This page will eventually document everything we do when building a server.
For now it is just the things we forget to do!
We start with the 'basic' installation of Debian Etch.
- Comment out all the CD-ROM lines in "/etc/apt/sources.list", the machines CD-ROM drives aren't accessible once it has been racked.
- Install SSH from apt
- Install cracklib (prevent insecure passwords), and associated dictionaries
sudo apt-get install libpam-cracklib libcrack2 wbritish wamerican
- Download the 'authorized_keys' file from auth. [here]
- The authorized_keys file should go in "/root/.ssh/authorized_keys", and be chmod "0600"
- Change the PermitRootLogin line in /etc/ssh/sshd_config to "PermitRootLogin without-password", this allows connections from auth, as root, but not by guessing the password.
- Install sudo, screen
Users and Groups
- Create a few local unix users for comittee members.
- Grant them sudo rights.
- Create the SOWNAdmin and DPAAdmin groups if appropriate (SOWNAdmin shouldn't be on DPA sensitive servers).
- Install debsums, php5-cli, nagios-nrpe-server, hddtemp, python-apt
- Speak to a member of sown committee to generate an `nrpe.cfg' for the server and add it to nagios.
- The `TEMP', `UPDATES' and `DEBSUMS' checks need installing manually
- Custom MOTD. Please customise per server.
# requires root apt-get install figlet echo -e "\nWelcome to" > /etc/motd.tail figlet -f smslant "SOWN foo" >> /etc/motd.tail apt-get remove figlet # Update the current motd (otherwise waits until reboot) uname -snrvm > /var/run/motd cat /etc/motd.tail >> /var/run/motd