The Perfect Setup - Debian Woody (3.0) - Page 4

2 Installing and Configuring the Rest of the System

Configure additional IP Addresses

If you have more than one IP address you can add your additional IP addresses by editing /etc/network/interfaces. It will look similar to this:

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

If you want to add the IP address 192.168.0.101 to the interface eth0 you should change the file to look like this:

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

auto eth0:0
iface eth0:0 inet static
address 192.168.0.101
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Setting the Hostname

echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname

Install/Remove some Software

Add

deb http://backports.debian.skynet.be woody cyrus-sasl2

to /etc/apt/sources.list and run

apt-get update
apt-get install wget bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl (1 line!)
apt-get remove lpr nfs-common portmap pidentd pcmcia-cs pppoe pppoeconf ppp pppconfig

update-rc.d -f exim remove
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
<- Yes [y]

/etc/init.d/inetd reload


Quota

apt-get install quota quotatool

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to partition /dev/hda6):

# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/hda1 /boot ext3 errors=remount-ro 0 1
/dev/hda5 none swap sw 0 0
proc /proc proc defaults 0 0
/dev/fd0 /floppy auto user,noauto 0 0
/dev/cdrom /cdrom iso9660 ro,user,noauto 0 0
/dev/hda6 / ext3 defaults,usrquota,grpquota 0 2

Then run:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm

quotaon -avug


DNS-Server

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the startup script /etc/init.d/bind9 so that the daemon will run as the unprivileged user 'nobody', chrooted to /var/lib/named. Modify the line: OPTS="" so that it reads OPTS="-u nobody -t /var/lib/named":

#!/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin

# for a chrooted server: "-u nobody -t /var/lib/named"
OPTS="-u nobody -t /var/lib/named"

test -x /usr/sbin/named || exit 0

case "$1" in
start)
echo -n "Starting domain name service: named"
start-stop-daemon --start --quiet \
--pidfile /var/run/named.pid --exec /usr/sbin/named -- $OPTS
echo "."
;;

stop)
echo -n "Stopping domain name service: named"
/usr/sbin/rndc stop
echo "."
;;

reload)
/usr/sbin/rndc reload
;;

restart|force-reload)
$0 stop
sleep 2
$0 start
;;

*)
echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
exit 1
;;
esac

exit 0

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir /var/lib/named/var/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R nobody:nogroup /var/lib/named/var/*
chown -R nobody:nogroup /var/lib/named/etc/bind

We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd

test -x $binpath || exit 0

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

create_xconsole()
{
if [ ! -e /dev/xconsole ]; then
mknod -m 640 /dev/xconsole p
else
chmod 0640 /dev/xconsole
fi
chown root.adm /dev/xconsole
}

running()
{
# No pidfile, probably no daemon present
#
if [ ! -f $pidfile ]
then
return 1
fi

pid=`cat $pidfile`

# No pid, probably no daemon present
#
if [ -z "$pid" ]
then
return 1
fi

cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -1`

# No syslogd?
#
if [ "$cmd" != "$binpath" ]
then
return 1
fi

return 0
}

case "$1" in
start)
echo -n "Starting system log daemon: syslogd"
create_xconsole
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
stop)
echo -n "Stopping system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
echo "."
;;
reload|force-reload)
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
;;
restart)
echo -n "Stopping system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
echo "."
sleep 1
echo -n "Starting system log daemon: syslogd"
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
reload-or-restart)
if running
then
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
else
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
fi
;;
*)
echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
exit 1
esac

exit 0

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for any errors:

/etc/init.d/bind9 start

Share this page:

1 Comment(s)