8 | | echo 1 > /proc/sys/net/ipv4/tcp_syncookies |
9 | | }}} |
10 | | * Preserve syncookies on reboot: |
11 | | {{{ |
12 | | echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf |
| 7 | scripts/execute-directive root@server ssh-root-keys |
| 8 | scripts/execute-directive root@server add-empty-authorized-keys |
| 9 | scripts/execute-directive root@server enable-syn-cookies |
| 10 | scripts/execute-directive root@server aptitude-dist-upgrade |
| 11 | scripts/execute-directive root@server base-required-packages |
| 12 | scripts/execute-directive root@server bash-fix-root |
| 13 | scripts/execute-directive root@server bash-fix-skel |
| 14 | scripts/execute-directive root@server ssh-key-only-login |
15 | | == Install and configure mandatory packages == |
16 | | |
17 | | * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix) |
18 | | {{{ |
19 | | # aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales lsof psmisc screen |
20 | | }}} |
21 | | * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary) |
22 | | * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range): |
23 | | {{{ |
24 | | hostname=bulk.mayfirst.org |
25 | | }}} |
26 | | * Configure cron-apt: |
27 | | {{{ |
28 | | echo 'MAILON="upgrade"' >> /etc/cron-apt/config |
29 | | }}} |
30 | | * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to: |
31 | | {{{ |
32 | | /root/.ssh/authorized_keys |
33 | | }}} |
34 | | * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines: |
35 | | {{{ |
36 | | PasswordAuthentication no |
37 | | ChallengeResponseAuthentication no |
38 | | }}} |
39 | | * Reload ssh: |
40 | | {{{ |
41 | | # /etc/init.d/ssh reload |
42 | | }}} |
43 | | |
44 | | == Fix Bash == |
45 | | |
46 | | * Overwrite /root/.bashrc with: |
47 | | {{{ |
48 | | # ~/.bashrc: executed by bash(1) for non-login shells. |
49 | | |
50 | | export PS1='$? \h:\w\$ ' |
51 | | umask 022 |
52 | | |
53 | | # You may uncomment the following lines if you want `ls' to be colorized: |
54 | | # export LS_OPTIONS='--color=auto' |
55 | | # eval "`dircolors`" |
56 | | # alias ls='ls $LS_OPTIONS' |
57 | | # alias ll='ls $LS_OPTIONS -l' |
58 | | # alias l='ls $LS_OPTIONS -lA' |
59 | | # |
60 | | # Some more alias to avoid making mistakes: |
61 | | alias rm='rm -i' |
62 | | alias cp='cp -i' |
63 | | alias mv='mv -i' |
64 | | }}} |
65 | | * Modify the following lines in /etc/skel/.bashrc |
66 | | {{{ |
67 | | PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' |
68 | | ;; |
69 | | *) |
70 | | PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' |
71 | | }}} |
72 | | * Add a .ssh directory and empty authorized_keys file in /etc/skel: |
73 | | {{{ |
74 | | mkdir /etc/skel/.ssh |
75 | | touch /etc/skel/.ssh/authorized_keys |
76 | | }}} |