1. Boot the installer
2. Select "Advanced Options"
3. Select "Expert Installer"
4. Choose language
5. Choose keyboard layout
6. Detect and mount CD-ROM
7. Load installer components - no additional selections required
8. Detect network hardware
9. Configure the network
a. No, do not auto-config the network settings
b. set static IP address with subnet mask in CIDR notation
c set gateway address - usually the prefilled value, unless the gateway is not the first IP address in the subnet.
d. set DNS server address(es) if different from prefilled value (gateway)
e. set hostname
f. set domain name
10. Set users and passwords
a. Yes, use shadow passwords
b. Yes, allow login as root
c. set root password
d. Yes, add additional user and corresponding password
11. Yes, configure the clock using NTP
a. set NTP server to local NTP server if desired
b. select time zone
12. Detect system disks
13. Partition disks
a. Select the desired OS disks
b. Yes, create a new empty partition table on this device
c. Select "gpt"
d. Select the "FREE SPACE"
e. Create new partition - BIOS
1. 1MB
2. Beginning
3. Name: "bios"
Use as: "Reserved BIOS boot area"
f. Create new partition - BOOT
1. 1GB
2. Beginning
3. Name: "boot"
Use as: "Ext4"
Mount point: "/boot"
g. Create new partition - SWAP
1. 2GB
2. Beginning
3. Name: "swap"
Use as: "swap area"
h. Create new partition - ROOT
1. *use the remaining space*
2. Name: "root"
Use as: "Ext4"
Mount point" "/"
i. Configure encrypted volumes
1. Yes, write the changes
2. Create encrypted volumes
3. Select, in this case, sda3 (swap) and sda4 (root)
4. Set "swap"/"partition #3" to use a "Random Key"
5. Set "root"/"partition #4" to use a "Passphrase"
6. Yes, write the changes
7. Finish
8. Yes, erase the data on partition #3 (do NOT cancel the operation)
9. Yes, erase the data on partition #4 (do NOT cancel the operation)
10. Set encryption password for partition #4
11. Make sure /boot, swap, and / are set correctly
12. Finish
13. Yes, write the changes
13. Install the base system
a. Select non-version-specific kernel
b. Select targeted driver install
14. Configure the package manager
a. No, don't scan another CD or DVD
b. Yes, use a network mirror
c. Yes, use http
d. Yes, in the United States
e. Yes, use deb.debian.org
f. Enter proxy information ( http://username:password@proxy.int.skeelstech.com:3128/ )
g. No non-free software
h. No contrib software
i). Yes, enable APT
j. Use default services (security updates, release updates)
15. Select and install software
a. No automatic updates
b. No, don't participate in the package usage survey.
c. Only install software: standard system utilities, SSH server
16. Install GRUB
a. Yes, install the GRUB boot loader to the master boot record
b. Select sda (or whatever disk the OS is being installed to)
c. No, don't force nothin!
17. Finish the installation.
a. Yes, system clock is set to UTC.
b. Continue.
18. Remove the installation medium.
1. Make sure server is on latest release.
I ended up being able to upgrade to the newest release. I ran ‘apt remove’ to delete the old, unnecessary kernel
apt update
apt full-upgrade
apt autoremove2. Install baseline packages
apt install -y vim ufw htop curl rsyslog snmpd chronyOpen the rsyslog.conf file for editing.
vim /etc/rsyslog.confUse this config.
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
###########################
#### GLOBAL DIRECTIVES ####
###########################
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Set the default permissions for all log files.
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
# Where to place spool and state files
$WorkDirectory /var/spool/rsyslog
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
# First some standard log files. Log by facility.
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Some "catch-all" log files.
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
# Emergencies are sent to everybody logged in.
*.emerg :omusrmsg:*
*.* @graylog.example.com:5140Restart rsyslog
systemctl restart rsyslog.serviceOpen /etc/snmp/snmpd.conf file for editing.
vim /etc/snmp/snmpd.confUse this config:
rocommunity linuxstd
syslocation VMware
syscontact ross@rlskeels.com
agentAddress udp:161
dontLogTCPWrappersConnects yes
#Hardware Detection (uncomment to enable)
extend .1.3.6.1.4.1.2021.7890.2 hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
extend .1.3.6.1.4.1.2021.7890.3 manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
extend .1.3.6.1.4.1.2021.7890.4 serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'
#Distro Detection
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distroDownload the LibreNMS OS detection script and change it's permissions.
LibreNMS reference page here.
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distroChange permissions of the file.
chmod +x /usr/bin/distroAs root, add the following config to cron
@reboot chmod 444 /sys/devices/virtual/dmi/id/product_serialRestart SNMPd
systemctl restart snmpd.serviceOpen the chrony config for editing.
vim /etc/chrony/chrony.conf Use this config. The iburst parameter is set to do the initial synchronization.
server ntp.example.com iburst
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3Set correct timezone
timedatectl set-timezone America/DenverDisable timesyncd and restart chrony
systemctl stop systemd-timesyncd.service
systemctl disable systemd-timesyncd.service
systemctl restart chronyd.service
date