OpenACS docs are written by the named authors, and may be edited
by OpenACS documentation staff.
-
This section takes a blank PC and sets up some supporting
+
This section takes a blank PC and sets up some supporting
software. You should do this section as-is if you have a machine
you can reformat and you want to be sure that your installation
works and is secure; it should take about an hour. (In my
@@ -26,7 +26,7 @@
Unplug the network cable from your
computer. We don't want to connect to the network
until we're sure the computer is secure.
-
+
(Wherever you see
the word secure, you should always read it as, "secure
enough for our purposes, given the amount of work we're
@@ -54,7 +54,7 @@
Review (and modify if needed) the partitions created and click Next
On the pop-up window asking "Are you sure
you want to do this?" click
Yes
- IF YOU ARE WIPING YOUR HARD DRIVE.
Click Next on the boot loader screen
Configure Networking.
+ IF YOU ARE WIPING YOUR HARD DRIVE.
Click Next on the boot loader screen
Configure Networking.
Again, if you know what you're doing, do this step
yourself, being sure to note the firewall holes. Otherwise,
follow the instructions in this step to set up a computer directly connected to the internet with a dedicated IP address.
DHCP is a system by which a computer that
@@ -75,7 +75,7 @@
Mail (SMTP). In the Other ports
box, enter 443, 8000, 8443. Click
Next.
-Port 443 is for https (http over ssl), and 8000 and 8443 are http and https access to the development server we'll be setting up.
Select any additional languages you want the
+Port 443 is for https (http over ssl), and 8000 and 8443 are http and https access to the development server we'll be setting up.
Select any additional languages you want the
computer to support and then click
Next
Choose your time zone and click Next.
Type in a root
password, twice.
On the Package selection page, we're going to
@@ -87,13 +87,13 @@
risk that's still screened by the firewall, or a resource hog. Just
don't install a database or web server, because that would conflict
with the database and web server we'll install later.
-
check Editors (this installs emacs),
click Details next to Text-based Internet, check lynx, and click OK;
check Authoring and Publishing (this installs docbook),
uncheck Server Configuration Tools,
uncheck Web Server,
uncheck Windows File Server,
check SQL Database Server (this installs PostgreSQL),
check Development Tools (this installs gmake and other build tools),
uncheck Administration Tools, and
uncheck Printing Support.
At the bottom, check Select Individual Packages and click Next
We need to fine-tune the exact list of packages.
+
check Editors (this installs emacs),
click Details next to Text-based Internet, check lynx, and click OK;
check Authoring and Publishing (this installs docbook),
uncheck Server Configuration Tools,
uncheck Web Server,
uncheck Windows File Server,
check SQL Database Server (this installs PostgreSQL),
check Development Tools (this installs gmake and other build tools),
uncheck Administration Tools, and
uncheck Printing Support.
At the bottom, check Select Individual Packages and click Next
We need to fine-tune the exact list of packages.
The same rules apply as in the last step - you can add more stuff, but
you shouldn't remove anything the guide adds. We're going to go
through all the packages in one big list, so select
Flat
View and wait. In a minute, a
-list of packages will appear.
uncheck apmd (monitors power, not very useful for servers),
check ImageMagick (required for the photo-album packages,
uncheckisdn4k-utils (unless you are using isdn, this installs a useless daemon),
check mutt (a mail program that reads Maildir),
uncheck nfs-utils (nfs is a major security risk),
uncheck pam-devel (I don't remember why, but we don't want this),
uncheck portmap,
uncheck postfix (this is an MTA, but we're going to install qmail later),
check postgresql-devel,
uncheck rsh (rsh is a security hole),
uncheck sendmail (sendmail is an insecure MTA; we're going to install qmail instead later),
check tcl (we need tcl), and
uncheck xinetd (xinetd handles incoming tcp connections. We'll install a different, more secure program, ucspi-tcp).
Click Next
Red Hat isn't completely happy with the combination
+list of packages will appear.
uncheck apmd (monitors power, not very useful for servers),
check ImageMagick (required for the photo-album packages,
uncheckisdn4k-utils (unless you are using isdn, this installs a useless daemon),
check mutt (a mail program that reads Maildir),
uncheck nfs-utils (nfs is a major security risk),
uncheck pam-devel (I don't remember why, but we don't want this),
uncheck portmap,
uncheck postfix (this is an MTA, but we're going to install qmail later),
check postgresql-devel,
uncheck rsh (rsh is a security hole),
uncheck sendmail (sendmail is an insecure MTA; we're going to install qmail instead later),
check tcl (we need tcl), and
uncheck xinetd (xinetd handles incoming tcp connections. We'll install a different, more secure program, ucspi-tcp).
Click Next
Red Hat isn't completely happy with the combination
of packages we've selected, and wants to satisfy some dependencies.
Don't let it. On the next screen, choose
Ignore Package
@@ -119,7 +119,7 @@
upgrading all of that. Since you are upgrading the kernel,
reboot after this step.
Lock down SSH
-
+
SSH is the protocol we use to connect
securely to the computer (replacing telnet, which is
insecure). sshd is the daemon that listens for incoming
@@ -153,10 +153,10 @@
[root root]# chkconfig --del pcmcia
[root root]# chkconfig --del netfs
[root root]#
-service pcmcia stop
+
service pcmcia stop
service netfs stop
chkconfig --del pcmcia
-chkconfig --del netfs
If you installed PostgreSQL, do also
+chkconfig --del netfs
If you installed PostgreSQL, do also
service postgresql start and chkconfig --add postgresql.
Plug in the network cable.
Verify that you have connectivity by going to another
computer and ssh'ing to
yourserver, logging in as
@@ -197,7 +197,7 @@
The system is going down for reboot NOW!
[root tmp]#
-cd /tmp
+
cd /tmp
wget http://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-27.7.x.i686.rpm
rpm -Uvh kernel-2.4.18-27.7.x.i686.rpm
-reboot