I spent this afternoon installing debian on the NSLU2 (slug). Once I'd
got over the initial nervousness of never having done something like
this before, it wasn't too hard - I just followed the instructions at:
http://www.cyrius.com/debian/nslu2/
step by step and about 5 hours later (mostly spent waiting for packages
to download), it was all done:
andy at monkey:~$ ssh andy at 10.0.0.4
#andy at 10.0.0.4's password:
Permission denied, please try again.
andy at 10.0.0.4's password:
Linux dolphin 2.6.26-1-ixp4xx #1 Sun Jan 11 06:56:23 UTC 2009 armv5tel
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Feb 19 20:41:29 2009 from 10.0.0.3
andy at dolphin:~$ sudo -i
[sudo] password for andy:
dolphin:~# free -m
total used free shared buffers cached
Mem: 28 18 10 0 1 9
-/+ buffers/cache: 7 21
Swap: 62 0 62
I have done a few debian installs before though - this part might be a
bit tricky for someone new to linux, or to debian. I could do some kind
of demo or talk about this at some point if people think it's worth
doing, though I'm not sure how much there is to talk about apart from
follow the instructions carefully...
I'm thinking of setting it up as a home web server at some point, but
could do with some basic advice about the security side of things if
anyone can help with that. One question is how likely this is to be a
problem (and would the fact that it's on an arm chip not intel reduce
the likelihood of a successful attack?); also what kind of precautions I
should take against this happening?
What I'm thinking of doing is:
- run a firewall (shorewall?). (Though is this necessary on such a small
network where there are only the localnet and internet zones to think
about? I'm assuming that it's something I should do, but not sure what
kind of attacks a firewall would really stop, given that only one
incoming port (http) is going to be open on my router, and I can make
sure that the server doesn't have any incoming ports open except http
and ssh)
- use aide to check the system files regularly. The way I'm thinking of
doing this is to put a bootable debian image (with aide installed) on a
flash disk, then every week or so boot my laptop from this with the
slug's usb hard drive plugged into the laptop as well, and check the
installation that way. Then install any updates, then calculate the
checksums again and store them on the flash disk. This is putting me off
somewhat, as I was doing something similar with another server I had a
while back, and it was a fair bit of hassle to keep it up every week. So
it would be good to know if this is overkill, or a sensible thing to do?
andy.