I was unable to install Fedora on my
HP Netserver LH Pro because of a known problem with the aic7xxx SCSI
drivers. So I decided to try White Box Enterprize Linux.
This is a free version of Red Hat Enterprize
Linux, so I hoped I would be familiar with it as a platform.
On the HP Netserver LH Pro I configured the six drives as raid 5. It has an ATI 3D Rage I/II pci video card as previously I couldn't get the onboard Trident 9000i chip working working with XF86. It also has a non-standard (cheap) Origo 10/100 nic, as it came to me without a one.
As ever, if you use any of the information remember that I run a network securely protected by a firewall and accessed by people I trust. Not everything here is as secure as you might need.
These
instructions are for installing Gnu/Linux as the only
operating system on a PC. All existing data and operating
systems will be overwritten and lost!
I downloaded the iso images using the torrent and changed to the directory with the iso images and checked the MD5 sums of the iso files.
$ md5sum -c MD5SUM
I burned the images to CD using the brilliant K3b and booted from the first CD. I selected graphical install mode, and the megaraid and aic7xxx drivers were loaded automatically.
I selected the UK keyboard, the default mouse, a server installation type, and automatic partitioning.
Networking was set up as follows.
| Hostname | ingrid.stevesearle.com |
| IP Address | 192.168.126.1 |
| Netmask | 255.255.255.0 |
| Primary DNS | 127.0.0.1 |
| Secondary DNS | 158.152.1.58 |
| DNS Search Path | stevesearle.com |
I selected no firewall, and chose Engish (Great Britain) as the default, and only, language. The time zone was set to London, and the system clock was set to use UCT. After setting the root password, the following changes were made to package selection.
Select:
Create a .forward file for root to ensure that you receive any mail sent to root.
Customise the shell prompt by adding the following lines to the end of /etc/bashrc.
ColourFuscia="\[\033[0;36m\]"
ColourGreen="\[\033[0;32m\]"
ColourDefault="\[\033[0m\]"
# Set green to red if root
if [ "$UID" = "0" ]; then
ColourGreen="\[\033[1;31m\]"
fi
PS1="$ColourGreen($ColourFuscia\u@\h$ColourGreen:$ColourFuscia\w$ColourGreen)$ColourFuscia\\$ $ColourDefault"
Edit /boot/grub/grub.conf to stop the graphical boot display and to change the resolution of the virtual terminals (running on Ctrl-Alt-1 through Ctrl-Alt-6). Remove rhgb and add vga=790 to the end of the menu kernel line, e.g.
kernel /vmlinuz-2.4.22-1.2115.nptlsmp ro root=LABEL=/ vga=790
790 produces a 1024x768 resolution with 32,768 colours. You could use any of the following (if you video card supports them).
| Colours | 640x480 | 800x600 | 1024x768 | 1280x1024 | 1600x1200 |
| 256 | 769 | 771 | 773 | 775 | 796 |
| 32,768 | 784 | 787 | 790 | 793 | 797 |
| 65,536 | 785 | 788 | 791 | 794 | 798 |
| 16.8M | 786 | 789 | 792 | 795 | 799 |
Stop the X server from starting automatically. Most of the time I don't want to waste resources running it. Edit /etc/inittab and change the default runlevel line.
id:3:initdefault:
Keep /tmp tidy. The following cron entry deletes all files and directories that are more than a week old.
30 1 * * * find /tmp -mtime +7 -type f -print -exec rm {} ";"; find /tmp -mtime +7 -type d -print -exec rm -rf {} ";"
Run
yum to update any RPM packages that are out of date.
# yum update
Enable the yum daemon, which uses a daily cron job to get the updates automatically.
# chkconfig yum on # service yum start
Clean the old yum headers occaisionally with a monthly cron job to run.
yum clean oldheaders
Install extra packages.
# yum install XFree86-devel # yum install qt-devel # yum install qt-designer # yum install php-mysql
These instructions have been derived from the excelent SpamAssassin-ClamAV-Procmail-Howto.
Download Clam AntiVirus to /tmp.
Create a user group and user.
# groupadd clamav # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
Install.
$ cd /tmp $ tar -xzf clamav-0.80.tar.gz $ cd clamav-0.80 $ ./configure $ make $ su -c "make install"
Edit both /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf and remove or comment out the Example directive.
... # Comment or remove the line below. # Example ...
Create /etc/init.d/clamd as follows.
#!/bin/bash
TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
case "$1" in
start)
echo "Starting ClamAV..."
if [ -S /tmp/clamd ]; then
echo "ClamAV is already running!"
else
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
/usr/local/sbin/clamd
fi
echo "ClamAV is now up and running!"
;;
stop)
echo "Shutting down ClamAV..."
array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
if [ -S /tmp/clamd ]; then
rm -f /tmp/clamd
fi
echo "ClamAV stopped!"
;;
restart)
$0 stop && sleep 3
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Make it executable and start it.
# chmod 755 /etc/init.d/clamd # /etc/init.d/clamd start
Make it start at boot up and stop at close down.
# ln -s /etc/init.d/clamd /etc/rc2.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc3.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc4.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc5.d/S20clamd # ln -s /etc/init.d/clamd /etc/rc0.d/K20clamd # ln -s /etc/init.d/clamd /etc/rc1.d/K20clamd # ln -s /etc/init.d/clamd /etc/rc6.d/K20clamd
Schedule the following command to run regularly to check for viruses.
/usr/local/bin/clamscan -ir --stdout /
Uptimed is used to keep track of the highest uptimes my GNU/Linux computers have.
Download it, and build and install it with
$ cd /tmp $ tar -xjf uptimed-0.3.1.tar.bz2 $ cd uptimed-0.3.1 $ ./configure $ make $ su -c "make install"
Then add the following to /etc/rc.d/rc.sysinit to create a unique id each time the server is booted.
echo "Creating unique uptime daemon bootid..." /usr/local/sbin/uptimed -b
Now add these lines to /etc/rc.d/rc.local to start the uptime daemon.
echo "Starting uptime daemon..." /usr/local/sbin/uptimed
Rename uptimed.conf-dist
# mv /usr/local/etc/uptimed.conf-dist /usr/local/etc/uptimed.conf
then edit this to set the EMAIL and SEND_EMAIL variables.
Reboot and enter:
$ uprecords
to see how long the server has been up for.
I export a couple of directories that I like to have available on any workstation I may be using. Create /etc/exports as follows.
/home/steve/share *(rw,no_root_squash) /var/www/steve *(rw,no_root_squash)
Then start the NFS daemon, and set it to start automatically in the future.
# service nfs start # chkconfig nfs on
Mount any NFS exports from other machines, by editing /etc/fstab and adding the appropriate lines, e.g.
hayley:/backups /backups nfs rsize=8192,wsize=8192
This would mount angie's /backups directory under /backups on this machine. (Permission would have to be granted on angie via the /etc/exports file to allow this.) Don't forget to create the /backups directory on the local machine.
Sendmail is a mail transfer
agent. MTAs are used to transfer messages between machines.
Normally Sendmail will send out any mail with headers showing
it as coming from the fully qualified name of the local machine,
e.g. steve@ingrid.stevesearle.com.
Some servers may refuse to accept email
unless it comes from a recognisable Internet domain. So
the following changes to the Sendmail configuration make it
look as if the email has come from my Internet domain,
stevesearle.com. To do this, the following lines are changed
or added to
the /etc/mail/sendmail.mc file (uncomment - remove dnl ...
dnl - and edit where neccessary). The DAEMON_OPTIONS line
is commented out so that email can be received from other clients
on the local network.
... dnl # DAEMON_OPTIONS(`Port=smpt,Addr=127.0.0.1, Name=MTA')dnl ... MASQUERADE_AS(`stevesearle.com') ... FEATURE(masquerade_envelope) ... FEATURE(masquerade_entire_domain) ...
Regenerate the /etc/mail/sendmail.cf with (note the sendmail-cf package must be installed for this to work, and no warnings are displayed if it isn't installed.
# make -C /etc/mail
Add the fully qualified domain name to the first line of /etc/hosts.
127.0.0.1 gina gina.stevesearle.com localhost.localdomain localhost
Doing this enables you to send mail to servers that won't accept email from localhost.localdomain.
Add the following line to /etc/mail/local-host-names to allow local network clients to send email to the server.
... searle.afraid.org stevesearle.com wormwoodstarsoft.co.uk wormwoodstarsoft.com
Add lines to /etc/aliases for users who might recieve email addressed to something other than their normal user name.
... kaysearle: kay mufc: steve stevesearle: steve webmaster: steve
Update the aliases database and restart sendmail.
# newaliases # service sendmail restart
Create a .forward file to ensure that any mail to root gets read.
Note that the EXPOSED_USER line in /etc/mail/sendmail.mc will prevent mail sent by root from being masqueraded, this should be removed if this is a problem.
Fetchmail retrieves mail
from remote mailservers. I use it to retrieve mail from a number
of different mailservers on which I have accounts. I use pop3, but
it also supports other POP and IMAP protocols.
Create /etc/fetchmailrc as follows.
# Multidrop mail where there is no matching local recipient should
# be sent to steve
set postmaster "steve"
# Don't bounce errors back to the sender, but forward to the
# postmaster
set nobouncemail
# Don't bounce spam-blocked email back to the originator
set no spambounce
# Used by extention scripts
set properties ""
# Retrieve mail every 300 seconds
set daemon 300
poll pop3.demon.co.uk with proto POP3
user 'kay+starsoft' there with password 'somepassword' is 'kay' here
poll pop3.demon.co.uk with proto POP3
user 'starsoft' there with password 'somepassword' is 'steve' here
poll pop3.uklinux.net with proto POP3 envelope Envelope-To
aka stevesearle.com
user 'searle' there with password 'anotherpassword' is 'steve' 'kay' 'kaysearle ' = 'kay' 'kieren' 'liam'
This will fetch any email for kay on my demon account (...@starsoft.demon.co.uk) and pass it to user kay. Any other email sent here will be retrieved and passed to user steve. Mail retrieved from my uklinux account (...@stevesearle.com) will be passed to steve, kay, kieren or liam if it is addressed to them. Mail addressed to kaysearle@... will also be passed to kay. Any other mail will be passed to steve because of the set postmaster "steve" line.sent here will be retrieved and passed to user steve. Mail retrieved from my uklinux account (...@stevesearle.com) will be passed to steve, kay, kieren or liam if it is addressed to them. Mail addressed to kaysearle@... will also be passed to kay. Any other mail will be passed to steve because of the set postmaster "steve" line.
Set the permissions for fetchmailrc.
# chmod 700 /etc/fetchmailrc
Now setup a daemon for fetchmail. Create /etc/rc.d/init.d/fetchmaild.
#!/bin/sh
# chkconfig: - 99 00
# description: Starts and stops fetchmail
. /etc/init.d/functions
case "$1" in
'start')
daemon fetchmail -f /etc/fetchmailrc
touch /var/lock/subsys/fetchmaild
;;
'stop')
fetchmail --quit
rm -f /var/lock/subsys/fetchmaild
;;
*)
echo "Usage :$0 { start | stop }"
;;
esac
exit 0
Make it executable, and set it to run automatically at bootup. Then start it.
# chmod 755 /etc/rc.d/init.d/fetchmaild # chkconfig --add fetchmaild # chkconfig fetchmaild on # service fetchmaild start
Procmail processes my emails before I read them. I use it to check for spam and viruses and copy emails to other users. This is done using a procmail recipe. Create /home/steve/.procmailrc as follows.
# Some variables
SHELL=/bin/bash
MAILDIR=$HOME/.mail
DEFAULT=$MAILDIR
LOGFILE=$MAILDIR/.log
VERBOSE=no
# I get *lots* of emails to other addresses as some spammer is
# putting my domain in the reply to address of their spam, so I
# get hundreds of emails per day rejecting this spam or bouncing
# it back because the recipient doesn't exist. These emails are
# put directly into the bounces folder so that they don't stress
# the server byt being virus and spam checked, and can be easily
# deleted.
:0 :
* (^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From)([^>]*[^(.%@a-z0-9])?(Post(ma(st(er)?|n)|office)|(send)?Mail(er)?|daemon|mmdf|n?uucp|ops|response|(bbs\.)?smtp(error)?|s(erv(ices?|er)|ystem)|A(dmin(istrator)?|MMGR))(([^).!:a-z0-9][-_a-z0-9]*)?[%@>\t][^<)]*(\(.*\).*)?)?$([^>]|$))
bounces
# If the email contains the following line, it has already been
# delivered to me and is deleted to avoid any infinite delivery
# loops which might arise.
:0
* ^X-Loop: 5a42f054-92aa-494b-b71e-e2eb99da5fec
/dev/null
# Otherwise mark all mail passing through.
:0 fhw
| formail -A "X-Loop: 5a42f054-92aa-494b-b71e-e2eb99da5fec"
# Put liam's mail into a separate folder so I can check it is
# suitible for him (he's only a kid).
:0
* ^To.*liam@stevesearle.com
liam
# Send my wife a copy of anything from family and friends.
:0
* ^From.*friend@somedomain.com|\
^From.*family@somedomain.com
{
:0 c
! kay
}
# Anything that gets through to here ends up in my inbox.
:0
/var/spool/mail/steve
Enable the imap and pop3 services.
# chkconfig ipop3 on # chkconfig imap on
Change the permissions on /var/spool/mail to prevent the Mailbox vulnerable - directory /var/spool/mail must have 1777 protection warning.
# chmod 1777 /var/spool/mail
Most of the information in this seciton is derived from the SpamAssassin-ClamAV-Procmail-Howto. It assumes SpamAssasin has been installed - if it is missing use yum to install it - and that Clam AntiVirus has been installed as specified earlier.
Install trashscan. You will need to search for it, as the homepage was down last time I looked. Trashscan is a script that is used to scan incomming emails for viruses.
$ tar -xzf trashscan-0.12.tar.gz $ cd trashscan-0.12 $ su -c "cp trashscan /usr/local/sbin"
Now make the following changes to /usr/local/sbin/trashscan. Change to use uudeview rather than metamail and set the correct email addresses.
... # DECODER=metamail # Decoder: "metamail" or "uudeview" # DECODPRG=/usr/bin/metamail # Absolute path to decoder: metamail DECODER=uudeview # Decoder: "metamail" or "uudeview" DECODPRG=/usr/local/bin/uudeview # Absolute path to decoder: uudeview VSCANNER=clamav # Scanner: "clamav". If you are using # clamav and you define "clamav" here # then the name of the detected virus # will be reported ... ... ALERT=yes # send alert messages if a virus was detected (yes | no) ALERTRCVR=steve@stevesearle.com # Receiver of virus alert messages ALERTSNDR=mailservice@stevesearle.com # Sender of virus alert messages ALERTCTCT=steve@stevesearle.com # Person to contact (appears in the ...
Install uudeview which is used to decode emails.
$ tar -xzf uudeview-0.5.20.tar.gz $ cd uudeview-0.5.20 $ ./configure $ make $ su -c "make install"
Configure procmail
Add the follwing recipes to /home/steve/.procmailrc to scan email with attachments for viruses, and to delete them if they are infected. Note that these two recipes go either side of the recipes that check and set X-Loop to avoid infinite delivery loops.
... # Check for viruses :0 * multipart * !^X-Virus-Scan: | /usr/local/sbin/trashscan ... # Virus? :0 : * ^X-Virus-Scan: Suspicious /dev/null ...
I use SpamAssassin to check for spam. Set the spamassassin service to start when the server is booted, and start it now.
# chkconfig spamassassin on # service spamassassin start
As rfc-ignorant.org is no longer up and running, we need to change the SpamAssasin preferences so that it ignores this check. This way we can avoid the lame server resolving ... ipwhois.rfc-ignorant.org messages from BIND. Add the following lines to /home/steve/.spamassassin/user_prefs.
score RCVD_IN_RFCI 0
Configure procmail
Add the follwing recipes to /home/steve/.procmailrc to put any spam into a separate spam folder. If you become confident enough in that only spam is being diverted there, you can change this to delete the spam instead. These recipes should follow the virus checking recipes added earlier.
... # Check for spam (only check email smaller than 250Kb) :0 fw: spamassassin.lock * < 256000 | spamc # Spam? :0 : * ^X-Spam-Status: Yes spam ...
Training SpamAssassin's Bayesian Classifier
Bayesian spam analysis allows you to refine SpamAssassin to identify spam and ham (non-spam) by training it with your own spam and ham. This can greatly reduce the number of false positives and negatives. Assuming all spam not caught by SpamAssassin is saved to a ~/.mail/spam mailbox, and all legitimate mail is saved to ~/.mail/trash (instead of being deleted), create executable script learn.spam as follows, and set up a cron job to run it once a week.
#!/bin/bash HAMBOX=/home/steve/.mail/trash SPAMBOX=/home/steve/.mail/spam if sa-learn --mbox --ham $HAMBOX then cat /dev/null > $HAMBOX fi if sa-learn --mbox --spam $SPAMBOX then cat /dev/null > $SPAMBOX fi exit 0
I run an old machine as a backup device. A backup folder is NFS exported to the rest of the network, and each machine runs a cron tar job to back up various files and directories.
Setup ingrid as an NTP server, synchronising its time with some servers on the Internet and serving the rest of the machines on the LAN with the time. NTP is installed already, so just replace the existing /etc/ntp.conf with one containing the following lines.
server ntp1.demon.co.uk server ntp1.pucpr.br server fartein.ifi.uio.no server ntp2b.mcc.ac.uk driftfile /var/lib/ntp/drift
You should pick your own timeservers, look for some here. Set the NTP service to start when the server is booted, and start it now.
# chkconfig ntpd on # service ntpd start
Download various perl modules as follows.
The SSLeay stuff is needed to use SSL with Webmin. You need
to be on-line for this.
# perl -MCPAN -e shell cpan> install MD5 cpan> install Bundle::CPAN cpan> reload CPAN cpan> install Crypt::SSLeay cpan> force install Net::SSLeay cpan> install Date::Calc cpan> force install Number::Format cpan> exit
Install Webmin, an excellent browser
based tool for administering and configuring the system.
The tarball should be un-tarred in /usr/local or similar, as this is just configured in the directory it was un-tarred in.
# cd /usr/local # tar -xzf webmin-1.130.tar.gz # cd webmin-1.130 # ./setup.sh
Download and install Vim, the best editor around.
$ cd /tmp $ tar -xjf vim-6.2.tar.bz2 $ cd vim62 $ ./configure $ make $ su -c "make install"
Add the following line to your /etc/bashrc, to make Vim the default editor for mutt, crontab, etc. The "-f" will prevent it forking when invoked, and will avoid the update encoding warning when editing an email.
export EDITOR="gvim -f"
Mutt is my email client of choice.
Dowload it and build it with
$ cd /tmp $ tar -xzf mutt-1.4.2.1i.tar.gz $ cd mutt-1.4.2.1 $ ./configure --enable-pop --enable-imap --with-ssl --includedir=/usr/kerberos/include $ su -c "make install"
The --includedir=/usr/kerberos/include is needed because othewise the failure to find the krb5.h header file results in the make install failing with /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory.
Now install urlview, a utility that will fire up the browser to display any URLs in any emails.
$ cd /tmp $ tar -xzf urlview-0.9.tar.gz $ cd urlview-0.9 $ ./configure $ make $ su -c "make install" $ su -c "cp url_handler.sh /usr/local/bin"
/usr/local/bin/url_handler.sh needs to be edited to select the preferred browser. Change any occurances of /usr/X11R6/bin/netscape to /usr/bin/mozilla.
I use MultiTail to colorise and view multiple logfiles.
Download it to /tmp and build and install with
$ cd /tmp $ tar -xzf multitail-3.4.5.tgz $ cd multitail-3.4.5 $ su -c "make install"
I use BIND as the DNS Server for
my system. I got most of the information here from the excellent DNS HOWTO.
Check that the nameserver line in /etc/resolv.conf includes the localhost IP address. It should look something like this.
search stevesearle.com nameserver 127.0.0.1 nameserver 158.152.1.58
Create /etc/named.conf as follows. The DHCP_UPDATER lines allow the dhcpd daemon to update the name server with names and addresses of the clients it hands out IP addresses to, so DHCP needs to be set up as well.
options {
directory "/var/named";
};
logging {
category lame-servers { null; };
};
key "rndckey" {
algorithm hmac-md5;
secret "somesecretgoeshere==";
};
key DHCP_UPDATER {
algorithm hmac-md5;
secret "anothersecretgoeshere==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
zone "stevesearle.com" {
type master;
file "pz/stevesearle.com";
notify yes;
allow-update { key DHCP_UPDATER; };
};
zone "126.168.192.in-addr.arpa" {
type master;
file "pz/192.168.126";
notify yes;
allow-update { key DHCP_UPDATER; };
};
See rndc for how to create the key and controls sections of this file.
The /var/named directory should have permissions, owner and group set like this.
drwxr-x--- 4 root named 4096 Dec 11 23:52 named
Create root.hints, which describes the root name servers in the world, and as long as you have internet access and access to another DNS server, can be created or refreshed with:
# dig @e.root-servers.net . ns > /var/named/root.hints
Create directory /var/named/pz with permissions, owner and group like this.
drwxr-xr-x 2 named named 4096 Dec 23 21:22 pz
Create the following three local network zone files in this directory. These should all have permissions, owner and group set luke this.
-rw-r--r-- 1 named named 143 Dec 12 00:02 127.0.0 -rw------- 1 named named 741 Dec 25 14:41 192.168.126 -rw------- 1 named named 923 Dec 25 14:41 stevesearle.com
/var/named/pz/stevesearle.com
$TTL 259200 @ IN SOA stevesearle.com. steve.stevesearle.com. ( 200412151 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 2419200 ; expire (4 weeks) 86400 ; minimum (1 day) ) NS ingrid.stevesearle.com. MX 10 emma.stevesearle.com. TXT "stevesearle.com, Steve Searle's domain" localhost A 127.0.0.1 ingrid A 192.168.126.1 ns CNAME ingrid angie A 192.168.126.2 emma A 192.168.126.3 mail CNAME emma hayley A 192.168.126.4 steve A 192.168.126.50 kieren A 192.168.126.51 wormwood A 192.168.126.52 becky A 192.168.126.254 router CNAME becky www A 80.84.64.24
/var/named/pz/127.0.0
$TTL 295200 @ IN SOA ingrid.stevesearle.com. steve.stevesearle.com. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ingrid.stevesearle.com. 1 PTR localhost.
/var/named/pz/192.168.126
$TTL 295200 @ IN SOA ingrid.stevesearle.com. steve.stevesearle.com. ( 200405081 ; serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ingrid.stevesearle.com. 1 PTR ingrid.stevesearle.com. 2 PTR angie.stevesearle.com. 3 PTR emma.stevesearle.com. 4 PTR hayley.stevesearle.com. 50 PTR steve.stevesearle.com. 51 PTR kieren.stevesearle.com. 52 PTR wormwood.stevesearle.com. 254 PTR becky.stevesearle.com.
Then set the named service to start when the server is booted, and start it now with:
# chkconfig named on # service named start
The rndc utility can be used to control named, if it connects form the local host and identifies itself with an encoded secret key. For this to work, generate an rndc.conf file.
# rndc-confgen > /etc/rndc.conf
The second half of this file is commented out. This commented section should be copied into the named.conf file and uncommented to form the key and control section.
If the BIND configuration files are changed, they can be reloaded with:
$ rndc reload
BIND can be restarted with either of the following commands:
$ rndc stop; named -u named -t /var/named/chroot
or
# service named restart
The server provides
a DHCP service to my
network.
Create /etc/dhcpd.conf
authoritative;
ddns-updates on;
ddns-domainname "stevesearle.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
allow client-updates;
default-lease-time 86400;
max-lease-time 172800;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.126.255;
option routers 192.168.126.254;
option domain-name-servers 192.168.126.1;
option domain-name "stevesearle.com";
subnet 192.168.126.0 netmask 255.255.255.0 {
range 192.168.126.128 192.168.126.191;
}
key DHCP_UPDATER {
algorithm hmac-md5;
secret "anothersecretgoeshere==";
};
zone stevesearle.com. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 126.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
This will provide an IP address in the range 192.168.126.128 to 192.168.126.191 to any machine requesting an IP address. It will also update the BIND files so that it can serve the names for these machines.
Set the DHCPD daemon to start when the server is booted, and start it now with:
# chkconfig dhcpd on # service dhcpd start
I use MySQL as my preferred
database. Set it to run at bootup, and start it with the
following commands.
# chkconfig mysqld on # service mysqld start
Fire up a MySQL session with:
# mysql -u root
Create a regular mysql user - searle, the one created here, will have full access from any workstation on my domain.
mysql> GRANT ALL ON *.* TO searle@localhost IDENTIFIED BY 'somepassword' WITH GRANT OPTION; mysql> GRANT ALL ON *.* TO searle@'%' IDENTIFIED BY 'somepassword' WITH GRANT OPTION; mysql> GRANT ALL ON *.* TO searle@ingrid.stevesearle.com IDENTIFIED BY 'somepassword' WITH GRANT OPTION;
All three statements are necessary. Then check that the database is accessable by this user, before setting a password on the root login as follows:
mysql> SET PASSWORD FOR root@localhost=PASSWORD('anotherpassword');
mysql> SET PASSWORD FOR root@ingrid.stevesearle.com=PASSWORD('anotherpassword');
Again, both lines are necessary.
Naturally I use Apache to
host the development copy of my website. I configure Apache to
allow virtual hosting so that I have the flexibility to create
multiple websites. To create the steve.stevesearle.com site which is
hosted on this server, the following steps are required.
First give this server eth0 ethernet interface a second IP address, 192.168.126.50, which was assigned to steve.stevesearle.com when BIND was set up earlier. Add the folowing lines to /etc/rc.d/rc.local - you will also need to enter the commands manually unless you reboot before attempting to view the site.
ifconfig eth0:1 192.168.126.50 route add -host 192.168.126.50 dev eth0:1
Now add the following to the end of /etc/httpd/conf/httpd.conf.
NameVirtualHost steve
<VirtualHost steve>
ServerAdmin webmaster@stevesearle.com
DocumentRoot /var/www/steve
ServerName steve.stevesearle.com
ErrorLog logs/steve.stevesearle.com-error_log
CustomLog logs/steve.stevesearle.com-access_log common
ScriptAlias /cgi-bin/ /var/www/steve/cgi-bin/
Options ExecCGI Includes
<Directory "/var/www/steve">
AllowOverride None
Options Includes ExecCGI
Order allow,deny
Allow from all
</Directory>
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
AddHandler server-parsed .shtml .html
</VirtualHost>
Create /var/www/steve which is where the sites files will be kept.
To enable html includes on the web server root, make the following changes to /etc/httpd/conf/httpd.conf. These changes and additions are made within the <Directory "/var/www/html"> section
<Directory "/var/www/html"> ... # The following line was originally: Options Indexes FollowSymLinks Options Indexes FollowSymLinks Includes ... AddHandler server-parsed .html <Directory>
Then set Apache to start at bootup, and start it with:
# mkdir /var/www/steve # chkconfig httpd on # service httpd start
I use Samba to
enable MS Windows computers to access files on the server. Make
the following changes or addittions to /etc/samba/smb.conf.
...
workgroup = 10FORBES
...
# This was added to enbable people to share files
[tmp]
comment = Tempory file space
path = /tmp
read only = no
public = yes
# This was added to enable Windows user steve to access steve's home directory
[steve]
comment = steve's home
path = /home/steve
valid users = steve
public = no
writable = yes
printable = no
Set the Samba password for steve (the same as his Windows one).
# smbpasswd -a steve
Set Samba to start at bootup, and start it with:
# chkconfig smb on # service smb start
I use phpMyAdmin as one
way of maintaining my MySQL database. To install it untar into
the webserver's document root, change the ownership of the files,
restrict access to config.inc.php and create a soft link for the
directory, as follows.
# cd /var/www/html # tar -xjf /backups/downloads.linux/phpMyAdmin-2.6.1-pl3.tar.bz2 # chown -R steve.apache phpMyAdmin-2.6.1-pl3 # chmod 660 phpMyAdmin-2.6.1-pl3/config.inc.php # ln -s phpMyAdmin-2.6.1-pl3 phpMyAdmin
Edit the following lines in phpMyAdmin-2.6.1-pl3/config.inc.php.
... $cfg['PmaAbsoluteUri'] = 'http://ingrid/phpMyAdmin'; ... $cfg['blowfish_secret'] = 'some phrase goes here'; ... $cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)? ...
I use arpwatch to keep an eye on what machines join my network - there are so few changes that it is an extra belt and braces approach to wireless network security. Install it, set it to start on bootup, and start it with:
# yum install arpwatch # chkconfig arpwatch on # service arpwatch start