Firewall install

Install minimal Debian

In file /etc/apt/sources.list replace stable by sarge.

Sudo

Log on root

apt-get install sudo vim visudo

Add at end :

# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
groupadd admin adduser //username// admin exit

Log as username

sudo passwd -l root

Edit bashrc

vi ~/.bashrc

Uncomment:

if [[ -f /etc/bash_completion ]]; then     . /etc/bash_completion fi

And add:

export PATH=$PATH:/sbin:/usr/sbin

IPTables

 sudo apt.get install sysv-rc-conf

edit file /etc/network/interface and put

auto eth0 iface eth0 inet static   address 128.178.70.177   netmask 255.255.255.0   gateway 128.178.70.1   broadcast 128.178.70.255  auto eth1 iface eth1 inet static   address 192.168.1.1   netmask 255.255.255.0   network 192.168.1.0   broadcast 192.168.1.255

edit file /etc/network/option and activate forward

ip_forward=yes
gunzip /usr/share/doc/iptables/examples/oldinitdscript.gz -c > /etc/init.d/iptables chmod +x /etc/init.d/iptables mkdir /var/lib/iptables chmod 700 /var/lib/iptables

with sysv-rc-conf activate level 2, 3, 4, 5, 6, S

/etc/init.d/iptables store inactive
iptables -F iptables -t nat -F   - All outgoing connections, except to lcmpc15 (which is in local network) shall   - be SNATted   -2bd iptables -t nat -A POSTROUTING -s 192.168.1.1 -j ACCEPT   -2bd iptables -t nat -A POSTROUTING -d 192.168.1.1 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 128.178.70.177    - SSH to lcmpc10.epfl.ch shall go to fileserver   -iptables -t nat -A PREROUTING -p tcp --dport 22 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.3:22   -iptables -t nat -A PREROUTING -p tcp --dport 80 -d 128.178.70.177 -j DNAT --to-destination 192.168.1.2:22    - Everything coming from intern is accepted iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT iptables -A INPUT -s 128.178.70.177 -j ACCEPT    - And everything from the internal network iptables -A INPUT -s 128.178.0.0/16 -j ACCEPT    - Accept some things from the outside: http iptables -A INPUT -p tcp --dport 80 -j ACCEPT   - Accept all from castor.epfl.ch iptables -A INPUT -p all -s 128.178.50.60 -j ACCEPT   -iptables -A INPUT -p udp -s 128.178.50.60 -j ACCEPT    - Accept some things only from EPFL: dns   -iptables -A INPUT -p udp --sport 53 -s 128.178.70.0/24 -j ACCEPT    - And allow also for established, related connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT    - Skip the rest iptables -A INPUT -j DROP
/etc/init.d/iptables store active

NIS

sudo apt-get install nis

domain name: msr

on file /etc/yp.conf add:

ypserver 192.168.1.2

on file /etc/passwd add:

+::0:0:::

on file /etc/shadow add:

+::::::::

on file /etc/group add:

+:::

add the public IP (128.178.70.177) to the fileserver file /etc/ypserve.securenet.

NTP

sudo apt-get install ntpdate ntp-server

Edit file /etc/default/ntpdate :change NTPSERVERS to cognac.epfl.ch ⇒

NTPSERVERS="cognac.epfl.ch" #NTPSERVERS="pool.ntp.org" # # additional options for ntpdate #NTPOPTIONS="-v" NTPOPTIONS="-u"

NFS

In the file /etc/fstab add:

fileserver:/home        /home        nfs defaults       0       0 fileserver:/home/sradio /home/sradio nfs defaults       0       0

Asis (matlab) – Abandoned

See : http://asis.epfl.ch/

sudo apt-get install xbase-clients
sudo addgroup --gid 449 asis sudo adduser --uid 449 --ingroup asis asis sudo addgroup asis staff
sudo mkdir /asis.local sudo chgrp staff /asis.local sudo chmod g+w /asis.local
sudo mkdir /net sudo mkdir /net/castor sudo mkdir /net/castor/asis sudo mount castor:/asis /net/castor/asis
su asis /net/castor/asis/adm/bin/asisinstall export DISPLAY=lcmpc20.epfl.ch:0 /usr/local/bin/tkwsm

Matlab

Get a licenses on http://distrilog.epfl.ch

sudo mkdir /net sudo mkdir /net/linuxline sudo mkdir /net/linuxline/export sudo mkdir /net/linuxline/export/mirror sudo mount linuxline:/export/mirror /net/linuxline/export/mirror sudo apt-get install alien alien -dv /net/linuxline/export/mirror/LICENSES/MATLAB74/Matlab-std-7.4-1.i386.rpm dpkg -i matlab-std_7.4-2_i386.deb

APT

Create file /etc/cron.daily/apt contains :

#! /bin/sh apt-get update; apt-get -y upgrade;

SSH

edit file /etc/ssh/sshd_config change PermitRootLogin yes by

PermitRootLogin no

change X11Forwarding no by

X11Forwarding yes