Debian Minimal Setup


When you're setting up servers and dedicated Linux systems (such as a router or a host for virtual machines), you probably prefer a minimal operating system setup : just the bare necessities, to which you can add other required software at will. With Ubuntu, you can do an alternate (text mode) expert install. Likewise with Debian.

installing Debian (stable, Etch)

Get yourself a Debian installation CD (here). For the purpose of this exercise, you don't need to get a DVD or even all of the CD's. CD #1 is more than enough for the base install we're after. Better yet, you could get the net install (netinst) CD . This is a Debian install CD that will let you set up a working, minimal Debian, and add any additional software from repositories on the internet (or from your own web servers, apt mirrors or apt proxy server if you have those).

The following procedure is based on a net install, but the procedure will also work with CD #1 of the Debian CD set.

As usual, boot from the installation CD. At the 'boot:' prompt, don't press enter right-away, but press the F1 function key to view the boot options. This will tell you which boot options to use for eg a raid controller or other hardware, or vga settings to troubleshoot your display. Start with "boot: expert" for maximum control.

When "loading installer components", select "choose mirror" so the installer will let you select a download mirror to install from. This will allow you to install from a mirror of your choosing, eg a local apt-proxy or a repository you maintain.

Configuring the network : for servers, you probably prefer manual configuration, so don't choose DHCP.

When its time to select a mirror to install from, choose "enter manually" and type in a path (an URL as in apt sources.list) to the mirror of your choice.

Select a generic kernel-image, such as 386 (486). These always work, so you have something to fall back on while you try to find a kernel that better suits your hardware (and render your system unbootable if you choose wrong).

During the installation procedure, you'll reach the item "select and install software". Skip this step, you can easily add any software later.

Install a kernel image

run apt-get install linux-image. This will show a list of available linux kernel images. Choose and install it, eg apt-get install linux-image-2.6.17-k7 . It will be added to the grub boot menu as default, so it will be used automatically when you reboot. If it fails to boot, select the generic 486 image from the boot menu : this gives you back a working system so you can remove the failing kernel-image and try an other one.

Create a baseline

Because you're starting with a very bare core system, you might want to do some preliminary system administration. Be sure to check /etc/apt/sources.list so you know where your software will be coming from and whether you'll be getting security updates.

Here's a script that performs some basic tasks. Because they're scripted, they're easy to repeat (wget this script from a server and run it), allowing for the creation of a baseline on which you'll build your customized systems. You may want certain tools installed (vim for editing configuration files, rsync or wget to download files, ssh-server for remote management, ...), use a time server, password-protect the boot menu, ... With a 'baseline', you standardize the initial configuration of all your servers and desktop systems.

	#!/bin/bash
	## Ubuntu/Debian baseline configuration
	#
	# list of packages we want on *every* PC
	APPS="less vim openssh-server wget rsync ntp-simple"

	# user account we want on *every* PC
	THEUSER=operator
	
	# create a timestamp so we can track config changes made after initial install by comparing modification dates of files. 
	date > /etc/timestamp

	#backup files that will be modified in this script
	echo "backup files that will be replaced or modified"
	cp /boot/grub/menu.lst /boot/grub/menu.lst.orig
	mv /etc/apt/sources.list /etc/apt/sources.list.orig

	# set a modified sources.list
	cat > /etc/apt/sources.list << EOF
	deb http://192.168.0.1:9999/ubuntu/ dapper main universe
	deb http://192.168.0.1:9999/ubuntu/ dapper-updates main universe
	deb http://192.168.0.1:9999/ubuntu-security/ dapper-security main universe
	deb http://192.168.0.2/mypackages ./
	EOF

	# install baseline packages
	apt-get update
	for pkg in $APPS ; do
		echo; echo "install $pkg" ;
		apt-get -y --force-yes install $pkg ;
	done

	# ntp config
	echo "server 192.168.0.2" > /etc/ntp.conf

	# set admin user account and password.
	echo ; echo "creating a system administrator account $THEUSER"
	if grep $THEUSER /etc/passwd ; then
		echo "$THEUSER exists. reset the password :"
		passwd $THEUSER
	else
		echo "$THEUSER doesn't exists. create an account :"
		adduser --ingroup admin $THEUSER
		passwd $THEUSER
	fi

	# this is to get dhcp to take note of the hostname.
	echo ; echo "send hostname when requiring dhcp lease"
	grep "$HOSTNAME" /etc/dhcp3/dhclient.conf  && echo "- OK " || ( echo "send host-name \"$HOSTNAME\" ;" ) >> /etc/dhcp3/dhclient.conf


	# basic security : GRUB
	echo ; echo "basic security : locking the boot menu and protecting maintenance mode"
	# gnome menu lockdown : insert locks, set timeout, set passwd
	sed -i -e  's/^timeout[ \t]*[0-9]/timeout 1/' /boot/grub/menu.lst
	sed -i -e '/title[ \t]*Ubuntu, memtest86+/a\lock\ ' /boot/grub/menu.lst
	sed -i -e '/(recovery mode)/a\lock\ ' /boot/grub/menu.lst


	#backup config files changed so far, and reset the time stamp

	## the end
	apt-get update
	apt-get upgrade
	apt-get clean
	apt-get update
	

Take it one step further, and you could create a custom debian package (eg 'mybaseline'), which adds the packages you selected, including any customized configuration file.

Your minimal install ans baseline configuration is install is done, and you can start setting up the system for its intended use

For a graphical environment you will need to install

You can also install a package manager and use that to further build your custom desktop.

BIOS

If you're building a server that has to run without monitor or keyboard attached to it, you may have to adjust some BIOS settings. The available options depend on the BIOS manufacturer, but you'd be looking for things as "Detect monitor : NO" or "monitor : none" and "detect keyboard : no" or "HALT on errors : ALL except keyboard".

For security, you may want to set a BIOS administrator password and set the startup sequence to 'boot from harddisk'(to prevent booting from removable media with alternate operating systems)

Want to know more ?


Koen Noens
January 2008