I've been goofing on and off with FreeBSD for a while now, and thought I'd offer some of the things I've learned for anyone who might be interested.

I'm currently running FreeBSD on 6 machines now, 2 desktops & 4 servers. While I haven't had a lot of time to play around with the desktop side of things, I have gotten pretty intimate in the server side of things. Currently I'm running a web / database / mail / DNS server & 2 desktops out of my house and a mail, an IM/database & a web/database server at work. I'll try and recount my steps for setting up each of these environnments. I started with 5.0, and my installation made it through every upgrade until 6.3 > 7.0, when something went nasty with my disk, and I decided to upgrade my machine.

Installation

For each one of these installs, I followed the Standard Installation. Since this was the only OS on any of these systems, I partitioned my disk using "A", use entire disk. When creating the partitions, again I would choose "A" - Auto Defaults. The only change I would make at this point is to go back and delete the /usr & /var partition and recreate the /var partition making it a little bigger, and recreate the /usr partition making it a little smaller since MySQL stores it's databases on the /var partition. After saving the partition, it's time to install the distribution. I always do a minimal install. The reason is that any patches that have been released since the last stable release are not incorporated into the ISO. To ensure that you have all the latest updates and patches, you want to compile from the latest source available. You can install packages off of the CD, but if you need to patch any of them (and they are upated very frequently), you will have to recompile just about everything anyway. After the installation is complete, I do the following, configure the ethernet device (which is pretty straightforward), set the system time, enable sshd, and add a user account making sure to add "wheel" to "Member Groups" so that I can ssh into the machine at a later time, and enter the root password. I answer no to all the other options, and once this is done, I go back into the general configuration one more time to do the following. Under "Configure - Do post-install configuration of FreeBSD", I choose networking, and enable Ntpdate. Once this is complete, I exit out of all the menus, remove the CD, & reboot the machine.

Once the machine reboots, I log in as root, and begin updating the system. The first thing we need to do is intall the ports collection so we can install any needed software. To do this we use portsnap, which is installed as part of the base system:

This might take a while. Once it's complete, we have to install a couple of pieces of software to be able to update the base system. Once the software is installed, run the rehash command. If you forget to run rehash, you will have to specify the entire path of the needed commands as they won't be found in your path variable.

This will download, compile, and install the two utilities we need to update the base system as well as any needed dependencies. Again, this might take a while. In general, I use portmanager to update any of the ports I've installed (which I'll get into later), and just use cvsup to update my base system. Software included in the base system that needs updaating from time to time include bind, sendmail & sshd. To stay on top of any needed updates to the base system, subscribe to the freebsd-security-notifications mailing list. Needed updates for the installed ports can be had by using portaudit (again, I will cover this later). Once the above ports have been installed, it's time to rebuild world. To do so, we need to first download the latest source, and then recompile the system. To download the latest source for the base system, we have to create a supfile, so cvsup knows what it needs to download. There are many options in how to do this, since I am only interested in updating the base system to the latest stable branch, I do the following:

Next, we download the latest source.

Once this process has completed, it's time to rebuild world by typing the following commands.

When the sytem reboots, boot into single user mode - option 4. I have read that it is possible to do this without rebooting into single user mode, but you are are your own if something gets screwed up. The best way to do this on a remote machine is through a serial port connection from a second machine - something I have no experience in.
At the prompt, type the following commands.

The mergemaster process lets you save any configuration files that you might have edited without having them overwritten by the updating preocess. Since this is a new install, I go through and install the new configuration files that mergemaster locates, and reboot. Once the system comes back up, your system is fully updated, and ready to go. Now it's time to install a few utilities that I find invaluable:

portaudit does a nightly audit of any installed ports, and identifies any software with security issues.
portupgrade can be used to upgrade the installed ports, but I use it for the included utilities portversion & portsclean.
portversion identifies any software that is out of date where portaudit only identifies software with security issues. portsclean is used to clean out any leftover work files that didn't get deleted when software is compiled.
aide is a utility similar to tripwire
chkrootkit checks for any root kits installed by hackers.
I run most of these nightly by running crontab -e, and adding the following (this has to be tab delimited, so be careful if cutting and pasting):

Running aide nightly checks for any changed files on sensitive areas of the system, and sends me an email of the results (you must run "aide -i" before the above crontab entry will work).
Running chkrootkit nightly checks the system for any rootkits that may have instqalled by hackers.
Running portsnap (with the cron option) & portversion allows me to update my ports tree, and identifies any software that has been updated recently.
Results of the above are received via email to the root account. You can su to root at the command line and enter "mail -u root" to read these, or you can forward them to another account in the sendmail aliases file in /etc/mail.

Now that the system is up to date, the next step is to figure out what you want to do with it. For my details on a mail / database / web / DNS server: click here.