Context Navigation

Changes between Version 2 and Version 3 of install_debian_extras

Timestamp:: Nov 20, 2007, 6:58:43 PM (18 years ago)
Author:: Jamie McClelland
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

install_debian_extras

-              v2
+              v3
+== Installing Extras ==
+[[PageOutline]]
+= Installing Extras =
+==== Encrypted File system ====
+== Syn Cookies ==
+ * Enable syncookies:
+{{{
+echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+}}}
+ * Preserve syncookies on reboot:
+{{{
+echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf
+}}}
+== Install and configure mandatory packages ==
+ * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix)
+{{{
+# aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales
+}}}
+ * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary)
+ * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range):
+{{{
+hostname=bulk.mayfirst.org
+}}}
+ * Configure cron-apt:
+{{{
+echo 'MAILON="upgrade"' >> /etc/cron-apt/config
+}}}
+ * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to:
+{{{
+/root/.ssh/authorized_keys
+}}}
+ * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines:
+{{{
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+}}}
+ * Reload ssh:
+{{{
+# /etc/init.d/ssh reload
+}}}
+== Fix Bash ==
+ * Overwrite /root/.bashrc with:
+{{{
+# ~/.bashrc: executed by bash(1) for non-login shells.
+export PS1='$? \h:\w\$ '
+umask 022
+# You may uncomment the following lines if you want `ls' to be colorized:
+# export LS_OPTIONS='--color=auto'
+# eval "`dircolors`"
+# alias ls='ls $LS_OPTIONS'
+# alias ll='ls $LS_OPTIONS -l'
+# alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+alias rm='rm -i'
+alias cp='cp -i'
+alias mv='mv -i
+}}}
+ * Modify the following lines in /etc/skel/.bashrc
+{{{
+PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    ;;
+*)
+PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+}}}
+ * Add a .ssh directory and empty authorized_keys file in /etc/skel:
+{{{
+mkdir /etc/skel/.ssh
+touch /etc/skel/.ssh/authorized_keys
+}}}
+== Serial console login (not for DomU's, only dom0's!) ==
+If you did not use the serial console installer, then perform the following:
+ * Edit the /etc/inittab file. Uncomment and modify:
+{{{
+T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
+}}}
+ * Refresh:
+{{{
+$ sudo init q
+}}}
+ * Add the following lines after the timeout line in `/boot/grub/menu.1st`
+{{{
+serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
+terminal --timeout=10 serial console
+}}}
+ * Add the following lines to the Start Default Options. You should already have a line such as:
+{{{
+# kopt=root=/dev/mapper/vg_servername0-root ro
+}}}
+ add to it, so that your final line says:
+{{{
+# kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8
+}}}
+ Refresh grub's config file:
+{{{
+# update-grub
+}}}
+=== Encrypted File system ===
  * Install programs: