User Tools

Site Tools


build:debian

Debian

These instructions document the configuration of Debian 6.0 on our servers.

Package Selection

We start with a minimal ("netinst") installation, with only a few packages installed. We will install all the required packages manually. This provides some added security, as we've minimized our attack surface to only the applications we actually need.

This system is intended to be a server, and should never run any X programs. Most administration should be done via SSH and the command line. Any GUI-type administration should be done over HTTPS. So we never install any X server or X client programs.

If for some reason you receive a system with packages "helpfully" already installed for you, it's relatively simple to undo this. Simply run the tasksel program as root, and uncheck everything except for "SSH Server". Then run the following command (as root) to remove any extra package remnants:

dpkg --list | grep ^rc | awk '{print $2}' | xargs dpkg --purge

In addition, we'd like to remove portmap:

apt-get purge portmap
apt-get autoremove

Hostname

Set the hostname and the domain name:

HOSTNAME='osriver2'
DOMAIN='boochtek.com'
echo $HOSTNAME > /etc/hostname
echo $HOSTNAME.$DOMAIN > /etc/mailname

Edit /etc/hosts to add the IP address of the system. We can also put other closely-related systems in there. Note that the fully-qualified name must come before the short name, so that the system can determine the domain name properly. Also, do not put the hostname on the localhost line. The file should look something like this:

127.0.0.1       localhost
192.168.210.143 osriver2.boochtek.com osriver2 booch.osriver.egress
192.168.210.211 osriver.boochtek.com osriver
209.20.75.29    slicehost.boochtek.com slicehost

Make sure that the first listed name is a subdomain name. I.e. don't just put boochtek.com as the primary name, or else the system will decide that the domain name is com.

Have the OS reload the hostname:

/etc/init.d/hostname.sh start

Verify that the system has the correct the hostname, domain name, and fully qualified hostname:

hostname
hostname -d
hostname -f

Package Repositories

We like to include "contrib" and "non-free" repositories, to have the maximum number of packages available. Debian 6.0 comes without those configured by default. We add them to each line in the /etc/apt/sources.list file. We also remove the lines that reference the installation CD-ROM.

In previous versions of Debian, we had to manually add repositories for security updates and volatile updates. (Volatile repositories allow packages like ClamAV, SpamAssassin, and TZData to be updated more frequently than normal Debian policies allow.) In Debian 6 (Squeeze) these are included by default.

The /etc/apt/sources.list file should then look like this:

deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://ftp.us.debian.org/debian/ squeeze-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze-updates main contrib non-free

We have to update the package list, making APT aware of the new repositories:

apt-get update

Package Updates

It's likely that some packages will have been updated since the time the installation CD was created. To upgrade them:

apt-get upgrade

The first time through, there's a good change that the kernel will be updated. If so, it will tell you that you need to reboot:

reboot

Time Zone

Many hosting companies will install new systems with a UTC timezone. I prefer to use my own timezone:

echo "America/Chicago" > /etc/timezone

NOTE: You could also use dpkg-reconfigure tzdata to set the timezone interactively.

Locales

If you don't have an /etc/default/locale file, SSH will complain. It also helps with displaying special characters. Note that this is an interactive program. We selected en_US (ISO-8859-1) and en_US.UTF-8, and set the default to en_US.UTF-8.

dpkg-reconfigure locales

Root Alias

Debian sends some emails to root. We need to forward those emails to someone who will actually read them.

# Set this to a comma-separated list of email addresses.
ROOT_EMAIL_RECIPIENTS='craig@boochtek.com'
sed -i -e "s|^root:.*\$|root: $ROOT_EMAIL_RECIPIENTS|" /etc/aliases
newaliases
build/debian.txt · Last modified: 2013/04/16 00:31 by Admin