Systeme d'exploitation Debian 8

De Hegyd Doc.

(Différences entre les versions)
(Debian 8 ( Jessie ))
(Installation paquets clients)
 
(7 versions intermédiaires masquées)
Ligne 22 : Ligne 22 :
EOF
EOF
-
apt-get update && apt-get upgrade
+
apt-get update && apt-get -y dist-upgrade
-
apt-get -y install bash-completion ntp sudo htop telnet sysstat subversion git less vim-nox cscope exuberant-ctags
+
apt-get -y install bash-completion ntp sudo htop telnet sysstat subversion git less vim-nox cscope exuberant-ctags curl
</pre>
</pre>
Ligne 83 : Ligne 83 :
<pre>
<pre>
mkdir /root/.ssh
mkdir /root/.ssh
-
#echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRlmYABWijWEroDcFcTqnqy0eyDjeoA60ik9xUABHczsJpY5AA5OxdoN2JPvKXUf7+qRt3Vdx5cH39U+Z1UNrYeVQ0lRr4HIUhXgIiQ4459OHvZ0ggyfxO0zOsqcOW4FOwNXhj+ccxOvyYGjFAbTibOoqAAOzCKoaIzUlswK3hrXXGZTUA/nA8nXRaZb/mxOLtAO09iVQLAAKA3czjJuqgZckyXkuTRjcUvix2kPp7zWuXddQsaHOJic3p3/k2qReXVuiWw2xf9nhLL5Igzaarie3OlsKWz6z+ZzebQZnxOKSKMDv8sNymLy8PvKATXf3SIzZSHQ2oILVcE2nfwJN albin@wks-albin" > /root/.ssh/authorized_keys
 
-
#echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN+n2Bxxk8gNm1HxVW2dwitaDEhmUvhQUYcZ25gwe16hVJg+QXq98I4AQ/nSGJz3BYqy5VuPLuHR2Lmr0eOYPJY/a3hIRtqvUf9OqA3qRKoLd3mQZWUtKArjZzV6OZwUxHf72iRiOhDw/3jKupwNkBYbRiEOE9NGNB93/aLXehFtm8Uhn7vJqkI7VSuo7ooZg36AzHyORlE9NKfGMuvUQT/JNT+QYfHN/fJqNrXrFI7PEXlh/ENLJMTc9RqeyQR5LrfBnew0XTknGohMd2Cr0TimQw7Hc4qk8l/xJygHYJzroRPh7swXuBIfOOnwzM+OYj/846OP8RYczP1LoZry9H g.lalleman@hegyd.com" > /root/.ssh/authorized_keys
 
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com
-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ admin@backup.hegyd.com
+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ MGA@HEGYD
-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue" >> /root/.ssh/authorized_keys
+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue
 +
ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD
 +
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXpz3F6Asw+NpyThBEzhSO+SOjKMG84oOZH+mktNBC0omaOgGsJ95inRXzLYhXb+KkP172LXNkBU0VvM3Rnl4H2ZVDOoWf0YTSB/drue4BehJk4YRLwqGixzfRHYrJdjnY5ZGrbbrYUVecWdkostIzoWk9M3X0VCdKjZw0Ug80ior9+0QpJVRswERx7AGniH0nDffpWeOPyD/dmGXVbhx1OlQW9GyKlxqz/CNQTqKMOHUI3A51ZNoc92Nv/5rJLQQ0AkP0nBvFW2sMmGP/ZV6uRIHuE1Dk4I0YpaWkp/TcsybN0kNlMvbUAdU/F0vhFj4nhm/qdqG3dqrw/jp06X7wW3ksbGRBGZCbhPkLJqlfNye8/6CcGIuaj56PT04ANBjHun8opKix2tSLi/8JY4LaZ6SsKvYm94U41LO3C8jvK+sXdkwjDOCv4NfXO3V+rNEHf9IwD5X1G+HcXF+d0v+pFSOWgpm5rd05GUwFddvWH/ypUSHrYAWQqbBtxyu3LHQrQCyp3aDtyLWgwYSu6pr6CftS5rZGFU52Gi9BDirKL5Ia+Q4EAgh4GwHFhgJoTCVPbhdxwHW8GhQPrvXC+JfnS5yawTmyi2GUvgtCmbGS211xG2Rd/uxOtRZTosbHeYNWbu9+YDTxQpw7iEGz7z6KQm0Lc2XUy2eMaFY0xMgwjQ== enzo@dri
 +
" >> /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
Ligne 102 : Ligne 103 :
chmod 700 /home/admin/.ssh
chmod 700 /home/admin/.ssh
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com
-
ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD
+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ MGA@HEGYD
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue
-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ admin@backup.hegyd.com
+
ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD
-
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhMy9998juGMZe9UkeTI/OoX0MFJMei0eFwRIrf+wd88CUX4uPcjnYmWCKRRb69MrMYeYB1wLkc1DbVdV7Y77qR9AaYy2xoUCjqeP90PFw7RhVtyku0hKagiSemXn7nM7pXbnHQdn86p/cz+RnZjzglWplsvGl0NXKHW2mGdUaCVacsXSQDKqrPH3CvUsUulZF+i4xu1MHcQyfvfroH+2+G8vj/JZIOi1kUktazDOHIaQMU7F1CRK6MIfo4mksdEwEhF2K0Wstm/umYtT4kavK8CjjDelPeIsjN8rPmsTP8aO9akTSejyQA9gYpmXy3/mCwxlt0CACzkGXE2KD3kpBw== rsa-amaury
+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXpz3F6Asw+NpyThBEzhSO+SOjKMG84oOZH+mktNBC0omaOgGsJ95inRXzLYhXb+KkP172LXNkBU0VvM3Rnl4H2ZVDOoWf0YTSB/drue4BehJk4YRLwqGixzfRHYrJdjnY5ZGrbbrYUVecWdkostIzoWk9M3X0VCdKjZw0Ug80ior9+0QpJVRswERx7AGniH0nDffpWeOPyD/dmGXVbhx1OlQW9GyKlxqz/CNQTqKMOHUI3A51ZNoc92Nv/5rJLQQ0AkP0nBvFW2sMmGP/ZV6uRIHuE1Dk4I0YpaWkp/TcsybN0kNlMvbUAdU/F0vhFj4nhm/qdqG3dqrw/jp06X7wW3ksbGRBGZCbhPkLJqlfNye8/6CcGIuaj56PT04ANBjHun8opKix2tSLi/8JY4LaZ6SsKvYm94U41LO3C8jvK+sXdkwjDOCv4NfXO3V+rNEHf9IwD5X1G+HcXF+d0v+pFSOWgpm5rd05GUwFddvWH/ypUSHrYAWQqbBtxyu3LHQrQCyp3aDtyLWgwYSu6pr6CftS5rZGFU52Gi9BDirKL5Ia+Q4EAgh4GwHFhgJoTCVPbhdxwHW8GhQPrvXC+JfnS5yawTmyi2GUvgtCmbGS211xG2Rd/uxOtRZTosbHeYNWbu9+YDTxQpw7iEGz7z6KQm0Lc2XUy2eMaFY0xMgwjQ== enzo@dri
-
" > /home/admin/.ssh/authorized_keys
+
" >> /home/admin/.ssh/authorized_keys
chmod 600 /home/admin/.ssh/authorized_keys
chmod 600 /home/admin/.ssh/authorized_keys
chown -R admin:admin /home/admin/.ssh
chown -R admin:admin /home/admin/.ssh
Ligne 123 : Ligne 124 :
*  Configurer openssh-server
*  Configurer openssh-server
<pre>
<pre>
-
alias root="ssh -A root@localhost"
+
echo "alias root=\"ssh -AX root@localhost\"" >>/home/admin/.bashrc
sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
cat >> /etc/ssh/sshd_config <<EOF
cat >> /etc/ssh/sshd_config <<EOF
Ligne 160 : Ligne 161 :
apt-get -y install postfix heirloom-mailx
apt-get -y install postfix heirloom-mailx
 +
sed -i -e '/^\/var\/log\/mail.log$/d' -e '/\/var\/log\/mail.info/i \
sed -i -e '/^\/var\/log\/mail.log$/d' -e '/\/var\/log\/mail.info/i \
/var/log/mail.log\
/var/log/mail.log\
Ligne 175 : Ligne 177 :
     endscript\
     endscript\
}' /etc/logrotate.d/rsyslog
}' /etc/logrotate.d/rsyslog
 +
chgrp dev /var/log/mail.log
chgrp dev /var/log/mail.log
</pre>
</pre>
Ligne 198 : Ligne 201 :
* Cloner le depot sys-common
* Cloner le depot sys-common
<pre>
<pre>
-
mkdir /usr/local/share/hegyd ~/.ssh
+
mkdir /usr/local/share/hegyd
echo -e "Host git.hegyd.net\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
echo -e "Host git.hegyd.net\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
git clone -q git@git.hegyd.net:sys-common /usr/local/share/hegyd/sys-common
git clone -q git@git.hegyd.net:sys-common /usr/local/share/hegyd/sys-common
Ligne 251 : Ligne 254 :
<pre>
<pre>
apt-get install mysql-server
apt-get install mysql-server
 +
</pre>
 +
 +
'''pour mysql 5.6, 5.7 et + sur debian'''
 +
 +
<pre>
 +
apt-get -y install apt-transport-https lsb-release
 +
wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb
 +
dpkg -i mysql-apt-config_0.8.13-1_all.deb
 +
</pre>
 +
 +
Sélectionnez la version de MySQL dans le premier onglet
 +
Laisser le reste par défaut puis OK
 +
 +
<pre>
 +
apt-get update
 +
apt-get -y install mysql-community-server
</pre>
</pre>
Ligne 290 : Ligne 309 :
== Comptes utilisateurs ==
== Comptes utilisateurs ==
-
* Créer les comptes utilisateurs pour les accès du client (voir clés SSH publiques sur serveur Penta)
+
* Créer les comptes utilisateurs pour les accès du client (voir clés SSH publiques sur serveur DRI)
[[Catégorie:Administration serveurs]]
[[Catégorie:Administration serveurs]]

Version actuelle en date du 12 juin 2019 à 15:11

Sommaire

[modifier] Debian 8 ( Jessie )

  • Si on arrive ici après l'installation d'une VM KVM, il faut d'abord se connecter depuis la console virt-manager en root, puis : 
sed -i 's/^PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
service ssh reload

On peut alors se connecter maintenant depuis Putty/MRemote via le compte root et le mot de passe saisi lors de l'installation.

  • Modification du mot de passe root si nécessaire, et selon la règle de nommage usuelle. 
passwd
  • Installer les paquets de base : 
# Configuration APT pour remonter /tmp avec le flag exec (nécessaire pour certains paquets)
cat >> /etc/apt/apt.conf <<EOF
DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
EOF

apt-get update && apt-get -y dist-upgrade
apt-get -y install bash-completion ntp sudo htop telnet sysstat subversion git less vim-nox cscope exuberant-ctags curl

NB : si l'apt-get essaie de passer en ipv6 et que cela ne fonctionne pas, il faut modifier la ligne 54 du fichier /etc/gai.conf de la façon suivante : 

precedence ::ffff:0:0/96  100
  • Paramétrer les locales : 
echo -n > /etc/environment
echo -n > /etc/default/locale
  • Paramétrer debconf : 
apt-get install dialog &&
echo "debconf debconf/priority        select high" | debconf-set-selections &&
echo "debconf debconf/frontend        select Dialog" | debconf-set-selections
  • Définir vim comme éditeur par défaut 
update-alternatives --set editor /usr/bin/vim.nox
  • Paramétrer l'environnement utilisateur 
sed -i '32,38s/^#//' /etc/bash.bashrc
cat >> /etc/bash.bashrc <<EOF

export LS_OPTIONS='--color=auto'
eval "\`dircolors\`"
alias ls='ls \$LS_OPTIONS'
alias ll='ls \$LS_OPTIONS -l'
alias grep='grep --color=auto'
EOF
  • Modifier le shell par défaut des utilisateurs en éditant la lignes suivante du fichier "/etc/default/useradd" : 
sed -i 's/^SHELL=\/bin\/sh/SHELL=\/bin\/bash/' /etc/default/useradd
  • Gestion du Umask 
sed -i 's/^UMASK\s\+022/UMASK    002/' /etc/login.defs
echo "session optional pam_umask.so" >> /etc/pam.d/common-session
echo "session optional pam_umask.so" >> /etc/pam.d/common-session-noninteractive
  • Création des groupes par défaut 
userdel -r user1 #user créé pendant l'installation
groupadd -g 1000 dev
groupadd -g 1001 grsec
groupadd -g 1002 fwadmin
groupadd -g 1003 adm-projects
groupadd -g 1004 wheel
  • Ajouter les utilisateurs opérateurs 
mkdir /root/.ssh
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ MGA@HEGYD
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue
ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXpz3F6Asw+NpyThBEzhSO+SOjKMG84oOZH+mktNBC0omaOgGsJ95inRXzLYhXb+KkP172LXNkBU0VvM3Rnl4H2ZVDOoWf0YTSB/drue4BehJk4YRLwqGixzfRHYrJdjnY5ZGrbbrYUVecWdkostIzoWk9M3X0VCdKjZw0Ug80ior9+0QpJVRswERx7AGniH0nDffpWeOPyD/dmGXVbhx1OlQW9GyKlxqz/CNQTqKMOHUI3A51ZNoc92Nv/5rJLQQ0AkP0nBvFW2sMmGP/ZV6uRIHuE1Dk4I0YpaWkp/TcsybN0kNlMvbUAdU/F0vhFj4nhm/qdqG3dqrw/jp06X7wW3ksbGRBGZCbhPkLJqlfNye8/6CcGIuaj56PT04ANBjHun8opKix2tSLi/8JY4LaZ6SsKvYm94U41LO3C8jvK+sXdkwjDOCv4NfXO3V+rNEHf9IwD5X1G+HcXF+d0v+pFSOWgpm5rd05GUwFddvWH/ypUSHrYAWQqbBtxyu3LHQrQCyp3aDtyLWgwYSu6pr6CftS5rZGFU52Gi9BDirKL5Ia+Q4EAgh4GwHFhgJoTCVPbhdxwHW8GhQPrvXC+JfnS5yawTmyi2GUvgtCmbGS211xG2Rd/uxOtRZTosbHeYNWbu9+YDTxQpw7iEGz7z6KQm0Lc2XUy2eMaFY0xMgwjQ== enzo@dri
" >> /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys

useradd -m -u 1020 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash mike
mkdir /home/mike/.ssh
chmod 700 /home/mike/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrFOIGcDPe+LfoPc11vtv2EOVG63zBndLVnf48mC+krw2vXomDLXG+KnhIAx1yFhCh6B/8R9C3wMxwhghemE3succS+Q7Truu2pd7zDmDNn6cd8Iw02qe8dl3nZhVk5XtGMgeV3JRA7u8q32i4tadbONRICExjcm9pVL5wx5aLzNBtu1opyMdvHc0dBelghVa9kkg6bRri8AF38M16NTEqQNA7crwHHa9ZLBE+8xFWmkJdBJ7zRoR6XEwbOr020VEM+sKzCPl0sy606aW3bi59tYobqAGBjTglIOJWXKMxu1cPJnSCx6Xom9F6AeF1C4CghVrZpfu++XSmJQtXoId m.reault@hegyd.com" > /home/mike/.ssh/authorized_keys
chmod 600 /home/mike/.ssh/authorized_keys
chown -R mike:mike /home/mike/.ssh

useradd -m -u 1021 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash -p paCtx8rsjkGhQ admin
mkdir /home/admin/.ssh
chmod 700 /home/admin/.ssh
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAM0TYqkYRN8FKBSRwAwgeUcoyjkW3Bw07QqGfJcNA90b6/id0riHYd6WJBCeQKsUqT+CxIPAhUA9dVqON9kfO8LtBPllMwqoTWtUth2tqRV35c8ANqv3x/RoPGZlOIiRplH6+uUuVElOBRIKmhzwBUVnVG5Ri6P06pjrc1D9emN5AAAAFQDiPCxtR+Pq1yDeg483IEdyWoepeQAAAIBE9RS1C/fR83HUzO3f1mmBgL8ipKx8+lFBcsEU9odOZuWsXkIdZAIjrgpzAzTEGD+4bWUiXhS0kwQqDp9bSBliw2atEXrTsgbHOV/gLFPAwoyv3IpSuFRMIwGYXQc6PJcZaAhtJ9FNEcCcvkuMC23eeO8XnV0Fl+3m25QIo9+SCgAAAIBB3EAkSlZqj5igXarzP5YaBDOwPSnasBHcxymtLuQwrjEqR/qa9qcGBSBOKMDfgB9IlLei9Ug668Q0WXEy8/ovV2P+tx6juETi0l2yt3Nm1S6IIYHbXR5BkMM4CAV6U2bR3yCg+sx4encqCJOAIf+xlZzzFJBMbgTQhpJXIfcwOw== admin@backup.hegyd.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcJ8J5YR6F7qrYLuVJ3YIqOXqNvj1OnYd0zybZ45X+IeFKePo2hL1NHALHWxys6Qo4Ta3pPcRkliQBy51IIXOtNVp90C4XqTNkwaAl6X4RnPPoGNVgq1V53BW/mkUYsvLoYTJHokb+a3exGHCYaPbuj09FV5VVdF2uGUIiRyMZzmZurLCzySagP+8e34ZrLDlwwmDtd24CVc0OyxikqFOzzOkvCWTaAttGv7qyAlwjyAAMTqlJhqPNaCQcOJVEGiwXNlXqjroRJz7j4a3vEd3xujfY3zeSu9U22iCgAJWiLRI+M7m7af4/yxTV8IYNvpOMTjqMnxOEAKsiCLmrwUJ MGA@HEGYD
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpLz0aUxPDyO5cXPm8HQkaNAUjNNULrhH8G3Nvw7SdhAvRVL9/RKzXu5Aa4nSQd0u61bWVlGvDVSSZgZGRnoxsmzK1aOJWcgJmhVI1r6o9fVKSxz/x+1uE8PFJxUVaGULoLvDRzZLDazg/c/Djb5AgTprmw8KvMKdcDk/kCixFmjEObuOwFbnA/ZbnHS8PPUgHSCwLNAQOUSZSLRZzEFRKO4+HCl5T7iZfCGd7dCInysG2tVzBJCqsN7hw5fhz49Kb1txa93dYhY7kh7SYqCYthGToqGVcDNQX7cXCP2Sqpw+2N/SAcke6E/MgalYAr40dIRRFuUJKX8LxLoko47r admin@rescue
ssh-dss AAAAB3NzaC1kc3MAAACBAPoQ6wRywMMkQ0npdVnRdlIclapxF0n3kK7iljksiwfi5p8VzGgbF6KxYiroJaKu7Q3gf4EgPlTyWJ8TgCI/bji/bCTqdPfMjQpp621l6p244WSMQEWipExnCkI6oBTuEK1Hr/T435ygwscwl2vcGnXQcGA6K7p16LpsLHykKPKtAAAAFQC1B/WkyCWjVSubUZgMBNfCeE2DaQAAAIBLmHlw2IrhZEhuz1m3k1H+ssH1JiPTcN1I6Z+M/n3OTYrdMIBuPLEtr3P+SZrnmZVLlwIzWtlw2dtwv+5G0UpzgNKmUQf27o2sgrKnSap2FP3cqBbDuUrsaZLexVawCualQPxTcXqufanrwPPYht3rtM5J3VmkW/jqpATxXJnO5wAAAIB+u9M9bObM7YzB7CZ4jmr4wXAo2HocqvBygmSX4dj3qgsqJoJ7bOATCYVSps6kqVcvWvztZ58duC1gvomDB+56CAPkin3S52Wtq6J/Qz3q+SEJNqcZ5+qiGn9mORaTsEx+iaA4pNbRjuKMp7rmWJ1gQ4e/OxQwmJXpTARsZIkBOw== admin@SRV-ADMIN-HEGYD
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXpz3F6Asw+NpyThBEzhSO+SOjKMG84oOZH+mktNBC0omaOgGsJ95inRXzLYhXb+KkP172LXNkBU0VvM3Rnl4H2ZVDOoWf0YTSB/drue4BehJk4YRLwqGixzfRHYrJdjnY5ZGrbbrYUVecWdkostIzoWk9M3X0VCdKjZw0Ug80ior9+0QpJVRswERx7AGniH0nDffpWeOPyD/dmGXVbhx1OlQW9GyKlxqz/CNQTqKMOHUI3A51ZNoc92Nv/5rJLQQ0AkP0nBvFW2sMmGP/ZV6uRIHuE1Dk4I0YpaWkp/TcsybN0kNlMvbUAdU/F0vhFj4nhm/qdqG3dqrw/jp06X7wW3ksbGRBGZCbhPkLJqlfNye8/6CcGIuaj56PT04ANBjHun8opKix2tSLi/8JY4LaZ6SsKvYm94U41LO3C8jvK+sXdkwjDOCv4NfXO3V+rNEHf9IwD5X1G+HcXF+d0v+pFSOWgpm5rd05GUwFddvWH/ypUSHrYAWQqbBtxyu3LHQrQCyp3aDtyLWgwYSu6pr6CftS5rZGFU52Gi9BDirKL5Ia+Q4EAgh4GwHFhgJoTCVPbhdxwHW8GhQPrvXC+JfnS5yawTmyi2GUvgtCmbGS211xG2Rd/uxOtRZTosbHeYNWbu9+YDTxQpw7iEGz7z6KQm0Lc2XUy2eMaFY0xMgwjQ== enzo@dri
" >> /home/admin/.ssh/authorized_keys
chmod 600 /home/admin/.ssh/authorized_keys
chown -R admin:admin /home/admin/.ssh

useradd -m -u 1022 -G fwadmin,dev,adm,staff,adm-projects,wheel -s /bin/bash -p pa2TnhUhhBRfU support
mkdir /home/support/.ssh
chmod 700 /home/support/.ssh
touch /home/support/.ssh/authorized_keys
chmod 600 /home/support/.ssh/authorized_keys
chown -R support:support /home/support/.ssh

chmod 750 /home/*
  • Configurer openssh-server 
echo "alias root=\"ssh -AX root@localhost\"" >>/home/admin/.bashrc
sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
cat >> /etc/ssh/sshd_config <<EOF

UseDns no
AllowUsers root mike admin support
EOF
service ssh reload
  • Installer le serveur de mail local 
debconf-set-selections <<EOF
postfix postfix/root_address    string
postfix postfix/rfc1035_violation       boolean false
postfix postfix/mydomain_warning        boolean
postfix postfix/mynetworks      string  127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
postfix postfix/mailname        string  $(hostname -f)
postfix postfix/tlsmgr_upgrade_warning  boolean
postfix postfix/recipient_delim string  +
postfix postfix/main_mailer_type        select  Internet Site
postfix postfix/destinations    string  $(hostname -f), localhost.$(hostname -f | sed -e 's/^[^.]\+\.\(.*\)$/\1/'), localhost
postfix postfix/retry_upgrade_warning   boolean
# Faut-il installer postfix malgré l'incompatibilité du noyau ?
postfix postfix/kernel_version_warning  boolean
postfix postfix/not_configured  error
postfix postfix/mailbox_limit   string  0
postfix postfix/relayhost       string
postfix postfix/procmail        boolean false
postfix postfix/bad_recipient_delimiter error
postfix postfix/protocols       select  ipv4
postfix postfix/chattr  boolean false
EOF

NB : les erreurs sur le ligne 13 et 17 sont normales.

apt-get -y install postfix heirloom-mailx

sed -i -e '/^\/var\/log\/mail.log$/d' -e '/\/var\/log\/mail.info/i \
/var/log/mail.log\
{\
    rotate 4\
    weekly\
    missingok\
    notifempty\
    compress\
    delaycompress\
    create 640 root dev\
    sharedscripts\
    postrotate\
        invoke-rc.d rsyslog rotate > /dev/null\
    endscript\
}' /etc/logrotate.d/rsyslog

chgrp dev /var/log/mail.log

cat >> /etc/aliases <<EOF
root: tech@hegyd.com
mike: m.reault@netprestation.com
EOF
newaliases
service postfix reload
  • Modifier les points de montage par défault en éditant le fichier "/etc/fstab" pour ajouter les options "noatime,barrier=0" à tout les montages ext4.

Exemple : 

/dev/mapper/vg_vm-root        /                 ext4    errors=remount-ro,relatime 0 1
UUID=6f7256e5-a5e3-4019-9f08-c582c20ffceb /boot ext2    defaults 0 2
/dev/mapper/vg_vm-home        /home             ext4    defaults,noatime,barrier=0 0 2
/dev/mapper/vg_algorel-tmp    /tmp              ext4    defaults,noatime,noexec,barrier=0 0 2
/dev/mapper/vg_algorel-var    /var              ext4    defaults,noatime 0 2
  • Cloner le depot sys-common 
mkdir /usr/local/share/hegyd
echo -e "Host git.hegyd.net\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
git clone -q git@git.hegyd.net:sys-common /usr/local/share/hegyd/sys-common
chmod -R g+rw /usr/local/share/hegyd
  • Ajouter une version prédéfinie de VimRC 
ln -s /usr/local/share/hegyd/sys-common/vim/vimrc_hegyd /etc/vim/vimrc.local
  • Ajouter le script d'alerte des reboot 
sed -i '/^exit 0/i\/usr\/local\/share\/hegyd\/sys-common\/bin\/alert-reboot' /etc/rc.local

[modifier] IP Vrack (pour les VMs)

  • Si la VM doit avoir une IP VRACK, il faut la configurer après avoir chois une IP dans le fichier des IPs 
Ajouter dans /etc/network/interfaces, pour l'ip eth0

        post-up /sbin/ifconfig eth0:1 172.16.0.145 netmask 255.240.0.0
        post-down /sbin/ifconfig eth0:1 down

NB : pour les hyperviseurs, voir après l'installation dans le wiki

  • Pour les serveurs physiques, positionner l'adresse VRack sur l'interface eth1 ou eth3 (selon le serveur)

[modifier] Pare feu

  • Configurer le système 
mkdir /etc/firewall
chgrp fwadmin /etc/firewall
chmod 2770 /etc/firewall
sed  -i -e '/^Defaults\s\+env_reset\s*$/aDefaults:%fwadmin   !lecture , passwd_timeout=1 , timestamp_timeout=1' -e "/^root\s\+ALL=(ALL:ALL)\s\+ALL\s*$/a%fwadmin  ALL = NOPASSWD: /etc/firewall/$(hostname -f).fw , /usr/bin/pkill" /etc/sudoers
sed -i "/^exit 0/i\/etc\/firewall\/$(hostname -f).fw" /etc/rc.local
  • Créer et déployer le par feu

Créer le firewall sur firewall-builder puis le déployer

  • Ajouter les vm dans le groupe "Virtual Machine" de firewall builder
  • Ajouter les serveurs dans le groupe "Servers Applicatifs" de firewall builder

[modifier] Installation paquets clients 

apt-get install mysql-client

Si le serveur MySQL doit être installé sur la machine : 

apt-get install mysql-server

pour mysql 5.6, 5.7 et + sur debian 

apt-get -y install apt-transport-https lsb-release
wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb

Sélectionnez la version de MySQL dans le premier onglet Laisser le reste par défaut puis OK 

apt-get update
apt-get -y install mysql-community-server

[modifier] UTF-8 client / serveur 

sed -i -e '/\[client\]/{n;n;/$/a \
default-character-set = utf8
}' \
 -e '/\[mysqld\]/a \
character_set_server    = utf8\
collation_server        = utf8_general_ci' \
 -e '/\[mysql\]/a \
default-character-set = utf8' /etc/mysql/my.cnf

[modifier] Tuning

  • Sur un serveur physique, si le RAID est hard, il n'y a pas besoin du service mdadm 
sed -i -e 's/START_DAEMON=true/START_DAEMON=false/' -e 's/AUTOCHECK=true/AUTOCHECK=false/' /etc/default/mdadm
service mdadm restart
  • PLUS NECESSAIRE : Suppression des tty inutiles (2 suffisent) 
sed -i '56,59s/^/#/' /etc/inittab
kill -HUP 1

[modifier] Serveur de cache DNS local

  • Suivre la procédure Bind

[modifier] Monitoring / Supervision

[modifier] Sauvegarde

[modifier] Comptes utilisateurs

  • Créer les comptes utilisateurs pour les accès du client (voir clés SSH publiques sur serveur DRI)
Récupérée de « https://wiki.hegyd.com/index.php/Systeme_d%27exploitation_Debian_8 »