Tietopaimen Oy
Kalle Hallivuori
Debian GNU/Linux Wireless Terminal
Microsoft Remote Desktop Client Only
Printing to local HP LaserJet 1015 with Samba
Version 0.3, 2004-04-27
Indexbf24
(it provides many more options than the older 2.2 kernel)
(delete any existing partitions first)
hda1 (primary): /boot, 8 - 20 MB, set it bootable
hda5 (logical): / (root), 100 - 200 MB
hda6 (logical): /usr, 500 MB - 3 GB
hda7 (logical): /var, 500 MB - 1 GB (+ what your DBMSs will need)
hda8 (logical): SWAP, 2 x RAM - 4 GB, set type to swap!
hda9 (logical): /home, rest of free space; not for terminals
hda1 (primary): / (root), all disk space - swap size
hda2 (primary): SWAP, 2 x RAM - 4 GB, set type to swap!
Write the partition table to disk, then quit.
Skip to "Configuring a PCMCIA Network Card" if that applies more closely to your configuration.
ifconfig -a
grep 'Ethernet' /proc/pci
The PCMCIA subsystem will take care of finding the network card and installing associated kernel modules. Just take care not to remove PCMCIA support when asked about it.
http, finland, ftp.fi.debian.org, proxy 'none' (YMMV)
cat >> /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
[Control-D]
(insert an empty line before the input)
ifup eth0
cat > /etc/apt/sources.list
deb http://ftp.fi.debian.org/debian/ sarge main
deb http://security.debian.org/ sarge/updates main
[Control-D]
perl -wi- -pe 's/stable/sarge/g' /etc/apt/sources.list
apt-get update
apt-get dist-upgrade
/etc/init.d/pcmcia restart
echo '. /etc/bash_completion' >> /etc/profile
If you use WLAN, install the 'wireless-tools' package:
apt-get install wireless-tools
Then you can deny unencrypted traffic at the Access Point, and configure the WEP identification:
nano /etc/pcmcia/wireless.opts
/etc/init.d/pcmcia restart
For remote administration, install 'ssh' along with your favourite helpers:
apt-get install ssh less
apt-get install kernel-image-[VERSION]-[ARCHITECTURE]
apt-cache search kernel-image-2.6
cat /proc/cpuinfo
nano lilo.conf
initrd=/initrd.img
Reboot to the new kernel to ensure it works correctly. Should it fail, you can choose to boot to the old kernel instead at the LILO prompt (2).
What you have at this point is a plain, current Debian system that can be further (remotely) configured either as a server, a terminal, a workstation or a mix of any of those. Now you can just pick up any of the following parts that fit your purpose.
This is yet to be written exactly. Rough outline:
This is a very subjective area. Feel free to implement security otherwise.
The 'iptables' package should be installed by default.
You can see standard network services and their port numbers in the /etc/services file.
You can inspect your current packet filter rules with command
iptables -L
Start each of the given rules with the command
iptables -A INPUT
to append it after any existing rules, or
iptables -I INPUT 1
to insert it before them.
-p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-i lo -j ACCEPT
-p icmp -m limit -j ACCEPT
-p tcp --dport ssh -s [ADMIN IP] -j ACCEPT
-d [FIREWALL IP] -j ACCEPT
-s [FIREWALL IP] -j ACCEPT
-p udp -d [DNS IP] --dport 53 -j ACCEPT
-p udp -s [DNS IP] --sport 53 -j ACCEPT
-p [tcp|udp] --dport [SERVICE] -j ACCEPT
-p udp --dport netbios-ns -d [LOCALNET] -j ACCEPT
-p udp --dport netbios-dgm -d [LOCALNET] -j ACCEPT
-p tcp --dport microsoft-ds -d [LOCALNET] -j ACCEPT
-p tcp --dport netbios-ssn -d [LOCALNET] -j ACCEPT
-m limit -j LOG
iptables -P INPUT DROP
mkdir /var/lib/iptables
/etc/init.d/iptables save active
ln -s ../init.d/iptables /etc/rcS.d/S41iptables
If your IP address changes with DHCP, ask me for a modified iptables init script to run from /etc/dhcp-exit-hooks.
echo 'tmpfs /tmp tmpfs defaults 0 0' >>/etc/fstab
mount /tmp
perl -wi- -pe '/boot|usr/ and s/defaults/defaults,ro/' /etc/fstab
mount -o remount /boot
mount -o remount /usr
You can always remount the partitions for writing:
mount -o remount,rw /usr
perl -wi- -pe 's/defaults/defaults,nodev/' /etc/fstab
Lock user accounts that are not used for logins
passwd -l winuser
Set root password to a string of line noise
perl -e 'print map(chr(32+rand 94), (0..9+rand 9)), "\n"'
passwd
nano lilo.conf
lilo
apt-get install localeconf
apt-get install ntpdate
cat >>/etc/dhclient-exit-hooks
perl -we 'use Socket; `ifconfig eth0` =~ /addr:([0-9.]+)/ && system("hostname", scalar(gethostbyaddr(inet_aton($1),AF_INET)))'
apt-get clean
nano /etc/lilo.conf
lilo
apt-get install x-window-system-core
This installs quite some cruft with it, but avoids a lot of hassle with configurations. You are free to try more optimal combinations of the packages it chooses to install.
lspci
zless /usr/share/doc/xserver-xfree86/README.mouse.gz
X -configure
to get a file with settings good for your monitor. Look at 'Section "Monitor"' options 'HorizSync' and 'VertRefresh' for respective values in 'advanced' monitor selection method. You can reconfigure the X server with the command
dpkg-reconfigure xserver-xfree86
X
if successful, it will start a graphical user environment with nothing but a black-and-white background and a cross-shaped mouse cursor in it.
You can kill it by pressing Control-Alt-Backspace.
apt-get install rdesktop
That's all there is to install rdesktop.
ln -s ../init.d/runterminal /etc/rc2.d/S99runterminal
chmod a+x /usr/local/bin/runterminal /etc/init.d/runterminal
What you have now is a system that will start X11 at startup, and run rdesktop indefinitely. When X11 is terminated (presumably by pressing Ctrl-Alt-Backspace) the physical terminal will shut down.
Here we assume a traditional parallel connection to the printer.
Connect the printer and power it up.
cat >/dev/lp0
You should get that plain text printed. Otherwise you have hardware or kernel level problems beyond our scope.
All these together are combined into a neatly installing set of Debian packages that only require one command to put the printer to use.
apt-get install cupsys cupsys-client foomatic-db-hpijs
http://www.linuxprinting.org/show_driver.cgi?driver=hpijs
Below "Printing system interfaces", select your printer from the pull-down menu, check "download" and "GUI texts limited to 39 characters", and click on "Generate PPD file". Save the resulting file as
/usr/share/cups/model/HP-LaserJet_1015-hpijs.ppd
lpadmin -p LaserJet -E -v parallel:/dev/lp0 -m HP-LaserJet_1015-hpijs.ppd
lp /etc/motd
apt-get install samba smbclient
After the installation finishes, you should be able to access the machine's service list from a Windows machine.
nano /etc/samba/smb.conf
load printers = yes
printing = cups
printcap name = cups
;[homes]
; comment = Home Directories
; browseable = no
...
; writable = no
...
; create mask = 0700
...
; directory mask = 0700
[laserjet]
printable = yes
printer name = LaserJet
public = yes
/etc/init.d/samba restart
smbclient -L [HOSTNAME]
smbclient -N -c "print /etc/motd" //[HOSTNAME]/laserjet
Thorough documentation is available at
http://fi.samba.org/samba/docs/man/CUPS-printing.html
nano /etc/samba/smb.conf
; invalid users = root
[printers]
printer admin = root
[print$]
write list = root
/etc/init.d/samba reload
smbpasswd root
./cups.install
cupsaddsmb -v -U root laserjet
Install the printer as a network printer to a Windows machine. It should download and install the CUPS printer driver. You can do this from a remote session as a normal user.
nano /etc/samba/smb.conf
invalid users = root
You may of course consciously choose to take the risk of someone accessing the host over Samba with root privileges.
Virtual terminals provide multiple access points to Linux through its single physical console. A terminal is chosen and its screen shown by a key combination
#x marks both the number of the Function key and the number of the virtual terminal. How convenient! Default virtual terminal is #1 in text mode; graphical terminals start from #7 up.
To get started with virtual terminals in text mode, hit Alt-F2 to see another screen appear. Type a few random letters just to convince yourself that it's an actual, working interface. Hit Alt-F1 to get back to the default terminal.
To get started with virtual terminals in graphical mode, hit Control-Alt-F1 to see the text mode screen as it was before the X11 graphics system changed to virtual terminal #7. Hit Alt-F7 (no Control needed since we now are in text mode) when you want to return to the graphical screen.
After first phase of installation you can always get into your system, even if LILO doesn't start up correctly or you forget the root password.
If LILO starts up (you can see the text 'LILO' on your screen), you can force it to show a prompt by holding down the Control key. At the 'boot:' prompt you can see your available boot commands by hitting the tabulator key. The default boot command is usually 'Linux'. If you need to change the root password, type the following;
Linux init=/bin/bash
to get straight into shell without being prompted for a password. Then change the root password with the following commands:
mount -o remount,rw / (mount root file system as writable)
passwd (change root password)
mount -o remount,ro / (finish writing to disk)
Then just do a cold, hard reboot.
If you want to manage the system without starting all the services, type the following at the LILO prompt:
Linux 1
If LILO doesn't start up, you can use the Debian install media for booting. At the Syslinux prompt, type
rescue root=/dev/hda5
This will load the kernel from the install media but boot from your own root partition. Then you can edit the lilo configuration
nano /etc/lilo.conf
lilo
then try to boot normally.
You can search for packages with the command
apt-cache search [what]
where [what] is a name the thing you are looking for. If you get too many answers, you can
apt-cache search [what] | grep [match]
apt-cache search [what] | less
Files contained in an installed package can be listed with the command
dpkg -L [package]
The package that contained a given file can be found out fith
dpkg -S [fullfilename]
Whenever you want to reconfigure a package, just run
dpkg-reconfigure [package-name]
from the command line as root.
If you accidentally install packages you'd do better without, do
dpkg --purge [package-names]
to remove their configuration files with them.