| 86 | | === Syn Cookies === |
| 87 | | |
| 88 | | * Enable syncookies: |
| 89 | | |
| 90 | | {{{ |
| 91 | | echo 1 > /proc/sys/net/ipv4/tcp_syncookies |
| 92 | | }}} |
| 93 | | |
| 94 | | * Preserve syncookies on reboot: |
| 95 | | |
| 96 | | {{{ |
| 97 | | echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf |
| 98 | | }}} |
| 99 | | |
| 100 | | === Install and configure mandatory packages === |
| 101 | | |
| 102 | | * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix) |
| 103 | | |
| 104 | | {{{ |
| 105 | | # aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales |
| 106 | | }}} |
| 107 | | |
| 108 | | * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary) |
| 109 | | |
| 110 | | * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range): |
| 111 | | |
| 112 | | {{{ |
| 113 | | hostname=bulk.mayfirst.org |
| 114 | | }}} |
| 115 | | |
| 116 | | * Configure cron-apt: |
| 117 | | {{{ |
| 118 | | echo 'MAILON="upgrade"' >> /etc/cron-apt/config |
| 119 | | }}} |
| 120 | | |
| 121 | | * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to: |
| 122 | | |
| 123 | | {{{ |
| 124 | | /root/.ssh/authorized_keys |
| 125 | | }}} |
| 126 | | |
| 127 | | * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines: |
| 128 | | |
| 129 | | {{{ |
| 130 | | PasswordAuthentication no |
| 131 | | ChallengeResponseAuthentication no |
| 132 | | }}} |
| 133 | | |
| 134 | | * Reload ssh: |
| 135 | | |
| 136 | | {{{ |
| 137 | | # /etc/init.d/ssh reload |
| 138 | | }}} |
| 139 | | |
| 140 | | === Fix Bash === |
| 141 | | |
| 142 | | * Overwrite /root/.bashrc with: |
| 143 | | {{{ |
| 144 | | # ~/.bashrc: executed by bash(1) for non-login shells. |
| 145 | | |
| 146 | | export PS1='$? \h:\w\$ ' |
| 147 | | umask 022 |
| 148 | | |
| 149 | | # You may uncomment the following lines if you want `ls' to be colorized: |
| 150 | | # export LS_OPTIONS='--color=auto' |
| 151 | | # eval "`dircolors`" |
| 152 | | # alias ls='ls $LS_OPTIONS' |
| 153 | | # alias ll='ls $LS_OPTIONS -l' |
| 154 | | # alias l='ls $LS_OPTIONS -lA' |
| 155 | | # |
| 156 | | # Some more alias to avoid making mistakes: |
| 157 | | alias rm='rm -i' |
| 158 | | alias cp='cp -i' |
| 159 | | alias mv='mv -i |
| 160 | | }}} |
| 161 | | |
| 162 | | * Modify the following lines in /etc/skel/.bashrc |
| 163 | | {{{ |
| 164 | | PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' |
| 165 | | ;; |
| 166 | | *) |
| 167 | | PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' |
| 168 | | }}} |
| 169 | | |
| 170 | | * Add a .ssh directory and empty authorized_keys file in /etc/skel: |
| 171 | | {{{ |
| 172 | | mkdir /etc/skel/.ssh |
| 173 | | touch /etc/skel/.ssh/authorized_keys |
| 174 | | }}} |
| 175 | | |
| 176 | | === Serial console login (not for DomU's!) === |
| 177 | | |
| 178 | | If you did not use the serial console installer, then perform the following: |
| 179 | | |
| 180 | | * Edit the /etc/inittab file. Uncomment and modify: |
| 181 | | |
| 182 | | {{{ |
| 183 | | T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100 |
| 184 | | }}} |
| 185 | | |
| 186 | | * Refresh: |
| 187 | | |
| 188 | | {{{ |
| 189 | | $ sudo init q |
| 190 | | }}} |
| 191 | | |
| 192 | | * Add the following lines after the timeout line in `/boot/grub/menu.1st` |
| 193 | | |
| 194 | | {{{ |
| 195 | | serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 |
| 196 | | terminal --timeout=10 serial console |
| 197 | | }}} |
| 198 | | |
| 199 | | * Add the following lines to the Start Default Options. You should already have a line such as: |
| 200 | | |
| 201 | | {{{ |
| 202 | | # kopt=root=/dev/mapper/vg_servername0-root ro |
| 203 | | }}} |
| 204 | | |
| 205 | | add to it, so that your final line says: |
| 206 | | |
| 207 | | {{{ |
| 208 | | # kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8 |
| 209 | | }}} |
| 210 | | |
| 211 | | Refresh grub's config file: |
| 212 | | |
| 213 | | {{{ |
| 214 | | # update-grub |
| 215 | | }}} |
| 216 | | |
