86 | | === Syn Cookies === |
87 | | |
88 | | * Enable syncookies: |
89 | | |
90 | | {{{ |
91 | | echo 1 > /proc/sys/net/ipv4/tcp_syncookies |
92 | | }}} |
93 | | |
94 | | * Preserve syncookies on reboot: |
95 | | |
96 | | {{{ |
97 | | echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf |
98 | | }}} |
99 | | |
100 | | === Install and configure mandatory packages === |
101 | | |
102 | | * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix) |
103 | | |
104 | | {{{ |
105 | | # aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales |
106 | | }}} |
107 | | |
108 | | * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary) |
109 | | |
110 | | * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range): |
111 | | |
112 | | {{{ |
113 | | hostname=bulk.mayfirst.org |
114 | | }}} |
115 | | |
116 | | * Configure cron-apt: |
117 | | {{{ |
118 | | echo 'MAILON="upgrade"' >> /etc/cron-apt/config |
119 | | }}} |
120 | | |
121 | | * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to: |
122 | | |
123 | | {{{ |
124 | | /root/.ssh/authorized_keys |
125 | | }}} |
126 | | |
127 | | * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines: |
128 | | |
129 | | {{{ |
130 | | PasswordAuthentication no |
131 | | ChallengeResponseAuthentication no |
132 | | }}} |
133 | | |
134 | | * Reload ssh: |
135 | | |
136 | | {{{ |
137 | | # /etc/init.d/ssh reload |
138 | | }}} |
139 | | |
140 | | === Fix Bash === |
141 | | |
142 | | * Overwrite /root/.bashrc with: |
143 | | {{{ |
144 | | # ~/.bashrc: executed by bash(1) for non-login shells. |
145 | | |
146 | | export PS1='$? \h:\w\$ ' |
147 | | umask 022 |
148 | | |
149 | | # You may uncomment the following lines if you want `ls' to be colorized: |
150 | | # export LS_OPTIONS='--color=auto' |
151 | | # eval "`dircolors`" |
152 | | # alias ls='ls $LS_OPTIONS' |
153 | | # alias ll='ls $LS_OPTIONS -l' |
154 | | # alias l='ls $LS_OPTIONS -lA' |
155 | | # |
156 | | # Some more alias to avoid making mistakes: |
157 | | alias rm='rm -i' |
158 | | alias cp='cp -i' |
159 | | alias mv='mv -i |
160 | | }}} |
161 | | |
162 | | * Modify the following lines in /etc/skel/.bashrc |
163 | | {{{ |
164 | | PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' |
165 | | ;; |
166 | | *) |
167 | | PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' |
168 | | }}} |
169 | | |
170 | | * Add a .ssh directory and empty authorized_keys file in /etc/skel: |
171 | | {{{ |
172 | | mkdir /etc/skel/.ssh |
173 | | touch /etc/skel/.ssh/authorized_keys |
174 | | }}} |
175 | | |
176 | | === Serial console login (not for DomU's!) === |
177 | | |
178 | | If you did not use the serial console installer, then perform the following: |
179 | | |
180 | | * Edit the /etc/inittab file. Uncomment and modify: |
181 | | |
182 | | {{{ |
183 | | T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100 |
184 | | }}} |
185 | | |
186 | | * Refresh: |
187 | | |
188 | | {{{ |
189 | | $ sudo init q |
190 | | }}} |
191 | | |
192 | | * Add the following lines after the timeout line in `/boot/grub/menu.1st` |
193 | | |
194 | | {{{ |
195 | | serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 |
196 | | terminal --timeout=10 serial console |
197 | | }}} |
198 | | |
199 | | * Add the following lines to the Start Default Options. You should already have a line such as: |
200 | | |
201 | | {{{ |
202 | | # kopt=root=/dev/mapper/vg_servername0-root ro |
203 | | }}} |
204 | | |
205 | | add to it, so that your final line says: |
206 | | |
207 | | {{{ |
208 | | # kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8 |
209 | | }}} |
210 | | |
211 | | Refresh grub's config file: |
212 | | |
213 | | {{{ |
214 | | # update-grub |
215 | | }}} |
216 | | |