apt-get install task-print-server cups cupsys cupsys-driver-gutenprint foomatic-db-gutenprint foomatic-filters fontconfig libtiff4 libfreetype6
/etc/cups/cups.conf
/etc/cups/cups-browsed.conf
lp -d <nomestampante> <nomefile1> <nomefile2> ...
ExternalScripts=/usr/lib/zabbix/externalscripts
apt-get install unixodbc unixodbc-dev dpkg -i ibm-iaccess-1.1.0.11-1.0.amd64.deb apt-get install php7.0-odbc odbcinst -i -d -f /opt/ibm/iaccess/unixodbcregistration nano /etc/odbc.ini
On the ini file type:
[MyDSN] Description = Company DB Driver = IBM i Access ODBC Driver System = myserver.mycompany.local UserID = username Password = password Naming = 0 DefaultLibraries = mylibrary Database = ConnectionType = 1 (0=read/write; 1=readonly) BlockFetch = 1 BlockSizeKB = 512 [MyDSN2] Description = Company DB2 Driver = IBM i Access ODBC Driver System = myserver2.mycompany.local UserID = username Password = password Naming = 0 DefaultLibraries = mylibrary Database = ConnectionType = 1 BlockFetch = 1 BlockSizeKB = 512 .....
On my php file with PDO:
$pdo = new PDO("odbc:MyDSN");
$stmt = $pdo->query("SELECT * FROM mytable");
while ($row = $stmt->fetch()) {
print_r($row);
}
I say “Full” disk encryption but that’s not entirely correct: there is still a small partition /boot that’s unencrypted. That contains your kernel, grub config and initrd and needs to be unencrypted so we can start booting and decrypt the rest of the OS.
So let’s get started:
Installing
Boot up your CD, USB flash drive, ISO file or install media of choice and select Graphical install.
CD Boot
Select your language.
Select a language
Select your location.
Select a location
Set your keyboard layout.
Configure the Keyboard
Pick a name for your computer.
Configure the network
Set your local domain.
Configure the network
I personally leave the root password blank, this disables the root account and instead sets you up with a first user that can run sudo to become root.
set up users and passwords
Enter your full name.
set up users and passwords
Pick your username (the default is usually pretty good).
set up users and passwords
Set your password.
set up users and passwords
Set your timezone.
Configure the clock
The encryption:
This is where the magic happens, actually it’s quite simple, we are going to pick “Guided – use entire disk and set up encrypted LVM” and then just go with the defaults.
Partition disks
Select the volume to install Debian. (This will wipe whatever you have on that disk!!)
Partition disks
Pick “All files in one partition (recommended for new users)”.
Partition disks
Pick ‘Yes’ to write the changes to the disks.
Partition disks
Now the disk will be writen with random data, this is to prevent analysis of the disk. This step can be skipped by pressing cancle but it’s highly reccomend you wait it out. It could take several minutes to a few hours so now is an absolutely smashing time to go and have a cup of tea.
Partition disks
Now set a passphrase for your disk.
Partition disks
Select “Finish partitioning and write changes to disk”
Partition disks
Pick ‘Yes’ to write the changes to the disks.
Partition disks
Continue the installation
Now we continue the installation as per normal.
Pick ‘No’ for any extra CDs.
configure the package manager
Pick your country to find a local mirror .
configure the package manager
And pick your mirror of choice, often (at least in Australia) you will find your local ISP has a mirror and this will likely be fastest for you.
configure the package manager
Enter any proxy information (most times this will be blank)
configure the package manager
You are given the option to opt-in to Debian’s statistics collection.
Configure the popularity contest
Pick your software, I’ve gone with KDE as my desktop of choice but it’s a matter of personal taste.
Debian Software Selection
Install GRUB
Install the grub boot loader on a hard disk
Pick your boot disk.
Install the grub boot loader on a hard disk
and finish the installation.
Finish the installation
Boot your system
Now when you boot up you should presented with a prompt asking for the key to decrypt sda5_crypt (your encrypted volumne)
Enter your passphrase (Note: you won’t see characters as you type)
Finish the installation
Now you can log in and enjoy your new Debian system
1. apt-get install mysql-server
2. mysql
a. Setup rights for user root or zabbix or similar
b. create DB zabbix with collate utf8_bin
c. create user zabbix with correct rights on zabbix DB
3. apt-get install zabbix-server-mysql zabbix-frontend-php php-mysql
4. nano /etc/mysql/mysql.conf.d/mysqld.cnf
a. setup bind setting to allow or not remote connections to DB
5. /etc/init.d/mysql restart
6. a2enconf zabbix-frontend-php
7. nano /etc/php/7.2/apache2/php.ini
a. setup date.timezone in php.ini (Europe/Rome)
8. systemctl reload apache2
9. cd /usr/share/zabbix-server-mysql/
10. gunzip data.sql.gz
11. gunzip images.sql.gz
12. gunzip schema.sql.gz
13. mysql -uzabbix -p zabbix < schema.sql
14. mysql -uzabbix -p zabbix < images.sql
15. mysql -uzabbix -p zabbix < data.sql
16. open browser to http://
17. mv zabbix.conf.php /etc/zabbix/
19. chown root:root zabbix.conf.php
20. apt-get install zabbix-agent
21. nano /etc/zabbix/zabbix_server.conf
a. verify DBPassword correctly reported into zabbix_server.conf file
22. systemctl enable zabbix-server
apt-get install sendmail sendmailconfig
nano /etc/mail/sendmail.mc
define(`SMART_HOST', `relay.mydomain.com')dnl
cd /etc/mail make
Script must be into the Alert Script folder path. Default value is:
/etc/zabbix/alert.d
Let’s create our test.php file with execution permissions:
chmod a+x test.php
File must start with these lines:
#!/usr/bin/php
In Zabbix web interface make sure you set these values:
This is a secure solution for having a web server for many sites. With this you can specify which server user will be used for which site so apache will execute the code (mainly php) with that user preventing file system access to bad code.
On a fresh Debian 9 installation (with just SSH Server installed) let’s do:
apt-get install libapache2-mpm-itk libapache2-mod-php7.0
We’ll now enable that modules that could be useful and the one necessary:
a2enmod mpm_itk a2enmod rewrite
Now let’s configure a virtualhost:
cd /etc/apache2/sites-available touch my_website.conf nano my_website.conf
and put this inside the file (obviously you can change settings as you need):
<VirtualHost *:80>
ServerName my_website
ServerAdmin paolo@my_website
DocumentRoot /home/www/my_website/home/
<IfModule mpm_itk_module>
AssignUserId my_username my_usergroup
</IfModule>
<Directory /home/www/my_website/home/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Let’s activate my_website:
a2ensite my_website
At this point we need to create the user and the group we indicate into the file:
useradd -d /home/www/my_website -s /usr/sbin/nologin my_username
and the folders onto the path:
mkdir /home/www mkdir /home/www/my_website mkdir /home/www/my_website/home cd /home/www/my_website chown -R my_username:my_username home/
At this point we have a virtualhost that points to a folder path where apache will run scripts as my_username user.
Therefore it’s possibile to configure mysql o any other service to make this webserver richer of functions.
allow-hotplug ens192 iface ens192 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.254 dns-nameservers 192.168.21.1 192.168.11.11 192.168.31.253 dns-search mydomain.mytld