Install minimal Debian

In file ///etc/apt/sources.list// replace **stable** by **sarge**.

===== Sudo =====
Log on root
<code>
apt-get install sudo vim
visudo
</code>
Add at end :
<code>
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
</code>

<code>
groupadd admin
adduser //username// admin
exit
</code>

Log as //username//
<code>
sudo passwd -l root
</code>

===== Edit bashrc =====
<code>
vi ~/.bashrc
</code>
Uncomment:
<code>
if [[ -f /etc/bash_completion ]]; then
    . /etc/bash_completion
fi
</code>
And add:
<code>
export PATH=$PATH:/sbin:/usr/sbin
</code>


===== IPTables =====
<code>
 sudo apt.get install sysv-rc-conf
</code>

edit file /etc/network/interface and put 
<code>
auto eth0
iface eth0 inet static
  address 128.178.70.177
  netmask 255.255.255.0
  gateway 128.178.70.1
  broadcast 128.178.70.255

auto eth1
iface eth1 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  network 192.168.1.0
  broadcast 192.168.1.255
</code>

edit file /etc/network/option and activate forward
<code>
ip_forward=yes
</code>

<code>
gunzip /usr/share/doc/iptables/examples/oldinitdscript.gz -c > /etc/init.d/iptables
chmod +x /etc/init.d/iptables
mkdir /var/lib/iptables
chmod 700 /var/lib/iptables
</code>

with sysv-rc-conf activate level 2, 3, 4, 5, 6, S

<code>
/etc/init.d/iptables store inactive
</code>

<code>
iptables -F
iptables -t nat -F
  - All outgoing connections, except to lcmpc15 (which is in local network) shall
  - be SNATted
  -2bd iptables -t nat -A POSTROUTING -s 192.168.1.1 -j ACCEPT
  -2bd iptables -t nat -A POSTROUTING -d 192.168.1.1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 128.178.70.177

  - SSH to lcmpc10.epfl.ch shall go to fileserver
  -iptables -t nat -A PREROUTING -p tcp --dport 22 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.3:22
  -iptables -t nat -A PREROUTING -p tcp --dport 80 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.2:22

  - Everything coming from intern is accepted
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -s 128.178.70.177 -j ACCEPT

  - And everything from the internal network
iptables -A INPUT -s 128.178.0.0/16 -j ACCEPT

  - Accept some things from the outside: http
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  - Accept all from castor.epfl.ch
iptables -A INPUT -p all -s 128.178.50.60 -j ACCEPT
  -iptables -A INPUT -p udp -s 128.178.50.60 -j ACCEPT

  - Accept some things only from EPFL: dns
  -iptables -A INPUT -p udp --sport 53 -s 128.178.70.0/24 -j ACCEPT

  - And allow also for established, related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

  - Skip the rest
iptables -A INPUT -j DROP
</code>
 
<code>
/etc/init.d/iptables store active
</code>


===== NIS =====
<code>
sudo apt-get install nis
</code>
domain name: msr

on file /etc/yp.conf add:
<code>
ypserver 192.168.1.2
</code>

on file /etc/passwd add:
<code>
+::0:0:::
</code>

on file /etc/shadow add:
<code>
+::::::::
</code>

on file /etc/group add:
<code>
+:::
</code>

add the public IP (128.178.70.177) to the fileserver file /etc/ypserve.securenet.

===== NTP =====
<code>
sudo apt-get install ntpdate ntp-server
</code>
Edit file ///etc/default/ntpdate//
:change NTPSERVERS to cognac.epfl.ch =>
<code>
NTPSERVERS="cognac.epfl.ch"
#NTPSERVERS="pool.ntp.org"
#
# additional options for ntpdate
#NTPOPTIONS="-v"
NTPOPTIONS="-u"
</code>

===== NFS =====
In the file /etc/fstab add:
<code>
fileserver:/home        /home        nfs defaults       0       0
fileserver:/home/sradio /home/sradio nfs defaults       0       0
</code>


===== Asis (matlab) - Abandoned =====
See : http://asis.epfl.ch/

<code>
sudo apt-get install xbase-clients
</code>

<code>
sudo addgroup --gid 449 asis
sudo adduser --uid 449 --ingroup asis asis
sudo addgroup asis staff
</code>

<code>
sudo mkdir /asis.local
sudo chgrp staff /asis.local
sudo chmod g+w /asis.local
</code>

<code>
sudo mkdir /net
sudo mkdir /net/castor
sudo mkdir /net/castor/asis
sudo mount castor:/asis /net/castor/asis
</code>

<code>
su asis
/net/castor/asis/adm/bin/asisinstall
export DISPLAY=lcmpc20.epfl.ch:0
/usr/local/bin/tkwsm
</code>

===== Matlab =====
Get a licenses on http://distrilog.epfl.ch

<code bash>
sudo mkdir /net
sudo mkdir /net/linuxline
sudo mkdir /net/linuxline/export
sudo mkdir /net/linuxline/export/mirror
sudo mount linuxline:/export/mirror /net/linuxline/export/mirror
sudo apt-get install alien
alien -dv /net/linuxline/export/mirror/LICENSES/MATLAB74/Matlab-std-7.4-1.i386.rpm
dpkg -i matlab-std_7.4-2_i386.deb
</code>

===== APT =====

Create file ///etc/cron.daily/apt// contains :
<code>
#! /bin/sh
apt-get update;
apt-get -y upgrade;
</code>

===== SSH =====
edit file ///etc/ssh/sshd_config// 
change //PermitRootLogin yes// by
<code>
PermitRootLogin no
</code>
change //X11Forwarding no// by
<code>
X11Forwarding yes
</code>