diff options
author | Stefan Kangas <skangas@skangas.se> | 2012-02-29 23:20:27 +0100 |
---|---|---|
committer | Stefan Kangas <skangas@skangas.se> | 2012-02-29 23:20:27 +0100 |
commit | c646670bdcbc8a34cb3e1d7b321417beabb0fe2d (patch) | |
tree | 5cb784f660b8552d637ffda4e5391bf5cd50637f | |
parent | 0d900ba84e0d2dcf2b6202c7e0208fe796120299 (diff) |
Various fixes
-rw-r--r-- | fripost-docs.org | 60 |
1 files changed, 33 insertions, 27 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index 3e96ff4..fc65018 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -59,7 +59,29 @@ send them to skangas@skangas.se. ** Install etckeeper -Used to keep track of /etc. Install ASAP after install! +Install etckeeper immediately after install, to start tracking /etc. + +** Uninstall a bunch of unnecessary packages + +sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \ +doc-linux-text iamerican ibritish iswedish ispell laptop-detect nfs-common \ +openbsd-inetd portmap tasksel tasksel-data w3m wbritish + +** Packages to install +*** Administrative + +sudo aptitude install openssh-server molly-guard ntp ntpdate rsync screen + +# If the system is on a dynamic IP (e.g. using DHCP): +sudo aptitude install resolvconf + +*** Security + +sudo aptitude install logcheck syslog-summary harden-servers + +# NB: harden-clients conflicts with telnet, which as we know is very handy +# during configuration. Therefore, only optionally: +sudo aptitude install harden-clients ** Use GNU Emacs as the default editor @@ -101,22 +123,6 @@ sudo /etc/init.d/ssh restart # Without closing the current connection, try to connect to the server, # verifying that you can still connect. -** Packages to install -*** Administrative - -sudo aptitude install openssh-server molly-guard ntp ntpdate rsync screen - -# If the system is on a dynamic IP (e.g. using DHCP): -sudo aptitude install resolvconf - -*** Security - -sudo aptitude install logcheck syslog-summary harden-servers - -# NB: harden-clients conflicts with telnet, which as we know is very handy -# during configuration. Therefore, only optionally: -sudo aptitude install harden-clients - ** Forward root email :: /etc/aliases @@ -209,12 +215,6 @@ sudo aptitude install unattended-upgrades Unattended-Upgrade::Mail "admin@fripost.org"; -** Uninstall a bunch of unnecessary packages - -sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \ -doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \ -openbsd-inetd portmap tasksel tasksel-data w3m - ** Configure ddclient :: /etc/ddclient.conf @@ -326,6 +326,9 @@ ORIGIN_PORT="1917" sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY_FILE destination.example.com + # Comment: You should be greeted by e.g.: + # 220 mistral.fripost.org ESMTP Postfix (Debian/GNU) + 4. Configure openbsd-inetd on the originating host: # Comment: We use inetd instead of ssh -L because, among other things, ssh @@ -337,7 +340,7 @@ ORIGIN_PORT="1917" 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE $TUNNEL_USER@example.com - sudo /etc/init.d/openbsd-inetd restart + sudo service openbsd-inetd restart You should now be able to connect through the tunnel from the originating host using something like: @@ -520,7 +523,7 @@ These instructions are mainly adapted from the MySQL manual. max_binlog_size = 100M binlog_do_db = mail -/etc/init.d/mysql restart +sudo service mysql restart # Enter MySQL shell and create a user with replication privileges. # NB: Use only ASCII for the <password> @@ -546,7 +549,8 @@ mysql -u root -p mysqldump -u root -p --opt mail > mydump.sql -# Now, copy this file to the slave. +# Now, transfer this file to the slave. After you have transferred the file, +# delete all copies except the one on the slave. # Save the output of the SHOW MASTER STATUS COMMAND. mysql -u root -p @@ -803,7 +807,7 @@ sudo apt-get install roundcube upload_max_filesize = 25M tmp_dir = FIXME -:: /etc/roundcube/main.inc.php +:: /etc/roundcube/main.inc.php ## checked for roundcube 0.5.4+dfsg-1~bpo60+1 # Use caching $rcmail_config['enable_caching'] = TRUE; @@ -1098,3 +1102,5 @@ We have written some tools to make administration tasks easier. They can be found at: git clone git://github.com/skangas/fripost-tools.git + + |