《超级计算》教学资源（参考资料）Linux Secure and Optimized Server

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Linux Secure and Optimized Server A guide for information system,configuration,optimization and network security professionals. LINUX 00rem米g Quebec Canada Novmbor 1,100 Copyright 1999 Open Network Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 1 Linux Secure and Optimized Server A guide for information system, configuration, optimization and network security professionals. 50 Quintin suite 101 St-Laurent H4N 3A5 Quebec Canada Mail: gmourani@videotron.ca Author: Gerhard Mourani Version: 1.0 Last Revised: November 1, 1999

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Linux Secure Optimized Server New ve sion of this document. PPublic Key for Gerhard Mourani llation instructions assume. and Booting Disk Setup mponents to nsta How to use RPM Commands Sarting and stopping nstallation of the serve e that must b ed after installation of the Server. Put some n yo or the 2. General system security. Linux Security. Overview. XM) General system optimization Linux Optimiz Recompiling the kemel 41 Linux Kerel These installation instructions assume gan emergency boot floppy. ncrease the Tasks Making a ne rescue floppy 49 Jpdate your XVI Install more than one Ethernet Card per Machine g I Ne ing manually with the command line inux DNS and BIND Server Taeealaiontnsnecionsasume of the tc/named. ng B Runnir 8 Further documentation Administrative Tools 63 Network Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 2 Linux Secure & Optimized Server..................................................................................................................................6 New version of this document........................................................................................................................................6 Copyright Information......................................................................................................................................................7 PGP Public Key for Gerhard Mourani...........................................................................................................................7 Overview............................................................................................................................................................................8 These installation instructions assume.........................................................................................................................8 Know your Hardware!......................................................................................................................................................8 I) Creating the Boot Disk and Booting..........................................................................................9 II) Installation Class and Method ....................................................................................................9 III) Disk Setup.....................................................................................................................................9 Warning .............................................................................................................................................................................9 IV) Components to Install ...............................................................................................................12 Individual Packages Selection.....................................................................................................................................13 V) How to use RPM Commands ...................................................................................................15 VI) Starting and stopping daemon services.................................................................................15 VII) Software that must be uninstalled after installation of the Server.....................................16 VIII) Software that must be installed after installation of the Server........................................17 IX) Installed programs on your Server..........................................................................................18 X) Put some colors on your terminal ............................................................................................20 XI) Update of the lasted software’s ...............................................................................................21 XII) For the maniacs ........................................................................................................................21 XIII) General system security.........................................................................................................22 Linux Security..................................................................................................................................................................22 Overview..........................................................................................................................................................................22 XIV) General system optimization.................................................................................................35 Linux Optimization .........................................................................................................................................................35 XV) Recompiling the Kernel...........................................................................................................41 Linux Kernel....................................................................................................................................................................41 Overview:.........................................................................................................................................................................41 These installation instructions assume.......................................................................................................................41 Packages .........................................................................................................................................................................41 Making an emergency boot floppy...............................................................................................................................42 Optimization....................................................................................................................................................................42 Increase the Tasks .........................................................................................................................................................42 Compilation .....................................................................................................................................................................43 Making a new rescue floppy.........................................................................................................................................49 Update your /dev entries...............................................................................................................................................49 XVI) Install more than one Ethernet Card per Machine ............................................................49 XVII) Configuring TCP/IP Networking manually with the command line................................50 XVIII) Install software’s ...................................................................................................................53 Linux DNS and BIND Server........................................................................................................................................53 Overview..........................................................................................................................................................................53 These installation instructions assume.......................................................................................................................53 Packages .........................................................................................................................................................................53 Tarballs ............................................................................................................................................................................53 Compilation .....................................................................................................................................................................53 Configure and Optimize.................................................................................................................................................54 Compile and Optimize ...................................................................................................................................................54 Cleanup after work.........................................................................................................................................................54 Configurations .................................................................................................................................................................55 Configuration of the /etc/named.conf file....................................................................................................................55 Configuration of the /var/named/db.127.0.0 file........................................................................................................56 Configuration of the /var/named/primary/db.192.168.1 file.....................................................................................56 Configuration of the /var/named/primary/db.openarch ............................................................................................56 Configuration of the /etc/rc.d/init.d/named script file ................................................................................................57 Securing BIND/DNS ......................................................................................................................................................58 Running BIND in a chroot jail.......................................................................................................................................58 Cleanup after work.........................................................................................................................................................62 Zone transfers .................................................................................................................................................................62 Further documentation..................................................................................................................................................63 DNS Administrative Tools.............................................................................................................................................63 dig.....................................................................................................................................................................................63

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca DNS Users Tools Linux SSH1 Server 65 Tarbalges. ion Configure the /etc/ssh/ssh config file 1 to use tcp-w netd super serve 68 68 These installation instructionsassume 95 Compile and Optimize er work letc/ss Congure ssh o use o netd super serve urther es H2 Users Tools Linux OPENSS 74 omile and Optimize anup after work. Command penssL acse in llation instructions assume ilation 8 Copyright 199 Open Netvork Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 3 ndc....................................................................................................................................................................................63 DNS Users Tools ...........................................................................................................................................................63 dnsquery..........................................................................................................................................................................63 host...................................................................................................................................................................................64 Installed files ...................................................................................................................................................................64 Linux SSH1 Server.........................................................................................................................................................65 Overview..........................................................................................................................................................................65 These installation instructions assume.......................................................................................................................65 Packages .........................................................................................................................................................................65 Tarballs ............................................................................................................................................................................65 Compilation .....................................................................................................................................................................65 Compile and Optimize ...................................................................................................................................................65 Cleanup after work.........................................................................................................................................................66 Configurations .................................................................................................................................................................66 Configure the /etc/ssh/ssh_config file .........................................................................................................................66 Configure the /etc/ssh/sshd_config file.......................................................................................................................67 Configure sshd1 to use tcp-wrappers inetd super server........................................................................................67 Configuration of the /etc/pam.d/ssh file......................................................................................................................68 Further documentation..................................................................................................................................................68 Per-User Configuration .................................................................................................................................................68 SSH1 Users Tools .........................................................................................................................................................69 Ssh1 .................................................................................................................................................................................69 Installed files ...................................................................................................................................................................69 Linux SSH2 Server.........................................................................................................................................................69 Overview..........................................................................................................................................................................69 These installation instructions assume.......................................................................................................................69 Packages .........................................................................................................................................................................70 Tarballs ............................................................................................................................................................................70 Compilation .....................................................................................................................................................................70 Compile and Optimize ...................................................................................................................................................70 Cleanup after work.........................................................................................................................................................70 Configurations .................................................................................................................................................................70 Configure the /etc/ssh2/ssh2_config file ....................................................................................................................71 Configure the /etc/ssh2/sshd2_config file ..................................................................................................................71 Configure sshd2 to use tcp-wrappers inetd super server........................................................................................72 Configuration of the /etc/pam.d/ssh file......................................................................................................................72 Further documentation..................................................................................................................................................73 Per-User Configuration .................................................................................................................................................73 SSH2 Users Tools .........................................................................................................................................................73 ssh2 ..................................................................................................................................................................................73 sftp2..................................................................................................................................................................................74 Installed files ...................................................................................................................................................................74 Linux OPENSSL.............................................................................................................................................................74 Overview..........................................................................................................................................................................74 These installation instructions assume.......................................................................................................................74 Tarballs ............................................................................................................................................................................75 Packages .........................................................................................................................................................................75 Compilation .....................................................................................................................................................................75 Compile and Optimize ...................................................................................................................................................75 Cleanup after work.........................................................................................................................................................76 Configuration:..................................................................................................................................................................76 Configuration of the /etc/ssl/openssl.cnf file ..............................................................................................................76 Create the /usr/bin/sign.sh program file .....................................................................................................................80 Commands ......................................................................................................................................................................81 Securing Openssl...........................................................................................................................................................82 Installed files ...................................................................................................................................................................82 Linux Imap & Pop Server..............................................................................................................................................83 Overview..........................................................................................................................................................................83 These installation instructions assume.......................................................................................................................83 Packages .........................................................................................................................................................................83 Tarballs ............................................................................................................................................................................83 Compilation .....................................................................................................................................................................83

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Compile and Optimize .83 Cleanup after work. 4444444444444444444444444444444444444444444444444444444444 4444444444444444444444444444444444 84 Configurations. 444444444444444 .84 Configuration of the /etc/pam.d/imap file.. 85 Configuration of the /etcipam.d/pop file 85 Further documentation... 85 Installed files 85 Linux MM-Shared Memory Library. .85 Overview. .86 These installation instructions assume. 86 Packages 86 Tarballs.. 86 Compilation...... .86 Compile..... 86 Further documentation.. 86 Installed files .87 Linu Samba Server .87 Overview 87 These installation instructions assume........... 87 Packages 87 Tarballs. . Compilation 87 Configure... 88 Compile and optimize 88 Cleanup after work.. 89 Configurations... 89 Configuration of the /etc/smb.conf file 89 Configuration of the /etc/Imhosts file.... 90 Configuration of the/etc/rc.d/init.d/smb script file 90 Configuration of the /etc/pam.d/samba file.... .92 Configuration of the /etc/logrotate.d/samba file 4444444444444444444444444444444444 92 Further documentation 92 Securing Samba. 444444444 92 Create an encrypted password file 92 Samba Administrative Tools....... .93 smbstatus 93 Samba Users Tools .93 smbclient... .93 Installed files 44444 44444444444444 93 Linux OpenLDAP Server 444444444 .94 Overview. 94 These installation instructions assume.. .94 Packages .94 Tarballs.. 94 Compilation .. .94 Compile and Optimize. 4444444444444 95 Cleanup after work.. 96 Configurations 96 Configuration of the /etc/ldap/slapd.conf file. 96 Configuration of the /etc/rc.d/init.d/ldap script file Further documentation.... 98 OpenLDAP Creation and Maintenance Tools 9 Creating a database off-line.. .99 Creating a database over LDAP. 444“4444“44444 99 dapmodify..... 444444 100 OpenLDAP Users Tools............. 101 Search on LDAP for entries. 101 Installed files ..... 101 Linux PostgreSQL Database Server... 102 Overview.. 103 These installation instructions assume. 103 Packages 103 4 Copyright 1999 Open Network Architecture R

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 4 Compile and Optimize ...................................................................................................................................................83 Cleanup after work.........................................................................................................................................................84 Configurations .................................................................................................................................................................84 Configuration of the /etc/pam.d/imap file....................................................................................................................85 Configuration of the /etc/pam.d/pop file......................................................................................................................85 Further documentation..................................................................................................................................................85 Installed files ...................................................................................................................................................................85 Linux MM – Shared Memory Library...........................................................................................................................85 Overview..........................................................................................................................................................................86 These installation instructions assume.......................................................................................................................86 Packages .........................................................................................................................................................................86 Tarballs ............................................................................................................................................................................86 Compilation .....................................................................................................................................................................86 Compile............................................................................................................................................................................86 Further documentation..................................................................................................................................................86 Installed files ...................................................................................................................................................................87 Linux Samba Server ......................................................................................................................................................87 Overview..........................................................................................................................................................................87 These installation instructions assume.......................................................................................................................87 Packages .........................................................................................................................................................................87 Tarballs ............................................................................................................................................................................87 Compilation .....................................................................................................................................................................87 Configure.........................................................................................................................................................................88 Compile and optimize ....................................................................................................................................................88 Cleanup after work.........................................................................................................................................................89 Configurations .................................................................................................................................................................89 Configuration of the /etc/smb.conf file ........................................................................................................................89 Configuration of the /etc/lmhosts file...........................................................................................................................90 Configuration of the /etc/rc.d/init.d/smb script file.....................................................................................................90 Configuration of the /etc/pam.d/samba file ................................................................................................................92 Configuration of the /etc/logrotate.d/samba file ........................................................................................................92 Further documentation..................................................................................................................................................92 Securing Samba.............................................................................................................................................................92 Create an encrypted password file..............................................................................................................................92 Samba Administrative Tools .........................................................................................................................................93 smbstatus ........................................................................................................................................................................93 Samba Users Tools .......................................................................................................................................................93 smbclient..........................................................................................................................................................................93 Installed files ...................................................................................................................................................................93 Linux OpenLDAP Server...............................................................................................................................................94 Overview..........................................................................................................................................................................94 These installation instructions assume.......................................................................................................................94 Packages .........................................................................................................................................................................94 Tarballs ............................................................................................................................................................................94 Compilation .....................................................................................................................................................................94 Compile and Optimize ...................................................................................................................................................95 Cleanup after work.........................................................................................................................................................96 Configurations .................................................................................................................................................................96 Configuration of the /etc/ldap/slapd.conf file..............................................................................................................96 Configuration of the /etc/rc.d/init.d/ldap script file.....................................................................................................97 Further documentation..................................................................................................................................................98 OpenLDAP Creation and Maintenance Tools ...........................................................................................................99 Creating a database off-line .........................................................................................................................................99 Creating a database over LDAP ..................................................................................................................................99 ldapmodify....................................................................................................................................................................100 OpenLDAP Users Tools .............................................................................................................................................101 Search on LDAP for entries.......................................................................................................................................101 Installed files ................................................................................................................................................................101 Linux PostgreSQL Database Server........................................................................................................................102 Overview.......................................................................................................................................................................103 These installation instructions assume....................................................................................................................103 Packages ......................................................................................................................................................................103

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Tarballs… 103 Compilation 444444444444444444444444444444444444 44444444444444444444444444444444444444444444444 103 Compile and Optimize 103 Configurations 105 Configuration of the /etc/rc.d/init.d/postgresql script file 105 Commands 106 Installed files 107 Linux Squid Proxy Server......... 107 Overview.... 108 These installation instructions assume. 108 Packages 108 Tarballs.. 108 Compilation........ 108 Configure and Optimize 108 malloc.. 109 Compile and Optimize 109 Cleanup after work.... 110 Configurations ........... 110 Configuration of the /etc/squid/squid.conf file.. 110 Configuration of the /etc/rc.d/init.d/squid script file 111 Configuration of the /etc/logrotate.d/squid file 113 Securing Squid.... 113 More control on mounting a file system 113 Optimizing Squid 114 Increases the system limit on open files 114 The ulimit. 114 The atime 114 The noatime attribute. 114 The bdflush parameter....... 115 The ip_local_port_range parameter. 115 Physical memory 115 Installed files 115 Linux Apache Server.. 44444444444 116 Overview. 116 These installation instructions assume. 116 Packages 116 Prerequisites 116 Tarballs.. 117 Compilation 444444444444444444444444444444444444444 117 Compile and Optimize 117 Configurations 119 Configuration of the /etc/httpd/conf/httpd.conf file. 120 Configuration of the /etc/logrotate.d/apache file 122 Configuration of the /etc/rc.d/init.d/httpd script file. 123 Securing Apache... 124 More control on mounting a file system................. 444“44444 124 Create the .dbmpasswd password file for authentication 125 Running Apache in a chroot jail....... 125 Configuration of the new /etc/logrotate.d/apache file 129 Optimizing Apache.................. 129 The static file.... 129 The ulimit. 130 Increases the system limit on open files 130 The noatime. 44444444“4“444 131 The ip local port range parameter 131 Installed files ......... 131 Optional component to install with Apache. 131 Devel-Symdump... 131 Packages 132 CGl.pm 132 Packages 132 Packages 132 5 Copyright 1999 Open Network Architecture R

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 5 Tarballs .........................................................................................................................................................................103 Compilation ..................................................................................................................................................................103 Compile and Optimize ................................................................................................................................................103 Configurations ..............................................................................................................................................................105 Configuration of the /etc/rc.d/init.d/postgresql script file.......................................................................................105 Commands ...................................................................................................................................................................106 Installed files ................................................................................................................................................................107 Linux Squid Proxy Server...........................................................................................................................................107 Overview.......................................................................................................................................................................108 These installation instructions assume....................................................................................................................108 Packages ......................................................................................................................................................................108 Tarballs .........................................................................................................................................................................108 Compilation ..................................................................................................................................................................108 Configure and Optimize..............................................................................................................................................108 malloc............................................................................................................................................................................109 Compile and Optimize ................................................................................................................................................109 Cleanup after work......................................................................................................................................................110 Configurations ..............................................................................................................................................................110 Configuration of the /etc/squid/squid.conf file.........................................................................................................110 Configuration of the /etc/rc.d/init.d/squid script file................................................................................................111 Configuration of the /etc/logrotate.d/squid file ........................................................................................................113 Securing Squid ............................................................................................................................................................113 More control on mounting a file system ...................................................................................................................113 Optimizing Squid.........................................................................................................................................................114 Increases the system limit on open files .................................................................................................................114 The ulimit......................................................................................................................................................................114 The atime......................................................................................................................................................................114 The noatime attribute..................................................................................................................................................114 The bdflush parameter...............................................................................................................................................115 The ip_local_port_range parameter.........................................................................................................................115 Physical memory.........................................................................................................................................................115 Installed files ................................................................................................................................................................115 Linux Apache Server...................................................................................................................................................116 Overview.......................................................................................................................................................................116 These installation instructions assume....................................................................................................................116 Packages ......................................................................................................................................................................116 Prerequisites ................................................................................................................................................................116 Tarballs .........................................................................................................................................................................117 Compilation ..................................................................................................................................................................117 Compile and Optimize ................................................................................................................................................117 Configurations ..............................................................................................................................................................119 Configuration of the /etc/httpd/conf/httpd.conf file..................................................................................................120 Configuration of the /etc/logrotate.d/apache file ....................................................................................................122 Configuration of the /etc/rc.d/init.d/httpd script file.................................................................................................123 Securing Apache.........................................................................................................................................................124 More control on mounting a file system ...................................................................................................................124 Create the .dbmpasswd password file for authentication.....................................................................................125 Running Apache in a chroot jail ................................................................................................................................125 Configuration of the new /etc/logrotate.d/apache file ............................................................................................129 Optimizing Apache......................................................................................................................................................129 The static file................................................................................................................................................................129 The ulimit......................................................................................................................................................................130 Increases the system limit on open files .................................................................................................................130 The noatime.................................................................................................................................................................131 The ip_local_port_range parameter.........................................................................................................................131 Installed files ................................................................................................................................................................131 Optional component to install with Apache.............................................................................................................131 Devel-Symdump..........................................................................................................................................................131 Packages ......................................................................................................................................................................132 CGI.pm..........................................................................................................................................................................132 Packages ......................................................................................................................................................................132 Packages ......................................................................................................................................................................132

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Webalizer 13 FAQ-O-Mati wire P0e8gestalonsnciosasunm 13 tion Tr 138 1 C8nigrationcrthe/eictwncontge hese installation instructions assume 18 141 Netware T 经 14 14 inux FTP Serve These installation instructions assume 145 How the FTP Ser 145 e erve 1 /etc/ttph Tools Securing FTP 4414 Linux Secure Optimized Server New version of this document error rep send E-mail please make sure that the return address is comrect and working.I get a lot of Email and figuring out your e-mail address can be a lot of work If you want to translate this documentation please notify me so I can keep track of what languages I have been published in. Network Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 6 Webalizer......................................................................................................................................................................133 Packages ......................................................................................................................................................................133 FAQ-O-Matic ................................................................................................................................................................133 Packages ......................................................................................................................................................................134 Webmail IMP................................................................................................................................................................135 Packages ......................................................................................................................................................................135 Linux Tripwire ..............................................................................................................................................................136 Overview.......................................................................................................................................................................136 These installation instructions assume....................................................................................................................136 Packages ......................................................................................................................................................................136 Tarballs .........................................................................................................................................................................136 Compilation Tripwire-1.3.1-1.....................................................................................................................................136 Compile and Optimize ................................................................................................................................................136 Configurations ..............................................................................................................................................................138 Configuration of the /etc/tw.config file......................................................................................................................138 Configuration of the /etc/tripwire.verify script..........................................................................................................139 Commands ...................................................................................................................................................................139 Installed files ................................................................................................................................................................140 Linux GnuPG................................................................................................................................................................140 Overview.......................................................................................................................................................................140 These installation instructions assume....................................................................................................................140 Packages ......................................................................................................................................................................140 Tarballs .........................................................................................................................................................................140 Compilation ..................................................................................................................................................................141 Compile and Optimize ................................................................................................................................................141 Commands ...................................................................................................................................................................141 Installed files ................................................................................................................................................................142 Linux IPX Netware ™ .................................................................................................................................................142 Overview.......................................................................................................................................................................142 These installation instructions assume....................................................................................................................143 Build a kernel with IPX support and NCP protocol................................................................................................143 Trying to set up an IPX only network interface with no TCP/IP...........................................................................143 Ncpfs User Commands ..............................................................................................................................................144 Linux FTP Server.........................................................................................................................................................144 Overview.......................................................................................................................................................................144 These installation instructions assume....................................................................................................................145 Packages:.....................................................................................................................................................................145 How the FTP Server Works .......................................................................................................................................145 Configuring the FTP Server.......................................................................................................................................145 The /etc/ftpaccess file.................................................................................................................................................146 The /etc/ftphosts file....................................................................................................................................................149 FTP Administrative Tools ...........................................................................................................................................149 Securing FTP...............................................................................................................................................................149 Linux Secure & Optimized Server New version of this document New version of this document will be periodically posted to http://pages.infinit.net/lotus1/doc/opti/Linuxsos.pdf. All comments, error reports, additional information, criticism and money of all sorts should be directed to gmourani@videotron.ca. If you send E-mail please make sure that the return address is correct and working, I get a lot of E-mail and figuring out your e-mail address can be a lot of work. If you want to translate this documentation please notify me so I can keep track of what languages I have been published in

Comments and suggestions concemning this page should be mailed to gmourani@videotron.ca nent is copyrighted1999 Gerhard Mourani and distributed under the following terms Linuxsos.pdf documents may be edistibuitonisaoedanee8n8ohgecPYoae such distributions. All translations derivative work or ag Linuxsos pdf docur a Linuxsos.pat and rani BECAUSE THE GUIDE IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE GUIDE TO THE BLE LAWV.EX ART ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION FOR NG OUT OF PGP Public N PGE Key for ard Mouran inux) ://www.gnupg.org 603-D40 4y4 1A cl2jt8qt5RB7DXz/r/uG+3YHU+ID4iz KnbIG2U+t5QmxS PaC2+7 0F 1GD9 lhGBBg P10 gbd zQAniStW48nFU6CWkvQTy8frol 295n0 7 Netvork Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 7 Copyright Information This document is copyrighted © 1999 Gerhard Mourani and distributed under the following terms: Linuxsos.pdf documents may be reproduced and distributed in whole or in part, in any medium physical or electronic, as long as this copyright notice is retained on all copies. Commercial redistribution is allowed and encouraged; however the authors would like to be notified of any such distributions. All translations, derivative work, or aggregate works incorporating any Linuxsos.pdf documents must be covered under this copyright notice. That is, you may not produce a derivative work from a Linuxsos.pdf and impose additional restrictions on its distribution. Exceptions to these rules may be granted under certain conditions. If you have questions, please contact Gerhard Mourani at gmourani@netscape.net BECAUSE THE GUIDE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE GUIDE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE GUIDE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE OF THE GUIDE IS WITH YOU. SHOULD THE GUIDE PROVE FAULTY, INACCURATE, OR OTHERWISE UNACCEPTABLE YOU ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MIRROR AND/OR REDISTRIBUTE THE GUIDE AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE GUIDE, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. PGP Public Key for Gerhard Mourani -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDgU8UcRBADiuIKn95nz0qsvjU1GzBxv0AOxJHVTNhFBl6lt+3DzDA0G7UTu hOhT0aGwVGts3bzjXVbhS44CTfAvvuVYQq7Ic/BHkwIhFvSu/Xv/fGbD3IQy+Gn5 UYzhZegCGwB0KQhGkIwQPus2ONOS5oT3ChZ8L7JlCPBnlOcVBT+hZ3BXUwCg4y4L Mz5aEe0MPCZ3xkcNE7AE71EEAL4Jf2uVhIRgOfwIpdB1rKVKrDDFxZLx+yZeOZmq gdwa4m7wV+Rk+c4I1+qBxxkmcUBhTHigx+9kpBDE2J0aEGQezDN+RoqlmdyVFO98 T/znf4ZLIf0upu5aP4kAItJJuFB1AaJyDLesB5xGjfyWz+RhbKOmeqr2zHniOsa8 HcZ/BACKZFBjNElqFUf0niWf822W6IbNf7ASh8pwTgR9PmXcq2qtBBq8uCIpEYcD wzk+ccl2jt8qt5RB7DXz/r/uG+3YHU+ID4iz6Qm6zl84gYQLDXST2YXZ5BPURo7H O4nEIJfeHEuUCstE5ROKnblG2U+t5QmxSGbETnK9I/OZrzFwILRDR2VyaGFyZCBN b3VyYW5pIChPcGVuIE5ldHdvcmsgQXJjaGl0ZWN0dXJlKSA8Z21vdXJhbmlAdmlk ZW90cm9uLmNhPohVBBMRAgAVBQI4FPFHAwsKAwMVAwIDFgIBAheAAAoJEDPaC2+7 tLqbGcYAnjHIPAsZrRC5qU5OrqdPvvEmICUWAKCdeyWwJ785A58U8Vh1bpxzCVVb PbkCDQQ4FPI0EAgAy7qa88bVYWIEyAWxJPZRxl8G2GcxgshSu4+5udeP+4PlVAm8 3DUynzlcax4/ikx8Q8MoVR7s6lCLJXCycLENE8xFCJJQ26IxzBjdftGdmvKteVkZ Kld9PZMzjUsxKzmhZbGEWug6xaav68EIewTw/S0TFtPhXyUKFrYPV6aID7YGatzB P4hQJfh4Wt3NdP9QznASBze6bPZxR07iEZaUO0AMHeeBKwL6rptEcGuxHPMYc00R s+SdGTOAa9E/REIiiEike9mXTKKWJYG2e7leDP3SBruM/c7n+DC9ptFAapg1GD9f Re7LLFqj6EQzZqybPB61B9rB/8ShIrApcNYF4wADBQgAvROi9N0/J5kYvBVb60no xBUBYtZp4cJO9X1uVdVahCb9XZpbvxhKujaUoWpPCIb0pm8K+J8x0o9HFl9f/JTs 25N/eJwksr63+j8OdCHqxv4z+qQYgc/qvU42ekHlSfMc7vsiAIE1e1liuTBdN9KR 7oSBoaht+dKi16ffxXmMDvQs1YSBR114XXDSzI+xXRuaIISpi75NE6suLLlrksnL +i/NcLRbCTEv4p1UJGYT4OVnX6quC3CC+U4Drpjf2ohawsXqS7jKUYduZRr9Hbar /sE0pQ/P0uf+VAspQJgpvBqiDxbIRCDSx8VgDoRL7iayxPDXtFmbPOrUEPdS7qYX pIhGBBgRAgAGBQI4FPI0AAoJEDPaC2+7tLqbdzQAniStW48nFU6CWkvQTy8fr0lu ZXmXAKC5bgSLgg1gZAvx61Z20yzM+hwNFQ== =95nO

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca ---END PGP PUBLIC KEY BLOCK--- Overview epian9omoaner8aashtep2eaepeeaoentgnem This doo nent is tailored as a steh nent instead of a detailed h debugging asp oects since rojecrs (LDP) nt is intended speak ofsary optim ation and configu ation options,we wil e a source ution (tar.gz)program the most e us a fast ade h and a customization on our specific machines that often we can't have with RPM.We've used many freely available sources to w nte this documenta only fair to give the work ba ck to the These installation ins Installa-ROM nceandtecoiReRHatarco-RoM should under s yo ep-by-step.thougn installation process. Know your Hardware! Understanding the hardware is essential for a successful installation of RedHat Linux.Therefore asarhe188angoeto v and familiarize yourself with your hardware.Be prepared to How many hard drives do you have an ddrive.which is the primary one? A How much RAM do you have? Do you have a ho made itand what modeis How ny buttons do you hav youhave mouse what M? 10.t of your vide How much video RAM do you have? of 11.Will you be connecting to anetwork?fso.what will be the following: our b。 Your gateway address? Q Your domain name server's IP address? Your hostname? g.Your types of network(s)card(s)(make and model)? Copyright19 Open Netvork Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 8 -----END PGP PUBLIC KEY BLOCK----- Overview This document is tailored as a step-by-step, example driven document instead of a detailed explanation document on each Linux feature. It doesn't go into much debugging aspects since the Linux Documentation Project's (LDP) HOWTOs already cover this. This document is intended for a technical audience! It’s discuss how to install a RedHat Linux Server with all the necessary security and optimization for a high performance Linux specific machine. Since we speak of optimization and configuration options, we will use a source distribution (tar.gz) program the most possible especially for critical server software like Apache, Bind, Samba, Squid, Openssl etc. Source program will give us a fast upgrade when necessary and a customization, optimization for our specific machines that often we can’t have with RPM. We’ve used many freely available sources to write this documentation, it seems only fair to give the work back to the Linux community. It is focused on the Intel x86 hardware, so if you are looking for PPC, ARM, SPARC, APX, etc., features; you probably won't find what you are looking for. Minimal installation for this Server require that you recompile the kernel and install DNS Server, other programs are specific according to your needs. These installation instructions assume You have a CD-ROM drive and the Official Red Hat Linux CD-ROM. Installations were tested on the Official RedHat Linux 6.1. You should understand the hardware system on which the operating system will be installed. After examining the hardware, the rest of this document guides you, step-by-step, though the installation process. Know your Hardware! Understanding the hardware is essential for a successful installation of RedHat Linux. Therefore, you should take a moment now and familiarize yourself with your hardware. Be prepared to answer the following questions: 1. How many hard drives do you have? 2. What size is each hard drive (3.2GB)? 3. If you have more than one hard drive, which is the primary one? 4. How much RAM do you have? 5. Do you have a SCSI adapter? If so, who made it and what model is it? 6. What type of mouse do you have? 7. How many buttons? 8. If you have a serial mouse, what COM port is it connected to? 9. What is the make and model of your video card? How much video RAM do you have? 10. What kind of monitor do you have (make and model)? 11. Will you be connecting to a network? If so, what will be the following: a. Your IP address? b. Your netmask? c. Your gateway address? d. Your domain name server’s IP address? e. Your domain name? f. Your hostname? g. Your types of network(s) card(s) (make and model)?

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Creating the Boot Disk and Booting ake the boot disk inse the Official Red Hat linux 6 1 CD-ROM Part 1 in computer.When the program asks for the filename.you enter boomg for the boot disk.To o use these commandsO awrite.exe sou Enter ce file name:boot.img te drive:a Insert a floppy into drive A. we start the installatio directly off the CD-ROM,you have to boot with the boot disk.Insert th disk you create into the drive Aon the comuter were you wntonstaLinux reboot the computer.At the boot:prompt,press 'Enter to continue booting. Choose your language Choose your ke Select your mouse type 0 Installation Class and Method RedHat Linux 6.1 includes defines four different classes,or type of installation.They are: 86 These classes(GNOME Workstation,KDE Workstation,and Server)give you the option of simplifying the installation proce ess (with a lot lo of configuration flexibility that we don't want to have). or this reason w isr that resides o the bo the fewero Select Custom"and click Next. Disk Setup Warning 8ea82eiemmea3peratsenhtyoumakeabaekapofouraunenysembeoe your Netvork Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 9 I) Creating the Boot Disk and Booting Before you make the boot disk, insert the Official Red Hat Linux 6.1 CD-ROM Part 1 in your computer. When the program asks for the filename, you enter boot.img for the boot disk. To make the floppies under MS-DOS, you need to use these commands (assuming your CD-ROM is drive D: and contain the Official Red Hat Linux 6.1 CD-ROM). Open the Command Prompt under Windows: Start | Programs | Command Prompt Type d: Type cd \images Type \dosutils\rawrite.exe D:\images>\dosutils\rawrite.exe Enter disk image source file name: boot.img Enter target diskette drive: a -rawrite.exe asks for the filename of the disk image. Enter boot.img. Insert a floppy into drive A. It will then ask for a disk to write to. Enter a:. Label the disk Red Hat boot disk. Since we start the installation directly off the CD-ROM, you have to boot with the boot disk. Insert the boot disk you create into the drive A on the computer where you wan to install Linux and reboot the computer. At the boot: prompt, press “Enter” to continue booting. Choose your language Choose your keyboard type Select “Local CD-ROM” Select your mouse type II) Installation Class and Method RedHat Linux 6.1 includes defines four different classes, or type of installation. They are: GNOME Workstation KDE Workstation Server Custom These classes (GNOME Workstation, KDE Workstation, and Server) give you the option of simplifying the installation process (with a lot loss of configuration flexibility that we don’t want to have). For this reason we highly recommend “Custom”, as this allows you to choose what services are added and how the system is partitioned. The idea is to load the minimum packages, while maintaining maximum efficiency. The less software that resides on the box, the fewer potential security exploits or holes. Select “Custom” and click Next. III) Disk Setup Warning We highly recommend, therefore, that you make a backup of your current system before proceeding with the disk partitioning. For performance, stability and security reason you must do something like the following partition listed bellow on your system. We suppose for this partition configuration the fact that you wan to setup a Web server with a Proxy Server on your Server Machine. We will make two special

Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca root"partitic rams.The"cache"partition is for our Squid Proxy server.If you are not intended to install Squid Proxy server you ion't need to create the cache"partition but mprov t yo 0 the mfor the same reason like home for users and us by default.In our partition guration we ll reser MB of dis sk space for chroot ea progra Apache,DNS and related to Ap e will pe installed in this partition.Take a note that the size of the Aache chrooted c chrooted partition is proportional to the size of yours thing like 10 MB for DNS server that you aays need. to add new riginal state.Whe adding a new partition,a new window appear on your screen and give you parameters to choose.Different parameters are: Mount Point:for where you wan to mount you new partition Size (Megs):for the size of y our nev partition in me abyte Partition Type:Linux native for Linux fs and Swap for Linux Swap Partition f you have a scSI disk the device will be /dev/sda and if you have an IDE disk it will be dev/hda.If you looking for high performance and stability.a SCSI disk is highly recommended scheme that is mo flexible operating systems.Here is a summary: The Next Letter-This letter indicates which device the partition is on.For example./dev/hda (the first IDE hard disk)and/dev/hdb(the second IDE disk). Keep this informatio n in mind,it will make things easier to understand when you're setting up the partitions Linux requires. as 16 partition iss The minimum s e of your swap partition sho uld be equa l to yo han tha mor than one swap ter poro r,so the ound per revolution. Now or ake the rtitions listed bellow o Network Architecture

Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 10 partitions (chroot and cache), “chroot” partition is for DNS server chrooted, Apache server chrooted and other chrooted future programs. The “cache” partition is for our Squid Proxy server. If you are not intended to install Squid Proxy server you don’t need to create the “cache” partition but remember that Squid + Apache will improve a lot your machine performance and security. Other partitions are “/var”, by isolating the “/var” partition, you protect your root partition from overfilling. “/tmp” for the same reason like “/var”, “/home” for users and “/usr” by default. In our partition configuration we’ll reserve 400 MB of disk space for chrooted programs like Apache, DNS and other. This is necessary because Apache DocumentRoot files and other binaries, programs related to Apache will be installed in this partition. Take a note that the size of the Apache chrooted directory on the chrooted partition is proportional to the size of your DocumentRoot files. If you’re not intended to install and use Apache on your server, you can reduce the size of this partition to something like 10 MB for DNS server that you always need. Disk Druid Partitions is a program that partition your hard drive for you. Choose “Add” to add new partition, “Edit” to edit partition, “Delete” to delete partition and “Reset” to reset partition to the original state. When adding a new partition, a new window appear on your screen and give you parameters to choose. Different parameters are: Mount Point: for where you wan to mount you new partition. Size (Megs): for the size of your new partition in megabyte. Partition Type: Linux native for Linux fs and Swap for Linux Swap Partition. If you have a SCSI disk the device will be /dev/sda and if you have an IDE disk it will be /dev/hda. If you looking for high performance and stability, a SCSI disk is highly recommended. Linux refers to disk partitions using a combination of letters and numbers. It’s uses a naming scheme that is more flexible and conveys more information than the approach used by other operating systems. Here is a summary: First Two Letters – The first two letters of the partition name indicate the type of device on which the partition resides. You’ll normally see either hd (for IDE disks), or sd (for SCSI disks). The Next Letter – This letter indicates which device the partition is on. For example, /dev/hda (the first IDE hard disk) and /dev/hdb (the second IDE disk). Keep this information in mind, it will make things easier to understand when you’re setting up the partitions Linux requires. A swap partition – Swap partition are used to support virtual memory. If your computer has 16 MB of RAM or less, you must create a swap partition. Even if you have more memory, a swap partition is still recommended. The minimum size of your swap partition should be equal to your computer’s RAM or 16 MB (whichever is larger). The largest useable swap partition is roughly 1 GB, (since 2.2 kernel, 1 GB swap file are supported) so making a swap partition larger than that will result in wasted space. Note, however, that you can create and use more than one swap partition (although this is usually only necessary for very large server installations). Try to put your swap partitions near the beginning of your drive. The beginning of the drive is physically located on the outer portion of the cylinder, so the read/write head can cover much more ground per revolution. Now for example: To make the partitions listed bellow on your system (this is the partition we’ll need for our server installation); the command will be under Disk Druid: Add Mount Point: /boot fl our /boot directory