[[linux:debian]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
linux:debian [2006/06/08 18:37]
a created debian page 		linux:debian [2010/03/04 13:49] (current)
a
Line 5: Line 5:
   * [[http://myrddin.org/howto/debian-kernel-recompiling/|Debian kernel recompile]]   * [[http://myrddin.org/howto/debian-kernel-recompiling/|Debian kernel recompile]]
   * [[http://www.osnews.com/story.php?news_id=2949|The Very Verbose Guide to Updating and Compiling Your Debian Kernel]]   * [[http://www.osnews.com/story.php?news_id=2949|The Very Verbose Guide to Updating and Compiling Your Debian Kernel]]
 +  * [[http://wiki.debian.org/SecureApt|Secure APT]]
 +  * [[http://openchemist.net/linux/howto.php|A Collection of Debian Linux Howto 's]]
 +  * [[http://www.debian-hardened.org/Debian Hardeded]]
 +  * [[http://wiki.debian.org/SELinux/Setup|SELinux Setup]]
 +  * [[http://www.gentoo.org/proj/en/hardened/|Hardened Gentoo - other linux security tips]]
  
 +== HP & Debian ==
 +   * [[http://hp.com/go/debian]]
 +   * [[http://wiki.debian.org/HP/ProLiant|Proliant Debian Wiki]]
 +
 +
 +
 +
 +===== Network tips  =====
 +==== Interface bonding ====
 +**''/etc/network/interfaces''**
 +   auto bond0
 +   iface bond0 inet static
 +           address xxx.xxx.xxx.xxx
 +           netmask 255.255.255.0
 +           network xxx.xxx.xxx.0
 +           broadcast xxx.xxx.xxx.255
 +           gateway xxx.xxx.xxx.1
 +           up /sbin/ifenslave bond0 eth0 eth1
 +
 +==== bridge setup ====
 +**''/etc/network/interfaces''**
 +   auto br0
 +   iface br0 inet static
 +            address 192.168.0.100
 +            netmask 255.255.255.0
 +            network 192.168.0.0
 +            broadcast 192.168.0.255
 +            gateway 192.168.0.1
 +            bridge_ports eth0 eth1
 +            bridge_fd 0
 +            bridge_hello 0
 +            bridge_stp off
 +
 +===== Perfect Debian Server Setup =====
 +
 +==== Base instalation ====
 +
 +**Requirements**
 +
 +To install such a system you will need the following:
 +
 +    * A Debian Sarge Netinstall CD (available [[http://ftp.si.debian.org/debian-cd/3.1_r0a/i386/iso-cd/debian-31r0a-i386-netinst.iso|here]])
 +    * an internet connection since I will describe a network installation in this document
 +
 +----
 +
 +   * Insert your Sarge Netinstall CD into your system and boot from it (enter ''**linux26**'' at the boot prompt to install a 2.6 kernel)
 +   * install only base system
 +   * for RAID see: **[[:linux:raid|Setting SWRAID]]**
 +      * use lilo if plan to boot from raid devices
 +      * use grub if you have hardware raid
 +
 +==== Install/Remove Some Software ====
 +
 +Now let's install some software we need later on and remove some packages that we do not need:
 +
 +   apt-get install wget bzip2 rdate nmap ssh taceroute-nanog links-ssl lynx fileutils iptaf iproute less tcpdump ntp-simple
 +   apt-get remove lpr nfs-common portmap pidentd pcmcia-cs
 +
 +   update-rc.d -f exim remove
 +   update-inetd --remove daytime
 +   update-inetd --remove telnet
 +   update-inetd --remove time
 +   update-inetd --remove finger
 +   update-inetd --remove talk
 +   update-inetd --remove ntalk
 +   update-inetd --remove ftp
 +   update-inetd --remove discard
 +   <- Yes
 +
 +   /etc/init.d/inetd reload
 +
 +==== Configure The Network ====
 +
 +Because the Debian Sarge installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs.
 +
 +   # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
 +   
 +   # The loopback interface
 +   auto lo
 +   iface lo inet loopback
 +   
 +   # The first network card - this entry was created during the Debian installation
 +   # (network, broadcast and gateway are optional)
 +   auto eth0
 +   iface eth0 inet static
 +          address 192.168.0.100
 +          netmask 255.255.255.0
 +          network 192.168.0.0
 +          broadcast 192.168.0.255
 +          gateway 192.168.0.1
 +          up /path/to/your/firewall.sh
 +         # up /sbin/ifconfig eth0 txqueuelen 1000   # 1000Mbits force
 +
 +Use {{linux:firewall.sh|this firewall.sh}} as an example.
 +
 +Edit ''/etc/resolv.conf'' and add some nameservers:
 +   search server
 +   nameserver xxx.xxx.xxx.xxx
 +   nameserver xxx,xxx,xxx,yyy
 +
 +Edit ''/etc/hosts'' and add your new IP addresses:
 +   127.0.0.1       localhost.localdomain   localhost       server1
 +   192.168.0.100   server1.example.com     server1
 +
 +
 +
 +
 +
 +
 +==== Configuration optimization ====
 +''/etc/syslog.conf'' \\
 +''/etc/issue'' \\
 +[[http://tnt.aufbix.org/tnt/doku.php?id=dns&s=host%20conf#general_dns_linux_stuff|/etc/host.conf]]\\
 +''/etc/issue.net'' \\
 +''/etc/motd'' \\
 +''/etc/ntp.conf'' \\
 +''/etc/sysctl.conf'' - see [[:linux:sysctl|this]] \\
 +''**/etc/default/rcS**''
 +   # Set EDITMOTD to "no" if you don't want /etc/motd to be editted automatically
 +   EDITMOTD=no
 +   # Set FSCKFIX to "yes" if you want to add "-y" to the fsck at startup.
 +   FSCKFIX=yes
 +/etc/hosts.deny
 +   ALL:ALL
 +/etc/hosts.allow
 +   sshd: trusted-network/netmask
 +/etc/fstab
 +   # /etc/fstab: static file system information.
 +   #
 +   # <file system> <mount point>   <type>  <options>               <dump>  <pass>
 +   /dev/md1        none         swap    sw                  0       0
 +   /dev/md2        /tmp           reiserfs        defaults,nodev,nosuid,noexec  0       0
 +   /dev/md3        /                 ext3    errors=remount-ro             1
 +   /dev/md4        /home        reiserfs        defaults,noatime        0       0
 +   /dev/md0        /var            reiserfs        defaults,noatime        0       0
 +
 +/etc/modules.conf - (e100 extra)
 +   #options e100 e100_speed_duplex=2
 +   #Valid Range: 0-4 (1=10half;2=10full;3=100half;4=100full)
 +   #Default Value: 0
 +   #   The default value of 0 sets the adapter to auto-negotiate. Other values
 +   #   set the adapter to forced speed and duplex. 
 +   #   Example usage: insmod e100.o e100_speed_duplex=4,4 (for two adapters)
 +
 +
 +## 
 +#
 +
 +==== Some dpkg-hacks ====
 +
 +   dpkg-query -W --showformat='${Package}\n'
 +   dpkg-query -W --showformat='${Installed-Size} ${Status} ${Package}\n' | sort -n
 +   dpkg --get-selections | awk '{ print $1; }'| tr "\n" " "
 +**Sorting debian packages installed by size**
 +   dpkg-query --show --showformat='${Package;-50}\t${Installed-Size}\n'  | sort -k2 -n
 +
 +
 +== How to disable IPv6 in debian linux ==
 +/etc/modprobe.d/aliases\\
 +net ipv-10 off\\
 +net ipv6 off\\
 +
 +===== Tips & troubleshooting =====
 +==== 'apt-get' (Debian) says "E: Dynamic MMap ran out of room" and bails out ====
 +
 +Create a file **/etc/apt/apt.conf** and put something like:
 +
 +   Apt::Cache-Limit 67108864;
 +
 +in it. If it still fails, make that number higher.
 +
 +==== apt-get (from Debian) suddenly segfaults ====
 +
 +Delete the file '**/var/cache/apt/pkgcache.bin**' and re-run '**apt-get update**'.
 +
 +==== Create a backup list of packages and resinstall ====
 +
 +   sudo dpkg --get-selections > package_list.txt
 +
 +Save the text file on a thumb drive, format the drive, reinstall Ubuntu/Debian, then to a
 +
 +   sudo dpkg --set-selections < package_list.txt
 +   sudo apt-get -y update
 +   sudo apt-get dselect-upgrade
  
linux/debian.1149784667.txt.gz ยท Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready