メモリが 512MB から 2GB に。ヤッター。OS は Debian 6 amd64 をさくっと入れておく。

他にもやっておいた方がよさそうなものがあったら教えて下さい。

ssh root@ip

とりあえず foo で sudo 出来るように。

# apt-get update
# apt-get upgrade
# dpkg-reconfigure tzdata
# apt-get install sudo
# vi /etc/sudoers
# diff -u /tmp/sudoers /etc/sudoers
--- /tmp/sudoers	2012-05-04 05:20:48.000000000 +0900
+++ /etc/sudoers	2012-05-04 05:21:05.000000000 +0900
@@ -15,6 +15,7 @@
 
 # User privilege specification
 root	ALL=(ALL) ALL
+foo	ALL=(ALL) ALL
 
 # Allow members of group sudo to execute any command
 # (Note that later entries override this, so you might need to move
# exit

ssh foo@ip

公開鍵認証

$ mkdir .ssh
$ vi .ssh/authorized_keys
$ chown -R foo:foo .ssh
$ chmod 700 .ssh
$ chmod 600 .ssh/authorized_keys
$ exit

デフォルトのポートはログが悲惨なことになるので適当に。rootとパスワード認証は禁止する

$ sudo vi /etc/ssh/sshd_config 
$ diff -u /tmp/sshd_config /etc/ssh/sshd_config 
--- /tmp/sshd_config	2012-05-04 05:31:05.000000000 +0900
+++ /etc/ssh/sshd_config	2012-05-04 05:35:15.000000000 +0900
@@ -2,7 +2,7 @@
 # See the sshd_config(5) manpage for details
 
 # What ports, IPs and protocols we listen for
-Port 22
+Port 2000 # ここは適当に
 # Use these options to restrict which interfaces/protocols sshd will bind to
 #ListenAddress ::
 #ListenAddress 0.0.0.0
@@ -47,7 +47,9 @@
 ChallengeResponseAuthentication no
 
 # Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
+PasswordAuthentication no
+
+PermitRootLogin no
 
 # Kerberos options
 #KerberosAuthentication no
$ sudo service ssh restart

とりあえず http, https, ssh だけ開けておく。

$ sudo apt-get install arno-iptables-firewall

※ここで別のターミナルを開いて ssh foo@ip -p 2000 で締め出されていないか確認。

logwatch で定期的にメールでレポートを送る。

$ sudo apt-get install postfix logwatch
$ sudo vi /usr/share/logwatch/default.conf/logwatch.conf
$ diff -u /tmp/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf
--- /tmp/logwatch.conf	2012-05-04 06:35:12.000000000 +0900
+++ /usr/share/logwatch/default.conf/logwatch.conf	2012-05-04 06:37:50.000000000 +0900
@@ -32,7 +32,7 @@
 #Output/Format Options
 #By default Logwatch will print to stdout in text with no encoding.
 #To make email Default set Output = mail to save to file set Output = file
-Output = stdout
+Output = mail
 #To make Html the default formatting Format = html
 Format = text
 #To make Base64 [aka uuencode] Encode = base64
@@ -41,7 +41,7 @@
 # Default person to mail reports to.  Can be a local account or a
 # complete email address.  Variable Output should be set to mail, or
 # --output mail should be passed on command line to enable mail feature.
-MailTo = root
+MailTo = user@example.com
 # WHen using option --multiemail, it is possible to specify a different
 # email recipient per host processed.  For example, to send the report
 # for hostname host1 to user@example.com, use:
@@ -67,7 +67,7 @@
 
 # The default time range for the report...
 # The current choices are All, Today, Yesterday
-Range = yesterday
+Range = Today
 
 # The default detail level for the report.
 # This can either be Low, Med, High or a number.
$ sudo EDITOR=vi crontab -e
0 1  * * *          /usr/sbin/logwatch

気軽にグラフを見て監視したいので munin で、1台だけなので設定はこれだけ。

$ sudo apt-get install munin-node munin
$ sudo vi /etc/munin/munin.conf 
$ diff -u /tmp/munin.conf /etc/munin/munin.conf 
--- /tmp/munin.conf	2012-05-04 06:54:10.000000000 +0900
+++ /etc/munin/munin.conf	2012-05-04 06:55:34.000000000 +0900
@@ -5,10 +5,10 @@
 # must be writable by the user running munin-cron.  They are all
 # defaulted to the values you see here.
 #
-# dbdir	/var/lib/munin
-# htmldir /var/cache/munin/www
-# logdir /var/log/munin
-# rundir  /var/run/munin
+dbdir	/var/lib/munin
+htmldir /var/cache/munin/www
+logdir /var/log/munin
+rundir  /var/run/munin
 #
 # Where to look for the HTML templates
 # tmpldir	/etc/munin/templates
$ sudo /etc/init.d/munin-node restart

便利ツールを一式入れておく

$ sudo apt-get build-dep perl
$ sudo apt-get install \
    build-essential \
    ssh \
    htop \
    vim \
    git-core \
    screen \
    unzip \
    global \
    ctags \
    curl \
    spell \
    strace \
    sysstat \
    tree \
    libpcre3-dev \
    libssl-dev \
    expat \
    libexpat1-dev \
    libxml2-dev \
    libjpeg8-dev \
    libgif-dev \
    libpng12-dev \
    daemontools-run

あとは必要な httpd, memcached, mysql 等を好きなように。