The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 2] - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2009-02-17 17:29. ::

4 Install The SSH Server

Debian Lenny does not install OpenSSH by default, therefore we do it now. Run

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Lenny server and follow the remaining steps from this tutorial.

 

5 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)

 

6 Configure The Network

Because the Debian Lenny installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100) (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run

echo server1.example.com > /etc/hostname
/etc/init.d/hostname.sh start

Afterwards, run

hostname
hostname -f

Both should show server1.example.com.

 

7 Update Your Debian Installation

Run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any).

 

8 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)

 

9 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    errors=remount-ro,usrquota,grpquota 0       1
/dev/sda5       none            swap    sw              0       0
/dev/hda        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

10 BIND9 DNS Server

Run

apt-get install bind9

to install BIND9.

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when BIND gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to open /etc/rsyslog.d/bind-chroot.conf...

vi /etc/rsyslog.d/bind-chroot.conf

... and add the following line so that we can still get important messages logged to the system logs:

$AddUnixListenSocket /var/lib/named/dev/log

Restart the logging daemon:

/etc/init.d/rsyslog restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Dima (not registered) on Tue, 2011-06-14 23:49.
There is no need to manualy create aquota.user and aquota.group files. They are created automatically by using command quotacheck with appropriate keys ( -c -u -g )
Submitted by Nokao (not registered) on Thu, 2010-05-20 22:37.

Do you think that the DNS step is important even for who don't need a DNS server ?

 

I mean ... is it true that a DNS server only for local software is "a must have" ?

Submitted by ROk (not registered) on Thu, 2010-03-18 10:50.

In file /etc/network/interfaces DO NOT WRITE DNS adressess. ONLY /etc/resolv.conf

If you will need to specify your DNS servers manually in /etc/resolv.conf, which should look something like this:

search mydomain.example

nameserver 192.168.0.1

nameserver 4.2.2.2

Else this will be mistakes.

Submitted by Yves (not registered) on Sun, 2010-01-31 14:11.

To use IPv6, i.e. listen-on-v6, you need to mount proc inside your chroot:

 mkdir /var/lib/named/proc

 mount -t proc proc /var/lib/named/proc

 Don't forget to create a mount that persists after next reboot, i.e. by adding it to /etc/fstab

Submitted by Anonymous (not registered) on Fri, 2009-02-20 23:24.

From Etch onward, it is recommended that users use aptitude instead of apt-get.  Aptitude has advanced dependency handling that can avoid some serious problems in unusual situations. 

From the official debian documentation http://www.debian.org/releases/stable/i386/release-notes/ch-whats-new.en.html#s-pkgmgmt:

" The preferred program for package management from the command line is aptitude, which can perform the same package management functions as apt-get and has proven to be better at dependency resolution."

Submitted by ree (not registered) on Thu, 2009-12-31 13:38.

hi,

plz edit /etc/init.d/bind9 startup script!! 

to do it follow :

nano /etc/init.d/bind9

then find the PIDFILE def. and edit to look lile that:

PIDFILE=/var/lib/named/var/run/bind/run/named.pid

and restart bind9: 

/etc/init.d/bind9 restart

regards

Submitted by Yves (not registered) on Fri, 2010-01-29 23:26.

This is not necessary. The correct path inside the jail is /var/run/bind/run/named.pid