Hard disk preparation

Clean the hard disk

shred -n 0 -v -z -x /dev/sda

Create fitting partition layout

Disk /dev/sda: 750.1 GB, 750155325440 bytes
64 heads, 32 sectors/track, 715403 cylinders
Units = cylinders of 2048 * 512 = 1048576 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1         139      142320   83  Linux
/dev/sda2             140        2187     2097152   82  Linux swap / Solaris
/dev/sda3            2188        3211     1048576   83  Linux
/dev/sda4            3212      715403   729284608    5  Extended
/dev/sda5            3212        3723      524272   83  Linux
/dev/sda6            3724        7819     4194288   83  Linux
/dev/sda7            7820       11915     4194288   83  Linux
/dev/sda8           11916       13963     2097136   83  Linux
/dev/sda9           13964      715403   718274544   8e  Linux LVM

Create file systems

mke2fs -c /dev/sda1
tune2fs -c 0 -i 0 /dev/sda1
mkswap /dev/sda2

for i in 3 5 6 7 8; do
mke2fs -c -j /dev/sda$i
tune2fs -c 0 -i 0 /dev/sda$i
tune2fs -O dir_index /dev/sda$i
tune2fs -o journal_data /dev/sda$i
done

Mount file systems

mkdir -p /mnt/uinst
mount -t ext3 -o noatime /dev/sda3 /mnt/uinst
for i in boot home usr var tmp; do mkdir -p /mnt/uinst/$i; done
mount -t ext2 -o noatime /dev/sda1 /mnt/uinst/boot
mount -t ext3 -o noatime /dev/sda5 /mnt/uinst/home
mount -t ext3 -o noatime /dev/sda6 /mnt/uinst/usr
mount -t ext3 -o noatime /dev/sda7 /mnt/uinst/var
mount -t ext3 -o noatime,nodev,nosuid,noexec /dev/sda8 /mnt/uinst/tmp
chmod 1777 /mnt/uinst/tmp

Install Ubuntu using debootstrap

Debootstrap Ubuntu Gutsy

wget http://de.archive.ubuntu.com/ubuntu/pool/main/d/debootstrap/debootstrap_1.0.8_all.deb
dpkg -i debootstrap_1.0.8_all.deb
debootstrap --arch amd64 gutsy /mnt/uinst http://de.archive.ubuntu.com/ubuntu

Enter newly installed environment

mount -t proc proc /mnt/uinst/proc
mount -o bind /dev /mnt/uinst/dev
cp /etc/resolv.conf /mnt/uinst/etc/resolv.conf
LANG=C chroot /mnt/uinst /bin/bash
export TERM=xterm
grep -v rootfs /proc/mounts > /etc/mtab

Setup Base System

Create a fitting /etc/fstab

# file system   mount point     type    options                         dump    pass
/dev/sda3       /               ext3    defaults,noatime                0       1
/dev/sda1       /boot           ext2    rw,noatime,nodev,noexec,nosuid  1       2

/dev/sda2       none            swap    sw                              0       0
proc            /proc           proc    defaults                        0       0

/dev/sda5       /home           ext3    rw,noatime,nodev,nosuid,noexec  0       2
/dev/sda6       /usr            ext3    rw,noatime,nodev                0       2
/dev/sda7       /var            ext3    rw,noatime,nodev,nosuid         0       2
/dev/sda8       /tmp            ext3    rw,noatime,nodev,nosuid,noexec  0       2

Edit /etc/apt/sources.list to look like this:

deb http://de.archive.ubuntu.com/ubuntu gutsy main
deb http://de.archive.ubuntu.com/ubuntu gutsy-security main
deb http://de.archive.ubuntu.com/ubuntu gutsy-updates main
deb http://de.archive.ubuntu.com/ubuntu gutsy restricted
deb http://de.archive.ubuntu.com/ubuntu gutsy-security restricted
deb http://de.archive.ubuntu.com/ubuntu gutsy-updates restricted
deb http://de.archive.ubuntu.com/ubuntu gutsy universe
deb http://de.archive.ubuntu.com/ubuntu gutsy-security universe
deb http://de.archive.ubuntu.com/ubuntu gutsy-updates universe
deb http://de.archive.ubuntu.com/ubuntu gutsy multiverse
deb http://de.archive.ubuntu.com/ubuntu gutsy-security multiverse
deb http://de.archive.ubuntu.com/ubuntu gutsy-updates multiverse

Edit /etc/network/interfaces to look similar to this:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 12.34.56.78
        network 12.34.56.64
        netmask 255.255.255.224
        broadcast 12.34.56.95
        gateway 12.34.56.65

Set up the host name

echo "yourserver.domain.tld" > /etc/hostname
echo > /etc/hosts << "EOF"
127.0.0.1       localhost.localdomain   localhost
12.34.56.78     yourserver.domain.tld   yourserver
EOF

Configure Local Settings

For setting up locales, make /var/lib/locales/supported.d/local look like this:

de_DE UTF-8
en_US UTF-8
de_DE ISO-8859-1
en_US ISO-8859-1

Execute locale-gen and set the desired default in /etc/environment and /etc/default/locale:

locale-gen
update-locale LANG=\"en_US.UTF-8\" LANGUAGE=\"en_US:en\"
sed '/^[[:space:]]*\([#;].*\)*$/d' /etc/default/locale >> /etc/environment

Adapt the time zone to local time:

rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
sed 's/UTC=yes/UTC=no/' -i /etc/default/rcS

Security Improvements

Ensure passwords are stored in /etc/shadow

shadowconfig on
passwd root

Add user to connect with usind SSH:

adduser admin
gpasswd -a admin staff

Provide OpenSSH for remote connections

aptitude install ssh

Make sure to have a paranoid /etc/ssh/sshd_config

Port 22
Protocol 2
AddressFamily inet
ListenAddress 12.34.56.78

PermitRootLogin no

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

Subsystem sftp /usr/lib/misc/sftp-server
AllowGroups staff

Enable admin user to access the server remotely:

su -l admin
umask 0077
mkdir ~/.ssh
vim ~/.ssh/authorized_keys
#insert public key
exit

Kernel and Bootloader

Install a Xen-enabled Kernel and fitting userspace tools:

aptitude install lvm2 linux-image-xen libxen3.1 python-xen-3.1 xen-docs-3.1 xen-hypervisor-3.1 xen-ioemu-3.1 xen-tools xen-utils-3.1
echo "loop max_loop=64" >> /etc/modules
echo "dummy numdummies=2" >> /etc/modules

Set up bootloader (write it to MBR)

echo "(hd0)     /dev/sda" > /boot/grub/device.map
update-grub
grub-install --no-floppy /dev/sda

Finalize Installation and Reboot

aptitude install man rcconf
update-rcconf-guide
aptitude upgrade
aptitude clean
exit
for i in proc dev boot home usr var tmp; do
umount /mnt/uinst/$i
done
umount /mnt/uinst

reboot

Comments and Remarks