メモリが 512MB から 2GB に。ヤッター。OS は Debian 6 amd64 をさくっと入れておく。
他にもやっておいた方がよさそうなものがあったら教えて下さい。
ssh root@ip
とりあえず foo で sudo 出来るように。
# apt-get update # apt-get upgrade # dpkg-reconfigure tzdata # apt-get install sudo # vi /etc/sudoers # diff -u /tmp/sudoers /etc/sudoers --- /tmp/sudoers 2012-05-04 05:20:48.000000000 +0900 +++ /etc/sudoers 2012-05-04 05:21:05.000000000 +0900 @@ -15,6 +15,7 @@ # User privilege specification root ALL=(ALL) ALL +foo ALL=(ALL) ALL # Allow members of group sudo to execute any command # (Note that later entries override this, so you might need to move # exit
ssh foo@ip
公開鍵認証
$ mkdir .ssh $ vi .ssh/authorized_keys $ chown -R foo:foo .ssh $ chmod 700 .ssh $ chmod 600 .ssh/authorized_keys $ exit
デフォルトのポートはログが悲惨なことになるので適当に。rootとパスワード認証は禁止する
$ sudo vi /etc/ssh/sshd_config $ diff -u /tmp/sshd_config /etc/ssh/sshd_config --- /tmp/sshd_config 2012-05-04 05:31:05.000000000 +0900 +++ /etc/ssh/sshd_config 2012-05-04 05:35:15.000000000 +0900 @@ -2,7 +2,7 @@ # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for -Port 22 +Port 2000 # ここは適当に # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 @@ -47,7 +47,9 @@ ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords -#PasswordAuthentication yes +PasswordAuthentication no + +PermitRootLogin no # Kerberos options #KerberosAuthentication no $ sudo service ssh restart
とりあえず http, https, ssh だけ開けておく。
$ sudo apt-get install arno-iptables-firewall
※ここで別のターミナルを開いて ssh foo@ip -p 2000 で締め出されていないか確認。
logwatch で定期的にメールでレポートを送る。
$ sudo apt-get install postfix logwatch $ sudo vi /usr/share/logwatch/default.conf/logwatch.conf $ diff -u /tmp/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf --- /tmp/logwatch.conf 2012-05-04 06:35:12.000000000 +0900 +++ /usr/share/logwatch/default.conf/logwatch.conf 2012-05-04 06:37:50.000000000 +0900 @@ -32,7 +32,7 @@ #Output/Format Options #By default Logwatch will print to stdout in text with no encoding. #To make email Default set Output = mail to save to file set Output = file -Output = stdout +Output = mail #To make Html the default formatting Format = html Format = text #To make Base64 [aka uuencode] Encode = base64 @@ -41,7 +41,7 @@ # Default person to mail reports to. Can be a local account or a # complete email address. Variable Output should be set to mail, or # --output mail should be passed on command line to enable mail feature. -MailTo = root +MailTo = user@example.com # WHen using option --multiemail, it is possible to specify a different # email recipient per host processed. For example, to send the report # for hostname host1 to user@example.com, use: @@ -67,7 +67,7 @@ # The default time range for the report... # The current choices are All, Today, Yesterday -Range = yesterday +Range = Today # The default detail level for the report. # This can either be Low, Med, High or a number. $ sudo EDITOR=vi crontab -e 0 1 * * * /usr/sbin/logwatch
気軽にグラフを見て監視したいので munin で、1台だけなので設定はこれだけ。
$ sudo apt-get install munin-node munin $ sudo vi /etc/munin/munin.conf $ diff -u /tmp/munin.conf /etc/munin/munin.conf --- /tmp/munin.conf 2012-05-04 06:54:10.000000000 +0900 +++ /etc/munin/munin.conf 2012-05-04 06:55:34.000000000 +0900 @@ -5,10 +5,10 @@ # must be writable by the user running munin-cron. They are all # defaulted to the values you see here. # -# dbdir /var/lib/munin -# htmldir /var/cache/munin/www -# logdir /var/log/munin -# rundir /var/run/munin +dbdir /var/lib/munin +htmldir /var/cache/munin/www +logdir /var/log/munin +rundir /var/run/munin # # Where to look for the HTML templates # tmpldir /etc/munin/templates $ sudo /etc/init.d/munin-node restart
便利ツールを一式入れておく
$ sudo apt-get build-dep perl
$ sudo apt-get install \
build-essential \
ssh \
htop \
vim \
git-core \
screen \
unzip \
global \
ctags \
curl \
spell \
strace \
sysstat \
tree \
libpcre3-dev \
libssl-dev \
expat \
libexpat1-dev \
libxml2-dev \
libjpeg8-dev \
libgif-dev \
libpng12-dev \
daemontools-run
あとは必要な httpd, memcached, mysql 等を好きなように。