--- format: markdown categories: Netz-Infrastruktur, Backbone, Supernodes title: System ... # System ## sysctl Bereinigt um Redundanzen (insbesondere die, deren Default-Verhalten durch `net.ipv4.ip_forward=1` und `net.ipv6.conf.all.forwarding=1` geändert wird). ``` # Reboot 1 second after kernel panic, oops or BUG (usually in batman-adv.ko) kernel.panic = 1 kernel.panic_on_oops = 1 # throw kernel panic on softlockup kernel.softlockup_panic=1 ## Networking # See https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt # Don't pass bridged traffic to iptables/arptables net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 ## IPv4 tuning # Reset all configuration parameters to RFC1812 net.ipv4.ip_forward=1 # Accept ICMP redirect messages; default = 0 net.ipv4.conf.default.accept_redirects = 1 net.ipv4.conf.all.accept_redirects = 1 # Use larger ARP cache net.ipv4.neigh.default.gc_thresh1 = 2048 net.ipv4.neigh.default.gc_thresh2 = 4096 net.ipv4.neigh.default.gc_thresh3 = 8192 # Maximum number of routes allowed in the kernel net.ipv4.route.max_size=8388608 ## IPv6 tuning # Configure router behaviour net.ipv6.conf.all.forwarding=1 # Accept Redirects; default = 0 net.ipv6.conf.default.accept_redirects = 1 net.ipv6.conf.all.accept_redirects = 1 # Accept Duplicate Address Detection; default = 1 net.ipv6.conf.default.accept_dad = 0 net.ipv6.conf.all.accept_dad = 0 # Use larger neighbor table net.ipv6.neigh.default.gc_thresh1 = 2048 net.ipv6.neigh.default.gc_thresh2 = 4096 net.ipv6.neigh.default.gc_thresh3 = 8192 # Maximum number of routes allowed in the kernel net.ipv6.route.max_size=8388608 ``` * Hauptsächlich einige wichtige `systctl`-Einstellungen # Paketquellen ``` deb http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy main non-free contrib deb-src http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy main non-free contrib deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free # wheezy-updates, previously known as 'volatile' deb http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy-updates main contrib non-free deb-src http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy-updates main contrib non-free deb http://repo.universe-factory.net/debian/ sid main deb http://http.debian.net/debian wheezy-backports main #deb http://bird.network.cz/debian/ wheezy main ``` * Das `bird`-Repository ist überflüssig, die Pakete werden nicht genutzt. # Installierte Paket-Versionen Paket Version Verfügbar Quelle ---------------- ---------------- ------------------- --------------------- fastd 17-2 17-4 universe-factory.net batman-adv 2014.3.0 - - batctl 2014.3.0-2 2014.3.0-2 universe-factory.net bird 1.4.5-1~bpo70+1 (1.5 im Bird-Repo) backports.debian.org bird6 1.4.5-1~bpo70+1 (transitional) - # Lokale Pakete (aus Backports) ``` jq libjson-c2 ``` # Zusätzliche laufende Dienste ``` rng-tools / rngd ``` # Manuell installierte Software ``` /usr/local/bin/alfred-json /usr/local/sbin/alfred /usr/local/share/man/man8/alfred.8 /usr/local/sbin/batadv-vis /usr/local/share/man/man8/batadv-vis.8 /usr/sbin/vmtoolsd (und was da noch dran hängt) ``` # VMware-Tools Anstatt die VMware-Tools lokal zu kompilieren [empfiehlt VMware](http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2073803) die in der Distribution paketierten [`open-vm-tools`](https://packages.debian.org/wheezy-backports/open-vm-tools) + `open-vm-tools-dkms` zu nutzen. # System-Login Login ist nur mittels SSH-Keys möglich. Momentan mússen sich die berechtigten Personen als `root` einloggen.