Before you start

The default recommended install for slackware64 15.0 is complete. The space used can obviously be reduced by not installing things like X, or servers that are not going to be used, but this how-to doesn't assume what you will or won't use. That is left to you in the usual slackware way.

This install is based on 25GB of VPS storage. Anything less than 25GB of storage is going to be a squeeze because you are going to need some space for recompiling the kernel in addition to all the other packages you want to install. You should have about 5.5GB free space once the installation is complete.

You can use nano to edit/create new files during this setup process, but as ctrl-o is hooked by the xen console, you'll need to press ctrl-x then type y to save your file instead.

Part 1. configure the vps settings

Log in to the xen shell via ssh either on linux/mac or via putty on windows

ssh yourserver@yourserver.console.bitfolk.com

You will need to use the ssh key you supplied when ordering the VPS (or the password if you did not provide a key).

before we check the disks, we make sure the vm will be using the recommended settings

Type

arch x86_64

to set the vm to 64bit Type

virtmode PVH

to set the vm virtual mode to PVH if you are wiping and installing fresh, then shutdown the existing vm by typing

shutdown

By default bitfolk allocate two virtual disks for your virtual machine. xvda (the main amount) and xvdb (an amount equal to the ram you have allocated) for swap. (If you purchased archive space, that will show as xvdc in your vm, but will not appear in the console.)

Type disks to view and change the arrangement of virtual drives made up out of your purchased disk space.

Current disk layout:

         1. xvda            25,600MiB
         2. xvdb             1,024MiB
         
     Total disk capacity            26,624MiB
    Reserved for backups             2,048MiB
Available for allocation                 0MiB

Unless you have specific requirements to alter this, it should be fine as is. When you are happy with the virtual disk allocation, you can get back to the xen-shell prompt and continue....

For this install we are assuming at least 25GB of space allocated to the first virtual disk /dev/xvda

Part 2. boot to rescue image, get network settings, partitioning and format drives, mount and download the install files

boot to rescue image

• type rescue
• log on as user with password given
• change to root type sudo su -

get network settings

• type ip addr|grep "inet "|tail -n1|awk '{print $2}'|awk -F"/" '{print $1}' to get your public static ip4 address. make a note of it
• type ip addr|grep "inet "|tail -n1|awk '{print $2}'|awk -F"/" '{print $2}' to get your public static ip4 netmask CIDR. make a note of it
• type ip ro|grep default|awk '{print $3}' to get your ip4 gateway. make a note of it
• type cat /etc/resolv.conf|awk '{print $2}' to get the bitfolk nameservers. make a note of it

partition and format drives

• type fdisk -l|grep "Disk /dev"|grep -v "loop" to check the drives of the virtual machine.
  Your main ssd drive is /dev/xvda
  We will be clearing the drive, partitioning and formatting, so

  Warning:

  any existing data will be wiped.

• type fdisk /dev/xvda
• then o to set a dos partition table
• then n for a new partition
• then p for a primary partition
• then press enter to accept the default parition number (1)
• then press enter to accept the default start position
• then press enter to accept the default end position.
• then type w to write the changes to the drive.
• Now for the swap drive. type fdisk /dev/xvdb
• then o for a dos style partition table
• then n for a new partition
• then p for a primary partition
• then press enter to accept the default partition number
• then enter to accept the default start position
• and enter to accept the default end position
• type t to specify the partion type. it will default to the only partion (1)
• type swap to set it to swap type
• type w to write the changes to the drive
• if you have archive storage which is un-initialised, you can set it up now.
• type fdisk /dev/xvdc
• then o to set a dos partition table
• then n for a new partition
• then p for a primary partition
• then press enter to accept the default parition number (1)
• then press enter to accept the default start position
• then press enter to accept the default end position.
• then type w to write the changes to the drive.

Now to format the new ssd partition as ext4 (or other FS as you wish)
type mkfs -t ext4 /dev/xvda1
and setup the swap partition
type mkswap /dev/xvdb1
if you have unformatted archive storage you can also type mkfs -t ext4 /dev/xvdc1 to format it.

Mount and install download files

create mount point for main drive and mount it

mkdir -p /mnt/slackware
mount /dev/xvda1 /mnt/slackware
mkdir -p /mnt/slackware/{boot/grub,slackdisk}

if you have archive storage, also run

mkdir -p /mnt/slackware/archive

to create a mount point for it.

Now to download the slack files (this takes around 5 mins)

rsync -avz --exclude source/ rsync.mirrorservice.org::ftp.slackware.com/pub/slackware/slackware64-15.0/ /mnt/slackware/slackdisk

now to add the slackware installer script.

cd /usr/local/sbin
rsync -a rsync.mirrorservice.org::ftp.slackware.com/pub/slackware/slackware64-15.0/source/a/pkgtools/scripts/installpkg ./
chmod 0755 installpkg

Part 3. Installing the packages

We'll now install the packages, deleting the package install files as we go, to save spaceIf your

cd /mnt/slackware/slackdisk/slackware64
for i in `ls */*.t?z`; do
installpkg --root /mnt/slackware/ /mnt/slackware/slackdisk/slackware64/${i}
rm -r /mnt/slackware/slackdisk/slackware64/$i
done

now we can remove any leftover files apart from the security patches

cd ..
rm -r `ls |grep -v patches`

we might as well copy over the DNS settings now before the next step.
cp -a /etc/resolv.conf /mnt/slackware/etc/

now to chroot into the new file system

cd /mnt/slackware
mount -t proc proc proc/
mount -t sysfs sys sys/
mount -o bind /dev dev/
chroot /mnt/slackware

We can now apply all the security updates

cd /slackdisk/patches/packages
upgradepkg *.t?z

now to remove all the updates except for kernel ones which we haven't applied

rm *.tx*

now for the kernel. lets remove the generic one, update the kernel packages, then remove the kernel package install files.

cd linux*
removepkg kernel-generic
upgradepkg kernel-headers*.t?z
upgradepkg kernel-modules*.t?z
upgradepkg kernel-huge*.t?z
upgradepkg kernel-source*.t?z
cd ..
rm -r lin*

At this point there will be about 7.9G free on a 25GB drive

Part 4. Compiling the new kernel

Step A

We need to rebuild the kernel with pvh and xen support.

cd /usr/src/linux
cp .config .config.orig
make menuconfig

change the following settings

• General setup
• • Kernel compression mode -> change to gzip as xen does not support lzma
• Processor type and features
• • Linux guest support
  • • Enable paravirtulization code
    • • * Xen guest support
      • * Xen PVH support
• Networking Support
• • Networking options
  • • * The IPv6 protocol
• File systems
• • * Second extended fs support
  • * The Extended 3 (ext3) file system
  • * The Extended 4 (ext4) file system

select save, then select exit type

make all -j2
make modules_install -j2
make install

(ignore lilo errors here)

We will create an tempory environment variable to hold the kernel version

KERNV=`ls /boot/System.map-hug*|awk -F"-" '{print $NF}'`

now to copy over our new files

cp -a .config /boot/config-$KERNV
cd /boot
mv System.map System.map-$KERNV
mv vmlinuz vmlinux-$KERNV

Step B

we'll now sort grub configuration.

grub-install /dev/xvda

(we probably don't need this, as xen does the booting :-) )

now to make sure that when we run grub-mkconfig we get a booting system

sed -i 's/#GRUB_DISABLE_RECOVERY/GRUB_DISABLE_RECOVERY/g' /etc/default/grub
sed -i '/^GRUB_DEFAULT.*/c\GRUB_DEFAULT=0' /etc/default/grub
sed -i 's/#GRUB_TERMINAL/GRUB_TERMINAL/g' /etc/default/grub

create /etc/grub.d/05_bitfolk containing

BFKERN=`ls -t /boot/vmlinu*|grep -v huge|grep -v old|head -n1`
OSNAME=`cat /etc/*-version`
MNAME=`echo $BFKERN|awk -F"-" '{print "kernel " $2}'`
BLKID=`blkid|grep /dev/xvda1|awk -F\" '{print $2}'`
#echo entry info to stdout
echo "menuentry '$OSNAME $MNAME' {"
cat << EOF
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod ext2
EOF
echo "    search --no-floppy --fs-uuid --set=root $BLKID"
echo "    echo 'Loading $MNAME …'"
echo "    linux $BFKERN root=/dev/xvda1 ro"
echo "}"

then run chmod 755 /etc/grub.d/05_bitfolk

Step C

type grub-mkconfig -o /boot/grub/grub.cfg

Note:

If you need to update the kernel in future, once you have downloaded the four new kernel packages and installed them (as per the end of the previous part), go through Step A and Step C of Part 4. again

Part5. Configure os prior to first boot

Because we are not using the slackware main setup installer, we will have to manually do a little bit of extra configuration.

fstab setup

We are not going to get far in the boot process without /etc/fstab so lets create that now, containing

/dev/xvdb1	swap		swap	swap		0	0
/dev/xvda1	/		ext4	defaults	1	1
/dev/xvdc1	/archive	ext4	defaults	1	2

(if you don't have archive storage, omit the last line)

network setup

edit /etc/HOSTNAME and put your hostname in, if you have a FQDN for your vps. eg. myvps.mydomain.com if you have done the install and updates, you will have a new rc.inet1.conf file, so as we are setting things up for the fist time, we'll use it. type

if [ -e /etc/rc.d/rc.inet1.conf.new ]; then rm /etc/rc.d/rc.inet1.conf; mv /etc/rc.d/rc.inet1.conf.new /etc/rc.d/rc.inet1.conf; fi

now edit /etc/rc.d/rc.inet1.conf and find the line beginning IPADDRS[0]= and put your ipaddress and CIDR mask which you recorded earlier in. eg: IPADDRS[0]="001.001.001.001/21" also find the line beginning GATEWAY= and put in your gateway ip as recorded ealier eg: GATEWAY="85.119.80.1" and save the file.

keyboard mapping

we need to set up the keyboard mapping. You can find a list at /mnt/slackware/usr/share/kbd/keymaps create /etc/rc.d/rc.keymap containing

#!/bin/sh
# Load the keyboard map.  More maps are available under /usr/share/kbd/keymaps
if [ -x /usr/bin/loadkeys ]; then
 /usr/bin/loadkeys uk.map
fi

then type chmod 0755 /etc/rc.d/rc.keymap to make it executable.

timezone

this setup uses London,UK as the timezone

cd /etc
rm localtime
ln -s /usr/share/zoneinfo/Europe/London localtime

Adjust the ln line to link to your timezone of choice.

Console access via xen hvc

We need to add the xen hvc console to inittab and securetty, otherwise we will not be able to log in over the console. Type

sed -i '/tty6/aco:12345:respawn:\/sbin\/agetty 38400 hvc0 linux' /etc/inittab
sed -i '/^console/ahvc0' /etc/securetty

kernel tuning

We can tune some kernel settings to our preference with sysctl. Create a file at /mnt/slackware/etc/sysctl.d/vm.conf with these contents:

vm.swappiness = 10
vm.vfs_cache_pressure = 150
vm.min_free_kbytes = 65536

Note:

the MariaDB documentation at https://mariadb.com/kb/en/configuring-swappiness/ suggests a swappiness of 1 so if your VM is primarily a database server, consider using this value instead.

Denyhosts

As you need to ssh to your server to work on it, ssh is a prime attack target for hackers. denyhosts is a usefull system to stop them. We need to install a dependency first.

cd /root
wget https://slackbuilds.org/slackbuilds/15.0/python/ipaddr-py.tar.gz
tar -xzf ipaddr-py.tar.gz
cd ipaddr-py
wget `cat ipaddr-py.info|grep "DOWNLOAD="|awk -F\" '{print $2}'`
./ipaddr-py.SlackBuild
cd ..
installpkg /tmp/ipaddr-py*.tgz

now to create and install the denyhosts package.

wget https://slackbuilds.org/slackbuilds/15.0/network/DenyHosts.tar.gz
tar -xzf DenyHosts.tar.gz
cd DenyHosts
wget `cat DenyHosts.info|grep "DOWNLOAD="|awk -F\" '{print $2}'`
./DenyHosts.SlackBuild
cd ..
installpkg /tmp/DenyHosts*.tgz
chmod +x /etc/rc.d/rc.denyhosts

We can now tidy up the package build directories rm -rf /root/ipaddr-py /root/DenyHosts we now need to add rc.denyhosts to rc.inet2

if [ `grep denyhosts /etc/rc.d/rc.inet2|wc -l` = 0 ]; then
  cat << EOF | sed -i '/sshd start/r /dev/stdin' /etc/rc.d/rc.inet2
fi

# Start denyhosts
if [ -x /etc/rc.d/rc.denyhosts ]; then
  /etc/rc.d/rc.denyhosts start
EOF
fi

we'll be a bit more lenient than the default deny after 1 failed attempt, otherwise a typo will block you sed -i 's/DENY_THRESHOLD_ROOT = 1/DENY_THRESHOLD_ROOT = 3/g' /etc/denyhosts.conf

sshd setup

As we just updated sshd, we can move over the new config file.

if [ -e /etc/ssh/sshd_config.new ]; then
  rm /etc/ssh/sshd_config
  mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config
fi

We have two options.

• option 1. allow root to log in with normal password over ssh.
  This is less secure, but more convenient
• option 2. use an ssh key to log in as root over ssh
  This is more secure, but less convenient

Option 1

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

now we can log in as root via ssh using a password. Note: it is not a good idea to do this on a public server without having extra protection such as denyhosts (as just set up), or a firewall limiting access to known ip's, such as your local public static ip, otherwise you will get hacked sooner or later. You need to make sure you have a secure long password if you choose this option.

Option 2

For improved security, you probably want to use keys for ssh-ing into your server as root. If you are connecting from a windows pc, then putty is the standard ssh client to use, and it comes with puttygen for generating keys.

Note:

use v 0.78 or higher, as earlier versions default to a v1 RSA key which is not accepted by default with slackware as it is less secure.

sed -i '/^#PermitRootLogin/s/#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config

how to set up ssh using keys for putty client for windows

• on the windows pc, run PuTTYgen, and click "Generate", move the mouse over the blank area while it generates the key. when done
• click "save public key" and save it on your pc with the .pub.key extension, eg. myvps.pub.key
• also click "save private key" and save it on your pc with the extension .ppk eg myvps.ppk
• on the vps still logged in as root on the console typemkdir /root/.ssh
• Copy the public key text from PuTTYgen and paste it in a single line in /root/.ssh/authorized_keys, ending in a newline. (the line begins with the coding type eg. ssh-rsa then a space, then the public key lines (with newlines removed), then a space, and then the comment text)
• change the permissions of the file
  chmod 600 /root/.ssh/authorized_keys
• save a session in putty set up with your vps ip address. in the data set the "auto login username" to root and in the ssh section click on browse, and locate your private key you saved earlier. Then save the session again, so you don't have to put in the settings each time.

how to set up ssh using keys for ssh client for linux

if you are connecting from a linux machine instead, you can

• type ssh-keygen as the user you will be connecting from (the user on the client pc). follow the prompts. you can omit the passcode if you want. this will generate two files under ~/.ssh/ id_rsa and id_rsa.pub
• copy the full contents of id_rsa.pub to the the server /root/.ssh/authorized_keys file as a single line (there should only be one public key per single line in this file)
• if this file did not previously exist, change the permissions on it chmod 600 /root/.ssh/authorized_keys
• to connect, use ssh -i ~/.ssh/yourkey user@your.vps.address eg. ssh -i ~/.ssh/id_rsa root@mybitfolk.vps.ipaddress

stop screen blanking on terminals

type

if [ `cat /etc/rc.d/rc.setterm|grep "^/bin/setterm -blank 15"|wc -l` -gt 0 ]; then
  sed -i "/^\/bin\/setterm -blank 15/s/\/bin/#\/bin/" /etc/rc.d/rc.setterm
  sed -i "/^#\/bin\/setterm -blank 0/s/#//" /etc/rc.d/rc.setterm
fi

Set root password and another user

We need to set the root password for our nice shiny new vps. Type

passwd

It is also good to create a non-previleged user, just in case.
adduser yourpreferedusername

you'll now have about 5.5G free space on your main drive.

We are done with pre-boot setup of our VPS.

type

exit

to exit your chroot, then type

poweroff

to power down the rescue vm. now at the console, type boot and your nice new slackware 15.0 vps, fully updated should start up, ready to play with. You can log in at the console, or ssh in to your vps.

If you have a look at /var/log/messages you will see lots of blocked hackers trying to ssh into your new vps. 

Aren't you glad for denyhosts.😀

You should probably set up iptables and iptables6 to pretect your vps further, but that can be the subject of another howto.

Now you can configure the functionality you actually want the vps for.... enjoy.