The Perfect Setup - Debian Woody (3.0) - Page 4
2 Installing
and Configuring the Rest of the System
Configure additional
IP Addresses
If you have more
than one IP address you can add your additional IP addresses by editing /etc/network/interfaces.
It will look similar to this:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface auto lo iface lo inet loopback
# The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
|
If you want to
add the IP address 192.168.0.101
to the interface eth0
you should change the file to look like this:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface auto lo iface lo inet loopback
# The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
auto eth0:0 iface eth0:0 inet static address 192.168.0.101 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
|
Then restart your
network:
/etc/init.d/networking
restart
Setting the
Hostname
echo server1.example.com
> /etc/hostname
/bin/hostname -F /etc/hostname
Install/Remove
some Software
Add
deb http://backports.debian.skynet.be woody cyrus-sasl2
to /etc/apt/sources.list
and run
apt-get
update
apt-get install wget
bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl
zlib1g-dev libpopt-dev nmap openssl (1
line!)
apt-get remove lpr nfs-common
portmap pidentd pcmcia-cs pppoe pppoeconf ppp pppconfig
update-rc.d -f exim remove
update-inetd --remove
daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
<- Yes [y]
/etc/init.d/inetd reload
Quota
apt-get install quota quotatool
Edit /etc/fstab
to look like this (I added ,usrquota,grpquota
to partition /dev/hda6):
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> /dev/hda1 /boot ext3 errors=remount-ro 0 1 /dev/hda5 none swap sw 0 0 proc /proc proc defaults 0 0 /dev/fd0 /floppy auto user,noauto 0 0 /dev/cdrom /cdrom iso9660 ro,user,noauto 0 0 /dev/hda6 / ext3 defaults,usrquota,grpquota 0 2
|
Then run:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
DNS-Server
apt-get
install bind9
For security reasons
we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the startup
script /etc/init.d/bind9
so that the daemon
will run as the unprivileged user 'nobody',
chrooted to /var/lib/named.
Modify the line: OPTS=""
so that it reads OPTS="-u nobody
-t /var/lib/named":
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# for a chrooted server: "-u nobody -t /var/lib/named" OPTS="-u nobody -t /var/lib/named"
test -x /usr/sbin/named || exit 0
case "$1" in start) echo -n "Starting domain name service: named" start-stop-daemon --start --quiet \ --pidfile /var/run/named.pid --exec /usr/sbin/named -- $OPTS echo "." ;;
stop) echo -n "Stopping domain name service: named" /usr/sbin/rndc stop echo "." ;;
reload) /usr/sbin/rndc reload ;;
restart|force-reload) $0 stop sleep 2 $0 start ;;
*) echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 exit 1 ;; esac
exit 0
|
Create the necessary
directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir /var/lib/named/var/run
Then move the config
directory from /etc
to
/var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink
to the new config directory from the old location (to avoid problems when bind
is upgraded in the future):
ln -s /var/lib/named/etc/bind
/etc/bind
Make null and random
devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null
c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R nobody:nogroup /var/lib/named/var/*
chown -R nobody:nogroup /var/lib/named/etc/bind
We need to modify
the startup script /etc/init.d/sysklogd
of sysklogd so that we
can still get important messages logged to the system logs. Modify the line:
SYSLOGD=""
so that it reads: SYSLOGD="-a
/var/lib/named/dev/log":
#! /bin/sh # /etc/init.d/sysklogd: start the system log daemon.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
pidfile=/var/run/syslogd.pid binpath=/sbin/syslogd
test -x $binpath || exit 0
# Options for start/restart the daemons # For remote UDP logging use SYSLOGD="-r" # SYSLOGD="-a /var/lib/named/dev/log"
create_xconsole() { if [ ! -e /dev/xconsole ]; then mknod -m 640 /dev/xconsole p else chmod 0640 /dev/xconsole fi chown root.adm /dev/xconsole }
running() { # No pidfile, probably no daemon present # if [ ! -f $pidfile ] then return 1 fi
pid=`cat $pidfile`
# No pid, probably no daemon present # if [ -z "$pid" ] then return 1 fi
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -1`
# No syslogd? # if [ "$cmd" != "$binpath" ] then return 1 fi
return 0 }
case "$1" in start) echo -n "Starting system log daemon: syslogd" create_xconsole start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD echo "." ;; stop) echo -n "Stopping system log daemon: syslogd" start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile echo "." ;; reload|force-reload) start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile ;; restart) echo -n "Stopping system log daemon: syslogd" start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile echo "." sleep 1 echo -n "Starting system log daemon: syslogd" start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD echo "." ;; reload-or-restart) if running then start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile else start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD fi ;; *) echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}" exit 1 esac
exit 0
|
Restart the logging
daemon:
/etc/init.d/sysklogd restart
Start up BIND,
and check /var/log/syslog
for any errors:
/etc/init.d/bind9 start