aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Kangas <skangas@skangas.se>2012-02-29 23:20:27 +0100
committerStefan Kangas <skangas@skangas.se>2012-02-29 23:20:27 +0100
commitc646670bdcbc8a34cb3e1d7b321417beabb0fe2d (patch)
tree5cb784f660b8552d637ffda4e5391bf5cd50637f
parent0d900ba84e0d2dcf2b6202c7e0208fe796120299 (diff)
Various fixes
-rw-r--r--fripost-docs.org60
1 files changed, 33 insertions, 27 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index 3e96ff4..fc65018 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -59,7 +59,29 @@ send them to skangas@skangas.se.
** Install etckeeper
-Used to keep track of /etc. Install ASAP after install!
+Install etckeeper immediately after install, to start tracking /etc.
+
+** Uninstall a bunch of unnecessary packages
+
+sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \
+doc-linux-text iamerican ibritish iswedish ispell laptop-detect nfs-common \
+openbsd-inetd portmap tasksel tasksel-data w3m wbritish
+
+** Packages to install
+*** Administrative
+
+sudo aptitude install openssh-server molly-guard ntp ntpdate rsync screen
+
+# If the system is on a dynamic IP (e.g. using DHCP):
+sudo aptitude install resolvconf
+
+*** Security
+
+sudo aptitude install logcheck syslog-summary harden-servers
+
+# NB: harden-clients conflicts with telnet, which as we know is very handy
+# during configuration. Therefore, only optionally:
+sudo aptitude install harden-clients
** Use GNU Emacs as the default editor
@@ -101,22 +123,6 @@ sudo /etc/init.d/ssh restart
# Without closing the current connection, try to connect to the server,
# verifying that you can still connect.
-** Packages to install
-*** Administrative
-
-sudo aptitude install openssh-server molly-guard ntp ntpdate rsync screen
-
-# If the system is on a dynamic IP (e.g. using DHCP):
-sudo aptitude install resolvconf
-
-*** Security
-
-sudo aptitude install logcheck syslog-summary harden-servers
-
-# NB: harden-clients conflicts with telnet, which as we know is very handy
-# during configuration. Therefore, only optionally:
-sudo aptitude install harden-clients
-
** Forward root email
:: /etc/aliases
@@ -209,12 +215,6 @@ sudo aptitude install unattended-upgrades
Unattended-Upgrade::Mail "admin@fripost.org";
-** Uninstall a bunch of unnecessary packages
-
-sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \
-doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \
-openbsd-inetd portmap tasksel tasksel-data w3m
-
** Configure ddclient
:: /etc/ddclient.conf
@@ -326,6 +326,9 @@ ORIGIN_PORT="1917"
sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY_FILE destination.example.com
+ # Comment: You should be greeted by e.g.:
+ # 220 mistral.fripost.org ESMTP Postfix (Debian/GNU)
+
4. Configure openbsd-inetd on the originating host:
# Comment: We use inetd instead of ssh -L because, among other things, ssh
@@ -337,7 +340,7 @@ ORIGIN_PORT="1917"
127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE $TUNNEL_USER@example.com
- sudo /etc/init.d/openbsd-inetd restart
+ sudo service openbsd-inetd restart
You should now be able to connect through the tunnel from the originating
host using something like:
@@ -520,7 +523,7 @@ These instructions are mainly adapted from the MySQL manual.
max_binlog_size = 100M
binlog_do_db = mail
-/etc/init.d/mysql restart
+sudo service mysql restart
# Enter MySQL shell and create a user with replication privileges.
# NB: Use only ASCII for the <password>
@@ -546,7 +549,8 @@ mysql -u root -p
mysqldump -u root -p --opt mail > mydump.sql
-# Now, copy this file to the slave.
+# Now, transfer this file to the slave. After you have transferred the file,
+# delete all copies except the one on the slave.
# Save the output of the SHOW MASTER STATUS COMMAND.
mysql -u root -p
@@ -803,7 +807,7 @@ sudo apt-get install roundcube
upload_max_filesize = 25M
tmp_dir = FIXME
-:: /etc/roundcube/main.inc.php
+:: /etc/roundcube/main.inc.php ## checked for roundcube 0.5.4+dfsg-1~bpo60+1
# Use caching
$rcmail_config['enable_caching'] = TRUE;
@@ -1098,3 +1102,5 @@ We have written some tools to make administration tasks easier. They can be
found at:
git clone git://github.com/skangas/fripost-tools.git
+
+