|
|
@@ -0,0 +1,139 @@
|
|
|
+---
|
|
|
+format: markdown
|
|
|
+categories: Netz-Infrastruktur, Backbone, Supernodes
|
|
|
+title: System
|
|
|
+...
|
|
|
+
|
|
|
+
|
|
|
+# System
|
|
|
+
|
|
|
+## sysctl
|
|
|
+
|
|
|
+Bereinigt um Redundanzen (insbesondere die, deren Default-Verhalten durch `net.ipv4.ip_forward=1` und `net.ipv6.conf.all.forwarding=1` geändert wird).
|
|
|
+
|
|
|
+```
|
|
|
+# Reboot 1 second after kernel panic, oops or BUG (usually in batman-adv.ko)
|
|
|
+kernel.panic = 1
|
|
|
+kernel.panic_on_oops = 1
|
|
|
+
|
|
|
+# throw kernel panic on softlockup
|
|
|
+kernel.softlockup_panic=1
|
|
|
+
|
|
|
+## Networking
|
|
|
+# See https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
|
|
|
+
|
|
|
+# Don't pass bridged traffic to iptables/arptables
|
|
|
+net.bridge.bridge-nf-call-arptables = 0
|
|
|
+net.bridge.bridge-nf-call-iptables = 0
|
|
|
+net.bridge.bridge-nf-call-ip6tables = 0
|
|
|
+
|
|
|
+
|
|
|
+## IPv4 tuning
|
|
|
+
|
|
|
+# Reset all configuration parameters to RFC1812
|
|
|
+net.ipv4.ip_forward=1
|
|
|
+
|
|
|
+# Accept ICMP redirect messages; default = 0
|
|
|
+net.ipv4.conf.default.accept_redirects = 1
|
|
|
+net.ipv4.conf.all.accept_redirects = 1
|
|
|
+
|
|
|
+# Use larger ARP cache
|
|
|
+net.ipv4.neigh.default.gc_thresh1 = 2048
|
|
|
+net.ipv4.neigh.default.gc_thresh2 = 4096
|
|
|
+net.ipv4.neigh.default.gc_thresh3 = 8192
|
|
|
+
|
|
|
+# Maximum number of routes allowed in the kernel
|
|
|
+net.ipv4.route.max_size=8388608
|
|
|
+
|
|
|
+
|
|
|
+## IPv6 tuning
|
|
|
+
|
|
|
+# Configure router behaviour
|
|
|
+net.ipv6.conf.all.forwarding=1
|
|
|
+
|
|
|
+# Accept Redirects; default = 0
|
|
|
+net.ipv6.conf.default.accept_redirects = 1
|
|
|
+net.ipv6.conf.all.accept_redirects = 1
|
|
|
+
|
|
|
+# Accept Duplicate Address Detection; default = 1
|
|
|
+net.ipv6.conf.default.accept_dad = 0
|
|
|
+net.ipv6.conf.all.accept_dad = 0
|
|
|
+
|
|
|
+# Use larger neighbor table
|
|
|
+net.ipv6.neigh.default.gc_thresh1 = 2048
|
|
|
+net.ipv6.neigh.default.gc_thresh2 = 4096
|
|
|
+net.ipv6.neigh.default.gc_thresh3 = 8192
|
|
|
+
|
|
|
+# Maximum number of routes allowed in the kernel
|
|
|
+net.ipv6.route.max_size=8388608
|
|
|
+```
|
|
|
+
|
|
|
+* Hauptsächlich einige wichtige `systctl`-Einstellungen
|
|
|
+
|
|
|
+# Paketquellen
|
|
|
+
|
|
|
+```
|
|
|
+deb http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy main non-free contrib
|
|
|
+deb-src http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy main non-free contrib
|
|
|
+
|
|
|
+deb http://security.debian.org/ wheezy/updates main contrib non-free
|
|
|
+deb-src http://security.debian.org/ wheezy/updates main contrib non-free
|
|
|
+
|
|
|
+# wheezy-updates, previously known as 'volatile'
|
|
|
+deb http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy-updates main contrib non-free
|
|
|
+deb-src http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy-updates main contrib non-free
|
|
|
+
|
|
|
+deb http://repo.universe-factory.net/debian/ sid main
|
|
|
+deb http://http.debian.net/debian wheezy-backports main
|
|
|
+
|
|
|
+#deb http://bird.network.cz/debian/ wheezy main
|
|
|
+```
|
|
|
+
|
|
|
+* Das `bird`-Repository ist überflüssig, die Pakete werden nicht genutzt.
|
|
|
+
|
|
|
+# Installierte Paket-Versionen
|
|
|
+
|
|
|
+Paket Version Verfügbar Quelle
|
|
|
+---------------- ---------------- ------------------- ---------------------
|
|
|
+fastd 17-2 17-4 universe-factory.net
|
|
|
+batman-adv 2014.3.0 - -
|
|
|
+batctl 2014.3.0-2 2014.3.0-2 universe-factory.net
|
|
|
+bird 1.4.5-1~bpo70+1 (1.5 im Bird-Repo) backports.debian.org
|
|
|
+bird6 1.4.5-1~bpo70+1 (transitional) -
|
|
|
+
|
|
|
+# Lokale Pakete (aus Backports)
|
|
|
+
|
|
|
+```
|
|
|
+jq
|
|
|
+libjson-c2
|
|
|
+```
|
|
|
+
|
|
|
+# Zusätzliche laufende Dienste
|
|
|
+
|
|
|
+```
|
|
|
+rng-tools / rngd
|
|
|
+```
|
|
|
+
|
|
|
+# Manuell installierte Software
|
|
|
+
|
|
|
+```
|
|
|
+/usr/local/bin/alfred-json
|
|
|
+/usr/local/sbin/alfred
|
|
|
+/usr/local/share/man/man8/alfred.8
|
|
|
+
|
|
|
+/usr/local/sbin/batadv-vis
|
|
|
+/usr/local/share/man/man8/batadv-vis.8
|
|
|
+
|
|
|
+/usr/sbin/vmtoolsd (und was da noch dran hängt)
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+# VMware-Tools
|
|
|
+
|
|
|
+Anstatt die VMware-Tools lokal zu kompilieren [empfiehlt VMware](http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2073803) die in der Distribution paketierten [`open-vm-tools`](https://packages.debian.org/wheezy-backports/open-vm-tools) + `open-vm-tools-dkms` zu nutzen.
|
|
|
+
|
|
|
+
|
|
|
+# System-Login
|
|
|
+
|
|
|
+Login ist nur mittels SSH-Keys möglich. Momentan mússen sich die berechtigten Personen als `root` einloggen.
|
|
|
+
|
Stefan Kinzel