Differences between revisions 29 and 30
Revision 29 as of 2015-06-15 07:49:33
Size: 4364
Editor: ?WolfgangSchweer
Comment: replace leftover French variable with English one.
Revision 30 as of 2015-07-29 09:48:46
Size: 4798
Editor: ?AurélienTisné
Comment: add a new SSH key type and fail2ban and lvm impacts
Deletions are marked like this. Additions are marked like this.
Line 56: Line 56:
Adjust {{{/etc/ssh/ssh_host_rsa_key.pub}}}, {{{/etc/ssh/ssh_host_dsa_key.pub}}} and {{{/etc/ssh/ssh_host_ecdsa_key.pub}}} ({{{root@hostname at the end}}}). You need to restart the service. Adjust {{{/etc/ssh/ssh_host_rsa_key.pub}}}, {{{/etc/ssh/ssh_host_dsa_key.pub}}}, {{{/etc/ssh/ssh_host_ed25519_key.pub}}} and {{{/etc/ssh/ssh_host_ecdsa_key.pub}}} ({{{root@hostname at the end}}}). You need to restart the service.
Line 72: Line 72:

=== fail2ban ===
fail2ban scan logs to detect connexion failures and can ban IP on too many failures.

The hostname may be in the {{{sender}}} mail address in {{{/etc/fail2ban/jail.local}}}. You need to reload the service.

=== lvm ===
Logical Volume Manager (LVM) is a device mapper target that provides logical volume management.

Hostname appears in the backup configuration file {{{/etc/lvm/backup/<your Volume Group>}}}.
Line 125: Line 135:
Take care you'd better do a grep before...

Translation(s): English - Italiano

Rename a computer

This page explains how to change a system's hostname (i.e. rename a computer/server)

Executive summary: hostname(1) isn't enough.

Contents

  1. Rename a computer
    1. Core networking
    2. Application specific
      1. avahi
      2. CUPS
      3. ejabberd
      4. Exim
      5. Mailname
      6. Message Of The Day
      7. OpenSSH server
      8. Self-signed SSL certificate
      9. ssmtp
      10. sysklogd
      11. fail2ban
      12. lvm
    3. Idea of script to help you on
      1. Intrusive script
      2. Not-so intrusive script
    4. See also

Core networking

  • Update /etc/hostname

  • Update /etc/hosts, so local address(es) resolves with the new system name.

  • Reload the network configuration. You have two options:
    • Reload configuration files

      <!> This will temporarily disconnect your system from the network (ssh usually resists short disconnection)

      <!> This might definitively disconnect your system from the network because networking might not restore connections; please reboot, which is not lazy, but ensures that your setup is really correct 

      invoke-rc.d hostname.sh start
invoke-rc.d networking force-reload
invoke-rc.d network-manager force-reload

      ToDo: is it useful to reload network-manager?

    • or the lazy way: Restart the system.

Application specific

avahi

Avahi is used to publish (announce) local services. If you tweaked /etc/avahi/* you should run: 

  • invoke-rc.d avahi-daemon force-reload

CUPS

CUPS is the Common Unix Printing System.

Adjust the /etc/printcap file.

You'll want to change the old hostname in any lines like this, hostname in bold: Kyocera_TASKalfa_3050ci|Kyocera TASKalfa 3050ci:rm=debian:rp=Kyocera_TASKalfa_3050ci: You'll need to restart the service for changes to take effect.

ejabberd

Refer to the Change Computer Hostname section of the ejabberd Installation and Operation Guide.

Exim

Reconfigure Exim (this adjusts /etc/exim4/update-exim4.conf.conf and /etc/mailname): 

  • dpkg-reconfigure exim4-config

Or adjust manually /etc/exim4/update-exim4.conf.conf (hostname=). You need to restart the service.

Mailname

Reconfigure Exim (see above) or adjust manually /etc/mailname. You don't need to restart the service.

Message Of The Day

Adjust /etc/motd. You don't need to restart a service.

OpenSSH server

Adjust /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_ed25519_key.pub and /etc/ssh/ssh_host_ecdsa_key.pub (root@hostname at the end). You need to restart the service.

Self-signed SSL certificate

Recreate the self-signed certificate created by the ssl-cert package using the hostname currently configured on your computer. 

  • make-ssl-cert generate-default-snakeoil --force-overwrite

You need to restart the services using it, e.g. apache2.

ssmtp

Ssmtp is a light weight, send-only SMTP server.

Adjust /etc/ssmtp/ssmtp.conf (hostname=, etc.). You don't need to restart the service.

sysklogd

In order to make new hostname appear on syslog you should restart sysklogd service

fail2ban

fail2ban scan logs to detect connexion failures and can ban IP on too many failures.

The hostname may be in the sender mail address in /etc/fail2ban/jail.local. You need to reload the service.

lvm

Logical Volume Manager (LVM) is a device mapper target that provides logical volume management.

Hostname appears in the backup configuration file /etc/lvm/backup/<your Volume Group>.

Idea of script to help you on

Intrusive script

Please understand that this script is dangerous. You should check if all the files listed by grep -rl "$old" /etc must really be modified before launching this script: 

   1 #!/bin/bash
   2 #
   3 usage() {
   4    echo "usage : $0 <new hostname>"
   5    exit 1
   6 }
   7 
   8 [ "$1" ] || usage
   9 
  10 old=$(hostname)
  11 new=$1
  12 
  13 grep "$old" /etc/ -rl 2>/dev/null |
  14 while read file
  15 do
  16       sed "s:$old:$new:g" "$file" > "$file.tmp"
  17       mv -f "$file.tmp" "$file"
  18 done

Take care you'd better do a grep before...

Not-so intrusive script

#!/bin/bash
# 
usage() {
   echo "usage : $0 <new hostname>"
   exit 1
}

[ "$1" ] || usage

old=$(hostname)
new=$1

for file in \
   /etc/exim4/update-exim4.conf.conf \
   /etc/printcap \
   /etc/hostname \
   /etc/hosts \
   /etc/ssh/ssh_host_rsa_key.pub \
   /etc/ssh/ssh_host_dsa_key.pub \
   /etc/motd \
   /etc/ssmtp/ssmtp.conf
do
   [ -f $file ] && sed -i.old -e "s:$old:$new:g" $file
done

See also