mohaham
April 10th, 2005, 10:33 AM
Hi Folks,
I came across some good tips for Debian users, check them out...
INSTALL
apm
* if ACPI doesn't work and/or your system is older, use apm
cpufreqd
*(manual and automatic adjusting of cpu speed)
gnome cpufreqd applet
* interface to above
go to /usr/bin as root and chmod +s cpufreq-selector (now you can change speeds by clicking on icon in gnome-panel)
laptop-mode-tools
* controls spindown of hard disks and cpu speed on/off battery
laptop-net
* auto configures networking when you plug in cable, disables when you unplug;
tpb (for thinkpads)
xosd
add nvram to /etc/modules (for thinkpads, maybe others)
* these add on-screen display and operation for laptop control buttons
if suspend doesn't work, add scripts in /etc/apm/suspend.d and resume.d to stop and restart alsa and pcmcia services which can interfere with suspend. It's easy... just copy an existing script and tweak it.
firestarter
* easy to use firewall - you can allow incoming connections by clicking on them or setting policies; I added it to the networking script to start/stop when networking did
ssh
* don't use ftp or telnet, use ssh for secure communications!
CONFIGURE:
change /etc/syslog.conf and reroute everything to /dev/tty8 instead of log files --> reduces disk activity and you can see stuff by pressing CTRL-ALT-F8
change /etc/hdparm.conf and add dma, 32bit, multisector and umask settings to your hard drive
change /etc/fstab and add noatime to all writeable media in the options section (ie. rw,user,noatime) These prevents your hard disk from writing access time on each file you read
change /etc/inittab and comment out all but the first two of the six console ttys... saves RAM
move /etc/exim4 DISABLED_exim4 and /etc/inetd DISABLED_inetd as these are probably useless services on a notebook
SECURITY
* prevent outside use of portmap
edit /etc/default/portmap to listen only to localhost
but keep it around for famd which automatically updates your file browser contents when they change
* not allow root login on consoles
mv /etc/securetty to DISABLED_securetty and touch and empty version; this forces you to login as a regular user and su to root
* not allow ssh root login
make sure you install and use ssh for communicating remotely to/from your notebook
edit /etc/ssh/sshd_config to remove rootlogin... again this means you must ssh in as a regular user and su to root
* remove linux info and warn off people
change /etc/issue to a prohibition on unauthorized use and email address for loss/theft. These file is displayed on consoles
* install nmap and run it to probe ports
you should have many other than cups, instant messenger, mail, portmap, etc.
Original post -- http://www.osnews.com/comment.php?news_id=9516
I came across some good tips for Debian users, check them out...
INSTALL
apm
* if ACPI doesn't work and/or your system is older, use apm
cpufreqd
*(manual and automatic adjusting of cpu speed)
gnome cpufreqd applet
* interface to above
go to /usr/bin as root and chmod +s cpufreq-selector (now you can change speeds by clicking on icon in gnome-panel)
laptop-mode-tools
* controls spindown of hard disks and cpu speed on/off battery
laptop-net
* auto configures networking when you plug in cable, disables when you unplug;
tpb (for thinkpads)
xosd
add nvram to /etc/modules (for thinkpads, maybe others)
* these add on-screen display and operation for laptop control buttons
if suspend doesn't work, add scripts in /etc/apm/suspend.d and resume.d to stop and restart alsa and pcmcia services which can interfere with suspend. It's easy... just copy an existing script and tweak it.
firestarter
* easy to use firewall - you can allow incoming connections by clicking on them or setting policies; I added it to the networking script to start/stop when networking did
ssh
* don't use ftp or telnet, use ssh for secure communications!
CONFIGURE:
change /etc/syslog.conf and reroute everything to /dev/tty8 instead of log files --> reduces disk activity and you can see stuff by pressing CTRL-ALT-F8
change /etc/hdparm.conf and add dma, 32bit, multisector and umask settings to your hard drive
change /etc/fstab and add noatime to all writeable media in the options section (ie. rw,user,noatime) These prevents your hard disk from writing access time on each file you read
change /etc/inittab and comment out all but the first two of the six console ttys... saves RAM
move /etc/exim4 DISABLED_exim4 and /etc/inetd DISABLED_inetd as these are probably useless services on a notebook
SECURITY
* prevent outside use of portmap
edit /etc/default/portmap to listen only to localhost
but keep it around for famd which automatically updates your file browser contents when they change
* not allow root login on consoles
mv /etc/securetty to DISABLED_securetty and touch and empty version; this forces you to login as a regular user and su to root
* not allow ssh root login
make sure you install and use ssh for communicating remotely to/from your notebook
edit /etc/ssh/sshd_config to remove rootlogin... again this means you must ssh in as a regular user and su to root
* remove linux info and warn off people
change /etc/issue to a prohibition on unauthorized use and email address for loss/theft. These file is displayed on consoles
* install nmap and run it to probe ports
you should have many other than cups, instant messenger, mail, portmap, etc.
Original post -- http://www.osnews.com/comment.php?news_id=9516