LINUX

Linux

Page 1 of 29





LINUX

LINUX ................................................................................................................................ 1

Openfiler Documentation.................................................................................................... 1

Linux WWW/DHCP install ................................................................................................ 3

Services Mail ...................................................................................................................... 5

Linux E-mail ....................................................................................................................... 7

Linux WWW/DHCP install ................................................................................................ 8

VSFTPD Configuration .................................................................................................... 10

Free Radius Configuration ................................................................................................ 10

Configuration guide to MRTG.......................................................................................... 12

VNC Server Configuration and Usage ............................................................................. 15

Hosts file ........................................................................................................................... 16

Linux NTP Client Fedora Core 2 via Webmin ................................................................. 16

DHCPD ............................................................................................................................. 17

Rdesktop ........................................................................................................................... 19

Linux WWW/DHCP install .............................................................................................. 20

SSH SERVER ................................................................................................................... 22

HTTPD Configuration Linux ............................................................................................ 24

HTACCESS ...................................................................................................................... 25

Webmin ............................................................................................................................. 26

Services DHCP-WWW..................................................................................................... 27







Openfiler Documentation

Installation:



The installation program uses the same instructions as the Fedora Core 2. Set it up

the same way, except do manual partitioning. If you are using multiple drives, you need

to fix it so the root and boot volumes are on the same drive.



To access the Openfiler configuration program, navigate to the following link:

https://192.68.2.198:410. The username is openfiler. The default password is password.



The accounts tab provide the following sub tabs: The main ones that were changed have

been noted.



 Authentication

o Security model: active directory

o Domain/Workgroup: matc2

o Domain Controller: zeusofts1

o ADS realm: matc2.matc.net

o Check Join Domain

Linux

Page 2 of 29

o Administrator Username: administrator

o Administrator Password: class password

 Click List of users. Make sure all your users have been imported properly

 Click Admin Password

o Change the default password to your class password

 Volumes

o Volume Group Management

 Include all the volumes you want to be in the group. Click create.

o Create new volume

 Follow the form to create a new volume

 General

o Create the networks that will have access to freenas. Enter your network

like this:

 Name: manhattan

 Network/host: (network number)

 Netmask: 0.0.0.0

 Type share.

 Services

o Enable SMB/CIFS

o Enable NFSv3

o Enable HTTP/WebDav/FTP

 SMB settings

 Netbios name:freenas







 Shares

o Your share will now appear. Click on the share you just created. Create a

new folder.

o Click on the new folder you created.

 Group access configuration

 Public guest access. Access control handled by the folder

properties in windows.

 Host access configuration

 On each network, click rw under smb/cifs

o None under nfs

o http/webdav; rw

o ftp: rw

 Check restart

 Click update.



To access freenas:

 Make sure the computer object has been created in active directory

 Browse to it using my network neighborhood. Find the domain. Open the foler

and openfiler should be listed.

Linux

Page 3 of 29

 Double click on it and you should see the share you just created. If you double

click on the folder, you will see the shared drive.









Linux WWW/DHCP install

Carl Bowen 11/7/06



Verified that hardware was on the HCL for fedora core 2

Used default options until install type here I picked Server

Manually configure disk druid

When I created a raid 1 array on which I mounted / with ~8G of space and swap with

~1GB of space

Later I added another scsi drive /dev/sdc which I mounted to /webroot this could have

also been done here.



Accept the defaults for Grub (which should be install grub book loader on first available

drive



On network devices page set ip to 192.168.3.215 manually via Edit option

Set hostname to www.matc2.matc.net (as this is the main webserver) can be changed

later if required)

Gateway 192.168.3.209

Primary DNS 192.168.1.194

Secondary DNS 192.168.2.194

Tertiary DNS 10.11.2.2



Set to No Firewall. If needed it can be done later just as easily via built in GUI or Third

party GUI.

Default languge is English leave it there (ie hit next)

Set time zone to central

Standard password

In package group selection

*****NOTE***** sections are listed in bold items I checked listed below if followed by

(all) this means I insured that all sub options where picked as well (defaults) I left what

was auto selected if neither I followed with exactly what options I picked from sub menu.



DESKTOPS

X Windows System(DEFAULTS)

KDE (DEFAULTS)



APPLICATIONS

Editors (defaults)

Linux

Page 4 of 29

Graphical Internet (defaults)



SERVERS

Server Config Tools (all)

Web Server (all)

Mail Server (all)

Windows File server (all)

DNS name server (all)

FTP Server (all)

SQL Database Server (all)



\Network Servers

Amanda-server

DHCP

Freeradius

Tftp-server

Vnc-server

Ypserv



DEVELOPMENT

Development Tools (defaults)

Kernel Development (defaults) do not select if space is an issue and you have not plans to

customize the kernel



SYSTEM

Administration Tools (all)

System Tools (all)

Printing Support (defaults)



*****NOTE***** all of the above are subjective IE if you never intend to use server to

print or as print server don’t load printing support (if you think you may need to use a

module later chose that option as it is generally easier and more reliable to install it with

the os rather than later).



Next Away

During the install you will be prompted for the next disc as required.



Later when install is complete make sure and do updates I prefer to use YUM rather than

the redhat updater.



Yum will auto resolve dependencies sometimes redhat will not. YUM is installed by

default if you go to a command prompt and type “yum –y update” the –y option simply

means that any questions that might be asked will be answered with a yes if you do not

want that omit the –y options it will mostly likely prompt you for a response if any

dependent packages need to be installed.

Linux

Page 5 of 29

*****NOTE***** YUM is also a good tool for getting packages if you need them man

is your friend typing “man yum” will tell you how you can use yum to obtain or search

for other packages.







Services Mail



Start

Action at Description

boot?

acpid Yes Listen and dispatch ACPI events from the kernel

anacron Yes Run cron jobs that were left out due to downtime

apmd is used for monitoring battery status and logging it

apmd Yes via syslog(8). It can also be used for shutting down the

machine when the battery is low.

Runs commands scheduled by the at command at the time

atd Yes specified when at was run, and runs batch commands when

the load average is low enough.

autofs Yes Automounts filesystems on demand

cpuspeed Yes Run dynamic CPU speed daemon

cron is a standard UNIX program that runs user-specified

programs at periodic scheduled times. vixie cron adds a

crond Yes

number of features to the basic UNIX cron, including better

security and more powerful configuration options.

Startup/shutdown script for the Common UNIX Printing

cups Yes

System (CUPS).

dhcpd Yes dhcpd provide access to Dynamic Host Control Protocol.

GPM adds mouse support to text-based Linux applications

such as the Midnight Commander. It also allows mouse-

gpm Yes

based console cut-and-paste operations, and includes

support for pop-up menus on the console.

Apache is a World Wide Web server. It is used to serve

httpd Yes

HTML files and CGI.

iptables Yes Starts, stops and saves iptables firewall

The irqbalance daemon will distribute interrupts across the

irqbalance Yes cpus on a multiprocessor system with the purpose of

spreading the load. processname: irqbalance

isdn Yes start and stop ISDN services

Linux

Page 6 of 29



This runs the hardware probe, and optionally configures

kudzu Yes

changed hardware.

mdmonitor Yes software RAID monitoring and management

mdmpd Yes multipath device monitoring and management

This is a daemon which broadcasts notifications of system

messagebus Yes events and other messages. See

http://www.freedesktop.org/software/dbus/

microcode_ctl Yes script to apply cpu microcode

Mounts and unmounts all Network File System (NFS),

netfs Yes SMB/CIFS (Lan Manager/Windows), and NCP (NetWare)

mount points.

Activates/Deactivates all network interfaces configured to

network Yes

start at boot time.

NFS is a popular protocol for file sharing across TCP/IP

nfslock Yes networks. This service provides NFS file locking

functionality.

PCMCIA support is usually to support things like ethernet

and modems in laptops. It won't get started unless

pcmcia Yes

configured so it is safe to have it installed on machines that

don't need it.

The portmapper manages RPC connections, which are used

by protocols such as NFS and NIS. The portmap server

portmap Yes

must be running on machines which act as servers for

protocols which make use of the RPC mechanism.

radiusd Yes Start/Stop the RADIUS server daemon

Saves and restores system entropy pool for higher quality

random Yes

random number generation.

This scripts assignes raw devices to block devices (such as

hard drive partitions). This is for the use of applications

rawdevices Yes such as Oracle. You can set up the raw device to block

device mapping by editing the file

/etc/sysconfig/rawdevices.

This service causes the programs used during startup to be

readahead Yes loaded into memory before they are needed, thus

improving startup performance

This service causes the programs used during startup to be

readahead_early Yes loaded into memory before they are needed, thus

improving startup performance

This is a daemon which handles the task of connecting

rhnsd Yes

periodically to the Red Hat Network servers to check for

Linux

Page 7 of 29



updates, notifications and perform system monitoring tasks

according to the service level that this server is subscribed

for

Starts user-level daemon that manages RPCSEC GSS

rpcgssd Yes

contexts for the NFSv4 client.

Starts user-level daemon for NFSv4 that maps user names

rpcidmapd Yes

to UID and GID numbers.

Starts user-level daemon that manages RPCSEC GSS

rpcsvcgssd Yes

contexts for the NFSv4 server.

Sendmail is a Mail Transport Agent, which is the program

sendmail Yes

that moves mail from one machine to another.

Self Monitoring and Reporting Technology (SMART)

smartd Yes

Daemon

sshd Yes OpenSSH server daemon

Syslog is the facility by which many daemons use to log

syslog Yes messages to various system log files. It is a good idea to

always run syslog.

Starts and stops vncserver. used to provide remote X

vncserver Yes

administration services.

Vsftpd is a ftp daemon, which is the program that answers

vsftpd Yes

incoming ftp service requests.

webmin Yes Start/stop Webmin

Starts and stops the X Font Server at boot time and

xfs Yes

shutdown. It also takes care of (re-)generating font lists.

xinetd is a powerful replacement for inetd. xinetd has

access control mechanisms, extensive logging capabilities,

xinetd Yes the ability to make services available based on time, and

can place limits on the number of servers that can be

started, among other things.



/etc/rc.d/rc.local Yes







Linux E-mail

Carl Bowen

11-14-06





To get email working in Linux I only had to make a few changes and all where made via

Webmin.

Linux

Page 8 of 29

Under Sendmail options I changed the mail queue directory to /var/spool/mail/ and set

SMTP port options to Default



Under Local Domains I added the domain wamail.matc2.matc.net



Under domain routing I created rules one for matc2.matc.net smtp to ip 192.168.1.194.

no rule was put for the GroupWise server since its not currently accepting email it would

be added in the same manner though.



The other change you have to make is under the dovecot server is the POP. Go to the

networking and protocols and select only pop3 and save then start the service.



See softcopy for further details







Linux WWW/DHCP install

Carl Bowen 11/7/06



Verified that hardware was on the HCL for fedora core 2

Used default options until install type here I picked Server

Manually configure disk druid

When I created a raid 1 array on which I mounted / with ~8G of space and swap with

~1GB of space

Later I added another scsi drive /dev/sdc which I mounted to /webroot this could have

also been done here.



Accept the defaults for Grub (which should be install grub book loader on first available

drive



On network devices page set ip to 192.168.1.195 manually via Edit option

Set hostname to www.matc2.matc.net (as this is the main webserver can be changed later

if required)

Gateway 192.168.1.193

Primary DNS 192.168.1.194

Secondary DNS 192.168.2.194

Tertiary DNS 10.11.2.2



Set to No Firewall. If needed it can be done later just as easily via built in GUI or Third

party GUI.

Default languge is English leave it there (ie hit next)

Set time zone to central

Standard password

In package group selection

Linux

Page 9 of 29

*****NOTE***** sections are listed in bold items I checked listed below if followed by

(all) this means I insured that all sub options where picked as well (defaults) I left what

was auto selected if neither I followed with exactly what options I picked from sub menu.



DESKTOPS

X Windows System(DEFAULTS)

KDE (DEFAULTS)



APPLICATIONS

Editors (defaults)

Graphical Internet (defaults)



SERVERS

Server Config Tools (all)

Web Server (all)

Mail Server (all)

Windows File server (all)

DNS name server (all)

FTP Server (all)

SQL Database Server (all)



\Network Servers

Amanda-server

DHCP

Freeradius

Tftp-server

Vnc-server

Ypserv



DEVELOPMENT

Development Tools (defaults)

Kernel Development (defaults) do not select if space is an issue and you have not plans to

customize the kernel



SYSTEM

Administration Tools (all)

System Tools (all)

Printing Support (defaults)



*****NOTE***** all of the above are subjective IE if you never intend to use server to

print or as print server don’t load printing support (if you think you may need to use a

module later chose that option as it is generally easier and more reliable to install it with

the os rather than later).



Next Away

During the install you will be prompted for the next disc as required.

Linux

Page 10 of 29





Later when install is complete make sure and do updates I prefer to use YUM rather than

the redhat updater.



Yum will auto resolve dependencies sometimes redhat will not. YUM is installed by

default if you go to a command prompt and type “yum –y update” the –y option simply

means that any questions that might be asked will be answered with a yes if you do not

want that omit the –y options it will mostly likely prompt you for a response if any

dependent packages need to be installed.

*****NOTE***** YUM is also a good tool for getting packages if you need them man

is your friend typing “man yum” will tell you how you can use yum to obtain or search

for other packages.





VSFTPD Configuration

Carl Bowen

11/11/06



Setting up ftp is simple with fedora core 2 if you install the correct packages all you need

to do is make a couple of changes to the configuration file and start the service.



I changes a few lines in the config file this are the lines I changed



The first two are needed the others are just best practice.

anonymous_enable=no This make username and password a requirement

local_enable=YES This checks passwd for authentication





chroot_local_user=YES This locks local users in home directory

chroot_list_enable=YES This makes it possible to exclude users from

chroot_local_user



chroot_list_file=/etc/vsftpd.chroot_list This is the file of who gets excluded

from the chroot rule.

you must create the /etc/vsftpd.chroot_list file or vsftpd may not start properly user vi or

touch.



To start the service only as needed use service vsftpd start

To cause vsfptd to start at boot up use the gui or webmin to set that.





Free Radius Configuration

Carl Bowen

11-4-06

Linux

Page 11 of 29

Installation of Free Radius via yum is as simple as at a command prompt type “yum

install freeradius” it may prompt you that it needs to install other packages because of

dependencies just answer yes.



Once it is installed you will have a new directory of /etc/raddb within there are three files

that will probably need to be modified.



The first radiusd.conf if the configuration file for the radius daemon probably the only

thing you will need to change here is the port statement by default it is set to 0 which

actually means it will listen on the default which is actually 1812 for authentication 1813

for accounting but older routers and devices by default use 1645 but the newer standard is

1812. For example the 2500 seriers routers and the PIX use 1645 by default but the pix

can be changed with a simple aaa-server radius-authport 1812 command I do now know

of how to change the port on the 2500 or 2600 routers.



The second file clients.conf if the file that the radius server will check to see if a radius

request is coming from a machine that is authorized to use this radius server and it is also

where you set the secret (which I used to protect the data). Format for entries is



client 192.168.10.1/32{

secret = secretpassword

shortname = Pix

}



The first line defines the device or subnet that will be allowed access.

The second line sets the shared secret.

The third line there is just a shortened name for the device



The last file users contains all of your user info such as username and passwords as well

as other possible options for example you can set it up that certain users only have access

to certain things.



These are the entries I added which is just basic authentication.



bowenc Auth-Type :=local, user-password == "!toast1"

grahamb Auth-Type :=local, user-password == "!toast1"

gilliganb Auth-Type :=local, user-password == "!toast1"

perrya Auth-Type :=local, user-password == "!toast1"

eckartb Auth-Type :=local, user-password == "!toast1"

decknessj Auth-Type :=local, user-password == "!toast1"

ezekwek Auth-Type :=local, user-password == "!toast1"

allenn Auth-Type :=local, user-password == "!toast1"





If you put this into radius



user1 Auth-Type := Local, User-Password == "password1"

Linux

Page 12 of 29

Filter-Id = "vpnstaffin"



And put this on the pix



access-list vpnstaffin permit ip 192.168.100.0 255.255.255.0 host

10.0.0.12

access-list vpnstaffin permit udp 192.168.100.0 255.255.255.0 eq

netbios-ns host 10.0.0.13

access-list vpnstaffin deny ip any any log



Then user1 when they log on would have those acls applied to them.









Configuration guide to MRTG

Carl Bowen

10/27/06



To set up MRTG on FC2 install per instructions on

http://oss.oetiker.ch/mrtg/doc/mrtg-unix-guide.en.html, it would be best to read

the entire unix guide portion before starting anything. Followed by reviewing the

cfgmaker and indexmaker pages before actually trying to make a MRTG

configuration file.



To configure MRGT to poll your devices you have to use cfgmaker to create the

needed configuration file below is the cfgmake command I used to create our

MRTG configuration file.

*Note Yes this is a single command entered at a command prompt and you don’t

press “enter” until everything you want is typed in.





/root/mrtg-2.14.7/bin/./cfgmaker --global 'WorkDir: /webroot/mrtg' --global

'Options[_]: bits,growright' --output /home/mrtg/cfg/mrtg.cfg --ifref=ip

zeusoft@Junction_City-Router --ifref=ip zeusoft@Wamego-Router --ifref=ip

zeusoft@Manhattan-Router zeusoft@Pix --ifref=ip zeusoft@Access_Router --

no-down --ifref=name zeusoft@Junction_City-Switch --no-down --ifref=name

zeusoft@Wamego-Switch --no-down --ifref=name zeusoft@Manhattan-Switch

zeusoft@wireless





The break down of this is:



/root/mrtg-2.14.7/bin/./cfgmaker ; This tells exactly where to find the

cfgmaker script.



--global 'WorkDir: /webroot/mrtg' ; This tells cfgmaker where to put all of the files

that it creates to make the display pages.

Linux

Page 13 of 29

--global 'Options[_]: bits,growright' ; This tells cfgmaker that is should

display speeds in bits (unless too large) and that new info on the graph will show

up to the right of old data.



--output /home/mrtg/cfg/mrtg.cfg ; This is where cfgmaker will store the

cfg file it is recommended that this file not be in apache’s tree.



--ifref=ip zeusoft@Junction_City-Router; Finally this is telling cfgmaker what

devices to poll the --ifref=ip tells cfg to label interfaces by there IP address there

are other options (see http://oss.oetiker.ch/mrtg/doc/cfgmaker.en.html for

details). The portion in front of the “@” is the community name. The portion after

is the hostname or IP address (I used host names and entries in the hosts table)

so that the next step would be easier and make more sense. Without using host

names creating pages that make sense and look good becomes a real chore.



When you execute the above command it will create a MRTG configuration file

the standard MRTG configuration is that every interface will be on one page with

its history and referenced by its host name or IP address. This is less than

desirable the thing to do at this point is use indexmaker to sort and format these

raw html pages a bit.



The better way of doing this is create a script like the one below run it check to

see if the results are what you want. Change any desired settings and run it

again. To get what you want may take several tries. I named my script index.sh.



#!/bin/sh

for i in manhattan-router junction_city-router wamego-router manhattan-switch

junction_city-switch wamego-switch pix access_router wireless; do

echo "Indexing $i"

/root/mrtg-2.14.7/bin/indexmaker --output /webroot/mrtg/$i.html --

filter name=~$i --columns=1 --title="Bandwidth stats for $i"

/home/mrtg/cfg/mrtg.cfg

done



This script creates an index page for all interfaces on each device.

Break down as follows:



for i in manhattan-router junction_city-router wamego-router manhattan-switch

junction_city-switch wamego-switch pix access_router wireless; do



This section basically runs the indexmaker for each listed device in order ie

indexes manhattan-router then indexes junction_city-router.....



echo "Indexing $i" ; This part just shows you on the screen

the progress.

Linux

Page 14 of 29

/root/mrtg-2.14.7/bin/indexmaker ; This is the path to indexmaker script



--output /webroot/mrtg/$i.html ; This is where the index files get output too the

$i causes the output file to be named



--filter name=~$i ; Says to process pages based upon the

routers name so all interfaces for router x show up on routers x page.



--columns1=1 ; Specifies how many columns of graphs

will show



--title="Bandwith stats for $i" ; Is just the title at the top of the page.



/home/mrtg/cfg/mrtg.cfg ; Is just where the mrtg.conf file is since

it gets referenced



done ;means end of for loop in the script.



Next we actually want MRTG to collect data the command is as follows



env LANG=C /usr/local/mrtg-2/bin/mrtg /home/mrtg/cfg/mrtg.cfg



all it does it executes MRTG using the mrtg.cfg file. (* Note the first couple of

times you run this you will get errors don’t worry unless they continue much more

than a few times.)



At this point you have a bunch of indexed files that are Routername.html format

you want these to be set up all on one page so create a basic web page with

links to the preformatted pages. If you need help doing this … remember Google

is your friend or use a program like FrontPage to simply create a page with a

bunch of links.





The final thing to do is create a cronjob to cause to this happen periodically.



This can be done via a command line or other utilities I used Webmin. Below is a

copy of the crontable used to run MRTG.



# DO NOT EDIT THIS FILE - edit the master and reinstall.

# (/tmp/crontab.14015 installed on Tue Oct 17 20:00:02 2006)

# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)

0,5,10,15,20,25,30,35,40,45,50,55 * * * * env LANG=C /usr/local/mrtg-2/bin/mrtg

/home/mrtg/cfg/mrtg.cfg #MRTG



This file is located in /var/spool/cron/

Linux

Page 15 of 29

If you do not understand what any of the above means typing "man cron" or "man

crontab" should help explain.









VNC Server Configuration and Usage

Carl Bowen

11/8/06



Since VNC server was installed during the server installation all we have to do to allow

remote GUI management of the desktop of server is to configure the server



The service is start with this command “vncserver” I recommend only turning it on when

you need use it. It can be easily started in a secure manner using ssh to log in and start the

service. Once it is started you can then connect to it with a Java enabled web browser

pointed to port 5801 or using a VNC client I prefer using the web browser since that is

not require specific software installation. You can actually have several instances of vnc

running at once allowing multiple users to access their desktops at the same time each

user must start there own vncserver session from ssh and at that point that it show them

what port they will use for each new user the port number increases by 1.



By default VNC does not start any applications other than a single terminal shell in the

Xwindows environment. What applications and if a actually desktop is started it set in the

xsetup files in each users home directory.



This is what the file will look like when setup to display the normal KDE desktop.



#!/bin/sh



# Uncomment the following two lines for normal desktop:

unset SESSION_MANAGER

exec /etc/X11/xinit/xinitrc



[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

xsetroot -solid grey

vncconfig -iconic &

xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &

twm &

startkde &

Linux

Page 16 of 29



Hosts file

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 linuxmail localhost.localdomain localhost

192.168.1.1 Manhattan-Router

192.168.2.1 Junction_City-Router

192.168.3.1 Wamego-Router

192.168.10.1 Pix

192.168.10.5 Access_Router

192.168.1.254 Manhattan-Switch

192.168.2.254 Junction_City-Switch

192.168.3.254 Wamego-Switch

192.168.3.194 Wireless





Linux NTP Client Fedora Core 2 via Webmin

Carl Bowen 11/1/06



The easy way to set up time on fedora core 2 is to use webmin log into webmin as root

(unless a different username was specified during installation of webroot) go to the

Hardware tab and you will see this screen









Click on system time It will bring up this screen

Linux

Page 17 of 29









This is pretty self explanatory our time server is obviously 192.168.1.198 you want tell it

to sync the time periodically I chose to use once per day at midnight because unless a

major problem occurs this will keep the time within a min most likely within a few

seconds.





DHCPD

Carl Bowen

10/27/06



To start and run a DHCP server under most flavors of Linux all you need to do is create a

valid configuration file and leases file and start the service.



Below is a valid working conf file anything typed after the ‘;’ is a comment and will not

be read by the server.



allow unknown-clients; this allows unknown MAC/Host names to get an IP address

next-server 192.168.1.194; used with remote installs and RIS boot

option time-servers 192.168.1.198; Serves time sync server IP’s to client

option domain-name-servers 192.168.1.194; This serves dns server addresses

ddns-update-style ad-hoc; Method used to update DDNS with DNS server

default-lease-time 600; Length of lease in seconds

max-lease-time 7200; Max lease time a client machine can request

#each subnet command creates a scope defined by the network number and mask

subnet 192.168.1.0 netmask 255.255.255.128 {

ddns-updates on; turns DDNS on

Linux

Page 18 of 29

ddns-domainname "matc2.matc.net"; The DDNS domain which the client will be

associated with to client

option domain-name "matc2.matc.net"; the domain name assigned to client

range 192.168.1.2 192.168.1.126; actual available range of addresses in scope

option subnet-mask 255.255.255.128; sets the Mask

option broadcast-address 192.168.1.127; advises of the broadcast

option routers 192.168.1.1; Default gateway

}

subnet 192.168.1.128 netmask 255.255.255.192 {

next-server 192.168.1.195; This tells pxe hosts where tftp server is

Filename “/tftpboot/pxelinux.0’;This tells pxe hosts what the file to get is

option domain-name-servers 192.168.1.194;

authoritative;

ddns-updates on;

ddns-domainname "matc2.matc.net";

range 192.168.1.130 192.168.1.190;

option subnet-mask 255.255.255.192;

option broadcast-address 192.168.1.191;

option routers 192.168.1.129;

}

subnet 192.168.1.192 netmask 255.255.255.240 {

authoritative;

ddns-updates on;

range 192.168.1.199 192.168.1.201;

}









Once your configuration file is created it should be located in /etc/ and named dhcpd.conf

ie “/etc/dhcpd.conf”.

To start dhcpd must also have a Leases file in Fedora Core 2 it is

“/var/lib/dhcp/dhcpd.leases” but may possibly not exist if not type

touch “/var/lib/dhcp/dhcpd.leases”

to create the file. For other versions of linux use locate leases or man dhcpd.leases to find

where the file should be.



To start the service you just type service dhcpd start

To cause the service to start at boot every time:



Method 1 you can go to the red hat (AKA start button) system settings, server settings

then services and click on the box next to dhcpd.



Method 2 If you have webmin installed open web browser and put in address of

server:10000 go to system then “Bootup and Shutdown” find dhcpd in list click the box

next to it and at the bottom click “start now & on boot”

Linux

Page 19 of 29





Method 3 Go to /etc/rc.d/rc5.d and change the file name of dhcpd (should look like

XXXdhcpd X being a variables) most likely it be KXXdhcpd and you change that to

SXXdhcpd. K means kill S means start to initd which references these symlinks. *Note

if you are running the server in a different init mod just use the runlevel number you are

using in the # position of “/etc/rc.d/rc#.d”.





TROUBLE SHOOTING

If dhcpd does not start most likely it is because the configuration file has an error if you

view the messages log file if should give a clue as to where in the file the problem is. The

log file can be viewed via the GUI or by using the cat tail command on /var/log/messages

if these commands are not familiar type man cat or man tail.



**** Final note man and grep are your friends learn how to use them.





Rdesktop

Linux Access to Terminal Services

Carl Bowen



Rdesktop is the program and the command that allows a Linux computer to access a

windows computer running Terminal services (also known as Remote Desktop).



Rdesktop can be install at the same time as the OS, and is if you followed my install

instructions, or after if installing after here is what you would do.



First go to www.rdesktop.org and download the latest stable release source code and save

it somewhere. For the next step the GUI is the easiest if you right click on the file and

then click on extract here. That should create a folder with the same name as the file you

downloaded minus the .tar.bz.



Now read the Readme file.

Then you will need to open a terminal window and cd to the folder that was created when

you uncompressed the file once you have done that you will need to use the three stand

compile commands



./configure

make

make install



After issuing each of those command the server will do a bunch of stuff .. it should

complete without any errors.

After make install finishes the installation is complete and you can then use Rdesktop.

Linux

Page 20 of 29

To use rdesktop open a terminal windows in the GUI type “rdesktop serverip:port” if the

server is using the default port and can just use “rdesktop serverip”. If the server has a

valid DNS record or hosts entry you can use “rdesktop servername”.



What you will see at this time is a standard remote desktop window requesting username,

password and domain information.





Linux WWW/DHCP install

Carl Bowen 11/7/06



Verified that hardware was on the HCL for fedora core 2

Used default options until install type here I picked Server

Manually configure disk druid

When I created a raid 1 array on which I mounted / with ~8G of space and swap with

~1GB of space

Later I added another scsi drive /dev/sdc which I mounted to /webroot this could have

also been done here.



Accept the defaults for Grub (which should be install grub book loader on first available

drive



On network devices page set ip to 192.168.1.195 manually via Edit option

Set hostname to www.matc2.matc.net (as this is the main webserver can be changed later

if required)

Gateway 192.168.1.193

Primary DNS 192.168.1.194

Secondary DNS 192.168.2.194

Tertiary DNS 10.11.2.2



Set to No Firewall. If needed it can be done later just as easily via built in GUI or Third

party GUI.

Default languge is English leave it there (ie hit next)

Set time zone to central

Standard password

In package group selection

*****NOTE***** sections are listed in bold items I checked listed below if followed by

(all) this means I insured that all sub options where picked as well (defaults) I left what

was auto selected if neither I followed with exactly what options I picked from sub menu.



DESKTOPS

X Windows System(DEFAULTS)

KDE (DEFAULTS)



APPLICATIONS

Editors (defaults)

Linux

Page 21 of 29

Graphical Internet (defaults)



SERVERS

Server Config Tools (all)

Web Server (all)

Mail Server (all)

Windows File server (all)

DNS name server (all)

FTP Server (all)

SQL Database Server (all)



\Network Servers

Amanda-server

DHCP

Freeradius

Tftp-server

Vnc-server

Ypserv



DEVELOPMENT

Development Tools (defaults)

Kernel Development (defaults) do not select if space is an issue and you have not plans to

customize the kernel



SYSTEM

Administration Tools (all)

System Tools (all)

Printing Support (defaults)



*****NOTE***** all of the above are subjective IE if you never intend to use server to

print or as print server don’t load printing support (if you think you may need to use a

module later chose that option as it is generally easier and more reliable to install it with

the os rather than later).



Next Away

During the install you will be prompted for the next disc as required.



Later when install is complete make sure and do updates I prefer to use YUM rather than

the redhat updater.



Yum will auto resolve dependencies sometimes redhat will not. YUM is installed by

default if you go to a command prompt and type “yum –y update” the –y option simply

means that any questions that might be asked will be answered with a yes if you do not

want that omit the –y options it will mostly likely prompt you for a response if any

dependent packages need to be installed.

Linux

Page 22 of 29

*****NOTE***** YUM is also a good tool for getting packages if you need them man

is your friend typing “man yum” will tell you how you can use yum to obtain or search

for other packages.







SSH SERVER

Carl Bowen 11-8-06



IF you install the server per installation instructions ssh will be installed and should be

running by default if not you can start the service manually by typing “service sshd start”

or you can edit the init file or use a gui to set it to be started at boot.

I did change what port it uses this server it set to use port 22000 because of security

reasons and because I have ssh routed to this machine through the PIX.



This is the config file for SSHD located in /etc/ssh/ the only think I changed it the very

last line.



# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $



# This is the sshd server system-wide configuration file. See

# sshd_config(5) for more information.



# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin



# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. Uncommented options change a

# default value.



#Protocol 2,1

#ListenAddress 0.0.0.0

#ListenAddress ::



# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key



# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 3600

#ServerKeyBits 768



# Logging

#obsoletes QuietMode and FascistLogging

Linux

Page 23 of 29

#SyslogFacility AUTH

SyslogFacility AUTHPRIV

#LogLevel INFO



# Authentication:



#LoginGraceTime 120

#PermitRootLogin yes

#StrictModes yes



#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile .ssh/authorized_keys



# rhosts authentication should not be used

#RhostsAuthentication no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no



# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no



# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes



#AFSTokenPassing no



# Kerberos TGT Passing only works with the AFS kaserver

#KerberosTgtPassing no



# Set this to 'yes' to enable PAM keyboard-interactive authentication

# Warning: enabling this may bypass the setting of 'PasswordAuthentication'

#PAMAuthenticationViaKbdInt no

Linux

Page 24 of 29





#X11Forwarding no

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#KeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression yes



#MaxStartups 10

# no default banner path

#Banner /some/path

#VerifyReverseMapping no



# override default of no subsystems

Subsystem sftp /usr/libexec/openssh/sftp-server

ReverseMappingCheck no

GatewayPorts no

AllowTcpForwarding yes

KeepAlive yes

Protocol 1,2

Port 22000







HTTPD Configuration Linux

Carl Bowen 11-8-06



If you follow the install documentation httpd will be installed and ready to run from the

default directory of /var/www/html/ I changed what the http root directory was to

/webroot



You change that by editing the file /etc/httpd/httpd.conf

The only other think you should need to do is start the service ie service httpd start

refence



This is the section I changed



#

# DocumentRoot: The directory out of which you will serve your

# documents. By default, all requests are taken from this directory, but

# symbolic links and aliases may be used to point to other locations.

Linux

Page 25 of 29

#

DocumentRoot /webroot/



# Each directory to which Apache has access can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of

# features.

#



Options FollowSymLinks

#AllowOverride None





#

# Note that from this point forward you must specifically allow

# particular features to be enabled - so if something's not working as

# you might expect, make sure that you have specifically enabled it

# below.

# This should be changed to whatever you set DocumentRoot to.

#



#

# Possible values for the Options directive are "None", "All",

# or any combination of:

# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews







HTACCESS

Password Protection of Files and Directory

Carl Bowen 10/27/06





To allow .htaccess to work for a directory in the httpd.conf file you must put the

AllowOverride all statement inside of a standard



For example:





Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all



Linux

Page 26 of 29





This would prevent apache from looking in that directory or subdirectories for an

.htaccess file.







AllowOverride all





With it like this it will check for any .htaccess files.



htaccess files are created using a text editor. Below is a sample:



AuthUserFile /.htpasswd

AuthType basic

AuthGroupFile /dev/null

AuthName "Zeusoft Documentation"

require valid-user







The .htpassword file is created with by typing touch .htpasswd



Then use the htpasswd command to create password each user to have access



Syntax htpasswd -b passwordfile username password

Example; htpasswd -b /.htpasswd bob toasty



Used like this it will create a line for each username with an encrypted password. There

are other options to learn them type man htpasswd



* note to use special character such as “!” you must put \ in front of the special character

like htpasswd -b /.htpasswd bob \!toast will create bob with a password of !toast





Webmin

Remote Server Administration

Carl Bowen

11/11/06





Webmin is a nice utility that give a GUI interface to almost all standard type services you

might install on a linux server. It is very user friendly.



To install Webmin go the www.webmin.com and click on downloading and installing

read the instructions they are easy and work

Linux

Page 27 of 29





The only other thing you need to know is how to access webmin.



To access webmin locally open a web browser and put in the address of

http://localhost:10000



To access Webmin from a different machine simply use http://servername:10000 or

http://serveripaddress:10000





Explore the programs it has a lot of functionality and of course more documentation is

available on the webmin website there is also a place in webmin to access the

documentation.







Services DHCP-WWW



Start

Action at Description

boot?

acpid Yes Listen and dispatch ACPI events from the kernel

anacron Yes Run cron jobs that were left out due to downtime

apmd is used for monitoring battery status and logging it

apmd Yes via syslog(8). It can also be used for shutting down the

machine when the battery is low.

Runs commands scheduled by the at command at the time

atd Yes specified when at was run, and runs batch commands when

the load average is low enough.

autofs Yes Automounts filesystems on demand

cpuspeed Yes Run dynamic CPU speed daemon

cron is a standard UNIX program that runs user-specified

programs at periodic scheduled times. vixie cron adds a

crond Yes

number of features to the basic UNIX cron, including better

security and more powerful configuration options.

Startup/shutdown script for the Common UNIX Printing

cups Yes

System (CUPS).

dovecot Yes Dovecot Imap Server

GPM adds mouse support to text-based Linux applications

gpm Yes such as the Midnight Commander. It also allows mouse-

based console cut-and-paste operations, and includes

Linux

Page 28 of 29



support for pop-up menus on the console.

iptables Yes Starts, stops and saves iptables firewall

The irqbalance daemon will distribute interrupts across the

irqbalance Yes cpus on a multiprocessor system with the purpose of

spreading the load. processname: irqbalance

isdn Yes start and stop ISDN services

This runs the hardware probe, and optionally configures

kudzu Yes

changed hardware.

mdmonitor Yes software RAID monitoring and management

mdmpd Yes multipath device monitoring and management

This is a daemon which broadcasts notifications of system

messagebus Yes events and other messages. See

http://www.freedesktop.org/software/dbus/

microcode_ctl Yes script to apply cpu microcode

Mounts and unmounts all Network File System (NFS),

netfs Yes SMB/CIFS (Lan Manager/Windows), and NCP (NetWare)

mount points.

Activates/Deactivates all network interfaces configured to

network Yes

start at boot time.

NFS is a popular protocol for file sharing across TCP/IP

nfslock Yes networks. This service provides NFS file locking

functionality.

ntpd is the NTPv4 daemon. The Network Time Protocol

(NTP) is used to synchronize the time of a computer client

ntpd Yes

or server to another server or reference time source, such as

a radio or satellite receiver or modem.

PCMCIA support is usually to support things like ethernet

and modems in laptops. It won't get started unless

pcmcia Yes

configured so it is safe to have it installed on machines that

don't need it.

The portmapper manages RPC connections, which are used

by protocols such as NFS and NIS. The portmap server

portmap Yes

must be running on machines which act as servers for

protocols which make use of the RPC mechanism.

Saves and restores system entropy pool for higher quality

random Yes

random number generation.

This scripts assignes raw devices to block devices (such as

rawdevices Yes hard drive partitions). This is for the use of applications

such as Oracle. You can set up the raw device to block

Linux

Page 29 of 29



device mapping by editing the file

/etc/sysconfig/rawdevices.

This service causes the programs used during startup to be

readahead Yes loaded into memory before they are needed, thus

improving startup performance

This service causes the programs used during startup to be

readahead_early Yes loaded into memory before they are needed, thus

improving startup performance

This is a daemon which handles the task of connecting

periodically to the Red Hat Network servers to check for

rhnsd Yes updates, notifications and perform system monitoring tasks

according to the service level that this server is subscribed

for

Starts user-level daemon that manages RPCSEC GSS

rpcgssd Yes

contexts for the NFSv4 client.

Starts user-level daemon for NFSv4 that maps user names

rpcidmapd Yes

to UID and GID numbers.

Starts user-level daemon that manages RPCSEC GSS

rpcsvcgssd Yes

contexts for the NFSv4 server.

Sendmail is a Mail Transport Agent, which is the program

sendmail Yes

that moves mail from one machine to another.

Self Monitoring and Reporting Technology (SMART)

smartd Yes

Daemon

sshd Yes OpenSSH server daemon

Syslog is the facility by which many daemons use to log

syslog Yes messages to various system log files. It is a good idea to

always run syslog.

webmin Yes Start or stop the Webmin server

Starts and stops the X Font Server at boot time and

xfs Yes

shutdown. It also takes care of (re-)generating font lists.

xinetd is a powerful replacement for inetd. xinetd has

access control mechanisms, extensive logging capabilities,

xinetd Yes the ability to make services available based on time, and

can place limits on the number of servers that can be

started, among other things.



/etc/rc.d/rc.local Yes