ServerBuildWalkThrough

From SOWNWiki

Jump to: navigation, search

logo-yellow.png

Update Needed
This page needs to be updated

Needs a step by step guide to setting up a server

This page will eventually document everything we do when building a server.

For now it is just the things we forget to do!

We start with the 'basic' installation of Debian Etch.


Contents

APT configuration

  • Comment out all the CD-ROM lines in "/etc/apt/sources.list", the machines CD-ROM drives aren't accessible once it has been racked.


SSH configuration

  • Install SSH from apt
  • Install cracklib (prevent insecure passwords), and associated dictionaries
    • sudo apt-get install libpam-cracklib libcrack2 wbritish wamerican
  • Download the 'authorized_keys' file from auth. [here]
  • The authorized_keys file should go in "/root/.ssh/authorized_keys", and be chmod "0600"
  • Change the PermitRootLogin line in /etc/ssh/sshd_config to "PermitRootLogin without-password", this allows connections from auth, as root, but not by guessing the password.

Utilities

  • Install sudo, screen

Users and Groups

  • Create a few local unix users for comittee members.
    • Grant them sudo rights.
  • Create the SOWNAdmin and DPAAdmin groups if appropriate (SOWNAdmin shouldn't be on DPA sensitive servers).

Monitoring

  • Install debsums, php5-cli, nagios-nrpe-server, hddtemp, python-apt
  • Speak to a member of sown committee to generate an `nrpe.cfg' for the server and add it to nagios.
  • The `TEMP', `UPDATES' and `DEBSUMS' checks need installing manually

Misc

  • Custom MOTD. Please customise per server.
# requires root
apt-get install figlet
echo -e "\nWelcome to" > /etc/motd.tail
figlet -f smslant "SOWN foo" >> /etc/motd.tail
apt-get remove figlet

# Update the current motd (otherwise waits until reboot)
uname -snrvm > /var/run/motd
cat /etc/motd.tail >> /var/run/motd