wiki/Technik/Netzinfrastruktur/Supernodes/system.page

---
format: markdown
categories: Netz-Infrastruktur, Backbone, Supernodes
title: System
...


# System

## sysctl

Bereinigt um Redundanzen (insbesondere die, deren Default-Verhalten durch `net.ipv4.ip_forward=1` und `net.ipv6.conf.all.forwarding=1` geändert wird).

```
# Reboot 1 second after kernel panic, oops or BUG (usually in batman-adv.ko)
kernel.panic = 1
kernel.panic_on_oops = 1

# throw kernel panic on softlockup
kernel.softlockup_panic=1

## Networking
# See https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

# Don't pass bridged traffic to iptables/arptables
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0


## IPv4 tuning

# Reset all configuration parameters to RFC1812
net.ipv4.ip_forward=1

# Accept ICMP redirect messages; default = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.all.accept_redirects = 1

# Use larger ARP cache
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192

# Maximum number of routes allowed in the kernel
net.ipv4.route.max_size=8388608


## IPv6 tuning

# Configure router behaviour
net.ipv6.conf.all.forwarding=1

# Accept Redirects; default = 0
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.all.accept_redirects = 1

# Accept Duplicate Address Detection; default = 1
net.ipv6.conf.default.accept_dad = 0
net.ipv6.conf.all.accept_dad = 0

# Use larger neighbor table
net.ipv6.neigh.default.gc_thresh1 = 2048
net.ipv6.neigh.default.gc_thresh2 = 4096
net.ipv6.neigh.default.gc_thresh3 = 8192

# Maximum number of routes allowed in the kernel
net.ipv6.route.max_size=8388608
```

* Hauptsächlich einige wichtige `systctl`-Einstellungen

# Paketquellen

```
deb http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy main non-free contrib
deb-src http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy main non-free contrib

deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

# wheezy-updates, previously known as 'volatile'
deb http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ wheezy-updates main contrib non-free

deb http://repo.universe-factory.net/debian/ sid main
deb http://http.debian.net/debian wheezy-backports main

#deb http://bird.network.cz/debian/ wheezy main
```

* Das `bird`-Repository ist überflüssig, die Pakete werden nicht genutzt.

# Installierte Paket-Versionen

Paket             Version           Verfügbar            Quelle               
----------------  ----------------  -------------------  ---------------------
fastd             17-2              17-4                 universe-factory.net 
batman-adv        2014.3.0          -                    -
batctl            2014.3.0-2        2014.3.0-2           universe-factory.net 
bird              1.4.5-1~bpo70+1   (1.5 im Bird-Repo)   backports.debian.org 
bird6             1.4.5-1~bpo70+1   (transitional)       -             

# Lokale Pakete (aus Backports)

```
jq
libjson-c2
```

# Zusätzliche laufende Dienste

```
rng-tools / rngd
```

# Manuell installierte Software

```
/usr/local/bin/alfred-json
/usr/local/sbin/alfred
/usr/local/share/man/man8/alfred.8

/usr/local/sbin/batadv-vis
/usr/local/share/man/man8/batadv-vis.8

/usr/sbin/vmtoolsd (und was da noch dran hängt)
```


# VMware-Tools

Anstatt die VMware-Tools lokal zu kompilieren [empfiehlt VMware](http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2073803) die in der Distribution paketierten [`open-vm-tools`](https://packages.debian.org/wheezy-backports/open-vm-tools) + `open-vm-tools-dkms` zu nutzen.


# System-Login

Login ist nur mittels SSH-Keys möglich. Momentan mússen sich die berechtigten Personen als `root` einloggen.