jeffrafter · September 13, 2008 13:18
diff --git a/gistfile1.txt b/gistfile1.txt
 ## Install
 I Installed Ubuntu 8.04 Server 
 US Keyboard Layout
 Zimbabwe region
 If this machine was using an SSD drive configure the paritions so that it has no swap
 I did a single partition marked as bootable and setup for the root on EXT3+Journaling
 I marked the OpenSSH server as an additional option
 I did not set it as a DNS server or Mail Server

 ## Naming
 For baobab we name our computers after trees so I called this one Sapele
 I added the default user as baobab

 ## Reboot and login

 ## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
 sudo apt-get update
 sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

 ## At the end you will need to input the mysql root password
 In general we create paswords with a hash of the machine name, a common nonce value and some special characters

 ## Update the ssh for Debian security vulnerability
 ## If you are running Ubuntu/Debian locally, you should do this on your machine *before*
 ## You ssh into the server!
 sudo apt-get install openssh-client

 ## Check for vulnerable keys
 If you are using 8.04 like me (I think that Intrepid will include this fix by default)
 Then you will get a message saying that it is correcting the blacklisted keys
 When completed, you should run ssh-vulnkey to make sure your root user is 
 Not blacklisted. You should see two keys listed and both should start with 
 "Not blacklisted:"
 ssh-vulnkey

 ## Setup users on your server 
 sudo adduser --disabled-password deploy 
 sudo adduser --system --no-create-home --group --disabled-password www
 sudo visudo

 ## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
 deploy  ALL=(ALL) ALL

 ## As an option you can give the deploy user more freedom if you control the keys carefully:
 deploy  ALL=(ALL) NOPASSWD:ALL

 ## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
 Defaults env_reset, insults

 ## Back on your local create your public key if you have not done so already
 ## Read the earlier note on Ubuntu <= 8.04 and openssh-client
 cd 
 ssh-keygen -t rsa
 Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
 Enter passphrase (empty for no passphrase): <Enter>
 Enter same passphrase again: <Enter>

 ## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
 ## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
 ## If you don't know your server's ip address, type ifconfig on the server
 scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
 password: <Enter your server's baobab user password>

 ## On the server setup the key for your deploy user (you need to be root)
 sudo su
 mkdir /home/deploy/.ssh
 chmod 700 /home/deploy/.ssh
 cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
 chmod 600 /home/deploy/.ssh/authorized_keys 
 chown -R deploy:deploy /home/deploy/.ssh
 exit

 ## Install the new OpenJDK from Sun
 sudo apt-get install openjdk-6-jre

 # ------------- Firefox


 sudo apt-get install dnsmasq firefox-2
 sudo apt-get install xorg xserver xserver-xorg-core
 sudo apt-get install xinit xauth 
 displayconfig-gtk libgl1-mesa-dri xfonts-base xfonts-100dpi xfonts-75dpi xfonts-scalable

 sudo adduser --disabled-password firefox



 READ the firefox README
	## Install
	I Installed Ubuntu 8.04 Server
	US Keyboard Layout
	Zimbabwe region
	If this machine was using an SSD drive configure the paritions so that it has no swap
	I did a single partition marked as bootable and setup for the root on EXT3+Journaling
	I marked the OpenSSH server as an additional option
	I did not set it as a DNS server or Mail Server

	## Naming
	For baobab we name our computers after trees so I called this one Sapele
	I added the default user as baobab

	## Reboot and login

	## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
	sudo apt-get update
	sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

	## At the end you will need to input the mysql root password
	In general we create paswords with a hash of the machine name, a common nonce value and some special characters

	## Update the ssh for Debian security vulnerability
	## If you are running Ubuntu/Debian locally, you should do this on your machine before
	## You ssh into the server!
	sudo apt-get install openssh-client

	## Check for vulnerable keys
	If you are using 8.04 like me (I think that Intrepid will include this fix by default)
	Then you will get a message saying that it is correcting the blacklisted keys
	When completed, you should run ssh-vulnkey to make sure your root user is
	Not blacklisted. You should see two keys listed and both should start with
	"Not blacklisted:"
	ssh-vulnkey

	## Setup users on your server
	sudo adduser --disabled-password deploy
	sudo adduser --system --no-create-home --group --disabled-password www
	sudo visudo

	## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
	deploy ALL=(ALL) ALL

	## As an option you can give the deploy user more freedom if you control the keys carefully:
	deploy ALL=(ALL) NOPASSWD:ALL

	## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
	Defaults env_reset, insults

	## Back on your local create your public key if you have not done so already
	## Read the earlier note on Ubuntu <= 8.04 and openssh-client
	cd
	ssh-keygen -t rsa
	Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
	Enter passphrase (empty for no passphrase): <Enter>
	Enter same passphrase again: <Enter>

	## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
	## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
	## If you don't know your server's ip address, type ifconfig on the server
	scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
	password: <Enter your server's baobab user password>

	## On the server setup the key for your deploy user (you need to be root)
	sudo su
	mkdir /home/deploy/.ssh
	chmod 700 /home/deploy/.ssh
	cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
	chmod 600 /home/deploy/.ssh/authorized_keys
	chown -R deploy:deploy /home/deploy/.ssh
	exit

	## Install the new OpenJDK from Sun
	sudo apt-get install openjdk-6-jre

	# ------------- Firefox


	sudo apt-get install dnsmasq firefox-2
	sudo apt-get install xorg xserver xserver-xorg-core
	sudo apt-get install xinit xauth
	displayconfig-gtk libgl1-mesa-dri xfonts-base xfonts-100dpi xfonts-75dpi xfonts-scalable

	sudo adduser --disabled-password firefox



	READ the firefox README
No results found