[[linux:debian]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
linux:debian [2006/07/17 12:02]
a A Collection of Debian Linux Howto 's added 		linux:debian [2009/06/12 01:45]
a
Line 7: Line 7:
   * [[http://wiki.debian.org/SecureApt|Secure APT]]   * [[http://wiki.debian.org/SecureApt|Secure APT]]
   * [[http://openchemist.net/linux/howto.php|A Collection of Debian Linux Howto 's]]   * [[http://openchemist.net/linux/howto.php|A Collection of Debian Linux Howto 's]]
 +  * [[http://www.debian-hardened.org/Debian Hardeded]]
 +  * [[http://wiki.debian.org/SELinux/Setup|SELinux Setup]]
 +  * [[http://www.gentoo.org/proj/en/hardened/|Hardened Gentoo - other linux security tips]]
  
 +== HP & Debian ==
 +   * [[http://hp.com/go/debian]]
 +   * [[http://wiki.debian.org/HP/ProLiant|Proliant Debian Wiki]]
 +
 +
 +
 +
 +===== Network tips  =====
 +==== Interface bonding ====
 +**''/etc/network/interfaces''**
 +   auto bond0
 +   iface bond0 inet static
 +           address xxx.xxx.xxx.xxx
 +           netmask 255.255.255.0
 +           network xxx.xxx.xxx.0
 +           broadcast xxx.xxx.xxx.255
 +           gateway xxx.xxx.xxx.1
 +           up /sbin/ifenslave bond0 eth0 eth1
 +
 +==== bridge setup ====
 +**''/etc/network/interfaces''**
 +   auto br0
 +   iface br0 inet static
 +            address 192.168.0.100
 +            netmask 255.255.255.0
 +            network 192.168.0.0
 +            broadcast 192.168.0.255
 +            gateway 192.168.0.1
 +            bridge_ports eth0 eth1
 +            bridge_fd 0
 +            bridge_hello 0
 +            bridge_stp off
 +
 +===== Perfect Debian Server Setup =====
 +
 +==== Base instalation ====
 +
 +**Requirements**
 +
 +To install such a system you will need the following:
 +
 +    * A Debian Sarge Netinstall CD (available [[http://ftp.si.debian.org/debian-cd/3.1_r0a/i386/iso-cd/debian-31r0a-i386-netinst.iso|here]])
 +    * an internet connection since I will describe a network installation in this document
 +
 +----
 +
 +   * Insert your Sarge Netinstall CD into your system and boot from it (enter ''**linux26**'' at the boot prompt to install a 2.6 kernel)
 +   * install only base system
 +   * for RAID see: **[[:linux:raid|Setting SWRAID]]**
 +      * use lilo if plan to boot from raid devices
 +      * use grub if you have hardware raid
 +
 +==== Install/Remove Some Software ====
 +
 +Now let's install some software we need later on and remove some packages that we do not need:
 +
 +   apt-get install wget bzip2 rdate nmap ssh taceroute-nanog links-ssl lynx fileutils iptaf iproute less tcpdump ntp-simple
 +   apt-get remove lpr nfs-common portmap pidentd pcmcia-cs
 +
 +   update-rc.d -f exim remove
 +   update-inetd --remove daytime
 +   update-inetd --remove telnet
 +   update-inetd --remove time
 +   update-inetd --remove finger
 +   update-inetd --remove talk
 +   update-inetd --remove ntalk
 +   update-inetd --remove ftp
 +   update-inetd --remove discard
 +   <- Yes
 +
 +   /etc/init.d/inetd reload
 +
 +==== Configure The Network ====
 +
 +Because the Debian Sarge installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs.
 +
 +   # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
 +   
 +   # The loopback interface
 +   auto lo
 +   iface lo inet loopback
 +   
 +   # The first network card - this entry was created during the Debian installation
 +   # (network, broadcast and gateway are optional)
 +   auto eth0
 +   iface eth0 inet static
 +          address 192.168.0.100
 +          netmask 255.255.255.0
 +          network 192.168.0.0
 +          broadcast 192.168.0.255
 +          gateway 192.168.0.1
 +          up /path/to/your/firewall.sh
 +         # up /sbin/ifconfig eth0 txqueuelen 1000   # 1000Mbits force
 +
 +Use {{linux:firewall.sh|this firewall.sh}} as an example.
 +
 +Edit ''/etc/resolv.conf'' and add some nameservers:
 +   search server
 +   nameserver xxx.xxx.xxx.xxx
 +   nameserver xxx,xxx,xxx,yyy
 +
 +Edit ''/etc/hosts'' and add your new IP addresses:
 +   127.0.0.1       localhost.localdomain   localhost       server1
 +   192.168.0.100   server1.example.com     server1
 +
 +
 +
 +
 +
 +
 +==== Configuration optimization ====
 +''/etc/syslog.conf'' \\
 +''/etc/issue'' \\
 +[[http://tnt.aufbix.org/tnt/doku.php?id=dns&s=host%20conf#general_dns_linux_stuff|/etc/host.conf]]\\
 +''/etc/issue.net'' \\
 +''/etc/motd'' \\
 +''/etc/ntp.conf'' \\
 +''/etc/sysctl.conf'' - see [[:linux:sysctl|this]] \\
 +''**/etc/default/rcS**''
 +   # Set EDITMOTD to "no" if you don't want /etc/motd to be editted automatically
 +   EDITMOTD=no
 +   # Set FSCKFIX to "yes" if you want to add "-y" to the fsck at startup.
 +   FSCKFIX=yes
 +/etc/hosts.deny
 +   ALL:ALL
 +/etc/hosts.allow
 +   sshd: trusted-network/netmask
 +/etc/fstab
 +   # /etc/fstab: static file system information.
 +   #
 +   # <file system> <mount point>   <type>  <options>               <dump>  <pass>
 +   /dev/md1        none         swap    sw                  0       0
 +   /dev/md2        /tmp           reiserfs        defaults,nodev,nosuid,noexec  0       0
 +   /dev/md3        /                 ext3    errors=remount-ro             1
 +   /dev/md4        /home        reiserfs        defaults,noatime        0       0
 +   /dev/md0        /var            reiserfs        defaults,noatime        0       0
 +
 +/etc/modules.conf - (e100 extra)
 +   #options e100 e100_speed_duplex=2
 +   #Valid Range: 0-4 (1=10half;2=10full;3=100half;4=100full)
 +   #Default Value: 0
 +   #   The default value of 0 sets the adapter to auto-negotiate. Other values
 +   #   set the adapter to forced speed and duplex. 
 +   #   Example usage: insmod e100.o e100_speed_duplex=4,4 (for two adapters)
 +
 +
 +## 
 +#
 +
 +==== Some dpkg-hacks ====
 +
 +   dpkg-query -W --showformat='${Package}\n'
 +   dpkg-query -W --showformat='${Installed-Size} ${Status} ${Package}\n' | sort -n
 +   dpkg --get-selections | awk '{ print $1; }'| tr "\n" " "
 +**Sorting debian packages installed by size**
 +   dpkg-query --show --showformat='${Package;-50}\t${Installed-Size}\n'  | sort -k2 -n
 +
 +
 +== How to disable IPv6 in debian linux ==
 +/etc/modprobe.d/aliases\\
 +net ipv-10 off\\
 +net ipv6 off\\
 +
 +===== Tips & troubleshooting =====
 +==== 'apt-get' (Debian) says "E: Dynamic MMap ran out of room" and bails out ====
 +
 +Create a file **/etc/apt/apt.conf** and put something like:
 +
 +   Apt::Cache-Limit 67108864;
 +
 +in it. If it still fails, make that number higher.
 +
 +==== apt-get (from Debian) suddenly segfaults ====
 +
 +Delete the file '**/var/cache/apt/pkgcache.bin**' and re-run '**apt-get update**'.
  
linux/debian.txt ยท Last modified: 2010/03/04 13:49 by a
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready