3.5 KiB
Introduction
This document describes some procedures commonly needed when installing a new server.
The installation procedure is done inside a VM using a raw disk image. The disk image can then be written onto the real hardware using dd. This has two benefits:
- The installation may be faster, if the VM runs on an SSD
- Snapshots can be used in various stages of the installation process
Partitioning
The partitioning is optimized for a BIOS system. The data partition can be grown later.
fallocate -l 14G Disk.img
parted Disk.img
mklabel msdos
mkpart pri ext4 1MiB 12GiB
mkpart pri ext4 12GiB -1s
set 1 boot on
quit
vboxmanage internalcommands createrawvmdk -filename Disk.vmdk -rawdisk Disk.img
Swapfile/Pagefile
Instead of an entire partition, it is also possible to create a swap file.
fallocate -l 2G /swap
mkswap /swap
chmod 600 /swap
swapon /swap
In /etc/fstab
/swap none swap defaults 0 0
Security
-
Sudo config (not needed in Ubuntu):
- Add group sudo in /etc/group:
sudo:x:27:user
(Debian GID) - Add group sudo to /etc/sudoers:
%sudo ALL=(ALL:ALL) ALL
- In openSUSE: Remove
Defaults targetpw
- Disable root account (put an asterisk
*
as password)
- Add group sudo in /etc/group:
-
Create SSH user:
echo "sshuser:x:999:65534::/run:/bin/bash" >> /etc/passwd
echo "sshuser:*:16436:0:99999::::" >> /etc/shadow
- Change the password:
sudo passwd sshuser
-
Edit SSH config
/etc/ssh/sshd_config
: Port xxx AllowUsers sshuser git ClientAliveInterval 10 ClientAliveCountMax 3 UseDNS no
Convenience
~/.bashrc
unalias ls
alias ls='ls --color=auto'
alias l='ls -Flhtr'
alias ll='ls -al'
alias psl='ps -eo user,pid,ppid,%cpu,ni,vsz,cmd --forest | less'
alias md='mkdir -p'
PS1='\[\e]2;\W (\h)\a\e[31m\]\u@\h:\[\e[36m\]\w\[\e[0m\]*$(__git_ps1 %s)\$ '
~/.inputrc
$include /etc/inputrc
set completion-ignore-case on
TAB: menu-complete
Install packages
DO NOT FORGET to install firmware packages! For instance, a lot of laptops contain a Broadcom wireless card which does not work out-of-the-box. For openSUSE, the following packages are needed:
Server Software
- git
- mariadb
- php5-fpm php5-phar php5-openssl php5-xdebug php5-mysql
Note: Files created in /tmp by PHP-FPM are actually in a subdirectory named /tmp/systemd-private-*
Also see https://fedoraproject.org/wiki/Features/ServicesPrivateTmp
Crontab
Debian /etc/cron.*
times:
# m h dom mon dow
17 * * * * # hourly
25 6 * * * # daily
47 6 * * 7 # weekly
52 6 1 * * # monthly
AWstats
mkdir /usr/local/awstats && cd /usr/local/awstats && git init
git remote add origin https://github.com/eldy/awstats.git
git fetch --depth=1 origin tag AWSTATS_7_4
git checkout AWSTATS_7_4
Check version tags:
git ls-remote
To use it with AWstats,
set: DirIcons="/awstatsicons"
Free Space
find /var/log -type f | xargs rm
for f in var tmp root data; do echo Zeroing $f; dd if=/dev/zero bs=1M of=/$f/zero; done
sync
for f in var tmp root data; do rm -v /$f/zero; done
Also see zerofree.sh