-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathinstall.ubuntu.hardy.server
197 lines (144 loc) · 4.79 KB
/
install.ubuntu.hardy.server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
Install Crib Sheet for Ubuntu 8.04 (Hardy) - Server version
##################### BASE INSTALL SECTION #########################
1.) Boot the install cd and follow instructions to do the base
install. Set up machine as desired. Fairly
self-explanatory. Partitioning should be roughly as follows, adjusted
for available disk size as appropriate (including for RAID). Disk
labels should be representative of the mount point.
Pysical Partitions:
1 1GB /boot
2 Rest physical volume for LVM*
* = Alernatively, do volume for encryption, containing a single LVM
partition.
- If you are doing RAID, then you want the above physical partition
scheme across multiple drives, with each one set up for "Physical
volume for RAID". Then you create MD devices for each pairing (same
partition on each drive) and then define it to be whatever it is
above, and continue on as normal from there.
LVM Partitions
swap 2*RAM
usr_local 5GB /usr/local
tmp 5GB /tmp
var 10GB /var
root 10GB /
home Rest /home
- Since this is a virtual machine server, /tmp and /var are much
smaller than what otherwise might be. Ultimately, it depends on the
use of the server.
- For some machines, a common area of /pub, or /shared, might be
appropriate, and should be taken out of /home)
## NOTE: All this stuff assumes that you're root, such as with "sudo -s"
2.) Set up static IP's (for machines with them)
- edit /etc/network/interfaces, and add lines like:
auto iface eth0 inet static
address 192.168.9.1
netmask 255.255.255.0
gateway 192.168.9.254
ifdown eth0
ifup eth0
3.) After machine is up, edit /etc/apt/sources.list and enable:
- main
- universe
- restricted
- multiverse
for both hardy and hardy-updates, both the normal and the source code.
Also enable:
- hardy-backports
- hardy-security
(or just grab sources.list from some reasonable machine)
4.) Do:
apt-get update
apt-get dist-upgrade
5.) Install applications
apt-get install emacs emacs-goodies-el php-mode css-mode ssmtp apt-show-versions ntp xauth
##################### BASELINE SERVER SET UP SECTION #########################
1.) Make ssh work:
## For an old machine, use the old keys - you did save /etc, didn't you?
## For a new machine, use the existing keys generated by the distro.
- in /etc/ssh/ssh_config, add the following
# ssh multiplexing - multiplex subsequent connections through the
# first. Huge speed increase on some things, convenience on others.
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
- make sure to add to the firewall
ufw allow ssh
Note on X11 and agent forwarding
- This used to be in the system defaults, but is now in per-user
defaults, and only for specific machines. The forwarding channel
could be used to back-hack to the original machine.
2.) Turn on the firewall.
ufw enable
3.) Set up /etc/hosts.allow and /etc/hosts.deny:
- hosts.allow:
----------------
ALL: 127.0.0.1
sshd: ALL
-----------------
- hosts.deny:
----------------
ALL:ALL
-----------------
0.) Grab /usr/local/apps from an existing machine, or nfs mount
it. Many of these depend on it.
1.) bash
- add the following to /etc/bash.bashrc
# Add in my stuff
if [ -f /usr/local/apps/bash/bash.bashrc ]; then
. /usr/local/apps/bash/bash.bashrc
fi
cd /etc/
mv inputrc inputrc.orig
ln -s /usr/local/apps/bash/inputrc .
NOTE: if this is a new machine with a new homedir, and these
configurations don't seem to take effect, you need to kill the default
.bashrc file stuck in a user's homedir.
X.) Fix /etc/skel
cd /etc/skel
rm .bashrc
touch .bashrc
2.) emacs
cd /etc/emacs/site-start.d
ln -s /usr/local/apps/emacs/local.el ./50local.el
ln -s /usr/local/apps/emacs/csharp-mode.el ./50csharp-mode.el
3.) Configure bootloader (GRUB)
- edit /boot/grub/menu.lst
- make sure hiddenmenu is commented out
- uncomment the color line
- set the timeout to 2
8.) ntpd
## for standalone (laptop):
- do nothing
## for server:
- add ntpd to hosts.allow list
ntpd: 192.168.9.0/24
- add the following:
restrict 192.168.9.0 mask 255.255.255.0 kod notrap nomodify nopeer
## for server, make sure to add to ufw
ufw allow ntp
## for client
- edit /etc/ntpd.conf and comment out the line:
server ntp.ubuntu.com
- and add the line:
server 192.168.9.98
9.) set up messages
- edit /etc/issue to have a nice message
cd /etc
rm issue.net
ln -s issue issue.net
14.) Set up ssmtp
cd /etc/ssmtp
mv ssmtp.conf ssmtp.conf.old
ln -s /usr/local/apps/ssmtp/ssmtp.conf .
18.) /etc/hosts
- add hosts to /etc/hosts as appropriate
- for machines with static IP's, use that IP and delete it from the localhost
line
- If using a multihomed host, you should probably use the private IP
for the canonical hostname, so that NFSv4 clientaddr lookups are
automatically resolved.
23.) Turn off the annoying PC speaker
modprobe -r pcspkr
cd /etc/modprobe.d
ln -s /usr/local/apps/modprobe.d/* .
depmod
update-initramfs -u