Install minimal Debian
In file /etc/apt/sources.list replace stable by sarge.
Sudo
Log on root
apt-get install sudo vim visudo
Add at end :
# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
groupadd admin adduser //username// admin exit
Log as username
sudo passwd -l root
Edit bashrc
vi ~/.bashrc
Uncomment:
if [[ -f /etc/bash_completion ]]; then
. /etc/bash_completion
fi
And add:
export PATH=$PATH:/sbin:/usr/sbin
IPTables
sudo apt.get install sysv-rc-conf
edit file /etc/network/interface and put
auto eth0 iface eth0 inet static address 128.178.70.177 netmask 255.255.255.0 gateway 128.178.70.1 broadcast 128.178.70.255 auto eth1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255
edit file /etc/network/option and activate forward
ip_forward=yes
gunzip /usr/share/doc/iptables/examples/oldinitdscript.gz -c > /etc/init.d/iptables chmod +x /etc/init.d/iptables mkdir /var/lib/iptables chmod 700 /var/lib/iptables
with sysv-rc-conf activate level 2, 3, 4, 5, 6, S
/etc/init.d/iptables store inactive
iptables -F iptables -t nat -F - All outgoing connections, except to lcmpc15 (which is in local network) shall - be SNATted -2bd iptables -t nat -A POSTROUTING -s 192.168.1.1 -j ACCEPT -2bd iptables -t nat -A POSTROUTING -d 192.168.1.1 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 128.178.70.177 - SSH to lcmpc10.epfl.ch shall go to fileserver -iptables -t nat -A PREROUTING -p tcp --dport 22 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.3:22 -iptables -t nat -A PREROUTING -p tcp --dport 80 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.2:22 - Everything coming from intern is accepted iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT iptables -A INPUT -s 128.178.70.177 -j ACCEPT - And everything from the internal network iptables -A INPUT -s 128.178.0.0/16 -j ACCEPT - Accept some things from the outside: http iptables -A INPUT -p tcp --dport 80 -j ACCEPT - Accept all from castor.epfl.ch iptables -A INPUT -p all -s 128.178.50.60 -j ACCEPT -iptables -A INPUT -p udp -s 128.178.50.60 -j ACCEPT - Accept some things only from EPFL: dns -iptables -A INPUT -p udp --sport 53 -s 128.178.70.0/24 -j ACCEPT - And allow also for established, related connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - Skip the rest iptables -A INPUT -j DROP
/etc/init.d/iptables store active
NIS
sudo apt-get install nis
domain name: msr
on file /etc/yp.conf add:
ypserver 192.168.1.2
on file /etc/passwd add:
+::0:0:::
on file /etc/shadow add:
+::::::::
on file /etc/group add:
+:::
add the public IP (128.178.70.177) to the fileserver file /etc/ypserve.securenet.
NTP
sudo apt-get install ntpdate ntp-server
Edit file /etc/default/ntpdate :change NTPSERVERS to cognac.epfl.ch ⇒
NTPSERVERS="cognac.epfl.ch" #NTPSERVERS="pool.ntp.org" # # additional options for ntpdate #NTPOPTIONS="-v" NTPOPTIONS="-u"
NFS
In the file /etc/fstab add:
fileserver:/home /home nfs defaults 0 0 fileserver:/home/sradio /home/sradio nfs defaults 0 0
Asis (matlab) - Abandoned
See : http://asis.epfl.ch/
sudo apt-get install xbase-clients
sudo addgroup --gid 449 asis sudo adduser --uid 449 --ingroup asis asis sudo addgroup asis staff
sudo mkdir /asis.local sudo chgrp staff /asis.local sudo chmod g+w /asis.local
sudo mkdir /net sudo mkdir /net/castor sudo mkdir /net/castor/asis sudo mount castor:/asis /net/castor/asis
su asis /net/castor/asis/adm/bin/asisinstall export DISPLAY=lcmpc20.epfl.ch:0 /usr/local/bin/tkwsm
Matlab
Get a licenses on http://distrilog.epfl.ch
sudo mkdir /net sudo mkdir /net/linuxline sudo mkdir /net/linuxline/export sudo mkdir /net/linuxline/export/mirror sudo mount linuxline:/export/mirror /net/linuxline/export/mirror sudo apt-get install alien alien -dv /net/linuxline/export/mirror/LICENSES/MATLAB74/Matlab-std-7.4-1.i386.rpm dpkg -i matlab-std_7.4-2_i386.deb
APT
Create file /etc/cron.daily/apt contains :
#! /bin/sh apt-get update; apt-get -y upgrade;
SSH
edit file /etc/ssh/sshd_config change PermitRootLogin yes by
PermitRootLogin no
change X11Forwarding no by
X11Forwarding yes