After installing Slackware: a checklist

From Notes to self
Jump to navigation Jump to search

Should be done during installation:

  • partitions
  • Software series:
    • server:
min: a ap d l n x
max: a ap d e f k l n t tcl x y (i.e., all except for kde xap xfce)
  • desktop: server/max + xap (i.e., all except for kde xfce)
  • Comment out
if has("vms")
  set nobackup          " do not keep a backup file, use versions instead
else
  set backup            " keep a backup file (restore to previous version)
  if has('persistent_undo')
    set undofile        " keep an undo file (undo changes after closing)
  endif
endif

in /usr/share/vim/vimrc and run

# rm /usr/share/vim/vimrc~ /usr/share/vim/.vimrc.un~

  • Label partitions
  • Remove kernel-huge and fix the symlinks in /boot
  • /etc/ssh/sshd_config:
Port 26
AddressFamily inet
PermitRootLogin yes
PrintMotd no
PrintLastLog no
  • /etc/fstab
  • /etc/mdadm.conf
  • /etc/mkinitrd.conf
  • /boot/grub/grub.cfg
  • /etc/hosts
  • /etc/HOSTNAME
  • /etc/rc.d/rc.inet1.conf
  • /etc/resolv.conf

Initial setup

  • If root is the only user on the system:
  • $ ssh-copy-id -i ~/.ssh/id_rsa.pub (from a remote machine)
  • In /etc/ssh/sshd_config comment out PermitRootLogin yes and add
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM no
  • # chmod -x /etc/profile.d/bsd-games-login-fortune.sh
  • Disable unneeded rc-files, e.g., # chmod -x rc.acpid rc.bluetooth rc.elogind rc.gpm-sample rc.haveged rc.wireless
  • Install slackscan
  • Install all patches with /root/bin/slup
  • # /root/bin/slup bash-completion
  • # cp /usr/doc/git-*/contrib/completion/git-completion.bash /etc/bash_completion.d/
  • /root/.bash_completion
_mkcd()
{
    local cur prev words cword split
    _init_completion -s || return
    $split && return 0
    _filedir -d
}
complete -F _mkcd mkcd
  • Upgrade kernel; /etc/rc.d/rc.modules.local
  • Upgrade the Intel microcode
  • # removepkg vim vim-gvim
  • Install neovim and its dependencies
  • Put init.vim and ru_renard.vim to /root/.config/nvim/
  • mkdir -p ~/.local/share/nvim/backup/
  • /etc/ssh/ssh_config
Host *
AddressFamily inet
  • /etc/profile.d/lang.sh: comment out export LANG=en_US.UTF-8 and add
LANG=ru_RU.UTF-8
LC_MESSAGES=en_US.UTF-8
LC_TIME=en_GB.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
export LANG LC_MESSAGES LC_TIME LC_NUMERIC LC_MONETARY

Preserve "export LC_COLLATE=C"

  • /etc/profile.d/man.sh
alias man='LANG=C /usr/bin/man'

Setting up the root account

  • /root/.bash_profile
[[ -d /root/bin ]] && PATH="$PATH:/root/bin"

EDITOR=vi
VISUAL=$EDITOR
PAGER="view -"
MANPAGER="/bin/bash -c \"col -b | LANG=C view -c 'set filetype=man' -\""

export PATH EDITOR VISUAL PAGER MANPAGER

shopt -s histappend
HISTSIZE=1000
HISTFILESIZE=2000
HISTCONTROL=ignoreboth:erasedups

shopt -s checkwinsize

# disable XON/XOFF flow control (C-s, C-q)
[[ $- = *i* ]] && stty -ixon

# set the xterm title and the prompt color (magenta)
[[ $TERM = xterm* ]] && \
  PS1="\[\e]2;\u@\h: \w\a$(tput setaf 5)\]${PS1}\[$(tput sgr0)\]"

# make the cursor a bar instead of a box
echo -e -n "\x1b[\x36 q"

[[ -f /root/.bash_aliases ]] && source /root/.bash_aliases
[[ -f /root/.bash_functions ]] && source /root/.bash_functions
  • /root/.bashrc:
source /etc/profile
source /root/.bash_profile
  • /root/.bash_functions
mkcd()
{
[[ $# -eq 1 ]] && mkdir -p "$1" && cd "$1" \
  || echo "mkcd expects exactly one argument"
  [[ $(\ls -A) ]] && echo "Directory $1 is not empty"
}
  • /root/.bash_aliases
alias ll='ls -lA'
alias pkg='ls /var/lib/pkgtools/packages/ | grep -i'
  • Change the root crontab to
@hourly   ID=sys-hourly  /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
@daily    ID=sys-daily   /usr/bin/run-parts /etc/cron.daily 1> /dev/null
@weekly   ID=sys-weekly  /usr/bin/run-parts /etc/cron.weekly 1> /dev/null
@monthly  ID=sys-monthly /usr/bin/run-parts /etc/cron.monthly 1> /dev/null
  • # install -m 0644 -o root -g root /usr/doc/dcron-*/extra/prune-cronstamps /etc/cron.d/

Further configuration

  • /etc/rc.d/rc.local
# Ensure the existence of /var/lib/dbus/machine-id and /etc/machine-id
if [ -x /usr/bin/dbus-uuidgen -a ! -x /etc/rc.d/rc.messagebus ] ; then
  rm -f /var/lib/dbus/machine-id
  rm -f /etc/machine-id
  /usr/bin/dbus-uuidgen --ensure
  ln -s /var/lib/dbus/machine-id /etc/machine-id
fi
  • /etc/rc.d/rc.local_shutdown
#!/bin/bash
#
# /etc/rc.d/rc.local_shutdown:  Local system shutdown script.
#
# Put anything that needs to be run at shutdown time in here.

# Clean /tmp
/usr/bin/find /tmp -mindepth 1 -delete
  • Creat /etc/rc.d/rc.firewall
#!/bin/bash

ipt="/usr/sbin/iptables"

# Flush any existing rules or chains
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt -t raw -F
$ipt -t raw -X
$ipt -t security -F
$ipt -t security -X

# Reset default policies
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -t nat -P PREROUTING ACCEPT
$ipt -t nat -P INPUT ACCEPT
$ipt -t nat -P OUTPUT ACCEPT
$ipt -t nat -P POSTROUTING ACCEPT
$ipt -t mangle -P PREROUTING ACCEPT
$ipt -t mangle -P INPUT ACCEPT
$ipt -t mangle -P FORWARD ACCEPT
$ipt -t mangle -P OUTPUT ACCEPT
$ipt -t mangle -P POSTROUTING ACCEPT
$ipt -t raw -P PREROUTING ACCEPT
$ipt -t raw -P OUTPUT ACCEPT
$ipt -t security -P INPUT ACCEPT
$ipt -t security -P FORWARD ACCEPT
$ipt -t security -P OUTPUT ACCEPT

if [ "$1" = "stop" ]; then
  echo "Firewall completely flushed!  Now running with no firewall."
  exit 0
fi

# Set default policy to DROP
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT

# Drop all invalid packets
$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
$ipt -A OUTPUT -m conntrack --ctstate INVALID -j DROP

# Allow loopback traffic
$ipt -A INPUT -i lo -j ACCEPT

# Accept established connections
$ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Allow icmp
$ipt -A INPUT -p icmp -j ACCEPT

# Allow ssh
$ipt -A INPUT -p tcp --dport 26 -j ACCEPT

echo "Firewall has been enabled."
  • Set chrony servers in /etc/chrony.conf
  • /etc/cron.daily/fstrim:
#!/bin/bash
/sbin/fstrim /
  • # sensors-detect. Add modules for lm_sensors to /etc/rc.d/rc.modules.local
  • /etc/rc.d/rc.local
# Set all sensors limits as specified in the configuration file
if [ -x /usr/bin/sensors ]; then
  /usr/bin/sensors -s
fi
  • install moreutils
  • # slup ipmitool
  • /etc/rc.d/rc.modules.local
# IPMI modules
/sbin/modprobe ipmi_msghandler
/sbin/modprobe ipmi_devintf
/sbin/modprobe ipmi_si
  • /etc/smartd.conf. For HDD:
/dev/disk/by-id/ata-...  -a -o on -S on -I 9 -I 190 -I 194 -m root -s (S/../.././04)

For SSD, substitute "S" in parentheses with "L".

  • # chmod +x /etc/rc.d/rc.smartd
  • # mkdir /var/lib/smartmontools
  • /etc/default/smartd
SMARTD_OPTIONS="-s /var/lib/smartmontools/smartd."
  • Creat /etc/X11/xinit/xserverrc
#!/bin/bash
exec /usr/bin/X -nolisten tcp -nolisten local -dpi 109 vt7
  • Install qt5ct
  • /etc/profile.d/qt5ct.sh
export QT_QPA_PLATFORMTHEME=qt5ct
  • Install perl-file-mimeinfo
  • Creat /etc/sysctl.conf
# Change tcp congestion control to bbr
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

# Increase the maximum number of inotify watches per user
fs.inotify.max_user_watches=1048576
  • /etc/default/cpufreq
SCALING_GOVERNOR=performance
  • To disable mtp comment out the line
SUBSYSTEM=="usb", GOTO="libmtp_usb_rules"

in /lib/udev/rules.d/69-libmtp.rules

  • # chmod -x /usr/bin/dbus-launch; chattr +i /usr/bin/dbus-launch

or

  • # cp -a /usr/share/dbus-1 /root; rm -r /usr/share/dbus-1/*services; chattr +i /usr/share/dbus-1
  • Comment out in /etc/pam.d/system-auth 2 lines that contain pam_gnome_keyring.so:
#-auth       optional      pam_gnome_keyring.so
...
#-session     optional      pam_gnome_keyring.so auto_start
  • /etc/parallel/config
# Quiet the citation message
--will-cite

Setting up users accounts

  • Create users (using adduser script)
  • # usermod -a -G wheel user
  • ~/.bash_profile:
[[ -d $HOME/bin ]] && PATH="$PATH:$HOME/bin"

EDITOR=vi
VISUAL=$EDITOR
PAGER="view -"
MANPAGER="/bin/bash -c \"col -b | LANG=C view -c 'set filetype=man' -\""
BROWSER=qutebrowser

export PATH EDITOR VISUAL PAGER MANPAGER BROWSER

shopt -s histappend
HISTSIZE=1000
HISTFILESIZE=2000
HISTCONTROL=ignoreboth:erasedups

shopt -s checkwinsize

# disable XON/XOFF flow control (C-s, C-q)
[[ $- = *i* ]] && stty -ixon

# set the xterm title and the prompt color (blue)
[[ $TERM = xterm* ]] && \
  PS1="\[\e]2;\u@\h: \w\a$(tput setaf 4)\]${PS1}\[$(tput sgr0)\]"

# make the cursor a bar instead of a box
echo -e -n "\x1b[\x36 q"

[[ -f $HOME/.bash_aliases ]] && source $HOME/.bash_aliases
[[ -f $HOME/.bash_functions ]] && source $HOME/.bash_functions

# Stop if not invoked by non-root login on tty1
shopt -q login_shell && [[ $(tty) =~ ^/dev/tty1$ && $EUID -ge 1000 ]] || return

# start X
[ -z "$DISPLAY" ] && exec startx
  • ~/.bashrc
source /etc/profile
source ~/.bash_profile
  • ~/.bash_logout
# Clear the screen.
# To clear the scroll-back buffer, we change the foreground virtual terminal
# to another terminal and then back to the original terminal

if [[ -z "$DISPLAY" && $SHLVL = 1 && $(tty) =~ ^/dev/tty[0-9]+$ ]]; then
  clear
  tty_num=$(echo $(tty) | grep -oE '[0-9]+$')
  if [ $tty_num = 1 ]; then
    chvt 2;
    chvt 1;
  else
    chvt 1
    chvt $tty_num
  fi
fi
  • $ ssh-copy-id -i ~/.ssh/id_rsa.pub
  • ~/.bash_functions
mkcd()
{
[[ $# -eq 1 ]] && mkdir -p "$1" && cd "$1" \
  || echo "mkcd expects exactly one argument"
  [[ $(\ls -A) ]] && echo "Directory $1 is not empty"
}

root()
{
if [[ $# -eq 0 ]]; then
  sudo -s
else
  sudo su -l -c "$*"
fi
}
  • ~/.bash_completion
### mkcd ###
_mkcd()
{
    local cur prev words cword split
    _init_completion -s || return
    $split && return 0
    _filedir -d
}
complete -F _mkcd mkcd

### root ###
source /usr/share/bash-completion/completions/sudo
complete -F _sudo root
  • /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM no
Retrieved from "https://alik.ejik.org/index.php?title=After_installing_Slackware:_a_checklist&oldid=2460"