This is an old revision of the document!
Debian GNU/Linux
links:
Perfect Debian Server Setup
Base instalation
Requirements
To install such a system you will need the following:
- A Debian Sarge Netinstall CD (available here)
- an internet connection since I will describe a network installation in this document
- Insert your Sarge Netinstall CD into your system and boot from it (enter
linux26
at the boot prompt to install a 2.6 kernel) - install only base system
- for RAID see: Setting SWRAID
- use lilo if plan to boot from raid devices
- use grub if you have hardware raid
Install/Remove Some Software
Now let's install some software we need later on and remove some packages that we do not need:
apt-get install wget bzip2 rdate nmap ssh taceroute-nanog links-ssl lynx fileutils iptaf iproute less tcpdump ntp-simple apt-get remove lpr nfs-common portmap pidentd pcmcia-cs
update-rc.d -f exim remove update-inetd --remove daytime update-inetd --remove telnet update-inetd --remove time update-inetd --remove finger update-inetd --remove talk update-inetd --remove ntalk update-inetd --remove ftp update-inetd --remove discard <- Yes
/etc/init.d/inetd reload
Configure The Network
Because the Debian Sarge installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs.
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 up /path/to/your/firewall.sh # up /sbin/ifconfig eth0 txqueuelen 1000 # 1000Mbits force
Use this firewall.sh as an example.
Edit /etc/resolv.conf
and add some nameservers:
search server nameserver xxx.xxx.xxx.xxx nameserver xxx,xxx,xxx,yyy
Edit /etc/hosts
and add your new IP addresses:
127.0.0.1 localhost.localdomain localhost server1 192.168.0.100 server1.example.com server1
Configuration optimization
/etc/syslog.conf
/etc/issue
/etc/issue.net
/etc/motd
/etc/ntp.conf
/etc/sysctl.conf
- see this
/etc/default/rcS
# Set EDITMOTD to "no" if you don't want /etc/motd to be editted automatically EDITMOTD=no # Set FSCKFIX to "yes" if you want to add "-y" to the fsck at startup. FSCKFIX=yes
/etc/hosts.deny
ALL:ALL
/etc/hosts.allow
sshd: trusted-network/netmask
/etc/fstab
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> /dev/md1 none swap sw 0 0 /dev/md2 /tmp reiserfs defaults,nodev,nosuid,noexec 0 0 /dev/md3 / ext3 errors=remount-ro 0 1 /dev/md4 /home reiserfs defaults,noatime 0 0 /dev/md0 /var reiserfs defaults,noatime 0 0
/etc/modules.conf - (e100 extra)
#options e100 e100_speed_duplex=2 #Valid Range: 0-4 (1=10half;2=10full;3=100half;4=100full) #Default Value: 0 # The default value of 0 sets the adapter to auto-negotiate. Other values # set the adapter to forced speed and duplex. # Example usage: insmod e100.o e100_speed_duplex=4,4 (for two adapters)