Installation of your Linux Server
Table of Contents
3.1. Know your Hardware!
3.2. Creating the Boot Disk and Booting
3.3. Installation Class and Method (Install Type)
3.4. Disk Setup- Disk Druid
3.5. Disk Druid
3.6. An example
3.7. Post-Partitioning
3.8. Components to Install- Package Group Selection
3.9. Select Individual Package - Part 'A'
3.10. Select Individual Package -Part 'B'
3.11. How to use RPM Commands
3.12. Starting and stopping daemon services
3.1. Know your Hardware!
Understanding the hardware of your computer is essential for a successful installation of Red Hat Linux. Therefore, you should take a moment now and familiarize yourself with your computer hardware. Be prepared to answer the following questions:
How many hard drives do you have?
What size is each hard drive? e.g. 3.2GB.
If you have more than one hard drive, which is the primary one?
What kind of hard drive do you have? e.g. IDE, SCSI.
How much RAM do you have e.g. 256MB RAM.
Do you have a SCSI adapter? If so, who is the manufacturer and what model is it?
Do you have a RAID system? If so, who is the manufacturer and what model is it?
What type of mouse do you have e.g. PS/2, Microsoft, Logitech.
How many buttons does your mouse have? 2/3 buttons.
If you have a serial mouse, what COM port is it connected to? e.g. COM1.
What is the make and model of your video card? How much video RAM do you have? e.g. 4MB.
What kind of monitor do you have? Make and Model.
Will you be connected to a network? If so, what will be the following:
Your IP address?
Your netmask?
Your gateway address?
Your domain name server's IP address?
Your domain name?
Your hostname?
Your types of network(s) card(s)? Make and Model.
Your number of card(s)? Make and Model.
3.2. Creating the Boot Disk and Booting
The first thing to do is to create an installation diskette also known as a boot disk. If you have purchased the official Red Hat Linux CD-ROM, you will find this floppy disk named Boot Diskette in the Red Hat Linux box and you don't need to create it. From time to time, you may find that the installation will fail with the standard diskette image that comes with the official Red Hat Linux CD-ROM. If this happens, a revised diskette is required in order for the installation to work properly. In these cases, special images are available via the Red Hat Linux Errata web page to solve the problem http://www.faqs.org/docs/securing/appendixa.html#prtinxfp4. Since this, is a relatively rare occurrence, you will save time if you try to use the standard diskette images first, and then review the Errata only if you experience any problem completing the installation.
Step 1. Before you make the boot disk, insert the Official Red Hat Linux CD-ROM Part 1 in your computer that runs the Windows operating system. When the program asks for the filename, enter boot.img for the boot disk. To make the floppies under MS-DOS, you need to use these commands assuming your CD-ROM is drive D: and contain the Official Red Hat Linux CD-ROM.
Open the Command Prompt under Windows: Start Programs Command Prompt
C:\> d:
D:\> cd \dosutils
D:\dosutils> rawrite
Enter disk image source file name: ..\images\boot.img
Enter target diskette drive: a:
Please insert a formatted diskette into drive A: and press --ENTER-- :
D:\dosutils>
The rawrite.exe program asks for the filename of the disk image: Enter boot.img and insert a floppy into drive A. It will then ask for a disk to write to: Enter a:, and when complete, label the disk; for example, Red Hat boot disk.
Step 2. Since we'd start the installation directly off the CD-ROM, boot with the boot disk. Insert the boot diskette you create into the drive A: on the computer where you want to install Linux and reboot the computer. At the boot:, press Enter to continue booting and follow the three simple steps below:
Choose your language
You can choose your prefferd language for the Linux OS from a list. For example, English, Danish etc
Choose your keyboard type
You can choose your Keyboard type. For example US pc104, norwegian etc
Select your mouse type
You can choose your mouse type. For example Logitech two button, Microsoft three button mouse etc
3.3. Installation Class and Method (Install Type)
Red Hat Linux 6.1 and 6.2 include four different classes, or type of installation. They are:
GNOME Workstation
KDE Workstation
Server
Custom
The first three classes GNOME Workstation, KDE Workstation, and Server give you the option of simplifying the installation process with a significant loss of configuration flexibility that we don't want to lose. For this reason we highly recommend Custom installation, as this allows you to choose what services are added and how the system is partitioned.The idea is to load the minimum number of packages, while maintaining maximum efficiency. The less software that resides on the box, the fewer potential security exploits or holes may appear.Select Custom and click Next
3.4. Disk Setup- Disk Druid
We assume that you are installing your new Linux server to a new hard drive, with no other existing file system or operating system previously installed. A good partition strategy is to create a separate partition for each major file system. This enhances security and prevents accidental denial of service or exploit of SUID programs.
Creating multiple partitions offers you the following advantages:
Protection against denial of service attack.
Protection against SUID programs.
Faster booting.
Easy backup and upgrade management.
Ability for better control of mounted file system.
Limit each file system's ability to grow.
If previous file system or operating system exist on the hard drive and computer where you want to install your Linux system, we highly recommend, that you make a backup of your current system before proceeding with the disk partitioning.
Step 1. For performance, stability and security reasons you must create something like the following partitions listed below on your computer. We suppose for this partition configuration the fact that you have a SCSI hard drive of 3.2 GB. Of course you will need to adjust partition sizes according to your own needs and disk size. Partitions that must be created on your system:
/boot 5MB
/usr 512MB
/home 1146MB
/chroot 256MB
/cache 256MB
/var 256MB
128MB
/tmp 256MB
/ 256MB
All Kernel images are kept here.
Must be large, since all Linux binaries programs are installed here.
Proportional to the number of users you intend to host i.e. 10MB per users multiplied by the number of users 114 = 1140MB.
If you want to install programs in chroot jail environment i.e. DNS.
This is the cache partition of a proxy server i.e. Squid.
Contains files that change when the system run normally i.e. Log files.
Our swap partition. The virtual memory of the Linux operating system.
Our temporary files partition.
Our root partition.
We have made two more special partitions:
/chroot
The /chroot partition can be used for DNS server chrooted, Apache server chrooted and other chrooted future programs.
/cache
The /cache partition can be used for a Squid Proxy server. If you are not intending to install Squid Proxy server you don't need to create the /cache partition.
Keeping /tmp and /home on separate partitions is pretty much mandatory if users have shell access to the server- protection against SUID programs; splitting these off into separate partitions also prevent users from filling up any critical file system -denial of service attack. The same applies to /var, and /usr on separate partitions is also a very good idea. By isolating the /var partition, you protect your root partition from overfilling -denial of service attack.
In our partition configuration we'll reserve 256 MB of disk space for chrooted programs like Apache, DNS and other software. This is necessary because Apache DocumentRoot files and other binaries, programs related to Apache will be installed in this partition if you decide to run Apache web server in a chrooted jail.
Take note that the size of the Apache chrooted directory on the chrooted partition is proportional to the size of your DocumentRoot files. If you're not intending to install and use Apache on your server, you can reduce the size of this partition to something like 10 MB for DNS server that you always need in a chrooted jail environment for security reasons.
Minimum size of partitions: For information purposes only, this is the minimum size in megabytes, which a Linux installation must have to function properly. The sizes of partitions listed below are really small. This configuration can fit into a very old hard disk of 512MB in size that you might find in old x486 computers. We show you this partition just to get an idea of the minimum requirements.
/ 35MB
/boot 5MB
/chroot 10MB
/home 100MB
/tmp 30MB
/usr 232MB
/var 25MB
3.5. Disk Druid
Disk Druid Partitions is a program that partitions your hard drive for you. Choose Add to add a new partition, Edit to edit a partition, Delete to delete a partition and Reset to reset the partitions to the original state. When you add a new partition, a new window appears on your screen and gives you parameters to choose. Different parameters are:
Mount Point:
for where you want to mount your new partition in the filesystem.
Size (Megs):
for the size of your new partition in megabytes.
Partition Type:
Linux native for Linux filesystem and Swap for Linux Swap Partition.
: If you have a SCSI disk the device name will be /dev/sda and if you have an IDE disk it will be /dev/hda. If you're looking for high performance and stability, a SCSI disk is highly recommended. Linux refers to disk partitions using a combination of letters and numbers. It uses a naming scheme that is more flexible and conveys more information than the approach used by other operating systems.
Here is a summary:
Disk naming convention
First Two Letters
The first two letters of the partition name indicate the type of device on which the partition resides. You'll normally see either hd (for IDE disks), or sd (for SCSI disks).
The Next Letter
This letter indicates which device the partition is on. For example: /dev/hda (the first IDE hard disk) and /dev/hdb (the second IDE disk). Keep this information in mind, it will make things easier to understand when you're setting up the partitions Linux requires.
Swap partitions are used to support virtual memory. If your computer has 16 MB of RAM or less, you must create a swap partition. Even if you have more memory, a swap partition is still recommended. The minimum size of your swap partition should be equal to your computer's RAM or 16 MB (whichever is larger). The largest useable swap partition is roughly 1 GB, since 2.2 kernel, 1 GB swap file are supported so making a swap partition larger than that will result in wasted space. Note, however, that you can create and use more than one swap partition although this is usually only necessary for very large server installations.
Try to put your swap partitions near the beginning of your drive. The beginning of the drive is physically located on the outer portion of the cylinder, so the read/write head can cover much more ground per revolution.
representation of linux partition
3.6. An example
To make the partitions listed below on your system; this is the partition we'll need for our server installation example; the command will be under Disk Druid:
Add
Mount Point: /boot our /boot directory.
Size (Megs): 5
Partition Type: Linux Native
Ok
Add
Mount Point: /usr our /usr directory.
Size (Megs): 512
Partition Type: Linux Native
Ok
Add
Mount Point: /home our /home directory.
Size (Megs): 1146
Partition Type: Linux Native
Ok
Add
Mount Point: /chroot our /chroot directory.
Size (Megs): 256
Partition Type: Linux Native
Ok
Add
Mount Point: /cache our /cache directory.
Size (Megs): 256
Partition Type: Linux Native
Ok
Add
Mount Point: /var our /var directory.
Size (Megs): 256
Partition Type: Linux Native
Ok
Add
Mount Point: our /Swap partition leave the Mount Point Blank.
Size (Megs): 128
Partition Type: Linux Swap
Ok
Add
Mount Point: /tmp our /tmp directory.
Size (Megs): 256
Partition Type: Linux Native
Ok
Add
Mount Point: / our / directory.
Size (Megs): 256
Partition Type: Linux Native
Ok
After the partitions of your hard disk has been completed, you must see something like the following information on your screen. Our mount points will look like this:
Table 3-1. Sample representaion of partitions
Mount Point
Device
Requested
Actual
Type
/boot
sda1
5M
5M
Linux Native
/usr
sda5
512M
1146M
Linux Native
/home
sda6
256M
256M
Linux Native
/chroot
sda7
256M
256M
Linux Native
/cache
sda8
256M
256M
Linux Native
/var
sda9
256M
256M
Linux Native
sda10
128M
128M
Linux Swap
/tmp
sda11
256M
256M
Linux Native
/
sda12
256M
256M
Linux Native
Drive
Geom [C/H/S]
Total (M)
Free (M)
Used (M)
Used (%)
sda
[3079/64/32]
3079M
1M
3078M
99%
: We are using a SCSI hard disk hence the first two letters of the device are sd.
3.7. Post-Partitioning
Now that you are partitioning and choosing the mount point of your directories, select Next to continue. After your partitions are created, the installation program will ask you to choose partitions to format. Choose the partitions you want to initialize, check the (Check for bad blocks during format) box, and press Next. This formats the partitions and makes them active so Linux can use them.
On the next screen you will see the LILO Configuration where you have the choice to install LILO boot record on:
Master Boot Record (MBR)
Or
First Sector of Boot Partition
Usually if Linux is the only OS on your machine you should choose the Master Boot Record (MBR) option. After that, you need to configure your Network and Clock. After you finish configuring the clock, you need to give your system a root password and authentication configuration. For Authentication Configuration don't forget to select:
Enable MD5 passwords
Enable Shadow passwords
Enable NIS doesn't need to be selected since we are not configuring NIS services on this server.
3.8. Components to Install- Package Group Selection
After your partitions have been configured and selected for formatting, you are ready to select packages for installation. By default, Linux is a powerful operating system that executes many useful services. However, many of these services are unneeded and pose potential security risks.
Ideally, each network service should be on a dedicated, single-purpose host. Many Linux operating systems are configured by default to provide a wider set of services and applications than are required to provide a particular network service, so you may need to configure the server to eliminate unneeded services. Offering only essential services on a particular host can enhance your network security in several ways:
Other services cannot be used to attack the host and impair or remove desired network services.
Different individuals may administer different services. By isolating services so each host and service has a single administrator you will minimize the possibility of conflicts between administrators.
The host can be configured to better suit the requirements of the particular service. Different services might require different hardware and software configurations, which could lead to needless vulnerabilities or service restrictions. By reducing services, the number of logs and log entries is reduced so detecting unexpected behavior becomes easier.
A proper installation of your Linux server is the first step to a stable, secure system. You first have to choose which system components you want to install. Choose the components, and then you can go through and select or deselect each individual package of each component by selecting Select individual packages option on your Red Hat setup screen. Since we are configuring a Linux Server, we don't need to install a graphical interface XFree86 on our system, a graphical interface on a server means less processes, less CPU availability, less memory, security risks, and so on. Graphical interfaces are usually used on workstations only.
Select the following packages for installation:
Networked Workstation
Network Management Workstation
Utilities
After selecting the components you wish to install, you may select or deselect packages.
: Select the Select individual packages options before continuing to have the option to select and deselect packages.
3.9. Select Individual Package - Part 'A'
The installation program presents a list of the package groups available. Select a group to examine. The components listed below must be deselected from the Menu Group for security; optimization and other reasons described below:
Applications/File:.
git
The GIT package provides an extensible file system browser, an ASCII/hexadecimal file viewer, a process viewer/killer and other related utilities and shell scripts. Unnecessary.
Applications/Internet:.
finger
The finger package is a client utility, which allows users to see information about system users. Security risks.
ftp
The ftp package provides the standard UNIX command-line FTP client. Security risks.
fwhois
The fwhois client program allows for querying whois databases. Security risks.
ncftp
The Ncftp package is an improved FTP client. [Security risks, Unnecessary.
rsh
The rsh package provides client programs, which allows users to run commands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). Security risks.
rsync
rsync is very powerfull mirroring program, which brings very quickly remote and host files into sync. Unnecessary
talk
The ntalk package provides client and daemon programs for the Internet talk protocol, which allows you to chat with other users on different UNIX systems. Security risks.
telnet
Telnet is a popular protocol for logging into remote systems over the network but it is insecure (transfer password in plain text). Security risks.
Applications/Publishing:.
ghostscript
The GhostScript package is a set of software that provides a PostScript interpreter, and an interpreter for Portable Document Format PDF files. Unnecessary
ghostscript-fonts
The GhostScript interpreter can use the Ghostscript-fonts package during text rendering. Unnecessary.
groff-perl
The groff-perl package is a set of commands and print filter used in printer environment. Unnecessary, no printer installed on the server.
mpage
The mpage package utility takes plain text files or PostScript documents as input, reduces the size of the text, and prints the files on a PostScript printer with several pages on each sheet of paper. Unnecessary, no printer installed on the server
pnm2ppa
The pnm2ppa package is a color driver for printing to HP PPA printers. Unnecessary, no printer installed on the server.
rhs-printfilters
The rhs-printfilters package contains a set of print filters, which is primarily meant to be use with the Red Hat printtool. Unnecessary, no printer installed on the server
Applications/System:.
arpwatch
The arpwatch package contains utilities to monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs. Unnecessary
bind-utils
The bind-utils package contains a collection of utilities to find out information about Internet hosts. We will compile it later on this book.
knfsd-clients
The knfsd-clients package contains the showmount program that queries the mount daemon on a remote host for information about the NFS server on the remote host. Security risks, and NFS services are not installed on this server.
procinfo
The procinfo package acquires information about your system from the kernel as it is running. Unnecessary, other methods exist.
rdate
The rdate package utility can retrieve the date and time from another machine on your network. Security risks.
rdist
The rdist package is a program that maintains identical copies of files on multiple hosts. Security risks.
screen
This screen package is a useful utility for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Unnecessary
ucd-snmp-utils
The ucd-snmp-utils package contains various utilities for use with the ucd-snmp network management project. Unnecessary, Security risks
Documentation:.
indexhtml
The indexhtml package contains the HTML page and graphics for a welcome page shown by your Web browser into X Window Systems. Unnecessary,we don't use graphical interface.
3.10. Select Individual Package -Part 'B'
System Environment/Base:.
chkfontpath
The chkfontpath package is a simple program for adding, removing and listing the directories contained in the X font server's path. Unnecessary, we don't use graphical interface
yp-tools
The Network Information Service NIS is a system, which provides and centralizes network information; login names, passwords, home directories, and group information, to all of the machines on a network. Security risks, we don't use it on our server
System Environment/Daemons: .
XFree86-xfs
The XFree86-xfs package is a font server for XFree86 that can also serve fonts to other X servers remotely. Unnecessary, we don't use graphical interface
finger-server
The finger-server package contain the finger daemon that runs from the /etc/inetd.conf, file and allows users to see information about system users on the server. Security risks.
lpr
The lpr package provides the basic system utility for managing printing services. Unnecessary and no printer installed on the server
nfs-utils
The nfs-utils package provides the tools and daemon for the kernel NFS server. This package must be installed if you want to provide NFS services on your server. Security risks, and NFS services are not installed on this server.
pidentd
The pidentd package contains the identd, which looks up specific TCP/IP connections and returns either the user name or other information about the process that owns the connection. Unnecessary, very few things on the net require the sender to be running identd, because many machines don't have it and because many people turn it off.
portmap
The portmapper package manages RPC connections, which are used by protocols like NFS and NIS. Unnecessary, Security risks, and NIS/NFS services are not installed on this server.
rsh-server
The rsh-server package provides the servers needed for (rsh, rlogin, rcp) which allow users to run remote access commands on remote machines. Security risks
rusers
The routed package routing daemon maintains current routing tables by handling incoming RIP traffic and broadcasts outgoing RIP traffic about network traffic routes. Unnecessary, Security risks, and limited.
rusers-server
The rusers package program allows users to find out who is logged into various machines on the local network. Security risks.
rwall-server
The rwall-server package contains the daemon which allows receiving remote messages from users in remote hosts. Security risks
rwho
The rwho package shows who is logged in for all machines on the local network running the rwho daemon. Security risks.
talk-server
The talk-server package provides the daemon program, which allows you to chat via terminal with other users on remote UNIX systems. Security risks.
telnet-server
The telnet-server package provides the daemon, which allows telnet remote logins protocol to your server. Security risks, replace by SSH
tftp
The tftp package or Trivial File Transfer Protocol TFTP allows users to transfer files to and from a remote machine. It is normally used only for booting diskless workstations. Security risks, Unnecessary.
tftp-server
The tftp-server package provides the server for (TFTP), which allows users to transfer files to and from a remote machine. Security risks, Unnecessary.
ucd-snmp
The ucd-snmp package or SNMP -Simple Network Management Protocol is a protocol used for network management. Unnecessary, Security risks
ypbind
The ypbind package is a daemon which binds NIS -Network Information Service server client to NIS server. Security risks, we don't use it on our server.
ypserv
The ypserv package is the NIS -Network Information Service server, which provides network information (NIS) to all of the machines on a network. Security risks, we don't use it on our server
System Environment/Libraries:.
XFree86-libs
The XFree86-libs package contains the shared libraries that most X programs need to run properly. Unnecessary, we dont use graphical interface.
libpng
The libpng package contains a library of functions for creating and manipulating GIF image format files. GIF is a bit-mapped graphics format similar to the GIF format. Unnecessary.
User Interface/X:.
XFree86-75dpi-fonts
The XFree86-75dpi-fonts package contains the 75 dpi fonts (the standard fonts) used on most X Window Systems. Unnecessary, we don't use graphical interface.
urw-fonts
The urw-fonts package contain free versions of the 35 standard Type 1 PostScript fonts. Unnecessary, we don't use graphical interface.
3.11. How to use RPM Commands
This section contains an overview of principal modes using with RPM for installing, uninstalling, upgrading, querying, listing, and checking RPM packages on your Linux system. You must be familiar with these RPM commands now because we'll use them often in the continuation of this book. To install a RPM package, use the command:
[root@deep] /#rpm -ivh foo-1.0-2.i386.rpm
Take a note that RPM packages have a file of names like foo-1.0-2.i386.rpm, which include the package name (foo), version (1.0), release (2), and architecture (i386).
To uninstall a RPM package, use the command:
[root@deep] /#rpm -e foo
Notice that we used the package name foo, not the name of the original package file foo-1.0-2.i386.rpm.
To upgrade a RPM package, use the command:
[root@deep] /#rpm -Uvh foo-1.0-2.i386.rpm
With this command, RPM automatically uninstall the old version of foo package and install the new one. Always use rpm -Uvh to install packages, since it works fine even when there are no previous versions of the package installed.
To query a RPM package, use the command:
[root@deep] /#rpm -q foo
This command will print the package name, version, and release number of installed package foo. Use this command to verify that a package is or is not installed on your system.
To display package information, use the command:
[root@deep] /#rpm -qi foo
This command display package information; includes name, version, and description of the installed program. Use this command to get information about the installed package.
To list files in package, use the command:
[root@deep] /#rpm -qlfoo
This command will list all files in a installed RPM package. It works only when the package is already installed on your system.
To check a RPM signature package, use the command:
[root@deep] /#rpm --checksig foo
This command checks the PGP signature of specified package to ensure its integrity and origin. Always use this command first before installing new RPM package on your system. Also, GnuPG or Pgp software must be already installed on your system before you can use this command.
3.12. Starting and stopping daemon services
The init program of Linux -also known as process control initialization, is in charge of starting all the normal and authorized processes that need to run at boot time on your system. These may include the APACHE daemons, NETWORK daemons, and anything else that must be running when your machine boots. Each of these processes has a script under /etc/rc.d/init.d/ directory written to accept an argument, which can be start, stop and restart. You can execute those scripts by hand in fact with a command:
Example 3-1. Starting and Stopping various Daemon's
To start the httpd Web Server manually under Linux.
[root@deep] /# /etc/rc.d/init.d/httpd start
Starting httpd: [OK]
To stop the httpd Web Server manually under Linux.
[root@deep] /# /etc/rc.d/init.d/httpd stop
Shutting down http: [OK]
To restart the httpd Web Server manually under Linux.
[root@deep] /# /etc/rc.d/init.d/httpd restart
Shutting down http: [OK] Starting httpd: [OK]
Check inside your /etc/rc.d/init.d/ directory for services available and use command start stop restart to work around.
