|
|
#Debian 8 aka Jessie
|
|
|
|
|
|
Debian Installer also know as d-i have a pretty good [section in the Debian Handbook](https://www.debian.org/doc/manuals/debian-handbook/sect.role-of-distributions.en.html#idm139757098660944), but for some people are like me and want something going more straight to the point I propose those documentations pages, and for who want to just execute a file to have the result, a preseed-file will be available soon.
|
|
|
|
|
|
[[!toc startlevel=1]]
|
|
|
|
|
|
# Debian Installer (d-i) part 1 : language & users
|
|
|
|
|
|
##d-i (debian installer)
|
|
|
###(when possible) boot from network [usually F12] if not download [netinst](http://ftp.ch.debian.org/debian-cd/) and boot from CD/USB
|
|
|
|
|
|
##Choose language (language, location & keyboard)
|
|
|
**SELECT:**
|
|
|
- Install [DEFAULT]
|
|
|
- Language == English [DEFAULT]
|
|
|
- Location == other/Europe/Switzerland
|
|
|
- Locales == United States - en_US.UTF-8 [DEFAULT]
|
|
|
- Keyboard == American English [DEFAULT] {en_US}
|
|
|
|
|
|
###Detect network hardware [if required]
|
|
|
**SELECT:** Network_hardware/missing_firmware == Yes
|
|
|
|
|
|
##Configure the network (network, hostname & domainname)
|
|
|
*HINT:* at Itopie the HOSTNAME is base on a country name with a link of the main function of the device*
|
|
|
|
|
|
**EDIT:** Hostname == $HOSTNAME.$DOMAIN
|
|
|
|
|
|
##Set up users and passwords
|
|
|
*HINT : save it into a keepass or another password database tools, which is ./inubo/commun/Realisation/inubo/inubo.kdb at Itopie*
|
|
|
|
|
|
**EDIT:**
|
|
|
- password for root
|
|
|
- user rescue
|
|
|
- password for rescue
|
|
|
|
|
|
# Debian Installer (d-i) part 2 : partitions, RAID & LVM
|
|
|
|
|
|
##Partition disks
|
|
|
|
|
|
**SELECT:**
|
|
|
- Partitioning method == Manual
|
|
|
- SDA
|
|
|
- new empty parition table == Yes
|
|
|
|
|
|
---
|
|
|
###Partition 1 of 3
|
|
|
**SELECT:** FREE SPACE
|
|
|
- **EDIT:** size == 1MB
|
|
|
- **SELECT:**
|
|
|
- Primary
|
|
|
- Beginning
|
|
|
- Use as == do not use the partition for mbr
|
|
|
- Use as == grub_bios for efi
|
|
|
- Done setting up the partition
|
|
|
|
|
|
---
|
|
|
###Partition 2 of 3
|
|
|
- **SELECT:** FREE SPACE
|
|
|
- **EDIT:** size == 1GB
|
|
|
- **SELECT:**
|
|
|
- Primary
|
|
|
- Beginning
|
|
|
- Use as == physical volume for RAID
|
|
|
- Done setting up the partition
|
|
|
---
|
|
|
###Partition 3 of 3
|
|
|
- **SELECT:** FREE SPACE
|
|
|
- **EDIT:** size == max
|
|
|
- **SELECT:**
|
|
|
- Primary
|
|
|
- Beginning
|
|
|
- Use as == physical volume for RAID
|
|
|
- Done setting up the partition
|
|
|
|
|
|
---
|
|
|
*HINT:* Do the same thing for SDB
|
|
|
|
|
|
##Configure software RAID
|
|
|
**SELECT:** Write the changes to the storage devices and configure RAID == Yes
|
|
|
|
|
|
###Raid 1 of 2 {MD0}
|
|
|
- **SELECT:** Create MD device
|
|
|
- RAID1
|
|
|
- Number of active devices for the RAID1 array: 2
|
|
|
- Number of spare device for the RAID1 array: 0 [DEFAULT]
|
|
|
- **SELECT:** /dev/sda2 ++ /dev/sdb2
|
|
|
---
|
|
|
###Raid 2 of 2 {MD1}
|
|
|
- **SELECT:** Create MD device
|
|
|
- RAID1
|
|
|
- **EDIT:** Number of active devices for the RAID1 array: 2
|
|
|
- Number of spare device for the RAID1 array: 0 [DEFAULT]
|
|
|
- **SELECT:** /dev/sda3 ++ /dev/sdb3
|
|
|
|
|
|
|
|
|
**SELECT:** Finish
|
|
|
|
|
|
##Configure the Logical Volume Manager
|
|
|
**SELECT:** Write the changes to the storage devices and configure LVM == Yes
|
|
|
|
|
|
###Volume Group
|
|
|
- **SELECT:** Create volume group {VG}
|
|
|
- **EDIT:** Volume group name == $HOSTNAME
|
|
|
- **SELECT:** Partition disk for the new volume group == /dev/md1
|
|
|
|
|
|
###Logical Volume 1 of 3 {swap}
|
|
|
- **SELECT:** Create logical volume {LV}
|
|
|
- Volume group == #HOSTNAME
|
|
|
- **EDIT:** Logical volume name == swap
|
|
|
- **EDIT:** Logical volume size: 8GB
|
|
|
|
|
|
###Logical Volume 2 of 3 {/}
|
|
|
- **SELECT:** Create logical volume {LV}
|
|
|
- Volume group == #HOSTNAME
|
|
|
- **EDIT:** Logical volume name == root
|
|
|
- **EDIT:** Logical volume size: 10GB
|
|
|
|
|
|
###Logical Volume 3 of 3 {/srv}
|
|
|
- **SELECT**: Create logical volume {LV}
|
|
|
- Volume group == #HOSTNAME
|
|
|
- **EDIT:** Logical volume name == srv
|
|
|
- **EDIT:** Logical volume size: all [DEFAULT]
|
|
|
|
|
|
- **SELECT:** Finish
|
|
|
|
|
|
##Mount Points
|
|
|
###/
|
|
|
**SELECT:**
|
|
|
- Partition #1 of LVM $HOSTNAME, LV root
|
|
|
- Use as == Ext4
|
|
|
- Mount point == /
|
|
|
- Done setting up the partition
|
|
|
---
|
|
|
### /srv
|
|
|
**SELECT:**
|
|
|
- Partition #1 of LVM $HOSTNAME, LV srv
|
|
|
- Use as == Ext4
|
|
|
- Mount point == /srv
|
|
|
- Done setting up the partition
|
|
|
---
|
|
|
### swap
|
|
|
**SELECT:**
|
|
|
- Partition #1 of LVM $HOSTNAME, LV swap
|
|
|
- Use as == swap
|
|
|
- Done setting up the partition
|
|
|
---
|
|
|
### /boot
|
|
|
**SELECT:**
|
|
|
- Partition #1 of RAID1 device #0
|
|
|
- Use as == ext2
|
|
|
- Mount point == /boot
|
|
|
- Done setting up the partition
|
|
|
|
|
|
# Debian Installer (d-i) part 3 : the base
|
|
|
|
|
|
##Install the base system
|
|
|
|
|
|
##Configure the package manager
|
|
|
**SELECT:**
|
|
|
- Switzerland [DEFAULT]
|
|
|
- ftp.ch.debian.org [DEFAULT]
|
|
|
- Continue [DEFAULT] {leave blank}
|
|
|
|
|
|
##Configuring popularity-contest
|
|
|
**SELECT:** package_survey=true
|
|
|
|
|
|
##Software selection
|
|
|
**SELECT:**
|
|
|
- SSH server
|
|
|
- standard system utilities
|
|
|
**UNSELECT ALL OTHER:**
|
|
|
|
|
|
##Install the Grub boot loader on a hard disk
|
|
|
**SELECT:**
|
|
|
- Install the GRUB boot load to the master bood record == Yes
|
|
|
- Device for boot loader installation == /dev/sda
|
|
|
|
|
|
## Finish the installation
|
|
|
**SELECT:** Continue {will reboot}
|
|
|
|
|
|
# Common Configuration Itopie
|
|
|
|
|
|
## Install GRUB on both drives
|
|
|
|
|
|
# su -
|
|
|
|
|
|
# cat /proc/cpuinfo
|
|
|
# dpkg-reconfigure grub-pc
|
|
|
# grub-pc grub-pc/install_devices multiselect /dev/sda, /dev/sdb
|
|
|
|
|
|
## Install & initialize ETCKeeper
|
|
|
|
|
|
# apt-get clean
|
|
|
# apt-get update
|
|
|
# apt-get install etckeeper
|
|
|
# etckeeper commit '[etckeeper] leftover stuff'
|
|
|
|
|
|
|
|
|
## Change password & save them into KeepassX
|
|
|
|
|
|
# passwd rescue # save it : inubo/commun/Realisation/inubo/inubo.kdb
|
|
|
# passwd root # save it : inubo/commun/Realisation/inubo/inubo.kdb
|
|
|
# etckeeper commit 'passwd [rescue|root]'
|
|
|
|
|
|
## Exclude SSH for Root
|
|
|
|
|
|
# sed -i -e 's/^PermitRootLogin\ without-password$/PermitRootLogin\ no/' /etc/ssh/sshd_config
|
|
|
# systemctl ssh restart
|
|
|
# etckeeper commit 'ssh/sshd_config: PermitRootLogin no'
|
|
|
|
|
|
## Exclude Recommandends Upgrade by APT
|
|
|
|
|
|
# echo 'APT::Install-Recommends "false";' >/etc/apt/apt.conf.d/99recommends
|
|
|
# etckeeper commit 'apt/apt.conf.d/99recommends: false'
|
|
|
|
|
|
## Reconfigure Locales
|
|
|
# dpkg-reconfigure locales
|
|
|
|
|
|
### Locales to be generated:
|
|
|
- **SELECT:** en_US.UTF-8 UTF-8 & fr_CH.UTF-8
|
|
|
|
|
|
### Default locale for the system environment:
|
|
|
- **SELECT:** None
|
|
|
|
|
|
|
|
|
# etckeeper commit 'locale.gen: en_US.UTF-8 & fr_CH.UTF-8'
|
|
|
|
|
|
## Install Screen
|
|
|
|
|
|
# apt-get install screen
|
|
|
|
|
|
## Copy Environnement Personnalisation
|
|
|
|
|
|
### From your Localhost
|
|
|
# scp -r ../inubo/commun/Realisation/inubo/default-user/* rescue@$IPLinux:./
|
|
|
|
|
|
### On the Linux Server as rescue
|
|
|
# mv ssh/ .ssh
|
|
|
# mv bashrc .bashrc
|
|
|
# mv colordiffrc .colordiffrc
|
|
|
# mv gitconfig .gitconfig
|
|
|
# mv screenrc .screenrc
|
|
|
# mv procmailrc .procmailrc
|
|
|
|
|
|
#### If the Linux Server don't send Mail
|
|
|
|
|
|
# rm .procmailrc
|
|
|
|
|
|
### Copy .gitconfig into Root Environnement
|
|
|
|
|
|
# su -
|
|
|
# cp /home/rescue/.gitconfig ~/
|
|
|
|
|
|
## Install NTP
|
|
|
|
|
|
# apt-get install ntp
|
|
|
|
|
|
### If NTP Server (Accept connection on port 123)
|
|
|
|
|
|
#### In /etc/rc.local add before `exit 0`
|
|
|
|
|
|
# Accept NTP requests
|
|
|
/sbin/iptables -A INPUT -p udp --sport 123 --dport 123 -m state --state NEW -j ACCEPT
|
|
|
|
|
|
#### Declare it as ntp. into /etc/hostsnano /etc/hosts
|
|
|
|
|
|
# $IP $(hostname -f) $(hostname) ntp.$(dnsdomainname)
|
|
|
|
|
|
|
|
|
## Reconfigure APT-listchanges
|
|
|
|
|
|
# dpkg-reconfigure apt-listchanges
|
|
|
|
|
|
### Change displayed with APT:
|
|
|
- **SELECT:** both
|
|
|
|
|
|
### Prompt for confirmation after displaying changes?
|
|
|
- **SELECT:** yes
|
|
|
|
|
|
|
|
|
# etckeeper commit 'apt/listchanges.conf: confirm=1 && which=both'
|
|
|
|
|
|
## Install & Configure SmartMonTools if Physical Server
|
|
|
|
|
|
# apt-get install smartmontools
|
|
|
|
|
|
### Make Smartd start on Boot
|
|
|
# nano /etc/default/smartmontools
|
|
|
- [uncomment] start_smartd=yes
|
|
|
|
|
|
|
|
|
# etckeeper commit 'default/smartmontools: start_smartd=yes'
|
|
|
|
|
|
## Purge Postfix Config
|
|
|
|
|
|
# apt-get install --purge postfix
|
|
|
|
|
|
## Reconfigure Postfix
|
|
|
|
|
|
# dpkg-reconfigure postfix
|
|
|
|
|
|
### General type of mail configuration:
|
|
|
|
|
|
- **SELECT:** Local only
|
|
|
|
|
|
### System mail name:
|
|
|
|
|
|
- hostname -f (localhost.domain.tld)
|
|
|
|
|
|
## Install Uptime
|
|
|
|
|
|
# apt-get install uptimed
|
|
|
|
|
|
## Fix the IP into /etc/network/interfaces
|
|
|
|
|
|
iface eth0 inet static
|
|
|
address $IP/$SUBNET
|
|
|
gateway $IP_GATEWAY
|
|
|
# dns-* options are implemented by the resolvconf package, if installed
|
|
|
dns-domain $(dnsdomainname)
|
|
|
dns-search $(dnsdomainname)
|
|
|
dns-nameservers $IP_DNS
|
|
|
|
|
|
### If more than one IP:
|
|
|
|
|
|
# apt-get install ifmetric
|
|
|
# nano /etc/network/interfaces
|
|
|
iface eth0 inet static
|
|
|
metric $priority
|
|
|
|
|
|
|
|
|
### Fix the DNS into /etc/resolv.conf
|
|
|
|
|
|
domain $(dnsdomainname)
|
|
|
search $(dnsdomainname)
|
|
|
nameserver $IP_DNS
|
|
|
|
|
|
### Fix the localhost resolution name into /etc/hosts
|
|
|
|
|
|
$IP $(hostname -f) $(hostname)
|
|
|
-
|
|
|
# etckeeper commit 'network/interfaces: fixed IP'
|
|
|
|
|
|
## Save SSH Print into inubo/commun/Realisation/inubo/default-user/ssh/config
|
|
|
|
|
|
# ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
|
|
|
# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
|
|
## Add contrib & non-free as sources list (at the end of each line)
|
|
|
|
|
|
# nano /etc/apt/sources.list
|
|
|
|
|
|
- deb http://ftp.ch.debian.org/debian/ wheezy main contrib non-free
|
|
|
- [...]
|
|
|
- deb-src http://ftp.ch.debian.org/debian/ jessie-updates main contrib non-free
|
|
|
|
|
|
|
|
|
# etckeeper commit 'apt/sources.list: add "contrib non-free" to all sources'
|
|
|
# apt-get update
|
|
|
|
|
|
## Add backports as source list (at the end of the file) [optionnal]
|
|
|
|
|
|
# nano /etc/apt/sources.list
|
|
|
|
|
|
- deb http://http.debian.net/debian jessie-backports main contrib non-free
|
|
|
- deb-src http://http.debian.net/debian jessie-backports main contrib non-free
|
|
|
|
|
|
|
|
|
# etckeeper commit 'apt/sources.list: add backports'
|
|
|
# apt-get update
|
|
|
|
|
|
## Install the last kernel [optionnal]
|
|
|
|
|
|
### Identify your CPU (Intel or AMD)
|
|
|
|
|
|
# cat /proc/cpuinfo
|
|
|
|
|
|
#### IF Intel
|
|
|
|
|
|
# apt-get install -t jessie-backports intel-microcode iucode-tool linux-image-$(uname -r | cut -d '-' -f 3)
|
|
|
|
|
|
#### If AMD
|
|
|
|
|
|
# apt-get install -t wheezy-backports amd64-microcode
|
|
|
|
|
|
### If trouble with some device, install lastest drivers
|
|
|
|
|
|
# apt-get install -t jessie-backports firmware-linux [firmware-$DRIVER]
|
|
|
|
|
|
## Install a bunch of tools [optionnal]
|
|
|
|
|
|
# apt-get install vrms parted hdparm mc colordiff
|
|
|
|
|
|
## Install & configure Debsecan [optionnal]
|
|
|
|
|
|
# apt-get install debsecan
|
|
|
# dkpg-reconfigure debsecan
|
|
|
|
|
|
### Main suite from which packages are installed:
|
|
|
- **SELECT:** Jessie
|
|
|
|
|
|
|
|
|
# etckeeper commit 'default/debsecan: SUITE=jessie'
|
|
|
|
|
|
# Alternative : Configuration de postfix en mode "smarthost" avec exim4
|
|
|
|
|
|
### Installer exim4 ou vérifier qu'il est bien installé
|
|
|
# apt-get update
|
|
|
# apt-get install exim4
|
|
|
|
|
|
### Première configuration
|
|
|
# dpkg-reconfigure exim4-config
|
|
|
ou
|
|
|
# nano /etc/exim4/update-exim4.conf.conf
|
|
|
dc_eximconfig_configtype='smarthost'
|
|
|
dc_other_hostnames=''
|
|
|
dc_local_interfaces='127.0.0.1 ; ::1'
|
|
|
dc_readhost='realise.ch'
|
|
|
dc_relay_domains=''
|
|
|
dc_minimaldns='false'
|
|
|
dc_relay_nets=''
|
|
|
dc_smarthost='smtp.dfinet.ch'
|
|
|
CFILEMODE='644'
|
|
|
dc_use_split_config='false'
|
|
|
dc_hide_mailname='true'
|
|
|
dc_mailname_in_oh='true'
|
|
|
dc_localdelivery='mail_spool'
|
|
|
|
|
|
### Gestion des autorisations
|
|
|
# nano /etc/exim4/passwd.client
|
|
|
mail.isp.ext:account:pwd
|
|
|
|
|
|
### Sécurisation des fichiers
|
|
|
-rw-r----- 1 Debian-exim root 289 jan 5 14:00 passwd.client
|
|
|
|
|
|
### Configuration des alias
|
|
|
# nano /etc/aliases
|
|
|
root: it@realise.ch
|
|
|
# newaliases
|
|
|
|
|
|
### Rechargement de la configuration
|
|
|
# update-exim4.conf
|
|
|
# /etc/init.d/exim4 restart
|
|
|
|
|
|
### Test d'envoi de mail
|
|
|
# cat /root/test_email.txt | sendmail -t
|
|
|
avec pour test_email.txt:
|
|
|
to : it@realise.ch
|
|
|
from : root
|
|
|
subject : Test mail with exim4 #2 with dfinet
|
|
|
|
|
|
This is the first mail sent by my server's sendmail !
|
|
|
|
|
|
Sources:
|
|
|
http://bernaerts.dyndns.org/linux/75-debian/278-debian-sendmail-gmail-account
|
|
|
https://serverfault.com/questions/734773/how-can-i-use-exim4-to-forward-email-for-root-to-another-email-address |