Prepare the Install Base running on - Debian Etch (Debian 4.0) 1

1 Requirements. 1

2 Preliminary Note. 2

3 The Base System.. 2

4 Install The SSH Server. 20

5 Configure The Network. 20

6 Edit /etc/apt/sources.list And Update Your Linux Installation. 23

7 Install Some Software. 24

8 Quota. 24

9 DNS Server. 25

10 SSL-Explorer Installation on Debian Etch. 28

11 Synchronize the System Clock. 31

12 Installing the Myrinet networks. 31

 

Prepare the Install Base running on - Debian Etch (Debian 4.0)

Version 1.0
Last edited Friday, August 03, 2007

This tutorial shows how to set up a Debian Etch (Debian 4.0) based server. that offers:, Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, MySQL server, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Debian Etch, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

 

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname pslnxinst.lnx.puresolution.de with the IP address 192.168.77.1 These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Insert your Debian Etch Netinstall CD into your system and boot from it. Press ENTER to boot:

The installation starts, and first you have to choose your language:

Then select your location:

Choose a keyboard layout:

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Enter the hostname. In this example, my system is called pslnxinst.lnx.puresolution.de, so I enter pslnxinst:

Enter your domain name. In this example, this is lnx.puresolution.de:

Now you have to partition your hard disk. For simplicity's sake I will create one big partition (with the mount point /) and a little swap partition so I select Guided - use entire disk (of course, the partitioning is totally up to you - if you like, you can create more than just one big partition, and you can also use LVM):

Select the disk that you want to partition:

Then select the partitioning scheme. As mentioned before, I select All files in one partition (recommended for new users) for simplicity's sake - it's up to your likings what you choose here:

Now we change the type of root filesystem to reiserfs.
When you're finished, select
Finish partitioning and write changes to disk:

Select Yes when you're asked Write changes to disks?:

Afterwards, your new partitions are created and formatted:

Afterwards, give the root user a password:

Confirm that password to avoid typos:

Create a normal user account, for example the user watch with the user name watch (don't use the user name admin as it is a reserved name on Debian Etch):

Now the base system is being installed:

Next you must configure apt. Because you are using the Debian Etch Netinstall CD which contains only a minimal set of packages, you must use a network mirror:

Select the country where the network mirror that you want to use is located (usually this is the country where your Debian Etch system is located):

Then select the mirror you want to use (e.g. ftp2.de.debian.org):

Unless you use an HTTP proxy, leave the following field empty and hit Continue:

Apt is now updating its packages database:

You can skip the package usage survey by selecting No:

We need a web server, DNS server, mail server, and a MySQL database, but nevertheless I don't select any of them now because I like to have full control over what gets installed on my system. We will install the needed packages manually later on. Therefore we just select Standard system and hit Continue:

The required packages are being installed on the system:

When you're asked Install the GRUB boot loader to the master boot record, select Yes:

Afterwards, the GRUB boot loader gets installed:

The base system installation is now finished. Remove the Debian Etch Netinstall CD from the CD drive and hit Continue to reboot the system:

4 Install The SSH Server

Debian Etch does not install OpenSSH by default, therefore we do it now. Run

apt-get install ssh openssh-server

You will be prompted to insert the installation CD again.

 

5 Configure The Network

Because the Debian Etch installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100) (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):

nano /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
allow-hotplug eth0
 
auto eth0 eth1
iface eth0 inet dhcp
 
iface eth1 inet static
 address 192.168.77.1
 netmask 255.255.255.0
 network 192.168.77.0
 broadcast 192.168.77.255
 

 


Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

nano /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.77.1 pslnxinst.lnx.puresolution.de pslnxinst
 
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run

echo pslnxinst.lnx.puresolution.de > /etc/hostname

and reboot the system:

shutdown -r now

Afterwards, run

hostname
hostname -f

Both should show pslnxinst.lnx.puresolution.de.

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Etch server and follow the remaining steps from this tutorial.

 

6 Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. Comment out the CD. It should look like this:

nano /etc/apt/sources.list

deb http://ftp.uni-erlangen.de/pub/Linux/debian/ etch main contrib non-free
deb-src http://ftp.uni-erlangen.de/pub/Linux/debian/ etch main contrib non-free
 
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free

Then run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any).

 


7 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++

 

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to partition /dev/sda1 (mount point /; your device name might be /dev/hda1 or similar)):

nano /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/hda1 / reiserfs notail,usrquota,grpquota 0 1
/dev/md0 /tftpboot reiserfs defaults 0 2
/dev/hda5 none swap sw 0 0

 


To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

9 DNS Server

Run

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

nano /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run


Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

nano /etc/default/syslogd

#
# Top configuration file for syslogd
#
 
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
 
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

 


Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 


10 SSL-Explorer Installation on Debian Etch

SSL-Explorer Prerequisites

Apache ANT (The package is called ant on Etch systems), and the SUN Java JDK. (not JRE)

Please test well if you already have any installed Java packages, with this command:

java -version

We will be needing both the fakeroot and java-package to be installed as described in our installing Java for Debian article

apt-get update
apt-get install fakeroot java-package

Now make sure that you login with a non-previlaged user and copy jdk-1_5_0_12-linux-i586.bin from /tftpboot/share/install/packages to any place that the user has permissions, such as their home directory
Now run this command :

fakeroot make-jpkg jdk-1_5_0_12-linux-i586.bin

(no #sudo or su)
All being well you should now have a file with the name in this format:
vendor-j2[re|sdk]shortversion_fullversion_hardwarearch.deb
Now excute the follwing command, as root, to install the built package:

dpkg -i vendor-j2[re|sdk]shortversion_fullversion_hardwarearch.deb


To verify that the installation was successful, execute:

java -version

The output should be something like:

java version "1_5_0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1_5_0_12)
Java HotSpot(TM) Client VM (build 1_5_0_12, mixed mode, sharing)

 

apt-get update
apt-get install ant

 

Now lets install SSl-explore

Download the source release from its homepage:

http://sourceforge.net/projects/sslexplorer/

Please dont try to download and install the RPM package, via alien, as the RPM differs too much. (I already tried it!)

Now lets exctract the tar file :

cd /usr/src
tar -zxvf sslexplorer-0.2.14_01-src.tar.gz

And now the installation:

cd sslexplorer-0.2.14_01
ant install

After that while you are in the console you will be asked to open the browser and access the installations web interface wizard. When you finish this the SSL-Explorer will shutdown

Now you can execute the following to run SSL-Explorer:

ant run

(You can use "# ant console" to run in console mode).

ant console

It is preferable to install it as a service :

ant install-service

Then you can run "#/etc/init.d start|stop|restart".
Your SSL-Explorer should be listening on the port 443 and be accessible via:

https://yourip:443 ot https://yourcomputername:443/

Please be free now to configure it to suit your needs, if you get any alert on the main page "Failed to load plugin SSL-Explorer Client Certificates" please check this it may help :

http://www.sshtools.com/kb/idx/0/141/article/Why_do_I_see_Failed_to_load_plugin_SSLExplorer_Client_Certificates_warnings.html

For more help, information or documentation please visit the Homepage of SSL-Explorer:

http://3sp.com/showSslExplorerCommunity.do?referrer=sslexplorer

 


 

11 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

12 Installing the Myrinet networks

Configuring and compiling GM:

apt-get install linux-headers-`uname -r`
tar -xvzf gm-2.1.26_Linux.tar.gz

Apply necessary patches.

cd gm-2.1.26_Linux
patch -p0 < ../gm-2.0.26-Linux.2.6.18.diff
./configure
make

cd binary
mkdir p /opt/gm/
./GM_INSTALL


/opt/gm/sbin/gm_install_drivers
/etc/init.d/gm start


 

13 Diskless Remote Boot in Linux (DRBL)

 

Edit /etc/apt/sources.list per the following:

If your distribution is Etch (4.0):

deb http://free.nchc.org.tw/debian/ etch main

deb http://free.nchc.org.tw/drbl-core drbl stable:

 

If your GNU/Linux distribution supports secure apt (such as Ubuntu dapper or Debian Etch), you can add the DRBL key to your apt-key

wget http://drbl.nchc.org.tw/GPG-KEY-DRBL; apt-key add GPG-KEY-DRBL

apt-get update
apt-get install drbl

/opt/drbl/sbin/drblsrv i

/opt/drbl/sbin/drblpush -i