Uwe Hermann | A slightly paranoid Debian developer

Note: This article is part of my OS Install Experiences series.

Next up: a SUSE 10.1 install. It's been a few years since I touched a SUSE distribution (it was something like SUSE Linux 5.3 or so), a lot has happened since then... Here's a rough sketch of the installation and a few superficial remarks and facts related to security.

Install

1. First, I downloaded a SUSE 10.1 CD image, burned it on a CD, and booted from that.
2. The installer that showed up is graphical, and you can choose between a normal installation, booting a rescue system, or running a memory test (uses memtest86, I presume).
3. While the installer runs it merely shows a rotating logo, but you can switch to other consoles (ALT+F1, ALT+F3, ALT+F4) for watching log messages passing by.
4. You can choose the language used in the installer, later also your timezone and keyboard layout. You can also check the installation medium, which verifies the checksum of the CD, I guess.
5. Next, you'll be asked to accept a license agreement (yeeaah, whatever).
6. Your hardware will be automatically detected (worked quite well for me), and after that you can choose between a new install or a system upgrade.
7. As for the desktop, you can use GNOME, KDE, text-mode (no desktop), or a "minimal graphical system" (it turns out that means fvwm, at least that's what I think).
8. The graphical partitioning tool feels a bit awkward at first, I needed several tries until I figured out how to make it use the layout I wanted it to. The default file system suggested by the tool is ReiserFS.
9. There's an explicit option which lets you choose the default run-level for the system (run-level 5 is pre-configured).
10. The bootloader, GRUB, recognized the other partitions (Debian stable + unstable), added an entry for SUSE Linux, and created a working setup. Nice, although more control over the process (e.g. naming of the boot options) would be nice.
11. Reboot.
12. I'm asked to insert CDs 2 and 3, which I don't have (or want), as I only burned CD 1. Clicking "abort" a few times does the trick, and I can continue by choosing a hostname and domain name for the box (hydra + local.domain).
13. Now I must enter the root password. Very nice: I have the choice between DES, MD5, or Blowfish (SUSE default) for the hashing/encryption of user passwords.
14. Afterwards, the network is configured (automatically, via DHCP). You can enable a firewall at this point, and enable/disable access to the ssh port explicitly. It's also possible to enable "VNC remote administration" (default: off), or configure a proxy.
15. Authentication methods for users, available from the installer: local (/etc/passwd), LDAP, NIS, Windows Domain.
16. When adding a new user, there are some options. Per default, the user is in the groups "users" (no per-user groups, it seems), "dialout" and "video", but that can be configured. Password expiration is disabled. The default shell is bash.
17. And now... another registration message (in the release notes, actually). May I quote (from my head): The registration procedure transfers zmd's unique device identifier to Novell's registration web service. The information sent may also include OS, version, architecture, and the output of uname and hwinfo, according to that text. More on that later, maybe...
18. Of course, SUSE Linux comes with SUSE's/Novell's AppArmor enabled by default, but I haven't looked into it, yet.
19. Now some problems appeared. More hardware discovery took place, it seems, then the screen turned black (with only a non-blinking cursor in the upper left), no reaction to any input -> I performed a hard reboot.
20. After booting, I'm dropped into fvwm (although I chose GNOME in the installer), the reason probably being the forced reboot. After looking around a bit in the menus and stuff, I wanted to start sax2 (to find out what it does), but the screen turned black again -> another hard reboot. Could it be that I don't have enough RAM for this (256 MB)?
21. Anyways, at this point I lost interest in playing with the system any further, and gathered the below information for comparison reasons...

Security

Continue reading here...

Update 2006-06-05: Added netstat output, and answered a bunch of comments.
Update 2006-06-02: Shortened the length of the article on my main webpage as well as the RSS feed. But you can always read the whole article here, of course.

Note: This article is part of my OS Install Experiences series.

OK, so let's start with something simple: Debian. Simple in the sense that there probably won't be too many surprises for me as a Debian developer (or for most readers of Planet Debian). For other people this might be interesting, though, and some facts are probably interesting to one or the other experienced Debian user/developer, too...

Hardware

A few words on the hardware I'll be installing all these OSes on. It's a cheapo (200 Euros) x86 PC (Intel Celeron, 2 GHz), 80 GB IDE hard drive, 256 MB RAM, ATI Radeon 9200 SE graphics adapter, Realtek PCI ethernet controller, CDROM, USB, and all the other standard stuff. Nothing fancy, really.

Install

1. First, I downloaded a Debian sarge 3.1r2 CD image, burned it on a CD, and booted from that.
2. An installer menu showed up, where you can press F3 for boot options. I chose "expert26", which will ask me more questions and give me a 2.6 Linux kernel instead of 2.4.
3. The installer (newt-based, i.e. not graphical) will now start to boot a base Linux system.
4. Now, you can choose your language (used in the installer), country, region, and keyboard layout.
5. You'll be asked which additional kernel modules you want to load (default: all), and whether you want PCMCIA support. Also, you can choose which extra installer components should be loaded (LVM, PPP, serial, IrDA, ...).
6. Your hardware can be automatically detected (my Realtek card was successfully detected, the "8139too" kernel module was then loaded).
7. The network was successfully auto-configured via DHCP within seconds.
8. Now you can choose a hostname and domain name for the box. I used "hydra" as hostname (guess why), and "local.domain" as domain name.

Partitioning

Now the funny part starts: partitioning the disk. As I will be installing >= 10 OSes, this needs a bit of consideration.

I have chosen to create a 10 GB (primary) partition for a Redmond OS I'll be installing later (for games, testing, proprietary software I'm forced to use, and similar things). This will be the first partition and I marked it bootable, as Windows might choke otherwise.

For the rest, I reserved 5 GB for each OS — that should do. So the next two (primary) partitions are 5 GB each. I'll leave these empty for now, as I might encounter obscure OSes which must be installed on primary partitions. Let's hope it won't be more than two ;-) As you can only have four primary partitions, I then had to create a logical partition, which will "contain" any further partitions.

The next three (secondary) partitions are 1 GB each, intended to be used as swap. One of those I marked as swap in order to use it for Debian. Other Linux installations will be able to reuse this one. The other two are reserved in case I encounter OSes which have another form of swap and cannot use Linux swap partitions...

The rest is easy: create twelve 5 GB partitions => lots of space for more OSes. Here's the resulting fdisk output:

Disk /dev/hda: 81.9 GB, 81964302336 bytes
255 heads, 63 sectors/track, 9964 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

      Device Boot      Start         End      Blocks   Id  System
   /dev/hda1   *           1        1216     9767488+  83  Linux
   /dev/hda2            1217        1824     4883760   83  Linux
   /dev/hda3            1825        2432     4883760   83  Linux
   /dev/hda4            2433        9964    60500790    5  Extended
   /dev/hda5            2433        2554      979933+  82  Linux swap / Solaris
   /dev/hda6            2555        2676      979933+  83  Linux
   /dev/hda7            2677        2798      979933+  83  Linux
   /dev/hda8            2799        3406     4883728+  83  Linux
   /dev/hda9            3407        4014     4883728+  83  Linux
   /dev/hda10           4015        4622     4883728+  83  Linux
   /dev/hda11           4623        5230     4883728+  83  Linux
   /dev/hda12           5231        5838     4883728+  83  Linux
   /dev/hda13           5839        6446     4883728+  83  Linux
   /dev/hda14           6447        7054     4883728+  83  Linux
   /dev/hda15           7055        7662     4883728+  83  Linux
   /dev/hda16           7663        8270     4883728+  83  Linux
   /dev/hda17           8271        8878     4883728+  83  Linux
   /dev/hda18           8879        9486     4883728+  83  Linux
   /dev/hda19           9487        9964     3839503+  83  Linux

Install, continued

1. The Debian partitioning tool allowed me to do all of the above via a friendly menu. As it does not modify the partition table until you say "done", I could revert many changes, and play around with different layout ideas until I was satisfied.
2. Next thing you can choose is the Kernel flavor (386, 686, smp).
3. You may now configure and install GRUB, the bootloader. I installed it at "(hd0)", the master boot record of the hard disk.
4. Soon the CD ejects, and you have to reboot.
5. After a restart (which also shows whether GRUB works fine), you can now choose your timezone, and decide whether you want shadow passwords (say yes!).
6. Now enter the root password, and decide whether you want to create an additional user account (say yes, and enter a different password here).
7. You can now configure apt, e.g. tell it which sources you'd like to use (CDROM, FTP, HTTP, ...). You'll be asked whether you want to install software from Debian's "non-free" archive. After choosing a mirror (and proxy settings, if you like), you can (should!) also say yes to the question whether you want security updates...
8. Finally, you may now choose "tasks" (desktop, web server, file server, ...) your machine should be able to perform; this will influence which packages will be installed. You may choose "manual package selection", of course, if you want more control. I used "desktop".
9. That's about it. You'll see a few more application-specific questions (configuration of MTA, ssh, fonts, X11, gdm, and others), and after that you'll be left with a GNOME login window.

Security

Continue reading here...

Update 2006-06-05: Added netstat output and the list of world-writable files.
Update 2006-06-02: Shortened the length of the article on my main webpage as well as the RSS feed. But you can always read the whole article here, of course.
Update 2006-05-19: Updated "why is Debian-exim capitalized?" info as per comments, thanks!

A while ago I wanted to enlarge my /home partition (hda6), as it was getting full. After that partition I had another (unused) one, which I intended to merge with hda6 and thereby increase the amount of free disk space on /home.

Here's parts of the disk layout:

hda6 Logical Linux ext3 30848.00
hda7 Logical Linux ext3 8848.00

So, merging hda7 into hda6 should be as simple as removing hda7, and then resizing hda6 to swallow up the 8 gig from the former hda7. Basically, that's how it worked, but I had a few problems. First, at that time is seemed impossible to simply resize ext3 partitions. Neither ext2resize, nor QtParted, nor parted worked for me for some reasons (maybe that has changed recently).

After some googling I finally found a way to do it (which I'll document here, maybe it'll be helpful for others):

1. Boot from Knoppix, not mounting any partition
2. Run fsck on both, hda6 and hda7 (optional?)
3. Remove hda7 (e.g. using cfdisk)
4. Remove the ext3 journal from hda6 (effectively turning it into an ext2 partition):
   # tune2fs -O^has_journal /dev/hda6
5. Resize hda6 using parted. The xxxx is the original start of hda6 (you may not change that) and yyyy is the end of the disk:
   # parted
(parted) resize 6 xxxxx yyyyy
6. Enable the ext3 journal again on the now enlarged hda6:
   tune2fs -j /dev/hda6
7. Reboot

But this didn't work from the beginning either — for some strage reason parted didn't believe me that the space after hda6 was free. It did display it as free space, but the "resize" operation complained.

So what I did was this (instead af the above step 3):

1. Re-add the hda7 partition using, e.g., cfdisk
2. Start parted, and remove hda7 again from within parted(!):
   # parted
(parted) rm 7

It seems parted didn't like the way cfdisk removed the hda7 partition... very strange...