A-arch?

Do YOU want to be a semi neck beard and impress your somewhat neckish friends but don’t want to install gentoo and be a /g/tard? Arch is your new best friend.

omg… FOR FUCKS SAKE ANOTHER ARCH INSTALL GUIDE! No, no, no, this one is a little different, its more of a collaboration of things and I will be running through a complete install guide up to the point where you will be playing your favourite games natively in wine. And moreso the point of this is so you don’t end up running into a multitude of issues like crashing your computer ever time you run Xorg because for some reason you really messed up your graphics card drivers. Even if you are super newfag than you should be able to understand this guide.

This will be a 64 bit install.

Also note: I did all of this on my laptop which was not running arch at the time, so everything below is from memory. Please correct me on any typo’s I may have wrote or if I have missed anything.

Also I got sick and tired of seeing a WIP sitting on my desktop so I have just posted this incomplete. I will add shit to it when I get time. Hopefully there is enough here to get you pretty well settup.

Setting up the drives

I am going to assume that you are using a blank wiped hard drive and we are going to set everything up, including the partition table, from scratch.

Noobs be warned. Your data will be WIPED

Download your Arch Linux iso. You can find the download here.(insert link)

Making a bootable usb in Linux

Find where the download is located and have the path on hand. Now we are going to have to find out what the pathname is to the USB, i.e. where its mounted. The easiest way to do that is to check all of the currently inserted devices, then plug in your usb and check again. The new device is your usb, have this path on hand as well.

fdisk -l

You can see all of the drives connected using fdisk

sudo dd if=/path/to/file.iso of=/path/to/usb bs=1m

Run this command and replace the pathnames where applicable. If you are getting errors back saying something along the lines of invalid size or something just change bs=1m to bs=1M and that should fix it.

Making a bootable usb in OSX

Pretty much the same process as linux so I just copied what I have already written. The only difference is finding what devices are currently connected.

Find where the download is located and have the path on hand. Now we are going to have to find out what the pathname is to the USB, i.e. where its mounted. The easiest way to do that is to check all of the currently inserted devices, then plug in your usb and check again. The new device is your usb, have this path on hand as well.

diskutil list

This just lists all the connected devices. Run it make a note of everything that is currently connected and then plug in your usb and run it again to get the pathname. Protip: if you want to skip typing in the file name for iso you can just drag in the iso into the terminal and it will copy the pathname over.

sudo dd if=/path/to/file.iso of=/path/to/usb bs=1m

Run this command and replace the pathnames where applicable. If you are getting errors back saying something along the lines of invalid size or something just change bs=1m to bs=1M and that should fix it.

Making a bootable usb in Windows

https://rufus.akeo.ie/

http://www.linuxliveusb.com

Thanks to @Willdrick for the links

Great! You now have a bootable arch usb. Because of the variation in motherboards and booting stuff etc… I’m just going to assume that you can figure out how to boot off it. But once you are booted off it thane will be faced with the selection screen. We are going to choose the 64-bit version.

Making the partition tables and installing base arch

We are going to want to look at the current partition table on the hard drive. I am assuming you only have one hard drive connected to the motherboard. (N.B. You can find out what is connected using fdisk -l)

fdisk /dev/sda

Now if you want to see the current partitions of the drive you can use p

p

Because we are doing a completely clean install we are going to write a new DOS partition table.

o

Now everything is clean, lets make the partitions. Make a new partition, this is the swap

n

Its going to be a primary partition

p

Its going to be the first partition on the table

1

Now we are going to hit enter again because we want it to start at the beginning of the hard drive, and its going to be around 2 gigs, so we type in

+2G

We are going to select the type for that by hitting t

t

Select the partition number which should be 1

1

And now type in 82 which is the Linux Swap type for the partition.

82

We make a new partition

n

Its going to be primary again

p

Its going to be the second partition on the table so just hit enter and that should default to 2. We hit enter twice and that will default to take up the rest of the space on the hard drive. You can/should be splitting up your partitions for /var/ and /boot/ etc… but today for simplicity’s sake we are going to just put it all in the same partition.

Make that partition bootable

a

And select the partition number which should be 2

2

We hit w and write that to the disk

w

We make the swap

mkswap /dev/sda1

Turn on the swap

swapon /dev/sda1

Format the primary partition

mkfs.ext4 /dev/sda2

We mount the partition to a pre-existing directory

mount /dev/sda2 /mnt

Make a few directories that we will need later

mkdir /mnt/boot
mkdir /mnt/home

We are going to install arch but we are going to need internet for that. If you have a wireless card than you should be able to connect to it automatically with wifi-menu but in the case that you can’t than have a look through the arch wiki for a fix. In any case try one of the below methods.

Network Config Link:
https://wiki.archlinux.org/index.php/Network_configuration

Wired:

If you have a wired connection it should already be automatically connected but we will still need to enable it to start automatically on reboot.

ip link

This should give you back something that looks like this

ip link

1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp4s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ##:##:##:##:##:## brd ff:ff:ff:ff:ff:ff

Now we want the second option which should be something along the lines of enp#x# which is the LAN adapter. Run the following command

systemctl enable dhcpcd@eth4s0

Replacing eth4s0 with whatever your code was.

Wifi:

Install some packages using pacman and run wifi menu to connect to the network

wifi-menu
pacman -S wireless_tools dialog wpa_supplicant wpa_actiond

Enable the service

systemctl enable net-auto-wireless

If you have got internet than you can check your connection by just pinging a google server.

ping -c 3 google.com

If you do don’t have an internet connection you can see the section on wifi below for different methods

If you have internet you should be getting some data back. From here on I’m going to assume that you have a internet connection. Now we are going to pacstrap this mother fucker, I include base-devel cause I’m not a fucking weird cunt that doesn’t use sudo and disconnects his computer from the internet to use su. Really base-devel has a lot of useful stuff

pacstrap /mnt base base-devel

Now go and take a shit or a sleep for a while cause this aint going to be a quick process. Once that’s done generate the fstab

genfstab -p /mnt >> /mnt/etc/fstab

We are going to chroot into the mnt

arch-chroot /mnt

Set the hostname (just replace jfing-pc with whatever you want to call it)

echo jfing-pc > /etc/hostname

Now we are going to set the local timezone. Ideally choose the place closest to your physical location. Being an Ausfag mine is /Australia/Brisbane but you can list all of them using

timedatectl list-timezones

Or you can jump on this URL to get a list of all of them. https://www.archlinux.org/packages/core/any/tzdata/files/

Enter the applicable location

cp /usr/share/zoneinfo/Australia/Brisbane /etc/localtime

Generate the locale.

locale-gen

Set the clock

hwclock —systohc —utc

mkinitcpio -p linux

Make a password

passwd

Enter your password

And setup a boot loader, I’m just going to go with grub but some people like gummiboot or whatever floats your goat. Personally those are the same people who use zish instead of bash and ssh in through 10 proxies and VPN to log in because they are afraid that someone will steal their precious javascript calculator code that can return true for 0.1 + 0.2 == 0.3 Anyway we are going to install grub with pacman

pacman -S grub

Hit y and enter to continue with the install. Once that is installed we are going to install grub to the system being used

grub-install /dev/sda

Make the configuration file

grub-mkconfig -o /boot/grub/grub.cfg

exit

Unmount everything and reboot

umount -R /mnt
reboot

Congradufuckinglations. You just installed arch \m/

Setting up your basics

Log in as root and enter your password. We will make a new user in a little bit but while we are setting up the basic stuff that goes on in the background we are just going to stay in root for the minute.

Using Android phone as a hotspot for internet

https://wiki.archlinux.org/index.php/Network_configuration

You should already have this working but in the case that you don’t.

Now it is a common misconception, especially amongst wifi users, that if you did not install the wifi drivers, than you will not be able to connect to the internet and will have to do a reinstall or connect via ethernet to download said drivers. BUT. I have a fix. If you have an android phone (I haven’t tried a iPhone or windows phone) that can be tethered through USB, you can use it as a wifi modem. We will have to connect to it manually. I will run through that now.

USB tethering with android phone:

ip link

Before you plug it in run this command to show all the currently connected networking interfaces. You might have one, none or a few. It doesn’t matter. Now plug in your device, turn on USB tethering and run ip link again and you should have a new device come up. It should look something like the last one on the list.

ip link

1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp4s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether ##:##:##:##:##:## brd ff:ff:ff:ff:ff:ff
3: wlp2s0: mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
link/ether ##:##:##:##:##:## brd ff:ff:ff:ff:ff:ff
5: enp0s20u3: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ##:##:##:##:##:## brd ff:ff:ff:ff:ff:ff

Now you want this number

enp0s20u3f

Connect to it like this

dhcpcd enp0s203f

And it should work. Just ping it to see if you have a connection. You should be able to connect to your wifi or mobile data or whatever.

Configuring pacman

Oh shit… I will admit that when I wrote this guide, I left this part to the end. Fucking pacman, I love it and hate it at the same time. As a package manager its amazing. I love it. But setting it up properly is a cunt. The first time I used arch I fucked up my server list and spent an hour fixing it. Was not pretty. That day I reinstalled arch over 5 times. Anyway, I digress, setting up pacman. I’m going to write a bit on this subject because its quite important.

Pacman has a list of mirrors that it relays to, to get the packages. Although not ever server has all of the packages. So what it does is tries to download a package from the first server in the list and if the server doesn’t have the package it tries the next one and so on. The first server on the list of mirrors is not the closest one so we will have to set that up and its pretty nice to set up powerpill as well as it gives you parallel downloads, greatly speeding things up. I will talk about that as well a little further down, although that can be a bit wonky and sometimes doesn’t work for any particular reason. If, like me, you had powerpill mess up over and over again than you will want to just use pacman and so its important to optimise that.

Refreshing keys and optimising pacman's database indexing

Thanks to @kiipa for reminiding me about refreshing keys and pacman-optimize. It makes for a little faster searching and downloading of packages

pacman-optimize && pacman-key --init && pacman-key --populate archlinux

Optimising the mirror list
So when you first install arch its a little weird and doesn’t come with the right server list. Its just a jumble of servers chucked in and none of it is organised (well I’ve found this to be the case for some versions but not others). So lets get a fresh copy of that server list

pacman -S wget

Download wget

wget -O /etc/pacman.d/mirrorlist https://www.archlinux.org/mirrorlist/all/

This will just write over the top of the previous mirror list with the new one from the website. Its now nice and organised with the mirrors sorted into the ones from their own country.

The easiest way to now rank all the mirrors is to use a bash script called rankmirrors. So we want to backup the previous mirror list to edit it

cp /etc/pacman.d/mirrorlist /etc/oacman.d/mirrorlist.backup

Even if you fuck up somehow you can just redownload the mirror list with the wget command before. That will just write over the list with all the mirrors. Now I’m going to assume that you know how to use nano, I really don’t feel like doing a write up on it so have a look at it on the web somewhere. But when you are in nano you want to uncomment all the servers in your country and the world wide servers (the world wide servers have all of the packages just in case for some reason your country doesn’t have all the packages). When I say uncomment I mean just remove the # that is in front of the line. For instance

.#Server = http://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch

For some reason it won't let me just have the hash there. The dot is not meant to be there

is commented and therefore isn’t acknowledged when pacman reads the mirror list, when compared to

Server = http://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch

in which case pacman will use the server as a mirror. You can nano in like this

nano /etc/pacman.d/mirrorlist.backup

Now that you have only your country and the worldwide servers uncommented we are going to rank them by speed. This just basically pings them and gets a speed back and ranks the servers based upon the best results.

rankmirrors /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

Yay. Your mirrors are ranked and the download speed should be OVER 9000. Now we are going to have uncomment some things in the paceman.conf file so that we can get access to the 64 bit downloads and libraries. This is very important otherwise we are not going to be able to get all the support for the 64 bit drivers and then we will get crashes.

nano /etc/pacman.conf

You are going to want to have multilib, extra, community and core all uncommented

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[multilib]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

It should look like this. Refresh the package list

pacman -Sy

This will update pacman.

Pacman’s functions

Adding a package

pacman -S packagename

Removing a package

pacman -Rns packagename

Updating all the packages in the system

pacman -Syu

Querying the currently installed packages

pacman -Qs packagename

Searching the repos for a package

pacman -Ss packagename

If you want a bit more info on a specific package whether installed or on the repos you can just add a i

pacman -Qi packagename
pacman -Si packagename

Users

Users are very important for security reasons but you can read more of that else where on the internet and I’m going to save some time and just show you how to set it up.

useradd -m -g users -G wheel,storage,power -s /bin/bash jfing
passwd jfing

Now you replace jfing with whatever you want to call your username and you enter your password once prompted

As we installed base-devel we already will have sudo so we just need to edit in our user name so we can use sudo commands. We are going to use nano which is a terminal based text editor.

Yaourt

You will not be able to do this section or powerpill in root as root does not allow you to make packages. You must do this under a lower tier account. Do not run makepkg as sudo.

Yaourt is an easy way of accessing the goodies in the AUR. Its relatively easy to install although you have to compile it from source.

mkdir ~/builds
cd ~/builds
wget http://mir.archlinux.fr/~tuxce/releases/package-query/package-query-1.6.2.tar.gz
tar -xvf package-query.tar.gz
cd package-query
makepkg -s
pacman -U package-query*.pkg.tar.xz
cd ~/builds
wget http://mir.archlinux.fr/~tuxce/releases/yaourt/yaourt-1.6.tar.gz
tar -xvf yaourt.tar.gz
cd yaourt
makepkg -s
pacman -U yaourt*.pkg.tar.xz
yaourt -Syyu

When using yaourt do not put sudo infront.

Updating the Package list

yaourt -Syyu

Updating all of the system packages

yaourt -Syua

Installing Packages

yaourt packagename

And thats pretty much it. Man the fuck outta that shit if you don’t know what to do or check out the wiki.

Powerpill

Powerpill is great for big downloads such as graphics drivers or bigger DE’s like gnome. You will need to have yaourt installed to get the package from the AUR otherwise you are compiling it from source and thats a bitch. There is something wrong with Xyne’s repo and it doesn’t like my signature files no matter what I did. I just couldn’t get it to fingerprint the download. But install it like this

yaourt powerpill

Now use it exactly like pacman

pacman -S packagename
becomes
powerpill -S packagename
etc..

Video Drivers and GUI’s

You are going to want a bit of a GUI, so for that we are going to need to install Xorg and the relevant video drivers for your GPU. You should know what GPU you have and if you don’t than I am surprised that you made it this far.

Drivers

PLEASE READ:
Many things, especially Xorg and some DE’s rely heavily on the symlinks to drivers and their libraries. As such when uninstalling drivers, ESPECIALLY PROPRIETARY ONES, really really breaks your system and you may as well do a full reinstall. Pick your drivers carefully. Its much easier to hop between open source than it is for closed source.

While it has been pointed out to me that uninstalling drivers shouldn't break anything, from my personal experience, I've seen many people break their system through this. For this reason I have left out an uninstall guide. If you wish to uninstall drivers I'd strongly recommend visiting the arch wiki and searching for your respective drivers.

Most of the open source drivers are very similar when it comes to their roots (for instance the ati drivers are just chopped up vesa ones) and thus mostly rely on the same libraries, specifically mesa. This makes it easier to swap them out if you do a lot of that. Although the open source ones lack the performance of the proprietary ones so its up to you choose. Alternatively if you don’t really care about GPU performance you can install the vesa drivers which will work with just about anything flawlessly.

It is up to you to figure out how to uninstall them if something goes wrong.

Also, these are only for the newer cards. i.e. Anything post 400 series for Nvidia and anything 6000 series plus for ATI/AMD

Open Source

Nvidia

pacman -S xf86-video-nouveau mesa-libgl lib32-mesa-libgl

AMD:

pacman -S xf86-video-ati mesa-libgl lib32-mesa-libgl

Intel

pacman -S xf86-video-intel lib32-mesa-libgl

Proprietary

Nvidia:

pacman -S nvidia nvidia-libgl ; reboot -h now

AMD/ATI:

Currently there are some issues with linux kernel 4 and as such I will not give a full guide on installing these drivers as

a. They are not within the official arch repository and such aren’t guaranteed to work
b. I personally have not been able to get them working with the current version of linux

Here is the wiki on them, you are welcome to try to get them to work yourself and I would appreciate it if you post your results.

https://wiki.archlinux.org/index.php/AMD_Catalyst

Xorg

Install this AFTER you install your graphical drivers

Xorg is the display driver which is necessary for a DE or WM that isn’t in the terminal. You can install it with pacman, I chucked in other packages that are essential to having a functional DE

pacman -S xorg xorg-server xorg-server-utils xorg-apps

Browsers

Firefox

pacman -S firefox

Chromium

pacman -S chromium

Opera

pacman -S opera

JRE

The dev kit pulls the runtime as well and all associated dependancies so this should be all you need to get up and going with the latest version

pacman -S jdk8-openjdk

Browser Plugins

You will want to install some browser plugging to make things functional

Flash

pacman -S flashplugin

Java

pacman -S icedtea-web

Other browser plugins

There are many more plugins available through the AUR although you will need to add the repo’s for them. They are things like pipelight which is basically silverlight for linux, google hangouts extension which is under google-talkplugin and other things. You can see more on that here https://wiki.archlinux.org/index.php/Browser_plugins If you installed yaourt than you should be able to install them no worries.

Sound

Sound drivers are handled by alsa, install them like this

pacman -S alsa-utils lib32-alsa-lib lib32-alsa-plugins lib32-libpulse lib32-openal pulseaudio-alsa pulseaudio libpulse

It's also wise to install some codecs for use of audio playback. Gstreamer is probably the best although there are other alternatives.

pacman -S gstreamer gst-libav gst-plugins-bad gst-plugins-base gst-plugins-base-libs gst-plugins-good

This should get you setup with what you need. Bad aren't necessarily bad, they just aren't up to scratch documentation wise. I've never had any issue with them. Visit the arch wiki for more info on codecs if need be and install what you need. I've provided below a list of what I have on my system. You may need legacy support for some applications.

https://wiki.archlinux.org/index.php/Codecs

https://wiki.archlinux.org/index.php/GStreamer

gst-editing-services 1.4.0-1
gst-libav 1.4.5-1
gst-plugins-bad 1.4.5-4
gst-plugins-base 1.4.5-1
gst-plugins-base-libs 1.4.5-1
gst-plugins-good 1.4.5-3
gst-plugins-ugly 1.4.5-2
gst-python 1.4.0-3
gstreamer 1.4.5-1
gstreamer-vaapi 0.5.10-1
gstreamer0.10 0.10.36-4
gstreamer0.10-bad 0.10.23-10
gstreamer0.10-bad-plugins 0.10.23-10
gstreamer0.10-base 0.10.36-3
gstreamer0.10-base-plugins 0.10.36-3
gstreamer0.10-ffmpeg 0.10.13-2
gstreamer0.10-good 0.10.31-8
gstreamer0.10-good-plugins 0.10.31-8
gstreamer0.10-mm 0.10.11-1
gstreamer0.10-python 0.10.22-2
gstreamer0.10-ugly 0.10.19-14
gstreamer0.10-ugly-plugins 0.10.19-14
gstreamermm 1.4.3-1

Run alsamixer to set them up.

alsamixer

Test that its working with this

speaker-test -c 2

There is extensive support for these on the wiki if you are having issues

Trackpad Support

Drivers for the trackpad. Pretty simple

pacman -S xf86-input-synaptics

Desktop Environments and Window managers

DE:
https://wiki.archlinux.org/index.php/Desktop_environment

DM:
https://wiki.archlinux.org/index.php/Display_manager

I will add some guidance below on getting them working specifically for arch and setting up desktop managers below. As DE’s are different to each other and to list instructions for all of them would be ridiculous, I’m just going to give a guide for installing XFCE and LXDM together, check out the wiki’s for more info on the other desktops.

Note: It is best to sudo install this as the main user account rather than root as it sets things up a little better, you can still use it as any user but you have to edit a file or two. Go and have a look at the wiki if you want the guide on LXDE install as root.

Desktop Environment - XFCE

https://wiki.archlinux.org/index.php/Xfce

We install all of the dependancies and features.

pacman -S xfce4 xfce4-goodies gstreamer0.10-good-plugin

Now we want to setup Xorg to use XFCE as the DE

echo exec startxfce4 > ~/.xinitrc

Desktop Manager

https://wiki.archlinux.org/index.php/LXDM

Install LXDM

pacman -S lxdm librsvg

Set it to start on boot

systemctl enable lxdm

To set XFCE as the default session, nano into the conf file

nano ~/etc/lxdm/lxdm.conf

And change whichever line is session to start xfce, it should look like this

session=/usr/bin/startxfce4

And now you have a desktop manager. We can also install lxdm-themes with yaourt to add a bit more personalisation. Have a look about on the net for further details on theming.

yaourt lxdm-themes

Compiz and animations

Are you ricer as fuck and like your sick 3D window management? Well I’m a minimalist so I don’t have that shit but you just install it with yaourt and set it up. There are guides on the arch wiki. If someone wants to write one up for here, stick it in the comments section and I will edit it in.

Fonts

Fonts:
https://wiki.archlinux.org/index.php/Fonts

Very important to have all your fonts, especially for wine. There are more fonts than you will probably need here but it doesn't hurt to have a lot. If you install these than you shouldn't have any compatibility issues unless there is some edge case scenario

pacman -S ttf-dejavu ttf-liberation adobe-source-han-sans-otc-fonts ttf-freefont ttf-arphic-uming ttf-baekmuk ttf-droid ; yaourt ttf-ms-fonts ttf-vista-fonts

I quite like terminus for my terminal, chuck it in there if you want... or don't.

pacman -S terminus-font

WINE, Steam and Gaming

Plenty of messing about, breaking things and fixing them again.

Native Steam

General Gaming:
https://wiki.archlinux.org/index.php/Gaming

Steam:
https://wiki.archlinux.org/index.php/Steam

Linux gaming natively is quite simple, just install steam from the arch repo and then you go. As long as the drivers are set up will then there shouldn’t be any issue and it should run flawlessly.

pacman -S steam

Follow the prompts

WINE

Wiki Wine link:
https://wiki.archlinux.org/index.php/Wine

Steam+Wine:
https://wiki.archlinux.org/index.php/Steam_on_Wine

Incomplete

Do NOT run wine in root.

acman -S wine winetricks wine_gecko wine-mono lib32-libxm12 lib32-mpg123 lib32-lcms2 lib32-giflib lib32-libpng playonlinux
winetricks allfonts
winecfg
WINEARCH=win32 WINEPREFIX=~/win32 winecfg
WINEARCH=win32 WINEPREFIX=~/win32 winetricks -q msxm13 dotnet40 allfonts

Nada, its not done^^^^^^^

Interesting you chose MBR over gpt

It might be worth incorporating the other systemd utils into your guide timedatectl localectl hostnamectl come to mind. I think you've used one of them.

Since you've introduced aur. For chromium you can install additional binary plugins from the aur like pepper flash and the html5 DRM component that gets Netflix working.

Security

This section will always be a WIp. If anyone wants to add/change/suggest or otherwise to the points below, just say so. @r00tz31820, perhaps you can help out in this area

This section is by no means complete. I am not as proficient with this stuff as I’d like to be although this should keep you relatively protected from most things. I will also list some good sources that I have used when learning more about security and maintaining a safe system.

Most of the below is ripped straight from the paranoid security guide and there stands no reason for me to rearrange his words. Generally I have different profiles for different functions. For example my wine* stuff is actually under a very much restricted, separate user as it could possibly make for system vulnerabilities**. Any businessy work that I do, i.e. bank accounts are on an account with access only to whitelisted web addresses, etc…

*I’d advise against using wine, the reason being why I use it is that my system currently does not contain a strong enough nor suitable processor for good virtualisation through KVM.

**Whenever I install something, I add that account to the sudoer’s list temporarily, make sure no wine servers are running and install whatever it is and then I remove that account from the sudoer’s list.

Nada, its not done^^^^^^^

Antivirus

This is copypasta straight from the paranoid security guide. I take no credit.

ClamAV

To make sure eveything that gets into your system is clean and safe use ClamA[nti]V[irus].

To install:

$ sudo pacman -S clamav

To update:

$ sudo freshclam

To inspect e.g. your download folder:

$ sudo clamscan -ri /home/your-username/downloads

This will ClamAV do a scan recursively, i.e. also scan the content of folders and inform you about possibly infected files.

To inspect your whole system:

$ sudo clamscan -irv --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/media --exclude=/mnt

This will make ClamAV scan your system recursively in
verbose mode (i.e. show you what it is doing atm) whilst excluding
folders that shouldn't be messed with or are not of interest and spit
out the possibly infected files it finds. To also scan attached portable
media you need to modify the command accordingly.

Make sure to test everything you download for possible
infections. You never know if servers which are normally trustworthy
haven't been compromised. Malicious code can be hidden in every usually
employed filetype. (Yes, including .pdf!)

Remember: ClamAV is known for its tight nets. That means that you are
likely to get some false positives from time to time. Do a web-search if
you're in doubt in regards to its findings.

Firewall

Nada, its not done^^^^^^^

Rootkit

This is copypasta straight from the paranoid security guide. I take no credit.

RKHunter

The next thing to do is to set up RKHunter - which is short for [R]oot[K]itHunter.

What does it do? You guessed it: It hunts down rootkits.

Installation again is simple:

$ sudo pacman -S rkhunter

The best is to run rkhunter on a clean installation - just to make sure nothing has been tampered with already.

One very important thing about rkhunter is that you
need to give it some feedback: everytime you e.g. make an upgrade to
your sytem and some of your binaries change rkhunter will weep and tell
you you've been compromised. Why? Because it can only detect suspicious
files and file-changes. So, if you go about and e.g. upgrade the
coreutils package a lot of change will be happening in /usr/bin - and
when you subsequently ask rkhunter to check your system's integrity your
log file will be all red with warnings. It will tell you that the
file-properties of your binaries changed and you start freaking out. To
avoid this simply run the command rkhunter --propupd on a system which
you trust to not have been compromised.

In short: directly after commands like apt-get update && apt-get upgrade run:

$ sudo rkhunter --propupd

This tells rkhunter: 'sall good. wink

To run rkhunter:

$ sudo rkhunter -c --sk

You find rkhunter's logfile in /var/log/rkhunter.log. So when you get a warning you can in detail check out what caused it.

To set up a cronjob for RKHunter:

$ sudo geany /etc/cron.daily/rkhunter.sh

insert and change the mail-address:

!/bin/bash

/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "RKhunter Scan Details" [email protected]

make the script executable:

$ sudo chmod +x /etc/cron.daily/rkhunter.sh

update RKHunter:

$ sudo rkhunter --update

and check if it functions the way it's supposed to do:

$ sudo rkhunter -c --sk

Of course you can leave out the email-part of the cronjob if you don't want to make the impression on someone shoulder-surfing
your email-client that the only one who's sending you emails is your computer... wink

Generally, using snort and rkhunter is a good way to
become paranoid - if you're not already. So please take the time to
investigate the alerts and warnings you get. A lot of them are false
positives and the listings of your system settings. Often enough nothing
to worry about. But if you want to use them as security tools you will
have to invest the time to learn to interpret their logs. Otherwise just
skip them.
RKHunter-Jedi-Tricks

If you're in doubt whether you did a rkhunter --propupd
after an upgrade and you are getting a warning you can run the
following command:

$ sudo rkhunter --pkgmgr dpkg -c --sk

Now rkhunter will check back with your package-manager
to verify that all the binary-changes were caused by legitimate
updates/upgrades. If you previously had a warning now you should get
zero of them. If you still get a warning you can check which package the
file that caused the warning belongs to.

To do this:

$ dpkg -S /folder/file/in/doubt

Example:

$ dpkg -S /bin/ls

Output:

coreutils: /bin/ls

This tells you that the file you were checking (in this case /bin/ls) belongs to the package "coreutils".

Now you can fire up packagesearch.

If you haven't installed it:

$ sudo pacman -S packagesearch

To run:

$ sudo packagesearch

In packagesearch you can now enter coreutils in the
field "search for pattern". Then you select the package in the box
below. Then you go over to the right and select "files". There you will
get a list of files belonging to the selected package. What you want to
do now is to look for something like:

/usr/share/doc/coreutils/changelog.Debian.gz

The idea is to get a file belonging to the same package
as the file you got the rkhunter-warning for - but that is not located
in the binary-folder.

Then you look for that file within the respective folder and check the
file-properties. When it was modified at the same time as the binary in
doubt was modified you can be quite certain that the change was caused
by a legitimate update. I think it is save to say that some
script-kiddie trying to break into your system will not be that
thorough. Also make sure to use debsums when in doubt. I will get to
that a little further down.

VPN

Setting up a VPN in arch can be a bit tricky so I will simply refer you to the wiki.

https://wiki.archlinux.org/index.php/OpenVPN

Reading material

'/fucko/' threads are great reading material for becoming paranoid and keeping good security. As much BS the chans are full with /tech/ certainly does have some good info. I highly recommend reading the paranoid security guide if nothing else

Parnoid security guide:

/fucko/

/Fucko/ Squad General Thread v0.8.1

"Get on the ground, fucko! Squad, take his computer and all other electronics!"

ITT:

Computer security
Home security
online privacy
PC and data destruction methods
How to hide questionable images, video, audio, etc.
What to do in case squad ever actually breaks down your door

But I dont have anything to hide :^)
https://archive.is/hRxZZ

If you have done nothing wrong you should have nothing to hide.
If I've done nothing wrong there's no reason to search me.

Utillities

Just a list of some nice things that I usually install to have a functional system. I will keep adding to this as I go along.

libreoffice - a suite of word and spreadsheet editing software
eclipse - a coding environment for C++/C with a variety of features. Runs in a java environment
truecrypt - encryption software for containers.
thunderbird - email client, best IMO
rhythmbox - music player, its up to you what you want to use. It just works
mumble - the one and only

This has plently of suggestions for almost anything you could need. Just pacman them in and you are set
https://wiki.archlinux.org/index.php/List_of_applications

My Desktop

Just a screenshot of my desktop

To get all the info install screenfetch, to screenshot get scrot

pacman -S screenfetch scrot

run this to get a screenshot like I did

clear ; screenfetch ; scrot -d 1

Things to come

KVM Virtualisation - An Arch translation of @lessershoe’s tutorial on KVM virtual machines in openSUSE

Holy fucking wall of text batman!

Awesome guide though, and thanks for taking the time to explain each step without the requirement of a neckbeard-speak translator.

You're welcome.

Arch is a pretty big setup once you put it on paper and there is a steep learning curve in just understanding a lot of what goes on behind the scenes so I will update it as I go

Do you want this as a wiki post?

I didn't know we had a wiki

Yeah it can be wikified

Righto man, sounds good. I've also got a bit of a letter to send to mumble. I'll be done it tomorrow

I haven't got one from him yet.

Well HMU when you do. I will just keep adding stuff to this one until you are ready to shoot

Why? MBR is obsolete and not suitable for everybody.

Why should everyone have a 2 GB swap?

Why specifically EXT4?

This enables the service, doesn't start it. You're also doing it on the USB-drive, so it's pointless. dhcpcd <interface> is what you want.

Such as?

You should give an explanation of what chroot is, and why this is necessary.

You forgot to enable suitable locales.

These two are irrelevant to each other. An explanation of what an initramfs is and why you might need one is definitely suitable here.

To be pedantic it's GRUB2, not GRUB legacy. You should make a note of that.

Very professional. /s Also please don't spread FUD.

Should make a note that unless you know what you're doing you must install it on the disk, not a partition.

You just mounted /mnt, no need for -R.

You sure that it's the same for everybody?

pacman-optimize && pacman-key --init && pacman-key --populate archlinux

Should work just fine.

No, pacman -R pkg removes a package. The n and s options could end up being disasterous. Instead of going through the actions you should tell users are look at man pacman or the arch wiki's articles.

The arch wiki specifically says that you should not user an AUR-helper unless you're familiar with the manual process. You make no mention of the dangerous of AUR, or explain any of the steps, or mention that there are other helpers which might suit the user better.

Doesn't seem enough to convince someone that they actually need the package or what it's good for.

An AUR-helper also compiles from source, it simply does it automatically.

Are really sure you should be making a guide of how to install one of the more advanced distros when you make statements like these?

Nice...

Not everyone needs the same fonts. You should instead link the Arch wiki article on fonts.

I didn't read through it all, but no offense... this is a terrible guide. You're unprofessional, you don't justify and you don't seem to know what you're doing at all. The people who contribute to the Arch wiki maintain a good language, they explain and justify and they know what they're doing. Please just use the Arch wiki. People say that they get a good idea of what goes into a distro when they install Arch because every significant part is explained, such as what a bootloader is and why they should use syslinux over GRUB2 or vice versa.

The post is a wiki you are free to add to it.

On ext4: some steam games (Dying Light) won't work with XFS and BTRFS.

There's so much NOPE in this guide it's ridiculous.

Please RTFM before posting such tripe.

What's wrong with the wiki guide?

Then add to it.

http://www.linuxliveusb.com

https://rufus.akeo.ie

Those should do the trick. Lili is frendlier but Rufus is better

I think those of us who have criticised it won't add to it, because we think that guides like these shouldn't be made. The Arch wiki is a central place for knowledge and help, it's up-to-date, it's thorough, it's professional, and relatively unbiased (ie no "those who don't use GRUB are those who use 'zish' and multiple proxies because they're afraid someone will steal their simple Javascript code"). If the articles aren't good enough, then maybe Arch is not for you.

I don't use Arch (Suse & Gentoo), but the point of the guide was to be a quick and dirty guide to get someone (normal desktop) up and running in plain English.

Wouldn't it be more helpful to contribute than thumb your nose at it? Also it fits the more casual tone one of this site. Tek Syndicate isn't all that professional btw.

I don't think so, and I've explained why in my last post.

I see absolutely no good reason to try to duplicate the wiki in "plain English". Arch is Arch, it has a special audience and it fits best for that audience. I'm against distros (antergos, archbang, manjaro, bridge etc) and guides that try to make it into something else.