Docstoc

DMZ Server - RYO Installation Guide _CentOS 5_

Document Sample
DMZ Server - RYO Installation Guide _CentOS 5_ Powered By Docstoc
					                           iWebGate DMZ Server

                                 Version 2




DMZ Server - RYO Installation Guide (CentOS 5)

Last Updated: 25 February 2011
Revision: 1.1

Author: Charlie Gargett,
        Technical Director,
        iWebGate Technology
Table of Contents
Overview..............................................................................................................................................5
Required Materials.............................................................................................................................5
Preparing For Installation.................................................................................................................6
DMZ Server Installation Phase 1 – CentOS 5 Linux......................................................................7
    Booting From The Installation DVD............................................................................................7
    Storage Detection and Preparation of File Systems.................................................................10
    The Boot Loader Settings............................................................................................................20
    Network Interface Detection and Configuration......................................................................21
    Time Zone and System Password...............................................................................................25
    Software Package Selection.........................................................................................................27
    Finalising the Linux Installation................................................................................................31
DMZ Server Installation Phase 2 – DMZ Server Software Packages.........................................39
    Phase 2 Prerequisites...................................................................................................................39
    Getting Started with Phase 2 Installation..................................................................................40
    Preparing the Installation Media...............................................................................................40
        USB Installation Media..........................................................................................................40
        CD-ROM Installation Media.................................................................................................41
    Continuing the Installation Process (USB and CD-ROM).......................................................41
        Disabling “SElinux” at Run-Time.........................................................................................41
        Making the Installation Media Available..............................................................................42
        Installing the “make” Package...............................................................................................43
        Beginning the DMZ Server Software Installation................................................................44
        Termination and Restarting the Unattended Installation...................................................45
    Concluding the Installation.........................................................................................................46
Overview
Welcome to iWebGate's “Roll Your Own” DMZ Server Installation Guide for CentOS 5 Systems.
This guide was written with the intention of helping technically capable persons progress through
the installation of an iWebGate DMZ Server from a bare-bones system through to having a ready-
to-configure DMZ Server exactly as those purchased pre-installed from our resellers.
This guide is broken down into two main sections. Installation Phase 1 covers the installation of
the required CentOS 5 Linux operating system while Installation Phase 2 covers the actual
installation of the DMZ Server software packages and settings.
You will need to obtain the items listed in the Required Materials section of this document before
you begin to ensure you have everything you need to install the server software and platform.

Required Materials
    ●   Hardware platform must be configured with the usual items including:
        ✔    1 CD/DVD-ROM drive.
        ✔    at least 1 network interface.
        ✔    at least 20 GB of free storage media (HDD) although 120GB is recommend to get the
             most benefit out of the server.
        ✔    a minimum of 4 GB of physical RAM.†
        ✔    a minimum Intel Core 2 Duo or similar.


    ●   1 x CentOS 5.4 DVD Installation Media equivalient CD Installation Media set. It is not
        recommended to use any other edition of CentOS as these are untested. Do not use versions
        of CentOS 5 other than 5.4 as these have older/newer software revisions that are not
        compatible with the RPMs deployed during this installation procedure.
    ●   (CentOS 5.4 Installation media ISO images can be obtained from the CentOS Project public
        website at the following URLs:
        ✔    32bit edition: http://isoredirect.centos.org/centos/5/isos/i386/
             (64bit edition support will be available soon◊)


    ●   Access to CentOS 5.4 Installation Guides and documentation.
        (http://www.centos.org/docs/5/)
    ●   A basic understanding of the Linux installation process.
    ●   Network configuration settings should be obtained prior to beginning the installation
        as they will be required as part of the installation process. As a minimum, you will need
        to obtain the following:

† It is possible to use only 2 GB physical memory, however this will not encourage the installer to deploy the server
  with a PAE enabled kernel. Installing additional memory later may require manual installation of the PAE kernel
  before physical memory over 3 GB is addressable. 2 GB physical memory is considered an absolute minimum.
◊ CentOS 5 64bit edition is not currently supported and should not be used. The installer provides only 32bit packages
  at this stage. iWebGate will provide appropriate notice via their website as and when 64bit platforms are supported.

DMZ Server - RYO Installation Guide (CentOS 5)                                                                Page 5
         ✔   Fully qualified domain name (FQDN). For example: dmzserver.example.com
         ✔   IPv4 address. For example: 192.168.1.235
         ✔   Network address mask
         ✔   Network gateway address
         ✔   Network name server address


   ●     You should look at configuring these settings into your internal and external DNS as
         required. This will assist with completion of the installation and initial configuration
         process.
   ●     The iWebGate DMZ Server Phase 2 Installation Media (CDROM or USB flash drive)
   ●     This iWebGate DMZ Server Installation Guide
   ●     Network connectivity and Internet access (post installation requirement)


              While CentOS 5.4 32bit is the current release requirement for the
              iWebGate DMZ Server, work is currently in progress to support the
              x86_64 (64bit) edition. More information will be released soon. DO NOT
              use a version other than 5.4 as these contain older/newer software
              revisions that are not compatible with the RPMs deployed during this
              installation procedure.


Preparing For Installation
Selection of hardware is critical to a successful installation of the iWebGate DMZ Server. It should
fulfil the basic supported hardware requirements of the CentOS 5.4 Linux operating system to avoid
complicated issues such as hardware support through obscure drivers.
iWebGate recommends the use of quality Hewlett Packard (HP) hardware platforms meeting the
minimum system requirements as outlined in the previous section. If special hardware is
required/used, ensure that drivers are available for CentOS 5.4 Linux before proceeding with the
purchase.
NOTE: CentOS 5 editions are 100% compatible with RedHat's Enterprise Linux 5 editions and
drivers.
Finally, perform any relevant hardware consistency checks to ensure that the hardware platform is
stable. A high percentage of problems experienced with installation and ongoing use of the DMZ
Server relate to fundamental hardware problems.
Refer to the installation documentation for CentOS 5.4 Linux for further information.




Page 6                                               DMZ Server - RYO Installation Guide (CentOS 5)
DMZ Server Installation Phase 1 – CentOS 5 Linux
Ensure that you have read and understand the previous sections outlining the requirements for the
iWebGate DMZ Server and to ensure that your selected hardware platform is supported, trustworthy
and stable.
Ensure that your platform is configured to boot from the CD/DVD drive to ensure installation
begins successfully.
Installation Phase 1 will install a bare-bones minimum installation of the CentOS 5 Linux
operating system. No additional software packages are installed other than the ones needed to run
the most basic of operating systems. Installation Phase 2 will install all the required (and only the
required) software packages needed for the DMZ Server to run correctly.

Booting From The Installation DVD
To begin the installation process, insert the CentOS 5 Installation DVD media (or CD Disc 1) into
the server CD/DVD drive and boot from the media to begin installation process. Once the POST
process completes and control is handed to the boot manager, the system should display the
following boot screen indicating it has found and booted from the installation media:




At the boot: prompt, simply hit <ENTER> to begin loading the Linux Installer, however if special
arguments are required to be handed to the kernel, they should be entered here (these might include
instructions to load storage controller drivers).
After hitting the <ENTER> key, the system will load the installation kernel and begin the
installation process. You will most likely be prompted to test the media at which point you can opt
to skip the test (if the media is known to be good) by selecting [ Skip ] and hitting the
<ENTER> key:


DMZ Server - RYO Installation Guide (CentOS 5)                                                 Page 7
If you selected [ OK ] the media check will be performed and any outcome will be displayed.
This may take a while to complete so you will need to be patient. Once the test is complete, or if
you opted to continue by selecting [ Skip ], the installation continues by displaying:


   Running Anaconda, the CentOS Installer – please wait...


The installer will then attempt to detect your mouse and display settings before entering the
graphical installer as shown below:




Page 8                                            DMZ Server - RYO Installation Guide (CentOS 5)
Click [ Next ] to continue the installation. You are then be prompted to select the installation
language, choose appropriately and click [ Next ]. The next step is to set the correct keyboard
type for the system and again choose appropriately and click [ Next ].




DMZ Server - RYO Installation Guide (CentOS 5)                                              Page 9
Storage Detection and Preparation of File Systems
The installer will then check for the existence of an appropriate storage device:




On successful detection, you may be prompted by the installer stating that there was no valid file
system detected on the storage media and/or the disk detected is a new device. If you are happy to
proceed and lose all data that may be on the storage media, click [ OK ] or [ Next ].
The installer presents storage media options:




Page 10                                            DMZ Server - RYO Installation Guide (CentOS 5)
If you are happy to accept the default partitioning layout offered by the installer, click [ Next ].
If you wish to alter the default layout provided, click to check “Review and modify partitioning
layout” before clicking [ Next ]. This will give you the opportunity to alter the default layout to
suit your needs.
If you wish to completely customise your layout, continue with the following instructions,
otherwise skip to the next section, The Boot Loader Settings.




DMZ Server - RYO Installation Guide (CentOS 5)                                               Page 11
Select “Create custom layout” from the first drop-list and leave the remaining options as they are.
If you are familiar with Linux storage options, you may choose another option but these options are
not covered in this installation guide and are not warranted by iWebGate to work with the DMZ
Server software.
Once the desired options are set, click [ Next ] to continue to the manual disk partition manager
(disk druid) which will allow you to specify the correct settings for your DMZ Server installation.
The next screen shows the storage device as a new device. If the storage device has been previously
used or already has a partitioning layout defined, you may wish to remove the existing partitions by
selecting the device (eg. /dev/sda) and clicking the [ DELETE ] button.
You should ultimately finish with a layout similar to the one shown below.




Page 12                                          DMZ Server - RYO Installation Guide (CentOS 5)
The first task is to create a “/boot” partition. This partition is required as a separate partition as a
Logical Volume Manager (LVM) group partition will be used for the server swap and root (/) file
systems. Select the “Free” partition and click the [ New ] button to create a new partition for
the /boot file system.
Fill out the form with the details shown in the screen shot below and then click the [ OK ] button
to apply the partition to the layout.




DMZ Server - RYO Installation Guide (CentOS 5)                                                     Page 13
The next task is to create a physical volume (LVM) on which to configure the remaining file
systems. This is especially useful if you have more than one physical hard drive attached to your
server as it allows you to span one file system across multiple hard drive media without the need for
RAID controllers.
Click the [ New ] button to create a new LVM partition. The resulting screen is shown below.




Page 14                                           DMZ Server - RYO Installation Guide (CentOS 5)
Ensure that you set the “File System Type” to physical volume (LVM) and select the “Fill to
maximum allowable size” for this partition. Compare your screen with that of the screen shot
above if you are unsure.
Click [ OK ] to commit the partition to the layout.
Now select the new partition you just created and click the [ LVM ] button to assign a new LVM
Volume Group. The resulting screen below should appear.




DMZ Server - RYO Installation Guide (CentOS 5)                                           Page 15
The simplest measure at this stage is to accept the current name and configuration. You should now
click the [ Add ] button to add a new logical volume to the group. The first of these will be the
“swap” partition for the server of 4GB in size.
Complete the form provided as shown in the screen shot provided below. Select the “swap” option
from the “File System Type” drop list and set the size to 4096 (MB) and click [ OK ] to commit
the logical volume to the volume group.




Page 16                                          DMZ Server - RYO Installation Guide (CentOS 5)
The next step is to create the logical volume that will host your entire system. This is called the
“root” file system and will contain all of the programs and data files needed by your DMZ Server.
Click the [ Add ] button to create the new logical volume.




DMZ Server - RYO Installation Guide (CentOS 5)                                               Page 17
Enter the details shown in the screen shot above. By default, the file system will utilise the
remaining space available to the logical volume group. When ready, click [ OK ] to create the
root file system logical volume.
The final configuration of the LVM volume group should now show two logical volumes as shown
below. It is likely that the sizes of these logical volumes will differ to yours depending on the size of
the hard drive media you have attached to your server.




Page 18                                             DMZ Server - RYO Installation Guide (CentOS 5)
If you are happy with the configuration of the volumes within this LVM volume group, click the
[ OK ] button to commit the LVM volume group to the partition manager.
The final layout of the storage according to the main storage partition management screen should
look something like the following screen shot.




DMZ Server - RYO Installation Guide (CentOS 5)                                             Page 19
If the layout is correct, click the [ Next ] button, otherwise edit the settings using the options
through the [ Edit ] or [ LVM ] buttons to resize the partitions you have created.

The Boot Loader Settings
The installer will continue by prompting you to confirm what you would like to do about booting
the DMZ Server with an appropriate boot manager.




Page 20                                           DMZ Server - RYO Installation Guide (CentOS 5)
As it is expected that this will be the only operating system on the hardware you are using, you can
happily leave the settings shown above as they are and click the [ Next ] button.

Network Interface Detection and Configuration
If a network interface is detected in your hardware server, the next step presented will be to
configure the network interface. If you do not know the network settings to be applied to the DMZ
Server, you should attempt to find these out before continuing the installation process.
You will need to confirm the following network settings:
Host Name (FQDN)              Fully qualified domain name of the host. Eg. dmzserver.example.com
Host IPv4 Address             The IPv4 address to be assigned to the DMZ Server
Network Mask                  The associated network mask
Gateway Address               The IPv4 address of the network gateway (to reach Internet)
Name Server Address           The IPv4 address of the local name server (Eg. local AD server)


If the installer does not detect a network interface at this stage, you will need to ensure you obtain
and install an appropriate driver for the network interface installed in your server. This will need to
be done before you attempt Installation Phase 2 later in this document. Please consult your local
Linux support specialist if you require assistance getting your network interface to work.




DMZ Server - RYO Installation Guide (CentOS 5)                                                  Page 21
             It is important that you apply the correct settings now as the Installation
             Phase 2 performed later will read from these settings when it installs the
             DMZ Server software components. These settings are treated as the
             default network settings that will be configured into the DMZ Server.


For single network interface servers, the screen similar to the one shown below should appear:




You must ensure that the primary network interface you are configuring does not have its network
address and settings assigned by DHCP as the DMZ Server must be reachable at the same location
each and every time. Click the [ Edit ] button to begin editing your network interface settings.




Page 22                                           DMZ Server - RYO Installation Guide (CentOS 5)
Clear any “Use dynamic IP configuration (DHCP)” controls and the “Enable IPv6 support”
control on this interface screen. IPv6 support is not supported in version 2 of the iWebGate DMZ
Server.
Ensure the “Enabled IPv4 support” control is checked (enabled) and the “Manual configuration”
option is selected. Enter the appropriate IPv4 address and prefix into the appropriate fields ensuring
you enter the correct IPv4 address you wish to assign to the DMZ Server.
Click the [ OK ] button when the settings are correct.
If you have a second interface, you may allow that interface to be allocated an address via DHCP as
it will be largely ignored by the current iWebGate DMZ Server software.
As DHCP is not used on the primary interface, the installer requires that you enter an appropriate
host and domain name to form a Fully Qualified Domain Name (eg. dmzserver.example.com) and
also the network Gateway and Primary DNS addresses.
The final network settings screen should look similar to the following screen shot.




DMZ Server - RYO Installation Guide (CentOS 5)                                                Page 23
Click the [ Next ] button to continue the installation process.



            NOTE: The network settings provided in this step should be the ones you
            intend to use in production as these will be the default settings that are
            applied to the DMZ Server. If you need to change these settings at any
            time, you should log into the DMZ Server administrative interface and
            alter them using the tools provided in the “Server Setup” area or use the
            USB method outlined later in this guide.




Page 24                                         DMZ Server - RYO Installation Guide (CentOS 5)
Time Zone and System Password
The next step requires you to select your appropriate time zone either from the interactive map or
the drop-list under the map.




Once you have selected your time zone, clear the “System clock uses UTC” check box unless you
have specific reason to use it. Click the [ Next ] button to continue the installation process.




DMZ Server - RYO Installation Guide (CentOS 5)                                               Page 25
The installer will now prompt you to enter a valid super user account password. As long as the
minimum requirements are met for this password you can enter anything into the two fields but they
must match.
The password provided here will also be assigned as the default password to the web-based
administration environment of the DMZ Server. If you prefer to provide a simple password here to
use for the remainder of the installation you may do so as you will have an opportunity to re-assign
the system password after Installation Phase 1 and Phase 2 are complete.
Enter your desired password in the fields provided. You must comply with the installer's minimum
password requirements and the two passwords entered must match.




Page 26                                           DMZ Server - RYO Installation Guide (CentOS 5)
Software Package Selection
Click [ Next ] on the root account password screen to continue and the installer will begin to
retrieve installation information. This should only take a few seconds.




Once retrieved, the installer presents the basic package configuration screen allowing you to
configure the basic packages that will be installed on the DMZ Server system.
It is absolutely imperative that nothing more than the minimum set of packages are installed during
the installation procedure or problems may occur later during deployment of the Installation Phase
2 where the DMZ Server software bundles are installed.
Minimum selection also ensures that no additional packages are installed that may reduce the
overall security of the final DMZ Server.
Once the installation has completed and your server is up and running, you can install additional
packages as required if you need them but for now, please follow the remaining steps as set out in
the this guide.




DMZ Server - RYO Installation Guide (CentOS 5)                                                  Page 27
To ensure the minimum packages are selected for installation, clear all the check boxes in the lists
provided, select “Customize now” and then click [ Next ] to move on to the more granular
package selection screen.




Page 28                                           DMZ Server - RYO Installation Guide (CentOS 5)
For each item selected in the list shown on the left of the screen, a different list of available
packages will be presented in the list on the right.
Every item with a check box in every list MUST be deselected or cleared to ensure that no
additional packages are installed during this phase of the installation. All required packages are
installed later during the DMZ Server software deployment in Installation Phase 2.
When ALL the package options have been deselected, click the [ Next ] button to continue with
the installation procedure:




DMZ Server - RYO Installation Guide (CentOS 5)                                                      Page 29
The installer will check for discrepancies in the dependencies for the packages selected for
installation. Considering that no packages should have been selected, there should be no issue with
the outcome of this check.




Page 30                                          DMZ Server - RYO Installation Guide (CentOS 5)
Finalising the Linux Installation
The installer then moves on to confirm that you are ready to install the CentOS 5 Linux operating
system using the settings you have provided. If you believe you have misconfigured something, use
the [ Back ] button to go back through the installation screens to reconfigure your installation
settings.




When ready, click the [ Next ] button to begin the installation process which will continue to
proceed unattended.




DMZ Server - RYO Installation Guide (CentOS 5)                                           Page 31
The system begins the unattended installation process by formatting the appropriate file systems
ready for installation of the operating system and minimal software packages.




Page 32                                          DMZ Server - RYO Installation Guide (CentOS 5)
The installer will then transfer the installation image to the hard drive and the install process is then
started (as shown above). It doesn't take too long so please be patient.




DMZ Server - RYO Installation Guide (CentOS 5)                                                   Page 33
The installation of packages takes around 10 to 15 minutes and the indicator bar will keep you
informed of the progress. If you encounter a failure at this point, it is nearly always hardware or
installation media related. Check your installation media and hardware integrity (especially the
storage media and the controller / bus to which it is connected) and attempt to restart the installation
again.




Page 34                                            DMZ Server - RYO Installation Guide (CentOS 5)
Once all packages have been installed, the boot manager/loader is installed. This should only take a
few moments before the CD tray is ejected and the system will prompt you to reboot as shown
below.




DMZ Server - RYO Installation Guide (CentOS 5)                                              Page 35
The above screen shot indicates that the installation of the CentOS 5 Linux operating system
required by the iWebGate DMZ Server software has completed successfully. If you did not receive
any errors or warnings during the installation process, your system should be stable and ready to
begin the second installation phase.
Click the [ Reboot ] button to initiate a system clean up, shut down and reboot. The graphical
screen will exit and a list of shut down messages will be displayed on screen.




Page 36                                         DMZ Server - RYO Installation Guide (CentOS 5)
The system should automatically reboot and begin the POST process again.
When the machine POST has completed, the CentOS 5 Linux system will begin to boot. There is a
three second window of opportunity to catch the boot prompt before the system boots as normal.
This is useful if you need to recover a failed server.
Do not press any keys at this stage to ensure that the boot process continues normally.




The system begins booting the kernel and presents a large amount of debug information on the
console screen. These messages can safely be ignored unless something serious has happened and
the system is unable to continue the boot sequence. If the kernel load fails, check for hardware
compatibility issues.


             You may need to engage the services of a Linux specialist if you are
             having problems. Do not contact iWebGate for Linux installation
             support as you will most definitely need hands-on support from an
             appropriately qualified support technician.


If all has gone well, the console continues by displaying information regarding the services that are
being started. These are demonstrated by [ OK ] messages in green to the right of screen
indicating that the kernel has loaded successfully and that it is has handed control to the system
start-up scripts and routines. You may see a [ FAILED ] message in red – at this stage they can
normally be ignored unless the system becomes unresponsive or fails to continue the boot sequence.




DMZ Server - RYO Installation Guide (CentOS 5)                                               Page 37
Eventually, the services will have been started and the system will display a login: prompt. This
indicates that the server has booted successfully for the first time and is now ready to begin the
second phase of the “Roll Your Own” installation process.




If you did not encounter the option to configure a network interface during the installation then
chances are the installer did not detect a supported network interface device. If your system does
indeed have a network interface installed (as it should according to the system requirements), then
you will now need to install the kernel driver module that supports the network interface in your
computer.
For further information on the requirements of installing such a driver, you will need to consult the
CentOS 5 Installation manual or engage the services of a trained Linux specialist to help out. Once
the network interface is detected, assign appropriate network settings (as shown in previous screen
shots) and continue with Installation Phase 2.


Page 38                                           DMZ Server - RYO Installation Guide (CentOS 5)
DMZ Server Installation Phase 2 – DMZ Server Software
Packages
Before you begin installing the iWebGate DMZ Server software, you will need to have completed
the installation of the underlying Linux operating system (as described in the previous Installation
Phase 1 section) required to run the software applications bundled in the DMZ Server Installation
Media distribution.
If you have not yet installed the Linux operating system, you will need to do so before you can
proceed with the instructions outlined in this part of the guide.

Phase 2 Prerequisites
If you have completed the installation of the Linux operating system, you can use the following
check list to ensure that the system is ready for the installation of the DMZ Server software.
   ✔   The Linux distribution installed is CentOS 5.4
   ✔   The Linux installation completed without error
   ✔   Drivers for necessary hardware have been loaded and are operational
   ✔   Connectivity has been established to the local network
   ✔   The minimal Linux operating system has booted without critical error
   ✔   Network configuration has been confirmed
Assuming that your system passes the above check list, you are ready to move on to installing the
DMZ Server packages.
This guide assumes that you have a small amount of Linux command line knowledge, however it is
not essential as the guide will demonstrate exact command lines that need to be used. A level of
Linux knowledge may simply make it easier to understand this guide and help work around any
problems you may encounter.
This section of the guide has been written and tested thoroughly and assuming it is followed
correctly, there should be no trouble installing your DMZ Server software.
If you were not prompted to configure a network interface during the installation of CentOS 5
Linux outlined in Installation Phase 1, you will need to make sure that a network interface is
installed and an appropriate driver is loaded to support it. The interface should also be configured
with appropriate network settings before continuing.
If required, consult a trained Linux specialist to assist with getting this happening before you
proceed.




DMZ Server - RYO Installation Guide (CentOS 5)                                                 Page 39
Getting Started with Phase 2 Installation
Before you begin Installation Phase 2 process, ensure you have the required “iWebGate DMZ
Server Phase 2 Installation Media” available. This might be in the form of either a USB flash drive
or a CD-ROM media.

Preparing the Installation Media
Insert the appropriate media into the respective media bay or connector. If you are using a USB
flash drive, the system should respond with messages on the console screen indicating that the USB
drive was recognised and has been configured into the system.


            NOTE: Some Hewlett Packard machines will not recognise some USB
            drives when plugged into one of the USB ports on the front of the
            machine. If your system did not report the detection of the USB device,
            remove the device and insert it into a port on the back of the machine.


For CD-ROM users, your device node name will nearly always be 'cdrom'.
Continue with the installation process based on the media you are using to install the software. USB
Installation Media users should continue with the next section while CD-ROM users can skip the
next section and jump to the CD-ROM Installation Media section.

USB Installation Media
Use your favourite file and folder manager software (eg. Windows Explorer or Finder on MAC) to
extract/copy the contents of the DMZ Server Installation ISO image (downloaded from the
iWebGate website) into the top level directory of your USB drive.
It is important that you select a USB flash drive that is identified when connected to the DMZ
Server and this can be readily confirmed by inserting the device into an available USB port on the
machine you have selected for your DMZ Server.
Once inserted, the Linux operating system should respond with output written to the console similar
to this:
    usb 5-2: new high speed USB device using ehci_hcd and address 2
    usb 5-2: configuration #1 chosen from 1 choice
    Initializing USB Mass Storage driver...
    scsi2 : SCSI emulation for USB Mass Storage devices
    usb-storage: device found at 2
    usb-storage: waiting for device to settle before scanning
    usbcore: registered new driver usb-storage
    USB Mass Storage support registered.
      Vendor: Kingston Model: DataTraveler 2.0 Rev: 1.00
      Type:   Direct-Access                      ANSI SCSI revision: 02
    SCSI device sdb: 7856128 512-byte hdwr sectors (4022 MB)
    sdb: Write Protect is off
    sdb: Mode Sense: 23 00 00 00
    sdb: assuming drive cache: write through
    SCSI device sdb: 7856128 512-byte hdwr sectors (4022 MB)
    sdb: Write Protect is off


Page 40                                          DMZ Server - RYO Installation Guide (CentOS 5)
    sdb: Mode Sense: 23 00 00 00
    sdb: assuming drive cache: write through
     sdb: sdb1
    sd 2:0:0:0: Attached scsi removable disk sdb
    sd 2:0:0:0: Attached scsi generic sg1 type 0
    usb-storage: device scan complete


The driver has reported successful detection of the USB device and is able to read the file system as
reported by the line that reads sdb: sdb1. The part in bold represents the special device file name
that will be used to access your USB installation media so make note of it for later reference.
It is possible that some combinations of USB ports and USB flash drives do not mix well and are
not properly detected under Linux. If this is the case, the system may report detection of a device
inserted into a USB port but is not able to read from the file system or it may not report detection at
all. If your device is not detected correctly, try another device or use the CD-ROM installation
media.

             NOTE: This document assumes that you have copied all of the the
             installation files and folders to the top-level directory of the USB device.




CD-ROM Installation Media
Use your favourite CD-ROM creation software to create a CD-ROM from the DMZ Server
Installation ISO image downloaded from the iWebGate website. The resulting media should see a
single file called Makefile amongst a couple of other folders in the top-level folder.
If you installed your Linux operating system using a CD/DVD-ROM drive attached to your system,
that same drive should be detected and ready for use during the remaining steps outlined in this
guide.

Continuing the Installation Process (USB and CD-ROM)
At the login: prompt of your server, enter the user name root and press <ENTER>. Enter the
password you specified during the Linux installation process into the Password: prompt shown.
Your key strokes are not indicated when entering the password and the screen cursor will not move.
Once you have keyed in your password, hit <ENTER> to login.
On successful login, you should be at the appropriate super user command prompt:


      [root@<hostname> ~]#


Before beginning the unattended section of the Installation Phase 2 process, there are a number of
things that need to take place.

Disabling “SElinux” at Run-Time
The first of the initial requirements is the disabling of the strict kernel security measures of
SELinux. If this service is not disabled, it will interfere with the installation of packages and
reconfiguration of services. To disable the SELinux service at run-time, issue the following

DMZ Server - RYO Installation Guide (CentOS 5)                                                      Page 41
command:


      sed -i “s/^SELINUX=.*$/SELINUX=disabled/g”                            /etc/selinux/config


Enter the entire command above on one line and then hit <ENTER> once you have the command
correct and the configuration file will be updated. You can check the update succeeded by issuing
the command:


      cat /etc/selinux/config


You should see the following line amongst the output (roughly in the middle of the file contents):


      SELINUX=disabled


If you do not see the updated output, check you have typed the above “sed” command correctly
(letter-for-letter) and try issuing the command again. If the file is still not updated correctly, use the
“vi” text editor to edit the file manually (consult your local Linux support provider if you are not
familiar with the “vi” editor).
If the setting is correct, the system will need to be rebooted before you can begin the unattended
section of the Installation Phase 2 process. You should reboot now and can do so by either pressing
<CTRL>+<ALT>+<DEL> simultaneously or by issuing the following command and press
<ENTER>:


      shutdown -r now


Either way, the system should begin shutting down by displaying appropriate service shut down
messages before rebooting the system and starting up again the same way as previously outlined.
Allow the system to boot again during which you should see the following line in the boot sequence
output:


      SELinux:        Disabled at runtime.


Once your system returns to the login prompt, you can login again and prepare for the installation
from your selected media.

Making the Installation Media Available
Log into the system again (as described above) and prepare to continue the Installation Phase 2
process. Before the installation of the DMZ Server packages can proceed, you need to make the
selected installation media available to the system.


Page 42                                              DMZ Server - RYO Installation Guide (CentOS 5)
If you haven't already, insert the media onto which you copied your iWebGate DMZ Server Phase
2 Installation Media so that it is ready and available to the system.
For either installation media method, you need to create a folder on which the media file system
will be mounted and made available for accessing the installation packages and scripts. Issue the
following command:


     mkdir -p /media/install


If you are using the CD-ROM installation method, issue the following command to make the media
available (assuming that you are using the same CD/DVD-ROM drive used for installation of
Linux):


     mount -r /dev/cdrom /media/install


This will mount the CD based installation media onto that directory making it available for use.
For USB flash drive users, the process is almost identical except you will use the device node name
issued by the kernel when you inserted the device into a USB port.
If you are using the USB mass storage installation method, issue the following command to make
the media available (if needed, replace sdb1 with the special device file you noted down):


     mount -r /dev/sdb1 /media/install


You will notice the “-r” option which instructs the system to make the file system available using a
read-only access rule. This will be implied with the CD-ROM media but should be issued even with
the USB media to ensure you do not accidentally delete files or corrupt the installation file system.

Installing the “make” Package
Now that the media is available, change into the newly created directory where the installation
media was mounted to:


     cd /media/install


Before we can begin the unattended process, we must install the make package as this package is
required by the installation script which will complete the remainder of Installation Phase 2
unattended.
Install the make package now by issuing the following command:


     rpm -ivh rpms/c54/make-3.81-3.el5.i386.rpm



DMZ Server - RYO Installation Guide (CentOS 5)                                               Page 43
You should see progress output on the screen as the package is installed. The following output
indicates successful installation of the “make” RPM package:


      Preparing... ####################################### [100%]
         1:make    ####################################### [100%]


You may receive the following warning when installing the “make” package, however this can
safely be ignored:


      warning: rpms/c54/make-3.81-3.el5.i386.rpm: Header V3 DSA
      signature: NOKEY, key ID XXXXXXX

Beginning the DMZ Server Software Installation
Before beginning the installation process, you should check to ensure that your server is connected
to the network. This can be confirmed by issuing the following command:


    make check


The following output confirms that the DMZ Server is connected and able to reach the defined
network gateway address:


    Linux Distribution: c54


    Checking network connection (this may take a while): Passed


    Network Interface:            eth0
    Server Address:               192.168.1.235
    Server Netmask:               255.255.255.0
    Server Gateway:               192.168.1.2
    Server Network:               192.168.1.0
    Server FQDN:                  dmzserver.example.com
    Server Domainname:            example.com


    PHP Error Notification is On

While it is not essential that you receive a successful connection check response from this command
as the installation process itself does not require network connectivity, it does confirm that the
network device in your machine is operating correctly and that it should be able to reach the
iWebGate Master Server during the registration process where network connectivity and Internet
access is required.
If the installer does not detect appropriate network settings the script will abort requesting that the

Page 44                                             DMZ Server - RYO Installation Guide (CentOS 5)
condition be rectified before continuing. If you do not see the IP addresses configured into your
machine, you should correct this problem before proceeding.
At this point you can begin the unattended section of the Installation Phase 2 process to complete
your DMZ Server installation.
Enter the following command:


      make server


The process then begins to install the required software packages needed for the iWebGate DMZ
Server to run. You can terminate the installation process at any time by pressing <CTRL>+C to
interrupt. Simply reissue the make server command to start the installation process again.
There are roughly 178 RPM software packages of which you may see one or two throw an error
about missing files or directories which can be ignored as these files are installed in later packages
and appropriate configurations are applied throughout the remainder of the unattended installation.

Termination and Restarting the Unattended Installation
If the “make” command terminates with an error at any time during the process, the installation has
failed and will need to be restarted by correcting the reported error and reissuing the make
server command. If all of the 178 RPM packages were installed without terminating the make
server process, then you can precede the command with NORPMS=1, for example:


      NORPMS=1 make server


This will prevent the installer from attempting to install the RPM packages all over again. It is not
vital that you use NORPMS=1 however it will speed up the repeat attempt to complete the
installation process by not installing the RPM packages again.
During the Installation Phase 2 process, various output messages are displayed indicating what the
installer is doing. The installation of the reporting engine may take a minute or two to complete so
please be patient. Eventually, the installer will finish the process with the following message:


      Restarting reconfigured services … Done


If your installation reports the following on the last line of output:


      Restarting reconfigured services … make: *** [final] Error 1


the error can safely be ignored and the process has completed successfully. You should now reboot
the newly installed system. When the system reboots and comes back up, your iWebGate DMZ
Server is as it would be if it were supplied by iWebGate or an authorised reseller and you may begin
the initial configuration process.


DMZ Server - RYO Installation Guide (CentOS 5)                                                 Page 45
You will notice that the VLAN/MP2P Peer Service fails to start when the system boots which is
valid as there is no Peer Instance configured as part of this installation. You may also see an error
message regarding the ICBD service before the login prompt is displayed. This message can be
safely ignored.

Concluding the Installation
If all has completed according to to this guide, your iWebGate DMZ Server installation has
completed successfully and you can now continue with the initial configuration process as outlined
in the IWG-DMZS-THD506 Installing the iWebGate DMZ Server and Performing Initial
Configuration technical HOWTO document on the iWebGate website:


http://dmzsite.iwebgate.com/support/howtos/showhowto.php?item=Install and Configure


At this stage, you can safely shut down your server and move it into place on your network by
issuing the following command:


     shutdown -h now




Page 46                                            DMZ Server - RYO Installation Guide (CentOS 5)

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:11
posted:2/25/2012
language:English
pages:46