【KURO-SHEEVA】起動デバイスとu-bootの設定

◎ uImage:NANDフラッシュ、root:NANDフラッシュ

setenv bootargs 'console=ttyS0,115200 mtdparts=nand_mtd:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs) rw root=/dev/mtdblock1 rw ip=10.4.50.4:10.4.50.5:10.4.50.5:255.255.255.0:DB88FXX81:eth0:none'
setenv bootcmd 'nand read.e 0x800000 0x100000 0x400000; bootm 0x800000'
setenv mainlineLinux no
saveenv

reset

◎ uImage:NANDフラッシュ、root:eSATA

setenv bootargs console=ttyS0,115200 mtdparts=nand_mtd:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs) rw root=/dev/sda2 rw rootdelay=10 ip=10.4.50.4:10.4.50.5:10.4.50.5:255.255.255.0:DB88FXX81:eth0:none
setenv bootcmd 'nand read.e 0x800000 0x100000 0x400000; bootm 0x800000'
setenv mainlineLinux no
saveenv
reset

◎ uImage:SDカード、root:SDカード

setenv bootargs 'console=ttyS0,115200 mtdparts=orion_nand:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs)rw root=/dev/mmcblk0p3 rootfstype=ext2 rootdelay=3'
setenv bootcmd 'mmcinit; ext2load mmc 0:1 0x800000 /uImage; bootm 0x800000'
setenv mainlineLinux yes
setenv arcNumber 2097
saveenv 
reset
0 件のコメント:

【KURO-SHEEVA】U-Boot 更新

KURO-SHEEVA 出荷時のU-Bootのバージョンは、
U-Boot 1.1.4 (Sep  7 2009 - 20:21:09) Marvell version: 3.4.16
でした。

付属CD SheevaPlugCD1.2(b)の u-boot-3.4.19.zip を展開した ReleaseNotes.txt に
20-Jul-2009
Release notes for MV88F6281A/MV88F6192A/MV88F6180A U-Boot, release: 3.4.19

となっていて、
- MMC/SDIO support
と書いてありましたので、U-Bootをtftpで更新します。

tftpサーバを他のdebian linuxに導入。

稼動確認のため、KURO-SHEEVAにtftpを導入。
apt-get install tftp


tftp 192.168.xxx.xxx
get (ファイル)
quit


u-boot-3.4.19.zip を展開したファイル

u-boot-rd88f6281Sheevaplug_400db_nand.bin
をtftpサーバのルート(/etc/inetd.conf を確認)に保管。

 KURO-SHEEVA のip addressを設定
Marvell>> set ipaddr 192.168.xxx.xxx

tftpサーバの ip addressを設定
Marvell>> set serverip 192.168.xxx.yyy

Marvell>> printenv


Marvell>> saveenv
Saving Environment to NAND...
Erasing Nand...Writing to Nand... done
Marvell>>

tftp で U-BOOT をアップデート
Marvell>> bubt u-boot-rd88f6281Sheevaplug_400db_nand.bin
Using egiga0 device
TFTP from server 192.168.xxx.yyy; our IP address is 192.168.xxx.xxx
Filename 'u-boot-rd88f6281Sheevaplug_400db_nand.bin'.
Load address: 0x2000000
Loading: #################################################################
         ############################
done
Bytes transferred = 474008 (73b98 hex)

**Warning**
If U-Boot Endiannes is going to change (LE->BE or BE->LE), Then Env parameters should be overriden..
Override Env parameters? (y/n) n
Erase 0 - 655360 ...
Copy to Nand Flash...
done
Marvell>>


念のため、macアドレスを再設定
Marvell>> setenv ethaddr xx:xx:xx:xx:xx:xx
Marvell>>
Marvell>> saveenv
Saving Environment to NAND...
Erasing Nand...Writing to Nand... done
Marvell>>

Marvell>> reset






         __  __                      _ _
        |  \/  | __ _ _ ____   _____| | |
        | |\/| |/ _` | '__\ \ / / _ \ | |
        | |  | | (_| | |   \ V /  __/ | |
        |_|  |_|\__,_|_|    \_/ \___|_|_|
 _   _     ____              _
| | | |   | __ )  ___   ___ | |_
| | | |___|  _ \ / _ \ / _ \| __|
| |_| |___| |_) | (_) | (_) | |_
 \___/    |____/ \___/ \___/ \__|
 ** MARVELL BOARD: SHEEVA PLUG LE

U-Boot 1.1.4 (Sep 14 2009 - 15:36:37) Marvell version: 3.4.19



と3.4.19になり、アップデート完了。
mmicinit コマンドが使用できるか確認。

Marvell>> help
mmcinit - init mmc card


が、しかし、eSATAが使えないので、困りましたが、
「【玄柴】KURO-SHEEVA情報交換の場」 を参照させて頂き、
http://www.naobsd.org/sheeva/ の u-boot を使用させていただきました。
fukaumi さんありがとうございます。

tftpサーバで、 u-boot 1.1.4(3.4.27) をダウンロード

wget http://www.naobsd.org/sheeva/u-boot-rd88f6281Sheevaplug_400db_nand.bin



Marvell>> printenv KURO-SHEEVA のip address と tftpサーバの ip addressを確認


Marvell>> saveenv
Saving Environment to NAND...
Erasing Nand...Writing to Nand... done
Marvell>>

tftp で U-BOOT をアップデート
Marvell>> bubt u-boot-rd88f6281Sheevaplug_400db_nand.bin



uImage:SDカード root:SDカードでロード


Marvell>> setenv bootargs 'console=ttyS0,115200 mtdparts=orion_nand:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs)rw root=/dev/mmcblk0p2 rootfstype=ext2 rootdelay=3'
Marvell>> setenv bootcmd 'mmcinit; ext2load mmc 0:1 0x800000 /uImage; bootm 0x800000'
Marvell>> setenv mainlineLinux=yes
Marvell>> setenv arcNumber=2097

Marvell>> saveenv
Marvell>>reset


U-Boot 1.1.4 (Jan 12 2010 - 00:04:28) Marvell version: 3.4.27

今度は、SDカードでbootし、eSATAのHDDも使用できました。
0 件のコメント:

【KURO-SHEEVA】SDカードのDebianのkernelを2.6.33に

wget http://sheeva.with-linux.com/sheeva/README-2.6.33
chmod +x README-2.6.33
mount -o remount,rw /boot
./README-2.6.33 --rootkernel















0 件のコメント:
  














































【KURO-SHEEVA】SDカードにDebian導入










fdisk /dev/mmcblk0

/dev/mmcblk0p1   *           1          93      502732+  83  Linux

/dev/mmcblk0p2              94         186      502758   82  Linux swap / Solaris

/dev/mmcblk0p3             187        1475     6968334   83  Linux  

mkfs.ext2 /dev/mmcblk0p1



mkswap /dev/mmcblk0p2 

mkfs.ext3 /dev/mmcblk0p3 



mount /dev/mmcblk0p3 /mnt/mmcblk0p3

cd /mnt/mmcblk0p3

mkdir work

cd work

wget http://ftp.debian.org/debian/pool/main/d/debootstrap/debootstrap-udeb_1.0.10lenny1_all.udeb

ar -x debootstrap-udeb_1.0.10lenny1_all.udeb

cd /

tar xzf /mnt/mmcblk0p2/work/data.tar.gz

/usr/sbin/debootstrap --arch armel lenny /mnt/mmcblk0p2 http://ftp.jp.debian.org/debian

LANG=C chroot /mnt/mmcblk0p2 /bin/bash

mount /proc



cd /dev

MAKEDEV generic

mknod mmcblk0 b 179 0

mknod mmcblk0p1 b 179 1

mknod mmcblk0p3 b 179 2

chmod 660 mmcblk0*

cat > /etc/fstab



/dev/mmcblk0p3  /       ext3    defaults        0       1

/dev/mmcblk0p1  /boot   ext2    ro,nosuid,nodev 0       2

proc            /proc   proc    defaults        0       0

/dev/mmcblk0p2  swap    swap    defaults        0       0

#/dev/sda4       /mnt/sda4 ext3  defaults        0       2cat >> interfaces 

# We always want the loopback interface.

#

auto lo

iface lo inet loopback

# To use fixed ip address

#

auto eth0

iface eth0 inet static

address 192.168.xxx.xxx

network 192.168.xxx.0

netmask 255.255.255.0

broadcast 192.168.xxx.255

gateway 192.168.xxx.xxx



cat /etc/resolv.conf 

echo sheevaSD > /etc/hostname



cat > /etc/hosts 

127.0.0.1 localhost sheevaSD



ifconfig eth0 down



ifconfig eth0 up





cat >> /etc/apt/sources.list 

deb http://security.debian.org/ lenny/updates main 

deb-src http://security.debian.org/ lenny/updates main



aptitude update



aptitude install locales



dpkg-reconfigure locales 



ja_JP.EUC-JP, ja_JP.UTF-8 を選択し、デフォルトは NONEとした。



dpkg-reconfigure tzdata



Asia → Tokyo を設定



tasksel install standard



aptitude clean



aptitude install vim



vim /etc/vim/vimrc

syntax on



exit

reboot



まずは、uImageはNANDで、rootはSDカードからロードしてみます。

setenv bootargs console=ttyS0,115200 mtdparts=nand_mtd:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs) rw root=/dev/mmcblk0p3 rw ip=10.93.63.50:10.93.63.49:10.93.63.49:255.255.255.0:DB88FXX81:eth0:none



saveenv

reset



apt-get update 

apt-get upgrade

apt-get install openssh-server ntp ntpdate 

apt-get install bzip2 unzip udev

apt-get install gcc make libc-dev libc6-dev patch devio libncurses5 libncurses5-dev mtd-tools uboot-mkimage



adduser hoge

addgroup ggg



vim sshd_config

port nnnnn



PermitRootLogin no

PubkeyAuthentication yes

PasswordAuthentication no



/etc/init.d/ssh restart 

  

login hoge 

ssh-keygen

cd /home/hoge/.ssh

mv id_rsa.pub authorized_keys

id_rsaをclientにcopy



開発関連モジュールの導入

apt-get install gcc make libc6-dev patch devio libncurses5 libncurses5-dev mtd-tools uboot-mkimage 



vi /etc/hosts

127.0.0.1 localhost sheevaSD

192.168.0.52    sheevaSD



vim /etc/hosts.allow



ALL: 127.0.0.1

sshd: 192.168.yyy.

sshd: 192.168.xxx.zzz

sshd: 192.168.xxx.yyy

sshd: 192.168.xxx.zzz

sshd: *.yyy.xxx.hate.com



vim /etc/hosts.deny

ALL: ALL



apt-get install samba

Workgroup/Domain Name:WORKGROUP

Modify smb.conf to use WINS settings from DHCP? ⇒ NO



vim /etc/samba/smb.conf

[toshiki_share]

        comment = hoge share

        read only = no

        locking = no

        path = /mnt/sda4/mnt/share/hoge

        guest ok = no



/etc/init.d/samba restart

smbpasswd hoge



dpkg-reconfigure locales

ja_JP.UTF-8 



dpkg-reconfigure exim4-config

General type of mail configuration: mail sent by smarthost; received via SMTP or fetchmail

System mail name: hostname

IP-addresses to listen on for incoming SMTP connections: 127.0.0.1

Other destinations for which mail is accepted: hostname

Machines to relay mail for: 

IP address or host name of the outgoing smarthost: smtp.example.com::587

Hide local mail name in outgoing mail? YES

Visible domain name for local users: hostname

Keep number of DNS-queries minimal (Dial-on-Demand)? NO

Delivery method for local mail: mbox format in /var/mail/

Split configuration into small files? NO

Root and postmaster mail recipient: 



cat /etc/exim4/update-exim4.conf.conf

dc_eximconfig_configtype='smarthost'

dc_other_hostnames='hostname'

dc_local_interfaces='127.0.0.1'

dc_readhost='hostname'

dc_relay_domains=''

dc_minimaldns='false'

dc_relay_nets=''

dc_smarthost='smtp.example.com::587'

CFILEMODE='644'

dc_use_split_config='false'

dc_hide_mailname='true'

dc_mailname_in_oh='true'

dc_localdelivery='mail_spool'



vim /etc/email-addresses

root: hostname_sysadmin@domain.com

hoge: hostname_hoge@domain.com



vim /etc/exim4/passwd.client

smtp.example.com:login:password



vim /etc/aliases

root: hoge@example.com

newaliases



/etc/init.d/exim4 start



atp-get install logwatch

mkdir /var/cache/logwatch



vim /usr/share/logwatch/default.conf/logwatch.conf

Detail = High



/usr/sbin/logwatch --mailto root



apt-get install sudo



sudo制限



visudo

# User privilege specification

root    ALL=(ALL) ALL

hoge ALL=(ALL) ALL














0 件のコメント:
  














































【KURO-SHEEVA】eSATA HDD に debootstrap debian(lenny)を導入











ubuntu は なんとなくしっくりしないので、KURO-SHEEVAのeSATAにHDDを接続して、Debianをインストールすることにしました。まずは、fdisk します。



root@debian:~# fdisk /dev/sda



The number of cylinders for this disk is set to 121601.

There is nothing wrong with that, but this is larger than 1024,and could in certain setups cause problems with:1) software that runs at boot time (e.g., old versions of LILO)2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): n

Command action e extended p primary partition (1-4)p

Partition number (1-4): 1

First cylinder (1-121601, default 1): 1

Last cylinder, +cylinders or +size{K,M,G} (1-121537, default 121537): 10

Command (m for help): p

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes255 heads, 63 sectors/track, 121601 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x00000000

Device Boot Start End Blocks Id System/dev/sda1 1 10 80293+ 83 Linux

Command (m for help): n

Command action e extended p primary partition (1-4)p

Partition number (1-4): 2

First cylinder (11-121601, default 11): 880

Last cylinder, +cylinders or +size{K,M,G} (880-121601, default 121601):

Using default value 121601

Command (m for help): n

Command action e extended p primary partition (1-4)p

Partition number (1-4): 2

First cylinder (11-121601, default 11): 11

Last cylinder, +cylinders or +size{K,M,G} (11-121601, default 121601): 880

Command (m for help): p

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes255 heads, 63 sectors/track, 121601 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x00000000

Device Boot Start End Blocks Id System/dev/sda1 1 10 80293+ 83 Linux/dev/sda2 11 880 6988275 83 Linux

Command (m for help): n

Command action e extended p primary partition (1-4)p

Partition number (1-4): 3

First cylinder (881-121601, default 881):

Using default value 881

Last cylinder, +cylinders or +size{K,M,G} (881-121601, default 121601): +512M

Command (m for help): p

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes255 heads, 63 sectors/track, 121601 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x00000000

Device Boot Start End Blocks Id System/dev/sda1 1 10 80293+ 83 Linux/dev/sda2 11 880 6988275 83 Linux/dev/sda3 881 946 530145 83 Linux

Command (m for help): n

Command action e extended p primary partition (1-4)p

Selected partition 4

First cylinder (947-121601, default 947):

Using default value 947Last cylinder, +cylinders or +size{K,M,G} (947-121601, default 121601):Using default value 121601

Command (m for help): p

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes255 heads, 63 sectors/track, 121601 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x00000000

Device Boot Start End Blocks Id System/dev/sda1 1 10 80293+ 83 Linux/dev/sda2 11 880 6988275 83 Linux/dev/sda3 881 946 530145 83 Linux/dev/sda4 947 121601 969161287+ 83 Linux

Command (m for help): t

Partition number (1-4): 3

Hex code (type L to list codes): 82

Changed system type of partition 3 to 82 (Linux swap / Solaris)

Command (m for help): p

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes255 heads, 63 sectors/track, 121601 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x00000000

Device Boot Start End Blocks Id System/dev/sda1 1 10 80293+ 83 Linux/dev/sda2 11 880 6988275 83 Linux/dev/sda3 881 946 530145 82 Linux swap / Solaris/dev/sda4 947 121601 969161287+ 83 Linux

Command (m for help): aPartition number (1-4): 1

Command (m for help): p

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes255 heads, 63 sectors/track, 121601 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x00000000

Device Boot Start End Blocks Id System/dev/sda1 * 1 10 80293+ 83 Linux/dev/sda2 11 880 6988275 83 Linux/dev/sda3 881 946 530145 82 Linux swap / Solaris/dev/sda4 947 121601 969161287+ 83 Linux

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.Syncing disks.





root@debian:~# mkfs.ext3 /dev/sda1

mke2fs 1.41.4 (27-Jan-2009)Filesystem label=OS type: LinuxBlock size=1024 (log=0)Fragment size=1024 (log=0)20080 inodes, 80292 blocks4014 blocks (5.00%) reserved for the super userFirst data block=1Maximum filesystem blocks=6737100810 block groups8192 blocks per group, 8192 fragments per group2008 inodes per groupSuperblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729

Writing inode tables: doneCreating journal (4096 blocks): doneWriting superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 30 mounts or180 days, whichever comes first. Use tune2fs -c or -i to override.

 

root@debian:~# mkfs.ext3 /dev/sda2

mke2fs 1.41.4 (27-Jan-2009)Filesystem label=OS type: LinuxBlock size=4096 (log=2)Fragment size=4096 (log=2)437184 inodes, 1747068 blocks87353 blocks (5.00%) reserved for the super userFirst data block=0Maximum filesystem blocks=179096780854 block groups32768 blocks per group, 32768 fragments per group8096 inodes per groupSuperblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Writing inode tables: doneCreating journal (32768 blocks): doneWriting superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 34 mounts or180 days, whichever comes first. Use tune2fs -c or -i to override.





root@debian:~# mkswap /dev/sda3

Setting up swapspace version 1, size = 530140 KiBno label, UUID=5869f042-4bee-42a9-a457-cb9f91379382





root@debian:~# mkfs.ext3 /dev/sda4

mke2fs 1.41.4 (27-Jan-2009)Filesystem label=OS type: LinuxBlock size=4096 (log=2)Fragment size=4096 (log=2)60579840 inodes, 242290321 blocks12114516 blocks (5.00%) reserved for the super userFirst data block=0Maximum filesystem blocks=07395 block groups32768 blocks per group, 32768 fragments per group8192 inodes per groupSuperblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 102400000, 214990848

Writing inode tables: doneCreating journal (32768 blocks): doneWriting superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or180 days, whichever comes first. Use tune2fs -c or -i to override.





root@debian:~# tune2fs -r 200000 /dev/sda2

tune2fs 1.41.4 (27-Jan-2009)Setting reserved blocks count to 200000





root@debian:~# tune2fs -r 2000000 /dev/sda4

tune2fs 1.41.4 (27-Jan-2009)Setting reserved blocks count to 2000000







apt-get install binutils

apt-get update



cd /mnt

sudo mkdir work

cd work

sudo wget http://ftp.debian.org/debian/pool/main/d/debootstrap/debootstrap-udeb_1.0.10lenny1_all.udeb

sudo ar -x debootstrap-udeb_1.0.10lenny1_all.udeb

cd /

sudo tar xzf /mnt/work/data.tar.gz

sudo /usr/sbin/debootstrap --arch armel lenny /mnt/sda2 http://ftp.jp.debian.org/debian

sudo LANG=C chroot /mnt/sda2 /bin/bash

mount /proc

cd /dev

MAKEDEV generic



/etc/fstab を 編集


/dev/sda2     /               ext3    defaults                 0    1
/dev/sda1     /boot           ext3    ro,nosuid,nodev          0    2
proc             /proc        proc    defaults                 0    0



dkpg-reconfigure tzdata

Asia -> Tokyo



/etc/network/interfaces



/etc/resolv.conf の確認



/etc/hostname の確認



/etc/hosts



/etc/apt/sources.list の変更

deb http://ftp.jp.debian.org/debian lenny main

deb http://security.debian.org/ lenny/updates main

deb-src http://security.debian.org/ lenny/updates main



aptitude update

aptitude install locales



dpkg-reconfigure locales



ja_JP.EUC-JP, ja_JP.UTF-8 を追加し、デフォルトは NONE



dpkg-reconfigure tzdata



tasksel install standard



tasksel: aptitude failed (255)  <- ??



aptitude clean



/etc/inittab を編集

T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100



u-boot の設定ですが、まずは、NANDフラッシュからuImageを、sSATAのHDDからrootをロードしています。


setenv mainlineLinux no
setenv bootargs console=ttyS0,115200 mtdparts=nand_mtd:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs) rw root=/dev/sda2 rw rootdelay=10 ip=10.4.50.4:10.4.50.5:10.4.50.5:255.255.255.0:DB88FXX81:eth0:none
setenv bootcmd 'nand read.e 0x800000 0x100000 0x400000; bootm 0x800000'
 
 















0 件のコメント:
  






































          

        

          

        

          

        









【KURO-SHEEVA】の設定










【初めて起動する前の準備

母艦(Windows)にシリアルドライバーの導入とターミナルソフトの準備

 付属のCDにシリアルドライバー(SheevaPlug_Host_SWsupportPackageWindowsHost1.2.zipを解凍)して、WindowsTeraTermUSBDriver をインストールします。

ターミナルソフトは、teraterm(UTF-8)を使用すると良いでしょう。



・起動すると、こんな感じに表示されます。



         __  __                      _ _

|  \/  | __ _ _ ____   _____| | |

| |\/| |/ _` | '__\ \ / / _ \ | |

| |  | | (_| | |   \ V /  __/ | |

|_|  |_|\__,_|_|    \_/ \___|_|_|

_   _     ____              _

| | | |   | __ )  ___   ___ | |_

| | | |___|  _ \ / _ \ / _ \| __|

| |_| |___| |_) | (_) | (_) | |_

\___/    |____/ \___/ \___/ \__|

** MARVELL BOARD: SHEEVA PLUG LE



U-Boot 1.1.4 (Sep  7 2009 - 20:21:09) Marvell version: 3.4.16



U-Boot code: 00600000 -> 0067FFF0  BSS: -> 006CEE60



Soc: 88F6281 A0 (DDR2)

CPU running @ 1200Mhz L2 running @ 400Mhz

SysClock = 400Mhz , TClock = 200Mhz



DRAM CAS Latency = 5 tRP = 5 tRAS = 18 tRCD=6

DRAM CS[0] base 0x00000000   size 256MB

DRAM CS[1] base 0x10000000   size 256MB

DRAM Total size 512MB  16bit width

Flash:  0 kB

Addresses 8M - 0M are saved for the U-Boot usage.

Mem malloc Initialization (8M - 7M): Done

NAND:512 MB



CPU : Marvell Feroceon (Rev 1)



Streaming disabled

Write allocate disabled





USB 0: host mode

PEX 0: interface detected no Link.

Net:   egiga0 [PRIME], egiga1

Hit any key to stop autoboot:  0



・rootのと初期パスワード

root/nosoup4u



・rootのパスワードを変更

忘れないうちにパスワードを変更します。

root@debian:~# passwd



・初期ユーザの追加

root@debian:~# adduser hoge





・固定IPアドレスに変更

サーバとして使いたいので、固定IPアドレスにする。

root@debian:~# vi /etc/network/interfaces

auto lo

iface lo inet loopback

address 127.0.0.1

netmask 255.0.0.0



auto eth0

#iface eth0 inet dhcp

iface eth0 inet static

address 192.168.xxx.xxx

netmask 255.255.255.0

broadcast 192.168.xxx.255

gateway 192.168.xxx.xxx 



・host名を変更

root@debian:~# vi /etc/hostname

hogehost



・hostsを変更

root@debian:~# vi /hosts

127.0.0.1 localhost

192.168.xxx.xxx hogehost

#91.189.88.36 ports.ubuntu.com



・localeを変更

root@debian:~# /bin/sh -c 'echo 'LANG="ja_JP.UTF-8"' > /etc/default/locale'

root@debian:~# locale-gen "ja_JP.UTF-8"

Generating locales...

ja_JP.UTF-8... done

Generation complete.



・apt-get ですが、

/etc/fstabを見ると,/var/cache/aptをtmpfsでマウントしている為、再起動するたびに/var/cache/apt以下がなくなります。仕方ないので、とりあえず

root@debian:~# mkdir -p /var/cache/apt/archives/partial

としてから、apt-get コマンドを使用する。



・suコマンドの実行を制限



root@debian:/etc# usermod -G adm hoge 



・sshの設定

 セイキュリティ強化の為、最低限はport番号・rootでのlogin不可・keyでの認証・パスワードでの認証不可に変更する。 

vi /etc/ssh/sshd_config

port xxx

PermitRootLogin no

PubkeyAuthentication yes

PasswordAuthentication no

AuthorizedKeysFile      %h/.ssh/authorized_keys





 /etc/init.d/ssh restart



・ユーザhogeのsshキーを作成 

login hoge

ssh-keygenを実行すると以下の2つのファイルができます。

 

/home/hoge/.ssh/id_rsa

/home/hoge/.ssh/id_rsa.pub





id_rsa はログオンしたいpcにもっていきます。

id_rsa.pub は 

ファイル名をauthorized_keysに変更します。





・接続するhostを制限



vi /etc/hosts.deny

ALL: ALL



vi /etc/hosts.allow

ALL: 127.0.0.1

sshd: 192.168.xxx.



・sudo使用可能化(setuid)



 ls -l /usr/bin/sudo

-rwxr-xr-x 1 root root 114976 2008-11-15 12:11 sudo



 chmod u+s sudo

 ls -l /usr/bin/sudo

-rwsr-xr-x 1 root root 114976 2008-11-15 12:11 sudo



・logwatchをインストール



apt-get install logwatch

mkdir /var/cache/logwatch



・root宛てを外部にメール

vim /etc/aliases

root: hoge@exsample.com



postalias /etc/aliases

newaliases














0 件のコメント:
  






































        

      









登録:
投稿 (Atom)