shuffle the sections of this page into a more logical order:

initial checks, changing stuff in /etc, daemons, and kernel builds.

also avoids a problem noted by walter goulet, that the page was discussing
rc.conf.local changes before noting that it may have to be created.

1 files changed, 169 insertions, 174 deletions

diff --git a/share/man/man8/afterboot.8 b/share/man/man8/afterboot.8
index 779442e868a..b24a9859e22 100644
--- a/share/man/man8/afterboot.8
+++ b/share/man/man8/afterboot.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: afterboot.8,v 1.108 2005/04/23 08:59:16 jmc Exp $
+.\"	$OpenBSD: afterboot.8,v 1.109 2005/06/01 10:23:29 jmc Exp $
 .\"
 .\" Copyright (c) 1997 Marshall M. Midden
 .\" All rights reserved.
@@ -37,7 +37,7 @@
 .Nm afterboot
 .Nd things to check after the first complete boot
 .Sh DESCRIPTION
-.Ss Starting Out
+.Ss Starting out
 This document attempts to list items for the system administrator
 to check and set up after the installation and first complete boot of the
 system.
@@ -252,75 +252,6 @@ is required) to
 .Dl net.inet6.ip6.forwarding=1
 .Pp
 Packets are not forwarded by default, due to RFC requirements.
-.Ss BIND Name Server (DNS)
-If you are using the BIND Name Server, check the
-.Pa /etc/resolv.conf
-file.
-It may look something like:
-.Bd -literal -offset indent
-domain nts.umn.edu
-nameserver 128.101.101.101
-nameserver 134.84.84.84
-search nts.umn.edu. umn.edu.
-lookup file bind
-.Ed
-.Pp
-If using a caching name server, add the line "nameserver 127.0.0.1" first.
-To get a local caching name server to run
-you will need to set
-.Va named_flags
-in
-.Pa /etc/rc.conf.local .
-The same holds true if the machine is going to be a
-name server for your domain.
-In both these cases, make sure that
-.Xr named 8
-is running
-(otherwise there are long waits for resolver timeouts).
-.Ss RPC-based network services
-Several services depend on the RPC portmapper,
-.Xr portmap 8 ,
-being running for proper operation.
-This includes YP and NFS exports, among other services.
-To get the RPC portmapper to start automatically on boot,
-you will need to have this line in
-.Pa /etc/rc.conf.local :
-.Pp
-.Dl portmap=YES
-.Ss YP Setup
-Check the YP domain name with the
-.Xr domainname 1
-command.
-If necessary, correct it by editing the
-.Pa /etc/defaultdomain
-file (see
-.Xr defaultdomain 5 ) .
-The
-.Pa /etc/netstart
-script reads this file on bootup to determine and set the domain name.
-You may also set the running system's domain name with the
-.Xr domainname 1
-command.
-To start YP client services, simply run
-.Ic ypbind ,
-then perform the remaining
-YP activation as described in
-.Xr passwd 5
-and
-.Xr group 5 .
-.Pp
-In particular, to enable YP passwd support, you'll need to add the following
-line to
-.Pa /etc/master.passwd :
-.Pp
-.Dl +:*::::::::
-.Pp
-You do this by using
-.Xr vipw 8 .
-.Pp
-There are many more YP man pages available to help you.
-You can find more information by starting with
-.Xr yp 8 .
 .Ss Check disk mounts
 Check that the disks are mounted correctly by
 comparing the
@@ -371,57 +302,20 @@ Refer to the above example and
 for information on the format of this file.
 .Pp
 You may wish to do NFS partitions now too, or you can do them later.
-.Ss Concatenated disks (ccd)
-If you are using
-.Xr ccd 4
-concatenated disks, edit
-.Pa /etc/ccd.conf .
-Use the
-.Ic ccdconfig -U
-command to unload and the
-.Ic ccdconfig -C
-command to create tables internal to the kernel for the concatenated disks.
-You then
-.Xr mount 8 ,
-.Xr umount 8 ,
-and edit
-.Pa /etc/fstab
-as needed.
-.Ss Automounter daemon (AMD)
-If using the
-.Xr amd 8
-package,
-go into the
-.Pa /etc/amd
-directory and set it up by
-renaming
-.Pa master.sample
-to
-.Pa master
-and editing it and creating other maps as needed.
-Alternatively, you can get your maps with YP.
-.Ss Clock synchronisation
-In order to make sure the system clock is synchronised
-to that of a publicly accessible NTP server,
-make sure that
-.Pa /etc/rc.conf.local
-contains the following:
-.Pp
-.Dl ntpd_flags=\&"\&"
-.Pp
-See
-.Xr ntpd 8 ,
-.Xr rdate 8 ,
+.Ss Check the running system
+You can use
+.Xr ps 1 ,
+.Xr netstat 1 ,
 and
-.Xr timed 8
-for more information on setting the system's date.
+.Xr fstat 1
+to check on running processes, network connections, and opened files,
+respectively.
 .Sh CHANGING /etc FILES
 The system should be usable now, but you may wish to do more customizing,
 such as adding users, etc.
 Many of the following sections may be skipped
 if you are not using that package (for example, skip the
-.Sx Kerberos
-section if you won't be using Kerberos).
+Kerberos section if you won't be using Kerberos).
 We suggest that you
 .Ic cd /etc
 and edit most of the files in that directory.
@@ -505,17 +399,6 @@ To do this, change the value of
 .Va xdm_flags
 in
 .Pa /etc/rc.conf.local .
-.Ss Printers
-Edit
-.Pa /etc/printcap
-and
-.Pa /etc/hosts.lpd
-to get any printers set up.
-Consult
-.Xr lpd 8
-and
-.Xr printcap 5
-if needed.
 .Ss Set keyboard type
 Some architectures permit keyboard type control.
 Use the
@@ -530,33 +413,18 @@ encoding.
 Store the encoding in
 .Pa /etc/kbdtype
 to make sure it is set automatically at boot time.
-.Ss Tighten up security
-You might wish to tighten up security more by editing
-.Pa /etc/fbtab
-as when installing X.
-In
-.Pa /etc/inetd.conf
-comment out any extra entries you do not need,
-and only add things that are really needed.
-Note that by default the
-.Xr telnetd 8
+.Ss Printers
+Edit
+.Pa /etc/printcap
 and
-.Xr ftpd 8
-daemons are not enabled in favor of SSH (Secure Shell).
-.Ss Kerberos
-If you are going to use Kerberos
-.Po see\ \&
-.Ql info heimdal
-.Pc
-for authentication, and you already have a
-Kerberos
-master, change directory to
-.Pa /etc/kerberosV
-and configure.
-Remember to get a
-.Pa srvtab
-from the master so that the remote commands work.
-.Ss Mail Aliases
+.Pa /etc/hosts.lpd
+to get any printers set up.
+Consult
+.Xr lpd 8
+and
+.Xr printcap 5
+if needed.
+.Ss Mail aliases
 Edit
 .Pa /etc/mail/aliases
 and set the three standard aliases to go to either a mailing list, or
@@ -599,6 +467,7 @@ to use the
 file in accordance with the comments therein.
 This file was generated from
 .Pa openbsd-proto.mc .
+.Pp
 Note that sendmail now also listens on port 587 by default.
 This is to implement the RFC 2476 message submission protocol.
 You may disable this via the
@@ -610,6 +479,82 @@ for more information.
 The
 .Pa /etc/mail/localhost.cf
 file already has this disabled.
+.Ss Automounter daemon (AMD)
+If using the
+.Xr amd 8
+package,
+go into the
+.Pa /etc/amd
+directory and set it up by
+renaming
+.Pa master.sample
+to
+.Pa master
+and editing it and creating other maps as needed.
+Alternatively, you can get your maps with YP.
+.Ss BIND name server (DNS)
+If you are using the BIND name server, check the
+.Pa /etc/resolv.conf
+file.
+It may look something like:
+.Bd -literal -offset indent
+domain nts.umn.edu
+nameserver 128.101.101.101
+nameserver 134.84.84.84
+search nts.umn.edu. umn.edu.
+lookup file bind
+.Ed
+.Pp
+If using a caching name server, add the line "nameserver 127.0.0.1" first.
+To get a local caching name server to run
+you will need to set
+.Va named_flags
+in
+.Pa /etc/rc.conf.local .
+The same holds true if the machine is going to be a
+name server for your domain.
+In both these cases, make sure that
+.Xr named 8
+is running
+(otherwise there are long waits for resolver timeouts).
+.Ss BOOTP server
+If this is a BOOTP server, edit
+.Pa /etc/dhcpd.conf
+as needed.
+.Xr dhcpd 8
+will have to be turned on in
+.Xr rc.conf.local 8 .
+.Ss Clock synchronisation
+In order to make sure the system clock is synchronised
+to that of a publicly accessible NTP server,
+make sure that
+.Pa /etc/rc.conf.local
+contains the following:
+.Pp
+.Dl ntpd_flags=\&"\&"
+.Pp
+See
+.Xr ntpd 8 ,
+.Xr rdate 8 ,
+and
+.Xr timed 8
+for more information on setting the system's date.
+.Ss Concatenated disks (ccd)
+If you are using
+.Xr ccd 4
+concatenated disks, edit
+.Pa /etc/ccd.conf .
+Use the
+.Ic ccdconfig -U
+command to unload and the
+.Ic ccdconfig -C
+command to create tables internal to the kernel for the concatenated disks.
+You then
+.Xr mount 8 ,
+.Xr umount 8 ,
+and edit
+.Pa /etc/fstab
+as needed.
 .Ss DHCP server
 If this is a
 DHCP
@@ -627,13 +572,24 @@ has:
 or run
 .Xr dhcpd 8
 manually.
-.Ss BOOTP server
-If this is a BOOTP server, edit
-.Pa /etc/dhcpd.conf
-as needed.
-.Xr dhcpd 8
-will have to be turned on in
-.Xr rc.conf.local 8 .
+.Ss HP remote boot server
+Edit
+.Pa /etc/rbootd.conf
+if needed for remote booting.
+If you do not have HP computers doing remote booting, do not enable this.
+.Ss Kerberos
+If you are going to use Kerberos
+.Po see\ \&
+.Ql info heimdal
+.Pc
+for authentication, and you already have a
+Kerberos
+master, change directory to
+.Pa /etc/kerberosV
+and configure.
+Remember to get a
+.Pa srvtab
+from the master so that the remote commands work.
 .Ss NFS server
 If this is an NFS server
 make sure
@@ -648,11 +604,50 @@ and get it correct.
 It is probably easier to reboot than to get the daemons running manually,
 but you can get the order correct by looking at
 .Pa /etc/rc .
-.Ss HP remote boot server
-Edit
-.Pa /etc/rbootd.conf
-if needed for remote booting.
-If you do not have HP computers doing remote booting, do not enable this.
+.Ss RPC-based network services
+Several services depend on the RPC portmapper,
+.Xr portmap 8 ,
+being running for proper operation.
+This includes YP and NFS exports, among other services.
+To get the RPC portmapper to start automatically on boot,
+you will need to have this line in
+.Pa /etc/rc.conf.local :
+.Pp
+.Dl portmap=YES
+.Ss YP setup
+Check the YP domain name with the
+.Xr domainname 1
+command.
+If necessary, correct it by editing the
+.Pa /etc/defaultdomain
+file (see
+.Xr defaultdomain 5 ) .
+The
+.Pa /etc/netstart
+script reads this file on bootup to determine and set the domain name.
+You may also set the running system's domain name with the
+.Xr domainname 1
+command.
+To start YP client services, simply run
+.Ic ypbind ,
+then perform the remaining
+YP activation as described in
+.Xr passwd 5
+and
+.Xr group 5 .
+.Pp
+In particular, to enable YP passwd support, you'll need to add the following
+line to
+.Pa /etc/master.passwd :
+.Pp
+.Dl +:*::::::::
+.Pp
+You do this by using
+.Xr vipw 8 .
+.Pp
+There are many more YP man pages available to help you.
+You can find more information by starting with
+.Xr yp 8 .
 .Ss Daily, weekly, monthly scripts
 Look at and possibly edit the
 .Pa /etc/daily , /etc/weekly ,
@@ -688,6 +683,14 @@ and you must add a line to root's
 so that the
 .Pa /etc/daily
 script will make a daily backup of the root filesystem.
+.Ss Tighten up security
+You might wish to tighten up security more by editing
+.Pa /etc/fbtab
+as when installing X.
+In
+.Pa /etc/inetd.conf
+comment out any extra entries you do not need,
+and only add things that are really needed.
 .Ss Other files in /etc
 Look at the other files in
 .Pa /etc
@@ -775,14 +778,6 @@ yet, or because licensing restrictions make binary redistribution
 impossible.
 Sometimes checking the mailing lists for
 past problems that people have encountered will result in a fix posted.
-.Ss Check the running system
-You can use
-.Xr ps 1 ,
-.Xr netstat 1 ,
-and
-.Xr fstat 1
-to check on running processes, network connections, and opened files,
-respectively.
 .Sh COMPILING A KERNEL
 Note:
 The standard
@@ -917,9 +912,9 @@ boot time in the kernel image.
 .Xr rdate 8 ,
 .Xr rmt 8 ,
 .Xr route 8 ,
+.Xr sendmail 8 ,
 .Xr sudo 8 ,
 .Xr sysctl 8 ,
-.Xr telnetd 8 ,
 .Xr timed 8 ,
 .Xr umount 8 ,
 .Xr vipw 8 ,