Installation
Debian installation can be divided into three parts. First is when you boot your machine with a Debian bootable DVD/CD and do the base install. The second part consists of installing major packages such as the X Window system, mail server/client and common network components. After that you get a fully working Debian machine with Gnome or KDE, or both, and the tools you need. But if you are one of those not satisfied with all this (some 1.5 GB of installed software), then you can move on to the third stage. Till the second stage, you have installed just a thousand of more than 6,000 packages that are available on this month's PCQ Xtreme DVD. So in the third stage you can install as many packages as you want using the Debian Package Manager called Synaptic.
Installing base components
|
You need a machine with a DVD-ROM drive for the installation. Ensure that your system can boot from this drive. If required change the boot preference from your BIOS, to boot from the DVD drive first. Now place this month's DVD disk and boot the machine.
A major disadvantage with Debian is that, in stage one, it has a complete text-based installation process. Once the installation begins, with your desired kernel version, the first three screens that appear will ask you to select your language, country and keyboard layout respectively. Select the country, India in our case, from the second screen and go with the default options (English) for the first and third screens, as they don't offer Indian languages to choose from.
|
Next, when the installer will ask for the host name and domain name of the machine, fill in the desired host name and name of the domain of which the machine is a part. If it is a standalone machine then use 'local' as the domain name.
Now comes the most important part-partitioning of the disk. Here, we assume that you are installing a Debian only machine, for personal (desktop) use. (If you want to do a dual-boot or want a server installation then read the boxes.)
Select the first option, which says 'Entire Disk' and in the next screen, select the 'All files in one partition' option. Tracking just a single partition for things such as free space and installed applications is easier for new users. But it also creates a single point of failure; if this partition is gone then all your data also goes. The next screen gives you a summary of the partition that you have just created. Here select the last option, which says 'Finish partitioning and write into disk'. A warning message will pop up saying all the previous data in the drive will be lost. Select the Yes button and proceed.
|
Now comes the point where Grub, the boot loader, is to be installed. The installer usually detects whether you are running more than one OS. It was one in our case. So the installer suggests that you should install the boot loader in the MBR, which in any case is the best idea. Press the Yes button and you are done with the first stage. Now the installer will install all the base packages and restart the machine. At this time don't forget to remove the media from the DVD drive or the machine will reboot from it again.
Installing the X Window system
After the system reboots you will be presented with a Grub boot menu from where you can select either the normal Debian boot or the fail-safe boot. Select the first option and proceed. As the system boots up, you will be greeted with a Debian Configuration Agent, which will guide you through the rest of the installation and configuration. At first it will take you through all those standard settings questions that every Linux distro asks for, such as the time zone and root password.
|
After all the settings are done, the agent will prompt you to select the media from where you can install the components. The Debian Package Management tool, 'Apt' will install packages from the media that you select. Select the first option 'cdrom' and re-insert the Debian DVD into the drive and hit Enter. It will now scan for the index files and ask you to insert any other media that has Debian packages (if any) into it. Here select No.
It will pop up a list of components to select
from. You can select desired components, such as Desktop environment and File Server. You can also select individual packages inside these groups, by selecting the last option. But doing so using the command line Apt (the Debian Package Manager) is not very easy, so it's better to select the major components from the screen and then install the others during the third stage.
Depending on the components you select, the installer takes you through the configuration steps. Follow them. If you want, you can exit the configuration at this time by canceling these steps, and do them graphically after the X Window system is installed.
There are two important things you should not forget to configure at this time, which are the Security Update installation and X Window configuration. The X Window configuration is quite easy as most of the hardware is installed automatically by the installer. If you are connected through the Internet, then this is the best time to download and install the security patches. Just click on the Yes button and wait. It will automatically download and install all the necessary patches. After all the components are installed and configured, your GDM (Gnome Desktop Manager) will be automatically loaded and the default desktop environment (Gnome 2.6) will start.
Setting basic security options
Firewall
Every Linux distro today comes with a firewalling mechanism (such as IPTables) built-in to the kernel. Usually, they are totally command-line based and hence difficult to configure. That's the reason why a lot of front ends are available for it, meant for the desktop user or system administrator. Here we'll look at the two front ends that come with Debian, namely firestarter for the desktop and FwBuilder for the server.
|
Personal firewall
Firestarter front end, as the name suggests, is meant for 'starters', or those new to Linux. It not only works as a firewall, but also as a personal IDS (Intrusion Detection System). Its installation and configuration are really simple. To install it, open up the Debian Package Manager (Synaptic) and scroll down to the 'System Administration' section. Here, select the package named 'firestarter' and press the Apply button.
To start firestarter, go to the Application menu in Gnome and select the Internet submenu. Then select the Firestarter icon from here and a front end will pop up. It takes just a few clicks to configure and start it. The entire process takes you through three screens. First is the welcome screen, second is the screen where you have to select the network device on which you want to apply the firewall, and finally the third stage asks you whether you want to completely disallow all requests coming to the computer or want some services to be accessible such as www, ftp and telnet.
Now as you hit the Save button, another window will open which will show you all the real time logs of any connection
attempt being thrown to the machine.
Network firewall
We will use another front end for IPTables, which is so comprehensive that it allows creating of a full-fledged firewall for the network. For using a Debian machine as a network firewall it is advisable that you do a server installation on the machine (read the box Server Installation) and additionally install one of the GUI interfaces if you want to avoid the scripting and commands for configuring the firewall. Run the Synaptic Package Manager and scroll down to the 'Networking' section and select and install the fwbuilder package. To run it, open up a terminal and type
|
#fwbuilder
A graphical front end will open up, from where you can build any type of firewall using any of the popular firewalling mechanisms such as IPChains, IPFilter and IPTables. This software also has some predefined templates for creating different types of firewall. For instance, there's one for a single machine, and one for a network supporting external, internal and DMZ interfaces. (To know how to configure and use firewall builder see Firewall Builder, page 50, PCQuest, November 2004.)
Anti Virus
Yes, even Linux needs anti virus these days. And Debian comes with two popular anti-virus packages. One is f-prot, but only its installer ships with Debian since it's not
redistributable.
You can, however, run the installer, and download f-prot from the Internet. The other one is clam, an open-source product. To install it, start the Synaptic Package Manager and hit the Search button for 'clam'. It will list seven packages, select clamav and clamav-daemon options. This will automatically select the base and freshclam packages. Now press the Apply button to install them.
While installing, it will open a terminal window for configuring freshclam. This is the component responsible of updating the virus database from the Internet. Here you will be presented with five options. The most common and important ones are the first two. Select the first option 'freshclam daemon', if you have a continuous Internet connection, and this will run freshclam as a background process, which will try to download new virus databases whenever they're available. But if you have an Internet connection which is not always on (such as dial-up) then select the second 'ifup.d' option. Selecting this will automatically run the freshclam process whenever you connect to the Net.
|
In case of the second option the wizard will ask you to select the network device you may want to monitor. Enter the right device (such as eth0, ppp0) and proceed. It will now ask the mirror site from where you may want to download the updates. Select the first option and proceed. Select all the default options here and follow the wizard. After about two to three screens, clam will be installed and configured.
Another package called Amavis anti virus, can be integrated with your mail server to scan your mail for viruses.
IDSs and forensic
Firewall and anti virus aren't sufficient to combat security threats today. You also need intrusion detection software to determine whether anybody's snooping around on your network.
|
Debian comes with a host of IDSs, but the best one according to us is Ettercap. We've already talked
about using it on PCQ Linux in our previous issues, but this one's no different. One good thing though is that Debian also ships with a graphical (gtk based) front end for Ettercap, which makes it even easier to use and configure it. There are also some good computer forensics and HoneyPot tools available with Debian such as TCT (The coroner's toolkit) and sleuthkit. We have covered both in our previous
issues.
Security and other updates
One of the important aspects of security system is to keep it updated with the patches and updates. In Debian we have the APT (Advanced Packet Manager) to do this. You can configure APT so that it can download all weekly updates from Debian's website. To do this first of all you have to configure APT for the nearest mirror site from where you want to download the updates. To do so, run the command
#apt-setup
It will start up a menu driven text-based interface. Select the second option 'http' and hit Enter. A list of countries will open, select India and proceed.
Here it will ask you to give your proxy server's address. Provide it if you have one, else leave it blank and press Enter to finish the setup. It will take some time to read the index file available from the site you provided and complete the configuration.
After this you just have to run two commands each week to update. You can even create a shell script of these commands and make a cron job so that they will run automatically every week. The shell script should look like this
apt-get dist-upgrade
apt-get update
Now save this file to /etc/cron.weekly with executable rights and your machine will automatically get update each week.
Configuring the desktop
Debian has all the standard functionalities that a desktop user may need. Just like any other Linux distro, Debian also comes with the two popular GUIs, Gnome 2.6 and KDE 3.2. The former is its default desktop, but after working on both, we felt that KDE was easier to use for a newbie, largely because it can camouflage Windows and Mac looks and even offers a larger number of applications for personal usage. To configure it as your default interface, select 'sessions' from the Logon-screen file menu and set it to KDE. After logging in to the KDE desktop, it will ask if you want to set it as a default desktop permanently. Click on Yes and it will be done.
Printer configuration
To configure printer, first install 'cupsys' from the Synaptic Package Manager. Then click on KDE Start>Settings>Printer Manager, a 'configure printer manager' window will open. Here, select CUPS (Common Unix Printing Service) from the 'Print system currently used'. Then from the toolbar click on 'Add>Add Printer/Class'. This will launch a wizard, where you will have to select the location of your printer (Local or Network Printer) and then click on Next. If you have selected Local, the next screen will ask for the connect port of your printer (USB or LPT). Select one according to your setup and click on Next. You will get a screen showing the list of available printer drivers, select one that you require and click on Next. Now you can test your printing setup by clicking on the Test button. If everything is fine you will get a test print page on your printer. This wizard includes most of the common printers available in the market.
|
Desktop office applications
Debian has lots of office productivity applications. It includes four office suites, namely OpenOffice 1.1, Gnome Office, Koffice, and Abiword. Plus, it comes with kmail for e-mail, Mozilla for Web browsing and chatting, and knopete unified instant messenger (supports multiple IMs like Yahoo!, MSN etc). All software can be easily installed through its package manger. You can access all office applications by clicking on KDE Start>Office. Debian also has calendaring and contact management software. KOrganizer is a package in KDE, which stores your contacts and also lets you organize your meeting schedules.
|
Graphics applications
Debian also fulfills the requirements of a graphics designer. As it comes with Gimp 2.0 (a substitute of Photoshop), DIA (diagram and chart editor) and kpaint. It also has many other advanced graphics applications and tools such as blender (a 3D-animation software) and SANE (scanner software). These advanced graphics applications can be installed on Debian using the Synaptic Package Manager. Launch the Synaptic Package Manager, and on the left-window panel click on the drop-down menu and select 'section'. This will give you a section wise list of packages. From the section, select the 'Graphic'
or 'Graphics' (contribute) and from the right-window panel, select the packages you want to install.
Internet access
Configuring Internet access in Debian is pretty simple, whether it's dial-up or broadband. To configure a broadband connection such as ADSL on your Debian desktop, just click on 'ADSL/PPPoP configuration' from KDE Start>Internet. It will run a command line wizard and to configure it, give your root password to start the wizard. The wizard will auto-detect your ADSL connection and ask for your username and password for the connection (provided by your ISP), give the correct credentials and your broadband connection will be up and ready. If you have a dial-up connection, then configure it by using the Internet Dial-up Tool
(KPPP).
|
Multimedia
Debian has a lot of multimedia applications too, from listening to music to ripping audio and video formats. All multimedia packages are found under KDE Start>Multimedia. To play music (MP3, WMA, OGG), movies (AVI, MPEG, Divx), DVDs and audio/video CDs, it has a single multimedia player called Xine. If you want to rip MP3 from a music CD, launch CD Ripper from KDE Start>Multimedia. In this first configure the ripping Encoder, for which click on Settings>Configure KAudio Creator from the CD Ripper Interface. Now you will get a KAudio Creator configuration window. Here, from the left-window panel select Encoder icon. In the 'Encoder configuration', select Lame and click on Apply and then OK. Now put an audio CD in your CD/DVD drive, and KAudio Creator will read all audio tracks and show them on KAudio Creator's screen. Select the audio tracks that you want to encode to MP3 and then click on 'Rip Selected Audio Track' button. It will rip and encode your selection to your home directory. If you want to create your own DVD movies, then install the DVD authoring package (dvdauthor) from the Synaptic Package Manager. Unfortunately Debian does not have a GUI interface for DVD authoring, you have to do it using the command line. But you can download a GUI front end for this command-line tool from the given link
http://sourceforge.net/projects/qdvdauthor.
Anindya Roy and Sanjay Majumder