Debianインストールメモ =========================== Contents: .. contents:: .. toctree:: :glob: :maxdepth: 1 はじめにやること ==================== ユーザアカウント ------------------- :: passwd adduser kanai ...(Input) Is the information correct? [Y/n] y sudo visudo 以下のconfigのみとする :: Defaults env_reset root ALL=(ALL) ALL kanai ALL=(ALL) ALL sshの鍵を登録する ------------------------- :: mkdir /home/kanai mkdir /home/kanai/.ssh chmod 700 /home/kanai/.ssh touch /home/kanai/.ssh/authorized_keys chmod 400 /home/kanai/.ssh/authorized_keys chown -R kanai:kanai /home/kanai DTI固有の環境の削除(dtiのときのみ) ====================================== :: apt-get purge ajaxterm sudo vi /etc/ssh/sshd_config -> Port 22に書き換える -> PermitRootLogin no sudo /etc/init.d/ssh restart .. warning 重要: 現在のsshd sessionを保ったままほかのホストから入れるか確認 vlanの捜査 ===================== :: modprobe 8021q apt-get install vlan vconfig add eth0 222 # 222 is vlan number ifconfig eth0.222 up ifconfig eth0.222 mtu 1496 ifconfig eth0.222 mtu 1504 ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0 interfaces ===================== :: sudo vi /etc/network/interfaces iface eth0 inet static address 10.5.10.78 netmask 255.255.255.0 network 10.5.10.0 broadcast 10.5.10.255 gateway 10.5.10.1 dns-nameservers 8.8.8.8 127.0.0.1 iface eth0 inet6 static address 2001:db8::c0ca:1eaf netmask 64 gateway 2001:db8::1ead:ed:beef iptablesの設定 ====================== iptable scriptの生成 ---------------------------------- :: cat</etc/init.d/iptables #!/bin/sh iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 3843 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p udp --sport 53 -d 0/0 --dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --sport 53 -j ACCEPT iptables -A INPUT -p udp --sport 53 -j ACCEPT iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT EOF ufw ----------------- ``` sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 53/udp 動作確認 ------------------ :: sudo apt-get install apache2 php5 ln -s /etc/apache2/mods-available/userdir.conf /etc/apache2/mods-enabled/userdir.conf ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-enabled/userdir.load ln -s /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled/auth_digest.load cp -p /etc/apache2/apache2.conf.dpkg-dist /etc/apache2/apache2.conf cp -p /etc/apache2/envvars.dpkg-dist /etc/apache2/envvars sudo /etc/init.d/apache2 restart http://183.181.172.190/ が見えるか確認 cd ~; mkdir public_html; cd public_html; touch index.html して http://183.181.172.190/~kanai が見えるか確認 sudo vi /etc/apache2/sites-enabled/000-default.conf webrorrtを/home/kanai/public_htmlへ python wsgi ---------------------- :: a2enmod wsgi cat > /etc/apache2/sites-enabled/001-wsgi-test.conf<> に以下のように書く AllowOverride All Require all granted cat > /home/kanai/py.wsgi < 少し待ちます(reachが377になるまで) syslog-ng ========================== :: sudo aptitude install syslog-ng vi /etc/syslog-ng/syslog-ng.conf internal()のあとにudp追加。 source s_src { unix-dgram("/dev/log"); internal(); udp(); file("/proc/kmsg" program_override("kernel")); }; filter f_host_router { netmask(192.168.100.254/32); }; destination homelog { file("/var/log/homelog" perm(0644)); }; log { source(s_src); filter(f_host_router); destination(homelog); }; filter f_local1 { facility(local2) ; }; destination l2l3log { file("/var/log/l2l3" perm(0644)); }; log { source(s_src); filter(f_local1); destination(l2l3log); }; sudo service syslog-ng restart logger -h 127.0.0.1 -p local1.debug hoge python ============================= :: # これなにようだっけ? sudo apt-get install libatlas3gf-base f2c sudo pip install tweepy sudo apt-get install python-pip python-setuptools \ python-dev build-essential libfreetype6-dev libpng-dev python-virtualenv \ gfortran libblas-dev liblapack-dev g++ tk-dev \ python-numpy libhdf5-serial-dev sudo pip install PyYAML sudo pip install numpy -> とおらない sudo pip install scipy sudo pip install SymPy netCDF4 nose PIL matplotlib nltk sudo easy_install -U distribute sudo pip install nltk * python + emacs :: sudo apt-get install python-mode VLANconfigの基本 ========================= :: cat <> /etc/sysconfig/network VLAN=yes VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD NETWORKING_IPV6=yes NOZEROCONF=yes EOF T400の設定 ======================= :: apt-get install firmware-iwlwifi apt-get install wicd-cli apt-get install iw iwconfig wlan0 mode Managed iwconfig wlan0 essid beefbeef-home-air iwconfig wlan0 key bc1 iwlist wlan0 scanning wpa_passphrase beefbeef-home-air >> /etc/wpa_supplicant.conf wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf ブリッジにする ======================== :: apt-get install bridge-utils int ============ :: /etc/network/interfaces auto lo iface lo inet loopback auto eth0.100 iface eth0.100 inet dhcp auto eth0.500 iface eth0.302 inet static address 192.168.5.254 netmask 255.255.255.0 dhcpd ========================= :: apt-get install isc-dhcp-server vi /etc/dhcp/dhcpd.conf /etc/init.d/isc-dhcp-server restart router化 ============================= :: net.ipv4.tcp_syncookies = 1 net.ipv4.ip_forward = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 iptables -t nat -A POSTROUTING -o eth0.100 -j MASQUERADE bind cache ====================== :: apt-get install bind9 gmailをsmtpサーバとして活用する ============================================== relayの設定:このホストを家庭ネットワークのrelayサーバとする場合、mynetworksに追加する :: sudo vi /etc/postfix/main.cf mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 とか。 gmailへのSSLトンネル確立 :: sudo apt-get install stunnel cd /etc/ssl/certs openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem chmod 600 stunnel.pem dd if=/dev/urandom of=temp_file count=2 openssl dhparam -rand temp_file 512 >> stunnel.pem ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0 debug用コマンド: smtp.gmail.comにアクセスできるかは以下のコマンドで確認 openssl s_client -host smtp.gmail.com -port 465 sudo vi /etc/stunnel/stunnel.conf ; clientを書き換える client = yes ; Service-level configuration の下を以下だけにする ; 127.0.0.1をlocalhostにするとv6 onlyでlistenする.. [gmailsmtp] accept = 127.0.0.1:8465 connect = smtp.gmail.com:465 sudo vi /etc/default/stunnel4 ENABLE=1 sudo service stunnel4 restart 次に、postfix側でrelayの設定 :: plain認証のため(postfixの) sudo apt-get install cyrus-sasl2-dbg sudo vi /etc/postfix/main.cf relayhost = [localhost]:8465 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/isp_passwd smtp_sasl_security_options = noanonymous smtp_sasl_mechanism_filter = cram-md5,digest-md5,plain,login sudo vi /etc/postfix/isp_passwd [localhost]:8465 :password> < ここはgmailのアプリケーションパスワードを入れる!(スペースは抜こう sudo chmod 400 /etc/postfix/isp_passwd sudo postmap /etc/postfix/isp_passwd sudo service postfix restart tftpd ============= :: # もし入っているなら消す sudo apt-get remove tftpd sudo apt-get install tftpd-hpa sudo vi /etc/default/tftpd-hpa # ここはよしなに変える TFTP_DIRECTORY="/tftpboot" # --createをいれるとファイルが新規に作れる TFTP_OPTIONS="--secure --create" # /tftpbootつくって所有者の変更 sudo mkdir /tftpboot/ sudo chown -R tftp /tftpboot/ sudo service tftpd-hpa restart # 詳細は以下 https://help.ubuntu.com/community/TFTP