After installing Slackware: a checklist

From Notes to self
Jump to navigation Jump to search

Should be done during installation:

  • partitions
  • Software series:
    • server:
min: a ap d l n
max: a ap d e f k l n t tcl x y (i.e., all except for kde xap xfce)
  • desktop: server/max + xap (i.e., all except for kde xfce)
  • Comment out
if has("vms")
  set nobackup          " do not keep a backup file, use versions instead
else
  set backup            " keep a backup file (restore to previous version)
  if has('persistent_undo')
    set undofile        " keep an undo file (undo changes after closing)
  endif
endif

in /usr/share/vim/vimrc and run

# rm /usr/share/vim/vimrc~ /usr/share/vim/.vimrc.un~

  • Label partitions
  • Remove kernel-huge and fix the symlinks in /boot
  • Remove lilo
  • /etc/ssh/sshd_config:
Port 26
AddressFamily inet
PermitRootLogin yes
PrintMotd no
PrintLastLog no
  • If root is the only user on the system:
  • $ ssh-copy-id -i ~/.ssh/id_rsa.pub (from a remote machine)
  • In /etc/ssh/sshd_config comment out PermitRootLogin yes and add
PasswordAuthentication no
  • /etc/fstab
  • /etc/mdadm.conf
  • /etc/mkinitrd.conf
  • /boot/grub/grub.cfg
  • /etc/hosts
  • /etc/HOSTNAME
  • /etc/rc.d/rc.inet1.conf
  • /etc/resolv.conf

Initial setup

  • # chmod -x /etc/profile.d/bsd-games-login-fortune.sh
  • Disable unneeded rc-files, e.g., # chmod -x rc.acpid rc.bluetooth rc.elogind rc.gpm-sample rc.haveged rc.wireless
  • Install slackscan
  • Install all patches with /root/bin/slup
  • # slup bash-completion
  • # cp /usr/doc/git-*/contrib/completion/git-completion.bash /etc/bash_completion.d/
  • /root/.bash_completion
_mkcd()
{
    local cur prev words cword split
    _init_completion -s || return
    $split && return 0
    _filedir -d
}
complete -F _mkcd mkcd
  • Upgrade kernel; /etc/rc.d/rc.modules.local, blacklist unneeded modules
  • Upgrade the Intel microcode
  • Remove vim and vim-gvim
  • Install neovim, my-neovim-extras, and their dependencies
  • Put init.vim and ru_renard.vim to /root/.config/nvim/
  • mkdir -p ~/.local/share/nvim/backup/
  • /etc/ssh/ssh_config
Host *
AddressFamily inet
  • /etc/profile.d/lang.sh: comment out export LANG=en_US and add
LANG=ru_RU.UTF-8
LC_MESSAGES=en_US.UTF-8
LC_TIME=en_GB.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
export LANG LC_MESSAGES LC_TIME LC_NUMERIC LC_MONETARY

Preserve "export LC_COLLATE=C"

  • /etc/profile.d/man.sh
alias man='LANG=C /usr/bin/man'

Setting up the root account

  • /root/.bash_profile
[[ -d /root/bin ]] && PATH="$PATH:/root/bin"

EDITOR=vi
VISUAL=$EDITOR
PAGER="view -"
MANPAGER="/bin/bash -c \"col -b | LANG=C view -c 'set filetype=man' -\""

export PATH EDITOR VISUAL PAGER MANPAGER

shopt -s histappend
HISTSIZE=1000
HISTFILESIZE=2000
HISTCONTROL=ignoreboth:erasedups

shopt -s checkwinsize

# disable XON/XOFF flow control (C-s, C-q)
[[ $- = *i* ]] && stty -ixon

# set the xterm title and the prompt color (magenta)
[[ $TERM = xterm* ]] && \
  PS1="\[\e]2;\u@\h: \w\a$(tput setaf 5)\]${PS1}\[$(tput sgr0)\]"

# make the cursor a bar instead of a box
echo -e -n "\x1b[\x36 q"

[[ -f /root/.bash_aliases ]] && source /root/.bash_aliases
[[ -f /root/.bash_functions ]] && source /root/.bash_functions
  • /root/.bashrc:
source /etc/profile
source /root/.bash_profile
  • /root/.bash_functions
mkcd()
{
[[ $# -eq 1 ]] && mkdir -p "$1" && cd "$1" \
    || echo "mkcd expects exactly one argument"
}
  • If the machine is not always on change the root crontab to
# root crontab
# DO NOT EDIT THIS FILE MANUALLY! USE crontab -e INSTEAD
#
# If you don't want the output of a cron job mailed to you, you have to direct
# any output to /dev/null.  We'll do this here since these jobs should run
# properly on a newly installed system.  If a script fails, run-parts will
# mail a notice to root.
#
# man 1 crontab for acceptable formats:
#    <minute> <hour> <day> <month> <dow> <tags and command>
#    <@freq> <tags and command>

# SYSTEM DAILY/WEEKLY/... FOLDERS
#
@hourly   ID=sys-hourly  /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
@daily    ID=sys-daily   /usr/bin/run-parts /etc/cron.daily 1> /dev/null
@weekly   ID=sys-weekly  /usr/bin/run-parts /etc/cron.weekly 1> /dev/null
@monthly  ID=sys-monthly /usr/bin/run-parts /etc/cron.monthly 1> /dev/null
  • # install -m 0644 -o root -g root /usr/doc/dcron-*/extra/prune-cronstamps /etc/cron.d/

Further configuration

  • /etc/rc.d/rc.local
# Ensure the existence of /var/lib/dbus/machine-id and /etc/machine-id
if [ -x /usr/bin/dbus-uuidgen -a ! -x /etc/rc.d/rc.messagebus ] ; then
  rm -f /var/lib/dbus/machine-id
  rm -f /etc/machine-id
  /usr/bin/dbus-uuidgen --ensure
  ln -s /var/lib/dbus/machine-id /etc/machine-id                                fi
  • /etc/rc.d/rc.local_shutdown
#!/bin/bash
#
# /etc/rc.d/rc.local_shutdown:  Local system shutdown script.
#
# Put anything that needs to be run at shutdown time in here.

# Clean /tmp
/usr/bin/find /tmp -mindepth 1 -delete
  • Creat /etc/rc.d/rc.firewall
#!/bin/bash

ipt="/usr/sbin/iptables"

# Flush any existing rules or chains
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt -t raw -F
$ipt -t raw -X
$ipt -t security -F
$ipt -t security -X

# Reset default policies
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -t nat -P PREROUTING ACCEPT
$ipt -t nat -P INPUT ACCEPT
$ipt -t nat -P OUTPUT ACCEPT
$ipt -t nat -P POSTROUTING ACCEPT
$ipt -t mangle -P PREROUTING ACCEPT
$ipt -t mangle -P INPUT ACCEPT
$ipt -t mangle -P FORWARD ACCEPT
$ipt -t mangle -P OUTPUT ACCEPT
$ipt -t mangle -P POSTROUTING ACCEPT
$ipt -t raw -P PREROUTING ACCEPT
$ipt -t raw -P OUTPUT ACCEPT
$ipt -t security -P INPUT ACCEPT
$ipt -t security -P FORWARD ACCEPT
$ipt -t security -P OUTPUT ACCEPT

if [ "$1" = "stop" ]; then
  echo "Firewall completely flushed!  Now running with no firewall."
  exit 0
fi

# Set default policy to DROP
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT

# Drop all invalid packets
$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
$ipt -A OUTPUT -m conntrack --ctstate INVALID -j DROP

# Allow loopback traffic
$ipt -A INPUT -i lo -j ACCEPT

# Accept established connections
$ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Allow icmp
$ipt -A INPUT -p icmp -j ACCEPT

# Allow ssh
$ipt -A INPUT -p tcp --dport 26 -j ACCEPT

echo "Firewall has been enabled."
  • Set ntp servers in /etc/ntp.conf
  • /etc/cron.daily/fstrim:
#!/bin/bash
/sbin/fstrim /
  • # sensors-detect. Add modules for lm_sensors to /etc/rc.d/rc.modules.local
  • /etc/rc.d/rc.local
# Set all sensors limits as specified in the configuration file
if [ -x /usr/bin/sensors ]; then
  /usr/bin/sensors -s
fi
  • # slup ipmitool
  • /etc/rc.d/rc.modules.local
# IPMI modules
/sbin/modprobe ipmi_msghandler
/sbin/modprobe ipmi_devintf
/sbin/modprobe ipmi_si
  • /etc/smartd.conf. For HDD:
/dev/disk/by-id/ata-...  -a -o on -S on -I 9 -I 190 -I 194 -m root -s (S/../.././04)

For SSD, substitute "S" in parentheses with "L".

To start smartd uncomment the corresponding lines in /etc/rc.d/rc.M. If the machine is not always on, add the option --savestates=/var/tmp/smartd.

  • Creat /etc/X11/xinit/xserverrc
#!/bin/bash
exec /usr/bin/X -dpi 94
  • Creat /etc/sysctl.conf
# Change tcp congestion control to bbr
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

# Increase the maximum number of inotify watches per user
fs.inotify.max_user_watches=1048576
  • To disable mtp comment out the line
SUBSYSTEM=="usb", GOTO="libmtp_usb_rules"

in /lib/udev/rules.d/69-libmtp.rules

  • # chmod -x /usr/bin/dbus-launch; chattr +i /usr/bin/dbus-launch

or

  • # cp -a /usr/share/dbus-1 /root; rm -r /usr/share/dbus-1/*services; chattr +i /usr/share/dbus-1

Setting up users accounts

  • Create users (using adduser script)
  • # usermod -a -G wheel user
  • ~/.bash_profile:
# add user's private bin to PATH
[ -d "$HOME/bin" ] && PATH="$PATH:$HOME/bin"

EDITOR=/usr/bin/vi
VISUAL=$EDITOR

export PATH EDITOR VISUAL

# don't put duplicate lines or lines starting with space in the history.
HISTCONTROL=ignoreboth

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length
HISTSIZE=1000
HISTFILESIZE=2000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

PS1="\[\e]0;\w\a\]$PS1"  # set the xterm title to show the directory
echo -e -n "\x1b[\x36 q"  # make the cursor a bar instead of a box

# Aliases and functions.
for f in .bash_aliases .bash_functions; do
  [ -f "$HOME/$f" ] && source "$HOME/$f"
done

# Stop if not invoked by login
shopt -q login_shell || return

# start X
[[ -z "$DISPLAY" && $EUID -ge 1000 && $(tty) =~ ^/dev/tty[12]$ ]] && /usr/bin/startx
  • .bash_logout
# Clear the screen.
# To clear the scroll-back buffer, we change the foreground virtual terminal
# to another terminal and then back to the original terminal

if [[ -z "$DISPLAY" && $SHLVL = 1 && $(tty) =~ ^/dev/tty[0-9]+$ ]]; then
  clear
  tty_num=$(echo $(tty) | grep -oE '[0-9]+$')
  if [ $tty_num = 1 ]; then
    chvt 2;
    chvt 1;
  else
    chvt 1
    chvt $tty_num
  fi
fi
  • $ ssh-copy-id -i ~/.ssh/id_rsa.pub
  • /etc/ssh/sshd_config
AddressFamily inet
PermitRootLogin no
PasswordAuthentication no
PrintMotd no
PrintLastLog no
Retrieved from "https://alik.ejik.org/index.php?title=After_installing_Slackware:_a_checklist&oldid=2292"