Packages (Wheezy)
This document covers package management itself, in addition to documenting some smaller packages that I use.
Apt
I tend to use aptitude rather than apt-get, personally, and I always turn off 'auto-resolve dependencies' and 'install recommended packages automatically'.
Your mileage may vary, but I try to know something about every component going into my system.
- /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ wheezy main deb-src http://ftp.us.debian.org/debian/ wheezy main deb http://ftp.us.debian.org/debian/ wheezy-updates main deb-src http://ftp.us.debian.org/debian/ wheezy-updates main
deb http://security.debian.org/ wheezy/updates main deb-src http://security.debian.org/ wheezy/updates main
Generally a good idea to try to find your closest mirror. Sometimes your host even provides a mirror - will certainly make them happier if you use it.
To save time, I automatically run apt-get update hourly, through cron:
- /etc/cron.hourly/apt-get-update
#!/bin/sh #/etc/cron.hourly/apt-get-update # Much simpler than the cron-apt package. /usr/bin/apt-get update /usr/bin/apt-get -dy upgrade
Run:
chmod 0750 /etc/cron.hourly/apt-get-update
This automatically checks for updates, and downloads them, but it does not apply them.
DotDeb?
While not always needed, you may find yourself frustrated by Debian's slow upgrade page of some packages, most notably php and the plethora of bugs within.
Run
wget http://www.dotdeb.org/dotdeb.gpg apt-key add dotdeb.gpg
And add
deb http://packages.dotdeb.org wheezy all deb-src http://packages.dotdeb.org wheezy all
to your sources.list
Package Removal
Debian has some defaults that you probably do not need on a server:
- Basic Purge: acpi-support-base, acpid, acpi, at, bsd-mailx, exim4, exim4-base, isc-dhcp-client, isc-dhcp-common, laptop-detect, libx11-data, libxau6, libxdmcp6, mutt, portmap, procmail, python 2.6, tasksel, xauth, xkb-data
- Make sure openssh-server doesn't get removed along with tasksel and friends.
- deluser --remove-all-files Debian-exim
- The culturally insensitive may also purge: console-setup, console-terminus, kbd, keyboard-configuration
- /etc/console-setup may need to get removed manually
- If not using nfs, rpcbind and nfs-common
Package Additions
- apt-get install conntrack sysstat iotop lm-sensors ninja chkconfig sash libpam-tmpdir heirloom-mailx zip unzip rkhunter unhide libdigest-whirlpool-perl acct nmap cgdb sudo
- You may want to devote some time to what acct and sysstat can do for you.
- Development: apt-get install fakeroot debhelper build-essential
- Better editing: apt-get install vim vim-doc exuberant-ctags
- Heretics may substitute this with their inferior editor of choice
- update-alternatives --config editor
- /etc/vim/vimrc
- syntax on, set background=dark, set showmatch, set mouse=nvc
- I uncomment set mouse in /etc/nanorc as well. I sometimes am training people and teaching both vim and some other arcane topic at the same time can become more than it is worth.
ntpdate
Significantly more lightweight than ntp, easier to configure and one less server to run. If you have a number of machines at a site, you may want to run one server and have the others pull off of it. Beyond this, though,
- /etc/default/ntpdate
- NTPOPTIONS=" -B "
- forces slewing. Prevents time travel. Time travel bad.
- /etc/cron.hourly/ntpdate
#!/bin/sh #/etc/cron.hourly/ntpdate #ntpdate autorun if [ -f /usr/sbin/ntpdate-debian ]; then /usr/sbin/ntpdate-debian -B fi
- Run:
chmod 0750 /etc/cron.hourly/ntpdate
Random silly packages
- fortunes (and friends), cowsay, filters
- Is good to greet visitors with a talking cow. Reminds you how seriously you should take your job.
- bsdgames, nethack, slashem
- One of these decades I will get around to ascending...