ServerBuildWalkThrough

From SOWNWiki

This page will eventually document everything we do when building a server.

For now it is just the things we forget to do!

We start with the 'basic' installation of Debian Etch.

Contents 1 APT configuration 2 SSH configuration 3 Utilities 4 Users and Groups 5 Monitoring 6 Misc

APT configuration

• Comment out all the CD-ROM lines in "/etc/apt/sources.list", the machines CD-ROM drives aren't accessible once it has been racked.

SSH configuration

• Install SSH from apt
• Install cracklib (prevent insecure passwords), and associated dictionaries
  • sudo apt-get install libpam-cracklib libcrack2 wbritish wamerican
• Download the 'authorized_keys' file from auth. [here]
• The authorized_keys file should go in "/root/.ssh/authorized_keys", and be chmod "0600"
• Change the PermitRootLogin line in /etc/ssh/sshd_config to "PermitRootLogin without-password", this allows connections from auth, as root, but not by guessing the password.

Utilities

• Install sudo, screen

Users and Groups

• Create a few local unix users for comittee members.
  • Grant them sudo rights.
• Create the SOWNAdmin and DPAAdmin groups if appropriate (SOWNAdmin shouldn't be on DPA sensitive servers).

Monitoring

• Install debsums, php5-cli, nagios-nrpe-server, hddtemp, python-apt
• Speak to a member of sown committee to generate an `nrpe.cfg' for the server and add it to nagios.
• The `TEMP', `UPDATES' and `DEBSUMS' checks need installing manually

Misc

• Custom MOTD. Please customise per server.

# requires root
apt-get install figlet
echo -e "\nWelcome to" > /etc/motd.tail
figlet -f smslant "SOWN foo" >> /etc/motd.tail
apt-get remove figlet

# Update the current motd (otherwise waits until reboot)
uname -snrvm > /var/run/motd
cat /etc/motd.tail >> /var/run/motd