I've been working on migrating existing Sarge based domU's to Etch. I have decided to do everything from scratch instead of trying to migrate the domU's.

It is a home based system I'm running, with mail server, webservers, db servers, dns servers etc. So basically each server type gets it's domU, or in some cases more. These domU's is running on 3 computers, and I am the only lucky administrator.

As a preparation I have prepped a domU template with all common stuff as a base image for the domU's. I can then use Xen-Tools to use the image when creating the ordinary domU's. When the domU's are created, the actual server software is installed and configured.

What I have included/configured as a common base in the template image after the base etch debootstrap install is

SSH

• Copied nesecarry keys to authorized keys
• Disabled root login
• Enabled only specific users
• Enabled only specific ip addresses
• Disabled password based logins

RSYNC

Used for backup of the server image ( over ssh )

SUDO

Used to handle the backup user, and limiting what it can do

MUNIN

Installed munin agent for basic monitoring

SYSLOG-NG

Replaced sysklogd with syslog-Ng

STUNNEL

Installed stunnel for use with syslog-ng and central logserver, and copied the logserver certificate.

APT-CACHER

Configured aptitude to go through an apt-cacher proxy instance

NULLMAILER

Installed and configured nullmailer to forward all system mail to my admin address

CRON-APT

Installed cron-apt to check for security updates , and send mail when updated packages are updated

MAILX

Installed mailx to get cron-apt to send mail.

OSSEC-HIDS

Installed an ossec-hids agent, binary install. No debian packages for this one.

FIREHOL

Installed Firehol to handle the firewall stuff

Any suggestions to what I have forgotten , that should be a part of such a base image ?