Packages (Wheezy)

This document covers package management itself, in addition to documenting some smaller packages that I use.

Apt
I tend to use aptitude rather than apt-get, personally, and I always turn off 'auto-resolve dependencies' and 'install recommended packages automatically'.

Your mileage may vary, but I try to know something about every component going into my system.


 * /etc/apt/sources.list

deb http://ftp.us.debian.org/debian/ wheezy main deb-src http://ftp.us.debian.org/debian/ wheezy main deb http://ftp.us.debian.org/debian/ wheezy-updates main deb-src http://ftp.us.debian.org/debian/ wheezy-updates main

deb http://security.debian.org/ wheezy/updates main deb-src http://security.debian.org/ wheezy/updates main

Generally a good idea to try to find your closest mirror. Sometimes your host even provides a mirror - will certainly make them happier if you use it.

To save time, I automatically run apt-get update hourly, through cron:

/usr/bin/apt-get update /usr/bin/apt-get -dy upgrade
 * /etc/cron.hourly/apt-get-update
 * 1) !/bin/sh
 * 2) /etc/cron.hourly/apt-get-update
 * 3) Much simpler than the cron-apt package.

Run:

chmod 0750 /etc/cron.hourly/apt-get-update

This automatically checks for updates, and downloads them, but it does not apply them.

DotDeb?
While not always needed, you may find yourself frustrated by Debian's slow upgrade page of some packages, most notably php and the plethora of bugs within.

Run

wget http://www.dotdeb.org/dotdeb.gpg apt-key add dotdeb.gpg

And add

deb http://packages.dotdeb.org wheezy all deb-src http://packages.dotdeb.org wheezy all

to your sources.list

Package Removal
Debian has some defaults that you probably do not need on a server:


 * Basic Purge: acpi-support-base, acpid, acpi, at, bsd-mailx, exim4, exim4-base, isc-dhcp-client, isc-dhcp-common, laptop-detect, libx11-data, libxau6, libxdmcp6, mutt, portmap, procmail, python 2.6, tasksel, xauth, xkb-data
 * Make sure openssh-server doesn't get removed along with tasksel and friends. 
 * deluser --remove-all-files Debian-exim


 * The culturally insensitive may also purge: console-setup, console-terminus, kbd, keyboard-configuration
 * /etc/console-setup may need to get removed manually


 * If not using nfs, rpcbind and nfs-common

Package Additions

 * apt-get install conntrack sysstat iotop lm-sensors ninja chkconfig sash libpam-tmpdir heirloom-mailx zip unzip rkhunter unhide libdigest-whirlpool-perl acct nmap cgdb sudo
 * You may want to devote some time to what acct and sysstat can do for you.


 * Development: apt-get install fakeroot debhelper build-essential


 * Better editing: apt-get install vim vim-doc exuberant-ctags
 * Heretics may substitute this with their inferior editor of choice
 * update-alternatives --config editor
 * /etc/vim/vimrc
 * syntax on, set background=dark, set showmatch, set mouse=nvc
 * I uncomment set mouse in /etc/nanorc as well. I sometimes am training people and teaching both vim and some other arcane topic at the same time can become more than it is worth.

ntpdate
Significantly more lightweight than ntp, easier to configure and one less server to run. If you have a number of machines at a site, you may want to run one server and have the others pull off of it. Beyond this, though,

if [ -f /usr/sbin/ntpdate-debian ]; then /usr/sbin/ntpdate-debian -B fi
 * /etc/default/ntpdate
 * NTPOPTIONS=" -B "
 * forces slewing. Prevents time travel. Time travel bad.
 * /etc/cron.hourly/ntpdate
 * 1) !/bin/sh
 * 2) /etc/cron.hourly/ntpdate
 * 3) ntpdate autorun


 * Run:

chmod 0750 /etc/cron.hourly/ntpdate

Random silly packages

 * fortunes (and friends), cowsay, filters
 * Is good to greet visitors with a talking cow. Reminds you how seriously you should take your job.


 * bsdgames, nethack, slashem
 * One of these decades I will get around to ascending...