Installing Slackware64 15.0
Before you start
The default recommended install for slackware64 15.0 is complete. The space used can obviously be reduced by not installing things like X, or servers that are not going to be used, but this how-to doesn't assume what you will or won't use. That is left to you in the usual slackware way.
This install is based on 25GB of VPS storage. Anything less than 25GB of storage is going to be a squeeze because you are going to need some space for recompiling the kernel in addition to all the other packages you want to install. You should have about 5.5GB free space once the installation is complete.
You can use nano to edit/create new files during this setup process, but as ctrl-o is hooked by the xen console, you'll need to press ctrl-x then type y to save your file instead.
Part 1. configure the vps settings
Log in to the xen shell via ssh either on linux/mac or via putty on windows
ssh yourserver@yourserver.console.bitfolk.com
You will need to use the ssh key you supplied when ordering the VPS (or the password if you did not provide a key).
before we check the disks, we make sure the vm will be using the recommended settings
Type
arch x86_64
to set the vm to 64bit Type
virtmode PVH
to set the vm virtual mode to PVH if you are wiping and installing fresh, then shutdown the existing vm by typing
shutdown
By default bitfolk allocate two virtual disks for your virtual machine. xvda (the main amount) and xvdb (an amount equal to the ram you have allocated) for swap. (If you purchased archive space, that will show as xvdc in your vm, but will not appear in the console.)
Type disks to view and change the arrangement of virtual drives made up out of your purchased disk space.
Current disk layout:
1. xvda 25,600MiB
2. xvdb 1,024MiB
Total disk capacity 26,624MiB
Reserved for backups 2,048MiB
Available for allocation 0MiB
Unless you have specific requirements to alter this, it should be fine as is. When you are happy with the virtual disk allocation, you can get back to the xen-shell prompt and continue....
For this install we are assuming at least 25GB of space allocated to the first virtual disk /dev/xvda
Part 2. boot to rescue image, get network settings, partitioning and format drives, mount and download the install files
boot to rescue image
- type rescue
- log on as user with password given
- change to root type
sudo su -
get network settings
- type
ip addr|grep "inet "|tail -n1|awk '{print $2}'|awk -F"/" '{print $1}'to get your public static ip4 address. make a note of it - type
ip addr|grep "inet "|tail -n1|awk '{print $2}'|awk -F"/" '{print $2}'to get your public static ip4 netmask CIDR. make a note of it - type
ip ro|grep default|awk '{print $3}'to get your ip4 gateway. make a note of it - type
cat /etc/resolv.conf|awk '{print $2}'to get the bitfolk nameservers. make a note of it
partition and format drives
- type
fdisk -l|grep "Disk /dev"|grep -v "loop"to check the drives of the virtual machine.
Your main ssd drive is /dev/xvda
We will be clearing the drive, partitioning and formatting, so
Warning: any existing data will be wiped. - type
fdisk /dev/xvda - then
oto set a dos partition table - then
nfor a new partition - then
pfor a primary partition - then press enter to accept the default parition number (1)
- then press enter to accept the default start position
- then press enter to accept the default end position.
- then type
wto write the changes to the drive. - Now for the swap drive. type
fdisk /dev/xvdb - then
ofor a dos style partition table - then
nfor a new partition - then
pfor a primary partition - then press enter to accept the default partition number
- then enter to accept the default start position
- and enter to accept the default end position
- type
tto specify the partion type. it will default to the only partion (1) - type
swapto set it to swap type - type
wto write the changes to the drive - if you have archive storage which is un-initialised, you can set it up now.
- type
fdisk /dev/xvdc - then
oto set a dos partition table - then
nfor a new partition - then
pfor a primary partition - then press enter to accept the default parition number (1)
- then press enter to accept the default start position
- then press enter to accept the default end position.
- then type
wto write the changes to the drive.
Now to format the new ssd partition as ext4 (or other FS as you wish)
type mkfs -t ext4 /dev/xvda1
and setup the swap partition
type mkswap /dev/xvdb1
if you have unformatted archive storage you can also type mkfs -t ext4 /dev/xvdc1 to format it.
Mount and install download files
create mount point for main drive and mount it
mkdir -p /mnt/slackware
mount /dev/xvda1 /mnt/slackware
mkdir -p /mnt/slackware/{boot/grub,slackdisk}
if you have archive storage, also run
mkdir -p /mnt/slackware/archive
to create a mount point for it.
Now to download the slack files (this takes around 5 mins)
rsync -avz --exclude source/ rsync.mirrorservice.org::ftp.slackware.com/pub/slackware/slackware64-15.0/ /mnt/slackware/slackdisk now to add the slackware installer script.
cd /usr/local/sbin rsync -a rsync.mirrorservice.org::ftp.slackware.com/pub/slackware/slackware64-15.0/source/a/pkgtools/scripts/installpkg ./ chmod 0755 installpkg
Part 3. Installing the packages
We'll now install the packages, deleting the package install files as we go, to save spaceIf your
cd /mnt/slackware/slackdisk/slackware64
for i in `ls */*.t?z`; do
installpkg --root /mnt/slackware/ /mnt/slackware/slackdisk/slackware64/${i}
rm -r /mnt/slackware/slackdisk/slackware64/$i
done
now we can remove any leftover files apart from the security patches
cd .. rm -r `ls |grep -v patches`
we might as well copy over the DNS settings now before the next step.
cp -a /etc/resolv.conf /mnt/slackware/etc/
now to chroot into the new file system
cd /mnt/slackware mount -t proc proc proc/ mount -t sysfs sys sys/ mount -o bind /dev dev/ chroot /mnt/slackware
We can now apply all the security updates
cd /slackdisk/patches/packages upgradepkg *.t?z
now to remove all the updates except for kernel ones which we haven't applied
rm *.tx*
now for the kernel. lets remove the generic one, update the kernel packages, then remove the kernel package install files.
cd linux* removepkg kernel-generic upgradepkg kernel-headers*.t?z upgradepkg kernel-modules*.t?z upgradepkg kernel-huge*.t?z upgradepkg kernel-source*.t?z cd .. rm -r lin*
At this point there will be about 7.9G free on a 25GB drive
Part 4. Compiling the new kernel
Step A
We need to rebuild the kernel with pvh and xen support.
cd /usr/src/linux cp .config .config.orig make menuconfig
change the following settings
- General setup
- Kernel compression mode -> change to gzip as xen does not support lzma
- Processor type and features
- Linux guest support
- Enable paravirtulization code
- * Xen guest support
- * Xen PVH support
- Networking Support
- Networking options
- * The IPv6 protocol
- File systems
- * Second extended fs support
- * The Extended 3 (ext3) file system
- * The Extended 4 (ext4) file system
select save, then select exit type
make all -j2 make modules_install -j2 make install
(ignore lilo errors here)
We will create an tempory environment variable to hold the kernel version
KERNV=`ls /boot/System.map-hug*|awk -F"-" '{print $NF}'`
now to copy over our new files
cp -a .config /boot/config-$KERNV cd /boot mv System.map System.map-$KERNV mv vmlinuz vmlinux-$KERNV
Step B
we'll now sort grub configuration.
grub-install /dev/xvda
(we probably don't need this, as xen does the booting :-) )
now to make sure that when we run grub-mkconfig we get a booting system
sed -i 's/#GRUB_DISABLE_RECOVERY/GRUB_DISABLE_RECOVERY/g' /etc/default/grub sed -i '/^GRUB_DEFAULT.*/c\GRUB_DEFAULT=0' /etc/default/grub sed -i 's/#GRUB_TERMINAL/GRUB_TERMINAL/g' /etc/default/grub
create /etc/grub.d/05_bitfolk containing
BFKERN=`ls -t /boot/vmlinu*|grep -v huge|grep -v old|head -n1`
OSNAME=`cat /etc/*-version`
MNAME=`echo $BFKERN|awk -F"-" '{print "kernel " $2}'`
BLKID=`blkid|grep /dev/xvda1|awk -F\" '{print $2}'`
#echo entry info to stdout
echo "menuentry '$OSNAME $MNAME' {"
cat << EOF
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
EOF
echo " search --no-floppy --fs-uuid --set=root $BLKID"
echo " echo 'Loading $MNAME …'"
echo " linux $BFKERN root=/dev/xvda1 ro"
echo "}"
then run chmod 755 /etc/grub.d/05_bitfolk
Step C
type grub-mkconfig -o /boot/grub/grub.cfg
 Note: | If you need to update the kernel in future, once you have downloaded the four new kernel packages and installed them (as per the end of the previous part), go through Step A and Step C of Part 4. again |
Part5. Configure os prior to first boot
Because we are not using the slackware main setup installer, we will have to manually do a little bit of extra configuration.
fstab setup
We are not going to get far in the boot process without /etc/fstab so lets create that now, containing
/dev/xvdb1 swap swap swap 0 0 /dev/xvda1 / ext4 defaults 1 1 /dev/xvdc1 /archive ext4 defaults 1 2
(if you don't have archive storage, omit the last line)
network setup
edit /etc/HOSTNAME and put your hostname in, if you have a FQDN for your vps.
eg. myvps.mydomain.com
if you have done the install and updates, you will have a new rc.inet1.conf file, so as we are setting things up for the fist time, we'll use it. type
if [ -e /etc/rc.d/rc.inet1.conf.new ]; then rm /etc/rc.d/rc.inet1.conf; mv /etc/rc.d/rc.inet1.conf.new /etc/rc.d/rc.inet1.conf; fi
now edit /etc/rc.d/rc.inet1.conf and find the line beginning IPADDRS[0]=
and put your ipaddress and CIDR mask which you recorded earlier in.
eg: IPADDRS[0]="001.001.001.001/21"
also find the line beginning GATEWAY= and put in your gateway ip as recorded ealier
eg: GATEWAY="85.119.80.1"
and save the file.
keyboard mapping
we need to set up the keyboard mapping. You can find a list at /mnt/slackware/usr/share/kbd/keymaps
create /etc/rc.d/rc.keymap containing
#!/bin/sh # Load the keyboard map. More maps are available under /usr/share/kbd/keymaps if [ -x /usr/bin/loadkeys ]; then /usr/bin/loadkeys uk.map fi
then type chmod 0755 /etc/rc.d/rc.keymap to make it executable.
timezone
this setup uses London,UK as the timezone
cd /etc rm localtime ln -s /usr/share/zoneinfo/Europe/London localtime
Adjust the ln line to link to your timezone of choice.
Console access via xen hvc
We need to add the xen hvc console to inittab and securetty, otherwise we will not be able to log in over the console. Type
sed -i '/tty6/aco:12345:respawn:\/sbin\/agetty 38400 hvc0 linux' /etc/inittab sed -i '/^console/ahvc0' /etc/securetty
kernel tuning
We can tune some kernel settings to our preference with sysctl. Create a file at /mnt/slackware/etc/sysctl.d/vm.conf with these contents:
vm.swappiness = 10 vm.vfs_cache_pressure = 150 vm.min_free_kbytes = 65536
| Note: | the MariaDB documentation at
https://mariadb.com/kb/en/configuring-swappiness/ suggests a swappiness of 1 so if your VM is primarily a database server, consider using this value instead. |
Denyhosts
As you need to ssh to your server to work on it, ssh is a prime attack target for hackers. denyhosts is a usefull system to stop them. We need to install a dependency first.
cd /root
wget https://slackbuilds.org/slackbuilds/15.0/python/ipaddr-py.tar.gz
tar -xzf ipaddr-py.tar.gz
cd ipaddr-py
wget `cat ipaddr-py.info|grep "DOWNLOAD="|awk -F\" '{print $2}'`
./ipaddr-py.SlackBuild
cd ..
installpkg /tmp/ipaddr-py*.tgz
now to create and install the denyhosts package.
wget https://slackbuilds.org/slackbuilds/15.0/network/DenyHosts.tar.gz
tar -xzf DenyHosts.tar.gz
cd DenyHosts
wget `cat DenyHosts.info|grep "DOWNLOAD="|awk -F\" '{print $2}'`
./DenyHosts.SlackBuild
cd ..
installpkg /tmp/DenyHosts*.tgz
chmod +x /etc/rc.d/rc.denyhosts
We can now tidy up the package build directories
rm -rf /root/ipaddr-py /root/DenyHosts
we now need to add rc.denyhosts to rc.inet2
if [ `grep denyhosts /etc/rc.d/rc.inet2|wc -l` = 0 ]; then cat << EOF | sed -i '/sshd start/r /dev/stdin' /etc/rc.d/rc.inet2 fi # Start denyhosts if [ -x /etc/rc.d/rc.denyhosts ]; then /etc/rc.d/rc.denyhosts start EOF fi
we'll be a bit more lenient than the default deny after 1 failed attempt, otherwise a typo will block you
sed -i 's/DENY_THRESHOLD_ROOT = 1/DENY_THRESHOLD_ROOT = 3/g' /etc/denyhosts.conf
sshd setup
As we just updated sshd, we can move over the new config file.
if [ -e /etc/ssh/sshd_config.new ]; then rm /etc/ssh/sshd_config mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config fi
We have two options.
- option 1. allow root to log in with normal password over ssh.
This is less secure, but more convenient - option 2. use an ssh key to log in as root over ssh
This is more secure, but less convenient
Option 1
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
now we can log in as root via ssh using a password. Note: it is not a good idea to do this on a public server without having extra protection such as denyhosts (as just set up), or a firewall limiting access to known ip's, such as your local public static ip, otherwise you will get hacked sooner or later. You need to make sure you have a secure long password if you choose this option.
Option 2
For improved security, you probably want to use keys for ssh-ing into your server as root. If you are connecting from a windows pc, then putty is the standard ssh client to use, and it comes with puttygen for generating keys.
| Note: | use v 0.78 or higher, as earlier versions default to a v1 RSA key which is not accepted by default with slackware as it is less secure. |
sed -i '/^#PermitRootLogin/s/#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
how to set up ssh using keys for putty client for windows
- on the windows pc, run PuTTYgen, and click "Generate", move the mouse over the blank area while it generates the key. when done
- click "save public key" and save it on your pc with the .pub.key extension, eg. myvps.pub.key
- also click "save private key" and save it on your pc with the extension .ppk eg myvps.ppk
- on the vps still logged in as root on the console type
mkdir /root/.ssh - Copy the public key text from PuTTYgen and paste it in a single line in /root/.ssh/authorized_keys, ending in a newline. (the line begins with the coding type eg. ssh-rsa then a space, then the public key lines (with newlines removed), then a space, and then the comment text)
- change the permissions of the file
chmod 600 /root/.ssh/authorized_keys - save a session in putty set up with your vps ip address. in the data set the "auto login username" to root and in the ssh section click on browse, and locate your private key you saved earlier. Then save the session again, so you don't have to put in the settings each time.
how to set up ssh using keys for ssh client for linux
if you are connecting from a linux machine instead, you can
- type
ssh-keygenas the user you will be connecting from (the user on the client pc). follow the prompts. you can omit the passcode if you want. this will generate two files under ~/.ssh/ id_rsa and id_rsa.pub - copy the full contents of id_rsa.pub to the the server /root/.ssh/authorized_keys file as a single line (there should only be one public key per single line in this file)
- if this file did not previously exist, change the permissions on it
chmod 600 /root/.ssh/authorized_keys - to connect, use
ssh -i ~/.ssh/yourkey user@your.vps.addresseg. ssh -i ~/.ssh/id_rsa root@mybitfolk.vps.ipaddress
stop screen blanking on terminals
type
if [ `cat /etc/rc.d/rc.setterm|grep "^/bin/setterm -blank 15"|wc -l` -gt 0 ]; then sed -i "/^\/bin\/setterm -blank 15/s/\/bin/#\/bin/" /etc/rc.d/rc.setterm sed -i "/^#\/bin\/setterm -blank 0/s/#//" /etc/rc.d/rc.setterm fi
Set root password and another user
We need to set the root password for our nice shiny new vps. Type
passwd
It is also good to create a non-previleged user, just in case.
adduser yourpreferedusername
you'll now have about 5.5G free space on your main drive.
We are done with pre-boot setup of our VPS.
type
exit
to exit your chroot, then type
poweroff
to power down the rescue vm. now at the console, type boot and your nice new slackware 15.0 vps, fully updated should start up, ready to play with. You can log in at the console, or ssh in to your vps.
If you have a look at /var/log/messages you will see lots of blocked hackers trying to ssh into your new vps.
Aren't you glad for denyhosts.😀
You should probably set up iptables and iptables6 to pretect your vps further, but that can be the subject of another howto.
Now you can configure the functionality you actually want the vps for.... enjoy.