Main Page‎ > ‎

Linux server configuration

Please find below my installation log with the debian testing distribution.

Hardware configuration

kernel rebuild

apt-get install build-essential autoconf automake gcc-3.3 g++3.3
apt-get install kernel-package
apt-get install module-assistant
vi /etc/kernel-pkg.conf
apt-get install linux-headers-2.6.15-1-686-smp
apt-get install debhelper kernel-package libqt3-mt-dev xlibs-dev libxtst-dev fakeroot rpm wget

ati driver

apt-get install fglrx-control fglrx-driver fglrx-kernel-src
apt-get install xbase-clients
  • build module
module-assistant a-i fglrx
  • perform required modifications to /etc/X11/xorg.conf
aticonfig --initial

hauppauge pv350 ivtv driver installation

  1. get driver from stable releases can be found at
  2. before installation do a
cd ivtv-*
make && make install
cd utils
cp ivtvfbctl ivtvctl ivtv-detect ivtv-encoder ivtvplay ivtv-mpegindex ivtv-radio utils/ivtv-tune /usr/local/bin
apt-get install libconfig-inifiles-perl
cd ..
  1. firmware installation following or
cp HcwMakoA.ROM /usr/lib/hotplug/firmware/v4l-cx25840.fw
cp HcwFalcn.rom /usr/lib/hotplug/firmware/v4l-cx2341x-enc.fw
cp v4l-cx2341x-init.mpg /usr/lib/hotplug/firmware
rm /lib/modules/ivtv-fw-enc.bin
mv /lib/modules/ivtv-fw-dec.bin /usr/lib/hotplug/firmware/v4l-cx2341x-dec.fw
modprobe ivtv
ivtvctl -d /dev/video0 -u 0x7f0000
ivtvctl -d /dev/video0 -p 4
ivtvctl -d /dev/video0 -f width=720,height=576
ivtv-tune --device=/dev/video0 --freqtable=france --channel=50
mplayer /dev/video0

Server configuration

ssh and rsync

apt-get install ssh rsync

dns server

apt-get install bind9
  • in /etc/bind modify following files:
  • modify named.conf.options and named.conf.local

postfix smtp mail server: with smtp-auth and tls

  • install postfix and other mail tools that I like
apt-get install postfix mutt procmail emil fetchmail
  • edit following giles
  • update aliases and virtual map
postmap /etc/postfix/virtual
postalias /etc/aliases
  • add support for sasl2
apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules libdb3-util
dpkg-reconfigure postfix
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname ='
/etc/init.d/postfix restart
mkdir -p /var/spool/postfix/var/run/saslauthd
rm -fr /var/run/saslauthd
  • edit file /etc/default/saslauthd to perform the following modifications:
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
  • edit file /etc/init.d/saslauthd to perform the following modifications:
#       dir=`dpkg-statoverride --list $PWDIR`
        dir="root sasl 755 ${PWDIR}"
  • restart sasl auth deamon:
/etc/init.d/saslauthd start
  • test if everything is in order:
telnet localhost 25
ehlo localhost
  • if the following appears then it is fine:

dovcots imap server with ssl support

apt-get install dovecot-common dovecot-imapd
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
  • in order to enable ssl certificates and keys need to be generated: let's rely on postfix key previously generated key achieve that goal
cd /etc/postfix/ssl/
openssl req -new -key smtpd.key -out dovecot.csr
openssl x509 -req -days 3650 -in dovecot.csr -signkey smtpd.key -out dovecot.crt
openssl req -new -x509 -extensions v3_ca -keyout dovecot-cakey.pem -out dovecot-cacert.pem -days 3650
mv dovecot* /etc/dovecot
  • edit /etc/dovecot/dovecot.conf file and add following lines
protocols = imaps
log_path = /var/log/dovecot.log
syslog_facility = mail
ssl_cert_file = /etc/dovecot/dovecot.crt
ssl_key_file = /etc/dovecot/dovecot.key
ssl_key_password = *REPLACEBYYOURPASSWD*

apache2 ssl configuration

  • instasll apache2 remove apache
apt-get install apache2
apt-get remove apache
  • edit default configuration:
cd /etc/apache2/sites-available/
cp default 0080-main
  • make the following changes into 0080-main
Directory /var/www
RedirectMatch ^/$ /mediawiki/
  • make the following redirections (historical purposes...):
RedirectMatch ^/marilou$
RedirectMatch ^/phpwiki/Gcc$ http://hyperion/mediawiki/index.php/Gcc
RedirectMatch ^/phpwiki/Hauppauge%20PVR%20250$ http://hyperion/mediawiki/index.php/Hauppauge_PVR_250
RedirectMatch ^/phpwiki/Mythtv$ http://hyperion/mediawiki/index.php/Mythtv
RedirectMatch ^/phpwiki/$ http://hyperion/mediawiki/
  • generate ssl certificate:
  • create default configuration for port 443 https:
cd /etc/apache2/sites-available
cp default 0443-ssl
  • activate the links through
a2ensite 0080-main
a2ensite 0443-ssl
  • add Listen 443 in /etc/apache2/ports.conf
  • in /etc/apache2/sites-available/0443-ssl insert
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
  • enable the modules
a2enmod ssl
a2enmod rewrite
  • add the following to /etc/apache2/sites-available/default
RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
  • restart apache2:
/etc/init.d/apache2 force-reload

enable both php5 and php4 support

I followed the instructions from

apt-get install apache2 apache2-common apache2-doc apache2-mpm-prefork apache2-utils libapr0 libexpat1 ssl-cert
apt-get install libapache2-mod-php5 php4-cgi
apt-get install php5-imap php-pear php5-curl php5-dev php5-gd php5-ldap php5-mhash php5-mysql php5-odbc php5-recode php5-snmp php5-sqlite php5-xmlrpc php5-xsl php4-auth-pam php4-imagick php4-mcrypt php4-sqlite php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt
  • edit /etc/apache2/apache2.conf and change
#DirectoryIndex index.html index.cgi index.php index.xhtml
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php4 index.xhtml
  • add suitable handler for .php4 files
AddHandler php-script .php4
Action php-script /cgi-bin/php4
  • enable following modules
a2enmod actions
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
  • restart apache2
/etc/init.d/apache2 restart

provide pxe boot capabilities and dhcp server

I have a diskless mediabox that boot using pxe with custom geexbox distribution

apt-get install tftpd-hpa dhcp3-server inetd
  • parametrize tftpd server editing /etc/default/tftpd-hpa
OPTIONS="-l -s /tftpboot"
  • in /etc/dhcp3/dhcpd.conf put for file RELATIVE PATH to /tftpboot
filename "/GEEXBOX.i386/boot/pxelinux.0";
option root-path "/tftpboot/GEEXBOX.i386/";
  • create tftpboot directory
mkdir /tftpboot
  • update /etc/exports to allow clients
  • copy the result of make pxe of geekbox under /tftpboot/GEEKBOX.i386

fight agains spam: spamassassin

apt-get install spamassassin spamc spampd
  • enable it in /etc/default/spamassassin

becom a NIS server

 apt-get install nis
  • domaine:
  • in /etc/ypserv.securenets
# This line gives access to everybody. PLEASE ADJUST!
  • modify following files
  • add in /etc/defaultdomain
  • edit /etc/default/nis
  • edit /var/yp/Makefile to propagate also admin group assignements
# MINGID is the lowest gid that will be included in the group maps.
#Marc to allow centralization of group change. It is possible since same distrib#MINGID=1000
#Marc to allow centralization of group change. It is possible since same distrib#MINGID=1000
  • regenerate maps:
cd /var/yp

file server: nfs and autofs

apt-get install autofs
  • update yp
  • on remote machine make
ln -s /misc/home home
  • put autofs in /etc/auto.misc

time accuracy: ntp server

apt-get install ntp-server ntp-doc ntp ntpdate
  • add in /etc/ntp.conf

ftp server

apt-get install proftpd proftpd-common

print server for deskjet 970cxi

apt-get install libgtk1.2 impose+ fig2ps transfig html2ps a2ps enscript


The solution to backups: backuppc

 apt-get install backuppc
 apt-get install libfile-rsync-perl libfile-rsyncp-perl
  • protect the access:
htpasswd /etc/backuppc/htpasswd backuppc
  • modify /etc/backuppc/ in order to define all the regexps for the backups in file incexcl-hyperion
$Conf{XferMethod} = 'rsync';
$Conf{RsyncShareName} = '/' ;
$Conf{RsyncArgs} = [
$Conf{RsyncRestoreArgs} = [
  • generate ssh keys for root and backuppc and grant access for backuppc user to root
ssh-keygen -t rsa
cp ~/.ssh/ ~/.ssh/
touch ~/.ssh/authorized_keys
cat >> ~/.ssh/authorized_keys
  • add in front of the authorized_keys from "" before the ssh-rsa to limit access to host.
  • note: you need to copy /etc/backuppc/incexcl-* file to all hosts to backup

Web services

router web statistics: mrtg

apt-get install rddtools mrtg
  • enable snmp on linksys wrt54gs router with dd-wrt alternative firmware
  • generate configuration file
cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[_]: bits,growright' --ifref=ip --output /etc/mrtg.cfg public@ test it
env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

mediawiki installation

  • If you are transfering a mediawiki database from another computer you need first to perform a backup
mysqldump -u root --single-transaction wikidb > backup-wikidb.sql
  • prior of installing mediawiki you need to restore the database on the target computer
mysql -u root
mysql> create database wikidb;
mysql> use wikidb;
mysql> source backup-wikidb.sql;
  • then and only then install mediawiki:
apt-get install libapache2-mod-proxy-html
apt-get install mediawiki mediawiki-math
apt-get install libcache-memcached-perl memcached turck-mmcache imagemagick libgd2
apt-get install php4-gd2 turck-mmcache memcached tetex-extra gv postscript-viewer xpdf-reader pdf-viewer texi2html dvipng chktex lacheck rubber sam2p libcache-memcached-perl memcached turck-mmcache
mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/LocalSettings.php
chmod 600 /etc/mediawiki/LocalSettings.php
cp ~www-data/Images/courville-wiki.png /usr/share/mediawiki/skins/common/images/
  • perform custom modifications to /etc/mediawiki/LocalSettings.php: restrict login and edition
## Shared memory settings
$wgUseMemCached = true;
$wgMemCachedServers = array('localhost');
#force users to login for edit
$wgWhitelistEdit = true;
$wgWhitelistRead = false;
#preventing new user registration and
$wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 );
#change default logo
#put logo into /usr/share/mediawiki/skins/common/images
#$wgLogo = '/var/www/Images/courville-wiki.png';
$wgLogo = "$wgStylePath/common/images/courville-wiki.png";
  • in /etc/php5/apache2/php.ini increase memory from 8M to 20M
  • make sure that /etc/mediawiki/LocalSettings.php has permission 600

gallery installation

  • install gallery:
apt-get install gallery imagemagick jhead libjpeg-progs mysql-server
  • enable configuration of gallery

webmail: squirrelmail

apt-get install squirrelmail
  • configuration
  • enabling for apache:
cd /etc/apache2/conf.d
ln -s /etc/squirrelmail/apache.conf squirrelmail
cp /var/www/Images/courville-wiki.png /usr/share/squirrelmail/images/

web statistics: awstats

apt-get install awstats libnet-ip-perl libgeo-ipfree-perl
cd /etc/awstats
  • add the following plugins in /etc/awstats/awstats.conf geoipfree and Tooltips
SkipHosts=" REGEX[^192\.168\.] localhost REGEX[^.*\.localdomain$] REGEX[^.*\$]"
  • add apache configuration file /etc/apache2/conf.d/awstats to secure icon path
Alias /awstats-icon /usr/share/awstats/icon
<Directory /usr/share/awstats/icons>
  php_flag register_globals off
  Options Indexes FollowSymLinks
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  • update permission in /var/log/apache2 to allow user www-data to read access logs
 chmod a+r /var/log/apache/access*
  • change log file reference to apache2 in cron /etc/cron.d/:
0,10,20,30,40,50 * * * * www-data [ -x /usr/lib/cgi-bin/ -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/ -config=awstats -update >/dev/null
  • in order to process old log files one can use according the FAQ the following tip:
 LogFile="/usr/share/doc/awstats/examples/ /tmp/logs/access.log.* |"
  • allow www-data user to access apache2 logs
chgrp www-data /var/log/apache2/access.log

Misc applications

new sources for multimedia support

  • in /etc/apt/sources.list add
deb etch main
deb-src sid main
  • add truster keys to avoid anoying warning when updating
gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --list-keys
gpg --keyserver hkp:// --recv-keys 1F41B907
gpg --armor --export 1F41B907 | apt-key add -
gpg --keyserver hkp:// --recv-keys 2D230C5F
gpg --armor --export 2D230C5F | apt-key add -
  • get mplayer and co.
apt-get install ksubtile acidrip mencoder-586 mplayer-586 mplayer-skin-blue w32codecs

easy search for a package that contains a file

apt-get install apt-file
apt-file update


apt-get install vim
update-alternatives --config vi


apt-get install tla subversion subversion-tools cvs


apt-get install zsh


Lightwave file manager

apt-get install rox-filer


  • resolve E: Dynamic MMap ran out of room issue when performing an apt-get update: put in /etc/apt/apt.conf
APT::Cache-Limit 16777216;
  • apt pinning to stay in testing: /etc/apt/preferences
Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release a=testing
Pin-Priority: 1000

Package: *
Pin: release a=unstable
Pin-Priority: 800

Package: *
Pin: release a=experimental
Pin-Priority: 700

tv applications


apt-get install libqt3c102-mt mythtv mythtv-backend mythtv-common mythtv-database mythtv-doc mythtv-frontend mythtv-themes libmyth-0.19 
apt-get install xmltv-gui xmltv-util xmltv libxmltv-perl
  • allow to connect as mythtv user by adding to /etc/sudoers
marc ALL=(mythtv) ALL, (root) /usr/bin/su mythtv
  • or allow mythtv to access localhost:0.0
xauth nextract - localhost.localdomain/unix:0 | ssh mythtv@localhost xauth nmerge - 
  • perform setup:
sudo -u mythtv mythtv-setup
sudo /etc/init.d/mythtv-backend start
channel 1 tf1.GIF;/c_img/chaine/tf1.GIF
channel 2 france2.GIF;/c_img/chaine/france2.GIF
channel 3 france3.GIF;/c_img/chaine/france3.GIF
channel 35 rtbf.GIF;/c_img/chaine/rtbf.GIF
channel 37 tsr.GIF;/c_img/chaine/tsr.GIF
channel 4 canalplus.GIF;/c_img/chaine/canalplus.GIF
channel 5 arte.GIF;/c_img/chaine/arte.GIF
channel 6 m6.GIF;/c_img/chaine/m6.GIF
channel 7 france5.GIF;/c_img/chaine/france5.GIF
channel 8 rtl9.GIF;/c_img/chaine/rtl9.GIF
channel 9 tmc.GIF;/c_img/chaine/tmc.GIF


In order to record tv programs from your freebox retreive fricorder from

apt-get install python2.4 python2.4-gtk2 python2.4-gnome2-extras python2.4-glade2 python2.4-xml zenity
apt-get install vlc vlc-plugin-alsa vlc-plugin-arts vlc-plugin-esd vlc-plugin-ggi vlc-plugin-glide vlc-alsa vlc-esd vlc-ggi vlc-gnome vlc-gtk vlc-qt
apt-get install -f vlc/unstable libavahi-common3/unstable
iptables -A INPUT -p udp -s -j ACCEPT

tv program grabbers

  • install another tv program grabber via vbi interface: nxtvepg
apt-get install nxtvepg

zapping tv viewer

apt-get install zapping

User configuration

propagate user key into another user

  • generate key for user1
ssh-keygen -t dsa -b 1024
  • then propagate the key to user2
ssh-copy-id -i ~/.ssh/ user2@localhost

change shell for zsh

chsh -s /bin/zsh marc

backup and synchronization

  • note that -a is equivalent to -rlptgoD
 rsync -av --numeric-ids --block-size=2048 --exclude-from=./incexcl / root@booster:/agraver/hyperion
  • in file incexcl put
- /proc/
- /dev/
- /sys/
- /mnt/
- /media/
- /var/autofs/
- /tmp/
- /incexcl
- /etc/network/interfaces