Debian GNU/Linux

• Kernel compiling with make-kpkg
• Debian kernel recompile
• The Very Verbose Guide to Updating and Compiling Your Debian Kernel
• Secure APT
• A Collection of Debian Linux Howto 's

Requirements

To install such a system you will need the following:

• A Debian Sarge Netinstall CD (available here)
• an internet connection since I will describe a network installation in this document

• Insert your Sarge Netinstall CD into your system and boot from it (enter linux26 at the boot prompt to install a 2.6 kernel)
• install only base system
• for RAID see: Setting SWRAID
  • use lilo if plan to boot from raid devices
  • use grub if you have hardware raid

Now let's install some software we need later on and remove some packages that we do not need:

 apt-get install wget bzip2 rdate nmap ssh taceroute-nanog links-ssl lynx fileutils iptaf iproute less tcpdump ntp-simple
 apt-get remove lpr nfs-common portmap pidentd pcmcia-cs

 update-rc.d -f exim remove
 update-inetd --remove daytime
 update-inetd --remove telnet
 update-inetd --remove time
 update-inetd --remove finger
 update-inetd --remove talk
 update-inetd --remove ntalk
 update-inetd --remove ftp
 update-inetd --remove discard
 <- Yes

 /etc/init.d/inetd reload

Because the Debian Sarge installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs.

 # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
 
 # The loopback interface
 auto lo
 iface lo inet loopback
 
 # The first network card - this entry was created during the Debian installation
 # (network, broadcast and gateway are optional)
 auto eth0
 iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        up /path/to/your/firewall.sh
       # up /sbin/ifconfig eth0 txqueuelen 1000   # 1000Mbits force

Use this firewall.sh as an example.

Edit /etc/resolv.conf and add some nameservers:

 search server
 nameserver xxx.xxx.xxx.xxx
 nameserver xxx,xxx,xxx,yyy

Edit /etc/hosts and add your new IP addresses:

 127.0.0.1       localhost.localdomain   localhost       server1
 192.168.0.100   server1.example.com     server1

/etc/syslog.conf
/etc/issue
/etc/issue.net
/etc/motd
/etc/ntp.conf
/etc/sysctl.conf - see this
/etc/default/rcS

 # Set EDITMOTD to "no" if you don't want /etc/motd to be editted automatically
 EDITMOTD=no
 # Set FSCKFIX to "yes" if you want to add "-y" to the fsck at startup.
 FSCKFIX=yes

/etc/hosts.deny

 ALL:ALL

/etc/hosts.allow

 sshd: trusted-network/netmask

/etc/fstab

 # /etc/fstab: static file system information.
 #
 # <file system> <mount point>   <type>  <options>               <dump>  <pass>
 /dev/md1        none         swap    sw                  0       0
 /dev/md2        /tmp           reiserfs        defaults,nodev,nosuid,noexec  0       0
 /dev/md3        /                 ext3    errors=remount-ro       0       1
 /dev/md4        /home        reiserfs        defaults,noatime        0       0
 /dev/md0        /var            reiserfs        defaults,noatime        0       0

/etc/modules.conf - (e100 extra)

 #options e100 e100_speed_duplex=2
 #Valid Range: 0-4 (1=10half;2=10full;3=100half;4=100full)
 #Default Value: 0
 #   The default value of 0 sets the adapter to auto-negotiate. Other values
 #   set the adapter to forced speed and duplex. 
 #   Example usage: insmod e100.o e100_speed_duplex=4,4 (for two adapters)