Linux Installation and Configuration Notes



This page contains random notes about my experiences while installing and using Debian Linux (Version 3.0) on a Dell Poweredge 400SC machine. Installation notes for Sarge (Version 3.1) on a Dell Inspiron 8600 laptop are also available.

Debian Installation
[Back to Top of Page]

Hardware Specs

Since it's relevant, here are the specs for the box, some of which were determined using the lspci command:

  • Dell Poweredge 400SC
  • Pentinum 2.26 GHz processor
  • 512 MB RAM
  • Multimedia audio controller: Intel Corp.: Unknown device 24d5 (rev 02)
  • VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)
  • Ethernet controller: Intel Corp.: Unknown device 100e (rev 02)
[ Comments () ]
[Back to Top of Page]

Basic Installation Steps

Note: I originally started out with the Debian 3.0 installation CD from, but after getting everything installed I discovered that the kernel on this CD does not support my NIC, and a web server that can't connect to the network isn't terribly useful.

Installation Steps:

  1. Download a Dell Debian installation ISO from and burn it to CD.
  2. Boot the server using the new CD image.
  3. Follow the instructions on screen, noting the following:
    • You will probably want a swap partition that is the same size as the amount of system RAM.
    • Do not install any modules, they were included in the Dell installation ISO image.
    • When asked for apt sources, use http.
    • To get the network adapter working I had to do an ALT-F2 after rebooting and then edit the /etc/network/interfaces file to include the line auto eth0
    • I also initially got errors when apt tried to resolve the Debian host URL. After using ALT-F2 to get a new window and pinging the host there weren't any further issues.

This install seems to be using DHCP happily for networking, but in past installs I've had to set nameserver values by doing the following:

  1. Update the /etc/resolv.conf file to contain the line "nameserver xx.xx.xx.xx" where xx.xx.xx.xx is the nameserver provided by your ISP.
  2. Update the /etc/dhclient.conf file with the line "supersede domain-name-servers xx.xx.xx.xx" where xx.xx.xx.xx is the nameserver provided by your ISP. If this step is overlooked then the DHCP client will use the default router nameserver after every reboot.

If installing the Debian testing or unstable distributions, you will need to follow these steps after getting a basic system up and running:

  1. Edit the /etc/apt/sources.list file to read:
    deb testing main contrib non-free
    #deb stable main contrib non-free
    #deb stable main non-free contrib
    #deb-src stable main non-free contrib
    deb testing/non-US main contrib non-free
    #deb stable/non-US main contrib non-free
    #deb stable/updates main contrib non-free
  2. As root execute the command "apt-get dist-upgrade". Then go rent a video or something because this will take a while.
  3. After the upgrade is complete, reboot and then as root run the "dselect" command to select and install the packages you want on your machine.
[ Comments () ]
[Back to Top of Page]

Kernel Upgrades

In order to get the latest fixes and drivers it will probably be necessary to upgrade kernels much more frequently than Debian makes releases. The process is surprisingly easy, although backups are a must. Note that after installation the Debian kernel configuration is listed in /boot/config-2.4.25-bf2.4 (note the name changes depending on kernel version). In addition, the list of currently installed modules can be retrieved with the lsmod command. Finally, provides the following overview for using the Debian kernel package manager.

To upgrade from the default Debian install kernel:

  1. Download the latest kernel source from into the /usr/src/ directory.
  2. Install the kernel-package, libncurses5, and libncurses5-dev packages using dselect.
  3. From the /usr/src/ directory, do a "tar xvfz kernel-source" on the downloaded kernel source
  4. To maintain your existing configuration, do a cp /boot/config-2.4.25-bf2.4 /usr/src/linux-2.4.25/.config, replacing the kernel versions as appropriate.
  5. Execute the command make menuconfig.
  6. Execute the command make-kpkg kernel-image.
  7. Execute the command dpkg -i kernel-image-2.4.25_10.00.Custom_i386.deb.
  8. Reboot.

To upgrade a previously upgraded kernel:

  1. Download the latest kernel source from into the /usr/src/ directory.
  2. From the /usr/src/ directory, do a "tar xvfz kernel-source" on the downloaded kernel source
  3. Copy the ".config" from the old /usr/src/linux-2.4.25 directory to the new /usr/src/linux-2.4.26 directory. Note: I tried just using make oldconfig and encountered errors, so I recommend copying the .config file and letting make-kpkg deal with configuration differences.
  4. Change directory to the untarred kernel source directory (ie cd /usr/src/linux-2.4.26)
  5. Execute the command make-kpkg kernel-image. This command will utilize your old configuration information and ask questions about any new configuration items.
  6. Execute the command dpkg -i kernel-image-2.4.26_10.00.Custom_i386.deb.
  7. Reboot.
[ Comments () ]
[Back to Top of Page]

Mounting Windows Partitions

In order to access my Windows partitions from Linux I found this site and this site invaluable.

  1. Create a new directory in Linux (ie /mnt/windows) under which the Windows partition should be visible in Linux.
  2. Determine the Windows partition information by running the command fdisk -l. This command will list all partitions available to the system.
  3. Mount the partition using the information determined from fdisk, ie mount /dev/hda5 /mnt/windows.
  4. Update the /etc/fstab file with information for the Windows partition:

    For VFAT: /dev/hda6 /mnt/windows vfat umask=0,quiet 0 0

    For NTFS: /dev/hda6 /mnt/windows ntfs ro,noauto,user 0 0

    What the above line says is that the partition should be mounted in the /mnt/windows directory and that permission should be granted to all users.
[ Comments () ]
Application Configuration
[Back to Top of Page]

ddclient Configuration

Dynamic provides a way to have a static web address (ie even though the ISP is continually changing the IP address. To make this service work I run a client called ddclient. I've had troubles with the Debian package for this client, so I simply downloaded and installed it on my own. The steps to get this client running are:

  1. Download and unzip the package
  2. Read the README file
  3. Copy the "ddclient" executable to /usr/sbin/.
  4. Update the sample-etc_ddclient.conf file and copy it to /etc/ddclient.conf. My configuration file looks something like the following:
    daemon=300 # check every 300 seconds
    syslog=yes # log update msgs to syslog
    mail=root # mail all msgs to root
    mail-failure=root # mail failed update msgs to root
    pid=/var/run/ # record PID in file.
    use=web,, web-skip='IP Address'
    protocol=dyndns2 # default protocol # default server
    password=password, \
    protocol=dyndns2 \

    custom=yes, \, \
    protocol=dyndns2 \
  5. Copy the sample-etc_rc.d_init.d_ddclient file to /etc/init.d/ddclient.
  6. From the command line (as root) enter the command "update-rc.d ddclient defaults". This command will insure that ddclient is always started after reboots.
[ Comments () ]
[Back to Top of Page]

Apache Configuration

In order to keep my logs free from filling up with hits from the various Microsoft worms floating around the net I added the following lines to the /etc/apache/httpd.conf file:

# custom additions to hopefully keep code red and other Microsoft
# worms out of the logs
SetEnvIfNoCase Request_URI "^/MSADC" ms-worms
SetEnvIfNoCase Request_URI "^/C/" ms-worms
SetEnvIfNoCase Request_URI "^/D/" ms-worms
SetEnvIf Request_URI "^/scripts" ms-worms
SetEnvIf Request_URI "^/default\.ida" ms-worms
SetEnvIf Request_URI "^/_mem_bin" ms-worms
SetEnvIf Request_URI "^/_vti_bin" ms-worms
CustomLog /var/log/apache/ms-worms.log common env=ms-worms
CustomLog /var/log/apache/access.log combined env=!ms-worms


Alias /ryan/journal.html /data/www/journal-2004-03.html
Alias /journal.html /data/www/journal-2004-03.html
Alias /ryan/ /data/www/

Other values that I changed in the httpd.conf file:

  • ServerName - Changed to
  • DocumentRoot - Changed to the server location that I put all of the site's HTML files into.
  • <Directory> - Changed to match the DocumentRoot value.
  • HostnameLookups - Changed to "on" since I like to know where people are coming from

Also of note is that the command to restart Apache is "/usr/sbin/apachectl restart".

By default Debian rotates logs weekly. To change this update the /etc/logrotate.d/apache file.

This one took me a long time to solve: when installing Apache, the document root and ALL parent directories must have proper permissions. If one parent directory has restrictive permissions, no pages can be served.

[ Comments () ]
[Back to Top of Page]


The first step required to get Tomcat running is to install a JDK:

  1. Download a Linux JDK package from Sun.
  2. Make the downloaded file executable by executing the command "chmod 755 filename".
  3. Execute the file, which will uncompress it into the current directory. If you would prefer to have it in a different directory simply move the uncompressed files (ie "mv jdk1.5.0 /usr/share/jdk1.5.0/").
  4. Update environment variables:
    • In /etc/profile add the line JAVA_HOME=/JDK-install-folder/. In addition, update the PATH variable to contain the /JDK-install-folder/bin/ directory.
    • If Tomcat is installed, update the /etc/default/tomcat4 file to contain the line JAVA_HOME=/JDK-install-folder/.

Once the JDK is installed Tomcat can be installed by doing the following:

  1. Using dselect, install the following packages:
    • tomcat4
    • libtomcat4-java
    • tomcat4-webapps - Sample Tomcat applications (optional)
    • libapache-mod-jk - Apache connector module for Tomcat (optional)
  2. Once installed, the Tomcat configuration information will be in the /etc/tomcat4/ directory. Webapps are installed into the /var/lib/tomcat4/webapps/ directory.
  3. To test the installation try viewing the http://localhost:8180/ page. If the page comes up, Tomcat is installed successfully. If the page does not come up, try running "/usr/bin/tomcat4 start" to view any error messages.

The libapache-mod-jk package allows Tomcat applications to be served using Apache as part of a normal web site (ie you don't need to specify port 8180 in the URL). To use libapache-mod-jk:

  1. Update the /var/lib/tomcat/conf/mod_jk.conf file as follows:
    JkMount /*.jsp ajp13
    JkMount /examples/* ajp13 # only if tomcat4-webapps was also installed
    If any other webapps are deployed then an additional entry is required in the mod_jk.conf file of the form "JkMount /myapp/* ajp13.
  2. The /etc/tomcat4/server.xml must be updated to uncomment the "Ajp13Connector" section (see
  3. View http://your-site/examples/jsp/ and verify that the example servlets are running.

Once everything is running the following is worth noting:

  • Tomcat logs are found in /var/log/tomcat4/.
  • I kept getting a Java error about a missing file "/usr/bin/kaffe". I've got no clue what the hell that is, but some package installed a /usr/bin/java script that was calling /etc/java-vm. Modifying that file to contain only the line /JDK-install-folder/bin/java solved the problem. Note that this must be the topmost and ONLY line in the file.
[ Comments () ]
[Back to Top of Page]

Postgres SQL Database

See or /usr/share/doc/postgresql-doc/.

By default postgres installs with permissions for user postgres, so most commands can only be run after doing a "su postgres".

To create a new database user run (as postgres) "/usr/lib/postgresql/bin/createuser" Note that by default the postgres user is set up without a password, so you may want to do a "passwd postgres" from the command line to set one.

To see a list of previously created databases run (as postgres) "/usr/lib/postgresql/bin/psql -l"

To create a database: /usr/lib/postgresql/bin/createdb dbname

To access the database: /usr/lib/postgresql/bin/psql dbname (\q to quit)

JDBC: Install the libpgjava package. Make sure that tcpip_socket in /etc/postgresql/postgresql.conf is either "1" or "true". The JDBC jar file is in /usr/share/java/postgresql.jar

For TCP/IP connections from the local host, modify the /etc/postgresql/pg_hba.conf file to contain the line:

host all password

See for a discussion of Postgres access permissions.

To create a database user, execute the following commands:

/usr/lib/postgres/bin/psql database-name
alter user username with password 'password';

/var/lib/postgres/.profile is the profile info for the postgres user.

To start the database: /etc/init.d/postgresql start

This drove me insane: I could connect to the database using psql database-name but would get the message "Password authentication failed for user user-name". The problem was finally analyzed by executing psql -h database-name, revealing that the database user password wasn't set. To set this password, connect to the database with psql database-name and then execute the command alter user user-name with password 'password;.

[ Comments () ]
[Back to Top of Page]


Analog is a web server analysis tool. Install it using dselect, after which you will need to modify the /etc/analog.conf file. By default Debian does not install this file to create HTML output, so I made the following changes:

OUTFILE location-of-output
LOGFILE /var/log/access.log.*
[ Comments () ]
[Back to Top of Page]


See also

I'm a bit paranoid about security, so I installed Nessus, which is a security auditing tool. To get this bad dog running, fire up the Debian dselect tool, then search for "nessus". Install the client and the server. By default the nessus server configuration file is installed into /etc/nessus/nessusd.conf. I did not change any of the server defaults.

To run nessus for the first time, do the following:

  1. Start the nessus server daemon using nessusd -D &
  2. Create a user using the nessus-adduser command.
  3. Create a target file that contains only the address of the host being checked (ex.
  4. From the command line, type nessus -T html_graph -qx localhost 1241 username password target-file-location output-html-directory
  5. The scan may take several hours. When the program finishes the results will be in the output directory specified.
  6. Shut down the nessus server daemon by determining the process id (ps -ef | grep nessusd) and then killing the process (kill -9 process-id).
[ Comments () ]
[Back to Top of Page]

Other Packages

The wu-ftpd program was installed using dselect with no changes required.

[ Comments () ]
[Back to Top of Page]

Miscellaneous Configuration

For security reasons root login was disabled from SSH by updating the /etc/ssh/sshd_config file with:

PermitRootLogin no

To set the date and time, use the date command (as root):

date --set 19:42:0
date --set 2003-04-01

Took me a while to figure this one out, but the command dpkg-reconfigure package-name provides a way to use the Debian package manager to reinstall a broken package.

I noticed that the syslog was filling up with all sorts of information from cron jobs, so I modified the /etc/syslog.conf file as follows:

# First some standard logfiles. Log by facility.
*.*;auth,authpriv.none,cron.* -/var/log/syslog
cron.* /var/log/cron.log

Updating packages in Debian is a simple matter of executing the following two commands as root:

apt-get update
apt-get upgrade

Other useful UNIX commands:

  • df -k Shows the amount of disk space used on each disk.
  • du -sk Shows the size of the current directory.
[ Comments () ]
[Back to Top of Page]


For a while, every time after I rebooted I got an email like the following:

From Sun May 30 11:55:25 2004
X-vi-recover-file: filename
X-vi-recover-path: /var/tmp/vi.recover/vi.eJGdOr
From: (Nvi recovery program)
Subject: Nvi saved the file access.log
Precedence: bulk
Date: Sun, 30 May 2004 11:55:24 -0700

On Tue Apr 6 02:59:50 2004, the user root was editing a
file named filename on the machine mohican, when it was
saved for recovery. You can recover most, if not all, of the
changes to this file using the -r option to vi:

Deleting the vi.eJGdOr file specified in the email headers finally solved this problem.

[ Comments () ]