PDA

View Full Version : What to do after installation?



bxb32001
10-23-2003, 06:40 PM
Greetings everyone,

Being used to a Red Hat install, I was used to part of it's installation that set up a firewall for you....

This got me to thinking.... what steps should one follow after a Knoppix HDD install?

These things come to my mind:

- configuration of a personal firewall
- updating the system
- removing unnecessary applications.

I think I sort of know now how ty update my system... but how does one go about configuring and using a personal firewall.?

I'd also appreciate tips, tricks, and information on the post-installation routine....

Anyway, thanks a million and I'm absolutely glad I'm typing on a Debian / Knoppix platform right now...[/list]

m_yates
10-23-2003, 10:31 PM
I use firestarter for a firewall. Just:

apt-get -t unstable install firestarter
firestarter

It will open a graphical wizard to configure your firewall. Once you have it configured the way you want, close the window and the firewall will continue running in the backgroup and will automatically be started at boot. If you ever want to change settings, just type "firestarter" as root at a command prompt.

The other thing you want to do is set up your sources.list file located in /ect/apt/. You should uses mirrors close to you. You may also want to create a preferences file for apt. Here is mine:

Package: *
Pin: release o=Debian a=testing
Pin-Priority: 900

Package: *
Pin: release o=Debian a=unstable
Pin-Priority: 800

Just save that as /etc/apt/preferences to run as testing/unstable. Testing packages will automatically be selected unless you specify -t unstable using apt-get. Of course, you may also want to just upgrade everything to unstable. There is a howto for that located here.

bxb32001
10-24-2003, 01:22 AM
Thanks m_yates,

Couldn't reply right away coz I had to get some sleep as it was past midnight where I am....

About the sources list... I opened it up last night and wow! There was a lot of stuff there, I was just overwhelmed... all the samples in the howtos I've read were just a few lines... I totally didn't understand what was there and was too sleepy to try... maybe later when I get home (at work right now)

Right before I go to bed is when I get crazy, so being new to Debian, I did an apt-get update and apt-get upgrade without knowing what will happen... it went without a hitch so that may mean the current sources on the list were good enough... I have to read some more to know what goes on...

bxb32001
10-24-2003, 05:00 PM
Managed to read through it and now I think I understand it a little bit... about changing the sources from lets say a .de to a .us - all this affects is the speed of the download doesn't it?

I have read the APT howto (whether it registered is a topic for debate) but I am just a bit too wary right now. Anyway, assuming I don't change the default sources, is it okay if I do an apt-get update and an apt-get upgrade?

bxb32001
10-24-2003, 05:35 PM
Did a bit more reading.... I think I get it now... anyway, I'm now leaning on upgrading to unstable... but I'll do a bit more reading for now...

bxb32001
10-24-2003, 06:10 PM
I just went through (very quickly) the Debian Security Howto and they recommend that the /tmp and /var directories be moved to a their own partitions... What would the recommended partition sizes for these be?

I guess the real question would be how do I do it? I have read on how to move the /home directory... would it be exactly the same procedure?

Dave_Bechtel
10-24-2003, 10:05 PM
/tmp usage on my system is very small (less than 1 meg); I'd say allocate maybe 20 meg to it JIC.

/var - this is where the logs go. I'd say 500Meg would be Ok if you keep an eye on it.

--BTW, if you want some basic firewall rules, see this thread:
http://www.knoppix.net/forum/viewtopic.php?p=24865#24865

--Ignore the post before it, that code is old. I'll say from experience that iptables seemed way too convoluted and complex from what I saw on the howto's and FAQ's and such - but when I googled for some example scripts, it allowed me to hack together that basic-protection script. With all the comments and everything, I even understand most of it now. References are included wherever possible.

--Once you have it up and running for a week or so, as root do ' iptables -L -v ' and see how much stuff went thru the REJECT/DROP filters. Something of an eye-opener.


I just went through (very quickly) the Debian Security Howto and they recommend that the /tmp and /var directories be moved to a their own partitions... What would the recommended partition sizes for these be?

I guess the real question would be how do I do it? I have read on how to move the /home directory... would it be exactly the same procedure?

bxb32001
10-25-2003, 01:48 AM
WOW.... thanks Dave... now I'm off to read up on IP tables...

Greatly appreciate this... :)

bxb32001
10-25-2003, 03:45 AM
Okay, now I'm a bit confused...

If I use firestarter for my firewall... do I still have to do iptables?

Stephen
10-25-2003, 07:06 AM
Okay, now I'm a bit confused...

If I use firestarter for my firewall... do I still have to do iptables?
Yes all the firewall programs you install will use iptables they are just front ends to allow easy use so you do not have to make your own rules and scripts.

bxb32001
10-25-2003, 01:37 PM
:?: Oh... let me see if I understand this correctly... I run Dave's script.... then I install firestarter... (or the reverse order?)

My internet connection went cranky in the afternoon so that about ended my computer session... apt-get dist-upgrade stalled because of this... hope it would be okay if I just restart the dist-upgrade...

Dave_Bechtel
10-25-2003, 06:26 PM
--If you run my script, then that *is* the firewall. It has some limitations; if I want to add a rule on the fly, I have to add it to the script and rerun it to flush everything. You may have more options / better control with firestarter tho.

--I wouldn't recommend a dist-upgrade; that tends to Break Things Massively. Stick to upgrade.


:?: Oh... let me see if I understand this correctly... I run Dave's script.... then I install firestarter... (or the reverse order?)

My internet connection went cranky in the afternoon so that about ended my computer session... apt-get dist-upgrade stalled because of this... hope it would be okay if I just restart the dist-upgrade...

Stephen
10-25-2003, 06:27 PM
:?: Oh... let me see if I understand this correctly... I run Dave's script.... then I install firestarter... (or the reverse order?)

My internet connection went cranky in the afternoon so that about ended my computer session... apt-get dist-upgrade stalled because of this... hope it would be okay if I just restart the dist-upgrade...

Dave's script is a firewall you would not need firestarter in that case and you would be making your own rules in the script file if you wanted to open additional ports. Firestarter does the same as Dave's script except with a graphical interface so you do not have to write your own rules. You should be able to safely re-start the dist-upgrade if you run into the libsensors-1debian1not installable bug you can get it here (http://wiki.debian.net/index.cgi?DebianKDE) it is probably best to get it before you start the dist-upgrade to have it handy in case of problems also if kdelibs and libxcursor-dev will not install because a file exists in another package and it cannot overwrite it then you would cd /var/cache/apt/archives and dpkg -i --force-overwrite offending_package.deb to install the package.

bxb32001
10-26-2003, 12:36 PM
Thanks guys, that clears it up...

This weekend has been a busy one so sorry for the time between replies...

Just one more thing....

When X starts up Konqueror opens up and looks for the Knoppix CD... after a while it gets really annoying... how do I take this away from the startup?


- Bryan

Oh... the Marlins won! (As well as Real Madrid and JC Ferrero...)