I have to admit something: I already started working on the server, but somehow, I blew it up. I don’t know what the exact problem was, but I had nothing but trouble.
I decided to start all over; also, because I had read through some security guides concerning PaX and grSecurity and did not understand one single word, I decided to stick with normal gentoo-sources and not with hardened-sources (but still securing the box as much as possible).
Here’s what we do today: Setting up the LVM. Download the stage3 and portage tarball, extract them and prepare make.conf. Quite a big deal, so let’s get started!
LVM-setup: First, make sure that /dev/hda3 and /dev/hdb1 are set to partition type 8e (LVM). Then, activate the swap on /dev/hda2. Now, using the LVM guide, I create a volume group called “vgroup” containing the partitions /dev/hda3 and /dev/hdb1. Then, I create these directories as logical volumes:
- /usr (takes 9.1GB on the current environment) – I’ll give this 20GB
- /opt (not existent on the current environment) – I’ll give this 2GB
- /var (takes 720M on the current environment) – this will get 10GB
- /tmp (takes almost nothing on the current environment) – this will get 2GB
- /home (containing all the MP3s, videos and all the data, currently taking 33G) – this will get the largest part of the rest, I make it with 200GB.
- This leaves around 40GB unallocated for emergencies.
As described in the LVM guide, I create the logical volumes and format them – with reiserFS, I decided to give it a shot.
Now, following chapter 5 of the handbook, I download the i686 stage3 tarball and the portage snapshot. I extract both, as given in the handbook. Then, I update make.conf to look like this:
CHOST="i686-linux-pc-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j2"
PORTAGE_NICENESS=3
AUTOCLEAN="yes"
FEATURES="distlocks parallel-fetch"
USE="nptl"
Let’s advance to chapter 6 of the handbook – before chrooting, select the mirrors and the rsync mirror and finally copy over DNS info. That’s about it for today – stay tuned for more!
