Changes between Version 12 and Version 13 of install_debian_extras


Ignore:
Timestamp:
May 20, 2008, 1:17:44 PM (11 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • install_debian_extras

    v12 v13  
    22= Installing Extras =
    33
    4 == Syn Cookies ==
     4Many of these commands can be automatically run using our [wiki:server_overview automated directives tool].
    55
    6  * Enable syncookies:
    76{{{
    8 echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    9 }}}
    10  * Preserve syncookies on reboot:
    11 {{{
    12 echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf
     7scripts/execute-directive root@server ssh-root-keys
     8scripts/execute-directive root@server add-empty-authorized-keys
     9scripts/execute-directive root@server enable-syn-cookies
     10scripts/execute-directive root@server aptitude-dist-upgrade
     11scripts/execute-directive root@server base-required-packages
     12scripts/execute-directive root@server bash-fix-root
     13scripts/execute-directive root@server bash-fix-skel
     14scripts/execute-directive root@server ssh-key-only-login
    1315}}}
    1416
    15 == Install and configure mandatory packages ==
    16 
    17  * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix)
    18 {{{
    19 # aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales lsof psmisc screen
    20 }}}
    21  * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary)
    22  * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range):
    23 {{{
    24 hostname=bulk.mayfirst.org
    25 }}}
    26  * Configure cron-apt:
    27 {{{
    28 echo 'MAILON="upgrade"' >> /etc/cron-apt/config
    29 }}}
    30  * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to:
    31 {{{
    32 /root/.ssh/authorized_keys
    33 }}}
    34  * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines:
    35 {{{
    36 PasswordAuthentication no
    37 ChallengeResponseAuthentication no
    38 }}}
    39  * Reload ssh:
    40 {{{
    41 # /etc/init.d/ssh reload
    42 }}}
    43 
    44 == Fix Bash ==
    45 
    46  * Overwrite /root/.bashrc with:
    47 {{{
    48 # ~/.bashrc: executed by bash(1) for non-login shells.
    49 
    50 export PS1='$? \h:\w\$ '
    51 umask 022
    52 
    53 # You may uncomment the following lines if you want `ls' to be colorized:
    54 # export LS_OPTIONS='--color=auto'
    55 # eval "`dircolors`"
    56 # alias ls='ls $LS_OPTIONS'
    57 # alias ll='ls $LS_OPTIONS -l'
    58 # alias l='ls $LS_OPTIONS -lA'
    59 #
    60 # Some more alias to avoid making mistakes:
    61 alias rm='rm -i'
    62 alias cp='cp -i'
    63 alias mv='mv -i'
    64 }}}
    65  * Modify the following lines in /etc/skel/.bashrc
    66 {{{
    67 PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
    68     ;;
    69 *)
    70 PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
    71 }}}
    72  * Add a .ssh directory and empty authorized_keys file in /etc/skel:
    73 {{{
    74 mkdir /etc/skel/.ssh
    75 touch /etc/skel/.ssh/authorized_keys
    76 }}}
    7717
    7818== smartmontools (not for domU's) ==