Dashboard > Non-Metrix Tech Tips > ... > GForge > Installing Debian for use as a GForge server
Non-Metrix Tech Tips Log In   View a printable version of the current page.
Installing Debian for use as a GForge server
Browse Space    
Added by A. Mitchell, last edited by A. Mitchell on Sep 01, 2006  (view change)
Labels: 

Debian core setup

  1. Insert the Debian Minimal Install CD and bootup.
  2. Enter linux26 at the prompt.
  3. Choose a language and country.
  4. Choose a name for the server.
  5. Enter the appropriate domain name (fcny.org).
  6. When prompted to partition, erase the entire disk.
  7. Select "All files in one partition..." and proceed with reformatting.
  8. Watch as the core Debian packages are installed.
  9. Install GRUB to the master boot record.
  10. When prompted, remove the CD and reboot.

Debian configuration

These instructions derived from C. Snyder's notes.

  1. Choose a timezone.
  2. Choose a root password. Make sure it's strong!
  3. Choose an admin username. Better to use something generic like "metrixadmin" than, say, "amitchell".
  4. Enter a password for this admin user. Make sure it's strong!
  5. Select "http" as the apt source. ("Apt" is Debian's package manager.)
  6. Select appropriate Debian mirrors.
  7. Leave proxy information blank.
  8. Watch as Debian gets the list of available packages from the mirrors.
  9. Select "Manual Package Installation".
  10. When Aptitude, the package manager, appears, press "q" to quit without selecting any packages.
  11. Configure the Mail Transfer Agent: set mail server to "internet site" profile, i.e. send and receive.
  12. Enter a username for the mail admin. Using the same username as the machine admin is fine.
  13. Setup will complete and send you to a shell login.

Basic operability configuration

These instructions derived from C. Snyder's notes.

  1. Login as the admin user.
  2. Switch to the root user and determine the IP address of this machine. Make a note of it. 
    $ su
[forge:enter root password
$ ifconfig eth0
inet addr 10.0.17.xxx
  3. Edit the network settings configuration file so this IP address is static: 
    # nano -w /etc/network/interfaces
iface eth0 inet static
        address 10.0.17.xxx
        netmask 255.255.255.0
        gateway 10.0.17.1
  4. Save in nano with ctl-O.
  5. Exit nano with ctl-X.
  6. Edit the DNS (nameserver) settings: 
    $ nano -w /etc/resolv.conf
nameserver 209.11.29.164
nameserver 205.237.194.98
  7. Restart the network interface: 
    $ ifdown eth0
$ ifup eth0
  8. Install SSH (secure shell) so that this machine can be logged into remotely. 
    apt-get install ssh
  9. Accept the defaults as SSH is installed.
  10. Test ssh accessibility from another system: 
    $ ssh 10.0.17.xxx
Password: *****

Linux gforge 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

metrixadmin@gforge:~$
  11. If you are unable to login remotely, use iptables to open the firewall to allow SSH traffic, and try again. 
    $ iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
$ iptables -A INPUT -d 10.0.17.172 -p tcp --dport 22 -j ACCEPT
  12. Exit the SSH session: $ exit
  13. Edit the apt-get sources list so that customized FCNY packages are available. 
    $ nano -w /etc/apt/sources.list
deb http://pine.fcny.org/~csnyder/fcny-deb /
  14. Update apt and upgrade installed software. 
    $ apt-get update
$ apt-get upgrade
$ apt-get dist-upgrade

Additional Configuration

Adapted from C. Snyder's configuration checklist

  1. Update the locate database 
    $ updatedb
  2. Reduce the ssh login grace period, disallow root login via ssh, and keep client connections alive 
    $ nano -w /etc/ssh/sshd_config

LoginGraceTime 30
PermitRootLogin no 
ClientAliveInterval 15
  3. Restart ssh (main instance only!) 
    $ kill `cat /var/run/sshd.pid`
$ /usr/sbin/sshd
  4. Test the SSH login from another terminal. (Make sure new configuration works before logging out of original session! You don't want to get locked out...)
  5. Log out of the SSH session.
  6. On the local machine, exit the su: $ exit

Secure the server

For production servers, the server should be hardened with Bastille. See C. Snyder's Hardening Checklist for tips.

Continue preparing the server

Now that Debian is properly installed and configured, proceed with Installing pre-requisites for GForge.
Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.1.1 Build:#406 Dec 23, 2005) - Bug/feature request - Contact Administrators