2.1 :: Baseline OS Install |
| Prev | Next | Index | |
This section provides some details on the baseline OS installation, before the DAS components are installed. The assumption here is that you are already familiar with installing Red Hat GNU/Linux systems. Therefore, this is not a detailed, step-by-step guide. This is simply an overview of what was done in our case to set the servers up so that they were ready to install Kerberos and NIS services.
Our DAS servers run on Red Hat Linux 9, but there is no reason that they could not be setup on a different distribution, or even a BSD or Solaris system. However, all subsequent instructions and testing assume Red Hat 9 on the server side. I am also assuming that you will use reasonable hardware choices with respect to disks, power, network connections, etc.
Partitioning - I like to use separate partitions for important directories. With a 75 GB disk, here is how I partitioned it:
Filesystem Size Used Avail Use% Mounted on /dev/hda1 99M 9.2M 85M 10% /boot /dev/hda2 13G 205M 12G 2% / /dev/hda3 20G 1.5G 17G 9% /usr /dev/hda5 20G 69M 19G 1% /var /dev/hda6 9.4G 33M 8.9G 1% /home /dev/hda7 1.6G 33M 1.5G 3% /tmp /dev/hda8 251M SWAP
The partitions were formatted as EXT3 journaling file systems, and I instructed the partitioning tool to check for bad blocks.
Bootloader Password - I specified a bootloader password.
IP information - I specified that eth0 be activated on boot, and gave it a FQDN and static IP address. Three DNS server addresses were specified: 10.10.20.250, 10.10.19.250, and 4.2.2.3.
Firewall Setting - Initially, I set this to the "high" level, customized to allow connections to TCP port 2222, and disabled any other inbound connections. No trusted devices were listed.
System Clock - I set this up for "system clock uses UTC", and the Asia/Taipei timezone.
Authentication Configuration - Leave at defaults: MD5 + Shadow Passwords
Package Selection - This is fairly critical. When you select a category, you can then go into that category and select (or deselect) items. I chose not to install many packages, though I did install Gnome and software development sets like the C compiler. Here is a summary:
Total size of install was listed at 1,594 MB.
Create Boot Disk - Perform this step and put the disk in a safe place.
Video Card and Monitor - In my case, here were the settings:
Section "Monitor"
Identifier "Monitor0"
VendorName "Monitor Vendor"
ModelName "SyncMaster"
DisplaySize 340 270
HorizSync 30.0 - 81.0
VertRefresh 60.0 - 60.0
Option "dpms"
EndSection
Section "Device"
Identifier "Videocard0"
Driver "s3virge"
VendorName "idunno"
BoardName "S3 86C988 (ViRGE/VX)"
1024 x 768 resolution, 16-bit color
Login and make sure the time is correct. Check IP network connectivity. Add a non-root user.
BIOS config: Boot from disk only, not floppy, CD, nor network. Add BIOS password requirement before BIOS config can be changed.
Backup the original /etc files:
# cd / # tar cvf /root/org-etc.tar etc # gzip /root/org-etc.tar
Upgrade the following "important" packages (13 Nov 2003):
bash-2.05b-20.1.i386.rpm bash-doc-2.05b-20.1.i386.rpm coreutils-4.5.3-19.0.2.i386.rpm ethereal-0.9.16-0.90.1.i386.rpm ethereal-gnome-0.9.13-1.90.1.i386.rpm glibc-2.3.2-27.9.6.i686.rpm glibc-common-2.3.2-27.9.6.i386.rpm glibc-devel-2.3.2-27.9.6.i386.rpm gnome-kerberos-0.3.1-7.i386.rpm gnupg-1.2.1-4.i386.rpm krb5-devel-1.2.7-14.i386.rpm krb5-libs-1.2.7-14.i386.rpm krb5-server-1.2.7-14.i386.rpm krb5-workstation-1.2.7-14.i386.rpm mutt-1.4.1-1.i386.rpm nscd-2.3.2-27.9.6.i386.rpm openssh-3.5p1-11.i386.rpm openssh-askpass-3.5p1-11.i386.rpm openssh-askpass-gnome-3.5p1-11.i386.rpm openssh-clients-3.5p1-11.i386.rpm openssh-server-3.5p1-11.i386.rpm openssl-0.9.7a-20.i686.rpm openssl-devel-0.9.7a-20.i386.rpm pine-4.44-19.90.0.i386.rpm sendmail-8.12.8-9.90.i386.rpm sendmail-cf-8.12.8-9.90.i386.rpm tcpdump-3.7.2-1.9.1.i386.rpm tripwire-2.3.1-17.i386.rpm unzip-5.50-33.i386.rpm xinetd-2.3.11-1.9.0.i386.rpm xpdf-2.01-11.i386.rpm ypserv-2.8-0.9E.i386.rpm
Configure a minimal number of services to run. When done with my base install, here are the services that were running:
[root@das-m PKG]# chkconfig --list | grep :on | sort anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off keytable 0:off 1:on 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Configure log rotation for 6 weeks instead of 4 weeks (the default). This is changed under /etc/logrotate.conf with the following configuration:
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 6 weeks worth of backlogs
rotate 6
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
We also want to modify /etc/crontab so that hourly, daily, and weekly service restarts don't happen simultaneously for services like krb5kdc and kadmind. Change /etc/crontab on DAS-M to the following:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 02 * * * * root run-parts /etc/cron.hourly 03 4 * * * root run-parts /etc/cron.daily 23 4 * * 0 root run-parts /etc/cron.weekly 43 4 1 * * root run-parts /etc/cron.monthly
Then restart the cron daemon...
[root@das-m etc]# /etc/init.d/crond restart Stopping crond: [ OK ] Starting crond: [ OK ]
2.1 :: Baseline OS Install |
| Prev | Next | Index | |