img img img
img

How To Install And Configure A Minimal Fedora 14


How To Install And Configure A Minimal Fedora 14

Before getting started I would like to point out a couple of things:

- We assume you have downloaded the correct CD/DVD iso for your particular system and burned it to disk. For this example I have downloaded Fedora-14-x86_64-netinst.iso.

- We assume that you only have one network interface and this interface is ethernet with a static IP address and you intend to use this as a server. If you are setting up a laptop or desktop computer with X Windows then these instructions are not for you.

- Most of what you see below can be executed on the command line as you are logged into your newly created server. Instructions are prefixed with # so that if you happen to copy/paste some instructions they will not be executed.

- You have installed operating systems before. We do not discuss here things like how to set up your BIOS to boot from CD. You should know how to do this already

- You have a static IP available on your network and you are comfortable with setting IP, NETMASK, GATEWAY and DNS

 

### First of all insert the disk and boot up your computer. Follow the basic instructions including assignment of IP address when prompted until you get to the screen that asks you which type of installation you would like. Choose "Minimal" and click the radio button below that says "configure packages now" and as of fc14 on the next screen nothing is selected by default. The only item you should check should be "base." At this point your installation should start installing packages and reboot your computer. Once this is complete take out the CD/DVD and log into your new server as root.

 

At this point you can copy/paste most of these commands:

 

### turn off lokkit firewall!! We prefer to customize iptables ourselves

lokkit --disabled


nano /etc/aliases
## ( change #root: marc to root: webmaster@mydomain.com ), save (ctrl-x) and run:
newaliases
## be aware that email domains hosted on dreamhost will refuse to get email from time warner home ips. In this case try using a gmail account or something else besides dreamhost


###  Remove NetworkManager and use network instead. If anyone wants to solve this problem... by all means update this document
###make sure you have console access before you remove NetworkManager, you might have trouble bringing the server back up!!!
yum remove NetworkManager
## turn the old school network back on!!!!

chkconfig --levels 2345 network on

/etc/init.d/network restart

 

## remove nfs and yp and install some useful basics

yum remove firstboot nfs-utils yp-tools ypbind portmap system-config-keyboard avahi
yum install lynx nmap iptraf procinfo perl-Crypt-SSLeay perl-Net-SSLeay autoconf automake gcc ntp rpm-build subversion perl-Module-Build screen links ncftp gcc-c++
ntpdate time.nist.gov
chkconfig --levels 2345 ntpd on

## you should install user accounts at this point and add .ssh/authorized_keys files so you can log in
## the rest of the config should be able to be done remotely
adduser myusername
passwd myusername
## set password, then from an existing server or workstation you want to copy your ssh key to the new server:
scp -r .ssh 192.168.0.123:
## NOTE We don't discuss here how to generate this key or specifically how to configure sshd. The only reason the following 2 lines appear here is to serve as a reminder to configure the sshd. I might write a how to on sshd configuration later.


nano /etc/ssh/sshd_config
## (see set up instructions to force dsa, force key auth,
## disable root, disable random users, reduce # of tries (brute force) etc...)
/etc/init.d/sshd restart


iptables -I INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type 0 -m limit --limit 3/sec --limit-burst 3 -j ACCEPT -m comment --comment "allowping0"
iptables -A INPUT -i eth0 -p icmp --icmp-type 3 -m limit --limit 3/sec --limit-burst 3 -j ACCEPT -m comment --comment "allowping3"
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -m limit --limit 3/sec --limit-burst 3 -j ACCEPT -m comment --comment "allowping8"
iptables -A INPUT -i eth0 -p icmp --icmp-type 11 -m limit --limit 3/sec --limit-burst 3 -j ACCEPT -m comment --comment "allowping11"
iptables -A INPUT -i eth0 -p icmp --icmp-type 30 -m limit --limit 3/sec --limit-burst 3 -j ACCEPT -m comment --comment "allowping30"
iptables -A INPUT -i eth0 -p udp -m udp --dport 33434:33600 -j REJECT -m comment --comment "allowtracerouteviareject"
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
/etc/init.d/iptables save

chkconfig --levels 12345 cpuspeed off
chkconfig --levels 2345 acpid off
chkconfig --levels 2345 haldaemon off
chkconfig --levels 2345 irqbalance off
chkconfig --levels 2345 mdmonitor off
chkconfig --levels 2345 messagebus off
chkconfig --levels 2345 microcode_ctl off
chkconfig --levels 2345 netfs off
chkconfig --levels 2345 pcscd off
chkconfig --levels 2345 restorecond off


## clean out old yum cache from time to time. sometimes needed before first run due to old mirrors
yum clean all

## update all packages
yum update
sync
sync
sync
shutdown -r now



## That should pretty much do it.

## yum update once in a while and restart the server if the kernel is updated
## recheck chkconfig services....
## yum update again to make sure


## MONTHLY PROCEDURE
chkconfig --list | grep on
## (turn off everything....) (acpid,apmd,auditd,avahi-daemon,avahi-dnsconfd,bluetooth,conman,cpuspeed,etc)
## check /tmp and /var/tmp for strange items and overloading
## run yum update as often as possible

## yum list takes a long time, i like to make a text file with available packages so i can search the file instead of using yum
yum list > yumlist.txt


## SPECIAL HARDWARE CHECK
## if 3ware card is installed, you must install 3ware daemon and configure email2sms
3dm is at port 888



Comments



Please log in to comment.
Don't have a free account? Become a member!




Technology

More About ME:
What I Want For Christmas
LinkedIn Profile
CPAN
GITHUB


Valid XHTML 1.0 Transitional [Valid RSS]


img
img img img