The Perfect Setup - Debian Woody (3.0) - Page 4
2 Installing and Configuring the Rest of the System
Configure additional IP Addresses
If you have more than one IP address you can add your additional IP addresses by editing /etc/network/interfaces. It will look similar to this:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface auto lo iface lo inet loopback
# The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
|
If you want to add the IP address 192.168.0.101 to the interface eth0 you should change the file to look like this:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface auto lo iface lo inet loopback
# The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
auto eth0:0 iface eth0:0 inet static address 192.168.0.101 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
|
Then restart your network:
/etc/init.d/networking restart
Setting the Hostname
echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname
Install/Remove some Software
Add
deb http://backports.debian.skynet.be woody cyrus-sasl2
to /etc/apt/sources.list and run
apt-get update
apt-get install wget bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl (1 line!)
apt-get remove lpr nfs-common portmap pidentd pcmcia-cs pppoe pppoeconf ppp pppconfig
update-rc.d -f exim remove
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
<- Yes [y]
/etc/init.d/inetd reload
Quota
apt-get install quota quotatool
Edit /etc/fstab to look like this (I added ,usrquota,grpquota to partition /dev/hda6):
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> /dev/hda1 /boot ext3 errors=remount-ro 0 1 /dev/hda5 none swap sw 0 0 proc /proc proc defaults 0 0 /dev/fd0 /floppy auto user,noauto 0 0 /dev/cdrom /cdrom iso9660 ro,user,noauto 0 0 /dev/hda6 / ext3 defaults,usrquota,grpquota 0 2
|
Then run:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
DNS-Server
apt-get install bind9
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the startup script /etc/init.d/bind9 so that the daemon will run as the unprivileged user 'nobody', chrooted to /var/lib/named. Modify the line: OPTS="" so that it reads OPTS="-u nobody -t /var/lib/named":
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# for a chrooted server: "-u nobody -t /var/lib/named" OPTS="-u nobody -t /var/lib/named"
test -x /usr/sbin/named || exit 0
case "$1" in start) echo -n "Starting domain name service: named" start-stop-daemon --start --quiet \ --pidfile /var/run/named.pid --exec /usr/sbin/named -- $OPTS echo "." ;;
stop) echo -n "Stopping domain name service: named" /usr/sbin/rndc stop echo "." ;;
reload) /usr/sbin/rndc reload ;;
restart|force-reload) $0 stop sleep 2 $0 start ;;
*) echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 exit 1 ;; esac
exit 0
|
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir /var/lib/named/var/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R nobody:nogroup /var/lib/named/var/*
chown -R nobody:nogroup /var/lib/named/etc/bind
We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":
#! /bin/sh # /etc/init.d/sysklogd: start the system log daemon.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
pidfile=/var/run/syslogd.pid binpath=/sbin/syslogd
test -x $binpath || exit 0
# Options for start/restart the daemons # For remote UDP logging use SYSLOGD="-r" # SYSLOGD="-a /var/lib/named/dev/log"
create_xconsole() { if [ ! -e /dev/xconsole ]; then mknod -m 640 /dev/xconsole p else chmod 0640 /dev/xconsole fi chown root.adm /dev/xconsole }
running() { # No pidfile, probably no daemon present # if [ ! -f $pidfile ] then return 1 fi
pid=`cat $pidfile`
# No pid, probably no daemon present # if [ -z "$pid" ] then return 1 fi
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -1`
# No syslogd? # if [ "$cmd" != "$binpath" ] then return 1 fi
return 0 }
case "$1" in start) echo -n "Starting system log daemon: syslogd" create_xconsole start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD echo "." ;; stop) echo -n "Stopping system log daemon: syslogd" start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile echo "." ;; reload|force-reload) start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile ;; restart) echo -n "Stopping system log daemon: syslogd" start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile echo "." sleep 1 echo -n "Starting system log daemon: syslogd" start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD echo "." ;; reload-or-restart) if running then start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile else start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD fi ;; *) echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}" exit 1 esac
exit 0
|
Restart the logging daemon:
/etc/init.d/sysklogd restart
Start up BIND, and check /var/log/syslog for any errors:
/etc/init.d/bind9 start