Debianインストールメモ
***************************
Contents:

.. contents::

.. toctree::
   :glob:
   :maxdepth: 1

はじめにやること
====================

ユーザアカウント
-------------------

::

 passwd
 adduser kanai
 ...(Input)
 Is the information correct? [Y/n] y
 sudo visudo

以下のconfigのみとする

::

 Defaults        env_reset
 root    ALL=(ALL) ALL
 kanai ALL=(ALL) ALL

sshの鍵を登録する
-------------------------

::

 mkdir /home/kanai 
 mkdir /home/kanai/.ssh
 chmod 700 /home/kanai/.ssh
 touch /home/kanai/.ssh/authorized_keys
 chmod 400 /home/kanai/.ssh/authorized_keys
 chown -R kanai:kanai /home/kanai

DTI固有の環境の削除(dtiのときのみ)
======================================

::

 apt-get purge ajaxterm
 sudo vi /etc/ssh/sshd_config
 -> Port 22に書き換える
 -> PermitRootLogin no
 sudo /etc/init.d/ssh restart

.. warning 重要: 現在のsshd sessionを保ったままほかのホストから入れるか確認

vlanの捜査
=====================

::

 modprobe 8021q
 apt-get install vlan
 vconfig add eth0 222    # 222 is vlan number

 ifconfig eth0.222 up
 ifconfig eth0.222 mtu 1496
 ifconfig eth0.222 mtu 1504
 ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0

interfaces
=====================

::

 sudo vi /etc/network/interfaces


 iface eth0 inet static
     address 10.5.10.78
     netmask 255.255.255.0
     network 10.5.10.0
     broadcast 10.5.10.255
     gateway 10.5.10.1
     dns-nameservers 8.8.8.8 127.0.0.1
 iface eth0 inet6 static
     address 2001:db8::c0ca:1eaf
     netmask 64
     gateway 2001:db8::1ead:ed:beef



iptablesの設定
======================

iptable scriptの生成
----------------------------------

::

 cat<<EOF>/etc/init.d/iptables
 #!/bin/sh
 iptables -P INPUT DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -p tcp --dport 3843 -j ACCEPT
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p udp --sport 53 -d 0/0 --dport 1024: -m state --state ESTABLISHED -j ACCEPT
 iptables -A INPUT -p tcp --dport 53 -j ACCEPT
 iptables -A INPUT -p udp --dport 53 -j ACCEPT
 iptables -A INPUT -p tcp --sport 53 -j ACCEPT
 iptables -A INPUT -p udp --sport 53 -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
 EOF

サービスの登録
-------------------

::

  chmod 755 /etc/init.d/iptables
  /etc/init.d/iptables
  sudo ln -s /etc/init.d/iptables /etc/rc2.d/iptables
  update-rc.d iptables defaults

lenny to squeeze(必要に応じて)
======================================

::

  vi /etc/apt/sources.list
  -> :%s/lenny/squeeze/g
  -> debian-volatileは消す

初期update
=======================

::

 sudo apt-get update
 sudo apt-get  install aptitude
 sudo aptitude update
 sudo aptitude upgrade
 sudo aptitude dist-upgrade
 shutdown -r now
 -> 一応

標準的なパッケージのインストール
================================================

::

 # 生活に必要なツール
 sudo aptitude install git screen sudo \
  zsh aptitude lsof tcpdump psmisc vim wireshark \
  vlan tcpdump  bind9utils bind9-host  dnsutils bridge-utils \
  ruby  emacs wl nkf lv curl wget  strace python-sphinx \
  gnuplot imagemagick ethtool \
  git-core python3-pip whois g++ ddd \
  dnsutils hping3 fping mtr snmp ntpdate
 # 開発系で必要なツール
 sudo aptitude install gcc make gdb binutils-doc binutils autoconf libtool \
  bc indent less telnet  rcs make subversion bison flex \
  patch ntpdate curl cu psmisc tcptraceroute ndisc6 \ 
 manpages-ja debconf-utils yasm nasm nc
 
 # python系
 aptitude install python-scapy
 sudo easy_install pip
   sudo pip install PyYAML Flask Jinja2 aiohttp aiohttp-jinja2 netmiko paramiko numpy pandas pysnmp requests scikit-learn seaborn urllib3 bs4
 
 # sphinxのmathpng向け
 sudo aptitude install texlive-latex-base texlive-latex-recommended texlive-latex-extra dvipng texlive-lang-cjk
 sudo  aptitude install  chasen chasen-dictutils
 sudo apt-get install texlive-lang-cjk jbibtex-base      
   # 整理する
   
 sudo aptitude autoclean

Vmware Tools
=================

::

 いまどきこれ。
 sudo apt-get install open-vm-tools

::

 VmwaretoolsのCDをマウントして
 sudo apt-get install build-essential linux-headers-$(uname -r)
 mkdir /mnt/cdrom
 mount /dev/cdrom /mnt/cdrom
 cd /tmp
 cp /mnt/cdrom/VMwareTools-*.tar.gz .
 tar xvf VMwareTools-*.tar.gz
 cd vmware-tools-distrib
 ./vmware-install.pl

Init
=============

::

 sudo dpkg-reconfigure debconf
  (dialog->low)
 sudo dpkg-reconfigure locales
  (EUC-JP,UTF8)

irrtoolsのインストール
=========================

::

 cd ~
 mkdir src
 cd src
 svn co svn://irrtoolset.isc.org/trunk
 cd trunk
 libtoolize
 autoreconf -i
 ./configure
 make
 sudo make install

メールサーバ(smtp)
=============================

::

 sudo apt-get install postfix
 -> よくわからない場合は"Local only"を選択
 -> ちゃんとconfigかけるなら Internet Site

apache
===================

::

 sudo apt-get install apache2 php5 
 ln -s /etc/apache2/mods-available/userdir.conf /etc/apache2/mods-enabled/userdir.conf
 ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-enabled/userdir.load
 ln -s /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled/auth_digest.load
 cp -p /etc/apache2/apache2.conf.dpkg-dist /etc/apache2/apache2.conf
 cp -p /etc/apache2/envvars.dpkg-dist /etc/apache2/envvars

user dirでのPHP有効化
----------------------------

::

 sudo vi /etc/apache2/mods-enabled/php5.conf
 以下を"コメントアウト"
 --
     <IfModule mod_userdir.c>
         <Directory /home/*/public_html>
             php_admin_value engine Off
         </Directory>
     </IfModule>
 --

動作確認
------------------

::

 sudo /etc/init.d/apache2 restart
 http://183.181.172.190/
 が見えるか確認
 cd ~; mkdir public_html; cd public_html; touch index.html
 して
 http://183.181.172.190/~kanai
 が見えるか確認

python wsgi
----------------------

::

  a2enmod wsgi
 cat > /etc/apache2/sites-enabled/001-wsgi-test.conf<<EOF
 WSGIDaemonProcess  user=nobody group=nogroup threads=10
 WSGIScriptReloading On
 WSGIScriptAlias /hoge /home/kanai/py.wsgi
 EOF

 vi /etc/apache2/sites-enabled/000-default.conf
 >> <VirtualHost *:80>に以下のように書く
 <Directory "/home/nttcom">
   AllowOverride All
   Require all granted
 </Directory>
 
 cat > /home/kanai/py.wsgi <<EOF
 import sys, os
 sys.path.append('/home/kanai')
 from wsgitest import app as application
 EOF

wiki
=========

ダウンロード
-------------------

http://pukiwiki.cafelounge.net/plus/?Download
から落とす。

::

 cd ~/public_html/
 tar zxfv plus-i18n-rev1726.tar.gz
 mv plus-i18n-rev1726 wiki
 rm -rf plus-i18n-rev1726.tar.gz

基本設定変更
---------------------

::

 cd wiki
 chmod 777 attach backup cache counter diff trackback wiki
 chmod 755 image image/face lib plugin skin
 chmod 666 cache/* wiki/*
 htdigest -c ~/.htdigest wiki kanai
 -> パスワードを入力
 cat >> .htaccess
 <FilesMatch "write.php">
 AuthType Digest
 AuthName "wiki"
 AuthDigestDomain /wiki/
 AuthUserFile  /home/kanai/.htdigest
 Require user kanai
 </FilesMatch>
 cp index.php write.php

::

 vim pukiwiki.ini.php
 次のような点を変更
 $defaultpage  = 'HomePage';
 vi index.php
 //以下はdefine('PKWK_READONLY',  1); // 0,1,2,3,4の前にいれる
 define('PKWK_READONLY',  1); // 0,1,2,3,4
 vi auth.ini.php
 $adminpass = '{x-php-md5}bb69ff0a6fdb6e678782de31184f3c36'; // md5('pass')

::

 note:
 パスワードは
 php -r 'echo md5("<password>")."\n";'
 とかで生成する
 bd983ca73632905c1acbd8d4b2c6d5d0

NS(bind9)
===================

::

 sudo apt-get install bind9
 ln -s /etc/bind /var/namedb
 cd /etc/bind/
 rm named.conf.default-zones named.conf.local named.conf.options
 vi named.conf
 named-checkconf
 service bind9 restart

named.conf sample
--------------------------

::

 options {
        directory "/var/cache/bind";
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
 };
 
 
 zone "." {
        type hint;
        file "/etc/bind/db.root";
 };
 zone "localhost" {
        type master;
        file "/etc/bind/db.local";
 };

 zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
 };
 
 zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
 };
 
 zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
 };
 acl "trust-network" {
  localhost;
  ::1;
  116.197.140.178;
 };
 
 zone "hogetan.net" {
  type master;
  file "/etc/bind/zone.hogetan.net";
 };

sphinx
=====================

::

 sudo apt-get install texlive-latex-base


ntp
===============

::

 sudo apt-get install ntp 
 sudo vi /etc/ntp.conf

::

 server  ntp1.jst.mfeed.ad.jp
 server  ntp2.jst.mfeed.ad.jp
 server  ntp3.jst.mfeed.ad.jp
 fudge   127.127.1.0 stratum 10
 driftfile /var/lib/ntp/ntp.drift
 logfile /var/log/ntpd.log
 authenticate no
 # default deny all
 restrict default ignore
 restrict 45.0.0.0 mask 255.255.0.0 noquery nomodify nopeer notrust notrap 
 restrict 172.16.0.0 mask 255.255.0.0 noquery nomodify nopeer notrust notrap 
 restrict 210.173.160.27 noquery nomodify
 restrict 210.173.160.57 noquery nomodify
 restrict 210.173.160.87 noquery nomodify
 restrict 127.0.0.1

::

 sudo touch /var/lib/ntp/drift
 sudo  chown ntp:ntp /var/lib/ntp/drift
 sudo service ntp restart
 sudo ntpq -p
 -> 少し待ちます(reachが377になるまで)

syslog-ng
==========================

::

 sudo aptitude install syslog-ng
 vi /etc/syslog-ng/syslog-ng.conf
 internal()のあとにudp追加。
 source s_src { unix-dgram("/dev/log"); internal(); udp();
             file("/proc/kmsg" program_override("kernel"));
 };

 filter f_host_router  { netmask(192.168.100.254/32); };
 destination homelog { file("/var/log/homelog" perm(0644)); };
 log { source(s_src);   filter(f_host_router); destination(homelog); };

 filter f_local1 { facility(local2) ; };
 destination l2l3log { file("/var/log/l2l3" perm(0644)); };
 log { source(s_src);   filter(f_local1); destination(l2l3log); };

 sudo service syslog-ng restart     
 logger -h 127.0.0.1 -p local1.debug hoge

python
=============================

::

  # これなにようだっけ？
  sudo apt-get install libatlas3gf-base f2c
  sudo pip install tweepy
  sudo apt-get install python-pip python-setuptools \
    python-dev build-essential libfreetype6-dev libpng-dev python-virtualenv \
    gfortran libblas-dev liblapack-dev g++ tk-dev \
    python-numpy libhdf5-serial-dev    
  sudo pip install PyYAML
  sudo pip install numpy
   -> とおらない
  sudo pip install scipy
  sudo pip install SymPy netCDF4 nose PIL  matplotlib nltk
  sudo easy_install -U distribute
  sudo pip install nltk

* python + emacs

::

 sudo apt-get install python-mode

VLANconfigの基本
=========================

::

 cat <<EOF>> /etc/sysconfig/network
 VLAN=yes
 VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
 NETWORKING_IPV6=yes
 NOZEROCONF=yes
 EOF

T400の設定
=======================

::

 apt-get install firmware-iwlwifi
 apt-get install wicd-cli
 apt-get install iw
 iwconfig wlan0 mode Managed
 iwconfig wlan0 essid beefbeef-home-air
 iwconfig wlan0 key bc1
 iwlist  wlan0 scanning
 wpa_passphrase beefbeef-home-air <password> >> /etc/wpa_supplicant.conf 
 wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf

ブリッジにする
========================
::

 apt-get install bridge-utils 

int
============

::

 /etc/network/interfaces
 
 auto lo
  iface lo inet loopback
 
 auto eth0.100
 iface eth0.100 inet dhcp
 
 auto eth0.500
 iface eth0.302 inet static
  address 192.168.5.254
  netmask 255.255.255.0

dhcpd
=========================

::

 apt-get install isc-dhcp-server
 vi /etc/dhcp/dhcpd.conf
 /etc/init.d/isc-dhcp-server restart

router化
=============================

::

 net.ipv4.tcp_syncookies = 1
 net.ipv4.ip_forward = 1
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 iptables -t nat -A POSTROUTING -o eth0.100  -j MASQUERADE

bind cache
======================

::

 apt-get install bind9


gmailをsmtpサーバとして活用する
==============================================

relayの設定：このホストを家庭ネットワークのrelayサーバとする場合、mynetworksに追加する

::

 sudo vi  /etc/postfix/main.cf
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16
 とか。

gmailへのSSLトンネル確立

::

 sudo apt-get install stunnel  
 cd /etc/ssl/certs
 openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
 chmod 600 stunnel.pem
 dd if=/dev/urandom of=temp_file count=2
 openssl dhparam -rand temp_file 512 >> stunnel.pem
 ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0

 debug用コマンド: smtp.gmail.comにアクセスできるかは以下のコマンドで確認
 openssl s_client -host smtp.gmail.com -port 465 
 
 sudo vi /etc/stunnel/stunnel.conf       
 ; clientを書き換える
 client = yes
 ; Service-level configuration の下を以下だけにする
 ; 127.0.0.1をlocalhostにするとv6 onlyでlistenする..
 [gmailsmtp]
 accept  = 127.0.0.1:8465
 connect = smtp.gmail.com:465
 
 sudo vi /etc/default/stunnel4   
 ENABLE=1
 
 sudo service stunnel4 restart    

次に、postfix側でrelayの設定

::

 plain認証のため(postfixの)
 sudo apt-get install cyrus-sasl2-dbg
 sudo vi  /etc/postfix/main.cf
 relayhost = [localhost]:8465
 smtp_sasl_auth_enable  = yes
 smtp_sasl_password_maps = hash:/etc/postfix/isp_passwd
 smtp_sasl_security_options = noanonymous
 smtp_sasl_mechanism_filter = cram-md5,digest-md5,plain,login
 
 sudo vi /etc/postfix/isp_passwd
 [localhost]:8465 <user>:password> < ここはgmailのアプリケーションパスワードを入れる！(スペースは抜こう
 
 sudo chmod 400 /etc/postfix/isp_passwd
 sudo postmap /etc/postfix/isp_passwd
 sudo service postfix restart

tftpd
=============

::

 # もし入っているなら消す
 sudo apt-get remove tftpd
 sudo apt-get install tftpd-hpa
 sudo vi /etc/default/tftpd-hpa
 # ここはよしなに変える
 TFTP_DIRECTORY="/tftpboot"
 # --createをいれるとファイルが新規に作れる
 TFTP_OPTIONS="--secure --create"
 # /tftpbootつくって所有者の変更
 sudo mkdir /tftpboot/
 sudo chown -R tftp /tftpboot/
 sudo service tftpd-hpa restart
 # 詳細は以下
 https://help.ubuntu.com/community/TFTP