Index: openacs-4/packages/acs-core-docs/www/install-redhat.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-redhat.adp,v diff -u -N -r1.5.2.10 -r1.5.2.11 --- openacs-4/packages/acs-core-docs/www/install-redhat.adp 27 Apr 2022 16:52:20 -0000 1.5.2.10 +++ openacs-4/packages/acs-core-docs/www/install-redhat.adp 13 Jul 2023 12:43:20 -0000 1.5.2.11 @@ -1,6 +1,8 @@ -{/doc/acs-core-docs {ACS Core Documentation}} {Appendix A. Install Red Hat 8/9} -Appendix A. Install Red Hat 8/9 +{/doc/acs-core-docs/ {ACS Core Documentation}} {Appendix A. Install Red Hat +8/9} +Appendix A. Install Red Hat +8/9

-Appendix A. Install Red Hat 8/9

+Appendix A. Install +Red Hat 8/9

by Joel Aufrecht

OpenACS docs are written by the named authors, and may be edited by @@ -35,7 +38,7 @@ Unplug the network cable from your computer. We don't want to connect to the network until we're sure the computer is secure. - (Wherever you see the word secure, you + (Wherever you see the word secure, you should always read it as, "secure enough for our purposes, given the amount of work we're willing to exert and the estimated risk and consequences.")

  • Insert Red Hat 8.0 or 9.0 Disk 1 into the CD-ROM and reboot the @@ -73,7 +76,7 @@ screen

  • -

    Configure Networking. Again, if you +

    Configure Networking. Again, if you know what you're doing, do this step yourself, being sure to note the firewall holes. Otherwise, follow the instructions in this step to set up a computer directly connected to the internet with a @@ -102,7 +105,7 @@ development server we'll be setting up.

  • -Select any additional languages you want +Select any additional languages you want the computer to support and then click Next

  • Choose your timezone and click @@ -118,11 +121,11 @@ web server, because that would conflict with the database and web server we'll install later.

    check Editors -(this installs emacs),
    click Details next +(this installs emacs),
    click Details next to Text-based Internet, check lynx, and click OK;
    check Authoring and -Publishing (this installs +Publishing (this installs docbook),
    uncheck Server Configuration Tools,
    uncheck Web Server,
    uncheck Windows File @@ -147,7 +150,7 @@ will appear.

    uncheck apmd (monitors power, not very useful for servers),
    check ImageMagick -(required for the photo-album packages,
    uncheckisdn4k-utils +(required for the photo-album packages,
    uncheckisdn4k-utils (unless you are using isdn, this installs a useless daemon),
    check mutt (a mail program that reads Maildir),
    uncheck nfs-utils (nfs is a major security risk),
    uncheck pam-devel (I @@ -178,9 +181,11 @@ Exit, remove the CD, and watch the computer reboot.

  • After it finishes rebooting and shows the login prompt, log -in:

    yourserver login: root
+in:
    +yourserver login: root
 Password:
-[root root]#
    
+[root root]#
+

  • Install any security patches. For example, insert your CD with patches, mount it with mount /dev/cdrom, then cd @@ -192,7 +197,7 @@

    Lock down SSH

    1. - SSH is the protocol we use to connect + SSH is the protocol we use to connect securely to the computer (replacing telnet, which is insecure). sshd is the daemon that listens for incoming ssh connections. As a security precaution, we are now going to tell ssh not to allow @@ -234,7 +239,8 @@ we'll use daemontools to perform a similar function for AOLserver. (The reason for these discrepancies is that, while daemontools is better, it's a pain in the ass to deal with and -nobody's had any trouble leaving PostgreSQL the way it is.)

      [root root]# service pcmcia stop
+nobody's had any trouble leaving PostgreSQL the way it is.)
      +[root root]# service pcmcia stop
 [root root]# service netfs stop
 [root root]# chkconfig --del pcmcia
 [root root]# chkconfig --del netfs
@@ -247,7 +253,8 @@

    2. Plug in the network cable.

    3. Verify that you have connectivity by going to another computer and ssh'ing to yourserver, logging in as remadmin, and -promoting yourself to root:

      [joeuser\@someotherserver]$  ssh remadmin\@yourserver.test
+promoting yourself to root:
      +[joeuser\@someotherserver]$  ssh remadmin\@yourserver.test
 
 The authenticity of host 'yourserver.test (1.2.3.4)' can't be established.
 DSA key fingerprint is 10:b9:b6:10:79:46:14:c8:2d:65:ae:c1:61:4b:a5:a5.
@@ -257,7 +264,8 @@
 Last login: Mon Mar  3 21:15:27 2003 from host-12-01.dsl-sea.seanet.com
 [remadmin remadmin]$ su -
 Password: 
-[root root]#
      
+[root root]#
+

    4. If you didn't burn a CD of patches and use it, can still download and install the necessary patches. Here's how to do it @@ -266,7 +274,8 @@ 8.0 system kernel (2.4.18-14, which you can check with uname -a) has several security problems. Download the new kernel, install it, -and reboot.

      [root root]# cd /var/tmp
+and reboot.
      +[root root]# cd /var/tmp
 [root tmp]# wget http://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-27.7.x.i686.rpm
 --20:39:00--  http://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-27.7.x.i686.rpm
            => `kernel-2.4.18-27.7.x.i686.rpm'
@@ -299,8 +308,9 @@
    \ No newline at end of file