| Prev | Part II. Administrator's Guide | Next |
|---|
+
Configure Networking. Again, if you know what you're doing, do this step yourself, being sure to note the firewall holes. Otherwise, follow the instructions in this step to set up a computer directly connected to the internet with a dedicated IP address.
DHCP is a system by which a computer that @@ -60,7 +60,7 @@ Mail (SMTP). In the Other ports box, enter 443, 8000, 8443. Click . -Port 443 is for https (http over ssl), and 8000 and 8443 are http and https access to the development server we'll be setting up.
Select any additional languages you want the +Port 443 is for https (http over ssl), and 8000 and 8443 are http and https access to the development server we'll be setting up.
Select any additional languages you want the computer to support and then click
Choose your time zone and click .
Type in a root password, twice. To @@ -81,9 +81,9 @@ risk that's still screened by the firewall, or a resource hog. Just don't install a database or web server, because that would conflict with the database and web server we'll install later. -
check�Editors�(this�installs�emacs),
+
check�Editors�(this�installs�emacs),
click�Details�next�to�Text-based�Internet,�check�lynx,�and�click�;
-check�Authoring�and�Publishing�(this�installs�docbook),
+check�Authoring�and�Publishing�(this�installs�docbook),
uncheck�Server�Configuration�Tools,
uncheck�Web�Server,
uncheck�Windows�File�Server,
@@ -96,7 +96,7 @@
Flat
View and wait. In a minute, a
list of packages will appear.
uncheck�apmd�(monitors�power,�not�very�useful�for�servers),�
-check�ImageMagick�(required�for�the�photo-album�packages,�
+check�ImageMagick�(required�for�the�photo-album�packages,�
uncheckisdn4k-utils�(unless�you�are�using�isdn,�this�installs�a�useless�daemon),�
check�mutt�(a�mail�program�that�reads�Maildir),
uncheck�nfs-utils�(nfs�is�a�major�security�risk),�
@@ -124,14 +124,14 @@
After it finishes rebooting and shows the login prompt, log in:
yourserver login: root Password: -[root@yourserver root]#
Lock down SSH
Lock down SSH
SSH is the protocol we use to connect securely to the computer (replacing telnet, which is insecure). sshd is the daemon that listens for incoming ssh connections. As a security precaution, we are now going to tell ssh not to allow anyone to connect directly to this computer as root. Type this into the shell: -
emacs /etc/ssh/sshd_config
Search�for�the�word�"root"�by�typing�C-s�(that's�emacs-speak�for�control-s)�and�then�root.���
+
emacs /etc/ssh/sshd_config
Search�for�the�word�"root"�by�typing�C-s�(that's�emacs-speak�for�control-s)�and�then�root.���
Change�the�line�
#PermitRootLogin�yes�to�
PermitRootLogin�no�and�save�and�exit�by�typing�C-x�C-s�C-x�C-c
service sshd restart
Red Hat still installed a few services we don't need, and which can be security holes. Use the service command to turn them off, and then use chkconfig to automatically edit the System V init directories to permanently (The System V init directories are the ones in /etc/rc.d. They consist of a bunch of scripts for starting and stopping programs, and directories of symlinks for each system level indicating which services should be up and down at any given service level. We'll use this system for PostGreSQL, but we'll use daemontools to perform a similar function for AOLServer. (The reason for this discrepencies is that, while daemontools is better, it's a pain in the ass to deal with and nobody's had any trouble leaving PostGreSQL the way it is.)
[root@yourserver root]# service pcmcia stop [root@yourserver root]# service netfs stop @@ -153,4 +153,4 @@ Last login: Mon Mar 3 21:15:27 2003 from host-12-01.dsl-sea.seanet.com [remadmin@yourserver remadmin]$ su - Password: -[root@yourserver root]#