From eeac90fdbcc3ff51c14349badadd3a03f6f58808 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Tue, 24 May 2011 23:53:13 +0200 Subject: Move some critical stuff earlier in instructions --- fripost-docs.org | 50 ++++++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index 810ec30..4dd7074 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -66,28 +66,19 @@ Used to keep track of /etc. Install ASAP after install! sudo apt-get install emacs23-nox sudo update-alternatives --config editor + +** Configure sudo -** Uninstall a bunch of unnecessary packages - -sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \ -doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \ -openbsd-inetd portmap tasksel tasksel-data w3m - -** Packages to install -*** Administrative - -sudo aptitude install openssh-server molly-guard ntp ntpdate screen +sudo apt-get install sudo -# If the system is on a dynamic IP (e.g. using DHCP): -sudo aptitude install resolvconf +# If you disabled root account during installation, the default account is +# already in the sudo group. Otherwise, follow these steps: -*** Security +sudo adduser myuser sudo -sudo aptitude install logcheck syslog-summary harden-servers +sudo EDITOR="emacs" visudo -# NB: harden-clients conflicts with telnet, which as we know is very handy -# during configuration. Therefore, only optionally: -sudo aptitude install harden-clients + %sudo ALL= (ALL) ALL ** Configure sshd @@ -107,17 +98,28 @@ sudo /etc/init.d/ssh restart # Without closing the current connection, try to connect to the server, # verifying that you can still connect. - -** Configure sudo -# If you disabled root account during installation, the default account is -# already in the sudo group. Otherwise, follow these steps: +** Uninstall a bunch of unnecessary packages -sudo adduser myuser sudo +sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \ +doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \ +openbsd-inetd portmap tasksel tasksel-data w3m -sudo EDITOR="emacs" visudo +** Packages to install +*** Administrative - %sudo ALL= (ALL) ALL +sudo aptitude install openssh-server molly-guard ntp ntpdate screen + +# If the system is on a dynamic IP (e.g. using DHCP): +sudo aptitude install resolvconf + +*** Security + +sudo aptitude install logcheck syslog-summary harden-servers + +# NB: harden-clients conflicts with telnet, which as we know is very handy +# during configuration. Therefore, only optionally: +sudo aptitude install harden-clients ** Configure logcheck -- cgit v1.2.3