adrian
/
linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/doc/Install-a-Server.md

3.5 KiB
Raw Permalink Blame History

Introduction

This document describes some procedures commonly needed when installing a new server.

The installation procedure is done inside a VM using a raw disk image. The disk image can then be written onto the real hardware using dd. This has two benefits:

  1. The installation may be faster, if the VM runs on an SSD
  2. Snapshots can be used in various stages of the installation process

Partitioning

The partitioning is optimized for a BIOS system. The data partition can be grown later.

fallocate -l 14G Disk.img
parted Disk.img
mklabel msdos
mkpart pri ext4 1MiB 12GiB
mkpart pri ext4 12GiB -1s
set 1 boot on
quit

vboxmanage internalcommands createrawvmdk -filename Disk.vmdk -rawdisk Disk.img

Swapfile/Pagefile

Instead of an entire partition, it is also possible to create a swap file.

fallocate -l 2G /swap
mkswap /swap
chmod 600 /swap
swapon /swap

In /etc/fstab

/swap none swap defaults 0 0

Security

  • Sudo config (not needed in Ubuntu):

    • Add group sudo in /etc/group: sudo:x:27:user (Debian GID)
    • Add group sudo to /etc/sudoers: %sudo ALL=(ALL:ALL) ALL
    • In openSUSE: Remove Defaults targetpw
    • Disable root account (put an asterisk * as password)

  • Create SSH user:

    • echo "sshuser:x:999:65534::/run:/bin/bash" >> /etc/passwd
    • echo "sshuser:*:16436:0:99999::::" >> /etc/shadow
    • Change the password: sudo passwd sshuser

  • Edit SSH config /etc/ssh/sshd_config: Port xxx AllowUsers sshuser git ClientAliveInterval 10 ClientAliveCountMax 3 UseDNS no

Convenience

~/.bashrc

unalias ls
alias ls='ls --color=auto'
alias l='ls -Flhtr'
alias ll='ls -al'
alias psl='ps -eo user,pid,ppid,%cpu,ni,vsz,cmd --forest | less'
alias md='mkdir -p'

PS1='\[\e]2;\W (\h)\a\e[31m\]\u@\h:\[\e[36m\]\w\[\e[0m\]*$(__git_ps1 %s)\$ '

~/.inputrc

$include /etc/inputrc
set completion-ignore-case on
TAB: menu-complete

Install packages

DO NOT FORGET to install firmware packages! For instance, a lot of laptops contain a Broadcom wireless card which does not work out-of-the-box. For openSUSE, the following packages are needed:

Server Software

  • git
  • mariadb
  • php5-fpm php5-phar php5-openssl php5-xdebug php5-mysql

Note: Files created in /tmp by PHP-FPM are actually in a subdirectory named /tmp/systemd-private-* Also see https://fedoraproject.org/wiki/Features/ServicesPrivateTmp

Crontab

Debian /etc/cron.* times:

# m h	dom mon dow
17 *	* * * # hourly
25 6	* * * # daily
47 6	* * 7 # weekly
52 6	1 * * # monthly

AWstats

mkdir /usr/local/awstats && cd /usr/local/awstats && git init
git remote add origin https://github.com/eldy/awstats.git
git fetch --depth=1 origin tag AWSTATS_7_4
git checkout AWSTATS_7_4

Check version tags:

git ls-remote

To use it with AWstats, set: DirIcons="/awstatsicons"

Free Space

find /var/log -type f | xargs rm

for f in var tmp root data; do echo Zeroing $f; dd if=/dev/zero bs=1M of=/$f/zero; done
sync
for f in var tmp root data; do rm -v /$f/zero; done

Also see zerofree.sh

Notes