Tips for setting up Debian

From PrgmrWiki

Debian is a fantastic Linux distro known for stability, features and ease of use. As of the time of this writing, prgmr supports Debian images as a default installation options. Currently, the default image is for Debian 5, known as Lenny. This article covers the steps I usually take to set up my own server-class Debian boxes.

Please don't begin here until you have, at the very least, changed the root password!

I see, I suppsoe that would have to be the case.

Updating packages

The first step which must be taken is to upgrade all installed packages to their latest versions. Since Lenny is the "stable" branch of Debian, no functional issues should be introduced through this upgrade. Only security and stability fixes are moved into the "stable" branch.

Tweaking aptitude

By default, aptitude installs "recommended" packages without asking you. This is configurable behavior. Some people (curious folks new to Debian) might want to leave this enabled. If this is you, skip this step. Otherwise, let's change this before doing anything else.

As root execute: aptitude

This will load the ncurses interface. The option in question is in the preferences section which should be somewhere on the menu. Control-T will move your focus to the top menu bar. Move around until you find the "Preferences" option. It's either under "Actions" or "Options". When you are in the preferences section, scroll down until you find the "Install recommended packages automatically" option and make sure that it is unchecked. Press 'q' several times to quit and exit back to the command line.

Refreshing package lists and upgrading

To upgrade installed packages, aptitude must first be made aware of what's out there.

As root execute: aptitude update

You will see output indicating it is checking the repository mirrors it knows about and getting new lists.

When it is done, execute as root: aptitude safe-upgrade

This will present you with a summary of changes to be made. Examine them and, if nothing looks glaringly horribly wrong, indicate your assent by typing 'Y' and pressing enter. This will cause aptitude to download and install (in the proper order of course), all of the packages which can/should be upgraded.

Assuming it has exited without error, repeat the aptitude safe-upgrade once again and look for any indication that some packages have been "held back" or "not upgraded". This could indicate that there is some sort of dependency resolution issue. In these types of cases, aptitude gets scared which is a Good Thing (TM). To coax it along, run (as root, of course) aptitude full-upgrade which will attempt to bring the entire system up to date even if it means uninstalling something. In cases where packages are being held back, it is most often just a matter of a library being renamed or something equivalently minor. If it looks like this is the case, tell aptitude to go ahead and upgrade everything. Sometimes this needs to be done multiple times to get everything to 100%.

Please note that in general usage, when aptitude holds something back, it's for a good reason and you shouldn't mess with it unless you have reason to.

Upgrading to Squeeze

This step is kind of optional but I highly advise you upgrade to Debian 6, codenamed "Squeeze", which is currently in the late stages of testing. In fact, Squeeze has undergone a feature freeze so there shouldn't be too many surprises in the pipeline. This is really just a log of my experiences so if you aren't comfortable with Debian yet, you should read it over before you try anything.

First, edit the /etc/apt/sources.list file to refer to squeeze instead of lenny and add the security update package repos.

# sed -i s/lenny/squeeze/g /etc/apt/sources.list

Since there are times when I am ok with using software that does not strictly conform to the Debian Free Software Guidelines, I add the contrib repos as well. I also like to use more than one mirror set. My sources.list file looks like this:

deb squeeze main non-free contrib
deb-src squeeze main non-free contrib

deb squeeze/updates main non-free contrib
deb-src squeeze/updates main non-free contrib

Once you have edited this file, do an update to let aptitude know about what's in the new repo.

Execute as root: aptitude update Note this may take a little longer to complete as it is getting significantly more data than a regular update.

Once it is done, you can see what an upgrade to squeeze would look like.

Execute as root: aptitude dist-upgrade Examine the (rather long) list of proposed changes. Some of these will appear radical but keep an eye out for aptitude telling you that something will cause massive havoc. If/When you are satisfied, enter 'Y' and fetch a cup of tea while the downloads finish. Immediately prior to installation, aptitude will most likely prompt you for some information. Use your best judgement in these cases and don't be afraid to Google something or ask for help.

One of the scarier questions you might be asked is about grub. Since prgmr use a special bootload setup which is not compatible with the new grub, make sure that you tell it to use grub-legacy if it gives you the option. Otherwise, it might just tell you that you can transition back later on. Do your best to keep the old grub. Before you are ready to reboot, follow the step below to make sure that grub-legacy is installed and configured.

One of the less-scary questions you'll get asked is whether or not you want to switch to a dependency based boot sequence. If you are really starting from the default image, this is prob 100% ok to do and it will help keep your boot time low in the future.

Keep in mind that the dist-upgrade will most likely fail the first time with some sort of error. This is most likely due to an issue with the kernel and a different version of udev. Running the dist-upgrade again will allow aptitude to help you work it out. If you get stuck you can execute aptitude dist-upgrade -f which will try to fix up things.

You'll know you're "finished" when udev-related things are the only bits left. At this stage, aptitude install grub-legacy to make sure you've got the old grub. When it's installed, run update-grub to make sure the bootloader is set up properly. Don't forget this. As a matter of fact, inspect /boot/grub/menu.1st and make sure it looks sane before rebooting.

You may find you get a "unable to handle kernel paging request" error when booting the new kernel (linux-image-2.6.32-5-686-bigmem). If this happens log into the console and start the old kernel (linux-image-2.6.26-2-686-bigmem or linux-image-2.6-686-bigmem). You can configure it to boot this kernel by default in /boot/grub/menu.1st.

When you've rebooted, you can run aptitude dist-upgrade again to get the udev stuff all set. If there is nothing else pending, you can feel assured that you're now upgraded. Good job, go get a beer or something.

What a joy to find someone else who thinks this way.

Notes on security

Pointer to securing debian manual


Checking self out with Nmap