Changes between Version 8 and Version 9 of install_debian_extras


Ignore:
Timestamp:
Mar 25, 2008, 1:21:19 PM (12 years ago)
Author:
Daniel Kahn Gillmor
Comment:

cleanup formatting

Legend:

Unmodified
Added
Removed
Modified
  • install_debian_extras

    v8 v9  
    55
    66 * Enable syncookies:
    7 
    87{{{
    98echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    109}}}
    11 
    1210 * Preserve syncookies on reboot:
    13 
    1411{{{
    1512echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf
     
    1916
    2017 * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix)
    21 
    2218{{{
    2319# aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales lsof psmisc screen
    2420}}}
    25 
    2621 * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary)
    27 
    2822 * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range):
    29 
    3023{{{
    3124hostname=bulk.mayfirst.org
    3225}}}
    33 
    3426 * Configure cron-apt:
    3527{{{
    3628echo 'MAILON="upgrade"' >> /etc/cron-apt/config
    3729}}}
    38 
    3930 * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to:
    40 
    4131{{{
    4232/root/.ssh/authorized_keys
    4333}}}
    44 
    4534 * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines:
    46 
    4735{{{
    4836PasswordAuthentication no
    4937ChallengeResponseAuthentication no
    5038}}}
    51 
    5239 * Reload ssh:
    53 
    5440{{{
    5541# /etc/init.d/ssh reload
     
    7763alias mv='mv -i'
    7864}}}
    79 
    8065 * Modify the following lines in /etc/skel/.bashrc
    8166{{{
     
    8570PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
    8671}}}
    87 
    8872 * Add a .ssh directory and empty authorized_keys file in /etc/skel:
    8973{{{
     
    9781
    9882 * Edit the /etc/inittab file. Uncomment and modify:
    99 
    10083{{{
    10184T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
    10285}}}
    103 
    10486 * Refresh:
    105 
    10687{{{
    10788$ sudo init q
    10889}}}
    109 
    11090 * Add the following lines after the timeout line in `/boot/grub/menu.1st`
    111 
    11291{{{
    11392serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
    11493terminal --timeout=10 serial console
    11594}}}
    116 
    11795 * Add the following lines to the Start Default Options. You should already have a line such as:
    118 
    11996{{{
    12097# kopt=root=/dev/mapper/vg_servername0-root ro
    12198}}}
    122 
    12399 add to it, so that your final line says:
    124 
    125100{{{
    126101# kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8
    127102}}}
    128 
    129  Refresh grub's config file:
    130 
     103 * Refresh grub's config file:
    131104{{{
    132105# update-grub
    133106}}}
    134107
    135 
    136108== Encrypted File system ==
    137109
    138110 * Install programs:
    139 
    140111{{{
    141112$ sudo aptitude install dmsetup cryptsetup
    142113}}}
    143 
    144114 * Create an encrypted file system for members:
    145 
    146  * Create the encrypted filesystem (be sure to switch to use which ever device you are using):
    147 
     115  * Create the encrypted filesystem (be sure to switch to use which ever device you are using):
    148116{{{
    149117$ cryptsetup luksFormat /dev/sda5
    150118}}}
    151 
    152 You will be prompted for a password. Put password in resource db!
    153 
    154  * Add to crypttab
    155 
     119   You will be prompted for a password. Put password in resource db!
     120  * Add to crypttab
    156121{{{
    157122echo crypt_members /dev/sda5 none luks >> /etc/crypttab
    158123}}}
    159 
    160  * Start it
    161 
     124  * Start it
    162125{{{
    163126/etc/init.d/cryptdisks start
    164127}}}
    165 
    166  * Create a file system on the partition:
    167 
     128  * Create a file system on the partition:
    168129{{{
    169130$ mkfs -t ext3 /dev/mapper/crypt_members
    170131}}}
    171 
    172  * Add to fstab:
    173 
     132  * Add to fstab:
    174133{{{
    175134echo /dev/mapper/crypt_members /home/members ext3 defaults 0 2 >> /etc/fstab
    176135}}}
    177 
    178  * Mount
    179 
     136  * Mount
    180137{{{
    181138mount /home/members
     
    184141== Add Nagios logging ==
    185142
    186 Optionally, you may want to login to chun.mayfirst.org and edit the /etc/nagios2/conf.d/servers_mfpl.cfg file to add this server for monitoring.
     143Optionally, you may want to login to `chun.mayfirst.org` and edit the `/etc/nagios2/conf.d/servers_mfpl.cfg` file to add this server for monitoring.
    187144
    188145== Add munin logging ==