Introduction and Assumptions

This section provides some details on the baseline OS installation, before the DAS components are installed. The assumption here is that you are already familiar with installing Red Hat GNU/Linux systems. Therefore, this is not a detailed, step-by-step guide. This is simply an overview of what was done in our case to set the servers up so that they were ready to install Kerberos and NIS services.

Our DAS servers run on Red Hat Linux 9, but there is no reason that they could not be setup on a different distribution, or even a BSD or Solaris system. However, all subsequent instructions and testing assume Red Hat 9 on the server side. I am also assuming that you will use reasonable hardware choices with respect to disks, power, network connections, etc.


Anaconda Installation

Partitioning - I like to use separate partitions for important directories. With a 75 GB disk, here is how I partitioned it:

Filesystem            Size  Used Avail Use% Mounted on
/dev/hda1              99M  9.2M   85M  10% /boot
/dev/hda2              13G  205M   12G   2% /
/dev/hda3              20G  1.5G   17G   9% /usr
/dev/hda5              20G   69M   19G   1% /var
/dev/hda6             9.4G   33M  8.9G   1% /home
/dev/hda7             1.6G   33M  1.5G   3% /tmp
/dev/hda8             251M    							SWAP

The partitions were formatted as EXT3 journaling file systems, and I instructed the partitioning tool to check for bad blocks.

Bootloader Password - I specified a bootloader password.

IP information - I specified that eth0 be activated on boot, and gave it a FQDN and static IP address. Three DNS server addresses were specified: 10.10.20.250, 10.10.19.250, and 4.2.2.3.

Firewall Setting - Initially, I set this to the "high" level, customized to allow connections to TCP port 2222, and disabled any other inbound connections. No trusted devices were listed.

System Clock - I set this up for "system clock uses UTC", and the Asia/Taipei timezone.

Authentication Configuration - Leave at defaults: MD5 + Shadow Passwords

Package Selection - This is fairly critical. When you select a category, you can then go into that category and select (or deselect) items. I chose not to install many packages, though I did install Gnome and software development sets like the C compiler. Here is a summary:

Total size of install was listed at 1,594 MB.

Create Boot Disk - Perform this step and put the disk in a safe place.

Video Card and Monitor - In my case, here were the settings:

Section "Monitor"
        Identifier   "Monitor0"
        VendorName   "Monitor Vendor"
        ModelName    "SyncMaster"
        DisplaySize  340        270
        HorizSync    30.0 - 81.0
        VertRefresh  60.0 - 60.0
        Option      "dpms"
EndSection
 
Section "Device"
        Identifier  "Videocard0"
        Driver      "s3virge"
        VendorName  "idunno"
        BoardName   "S3 86C988 (ViRGE/VX)"
        
1024 x 768 resolution, 16-bit color

Post Anaconda Install

Login and make sure the time is correct. Check IP network connectivity. Add a non-root user.

BIOS config: Boot from disk only, not floppy, CD, nor network. Add BIOS password requirement before BIOS config can be changed.

Backup the original /etc files:

# cd /
# tar cvf /root/org-etc.tar etc
# gzip /root/org-etc.tar

Upgrade the following "important" packages (13 Nov 2003):

bash-2.05b-20.1.i386.rpm
bash-doc-2.05b-20.1.i386.rpm
coreutils-4.5.3-19.0.2.i386.rpm
ethereal-0.9.16-0.90.1.i386.rpm
ethereal-gnome-0.9.13-1.90.1.i386.rpm
glibc-2.3.2-27.9.6.i686.rpm
glibc-common-2.3.2-27.9.6.i386.rpm
glibc-devel-2.3.2-27.9.6.i386.rpm
gnome-kerberos-0.3.1-7.i386.rpm
gnupg-1.2.1-4.i386.rpm
krb5-devel-1.2.7-14.i386.rpm
krb5-libs-1.2.7-14.i386.rpm
krb5-server-1.2.7-14.i386.rpm
krb5-workstation-1.2.7-14.i386.rpm
mutt-1.4.1-1.i386.rpm
nscd-2.3.2-27.9.6.i386.rpm
openssh-3.5p1-11.i386.rpm
openssh-askpass-3.5p1-11.i386.rpm
openssh-askpass-gnome-3.5p1-11.i386.rpm
openssh-clients-3.5p1-11.i386.rpm
openssh-server-3.5p1-11.i386.rpm
openssl-0.9.7a-20.i686.rpm
openssl-devel-0.9.7a-20.i386.rpm
pine-4.44-19.90.0.i386.rpm
sendmail-8.12.8-9.90.i386.rpm
sendmail-cf-8.12.8-9.90.i386.rpm
tcpdump-3.7.2-1.9.1.i386.rpm
tripwire-2.3.1-17.i386.rpm
unzip-5.50-33.i386.rpm
xinetd-2.3.11-1.9.0.i386.rpm
xpdf-2.01-11.i386.rpm
ypserv-2.8-0.9E.i386.rpm

Configure a minimal number of services to run. When done with my base install, here are the services that were running:

[root@das-m PKG]# chkconfig --list | grep :on | sort
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
keytable        0:off   1:on    2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off
random          0:off   1:off   2:on    3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off

Configure log rotation for 6 weeks instead of 4 weeks (the default). This is changed under /etc/logrotate.conf with the following configuration:

# see "man logrotate" for details
# rotate log files weekly
weekly
                                                                                                                                                             
# keep 6 weeks worth of backlogs
rotate 6
                                                                                                                                                             
# create new (empty) log files after rotating old ones
create
                                                                                                                                                             
# uncomment this if you want your log files compressed
#compress
                                                                                                                                                             
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
                                                                                                                                                             
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}
                                                                                                                                                             
# system-specific logs may be also be configured here.

We also want to modify /etc/crontab so that hourly, daily, and weekly service restarts don't happen simultaneously for services like krb5kdc and kadmind. Change /etc/crontab on DAS-M to the following:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
 
# run-parts
02 * * * * root run-parts /etc/cron.hourly
03 4 * * * root run-parts /etc/cron.daily
23 4 * * 0 root run-parts /etc/cron.weekly
43 4 1 * * root run-parts /etc/cron.monthly

Then restart the cron daemon...

[root@das-m etc]# /etc/init.d/crond restart
Stopping crond:                                            [  OK  ]
Starting crond:                                            [  OK  ]