Operating System

As mentioned in System overview, Deveo is provided as a native operating system package, such as .rpm and .deb for one of our supported 64-bit architecture Linux platforms:

Since some of the above distributions have several minor versions, only the 2 latest minor releases are supported. For example, as of writing this document, the latest two releases of RedHat Enterprise Linux 6 family are 6.5 and 6.6. To benefit from the OS level security updates, performance optimizations, and compatibility with Deveo, closely follow the release cycle of the operating system in use and upgrade in a timely manner.

In addition to the operating system, the following preparations are required:

Ports

Deveo application binds to a number of ports that must be free before proceeding with installations. In some cases, the Linux distribution may already have an installed package that uses the ports Deveo needs. Therefore, make sure all the ports listed in Inbound and Inter-server connections are available. The following command can be executed to check if anything is listening on port 80:

netstat -tulpn | grep :80

Local Firewall

In addition to the company wide firewall, the local firewall may also be installed by default, for example iptables. Make sure it's either disabled or configured to accept the ports listed in Inbound and Inter-server connections.

UID and GID

When Deveo is installed, the new deveo user account and system group are created with predefined UID and GID of 21212, so make sure they are not reserved.

Locale

Make sure en_US.UTF-8 locale is installed and no errors are reported when running export LC_ALL=en_US.UTF-8.

Automatic updates and OpenSSH

Deveo is bundled with a custom OpenSSH binary, which is optimized for version control operations and also allows database look up for users authorized keys. Therefore, it is important that automatic updates are either disabled or configured to skip OpenSSH package. OpenSSH updates can be disabled as follows:

RHEL and CentOS

Open /etc/yum.conf and add the following line under [main] section:

exclude=openssh*

Debian and Ubuntu

sudo apt-mark hold openssh-server

Linux Security Modules

LSMs (Linux Security Modules) such as SELinux may also prevent Deveo from running. To disable LSMs:

RHEL and CentOS

Edit /etc/selinux/config and ensure that SELINUX is either in disabled or permissive mode. To avoid restarting the server for changes to come into effect, run the command below to immediaely disable SELinux:

setenforce 0

Debian and Ubuntu

Does not need any changes.

SSH Optimization

For Deveo setups that are relatively large, we found that setting the following parameters for SSHD helps with security and efficiency of the system overall:

MaxStartups 100
ClientAliveInterval 60
ClientAliveCountMax 3

You can add those parameters manually to /etc/ssh/sshd_config on either the deveo combo node or the deveo-web node.

Updated on: 28 April 2017