3.5 KiB
Introduction
This document describes some procedures commonly needed when installing a new server.
It is mostly written for openSUSE (Zypper), but can basically be applied to most Linux distos.
Partitioning
Create a raw image file. This is interesting if you install and prepare a lot of stuff inside a VM (for example to benefit from fast SSD speeds) and copy the image to the destination system afterwards.
It can be written directly onto the disk using dd. Also, the data partition can be grown later.
fallocate -l $((blocks*512)) Disk.img
parted Disk.img
mklabel msdos
mkpart pri fat32 2048s 264191s
mkpart pri linux-swap start end
mkpart pri ext4 start end
set 1 boot on
vboxmanage internalcommands createrawvmdk -filename Disk.vmdk -rawdisk Disk.img
Swapfile/Pagefile
Instead of an entire partition, it is also possible to create a swap file.
fallocate -l 2G /swapfile
mkswap /swapfile
chmod 600 /swapfile
swapon /swapfile
In /etc/fstab
/swapfile none swap defaults 0 0
Security
-
Sudo config (not needed in Ubuntu):
- Add group sudo in /etc/group:
sudo:x:27:user(Debian GID) - Add group sudo to /etc/sudoers:
%sudo ALL=(ALL:ALL) ALL - In openSUSE: Remove
Defaults targetpwand the following line - Disable root account (put an asterisk
*as password)
- Add group sudo in /etc/group:
-
Create SSH user:
- /etc/passwd:
sshuser:x:999:65534::/run:/bin/bash - /etc/shadow:
sshuser:*:16436:0:99999:::: - Change its password:
$ sudo passwd sshuser
- /etc/passwd:
-
Edit SSH config
/etc/ssh/sshd_config: Port xxx PermitRootLogin no AllowUsers sshuser git ClientAliveInterval 10 ClientAliveCountMax 3
Convenience
~/.bashrc
unalias ls
alias ls='ls --color=auto'
alias l='ls -Flhtr'
alias ll='ls -al'
alias psl='ps -eo user,pid,ppid,%cpu,ni,vsz,cmd --forest | less'
alias md='mkdir -p'
PS1='\[\e]2;\W (\h)\a\e[31m\]\u@\h:\[\e[36m\]\w\[\e[0m\]*$(__git_ps1 %s)\$ '
~/.inputrc
$include /etc/inputrc
set completion-ignore-case on
TAB: menu-complete
Install packages
DO NOT FORGET to install firmware packages! For instance, a lot of laptops contain a Broadcom wireless card which does not work out-of-the-box. It needs:
Server Software
zypper in --no-recommends git
zypper in mariadb
zypper in php5-fpm php5-phar php5-openssl php5-xdebug php5-mysql
Note: Files created in /tmp by PHP-FPM are actually in a subdirectory named /tmp/systemd-private-*
Also see https://fedoraproject.org/wiki/Features/ServicesPrivateTmp
Crontab
Debian /etc/cron.* times:
# m h dom mon dow
17 * * * * # hourly
25 6 * * * # daily
47 6 * * 7 # weekly
52 6 1 * * # monthly
AWstats
mkdir /usr/local/awstats; cd /usr/local/awstats
git init
git remote add origin git://git.code.sf.net/p/awstats/code
git fetch --depth=1 origin tag AWSTATS_7_3
git checkout AWSTATS_7_3
mkdir /usr/local/share/cgi-bin
ln -s /usr/local/awstats/wwwroot /usr/local/share/cgi-bin/awstats
Check version tags:
git ls-remote
Free Space
find /var/log -type f | xargs rm
for f in var tmp root data; do echo Zeroing $f; dd if=/dev/zero bs=1M of=/$f/zero; done
for f in var tmp root data; do rm -v /$f/zero; done