, hard = 100020)        # soft是警告容量，hard是强制容量

# edquota –t

/usr: block grace period: 1 minutes, file grace period: 1 minutes

# quotaon -a

# pw groupadd ftpgroup -g 10001
# pw useradd ftp -u 10001 -g ftpgroup -s /sbin/nologin
# chown ftp:ftpgroup /usr/www
# cd /usr/ports/ftp/pure-ftpd
# ee Makefile

CONFIGURE_ARGS        =        --without-standalone                # 为将来以守护进程模式运行准备（可选）

# make install clean

CREATE DATABASE pureftpd;
USE pureftpd;
CREATE TABLE `users` (
`User` varchar(16) NOT NULL default '',
`Password` varchar(32) binary NOT NULL default '',
`Uid` int(11) NOT NULL default '14',
`Gid` int(11) NOT NULL default '5',
`Dir` varchar(128) NOT NULL default '',
`QuotaFiles` int(10) NOT NULL default '500',
`QuotaSize` int(10) NOT NULL default '30',
`ULBandwidth` int(10) NOT NULL default '80',
`DLBandwidth` int(10) NOT NULL default '80',
`ipaccess` varchar(15) NOT NULL default '*',
`Comment` tinytext,
`Status` enum('0','1') NOT NULL default '1',
`ULRatio` smallint(5) NOT NULL default '1',
`DLRatio` smallint(5) NOT NULL default '1',
PRIMARY KEY  (`User`),
UNIQUE KEY `User` (`User`)
) TYPE=MyISAM;

# cd /usr/local/etc
# cp pureftpd-mysql.conf.sample pureftpd-mysql.conf
# ee pureftpd-mysql.conf

# 具体选项请参考http://download.pureftpd.org/pub/pure-ftpd/doc/README
MYSQLServer     localhost
MYSQLUser      ftpadmin
MYSQLPassword   adminpassword
MYSQLDatabase  pureftpd
MYSQLCrypt      crypt
MYSQLGetPW      SELECT Password FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MYSQLGetUID     SELECT Uid FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MYSQLGetGID     SELECT Gid FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MYSQLGetDir     SELECT Dir FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MySQLGetQTASZ  SELECT QuotaSize FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L" AND Status="1" AND (Ipaccess = "*" OR Ipaccess LIKE "\R")

# cp pureftpd.conf.sample pure-ftpd.conf
# ee pure-ftpd.conf

# ee /etc/rc.conf

inetd_enable=”YES”

# ee /etc/inetd.conf

# 详细启动参数请参考http://download.pureftpd.org/pub/pure-ftpd/doc/README
ftp        stream        tcp        nowait        root        /usr/local/sbin/pure-ftpd        pure-ftpd -A -b -c50 -C2 -D -E -fftp -H -i -I15 -lmysql:/usr/local/etc/pureftpd-mysql.conf -m4 -s -u100 -j -k99 -Z -4

# ee /usr/local/etc/rc.d/pure-ftpd.sh

#!/bin/sh
case "$1" in
start)
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
echo ‘pure-ftpd started!’
echo ‘’
;;
stop)
killall pure-ftpd
echo ‘pure-ftpd stopped!’
echo ‘’
;;
restart)
killall pure-ftpd
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
echo ‘pure-ftpd restarted!’
echo ‘’
;;
*)
echo ‘Usage: {start|stop|restart}’ >&2
exit 64
;;
esac
exit 0

# chmod u+x /usr/local/etc/rc.d/pure-ftpd.sh
# ee /etc/rc.conf

pure-ftpd_enable=”YES”

# mount /cdrom
# cp –R /cdrom/pureftpdadmin /usr/www/pureftpdadmin
# ee /usr/www/pureftpdadmin/pureftp.config.php

$PUREFTP_CONFIG_FILE        = '/usr/local/etc/pureftpd-mysql.conf';
$DefaultUser = "ftpadmin";
$DefaultPass = "adminpassword";

# ee /usr/www/pureftpdadmin/goodies/Quota_Checker.php

$PUREFTP_CONFIG_FILE        = '/usr/local/etc/pureftpd-mysql.conf';

# chmod 755 /usr/local/sbin/pure-ftpwho
# chmod ug+s /usr/local/sbin/pure-ftpwho

# ee /usr/local/etc/apache22/httpd.conf

<Directory "/usr/www/pureftpdadmin">
deny from all
Options None
AllowOverride AuthConfig
Order deny,allow
</Directory>

# ee /usr/www/pureftpdadmin/.htaccess

AuthType Basic
AuthUserFile /usr/local/ftpadmin.pwd
AuthName “操作前请登录”
require valid-user
satisfy any

# htpasswd -bc /usr/local/ftpadmin.pwd ftpadmin adminpassword

# ee /etc/rc.conf

firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"

# ee /etc/sysctl.conf

net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5

# ee /etc/ipfw.rules

# 具体语法请参考http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/firewalls-ipfw.html
#
##################
#启动时重载规则列表#
##################
ipfw -q -f flush
#
#############
#设置命令前缀#
#############
cmd="ipfw -q add"
#
#############
#设置DNS地址#
#############
dns="192.168.163.2"
#
################
#公网网卡界面名称#
################
pif="lnc0"
#
################
#不限制loopback#
################
$cmd 00100 allow all from any to any via lo0
#
###############
#允许自定义规则#
###############
$cmd 00200 check-state
#
###############
#允许与DNS通讯#
###############
$cmd 00300 allow tcp from any to $dns 53 out via $pif keep-state
$cmd 00400 allow udp from any to $dna 53 out via $pif keep-state
#
#####################################################
#允许http连接（limit src-addr意为限制同一地址连接数量）#
#####################################################
$cmd 00500 allow tcp from any to any 80 out via $pif setup keep-state
$cmd 00600 allow tcp from any to me 80 in via $pif setup limit src-addr 10
#
######################################################
#允许https连接（limit src-addr意为限制同一地址连接数量）#
######################################################
$cmd 00700 allow tcp from any to any 443 out via $pif setup keep-state
$cmd 00800 allow tcp from any to me 443 in via $pif setup limit src-addr 10
#
#######################################################
#允许收发电子邮件（limit src-addr意为限制同一地址连接数量）#
#######################################################
$cmd 00900 allow tcp from any to any 25 out via $pif setup keep-state
#$cmd 01000 allow tcp from any to me 25 in via $pif setup limit src-addr 1
#
$cmd 01100 allow tcp from any to any 110 out via $pif setup keep-state
#$cmd 01100 allow tcp from any to me 110 in via $pif setup limit src-addr 1
#
#########################
#允许CVSP和PORT安装/更新#
#########################
$cmd 01200 allow tcp from any to any via $pif setup keep-state uid root
#
##########
#允许ping#
##########
$cmd 01300 allow icmp from any to any out via $pif keep-state
#$cmd 01300 allow icmp from any to any in via $pif keep-state
#
####################################################
#允许FTP连接（limit src-addr意为限制同一地址连接数量）#
####################################################
$cmd 01400 allow tcp from any to any 21 out via $pif setup keep-state
$cmd 01500 allow tcp from any to any 21 in via $pif setup limit src-addr 2
#
########################################################
#允许SSH远程连接（limit src-addr意为限制同一地址连接数量）#
########################################################
$cmd 01600 allow tcp from any to any 22 out via $pif setup keep-state
$cmd 01700 allow tcp from any to any 22 in via $pif setup limit src-addr 2
#
######################
#禁止此规则以外的所有连接#
######################
$cmd 60000 deny log all from any to any

# ee /etc/ssh/sshd_config

port 22        //可以改成不常用端口，并在防火墙设置中作相应修改
protocol 1
hostkey /etc/ssh/ssh_host_key
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeyFiles .ssh/authorized_keys
PasswordAuthentication no

# ssh-keygen -b 1024 -t rsa1

# cp /root/.ssh/identity.pub /usr/www        # 复制到一个可以用ftp下载的地方

# ee /etc/rc.conf

sendmail_enable="NONE"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
syslogd_enable="YES"
syslogd_flags="-ss"
icmp_drop_redirect="YES"
log_in_vain="YES"
inetd_enable=”NO”                # 如果pure-ftpd以Inetd方式运行，需设置为YES

# chmod g-w,o-r /var/log/*
# chmod 600 /etc/syslog.conf
# chmod 600 /etc/newsyslog.conf

# chflags schg /bin/*
# chflags schg /sbin/*

# ee /var/cron/allow

root

# chmod 600 /var/cron/allow

# ee /usr/share/examples/cvsup/ports-supfile

*default date=2005.12.10.00.00.00        #格式：年/月/日/时/分/秒
#ports-all                                                                #不用将所有port都回滚
ports-lang                                                                # 只回滚相应的软件类别

# cvsup –L 2 –h cvsup3.tw.freebsd.org /usr/share/examples/cvsup/ports-supfile

# cd /usr/lang/php4
# make install clean ; rehash

# mount /cdrom