====== Debian GNU/Linux ====== == links: == * [[http://newbiedoc.sourceforge.net/system/kernel-pkg.html|Kernel compiling with make-kpkg]] * [[http://myrddin.org/howto/debian-kernel-recompiling/|Debian kernel recompile]] * [[http://www.osnews.com/story.php?news_id=2949|The Very Verbose Guide to Updating and Compiling Your Debian Kernel]] * [[http://wiki.debian.org/SecureApt|Secure APT]] * [[http://openchemist.net/linux/howto.php|A Collection of Debian Linux Howto 's]] * [[http://www.debian-hardened.org/Debian Hardeded]] * [[http://wiki.debian.org/SELinux/Setup|SELinux Setup]] * [[http://www.gentoo.org/proj/en/hardened/|Hardened Gentoo - other linux security tips]] == HP & Debian == * [[http://hp.com/go/debian]] * [[http://wiki.debian.org/HP/ProLiant|Proliant Debian Wiki]] ===== Network tips ===== ==== Interface bonding ==== **''/etc/network/interfaces''** auto bond0 iface bond0 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.0 network xxx.xxx.xxx.0 broadcast xxx.xxx.xxx.255 gateway xxx.xxx.xxx.1 up /sbin/ifenslave bond0 eth0 eth1 ==== bridge setup ==== **''/etc/network/interfaces''** auto br0 iface br0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 bridge_ports eth0 eth1 bridge_fd 0 bridge_hello 0 bridge_stp off ===== Perfect Debian Server Setup ===== ==== Base instalation ==== **Requirements** To install such a system you will need the following: * A Debian Sarge Netinstall CD (available [[http://ftp.si.debian.org/debian-cd/3.1_r0a/i386/iso-cd/debian-31r0a-i386-netinst.iso|here]]) * an internet connection since I will describe a network installation in this document ---- * Insert your Sarge Netinstall CD into your system and boot from it (enter ''**linux26**'' at the boot prompt to install a 2.6 kernel) * install only base system * for RAID see: **[[:linux:raid|Setting SWRAID]]** * use lilo if plan to boot from raid devices * use grub if you have hardware raid ==== Install/Remove Some Software ==== Now let's install some software we need later on and remove some packages that we do not need: apt-get install wget bzip2 rdate nmap ssh taceroute-nanog links-ssl lynx fileutils iptaf iproute less tcpdump ntp-simple apt-get remove lpr nfs-common portmap pidentd pcmcia-cs update-rc.d -f exim remove update-inetd --remove daytime update-inetd --remove telnet update-inetd --remove time update-inetd --remove finger update-inetd --remove talk update-inetd --remove ntalk update-inetd --remove ftp update-inetd --remove discard <- Yes /etc/init.d/inetd reload ==== Configure The Network ==== Because the Debian Sarge installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs. # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 up /path/to/your/firewall.sh # up /sbin/ifconfig eth0 txqueuelen 1000 # 1000Mbits force Use {{linux:firewall.sh|this firewall.sh}} as an example. Edit ''/etc/resolv.conf'' and add some nameservers: search server nameserver xxx.xxx.xxx.xxx nameserver xxx,xxx,xxx,yyy Edit ''/etc/hosts'' and add your new IP addresses: 127.0.0.1 localhost.localdomain localhost server1 192.168.0.100 server1.example.com server1 ==== Configuration optimization ==== ''/etc/syslog.conf'' \\ ''/etc/issue'' \\ [[http://tnt.aufbix.org/tnt/doku.php?id=dns&s=host%20conf#general_dns_linux_stuff|/etc/host.conf]]\\ ''/etc/issue.net'' \\ ''/etc/motd'' \\ ''/etc/ntp.conf'' \\ ''/etc/sysctl.conf'' - see [[:linux:sysctl|this]] \\ ''**/etc/default/rcS**'' # Set EDITMOTD to "no" if you don't want /etc/motd to be editted automatically EDITMOTD=no # Set FSCKFIX to "yes" if you want to add "-y" to the fsck at startup. FSCKFIX=yes /etc/hosts.deny ALL:ALL /etc/hosts.allow sshd: trusted-network/netmask /etc/fstab # /etc/fstab: static file system information. # # /dev/md1 none swap sw 0 0 /dev/md2 /tmp reiserfs defaults,nodev,nosuid,noexec 0 0 /dev/md3 / ext3 errors=remount-ro 0 1 /dev/md4 /home reiserfs defaults,noatime 0 0 /dev/md0 /var reiserfs defaults,noatime 0 0 /etc/modules.conf - (e100 extra) #options e100 e100_speed_duplex=2 #Valid Range: 0-4 (1=10half;2=10full;3=100half;4=100full) #Default Value: 0 # The default value of 0 sets the adapter to auto-negotiate. Other values # set the adapter to forced speed and duplex. # Example usage: insmod e100.o e100_speed_duplex=4,4 (for two adapters) ## # ==== Some dpkg-hacks ==== dpkg-query -W --showformat='${Package}\n' dpkg-query -W --showformat='${Installed-Size} ${Status} ${Package}\n' | sort -n dpkg --get-selections | awk '{ print $1; }'| tr "\n" " " **Sorting debian packages installed by size** dpkg-query --show --showformat='${Package;-50}\t${Installed-Size}\n' | sort -k2 -n == How to disable IPv6 in debian linux == /etc/modprobe.d/aliases\\ net ipv-10 off\\ net ipv6 off\\ ===== Tips & troubleshooting ===== ==== 'apt-get' (Debian) says "E: Dynamic MMap ran out of room" and bails out ==== Create a file **/etc/apt/apt.conf** and put something like: Apt::Cache-Limit 67108864; in it. If it still fails, make that number higher. ==== apt-get (from Debian) suddenly segfaults ==== Delete the file '**/var/cache/apt/pkgcache.bin**' and re-run '**apt-get update**'. ==== Create a backup list of packages and resinstall ==== sudo dpkg --get-selections > package_list.txt Save the text file on a thumb drive, format the drive, reinstall Ubuntu/Debian, then to a sudo dpkg --set-selections < package_list.txt sudo apt-get -y update sudo apt-get dselect-upgrade