Install minimal Debian
In file ///etc/apt/sources.list// replace **stable** by **sarge**.
===== Sudo =====
Log on root
apt-get install sudo vim
visudo
Add at end :
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
groupadd admin
adduser //username// admin
exit
Log as //username//
sudo passwd -l root
===== Edit bashrc =====
vi ~/.bashrc
Uncomment:
if [[ -f /etc/bash_completion ]]; then
. /etc/bash_completion
fi
And add:
export PATH=$PATH:/sbin:/usr/sbin
===== IPTables =====
sudo apt.get install sysv-rc-conf
edit file /etc/network/interface and put
auto eth0
iface eth0 inet static
address 128.178.70.177
netmask 255.255.255.0
gateway 128.178.70.1
broadcast 128.178.70.255
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
edit file /etc/network/option and activate forward
ip_forward=yes
gunzip /usr/share/doc/iptables/examples/oldinitdscript.gz -c > /etc/init.d/iptables
chmod +x /etc/init.d/iptables
mkdir /var/lib/iptables
chmod 700 /var/lib/iptables
with sysv-rc-conf activate level 2, 3, 4, 5, 6, S
/etc/init.d/iptables store inactive
iptables -F
iptables -t nat -F
- All outgoing connections, except to lcmpc15 (which is in local network) shall
- be SNATted
-2bd iptables -t nat -A POSTROUTING -s 192.168.1.1 -j ACCEPT
-2bd iptables -t nat -A POSTROUTING -d 192.168.1.1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 128.178.70.177
- SSH to lcmpc10.epfl.ch shall go to fileserver
-iptables -t nat -A PREROUTING -p tcp --dport 22 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.3:22
-iptables -t nat -A PREROUTING -p tcp --dport 80 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.2:22
- Everything coming from intern is accepted
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -s 128.178.70.177 -j ACCEPT
- And everything from the internal network
iptables -A INPUT -s 128.178.0.0/16 -j ACCEPT
- Accept some things from the outside: http
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- Accept all from castor.epfl.ch
iptables -A INPUT -p all -s 128.178.50.60 -j ACCEPT
-iptables -A INPUT -p udp -s 128.178.50.60 -j ACCEPT
- Accept some things only from EPFL: dns
-iptables -A INPUT -p udp --sport 53 -s 128.178.70.0/24 -j ACCEPT
- And allow also for established, related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- Skip the rest
iptables -A INPUT -j DROP
/etc/init.d/iptables store active
===== NIS =====
sudo apt-get install nis
domain name: msr
on file /etc/yp.conf add:
ypserver 192.168.1.2
on file /etc/passwd add:
+::0:0:::
on file /etc/shadow add:
+::::::::
on file /etc/group add:
+:::
add the public IP (128.178.70.177) to the fileserver file /etc/ypserve.securenet.
===== NTP =====
sudo apt-get install ntpdate ntp-server
Edit file ///etc/default/ntpdate//
:change NTPSERVERS to cognac.epfl.ch =>
NTPSERVERS="cognac.epfl.ch"
#NTPSERVERS="pool.ntp.org"
#
# additional options for ntpdate
#NTPOPTIONS="-v"
NTPOPTIONS="-u"
===== NFS =====
In the file /etc/fstab add:
fileserver:/home /home nfs defaults 0 0
fileserver:/home/sradio /home/sradio nfs defaults 0 0
===== Asis (matlab) - Abandoned =====
See : http://asis.epfl.ch/
sudo apt-get install xbase-clients
sudo addgroup --gid 449 asis
sudo adduser --uid 449 --ingroup asis asis
sudo addgroup asis staff
sudo mkdir /asis.local
sudo chgrp staff /asis.local
sudo chmod g+w /asis.local
sudo mkdir /net
sudo mkdir /net/castor
sudo mkdir /net/castor/asis
sudo mount castor:/asis /net/castor/asis
su asis
/net/castor/asis/adm/bin/asisinstall
export DISPLAY=lcmpc20.epfl.ch:0
/usr/local/bin/tkwsm
===== Matlab =====
Get a licenses on http://distrilog.epfl.ch
sudo mkdir /net
sudo mkdir /net/linuxline
sudo mkdir /net/linuxline/export
sudo mkdir /net/linuxline/export/mirror
sudo mount linuxline:/export/mirror /net/linuxline/export/mirror
sudo apt-get install alien
alien -dv /net/linuxline/export/mirror/LICENSES/MATLAB74/Matlab-std-7.4-1.i386.rpm
dpkg -i matlab-std_7.4-2_i386.deb
===== APT =====
Create file ///etc/cron.daily/apt// contains :
#! /bin/sh
apt-get update;
apt-get -y upgrade;
===== SSH =====
edit file ///etc/ssh/sshd_config//
change //PermitRootLogin yes// by
PermitRootLogin no
change //X11Forwarding no// by
X11Forwarding yes