User Tools

Site Tools


distros:arch_linux_server

Information

  • Arch Linux 1)
  • Server

Prerequisites

Software

Update

sudo pacman -Syyuu

General

sudo pacman -S aria2 hdparm hidepid htop p7zip ufw unrar wget unzip python3

Settings

Uncomplicated Firewall

sudo ufw reset && sudo ufw default deny && sudo ufw limit '22'/'tcp' && sudo ufw logging off && sudo ufw enable && sudo systemctl enable 'ufw'

Boot Loader

GRUB

sudo -e '/etc/default/grub' && sudo grub-mkconfig -o '/boot/grub/grub.cfg'

Deadline I/O Scheduler

  • Rotational disks
elevator=deadline

Disable NMI watchdog

nmi_watchdog=0

Disable Webcam and Bluetooth

modprobe.blacklist=uvcvideo,btusb,bluetooth

Kernel Hardening

sudo -e '/etc/sysctl.d/harden.conf'
kernel.dmesg_restrict = 1
kernel.kptr_restrict = 1

Pacman Hooks

systemd Initramfs Regenerate

sudo mkdir -p '/etc/pacman.d/hooks' && sudo -e '/etc/pacman.d/hooks/system-initramfs-regen.hook'
[Trigger]
Operation = Upgrade
Type = Package
Target = systemd

[Action]
Description = Generating initramfs...
Depends = linux
When = PostTransaction
Exec = /usr/bin/mkinitcpio -P

Secure Shell

Computer-specific

Kraityn

hdparm Tweaks

sudo -e '/etc/systemd/system/hd-tweak.service' && sudo systemctl daemon-reload && sudo systemctl enable 'hd-tweak' --now && sudo systemctl status 'hd-tweak' -l
[Unit]
Description=hdparm Tweaks

[Service]
Type=oneshot
ExecStart='/usr/bin/hdparm' -A '1' '/dev/sda'
ExecStart='/usr/bin/hdparm' -B '255' '/dev/sda'
ExecStart='/usr/bin/hdparm' -J '0' --please-destroy-my-drive '/dev/sda'
ExecStart='/usr/bin/hdparm' -S '0' '/dev/sda'
ExecStart='/usr/bin/hdparm' -W '1' '/dev/sda'

[Install]
WantedBy=multi-user.target

Automatic Updates

Service

sudo -e '/etc/systemd/system/arch-up.service'
[Service]
Type=oneshot
ExecStart='/usr/bin/pacman' -Syyuu --noconfirm -q
ExecStart='/usr/bin/sync'
ExecStart='/usr/bin/systemctl' reboot

Timer

sudo -e '/etc/systemd/system/arch-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'arch-up.timer' --now && sudo systemctl start 'arch-up' && sudo systemctl status 'arch-up' -l
[Unit]
Description=Software Package Maintenance and Updater
After=NetworkManager-wait-online.service

[Timer]
OnCalendar=*-*-* 06:10:00
Persistent=true

[Install]
WantedBy=timers.target

Pacman Mirrorlist

Service

  • Grabs US mirrors (IPv4, HTTPS)
sudo -e '/etc/systemd/system/mirrors-up.service'
[Service]
Type=oneshot
ExecStart='/usr/bin/wget' 'https://www.archlinux.org/mirrorlist/?country=US&protocol=https&ip_version=4' -O '/tmp/mirrorlist'
ExecStart='/usr/bin/sed' -i 's/#Server/Server/g' '/tmp/mirrorlist'
ExecStart='/usr/bin/mv' '/tmp/mirrorlist' '/etc/pacman.d/mirrorlist'
ExecStart='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/mirrors-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'mirrors-up.timer' --now && sudo systemctl start 'mirrors-up' && sudo systemctl status 'mirrors-up' -l
[Unit]
Description=Pacman Mirrorlist Generator
After=NetworkManager-wait-online.service

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

Steven Black's Unified Hosts File

Service

sudo -e '/etc/systemd/system/hosts-up.service'
[Service]
Type=oneshot
ExecStart='/usr/bin/wget' 'https://github.com/StevenBlack/hosts/archive/master.zip' -O '/tmp/master.zip'
ExecStart='/usr/bin/unzip' '/tmp/master.zip' -d '/tmp'
ExecStart='/usr/bin/python3' '/tmp/hosts-master/updateHostsFile.py' --auto --replace
ExecStart='/usr/bin/rm' -Rf '/tmp/master.zip' '/tmp/hosts-master'
ExecStart='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/hosts-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'hosts-up.timer' --now && sudo systemctl start 'hosts-up' && sudo systemctl status 'hosts-up' -l
[Unit]
Description=Hosts File Protection Updater
After=NetworkManager-wait-online.service

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

Notable Folders and Commands

Show CPU Frequency

grep 'MHz' '/proc/cpuinfo'
watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'

Partition Information

df -hT

Optimal GCC compiler flags

gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
distros/arch_linux_server.txt · Last modified: 2016/10/23 03:31 by Sean Rhone