Systeme d'exploitation old
De Hegyd Doc.
(Différences entre les versions)
(→Debian 6 ( Squeeze)) |
m (a déplacé Systeme d'exploitation vers Systeme d'exploitation old) |
||
| (28 versions intermédiaires masquées) | |||
| Ligne 5 : | Ligne 5 : | ||
</pre> | </pre> | ||
| - | * | + | * Installer les paquets de base : |
<pre> | <pre> | ||
| - | + | aptitude update && aptitude upgrade | |
| - | + | aptitude -y install bash-completion ntp sudo htop telnet sysstat subversion git less vim-nox cscope exuberant-ctags | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
</pre> | </pre> | ||
| - | + | NB : si l'apt-get essaie de passer en ipv6 et que cela ne fonctionne pas, il faut modifier la ligne 51 du fichier /etc/gai.conf de la façon suivante : | |
<pre> | <pre> | ||
| - | + | precedence ::ffff:0:0/96 100 | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
</pre> | </pre> | ||
| Ligne 95 : | Ligne 31 : | ||
* Définir vim comme éditeur par défaut | * Définir vim comme éditeur par défaut | ||
<pre>update-alternatives --set editor /usr/bin/vim.nox</pre> | <pre>update-alternatives --set editor /usr/bin/vim.nox</pre> | ||
| - | |||
* Cloner le depot sys-common | * Cloner le depot sys-common | ||
<pre> | <pre> | ||
| - | mkdir /usr/local/share/hegyd | + | mkdir /usr/local/share/hegyd ~/.ssh |
echo -e "Host git.hegyd.net\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config | echo -e "Host git.hegyd.net\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config | ||
git clone -q git@git.hegyd.net:sys-common /usr/local/share/hegyd/sys-common | git clone -q git@git.hegyd.net:sys-common /usr/local/share/hegyd/sys-common | ||
| Ligne 112 : | Ligne 47 : | ||
* Ajouter le script d'alerte des reboot | * Ajouter le script d'alerte des reboot | ||
<pre> | <pre> | ||
| - | sed - | + | sed -i '/^exit 0/i\/usr\/local\/share\/hegyd\/sys-common\/bin\/alert-reboot' /etc/rc.local |
</pre> | </pre> | ||
* Paramétrer l'environnement utilisateur | * Paramétrer l'environnement utilisateur | ||
<pre> | <pre> | ||
| - | sed - | + | sed -i '32,34s/^#//' /etc/bash.bashrc |
cat >> /etc/bash.bashrc <<EOF | cat >> /etc/bash.bashrc <<EOF | ||
| Ligne 129 : | Ligne 64 : | ||
* Modifier le shell par défaut des utilisateurs en éditant la lignes suivante du fichier "/etc/default/useradd" : | * Modifier le shell par défaut des utilisateurs en éditant la lignes suivante du fichier "/etc/default/useradd" : | ||
| - | <pre>sed - | + | <pre>sed -i 's/^SHELL=\/bin\/sh/SHELL=\/bin\/bash/' /etc/default/useradd</pre> |
* Gestion du Umask | * Gestion du Umask | ||
<pre> | <pre> | ||
| - | sed - | + | sed -i 's/^UMASK\s\+022/UMASK 002/' /etc/login.defs |
echo "session optional pam_umask.so" >> /etc/pam.d/common-session | echo "session optional pam_umask.so" >> /etc/pam.d/common-session | ||
echo "session optional pam_umask.so" >> /etc/pam.d/common-session-noninteractive | echo "session optional pam_umask.so" >> /etc/pam.d/common-session-noninteractive | ||
| + | </pre> | ||
| + | |||
| + | * Création des groupes par défaut | ||
| + | <pre> | ||
| + | groupadd -g 1000 dev | ||
| + | groupadd -g 1001 grsec | ||
| + | groupadd -g 1002 fwadmin | ||
| + | groupadd -g 1003 adm-projects | ||
| + | groupadd -g 1004 wheel | ||
| + | </pre> | ||
| + | |||
| + | * Ajouter les utilisateurs opérateurs | ||
| + | <pre> | ||
| + | mkdir /root/.ssh | ||
| + | #echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRlmYABWijWEroDcFcTqnqy0eyDjeoA60ik9xUABHczsJpY5AA5OxdoN2JPvKXUf7+qRt3Vdx5cH39U+Z1UNrYeVQ0lRr4HIUhXgIiQ4459OHvZ0ggyfxO0zOsqcOW4FOwNXhj+ccxOvyYGjFAbTibOoqAAOzCKoaIzUlswK3hrXXGZTUA/nA8nXRaZb/mxOLtAO09iVQLAAKA3czjJuqgZckyXkuTRjcUvix2kPp7zWuXddQsaHOJic3p3/k2qReXVuiWw2xf9nhLL5Igzaarie3OlsKWz6z+ZzebQZnxOKSKMDv8sNymLy8PvKATXf3SIzZSHQ2oILVcE2nfwJN albin@wks-albin" > /root/.ssh/authorized_keys | ||
| + | #echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN+n2Bxxk8gNm1HxVW2dwitaDEhmUvhQUYcZ25gwe16hVJg+QXq98I4AQ/nSGJz3BYqy5VuPLuHR2Lmr0eOYPJY/a3hIRtqvUf9OqA3qRKoLd3mQZWUtKArjZzV6OZwUxHf72iRiOhDw/3jKupwNkBYbRiEOE9NGNB93/aLXehFtm8Uhn7vJqkI7VSuo7ooZg36AzHyORlE9NKfGMuvUQT/JNT+QYfHN/fJqNrXrFI7PEXlh/ENLJMTc9RqeyQR5LrfBnew0XTknGohMd2Cr0TimQw7Hc4qk8l/xJygHYJzroRPh7swXuBIfOOnwzM+OYj/846OP8RYczP1LoZry9H g.lalleman@hegyd.com" > /root/.ssh/authorized_keys | ||
| + | echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com | ||
| + | ssh-dss AAAAB3NzaC1kc3MAAAEBAOXwQs9lkCjhmbbhNarQQutsLq/XEmcosTjMJVVYv605x2jUe45pcMgOla0yDWs8wgLPrONcivonuLJOaYbU1YBvziJv8UxLD2R5dKvz2jITnPV49H2gVZyzb6gyt1egfEm9b3zrbWZyrCYTtFzbQzwWGMC1P2h3AuKXWeiOvWvmkLS5aqwkkoJaQB69gBGkAS/2z2fC5ymYfDtr3L+UurVLoSFWXyLgMJlrEXq10PkQ0UbJHaWskeB02VT8C5FcTsqw0H+RTpqA1Ht42wkziDXQ8S3tFcPgz7laXf426tMI92gN5p8SGYDrQRqoWKSt1aKBy8QNujt3Kh2mQrTNP4kAAAAVAJ5BuPa94zIYG0i2xT4XRFW9NE7rAAABAQDIdUN3PZ1/dGM8WHj6Y9D0bwyqjba3J4s+2/6i86TJ7222LvODyjyPJpzzp4H0c7OYlNq3r3WX7ppq6zRrj4nXAmtANEtJEu5D47UOV4DsZ0zQZTFNVkrsBF1tXQLZkG6YY+bPnrqUYY5gkiN42Jys0gshJOW2SwlHOJRlNWu2F94Cm0934vrU8g0ODDHJf8A7r6rxzpD4+TzVTSeH5qgbD19oo6mcYYGNvm+rnXneTp4vganLdi2J7PM2yti0F5gKceObWRCISIa8LBNBH7i09ySKssp8USnhZjsKpOqRCEws1SO4dYGH3HECHOHXLhDzuLrfOpXyzgvYbtmADY2YAAABADTW5EXAA0yw5LFcjGzicWf9w5ojGpYNMW4i9i0OFTJE0Gz4DYwnTmdgPAVSHyRux8jxD7JjLs/t43ovewybEXpvs/5GKH4ZnjCkcQWPisYf5DtFpvXQPWNT96CbEXHSJgSVFQ6o+tpPm6RLkKxwinErhHC6/eBdv+HbjF2VDIpcSDRpyzykHEYUhBxU/3bUj7CESbqE3xbgi0arV1mCtGd+S1rzXup56A4BdFZl8sRfApBHQVZxCiYf0J6DJY6o16uj6Jl8bqdzkfxaX4hzCqe3QJkN1aCDSEymOizGyOqEqfdaEQLKRTzZfF7YfrEivqB6EvZkOYmfo5C2vqSs050= pascal@penta | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ admin@backup.hegyd.com | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue" >> /root/.ssh/authorized_keys | ||
| + | chmod 700 /root/.ssh | ||
| + | chmod 600 /root/.ssh/authorized_keys | ||
| + | |||
| + | #useradd -m -u 1002 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash gael | ||
| + | #mkdir /home/gael/.ssh | ||
| + | #chmod 700 /home/gael/.ssh | ||
| + | #echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN+n2Bxxk8gNm1HxVW2dwitaDEhmUvhQUYcZ25gwe16hVJg+QXq98I4AQ/nSGJz3BYqy5VuPLuHR2Lmr0eOYPJY/a3hIRtqvUf9OqA3qRKoLd3mQZWUtKArjZzV6OZwUxHf72iRiOhDw/3jKupwNkBYbRiEOE9NGNB93/aLXehFtm8Uhn7vJqkI7VSuo7ooZg36AzHyORlE9NKfGMuvUQT/JNT+QYfHN/fJqNrXrFI7PEXlh/ENLJMTc9RqeyQR5LrfBnew0XTknGohMd2Cr0TimQw7Hc4qk8l/xJygHYJzroRPh7swXuBIfOOnwzM+OYj/846OP8RYczP1LoZry9H g.lalleman@hegyd.com" > /home/gael/.ssh/authorized_keys | ||
| + | #chmod 600 /home/gael/.ssh/authorized_keys | ||
| + | #chown -R gael:gael /home/gael/.ssh | ||
| + | |||
| + | useradd -m -u 1020 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash mike | ||
| + | mkdir /home/mike/.ssh | ||
| + | chmod 700 /home/mike/.ssh | ||
| + | echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrFOIGcDPe+LfoPc11vtv2EOVG63zBndLVnf48mC+krw2vXomDLXG+KnhIAx1yFhCh6B/8R9C3wMxwhghemE3succS+Q7Truu2pd7zDmDNn6cd8Iw02qe8dl3nZhVk5XtGMgeV3JRA7u8q32i4tadbONRICExjcm9pVL5wx5aLzNBtu1opyMdvHc0dBelghVa9kkg6bRri8AF38M16NTEqQNA7crwHHa9ZLBE+8xFWmkJdBJ7zRoR6XEwbOr020VEM+sKzCPl0sy606aW3bi59tYobqAGBjTglIOJWXKMxu1cPJnSCx6Xom9F6AeF1C4CghVrZpfu++XSmJQtXoId m.reault@hegyd.com" > /home/mike/.ssh/authorized_keys | ||
| + | chmod 600 /home/mike/.ssh/authorized_keys | ||
| + | chown -R mike:mike /home/mike/.ssh | ||
| + | |||
| + | useradd -m -u 1021 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash -p paCtx8rsjkGhQ admin | ||
| + | mkdir /home/admin/.ssh | ||
| + | chmod 700 /home/admin/.ssh | ||
| + | echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com | ||
| + | ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD | ||
| + | ssh-dss AAAAB3NzaC1kc3MAAAEBAOXwQs9lkCjhmbbhNarQQutsLq/XEmcosTjMJVVYv605x2jUe45pcMgOla0yDWs8wgLPrONcivonuLJOaYbU1YBvziJv8UxLD2R5dKvz2jITnPV49H2gVZyzb6gyt1egfEm9b3zrbWZyrCYTtFzbQzwWGMC1P2h3AuKXWeiOvWvmkLS5aqwkkoJaQB69gBGkAS/2z2fC5ymYfDtr3L+UurVLoSFWXyLgMJlrEXq10PkQ0UbJHaWskeB02VT8C5FcTsqw0H+RTpqA1Ht42wkziDXQ8S3tFcPgz7laXf426tMI92gN5p8SGYDrQRqoWKSt1aKBy8QNujt3Kh2mQrTNP4kAAAAVAJ5BuPa94zIYG0i2xT4XRFW9NE7rAAABAQDIdUN3PZ1/dGM8WHj6Y9D0bwyqjba3J4s+2/6i86TJ7222LvODyjyPJpzzp4H0c7OYlNq3r3WX7ppq6zRrj4nXAmtANEtJEu5D47UOV4DsZ0zQZTFNVkrsBF1tXQLZkG6YY+bPnrqUYY5gkiN42Jys0gshJOW2SwlHOJRlNWu2F94Cm0934vrU8g0ODDHJf8A7r6rxzpD4+TzVTSeH5qgbD19oo6mcYYGNvm+rnXneTp4vganLdi2J7PM2yti0F5gKceObWRCISIa8LBNBH7i09ySKssp8USnhZjsKpOqRCEws1SO4dYGH3HECHOHXLhDzuLrfOpXyzgvYbtmADY2YAAABADTW5EXAA0yw5LFcjGzicWf9w5ojGpYNMW4i9i0OFTJE0Gz4DYwnTmdgPAVSHyRux8jxD7JjLs/t43ovewybEXpvs/5GKH4ZnjCkcQWPisYf5DtFpvXQPWNT96CbEXHSJgSVFQ6o+tpPm6RLkKxwinErhHC6/eBdv+HbjF2VDIpcSDRpyzykHEYUhBxU/3bUj7CESbqE3xbgi0arV1mCtGd+S1rzXup56A4BdFZl8sRfApBHQVZxCiYf0J6DJY6o16uj6Jl8bqdzkfxaX4hzCqe3QJkN1aCDSEymOizGyOqEqfdaEQLKRTzZfF7YfrEivqB6EvZkOYmfo5C2vqSs050= pascal@penta | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ admin@backup.hegyd.com | ||
| + | " > /home/admin/.ssh/authorized_keys | ||
| + | chmod 600 /home/admin/.ssh/authorized_keys | ||
| + | chown -R admin:admin /home/admin/.ssh | ||
| + | |||
| + | useradd -m -u 1022 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash -p pa2TnhUhhBRfU support | ||
| + | mkdir /home/support/.ssh | ||
| + | chmod 700 /home/support/.ssh | ||
| + | touch /home/support/.ssh/authorized_keys | ||
| + | chmod 600 /home/support/.ssh/authorized_keys | ||
| + | chown -R support:support /home/support/.ssh | ||
| + | |||
| + | chmod 750 /home/* | ||
| + | </pre> | ||
| + | |||
| + | * Configurer openssh-server | ||
| + | <pre> | ||
| + | sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config | ||
| + | cat >> /etc/ssh/sshd_config <<EOF | ||
| + | |||
| + | UseDns no | ||
| + | AllowUsers root mike admin support | ||
| + | EOF | ||
| + | service ssh reload | ||
</pre> | </pre> | ||
| Ligne 177 : | Ligne 180 : | ||
endscript\ | endscript\ | ||
}' /etc/logrotate.d/rsyslog | }' /etc/logrotate.d/rsyslog | ||
| + | chgrp dev /var/log/mail.log | ||
</pre> | </pre> | ||
<pre> | <pre> | ||
| Ligne 197 : | Ligne 201 : | ||
/dev/mapper/vg_algorel-var /var ext4 defaults,noatime 0 2 | /dev/mapper/vg_algorel-var /var ext4 defaults,noatime 0 2 | ||
</pre> | </pre> | ||
| + | |||
| + | |||
== Par feu == | == Par feu == | ||
| Ligne 205 : | Ligne 211 : | ||
chmod 2770 /etc/firewall | chmod 2770 /etc/firewall | ||
sed -i -e '/^Defaults\s\+env_reset\s*$/aDefaults:%fwadmin !lecture , passwd_timeout=1 , timestamp_timeout=1' -e "/^root\s\+ALL=(ALL)\s\+ALL\s*$/a%fwadmin ALL = NOPASSWD: /etc/firewall/$(hostname -f).fw , /usr/bin/pkill" /etc/sudoers | sed -i -e '/^Defaults\s\+env_reset\s*$/aDefaults:%fwadmin !lecture , passwd_timeout=1 , timestamp_timeout=1' -e "/^root\s\+ALL=(ALL)\s\+ALL\s*$/a%fwadmin ALL = NOPASSWD: /etc/firewall/$(hostname -f).fw , /usr/bin/pkill" /etc/sudoers | ||
| - | sed - | + | sed -i "/^exit 0/i\/etc\/firewall\/$(hostname -f).fw" /etc/rc.local |
</pre> | </pre> | ||
| Ligne 217 : | Ligne 223 : | ||
<pre> | <pre> | ||
apt-get install mysql-client git | apt-get install mysql-client git | ||
| + | </pre> | ||
| + | |||
| + | === UTF-8 client / serveur === | ||
| + | <pre> | ||
| + | sed -i -e '/\[client\]/{n;n;/$/a \ | ||
| + | default-character-set = utf8 | ||
| + | }' \ | ||
| + | -e '/\[mysqld\]/a \ | ||
| + | character_set_server = utf8\ | ||
| + | collation_server = utf8_general_ci' \ | ||
| + | -e '/\[mysql\]/a \ | ||
| + | default-character-set = utf8' /etc/mysql/my.cnf | ||
</pre> | </pre> | ||
| Ligne 230 : | Ligne 248 : | ||
Installer le noyau Hegyd. | Installer le noyau Hegyd. | ||
| - | + | Se connecter en SSH sur backup.hegyd.net en tant que user admin, puis<br /> | |
| - | + | <pre> | |
| + | cd | ||
| + | scp -r kernel-hegyd root@<NOM-VM>.hegyd.net: | ||
| + | </pre> | ||
| - | [[ | + | Sur la VM, installer le noyau : |
| + | <pre> | ||
| + | cd kernel-hegyd | ||
| + | dpkg -i *.deb | ||
| + | NB : ne pas tenir compte des messages : | ||
| + | FATAL: Could not load /lib/modules/3.2.13-1-grsec-hegyd-vms-ipv6-64/modules.dep: No such file or directory | ||
| + | </pre> | ||
| + | |||
| + | Sur un serveur, si le précédent noyau est conservé, il faut indiquer à grub d'utiliser ce noyau plutot que le noyau OVH. | ||
| + | Dans le fichier /etc/default/grub : | ||
| + | <pre> | ||
| + | remplacer : | ||
| + | GRUB_DEFAULT=0 | ||
| + | par : | ||
| + | GRUB_DEFAULT=1 | ||
| + | |||
| + | Puis, relancer : | ||
| + | update-grub | ||
| + | </pre> | ||
| + | Rebooter la VM ou le serveur pour charger le nouveau noyau | ||
| + | |||
| + | == Sauvegarde == | ||
| + | * Installer et configurer [[Bacula#Debian]] | ||
Version actuelle en date du 23 juillet 2014 à 13:16
Sommaire |
[modifier] Debian 6 ( Squeeze)
- Modification du mot de passe root si nécessaire
passwd
- Installer les paquets de base :
aptitude update && aptitude upgrade aptitude -y install bash-completion ntp sudo htop telnet sysstat subversion git less vim-nox cscope exuberant-ctags
NB : si l'apt-get essaie de passer en ipv6 et que cela ne fonctionne pas, il faut modifier la ligne 51 du fichier /etc/gai.conf de la façon suivante :
precedence ::ffff:0:0/96 100
- Paramétrer les locales :
echo -n > /etc/environment echo -n > /etc/default/locale
- Paramétrer debconf :
apt-get install dialog && echo "debconf debconf/priority select high" | debconf-set-selections && echo "debconf debconf/frontend select Dialog" | debconf-set-selections
- Définir vim comme éditeur par défaut
update-alternatives --set editor /usr/bin/vim.nox
- Cloner le depot sys-common
mkdir /usr/local/share/hegyd ~/.ssh echo -e "Host git.hegyd.net\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config git clone -q git@git.hegyd.net:sys-common /usr/local/share/hegyd/sys-common chmod -R g+rw /usr/local/share/hegyd
- Ajouter une version prédéfinie de VimRC
ln -s /usr/local/share/hegyd/sys-common/vim/vimrc_hegyd /etc/vim/vimrc.local
- Ajouter le script d'alerte des reboot
sed -i '/^exit 0/i\/usr\/local\/share\/hegyd\/sys-common\/bin\/alert-reboot' /etc/rc.local
- Paramétrer l'environnement utilisateur
sed -i '32,34s/^#//' /etc/bash.bashrc cat >> /etc/bash.bashrc <<EOF export LS_OPTIONS='--color=auto' eval "\`dircolors\`" alias ls='ls $LS_OPTIONS' alias ll='ls $LS_OPTIONS -l' alias grep='grep --color=auto' EOF
- Modifier le shell par défaut des utilisateurs en éditant la lignes suivante du fichier "/etc/default/useradd" :
sed -i 's/^SHELL=\/bin\/sh/SHELL=\/bin\/bash/' /etc/default/useradd
- Gestion du Umask
sed -i 's/^UMASK\s\+022/UMASK 002/' /etc/login.defs echo "session optional pam_umask.so" >> /etc/pam.d/common-session echo "session optional pam_umask.so" >> /etc/pam.d/common-session-noninteractive
- Création des groupes par défaut
groupadd -g 1000 dev groupadd -g 1001 grsec groupadd -g 1002 fwadmin groupadd -g 1003 adm-projects groupadd -g 1004 wheel
- Ajouter les utilisateurs opérateurs
mkdir /root/.ssh #echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRlmYABWijWEroDcFcTqnqy0eyDjeoA60ik9xUABHczsJpY5AA5OxdoN2JPvKXUf7+qRt3Vdx5cH39U+Z1UNrYeVQ0lRr4HIUhXgIiQ4459OHvZ0ggyfxO0zOsqcOW4FOwNXhj+ccxOvyYGjFAbTibOoqAAOzCKoaIzUlswK3hrXXGZTUA/nA8nXRaZb/mxOLtAO09iVQLAAKA3czjJuqgZckyXkuTRjcUvix2kPp7zWuXddQsaHOJic3p3/k2qReXVuiWw2xf9nhLL5Igzaarie3OlsKWz6z+ZzebQZnxOKSKMDv8sNymLy8PvKATXf3SIzZSHQ2oILVcE2nfwJN albin@wks-albin" > /root/.ssh/authorized_keys #echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN+n2Bxxk8gNm1HxVW2dwitaDEhmUvhQUYcZ25gwe16hVJg+QXq98I4AQ/nSGJz3BYqy5VuPLuHR2Lmr0eOYPJY/a3hIRtqvUf9OqA3qRKoLd3mQZWUtKArjZzV6OZwUxHf72iRiOhDw/3jKupwNkBYbRiEOE9NGNB93/aLXehFtm8Uhn7vJqkI7VSuo7ooZg36AzHyORlE9NKfGMuvUQT/JNT+QYfHN/fJqNrXrFI7PEXlh/ENLJMTc9RqeyQR5LrfBnew0XTknGohMd2Cr0TimQw7Hc4qk8l/xJygHYJzroRPh7swXuBIfOOnwzM+OYj/846OP8RYczP1LoZry9H g.lalleman@hegyd.com" > /root/.ssh/authorized_keys echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com ssh-dss AAAAB3NzaC1kc3MAAAEBAOXwQs9lkCjhmbbhNarQQutsLq/XEmcosTjMJVVYv605x2jUe45pcMgOla0yDWs8wgLPrONcivonuLJOaYbU1YBvziJv8UxLD2R5dKvz2jITnPV49H2gVZyzb6gyt1egfEm9b3zrbWZyrCYTtFzbQzwWGMC1P2h3AuKXWeiOvWvmkLS5aqwkkoJaQB69gBGkAS/2z2fC5ymYfDtr3L+UurVLoSFWXyLgMJlrEXq10PkQ0UbJHaWskeB02VT8C5FcTsqw0H+RTpqA1Ht42wkziDXQ8S3tFcPgz7laXf426tMI92gN5p8SGYDrQRqoWKSt1aKBy8QNujt3Kh2mQrTNP4kAAAAVAJ5BuPa94zIYG0i2xT4XRFW9NE7rAAABAQDIdUN3PZ1/dGM8WHj6Y9D0bwyqjba3J4s+2/6i86TJ7222LvODyjyPJpzzp4H0c7OYlNq3r3WX7ppq6zRrj4nXAmtANEtJEu5D47UOV4DsZ0zQZTFNVkrsBF1tXQLZkG6YY+bPnrqUYY5gkiN42Jys0gshJOW2SwlHOJRlNWu2F94Cm0934vrU8g0ODDHJf8A7r6rxzpD4+TzVTSeH5qgbD19oo6mcYYGNvm+rnXneTp4vganLdi2J7PM2yti0F5gKceObWRCISIa8LBNBH7i09ySKssp8USnhZjsKpOqRCEws1SO4dYGH3HECHOHXLhDzuLrfOpXyzgvYbtmADY2YAAABADTW5EXAA0yw5LFcjGzicWf9w5ojGpYNMW4i9i0OFTJE0Gz4DYwnTmdgPAVSHyRux8jxD7JjLs/t43ovewybEXpvs/5GKH4ZnjCkcQWPisYf5DtFpvXQPWNT96CbEXHSJgSVFQ6o+tpPm6RLkKxwinErhHC6/eBdv+HbjF2VDIpcSDRpyzykHEYUhBxU/3bUj7CESbqE3xbgi0arV1mCtGd+S1rzXup56A4BdFZl8sRfApBHQVZxCiYf0J6DJY6o16uj6Jl8bqdzkfxaX4hzCqe3QJkN1aCDSEymOizGyOqEqfdaEQLKRTzZfF7YfrEivqB6EvZkOYmfo5C2vqSs050= pascal@penta ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ admin@backup.hegyd.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue" >> /root/.ssh/authorized_keys chmod 700 /root/.ssh chmod 600 /root/.ssh/authorized_keys #useradd -m -u 1002 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash gael #mkdir /home/gael/.ssh #chmod 700 /home/gael/.ssh #echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN+n2Bxxk8gNm1HxVW2dwitaDEhmUvhQUYcZ25gwe16hVJg+QXq98I4AQ/nSGJz3BYqy5VuPLuHR2Lmr0eOYPJY/a3hIRtqvUf9OqA3qRKoLd3mQZWUtKArjZzV6OZwUxHf72iRiOhDw/3jKupwNkBYbRiEOE9NGNB93/aLXehFtm8Uhn7vJqkI7VSuo7ooZg36AzHyORlE9NKfGMuvUQT/JNT+QYfHN/fJqNrXrFI7PEXlh/ENLJMTc9RqeyQR5LrfBnew0XTknGohMd2Cr0TimQw7Hc4qk8l/xJygHYJzroRPh7swXuBIfOOnwzM+OYj/846OP8RYczP1LoZry9H g.lalleman@hegyd.com" > /home/gael/.ssh/authorized_keys #chmod 600 /home/gael/.ssh/authorized_keys #chown -R gael:gael /home/gael/.ssh useradd -m -u 1020 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash mike mkdir /home/mike/.ssh chmod 700 /home/mike/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrFOIGcDPe+LfoPc11vtv2EOVG63zBndLVnf48mC+krw2vXomDLXG+KnhIAx1yFhCh6B/8R9C3wMxwhghemE3succS+Q7Truu2pd7zDmDNn6cd8Iw02qe8dl3nZhVk5XtGMgeV3JRA7u8q32i4tadbONRICExjcm9pVL5wx5aLzNBtu1opyMdvHc0dBelghVa9kkg6bRri8AF38M16NTEqQNA7crwHHa9ZLBE+8xFWmkJdBJ7zRoR6XEwbOr020VEM+sKzCPl0sy606aW3bi59tYobqAGBjTglIOJWXKMxu1cPJnSCx6Xom9F6AeF1C4CghVrZpfu++XSmJQtXoId m.reault@hegyd.com" > /home/mike/.ssh/authorized_keys chmod 600 /home/mike/.ssh/authorized_keys chown -R mike:mike /home/mike/.ssh useradd -m -u 1021 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash -p paCtx8rsjkGhQ admin mkdir /home/admin/.ssh chmod 700 /home/admin/.ssh echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD ssh-dss AAAAB3NzaC1kc3MAAAEBAOXwQs9lkCjhmbbhNarQQutsLq/XEmcosTjMJVVYv605x2jUe45pcMgOla0yDWs8wgLPrONcivonuLJOaYbU1YBvziJv8UxLD2R5dKvz2jITnPV49H2gVZyzb6gyt1egfEm9b3zrbWZyrCYTtFzbQzwWGMC1P2h3AuKXWeiOvWvmkLS5aqwkkoJaQB69gBGkAS/2z2fC5ymYfDtr3L+UurVLoSFWXyLgMJlrEXq10PkQ0UbJHaWskeB02VT8C5FcTsqw0H+RTpqA1Ht42wkziDXQ8S3tFcPgz7laXf426tMI92gN5p8SGYDrQRqoWKSt1aKBy8QNujt3Kh2mQrTNP4kAAAAVAJ5BuPa94zIYG0i2xT4XRFW9NE7rAAABAQDIdUN3PZ1/dGM8WHj6Y9D0bwyqjba3J4s+2/6i86TJ7222LvODyjyPJpzzp4H0c7OYlNq3r3WX7ppq6zRrj4nXAmtANEtJEu5D47UOV4DsZ0zQZTFNVkrsBF1tXQLZkG6YY+bPnrqUYY5gkiN42Jys0gshJOW2SwlHOJRlNWu2F94Cm0934vrU8g0ODDHJf8A7r6rxzpD4+TzVTSeH5qgbD19oo6mcYYGNvm+rnXneTp4vganLdi2J7PM2yti0F5gKceObWRCISIa8LBNBH7i09ySKssp8USnhZjsKpOqRCEws1SO4dYGH3HECHOHXLhDzuLrfOpXyzgvYbtmADY2YAAABADTW5EXAA0yw5LFcjGzicWf9w5ojGpYNMW4i9i0OFTJE0Gz4DYwnTmdgPAVSHyRux8jxD7JjLs/t43ovewybEXpvs/5GKH4ZnjCkcQWPisYf5DtFpvXQPWNT96CbEXHSJgSVFQ6o+tpPm6RLkKxwinErhHC6/eBdv+HbjF2VDIpcSDRpyzykHEYUhBxU/3bUj7CESbqE3xbgi0arV1mCtGd+S1rzXup56A4BdFZl8sRfApBHQVZxCiYf0J6DJY6o16uj6Jl8bqdzkfxaX4hzCqe3QJkN1aCDSEymOizGyOqEqfdaEQLKRTzZfF7YfrEivqB6EvZkOYmfo5C2vqSs050= pascal@penta ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ admin@backup.hegyd.com " > /home/admin/.ssh/authorized_keys chmod 600 /home/admin/.ssh/authorized_keys chown -R admin:admin /home/admin/.ssh useradd -m -u 1022 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash -p pa2TnhUhhBRfU support mkdir /home/support/.ssh chmod 700 /home/support/.ssh touch /home/support/.ssh/authorized_keys chmod 600 /home/support/.ssh/authorized_keys chown -R support:support /home/support/.ssh chmod 750 /home/*
- Configurer openssh-server
sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config cat >> /etc/ssh/sshd_config <<EOF UseDns no AllowUsers root mike admin support EOF service ssh reload
- Installer le serveur de mail local
debconf-set-selections <<EOF
postfix postfix/root_address string
postfix postfix/rfc1035_violation boolean false
postfix postfix/mydomain_warning boolean
postfix postfix/mynetworks string 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
postfix postfix/mailname string $(hostname -f)
postfix postfix/tlsmgr_upgrade_warning boolean
postfix postfix/recipient_delim string +
postfix postfix/main_mailer_type select Internet Site
postfix postfix/destinations string $(hostname -f), localhost.$(hostname -f | sed -e 's/^[^.]\+\.\(.*\)$/\1/'), localhost
postfix postfix/retry_upgrade_warning boolean
# Faut-il installer postfix malgré l'incompatibilité du noyau ?
postfix postfix/kernel_version_warning boolean
postfix postfix/not_configured error
postfix postfix/mailbox_limit string 0
postfix postfix/relayhost string
postfix postfix/procmail boolean false
postfix postfix/bad_recipient_delimiter error
postfix postfix/protocols select ipv4
postfix postfix/chattr boolean false
EOF
aptitude -y install postfix heirloom-mailx
sed -i -e '/^\/var\/log\/mail.log$/d' -e '/\/var\/log\/mail.info/i \
/var/log/mail.log\
{\
rotate 4\
weekly\
missingok\
notifempty\
compress\
delaycompress\
create 640 root dev\
sharedscripts\
postrotate\
invoke-rc.d rsyslog reload > /dev/null\
endscript\
}' /etc/logrotate.d/rsyslog
chgrp dev /var/log/mail.log
cat >> /etc/aliases <<EOF root: tech@hegyd.com gael: g.lalleman@hegyd.com mike: m.reault@netprestation.com EOF newaliases service postfix reload
- Modifier les points de montage par défault en éditant le fichier "/etc/fstab" pour ajouter les options "noatime,barrier=0" à tout les montages ext4.
Exemple :
/dev/mapper/vg_vm-root / ext4 errors=remount-ro,relatime 0 1 UUID=6f7256e5-a5e3-4019-9f08-c582c20ffceb /boot ext2 defaults 0 2 /dev/mapper/vg_vm-home /home ext4 defaults,noatime,barrier=0 0 2 /dev/mapper/vg_algorel-tmp /tmp ext4 defaults,noatime,barrier=0 0 2 /dev/mapper/vg_algorel-var /var ext4 defaults,noatime 0 2
[modifier] Par feu
- Configurer le système
mkdir /etc/firewall chgrp fwadmin /etc/firewall chmod 2770 /etc/firewall sed -i -e '/^Defaults\s\+env_reset\s*$/aDefaults:%fwadmin !lecture , passwd_timeout=1 , timestamp_timeout=1' -e "/^root\s\+ALL=(ALL)\s\+ALL\s*$/a%fwadmin ALL = NOPASSWD: /etc/firewall/$(hostname -f).fw , /usr/bin/pkill" /etc/sudoers sed -i "/^exit 0/i\/etc\/firewall\/$(hostname -f).fw" /etc/rc.local
- ajouter la vm dans le groupe virtualmachine de firewall builder
- Créer et déployer le par feu
Créer le firewall sur firewall-builder puis le déployer
[modifier] Installation paquets clients
apt-get install mysql-client git
[modifier] UTF-8 client / serveur
sed -i -e '/\[client\]/{n;n;/$/a \
default-character-set = utf8
}' \
-e '/\[mysqld\]/a \
character_set_server = utf8\
collation_server = utf8_general_ci' \
-e '/\[mysql\]/a \
default-character-set = utf8' /etc/mysql/my.cnf
[modifier] Serveur de cache DNS local
- Suivre la procédure Bind
[modifier] Monitoring / Supervision
- Installer et configurer Snmp
- Installer et configurer le client NRPE pour Squeeze
[modifier] Noyau
Installer le noyau Hegyd.
Se connecter en SSH sur backup.hegyd.net en tant que user admin, puis
cd scp -r kernel-hegyd root@<NOM-VM>.hegyd.net:
Sur la VM, installer le noyau :
cd kernel-hegyd dpkg -i *.deb NB : ne pas tenir compte des messages : FATAL: Could not load /lib/modules/3.2.13-1-grsec-hegyd-vms-ipv6-64/modules.dep: No such file or directory
Sur un serveur, si le précédent noyau est conservé, il faut indiquer à grub d'utiliser ce noyau plutot que le noyau OVH. Dans le fichier /etc/default/grub :
remplacer : GRUB_DEFAULT=0 par : GRUB_DEFAULT=1 Puis, relancer : update-grub
Rebooter la VM ou le serveur pour charger le nouveau noyau
[modifier] Sauvegarde
- Installer et configurer Bacula#Debian
