Docstoc

LINUX

Document Sample
LINUX Powered By Docstoc
					                                                                                                                            Linux
                                                                                                                      Page 1 of 29


                                                            LINUX
LINUX ................................................................................................................................ 1
Openfiler Documentation.................................................................................................... 1
Linux WWW/DHCP install ................................................................................................ 3
Services Mail ...................................................................................................................... 5
Linux E-mail ....................................................................................................................... 7
Linux WWW/DHCP install ................................................................................................ 8
VSFTPD Configuration .................................................................................................... 10
Free Radius Configuration ................................................................................................ 10
Configuration guide to MRTG.......................................................................................... 12
VNC Server Configuration and Usage ............................................................................. 15
Hosts file ........................................................................................................................... 16
Linux NTP Client Fedora Core 2 via Webmin ................................................................. 16
DHCPD ............................................................................................................................. 17
Rdesktop ........................................................................................................................... 19
Linux WWW/DHCP install .............................................................................................. 20
SSH SERVER ................................................................................................................... 22
HTTPD Configuration Linux ............................................................................................ 24
HTACCESS ...................................................................................................................... 25
Webmin ............................................................................................................................. 26
Services DHCP-WWW..................................................................................................... 27



Openfiler Documentation
Installation:

         The installation program uses the same instructions as the Fedora Core 2. Set it up
the same way, except do manual partitioning. If you are using multiple drives, you need
to fix it so the root and boot volumes are on the same drive.

To access the Openfiler configuration program, navigate to the following link:
https://192.68.2.198:410. The username is openfiler. The default password is password.

The accounts tab provide the following sub tabs: The main ones that were changed have
been noted.

           Authentication
               o Security model: active directory
               o Domain/Workgroup: matc2
               o Domain Controller: zeusofts1
               o ADS realm: matc2.matc.net
               o Check Join Domain
                                                                                   Linux
                                                                             Page 2 of 29
            o Administrator Username: administrator
            o Administrator Password: class password
       Click List of users. Make sure all your users have been imported properly
       Click Admin Password
            o Change the default password to your class password
       Volumes
            o Volume Group Management
                     Include all the volumes you want to be in the group. Click create.
            o Create new volume
                     Follow the form to create a new volume
       General
            o Create the networks that will have access to freenas. Enter your network
               like this:
                     Name: manhattan
                     Network/host: (network number)
                     Netmask: 0.0.0.0
                     Type share.
       Services
            o Enable SMB/CIFS
            o Enable NFSv3
            o Enable HTTP/WebDav/FTP
                     SMB settings
                             Netbios name:freenas



       Shares
           o Your share will now appear. Click on the share you just created. Create a
               new folder.
           o Click on the new folder you created.
                   Group access configuration
                           Public guest access. Access control handled by the folder
                            properties in windows.
                   Host access configuration
                           On each network, click rw under smb/cifs
                                o None under nfs
                                o http/webdav; rw
                                o ftp: rw
                           Check restart
                           Click update.

To access freenas:
        Make sure the computer object has been created in active directory
        Browse to it using my network neighborhood. Find the domain. Open the foler
           and openfiler should be listed.
                                                                                    Linux
                                                                              Page 3 of 29
          Double click on it and you should see the share you just created. If you double
           click on the folder, you will see the shared drive.




                         Linux WWW/DHCP install
                                   Carl Bowen 11/7/06

Verified that hardware was on the HCL for fedora core 2
Used default options until install type here I picked Server
Manually configure disk druid
When I created a raid 1 array on which I mounted / with ~8G of space and swap with
~1GB of space
Later I added another scsi drive /dev/sdc which I mounted to /webroot this could have
also been done here.

Accept the defaults for Grub (which should be install grub book loader on first available
drive

On network devices page set ip to 192.168.3.215 manually via Edit option
Set hostname to www.matc2.matc.net (as this is the main webserver) can be changed
later if required)
Gateway 192.168.3.209
Primary DNS 192.168.1.194
Secondary DNS 192.168.2.194
Tertiary DNS 10.11.2.2

Set to No Firewall. If needed it can be done later just as easily via built in GUI or Third
party GUI.
Default languge is English leave it there (ie hit next)
Set time zone to central
Standard password
In package group selection
*****NOTE***** sections are listed in bold items I checked listed below if followed by
(all) this means I insured that all sub options where picked as well (defaults) I left what
was auto selected if neither I followed with exactly what options I picked from sub menu.

DESKTOPS
X Windows System(DEFAULTS)
KDE (DEFAULTS)

APPLICATIONS
Editors (defaults)
                                                                                       Linux
                                                                                 Page 4 of 29
Graphical Internet (defaults)

SERVERS
Server Config Tools (all)
Web Server (all)
Mail Server (all)
Windows File server (all)
DNS name server (all)
FTP Server (all)
SQL Database Server (all)

\Network Servers
      Amanda-server
      DHCP
      Freeradius
      Tftp-server
      Vnc-server
      Ypserv

DEVELOPMENT
Development Tools (defaults)
Kernel Development (defaults) do not select if space is an issue and you have not plans to
customize the kernel

SYSTEM
Administration Tools (all)
System Tools (all)
Printing Support (defaults)

*****NOTE***** all of the above are subjective IE if you never intend to use server to
print or as print server don’t load printing support (if you think you may need to use a
module later chose that option as it is generally easier and more reliable to install it with
the os rather than later).

Next Away
During the install you will be prompted for the next disc as required.

Later when install is complete make sure and do updates I prefer to use YUM rather than
the redhat updater.

Yum will auto resolve dependencies sometimes redhat will not. YUM is installed by
default if you go to a command prompt and type “yum –y update” the –y option simply
means that any questions that might be asked will be answered with a yes if you do not
want that omit the –y options it will mostly likely prompt you for a response if any
dependent packages need to be installed.
                                                                                  Linux
                                                                            Page 5 of 29
*****NOTE***** YUM is also a good tool for getting packages if you need them man
is your friend typing “man yum” will tell you how you can use yum to obtain or search
for other packages.



                                  Services Mail

                     Start
    Action           at    Description
                     boot?
    acpid            Yes     Listen and dispatch ACPI events from the kernel
    anacron          Yes     Run cron jobs that were left out due to downtime
                             apmd is used for monitoring battery status and logging it
    apmd             Yes     via syslog(8). It can also be used for shutting down the
                             machine when the battery is low.
                             Runs commands scheduled by the at command at the time
    atd              Yes     specified when at was run, and runs batch commands when
                             the load average is low enough.
    autofs           Yes     Automounts filesystems on demand
    cpuspeed         Yes     Run dynamic CPU speed daemon
                             cron is a standard UNIX program that runs user-specified
                             programs at periodic scheduled times. vixie cron adds a
    crond            Yes
                             number of features to the basic UNIX cron, including better
                             security and more powerful configuration options.
                             Startup/shutdown script for the Common UNIX Printing
    cups             Yes
                             System (CUPS).
    dhcpd            Yes     dhcpd provide access to Dynamic Host Control Protocol.
                             GPM adds mouse support to text-based Linux applications
                             such as the Midnight Commander. It also allows mouse-
    gpm              Yes
                             based console cut-and-paste operations, and includes
                             support for pop-up menus on the console.
                             Apache is a World Wide Web server. It is used to serve
    httpd            Yes
                             HTML files and CGI.
    iptables         Yes     Starts, stops and saves iptables firewall
                             The irqbalance daemon will distribute interrupts across the
    irqbalance       Yes     cpus on a multiprocessor system with the purpose of
                             spreading the load. processname: irqbalance
    isdn             Yes     start and stop ISDN services
                                                                             Linux
                                                                       Page 6 of 29

                      This runs the hardware probe, and optionally configures
kudzu           Yes
                      changed hardware.
mdmonitor       Yes   software RAID monitoring and management
mdmpd           Yes   multipath device monitoring and management
                      This is a daemon which broadcasts notifications of system
messagebus      Yes   events and other messages. See
                      http://www.freedesktop.org/software/dbus/
microcode_ctl   Yes   script to apply cpu microcode
                      Mounts and unmounts all Network File System (NFS),
netfs           Yes   SMB/CIFS (Lan Manager/Windows), and NCP (NetWare)
                      mount points.
                      Activates/Deactivates all network interfaces configured to
network         Yes
                      start at boot time.
                      NFS is a popular protocol for file sharing across TCP/IP
nfslock         Yes   networks. This service provides NFS file locking
                      functionality.
                      PCMCIA support is usually to support things like ethernet
                      and modems in laptops. It won't get started unless
pcmcia          Yes
                      configured so it is safe to have it installed on machines that
                      don't need it.
                      The portmapper manages RPC connections, which are used
                      by protocols such as NFS and NIS. The portmap server
portmap         Yes
                      must be running on machines which act as servers for
                      protocols which make use of the RPC mechanism.
radiusd         Yes   Start/Stop the RADIUS server daemon
                      Saves and restores system entropy pool for higher quality
random          Yes
                      random number generation.
                      This scripts assignes raw devices to block devices (such as
                      hard drive partitions). This is for the use of applications
rawdevices      Yes   such as Oracle. You can set up the raw device to block
                      device mapping by editing the file
                      /etc/sysconfig/rawdevices.
                      This service causes the programs used during startup to be
readahead       Yes   loaded into memory before they are needed, thus
                      improving startup performance
                      This service causes the programs used during startup to be
readahead_early Yes   loaded into memory before they are needed, thus
                      improving startup performance
                      This is a daemon which handles the task of connecting
rhnsd           Yes
                      periodically to the Red Hat Network servers to check for
                                                                                    Linux
                                                                              Page 7 of 29

                             updates, notifications and perform system monitoring tasks
                             according to the service level that this server is subscribed
                             for
                             Starts user-level daemon that manages RPCSEC GSS
    rpcgssd          Yes
                             contexts for the NFSv4 client.
                             Starts user-level daemon for NFSv4 that maps user names
    rpcidmapd        Yes
                             to UID and GID numbers.
                             Starts user-level daemon that manages RPCSEC GSS
    rpcsvcgssd       Yes
                             contexts for the NFSv4 server.
                             Sendmail is a Mail Transport Agent, which is the program
    sendmail         Yes
                             that moves mail from one machine to another.
                             Self Monitoring and Reporting Technology (SMART)
    smartd           Yes
                             Daemon
    sshd             Yes     OpenSSH server daemon
                             Syslog is the facility by which many daemons use to log
    syslog           Yes     messages to various system log files. It is a good idea to
                             always run syslog.
                             Starts and stops vncserver. used to provide remote X
    vncserver        Yes
                             administration services.
                             Vsftpd is a ftp daemon, which is the program that answers
    vsftpd           Yes
                             incoming ftp service requests.
    webmin           Yes     Start/stop Webmin
                             Starts and stops the X Font Server at boot time and
    xfs              Yes
                             shutdown. It also takes care of (re-)generating font lists.
                             xinetd is a powerful replacement for inetd. xinetd has
                             access control mechanisms, extensive logging capabilities,
    xinetd           Yes     the ability to make services available based on time, and
                             can place limits on the number of servers that can be
                             started, among other things.

    /etc/rc.d/rc.local Yes



                                  Linux E-mail
                                      Carl Bowen
                                       11-14-06


To get email working in Linux I only had to make a few changes and all where made via
Webmin.
                                                                                      Linux
                                                                                Page 8 of 29
Under Sendmail options I changed the mail queue directory to /var/spool/mail/ and set
SMTP port options to Default

Under Local Domains I added the domain wamail.matc2.matc.net

Under domain routing I created rules one for matc2.matc.net smtp to ip 192.168.1.194.
no rule was put for the GroupWise server since its not currently accepting email it would
be added in the same manner though.

The other change you have to make is under the dovecot server is the POP. Go to the
networking and protocols and select only pop3 and save then start the service.

See softcopy for further details



                          Linux WWW/DHCP install
                                    Carl Bowen 11/7/06

Verified that hardware was on the HCL for fedora core 2
Used default options until install type here I picked Server
Manually configure disk druid
When I created a raid 1 array on which I mounted / with ~8G of space and swap with
~1GB of space
Later I added another scsi drive /dev/sdc which I mounted to /webroot this could have
also been done here.

Accept the defaults for Grub (which should be install grub book loader on first available
drive

On network devices page set ip to 192.168.1.195 manually via Edit option
Set hostname to www.matc2.matc.net (as this is the main webserver can be changed later
if required)
Gateway 192.168.1.193
Primary DNS 192.168.1.194
Secondary DNS 192.168.2.194
Tertiary DNS 10.11.2.2

Set to No Firewall. If needed it can be done later just as easily via built in GUI or Third
party GUI.
Default languge is English leave it there (ie hit next)
Set time zone to central
Standard password
In package group selection
                                                                                       Linux
                                                                                 Page 9 of 29
*****NOTE***** sections are listed in bold items I checked listed below if followed by
(all) this means I insured that all sub options where picked as well (defaults) I left what
was auto selected if neither I followed with exactly what options I picked from sub menu.

DESKTOPS
X Windows System(DEFAULTS)
KDE (DEFAULTS)

APPLICATIONS
Editors (defaults)
Graphical Internet (defaults)

SERVERS
Server Config Tools (all)
Web Server (all)
Mail Server (all)
Windows File server (all)
DNS name server (all)
FTP Server (all)
SQL Database Server (all)

\Network Servers
      Amanda-server
      DHCP
      Freeradius
      Tftp-server
      Vnc-server
      Ypserv

DEVELOPMENT
Development Tools (defaults)
Kernel Development (defaults) do not select if space is an issue and you have not plans to
customize the kernel

SYSTEM
Administration Tools (all)
System Tools (all)
Printing Support (defaults)

*****NOTE***** all of the above are subjective IE if you never intend to use server to
print or as print server don’t load printing support (if you think you may need to use a
module later chose that option as it is generally easier and more reliable to install it with
the os rather than later).

Next Away
During the install you will be prompted for the next disc as required.
                                                                                     Linux
                                                                              Page 10 of 29


Later when install is complete make sure and do updates I prefer to use YUM rather than
the redhat updater.

Yum will auto resolve dependencies sometimes redhat will not. YUM is installed by
default if you go to a command prompt and type “yum –y update” the –y option simply
means that any questions that might be asked will be answered with a yes if you do not
want that omit the –y options it will mostly likely prompt you for a response if any
dependent packages need to be installed.
*****NOTE***** YUM is also a good tool for getting packages if you need them man
is your friend typing “man yum” will tell you how you can use yum to obtain or search
for other packages.


                             VSFTPD Configuration
                                           Carl Bowen
                                            11/11/06

Setting up ftp is simple with fedora core 2 if you install the correct packages all you need
to do is make a couple of changes to the configuration file and start the service.

I changes a few lines in the config file this are the lines I changed

The first two are needed the others are just best practice.
anonymous_enable=no           This make username and password a requirement
local_enable=YES              This checks passwd for authentication


chroot_local_user=YES       This locks local users in home directory
chroot_list_enable=YES This makes it possible to exclude users from
                     chroot_local_user

chroot_list_file=/etc/vsftpd.chroot_list               This is the file of who gets excluded
                                                       from the chroot rule.
you must create the /etc/vsftpd.chroot_list file or vsftpd may not start properly user vi or
touch.

To start the service only as needed use service vsftpd start
To cause vsfptd to start at boot up use the gui or webmin to set that.


                           Free Radius Configuration
                                           Carl Bowen
                                            11-4-06
                                                                                      Linux
                                                                               Page 11 of 29
Installation of Free Radius via yum is as simple as at a command prompt type “yum
install freeradius” it may prompt you that it needs to install other packages because of
dependencies just answer yes.

Once it is installed you will have a new directory of /etc/raddb within there are three files
that will probably need to be modified.

The first radiusd.conf if the configuration file for the radius daemon probably the only
thing you will need to change here is the port statement by default it is set to 0 which
actually means it will listen on the default which is actually 1812 for authentication 1813
for accounting but older routers and devices by default use 1645 but the newer standard is
1812. For example the 2500 seriers routers and the PIX use 1645 by default but the pix
can be changed with a simple aaa-server radius-authport 1812 command I do now know
of how to change the port on the 2500 or 2600 routers.

The second file clients.conf if the file that the radius server will check to see if a radius
request is coming from a machine that is authorized to use this radius server and it is also
where you set the secret (which I used to protect the data). Format for entries is

client 192.168.10.1/32{
secret = secretpassword
shortname = Pix
}

The first line defines the device or subnet that will be allowed access.
The second line sets the shared secret.
The third line there is just a shortened name for the device

The last file users contains all of your user info such as username and passwords as well
as other possible options for example you can set it up that certain users only have access
to certain things.

These are the entries I added which is just basic authentication.

bowenc       Auth-Type :=local, user-password == "!toast1"
grahamb      Auth-Type :=local, user-password == "!toast1"
gilliganb   Auth-Type :=local, user-password == "!toast1"
perrya      Auth-Type :=local, user-password == "!toast1"
eckartb     Auth-Type :=local, user-password == "!toast1"
decknessj    Auth-Type :=local, user-password == "!toast1"
ezekwek      Auth-Type :=local, user-password == "!toast1"
allenn      Auth-Type :=local, user-password == "!toast1"


If you put this into radius

user1               Auth-Type := Local, User-Password == "password1"
                                                                               Linux
                                                                        Page 12 of 29
                   Filter-Id = "vpnstaffin"

And put this on the pix

access-list vpnstaffin permit ip 192.168.100.0 255.255.255.0 host
10.0.0.12
access-list vpnstaffin permit udp 192.168.100.0 255.255.255.0 eq
netbios-ns host 10.0.0.13
access-list vpnstaffin deny ip any any log

Then user1 when they log on would have those acls applied to them.




                      Configuration guide to MRTG
                                    Carl Bowen
                                     10/27/06

To set up MRTG on FC2 install per instructions on
http://oss.oetiker.ch/mrtg/doc/mrtg-unix-guide.en.html, it would be best to read
the entire unix guide portion before starting anything. Followed by reviewing the
cfgmaker and indexmaker pages before actually trying to make a MRTG
configuration file.

To configure MRGT to poll your devices you have to use cfgmaker to create the
needed configuration file below is the cfgmake command I used to create our
MRTG configuration file.
*Note Yes this is a single command entered at a command prompt and you don’t
press “enter” until everything you want is typed in.


/root/mrtg-2.14.7/bin/./cfgmaker --global 'WorkDir: /webroot/mrtg' --global
'Options[_]: bits,growright'     --output /home/mrtg/cfg/mrtg.cfg       --ifref=ip
zeusoft@Junction_City-Router --ifref=ip zeusoft@Wamego-Router --ifref=ip
zeusoft@Manhattan-Router zeusoft@Pix --ifref=ip zeusoft@Access_Router --
no-down --ifref=name zeusoft@Junction_City-Switch --no-down --ifref=name
zeusoft@Wamego-Switch --no-down --ifref=name zeusoft@Manhattan-Switch
zeusoft@wireless


The break down of this is:

/root/mrtg-2.14.7/bin/./cfgmaker          ; This tells exactly where to find the
cfgmaker script.

--global 'WorkDir: /webroot/mrtg' ; This tells cfgmaker where to put all of the files
that it creates to make the display pages.
                                                                                Linux
                                                                         Page 13 of 29
--global 'Options[_]: bits,growright'     ; This tells cfgmaker that is should
display speeds in bits (unless too large) and that new info on the graph will show
up to the right of old data.

--output /home/mrtg/cfg/mrtg.cfg            ; This is where cfgmaker will store the
cfg file it is recommended that this file not be in apache’s tree.

--ifref=ip zeusoft@Junction_City-Router; Finally this is telling cfgmaker what
devices to poll the --ifref=ip tells cfg to label interfaces by there IP address there
are other options (see http://oss.oetiker.ch/mrtg/doc/cfgmaker.en.html for
details). The portion in front of the “@” is the community name. The portion after
is the hostname or IP address (I used host names and entries in the hosts table)
so that the next step would be easier and make more sense. Without using host
names creating pages that make sense and look good becomes a real chore.

When you execute the above command it will create a MRTG configuration file
the standard MRTG configuration is that every interface will be on one page with
its history and referenced by its host name or IP address. This is less than
desirable the thing to do at this point is use indexmaker to sort and format these
raw html pages a bit.

The better way of doing this is create a script like the one below run it check to
see if the results are what you want. Change any desired settings and run it
again. To get what you want may take several tries. I named my script index.sh.

#!/bin/sh
  for i in manhattan-router junction_city-router wamego-router manhattan-switch
junction_city-switch wamego-switch pix access_router wireless; do
    echo "Indexing $i"
    /root/mrtg-2.14.7/bin/indexmaker         --output /webroot/mrtg/$i.html  --
filter name=~$i --columns=1         --title="Bandwidth stats for $i"
/home/mrtg/cfg/mrtg.cfg
done

This script creates an index page for all interfaces on each device.
Break down as follows:

for i in manhattan-router junction_city-router wamego-router manhattan-switch
junction_city-switch wamego-switch pix access_router wireless; do

This section basically runs the indexmaker for each listed device in order ie
indexes manhattan-router then indexes junction_city-router.....

echo "Indexing $i"                         ; This part just shows you on the screen
the progress.
                                                                                  Linux
                                                                           Page 14 of 29
/root/mrtg-2.14.7/bin/indexmaker           ; This is the path to indexmaker script

--output /webroot/mrtg/$i.html     ; This is where the index files get output too the
$i causes the output file to be named

--filter name=~$i                          ; Says to process pages based upon the
routers name so all interfaces for router x show up on routers x page.

--columns1=1                               ; Specifies how many columns of graphs
will show

--title="Bandwith stats for $i"            ; Is just the title at the top of the page.

/home/mrtg/cfg/mrtg.cfg                    ; Is just where the mrtg.conf file is since
it gets referenced

done                                       ;means end of for loop in the script.

Next we actually want MRTG to collect data the command is as follows

env LANG=C /usr/local/mrtg-2/bin/mrtg /home/mrtg/cfg/mrtg.cfg

all it does it executes MRTG using the mrtg.cfg file. (* Note the first couple of
times you run this you will get errors don’t worry unless they continue much more
than a few times.)

At this point you have a bunch of indexed files that are Routername.html format
you want these to be set up all on one page so create a basic web page with
links to the preformatted pages. If you need help doing this … remember Google
is your friend or use a program like FrontPage to simply create a page with a
bunch of links.


The final thing to do is create a cronjob to cause to this happen periodically.

This can be done via a command line or other utilities I used Webmin. Below is a
copy of the crontable used to run MRTG.

# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.14015 installed on Tue Oct 17 20:00:02 2006)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0,5,10,15,20,25,30,35,40,45,50,55 * * * * env LANG=C /usr/local/mrtg-2/bin/mrtg
/home/mrtg/cfg/mrtg.cfg #MRTG

This file is located in /var/spool/cron/
                                                                                      Linux
                                                                               Page 15 of 29
If you do not understand what any of the above means typing "man cron" or "man
crontab" should help explain.




                  VNC Server Configuration and Usage
                                        Carl Bowen
                                         11/8/06

Since VNC server was installed during the server installation all we have to do to allow
remote GUI management of the desktop of server is to configure the server

The service is start with this command “vncserver” I recommend only turning it on when
you need use it. It can be easily started in a secure manner using ssh to log in and start the
service. Once it is started you can then connect to it with a Java enabled web browser
pointed to port 5801 or using a VNC client I prefer using the web browser since that is
not require specific software installation. You can actually have several instances of vnc
running at once allowing multiple users to access their desktops at the same time each
user must start there own vncserver session from ssh and at that point that it show them
what port they will use for each new user the port number increases by 1.

By default VNC does not start any applications other than a single terminal shell in the
Xwindows environment. What applications and if a actually desktop is started it set in the
xsetup files in each users home directory.

This is what the file will look like when setup to display the normal KDE desktop.

#!/bin/sh

# Uncomment the following two lines for normal desktop:
 unset SESSION_MANAGER
 exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
startkde &
                                                                                 Linux
                                                                          Page 16 of 29

                                      Hosts file
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1      linuxmail    localhost.localdomain localhost
192.168.1.1 Manhattan-Router
192.168.2.1 Junction_City-Router
192.168.3.1 Wamego-Router
192.168.10.1 Pix
192.168.10.5 Access_Router
192.168.1.254 Manhattan-Switch
192.168.2.254 Junction_City-Switch
192.168.3.254 Wamego-Switch
192.168.3.194 Wireless


            Linux NTP Client Fedora Core 2 via Webmin
                                   Carl Bowen 11/1/06

The easy way to set up time on fedora core 2 is to use webmin log into webmin as root
(unless a different username was specified during installation of webroot) go to the
Hardware tab and you will see this screen




Click on system time It will bring up this screen
                                                                                    Linux
                                                                             Page 17 of 29




This is pretty self explanatory our time server is obviously 192.168.1.198 you want tell it
to sync the time periodically I chose to use once per day at midnight because unless a
major problem occurs this will keep the time within a min most likely within a few
seconds.


                                       DHCPD
                                       Carl Bowen
                                        10/27/06

To start and run a DHCP server under most flavors of Linux all you need to do is create a
valid configuration file and leases file and start the service.

Below is a valid working conf file anything typed after the ‘;’ is a comment and will not
be read by the server.

allow unknown-clients; this allows unknown MAC/Host names to get an IP address
next-server 192.168.1.194; used with remote installs and RIS boot
option time-servers 192.168.1.198; Serves time sync server IP’s to client
option domain-name-servers 192.168.1.194; This serves dns server addresses
ddns-update-style ad-hoc; Method used to update DDNS with DNS server
default-lease-time 600; Length of lease in seconds
max-lease-time 7200; Max lease time a client machine can request
#each subnet command creates a scope defined by the network number and mask
subnet 192.168.1.0 netmask 255.255.255.128 {
     ddns-updates on; turns DDNS on
                                                                                      Linux
                                                                               Page 18 of 29
     ddns-domainname "matc2.matc.net"; The DDNS domain which the client will be
associated with to client
     option domain-name "matc2.matc.net"; the domain name assigned to client
     range 192.168.1.2 192.168.1.126; actual available range of addresses in scope
     option subnet-mask 255.255.255.128; sets the Mask
     option broadcast-address 192.168.1.127; advises of the broadcast
     option routers 192.168.1.1; Default gateway
     }
subnet 192.168.1.128 netmask 255.255.255.192 {
     next-server 192.168.1.195;              This tells pxe hosts where tftp server is
     Filename “/tftpboot/pxelinux.0’;This tells pxe hosts what the file to get is
     option domain-name-servers 192.168.1.194;
     authoritative;
     ddns-updates on;
     ddns-domainname "matc2.matc.net";
     range 192.168.1.130 192.168.1.190;
     option subnet-mask 255.255.255.192;
     option broadcast-address 192.168.1.191;
     option routers 192.168.1.129;
     }
subnet 192.168.1.192 netmask 255.255.255.240 {
     authoritative;
     ddns-updates on;
     range 192.168.1.199 192.168.1.201;
     }




Once your configuration file is created it should be located in /etc/ and named dhcpd.conf
ie “/etc/dhcpd.conf”.
To start dhcpd must also have a Leases file in Fedora Core 2 it is
“/var/lib/dhcp/dhcpd.leases” but may possibly not exist if not type
touch “/var/lib/dhcp/dhcpd.leases”
to create the file. For other versions of linux use locate leases or man dhcpd.leases to find
where the file should be.

To start the service you just type service dhcpd start
To cause the service to start at boot every time:

Method 1 you can go to the red hat (AKA start button) system settings, server settings
then services and click on the box next to dhcpd.

Method 2 If you have webmin installed open web browser and put in address of
server:10000 go to system then “Bootup and Shutdown” find dhcpd in list click the box
next to it and at the bottom click “start now & on boot”
                                                                                     Linux
                                                                              Page 19 of 29


Method 3 Go to /etc/rc.d/rc5.d and change the file name of dhcpd (should look like
XXXdhcpd X being a variables) most likely it be KXXdhcpd and you change that to
SXXdhcpd. K means kill S means start to initd which references these symlinks. *Note
if you are running the server in a different init mod just use the runlevel number you are
using in the # position of “/etc/rc.d/rc#.d”.


TROUBLE SHOOTING
If dhcpd does not start most likely it is because the configuration file has an error if you
view the messages log file if should give a clue as to where in the file the problem is. The
log file can be viewed via the GUI or by using the cat tail command on /var/log/messages
if these commands are not familiar type man cat or man tail.

**** Final note man and grep are your friends learn how to use them.


                                       Rdesktop
                            Linux Access to Terminal Services
                                      Carl Bowen

Rdesktop is the program and the command that allows a Linux computer to access a
windows computer running Terminal services (also known as Remote Desktop).

Rdesktop can be install at the same time as the OS, and is if you followed my install
instructions, or after if installing after here is what you would do.

First go to www.rdesktop.org and download the latest stable release source code and save
it somewhere. For the next step the GUI is the easiest if you right click on the file and
then click on extract here. That should create a folder with the same name as the file you
downloaded minus the .tar.bz.

Now read the Readme file.
Then you will need to open a terminal window and cd to the folder that was created when
you uncompressed the file once you have done that you will need to use the three stand
compile commands

./configure
make
make install

After issuing each of those command the server will do a bunch of stuff .. it should
complete without any errors.
After make install finishes the installation is complete and you can then use Rdesktop.
                                                                                    Linux
                                                                             Page 20 of 29
To use rdesktop open a terminal windows in the GUI type “rdesktop serverip:port” if the
server is using the default port and can just use “rdesktop serverip”. If the server has a
valid DNS record or hosts entry you can use “rdesktop servername”.

What you will see at this time is a standard remote desktop window requesting username,
password and domain information.


                         Linux WWW/DHCP install
                                   Carl Bowen 11/7/06

Verified that hardware was on the HCL for fedora core 2
Used default options until install type here I picked Server
Manually configure disk druid
When I created a raid 1 array on which I mounted / with ~8G of space and swap with
~1GB of space
Later I added another scsi drive /dev/sdc which I mounted to /webroot this could have
also been done here.

Accept the defaults for Grub (which should be install grub book loader on first available
drive

On network devices page set ip to 192.168.1.195 manually via Edit option
Set hostname to www.matc2.matc.net (as this is the main webserver can be changed later
if required)
Gateway 192.168.1.193
Primary DNS 192.168.1.194
Secondary DNS 192.168.2.194
Tertiary DNS 10.11.2.2

Set to No Firewall. If needed it can be done later just as easily via built in GUI or Third
party GUI.
Default languge is English leave it there (ie hit next)
Set time zone to central
Standard password
In package group selection
*****NOTE***** sections are listed in bold items I checked listed below if followed by
(all) this means I insured that all sub options where picked as well (defaults) I left what
was auto selected if neither I followed with exactly what options I picked from sub menu.

DESKTOPS
X Windows System(DEFAULTS)
KDE (DEFAULTS)

APPLICATIONS
Editors (defaults)
                                                                                       Linux
                                                                                Page 21 of 29
Graphical Internet (defaults)

SERVERS
Server Config Tools (all)
Web Server (all)
Mail Server (all)
Windows File server (all)
DNS name server (all)
FTP Server (all)
SQL Database Server (all)

\Network Servers
      Amanda-server
      DHCP
      Freeradius
      Tftp-server
      Vnc-server
      Ypserv

DEVELOPMENT
Development Tools (defaults)
Kernel Development (defaults) do not select if space is an issue and you have not plans to
customize the kernel

SYSTEM
Administration Tools (all)
System Tools (all)
Printing Support (defaults)

*****NOTE***** all of the above are subjective IE if you never intend to use server to
print or as print server don’t load printing support (if you think you may need to use a
module later chose that option as it is generally easier and more reliable to install it with
the os rather than later).

Next Away
During the install you will be prompted for the next disc as required.

Later when install is complete make sure and do updates I prefer to use YUM rather than
the redhat updater.

Yum will auto resolve dependencies sometimes redhat will not. YUM is installed by
default if you go to a command prompt and type “yum –y update” the –y option simply
means that any questions that might be asked will be answered with a yes if you do not
want that omit the –y options it will mostly likely prompt you for a response if any
dependent packages need to be installed.
                                                                                     Linux
                                                                              Page 22 of 29
*****NOTE***** YUM is also a good tool for getting packages if you need them man
is your friend typing “man yum” will tell you how you can use yum to obtain or search
for other packages.



                                   SSH SERVER
                                   Carl Bowen 11-8-06

IF you install the server per installation instructions ssh will be installed and should be
running by default if not you can start the service manually by typing “service sshd start”
or you can edit the init file or use a gui to set it to be started at boot.
I did change what port it uses this server it set to use port 22000 because of security
reasons and because I have ssh routed to this machine through the PIX.

This is the config file for SSHD located in /etc/ssh/ the only think I changed it the very
last line.

#    $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
                                                                                     Linux
                                                                              Page 23 of 29
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
                                                                                      Linux
                                                                               Page 24 of 29


#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem      sftp /usr/libexec/openssh/sftp-server
ReverseMappingCheck no
GatewayPorts no
AllowTcpForwarding yes
KeepAlive yes
Protocol 1,2
Port 22000



                         HTTPD Configuration Linux
                                    Carl Bowen 11-8-06

If you follow the install documentation httpd will be installed and ready to run from the
default directory of /var/www/html/ I changed what the http root directory was to
/webroot

You change that by editing the file /etc/httpd/httpd.conf
The only other think you should need to do is start the service ie service httpd start
refence

This is the section I changed

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
                                                                                    Linux
                                                                             Page 25 of 29
#
DocumentRoot /webroot/

# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
   Options FollowSymLinks
   #AllowOverride None
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/webroot/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews



                                    HTACCESS
                       Password Protection of Files and Directory
                                Carl Bowen 10/27/06


To allow .htaccess to work for a directory in the httpd.conf file you must put the
AllowOverride all statement inside of a standard <Directory> </Directory>

For example:

<Directory "/var/www/icons">
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>
                                                                                      Linux
                                                                               Page 26 of 29


This would prevent apache from looking in that directory or subdirectories for an
.htaccess file.


<Directory "/home/webroot/documentation">
AllowOverride all
</Directory>

With it like this it will check for any .htaccess files.

htaccess files are created using a text editor. Below is a sample:

AuthUserFile /.htpasswd
AuthType basic
AuthGroupFile /dev/null
AuthName "Zeusoft Documentation"
require valid-user



The .htpassword file is created with by typing touch .htpasswd

Then use the htpasswd command to create password each user to have access

Syntax htpasswd -b passwordfile username password
Example;      htpasswd -b /.htpasswd bob toasty

Used like this it will create a line for each username with an encrypted password. There
are other options to learn them type man htpasswd

* note to use special character such as “!” you must put \ in front of the special character
like htpasswd -b /.htpasswd bob \!toast will create bob with a password of !toast


                                          Webmin
                                Remote Server Administration
                                        Carl Bowen
                                         11/11/06


Webmin is a nice utility that give a GUI interface to almost all standard type services you
might install on a linux server. It is very user friendly.

To install Webmin go the www.webmin.com and click on downloading and installing
read the instructions they are easy and work
                                                                                  Linux
                                                                           Page 27 of 29


The only other thing you need to know is how to access webmin.

To access webmin locally open a web browser and put in the address of
http://localhost:10000

To access Webmin from a different machine simply use http://servername:10000 or
http://serveripaddress:10000


Explore the programs it has a lot of functionality and of course more documentation is
available on the webmin website there is also a place in webmin to access the
documentation.



                            Services DHCP-WWW

                      Start
     Action           at    Description
                      boot?
     acpid            Yes    Listen and dispatch ACPI events from the kernel
     anacron          Yes    Run cron jobs that were left out due to downtime
                             apmd is used for monitoring battery status and logging it
     apmd             Yes    via syslog(8). It can also be used for shutting down the
                             machine when the battery is low.
                             Runs commands scheduled by the at command at the time
     atd              Yes    specified when at was run, and runs batch commands when
                             the load average is low enough.
     autofs           Yes    Automounts filesystems on demand
     cpuspeed         Yes    Run dynamic CPU speed daemon
                             cron is a standard UNIX program that runs user-specified
                             programs at periodic scheduled times. vixie cron adds a
     crond            Yes
                             number of features to the basic UNIX cron, including better
                             security and more powerful configuration options.
                             Startup/shutdown script for the Common UNIX Printing
     cups             Yes
                             System (CUPS).
     dovecot          Yes    Dovecot Imap Server
                             GPM adds mouse support to text-based Linux applications
     gpm              Yes    such as the Midnight Commander. It also allows mouse-
                             based console cut-and-paste operations, and includes
                                                                             Linux
                                                                      Page 28 of 29

                      support for pop-up menus on the console.
iptables        Yes   Starts, stops and saves iptables firewall
                      The irqbalance daemon will distribute interrupts across the
irqbalance      Yes   cpus on a multiprocessor system with the purpose of
                      spreading the load. processname: irqbalance
isdn            Yes   start and stop ISDN services
                      This runs the hardware probe, and optionally configures
kudzu           Yes
                      changed hardware.
mdmonitor       Yes   software RAID monitoring and management
mdmpd           Yes   multipath device monitoring and management
                      This is a daemon which broadcasts notifications of system
messagebus      Yes   events and other messages. See
                      http://www.freedesktop.org/software/dbus/
microcode_ctl   Yes   script to apply cpu microcode
                      Mounts and unmounts all Network File System (NFS),
netfs           Yes   SMB/CIFS (Lan Manager/Windows), and NCP (NetWare)
                      mount points.
                      Activates/Deactivates all network interfaces configured to
network         Yes
                      start at boot time.
                      NFS is a popular protocol for file sharing across TCP/IP
nfslock         Yes   networks. This service provides NFS file locking
                      functionality.
                      ntpd is the NTPv4 daemon. The Network Time Protocol
                      (NTP) is used to synchronize the time of a computer client
ntpd            Yes
                      or server to another server or reference time source, such as
                      a radio or satellite receiver or modem.
                      PCMCIA support is usually to support things like ethernet
                      and modems in laptops. It won't get started unless
pcmcia          Yes
                      configured so it is safe to have it installed on machines that
                      don't need it.
                      The portmapper manages RPC connections, which are used
                      by protocols such as NFS and NIS. The portmap server
portmap         Yes
                      must be running on machines which act as servers for
                      protocols which make use of the RPC mechanism.
                      Saves and restores system entropy pool for higher quality
random          Yes
                      random number generation.
                      This scripts assignes raw devices to block devices (such as
rawdevices      Yes   hard drive partitions). This is for the use of applications
                      such as Oracle. You can set up the raw device to block
                                                                                Linux
                                                                         Page 29 of 29

                         device mapping by editing the file
                         /etc/sysconfig/rawdevices.
                         This service causes the programs used during startup to be
readahead        Yes     loaded into memory before they are needed, thus
                         improving startup performance
                         This service causes the programs used during startup to be
readahead_early Yes      loaded into memory before they are needed, thus
                         improving startup performance
                         This is a daemon which handles the task of connecting
                         periodically to the Red Hat Network servers to check for
rhnsd            Yes     updates, notifications and perform system monitoring tasks
                         according to the service level that this server is subscribed
                         for
                         Starts user-level daemon that manages RPCSEC GSS
rpcgssd          Yes
                         contexts for the NFSv4 client.
                         Starts user-level daemon for NFSv4 that maps user names
rpcidmapd        Yes
                         to UID and GID numbers.
                         Starts user-level daemon that manages RPCSEC GSS
rpcsvcgssd       Yes
                         contexts for the NFSv4 server.
                         Sendmail is a Mail Transport Agent, which is the program
sendmail         Yes
                         that moves mail from one machine to another.
                         Self Monitoring and Reporting Technology (SMART)
smartd           Yes
                         Daemon
sshd             Yes     OpenSSH server daemon
                         Syslog is the facility by which many daemons use to log
syslog           Yes     messages to various system log files. It is a good idea to
                         always run syslog.
webmin           Yes     Start or stop the Webmin server
                         Starts and stops the X Font Server at boot time and
xfs              Yes
                         shutdown. It also takes care of (re-)generating font lists.
                         xinetd is a powerful replacement for inetd. xinetd has
                         access control mechanisms, extensive logging capabilities,
xinetd           Yes     the ability to make services available based on time, and
                         can place limits on the number of servers that can be
                         started, among other things.

/etc/rc.d/rc.local Yes

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:40
posted:11/25/2011
language:English
pages:29