Changes between Version 8 and Version 9 of install_debian_extras
- Timestamp:
- Mar 25, 2008, 5:21:19 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
install_debian_extras
v8 v9 5 5 6 6 * Enable syncookies: 7 8 7 {{{ 9 8 echo 1 > /proc/sys/net/ipv4/tcp_syncookies 10 9 }}} 11 12 10 * Preserve syncookies on reboot: 13 14 11 {{{ 15 12 echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf … … 19 16 20 17 * Login as root and install the following packages (if you plan to install postfix, replace esmtp-run with postfix) 21 22 18 {{{ 23 19 # aptitude install ssh ntp less emacs21-nox cron-apt iproute mailx esmtp-run locales lsof psmisc screen 24 20 }}} 25 26 21 * Configure locales to use en_US.UTF-8 (run dpkg-reconfigure locales if necessary) 27 28 22 * If you installed esmtp-run, edit /etc/esmtprc, configure to send email via our bulk.mayfirst.org server (which relays all mail from our IP range): 29 30 23 {{{ 31 24 hostname=bulk.mayfirst.org 32 25 }}} 33 34 26 * Configure cron-apt: 35 27 {{{ 36 28 echo 'MAILON="upgrade"' >> /etc/cron-apt/config 37 29 }}} 38 39 30 * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to: 40 41 31 {{{ 42 32 /root/.ssh/authorized_keys 43 33 }}} 44 45 34 * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change these lines: 46 47 35 {{{ 48 36 PasswordAuthentication no 49 37 ChallengeResponseAuthentication no 50 38 }}} 51 52 39 * Reload ssh: 53 54 40 {{{ 55 41 # /etc/init.d/ssh reload … … 77 63 alias mv='mv -i' 78 64 }}} 79 80 65 * Modify the following lines in /etc/skel/.bashrc 81 66 {{{ … … 85 70 PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' 86 71 }}} 87 88 72 * Add a .ssh directory and empty authorized_keys file in /etc/skel: 89 73 {{{ … … 97 81 98 82 * Edit the /etc/inittab file. Uncomment and modify: 99 100 83 {{{ 101 84 T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100 102 85 }}} 103 104 86 * Refresh: 105 106 87 {{{ 107 88 $ sudo init q 108 89 }}} 109 110 90 * Add the following lines after the timeout line in `/boot/grub/menu.1st` 111 112 91 {{{ 113 92 serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 114 93 terminal --timeout=10 serial console 115 94 }}} 116 117 95 * Add the following lines to the Start Default Options. You should already have a line such as: 118 119 96 {{{ 120 97 # kopt=root=/dev/mapper/vg_servername0-root ro 121 98 }}} 122 123 99 add to it, so that your final line says: 124 125 100 {{{ 126 101 # kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8 127 102 }}} 128 129 Refresh grub's config file: 130 103 * Refresh grub's config file: 131 104 {{{ 132 105 # update-grub 133 106 }}} 134 107 135 136 108 == Encrypted File system == 137 109 138 110 * Install programs: 139 140 111 {{{ 141 112 $ sudo aptitude install dmsetup cryptsetup 142 113 }}} 143 144 114 * Create an encrypted file system for members: 145 146 * Create the encrypted filesystem (be sure to switch to use which ever device you are using): 147 115 * Create the encrypted filesystem (be sure to switch to use which ever device you are using): 148 116 {{{ 149 117 $ cryptsetup luksFormat /dev/sda5 150 118 }}} 151 152 You will be prompted for a password. Put password in resource db! 153 154 * Add to crypttab 155 119 You will be prompted for a password. Put password in resource db! 120 * Add to crypttab 156 121 {{{ 157 122 echo crypt_members /dev/sda5 none luks >> /etc/crypttab 158 123 }}} 159 160 * Start it 161 124 * Start it 162 125 {{{ 163 126 /etc/init.d/cryptdisks start 164 127 }}} 165 166 * Create a file system on the partition: 167 128 * Create a file system on the partition: 168 129 {{{ 169 130 $ mkfs -t ext3 /dev/mapper/crypt_members 170 131 }}} 171 172 * Add to fstab: 173 132 * Add to fstab: 174 133 {{{ 175 134 echo /dev/mapper/crypt_members /home/members ext3 defaults 0 2 >> /etc/fstab 176 135 }}} 177 178 * Mount 179 136 * Mount 180 137 {{{ 181 138 mount /home/members … … 184 141 == Add Nagios logging == 185 142 186 Optionally, you may want to login to chun.mayfirst.org and edit the /etc/nagios2/conf.d/servers_mfpl.cfgfile to add this server for monitoring.143 Optionally, you may want to login to `chun.mayfirst.org` and edit the `/etc/nagios2/conf.d/servers_mfpl.cfg` file to add this server for monitoring. 187 144 188 145 == Add munin logging ==