EFF Continues Push for Access to Secret Court Order
eracks.com OpenBSD Firewall


altus1000

I’m setting up a database server running Debian. Debian was chosen because it’s quite stable, fast, and lots of Indymedia techs like it.

Here’s the system specs:
– Dual AMD Opteron 244 Processors (1.8GHz)
– 8GB Low Profile PC2700 ECC DDR (4 x 2GB)
– 120GB, EIDE, 7200RPM (8MB cache)
– Slimline 2/2/8 16/8/24 IDE DVD-RW
– 1.44MB Floppy Drive

It was purchased from Penguin Computing and came with SuSE installed.

AMD64 is not an official Debian port yet. Uh, I hope it’s stable enough for MySQL & Postgres

Debian on AMD64 Links:
Debian AMD64 HOWTO

Installing Debian on Opteron

  1. Get & burn the CD for a net install:
    1. wget http://debian-amd64.alioth.debian.org/debian-installer/current/netboot/mini.iso
    2. cdrecord speed=4 -v -data dev=cdrom mini.iso
  2. Boot CD & Do install
    1. Hit enter at Debian logo.
    2. English
    3. United States
    4. American English
    5. Primary Network Interface (there are 2): eth0 (it goes and gets network info via DHCP)
    6. Hostname: ahimsa-db1
    7. Domain Name: indymedia.org
    8. Debian archive mirror country: enter information manually (at top of list–AMD64 port isn’t in the mirrors yet)
      1. Debian archive mirror hostname: debian-amd64.alioth.debian.org
      2. Debian archive mirror directory: /pure64/
      3. Proxy info: hit enter (blank)
    9. Partitioning method: Manually edit partition table
    10. The partitions were set up thusly (all ext3):
      /boot 100 meg (bootable)
      swap 0 gig
      / 3 gig
      /home 4 gig (0% reserved blocks)
      /tmp 500 meg (noexec)
      /var 2 gig
      /var/lib 60 gig (2% reserved blocks)
      /usr 4 gig
      /var/backups 46.4 gig (remaining, 0% reserved, for backupninja)
    11. Finish partitioning and write changes to disk
    12. Write the changes to disks? Yes – then it goes and formats. There is no option for checking for bad blocks, which I would have liked. It also proceeds to download & install the packages.
    13. Install the GRUB boot loader to the master boot record? Yes
    14. Installation is complete… Continue
    15. Eject CD
  3. First boot of Fresh Install
    1. Hit enter or wait for grub to boot kernel
    2. Welcome to your new Debian System! … OK
    3. Is the hardware clock set to GMT? NO
    4. Select your time zone: Mountain
    5. Root password: password & re-enter it
    6. Enter full name for new user & username & password
    7. Archive access method for apt: edit sources list by hand
    8. In the pico/nano(?) text editor remove the #, ctrl-x, & Y
    9. Choose software to install: Leave all blank and hit OK. It grabs some necessary packages & installs them
    10. General type of mail configuration: local delivery only; not on a network
    11. Root and postmaster mail recipient: me
    12. Thank you for choosing Debian! OK You can re-run setup by running base-config
    13. Now it’s at a login: prompt.
  4. Initial configuration
    1. remove unneeded packages: apt-get remove biff bin86 cpp cpp-3.3 delo gdb ibritish ipchains ipmasqadmin lpr manpages-dev mtr-tiny mutt pidentd ppp procmail vacation vgrind w3m xfree86-common xlibs-data I’m not sure why all that crap was installed, as I tried to add no extra packages. Perhaps just some rough edges in the installer.
    2. Install MySQL: apt-get install mysql-server
    3. Should MySQL start on boot? YES Then OK
    4. Turn off unneeded things that are coming up on boot: update-rc.d -f inetd remove
    5. update-rc.d -f portmap remove
    6. update-rc.d rpc.statd remove
    7. set up network…It was initially configured to use DHCP, but I want to set the info statically and put in the configuration for when the box is at the co-location facility. vi /etc/network/interfaces
    8. auto lo
      iface lo inet loopback
      auto eth0
      iface eth0 inet static
      address 10.1.2.1
      netmask 255.255.255.0
      gateway 10.1.2.254
      auto eth1
      iface eth1 inet static
      address 10.1.1.1
      netmask 255.255.255.0

    9. apt-get install vim ….
  5. Useful commands
    1. dpkg -l – list installed packages
    2. dpkg -L [packagename] – show you the files that package installs
    3. apt-cache show [package-name] – shows you all the packages that this package depends on and have to be installed in order for this package to work

Geez, that was a helluva lot of steps. With BLAG, just type “serverblag” at the “boot:” prompt of the CD. ;)

15! Whee!
 
15 Comments...
  1. Antero Halminen ( 2004-12-11 )

    I found a link to this post at http://lwn.net/Articles/113527/ … In your post related to the lwn.net article you mentioned some problems with this machine’s NFS connections to some NFS server. Now, I’ve never tried to configure either NFS or a debian system, but from this blog post I got the feeling that there might be an issue with the update-rc.d -f portmap remove and update-rc.d rpc.statd remove commands. This is because, IIRC, NFS uses RPC for some stuff. It just might be that rpc.statd and maybe even the rpc portmapper should be running on both the NFS client and the server. Of course running these daemons might bring some security issues too.

  2. jeff ( 2005-01-05 )

    Ya, the portmapper stuff is running. :) And yes, it introduces security holes, no doubt. It’s all running behind an OpenBSD firewall, which in theory should make it a bit more secure….

  3. don ( 2005-03-08 )

    the commands to disable rpc.statd are:

    # /etc/init.d/nfs-common stop
    # update-rc.d -f nfs-common remove

  4. jeff ( 2005-04-27 )

    I got screwed after a dist-upgrade. This fixed things:

    /lib/ld-linux-x86-64.so.2 ln -s /lib64 /lib

  5. Types Of Computer Viruses ( 2007-08-30 )

    Types Of Computer Viruses…

    I couldn’t understand some parts of this article, but it sounds interesting…

  6. World Wide Web Resources ( 2007-09-01 )

    World Wide Web Resources…

    I couldn’t understand some parts of this article, but it sounds interesting…

  7. Consumer Electronics Reviews ( 2007-09-09 )

    Consumer Electronics Reviews…

    I couldn’t understand some parts of this article, but it sounds interesting…

  8. Computer Security Tips ( 2007-10-29 )

    Computer Security Tips…

    I couldn’t understand some parts of this article, but it sounds interesting…

  9. Cheap Custom Built Computers ( 2007-10-30 )

    Cheap Custom Built Computers…

    I couldn’t understand some parts of this article, but it sounds interesting…

  10. Shared Hosting Resources ( 2007-11-01 )

    Shared Hosting Resources…

    I couldn’t understand some parts of this article, but it sounds interesting…

  11. Computer Network Security ( 2007-11-02 )

    Computer Network Security…

    I couldn’t understand some parts of this article, but it sounds interesting…

  12. New Movie Reviews ( 2007-11-04 )

    New Movie Reviews…

    I couldn’t understand some parts of this article, but it sounds interesting…

  13. Création site internet bretagne ( 2010-04-23 )

    Création site internet bretagne…

    Merci pour cet article intéressant. Bien à vous…….

  14. JN0-303 ( 2010-04-29 )

    # remove unneeded packages: apt-get remove biff bin86 cpp cpp-3.3 delo gdb ibritish ipchains ipmasqadmin lpr manpages-dev mtr-tiny mutt pidentd ppp procmail vacation vgrind w3m xfree86-common xlibs-data I’m not sure why all that crap was installed, as I tried to add no extra packages. Perhaps just some rough edges in the installer.

  15. N10-004 ( 2010-04-29 )

    I couldn’t understand some parts of this article, but it sounds interesting…

 

Speak your mind

Line and paragraph breaks are automatic.
All posts are moderated. This may delay your comment, but there is no need to resubmit it.
Allowed tags: <a href=""> <blockquote> <code> <em> <strong>.

(required)

(required)