This is the process I used to install the i386 version of Fedora
Core 4.
If you use any of the information remember that I run a network securely protected by a firewall - make sure you do too.
These
instructions are for installing Gnu/Linux onto a PC. If you have
existing data or an operating system on the machine you are
installing on, ensure that you know what you are doing, and that
you have a full backup in case you overwrite anything you meant to
keep.
These instructions are for installing the x86-compatible (32-bit) version of Fedora. Anything different that needs to be done for the x86_64 (64-bit AMD64, EM64T) version are shown in green, like this.
Boot from the first CD.
Select graphical mode installation.
Run the media test if it has not been run before.
Select English as the installation language.
Select UK keyboard.
Select Install Fedora Core.
Select Workstation installation type.
Select Manual partition with Disk Druid and create a set of partitions.
| fanny: 40Gb hard drive | ||||
| hda1 | 150 MB | /boot | ||
| hda2 | 4,000 MB | /home | ||
| hda3 | 3,500 MB | /var | ||
| hda5 | 2,000 MB | /tmp | ||
| hda6 | 1,000 MB | (swap) | ||
| hda7 | 27,500 MB | / | ||
| gina: 80Gb hard drive | ||||
| hda1 | 1,000 MB | /boot | ||
| hda2 | 50,000 MB | / | ||
| hda3 | 17,500 MB | /home | ||
| hda5 | 4,000 MB | /var | ||
| hda6 | 4,000 MB | /tmp | ||
| hda7 | 2,000 MB | (swap) | ||
| jenny: 190Gb hard drive | ||||
| hda1 | 1,000 MB | /boot | ||
| hda2 | 135,000 MB | / | ||
| hda3 | 22,000 MB | /home | ||
| hda5 | 25,000 MB | /var | ||
| hda6 | 5,000 MB | /tmp | ||
| hda7 | 2,000 MB | (swap) | ||
Use GRUB as the boot loader.
Leave the IP and Netmask information configured by DHCP, but only set the first part of the hostname, e.g. gina - if the fully qualified name is used it causes sendmail to double up the domain in the from email headers that are sent from this machine.
Enable the firewall and allow Remote Login (SSH). Set Enable SELinux to Disabled (I don't need it so why take the performance hit).
Select Europe/London and System clock uses UTC on the timezone screen.
Enter a root password.
Select Customize software packages to be installed.
Change the software selection as follows.
Click next and continue with the install.
Reboot!
Configure and run
yum to update any RPM packages that are out of date.
# rpm --import /usr/share/rhn/RPM* # yum update
Enable the yum daemon, which uses a daily cron job to get the updates automatically.
# chkconfig yum on # service yum start
Clean the old yum headers occaisionally with a monthly cron job to run.
yum clean all
Now use yum to install the following:
# yum install bittorrent # yum install cdrdao # yum install gtk+-devel # yum install ocaml # yum install compat-gcc-32-c++ # yum install xscreensaver-extras # yum install xscreensaver-gl-extras # yum install mail-notification # yum install grip # yum install easytag # yum install alacarte
For playing and ripping MP3s, some packages are needed from the rmp.livna.org repository. Set this up by installing the livna-release rpm package.
# rpm -Uvh livna-release-4-0.lvn.5.4.noarch.rpm
Then install lame, libmad and gstreamer-plugins-mp3.
# yum install lame # yum install libmad # yum install gstreamer-plugins-mp3
Customise the shell prompt by adding the following lines to the end of /etc/bashrc.
ColourFuscia="\[\033[0;36m\]"
ColourGreen="\[\033[0;32m\]"
ColourDefault="\[\033[0m\]"
# Set green to red if root
if [ "$UID" = "0" ]; then
ColourGreen="\[\033[1;31m\]"
fi
PS1="$ColourGreen($ColourFuscia\u@\h$ColourGreen:$ColourFuscia\w$ColourGreen)$ColourFuscia\\$ $ColourDefault"
Change the resolution of the virtual terminals (running on Ctrl-Alt-1 through Ctrl-Alt-6). Edit /boot/grub/grub.conf and add vga=791 to the end of the menu kernel line, e.g.
kernel /vmlinuz-2.4.20-30.9 ro root=LABEL=/ hda=ide-scsi vga=790
790 produces a 1024x768 resolution with 32,768 colours. You could use any of the following (if you video card supports them).
| Colours | 640x480 | 800x600 | 1024x768 | 1280x1024 | 1600x1200 |
| 256 | 769 | 771 | 773 | 775 | 796 |
| 32,768 | 784 | 787 | 790 | 793 | 797 |
| 65,536 | 785 | 788 | 791 | 794 | 798 |
| 16.8M | 786 | 789 | 792 | 795 | 799 |
The bios on gina.stevesearle.com is from the year 2000, so fails the cutoff date. To get round this and run the acpid daemon, add acpi=force to the /boot/grub/grub.conf, as follows.
... kernel /vmlinuz-2.6.11-1.27_FC3 ro acpi=force root=LABEL=/1 vga=795 ...
Keep /tmp tidy. The following cron entry deletes all files
30 1 * * * find /tmp -mtime +7 -type f -print -exec rm {} ";"; find /tmp -mtime +7 -type d -print -exec rm -rf {} ";"
Sendmail is a mail transfer
agent. MTAs are used to transfer messages between machines.
Normally Sendmail will send out any mail with headers showing
it as coming from the local client - in my case
a from address of steve@gina.stevesearle.com.
So
the following changes to the Sendmail configuration make it
look as if the email has come from
steve@stevesearle.com. To do this, the following lines are added to
the /etc/mail/sendmail.mc file (uncomment - remove dnl ...
dnl - and edit where neccessary). The MAILHUB line is
added at the end of the first block of defines and causes
email that would otherwise have been delivered to a local user on
the machine to be sent to the network mail server.
... define(`MAIL_HUB', `relay:stevesearle.com') ... MASQUERADE_AS(`stevesearle.com') ... FEATURE(masquerade_envelope) ...
Note that the EXPOSED_USER line in /etc/mail/sendmail.mc will prevent mail sent by root from being masqueraded, this should be removed if this is a problem.
Regenerate the /etc/mail/sendmail.cf with (note the sendmail-cf package must be installed for this to work, and no warnings are displayed if it isn't installed.
# make -C /etc/mail
Add the fully qualified domain name to the first line of /etc/hosts.
127.0.0.1 gina gina.stevesearle.com localhost.localdomain localhost
Doing this enables you to send mail to servers that won't accept email from localhost.localdomain.
Restart sendmail.
# service sendmail restart
Create a .forward file to ensure that any mail to root gets read. Ensure that it is only writable by the user, otherwise it will be ignored.
# chmod 644 ~/.forward
Add mount points for any NFS exports from other machines, by editing /etc/fstab and adding the appropriate lines, e.g.
hayley:/backups /backups nfs rsize=8192,wsize=8192
This would automatically mount hayley's /backups directory under /backups on this machine. (Permission would have to be granted on hayley via the /etc/exports file to allow this.) Don't forget to create the /backups directories on the local machine.
I run an old machine as a backup device. A backup folder is NFS exported to the rest of the network, and each machine runs a cron tar job to back up various files and directories.
These instructions have been derived from the excelent SpamAssassin-ClamAV-Procmail-Howto.
Download Clam AntiVirus to /tmp.
Create a user group and user.
# groupadd clamav # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
Install.
$ cd /tmp $ tar -xzf clamav-0.80.tar.gz $ cd clamav-0.80 $ ./configure $ make $ su -c "make install"
Edit both /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf and remove or comment out the Example directive.
... # Comment or remove the line below. # Example ...
Create /etc/init.d/clamd as follows.
#!/bin/bash
TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
case "$1" in
start)
echo "Starting ClamAV..."
if [ -S /tmp/clamd ]; then
echo "ClamAV is already running!"
else
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
/usr/local/sbin/clamd
fi
echo "ClamAV is now up and running!"
;;
stop)
echo "Shutting down ClamAV..."
array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
if [ -S /tmp/clamd ]; then
rm -f /tmp/clamd
fi
echo "ClamAV stopped!"
;;
restart)
$0 stop && sleep 3
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Make it executable and start it.
# chmod 755 /etc/init.d/clamd # /etc/init.d/clamd start
Make it start at boot up and stop at close down.
# ln -s /etc/init.d/clamd /etc/rc2.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc3.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc4.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc5.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc0.d/K20clamd # ln -s /etc/init.d/clamd /etc/rc1.d/K20clamd # ln -s /etc/init.d/clamd /etc/rc6.d/K20clamd
Schedule the following command to run regualry to check for viruses.
/usr/local/bin/clamscan -ir --stdout /
Uptimed is used to keep track of the highest uptimes my GNU/Linux computers have.
Download it, and build and install it with
$ cd /tmp $ tar -xjf uptimed-0.3.1.tar.bz2 $ cd uptimed-0.3.1 $ ./configure $ make $ su -c "make install"
Then add the following to /etc/rc.d/rc.sysinit to create a unique id each time the server is booted.
echo "Creating unique uptime daemon bootid..." /usr/local/sbin/uptimed -b
Now add these lines to /etc/rc.d/rc.local to start the uptime daemon.
echo "Starting uptime daemon..." /usr/local/sbin/uptimed
Rename uptimed.conf-dist
# mv /usr/local/etc/uptimed.conf-dist /usr/local/etc/uptimed.conf
then edit this to set the EMAIL and SEND_EMAIL variables.
Reboot and enter:
$ uprecords
to see how long the server has been up for.
Download various perl modules as follows.
The SSLeay stuff is needed to use SSL with Webmin. You need
to be on-line for this.
# perl -MCPAN -e shell cpan> install MD5 cpan> install Bundle::CPAN cpan> reload CPAN cpan> force install Net::SSLeay cpan> exit
Install Webmin, an excellent browser
based tool for administering and configuring the system.
The tarball should be un-tarred in /usr/local or similar, as this is just configured in the directory it was un-tarred in.
# cd /usr/local # tar -xzf webmin-1.130.tar.gz # cd webmin-1.130 # ./setup.sh
If you want to access the webmin from another machine, you need to change the firewall settings. Add the following line to /etc/sysconfig/iptables (immediately before the -A RH_Firewall-1-INPUT -j... line).
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 10000 --state NEW -j ACCEPT
Restart the firewall.
# service iptables restart
Download and install Vim, the best editor around.
$ cd /tmp $ tar -xjf vim-6.2.tar.bz2 $ cd vim62 $ ./configure $ make $ su -c "make install"
Add the following line to your /etc/bashrc, to make Vim the default editor for mutt, crontab, etc. The "-f" will prevent it forking when invoked, and will avoid the update encoding warning when editing an email.
export EDITOR="gvim -f"
Mutt is my email client of choice.
Dowload it and build it. Note that version 1.4.2.1 won't compile with Fedora Core 4, but development version 1.5.9 does.
$ cd /tmp $ tar -xzf mutt-1.4.2.1i.tar.gz $ cd mutt-1.4.2.1 $ ./configure --enable-pop --enable-imap --with-ssl $ su -c "make install"
Now install urlview, a utility that will fire up the browser to display any URLs in any emails.
$ cd /tmp $ tar -xzf urlview-0.9.tar.gz $ cd urlview-0.9 $ ./configure $ make $ su -c "make install" $ su -c "cp url_handler.sh /usr/local/bin"
Edit /usr/local/bin/url_handler.sh to select the preferred browser. Change any occurances of /usr/X11R6/bin/netscape to /usr/bin/firefox.
Install
MPlayer which is
brilliant for watching mpegs, etc. Build and install it.
$ cd /tmp $ tar -xjf all-20050412.tar.bz2 $ cd all-20050412 $ su -c "mkdir /usr/local/lib/codecs" $ su -c "cp * /usr/local/lib/codecs" $ cd /tmp $ tar -xjf MPlayer-0.92.tar.bz2 $ cd MPlayer-0.92 $ ./configure --enable-gui --enable-largefiles --enable-menu --cc=gcc32 $ make $ su -c "make install" $ cd /tmp $ tar -xjf font-arial-iso-8859-1.tar.bz2 $ cd font-arial-iso-8859-1/font-arial-18-iso-8859-1 $ su -c "cp * /usr/local/share/mplayer/font" $ cd /tmp $ tar -xjf Blue-1.4.tar.bz2 $ su -c "cp -r Blue /usr/local/share/mplayer/Skin/default"
Enter gmplayer to run the gui version.
To use Grip
to rip MP3s, it needs to be configured to use LAME. Use Yum to downloads them
(see Update
packages).
To use LAME from Grip, change Config->Encode->Encoder, set Encoder executable to /usr/local/bin/lame and set Encode file format to /music/%A/%d/%t%n.mp3.
Keychain is a script that makes the use of ssh-agent to ssh into other machines without entering passwords simple and easy. This section was put together with using Kimmo Suominen's Getting started with SSH. Download and install Keychain with
$ cd /tmp $ tar -xjf keychain-2.0.3.tar.bz2 $ cd keychain-2.0.3 $ su -c "install -m0755 keychain /usr/bin/keychain"
Generate a public/private dsa key pair.
$ ssh-keygen -t dsa $ ssh-keygen -t rsa
Enter a passphrase when prompted. Then copy the public keys to all the machines you wish to connect to.
$ scp .ssh/id_dsa.pub steve@emma:
On the machine you wish to connect to, add the contents of the file you have just copied to authorized_keys in .ssh directory. Also make sure that only you can write to the .ssh directory and the authorized_keys file.
$ cd $ cat id_dsa.pub >> ~/.ssh/authorized_keys $ chmod go-w .ssh .ssh/authorized_keys
Now alter ~/.bash_profile to run keychain when you log in. If it is not already running, it will be started and you will be prompted for the passphrase, but then this will be remembered until the machine is rebooted.
keychain ~/.ssh/id_rsa ~/.ssh/id_dsa
. ~/.keychain/${HOSTNAME}-sh
VNC is remote control software
that allows you to interact with other computers on the
network. I use it to manage the Windows boxes on the
network.
Extract the source tarball and ./configure and make. To install, switch to root and enter
$ cd /tmp $ tar -xzf vnc-3.3.7-unixsrc.tar.gz $ cd vnc-4_1_1-unixsrc/unix $ ./configure $ make $ su -c "./vncinstall /usr/local/bin"
Launch a VNC server on the target machine, and then run vncviewer on the client to take control.
$ vncviewer
Install
rdesktop an an open
source client for Windows NT Terminal Server and Windows
2000/2003 Terminal Services. Download and install.
$ cd /tmp $ tar -xjf rdesktop-1.3.1.tar.gz $ cd rdesktop-1.3.1 $ ./configure $ make $ su -c "make install"
To connect to server angie as administrator with a 1024x768 screen resolution, use
$ rdesktop -u administrator -g 1024x768 angie
HTML Tidy is a great
application for tidying up HTML source code. Download it to
/tmp and build and install with
$ cd /tmp $ tar -xzf tidy_src.tgz $ cd tidy $ /bin/sh build/gnuauto/setup.sh $ ./configure --prefix=/usr $ make $ su -c "make install"
I use
KDirStat to
monitor diskspace and identify what it is being used for. It
is a great utility that graphically represents file sizes, so
that you can easily identify where and who the largest users
of filespace are.
Download it to /tmp and build and install with
$ cd /tmp $ tar -xjf kdirstat-2.4.0.tar.bz2 $ cd kdirstat-2.4.0 $ ./configure $ make $ su -c "make install"
If compiling for x86_64 (64-bit AMD64, EM64T) use ./configure --with-qt-libraries=/usr/lib64/qt-3.3/lib instead of ./configure.
I use mozex to intercept mailto:
links in Firefox and open up a mutt email dialog. Click on
the link on the installation page to install.
Then in Firefox, enter about:config as the URL, right-click on the page and create a new string with a preference name of mozex.command.mailer and a string value of /usr/bin/gnome-terminal --geometry 120x40 --hide-menubar --window-with-profile=dark -t "Mutt" -x mutt mailto:%A?subject=%S&cc=%C&body=%B. Also create a new boolean with a preference name of mozex.intercept.mailto set to true.
I use MultiTail to view multiple log files and to colorise them to make them easier to read.
Download it to /tmp and build and install.
$ cd /tmp $ tar -xzf multitail-3.4.8.tgz $ cd multitail-3.4.8 $ su -c "make install"
I use Unison to synchronise files on different machines. To build it the Objective Caml compiler needs to be installed (use yum) and then download and install Unison.
$ cd /tmp $ tar -xzf unison-2.10.2.tar.gz $ cd unison-2.10.2 $ make UISTYLE=text $ su -c "cp unison /usr/local/bin"
The following steps are personal customisations I setup for my own user.
To share a set of personal files in my user, I have a directory on the server that is mounted on each workstation. A similar situation exists so I can easily maintain the development version of my web site. These are setup as follows.
$ cd ~ $ mkdir share $ mkdir www
Then add these lines to /etc/fstab.
ingrid:/home/steve/share /home/steve/share nfs user,exec,rsize=8192,wsize=8192 ingrid:/var/www/steve /home/steve/www nfs user,rsize=8192,wsize=8192
Now create links to my standard muttrc, vimrc amd sig files and gpg directory.
$ cd ~ $ ln -s share/.muttrc $ ln -s share/.vimrc $ ln -s share/.signature $ ln -s share/.gnupg
Now setup the directory for the Mutt SSL certificates file.
$ cd ~ $ mkdir .mutt
Now create an icon on the panel to run Mutt. Right-click on the panel and select Add to Panel.... Select Custom Application Launcher. Set Name: to Mutt, Comment: to Email client and command: to gnome-terminal --geometry 120x40 --hide-menubar --window-with-profile=dark -t "Mutt" -x mutt. Click on Icon: and select an appropriate one. Click OK. Profile dark needs to be set up from within a gnome-terminal for this to work.
Right-click on the original panel email icon and remove it. Remove other panel icons as preferred.
Use the shared Firefox bookmark file. This needs to be backed up first, as when you change the Firefox bookmarks file, it overwrites it. Seems daft to me.
$ cp ~/share/.bookmarks.html /tmp
In Firefox, enter about:config as the URL. Right click on the screen, and select New -> String. Set the preference name to browser.bookmarks.file and the string value to /home/steve/share/.bookmarks.html. Exit Firefox, and restore the bookmarks file.
$ cp /tmp/.bookmarks.html ~/share