At a running GUI, selecting System – Administration – Security Level and und Firewall starts the application to change the settings for Firewall and SE-Linux.
|
Last
revision of this document: |
Prerequisites to understand the content of this document:*
General knowledge how to operate personal-computers (PC);
additionaly how to configure a PC to be able to boot from a CD to
install the operating-system. |
Approximate expenditure of time to work over this document:Time to work on: ca. ½ to 1 hour; depending on your experience with Linux. Overall time: 1 hour to 3 hours; depending on the speed of the CD-ROM-drive and the harddisk. |
==>
Linux
Fedora Core 5 requieres a monitor with a resolution of at least 800 x
600 pixels to run the administration-tools under the GUI.
Drivers
for older VGA-adapters (particularly all cards for the ISA-bus, but
also less known cards for the PCI-bus) are no longer shipped on the
Installation-CDs. Therefore it is advisable to have a machine with
VGA-adapter for the AGP-port or a widespread model for the PCI-bus.
If you are interested in older versions of Linux (which are outdated and therefore no longer maintained), please see the list in the Table of content.
The
'Server' is the centralised data-storage-unit within the
enterprise.
Usually, there is a 'streamer' for data-catridges
attached to do a daily back-up of essential company-data.
Optional
there might be one or more printers attached which can be utilized
from all workstations within the enterprise.
All following instructions are for installing Fedora Core 5 - Linux.
Shortly
after the boot-process from diskette or CD beginns, a selection for
text-based or graphical-installation can be done.
As
configuration-utilities need a graphic-user-interface, a suitable
video-graphic-adapter has to be installed.
Therefore the following
installation-instructions are for Graphic Mode.
As
the following instructions are tailored for the 'english' version of
the installer, select 'Englisch' as language, please.
Please
select the appropriate keyboard for the key-arrangement you are
using.
Depending
on the fact that another version of Linux is already installed on the
disk, this step might appear.
If there is another
operating-system than linux – or nothing at all –
installed on the harddisk, this step is skipped by the installer.
In
case, that a decision is requiered, please select the
radio-button
(●)
Install Fedora Core
It
is advisable not to install another operating-system on the server;
therefore select
Remove
all partitions on selected drive and create default layout
Optionally you might check [x] Review and modify partitioning layout to view the actual disk-partitioning carried out by the installer.
Network
Configuration:
This
option is not shown if the NIC (network interface card) is not
detected during the installation-process.
Although there are
procedures available on the internet to configure less common
NIC-models manually, it is recommended to use a widespread NIC.
Models using the RealTek 8139 chip are affordable
(ca.
EUR 7,00 at mid 2007) and
installing such an adapter may save you a lot of time trying to make
an 'exotic' model work.
Activate on boot: Yes (check)
Then
click the [Edit]-Button and modify the following values:
Configure
using DHCP: No (do not
check)
Activate
on boot: Yes (check)
IP
Adress: 192.168.0.1
Netmask:
255.255.255.0
Set the hostname: manually (check this selection) and enter the server-name (example: server.javascout.biz)
Gateway: 192.168.0.254 (or another address you set the router to; see the suitable installation of the router)
Primary DNS,
Secondary DNS and Tertiary DNS:
The TCP/IP-Addresses of the
Domain-Name-Servers (DNS) are provided by your
Internet-Service-Provider (ISP) .
Here is a list of some Austrian
ISP:
A-ON: 195.3.96.67, 195.3.96.68
UTA: 195.70.224.61,
195.70.224.62
Clicking
into the map enlarges the section to make it easier to match the
capital of your country.
Clicking onto the city of your choice
shows the name in the listbox below the map.
A
good choice might be to set your server to UTC-time and select the
checkbox
[x]
System clock uses UTC
Choose a Root Password (for Administrator-functions).
N.B.:
Passwords are case sensitive; so check if 'caps-lock' is enabled
when you enter the Root Password.
My recomendation is, to use
only lower case characters for passwords.
After finishing that step, a progress bar with the text Retrieving Installation Information ... is shown.
As
the 'server' needs selected parts of the operating system, none of
the standard sets of packages are suitable.
Therefore unselect
all default choices:
[ ]
Office and Productivity
[ ] Software Development
[ ] Web server
and select the radio-button (●) Customize now .
A
list of available packages (sorted by groups) is shown.
The list
of packages within a group is displayed after the button [Optional
packages] is clicked.
Please
chose only the packages listed in this
installation-instruction.
If
some are already selected by default, but not listed in this
installation-instruction, then unselect them, please !
Desktop
Environment – GNOME Desktop Environment
NetworkManager
–
gnome
desktop-printing
file-roller
gedit
gnome-system-monitor
hal-gnome
Applications
- Editors
vim-enhanced
Application
– Graphical Internet
firefox
Servers
– Printing Support
do
not change default selection
Servers
– Windows File Server
system-config-samba
Base
System –
Base
anacron
dosfstools
ftp
mtools
nano
system-config-securitylevel-tul
unzip
which
Base
System – Java
(no optional selection)
Base
System – Administration Tools
pirut
system-config-language
(This package is only neccessary if you decide to install more than
one language).
system-config-network
system-config-users
Base
System – Xwindow
System
system-config-display
system-config-printer-gui
system-config-services
Languages
select
additional languages if you want to see operating system messages in
different languages.
After
clicking the [ Next ] button, a progress-bar with the text
Checking
dependencis in packages selected for installation ....
appears.
After that checks, you are requested again to confirm the selection.
After that step, the copy-process starts and your presence is only requested to change the installation-CDs.
Remark:
The
Graphic-User-Interface (GUI) is not automatically started whenever
Linux is started.
If you need a GUI for subsequent tasks, log in
and start GNOME with the following command:
startx
The
instructions for the standard-installation end here.
If you
would like to switch of your computer now, please use (when GUI is
running)
or enter
shutdown
-h now
at the command-line.
Installation-steps which have to be done manually are described in the following steps.
At
the installation of Linux Fedora Core 5 the setup of Firewall und
Security-Enhanced Linux is set to standard values.
Those settings
are to 'strong' and obstruct the operation of e.g. a NFS-Server.
As
the Router is protected by an individual configured Firewall,
protecting the internal network agains attacks out of the Internet,
the standard-settings for the Firewall are disabled.
As defined,
this documentation is to guide the installation of a
IT-infrastructure in a small enterprise. Therefore it is not assumed
that attacks are started from a workstation within the internal
network and this fact legitimates the deactivation of SE-Linux.
Setup using the GUI
For
reasons I did not find out till now, the described process does not
work pretty often.
In that case use the instruction described
under Setup
without a GUI,
please.
|
At a running GUI, selecting System – Administration – Security Level and und Firewall starts the application to change the settings for Firewall and SE-Linux. |
|
|
Select the tab 'Firewall Options' and change the Firewall setting to 'Disabled'. |
|
|
Select the tab 'SELinux' and change the SELinux Setting to 'Disabled'. The new setup will be activated after clicking the button [ OK ] and the application-window will be closed. |
|
To
deactivate SELinux, please open the file
/etc/selinux/config
and
change the line
SELINUX=enforcing
to
SELINUX=disabled
|
|
|
Under
certain circumstances the TCP-/IP-address defined during
standard-installation is not put to the configuration-file
/etc/hosts.
If you do not find a line starting with the chosen TCP/IP-address
(192.168.0.1 in this example), please insert the missing line.
Here
is an example how the configuration-file /etc/hosts
should
look like :
#
Do not remove the following line, or various programs
# that
requiere network functionality will
fail
127.0.0.1 localhost.localdomain localhost
192.168.0.1
server.localdomain server
If
you are not so familiar with Linux and you ask yourself how to start
an editor:
Either vi
/etc/hosts at the command-line
or the selection
Applications – Accessories – Text Editor when the
GUI is running.
To
verify if the correct driver for the network-interface-card (NIC) was
installed and the NIC can be accessed; restart the computer and enter
the following commands:
modprobe
eth0
dmesg | tail
The
last lines of the log-file will be shown.
Unfortunately each
driver logs its special message; but if the Hardware-ID of the
Network-Interface-Card is shown (e.g. 0060 97 72 b0 93) it is a good
sign.
The
correct setup of the TCP/IP-address can be monitored with the
following command:
ping
192.168.0.1 (where
the TCP/IP-Address of the just installed machine must be used - if
you did not take the one from the examples)
An
output similar to the following should be shown:
PING
192.168.0.1 (192.168.0.1) from 192.168.0.1 : 56(84) bytes of data
64
bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=2.0 ms
64 bytes
from 192.168.0.1: icmp_seq=1 ttl=255 time=1.3 ms
64 bytes from
192.168.0.1: icmp_seq=2 ttl=255 time=1.1 ms
64 bytes from
192.168.0.1: icmp_seq=3 ttl=255 time=0.9 ms
The
'Pinging' can be interrupted with the key-combination CTRL-C and
thereafter a statistic is shown (example):
---
192.168.0.1 ping statistics ---
4 packets transmitted, 4 packets
received, 0% packet loss
round-trip min/avg/max = 0.9/1.2/2.0
ms
If
the computer is already connected to a local area network (LAN), then
a working connection can be tested by 'Pinging' a known
TCP/IP-Address of another computer connected to the LAN with the
command:
ping
192.168.0.254 (where
the Operating-System of the pinged computer must be running and the
TCP/IP-adress must exist)
An
output similar to the following should be shown:
PING
192.168.0.254 (192.168.0.254) from 192.168.0.1 : 56(84) bytes of
data
64 bytes from 192.168.0.254: icmp_seq=0 ttl=255 time=3.2
ms
64 bytes from 192.168.0.254: icmp_seq=1 ttl=255 time=1.4 ms
64
bytes from 192.168.0.254: icmp_seq=2 ttl=255 time=1.3 ms
64 bytes
from 192.168.0.254: icmp_seq=3 ttl=255 time=1.3 ms
64 bytes from
192.168.0.254: icmp_seq=4 ttl=255 time=1.3 ms
The
'Pinging' can be interrupted with the key-combination CTRL-C and
thereafter a statistic is shown (example):
---
192.168.0.254 ping statistics ---
5 packets transmitted, 5 packets
received, 0% packet loss
round-trip min/avg/max = 1.3/1.7/3.2 ms
|
Document |
Content |
|
Usergroups and
Users are defined; Users are attached to Usergroups. |
|
|
Directories holding subdirectories or files for different purposes (applications, data to be backed-up, data not to be backed-up) are defined. |
|
|
The access-right-matrix between Usergroups and directories is defined. |
|
|
Service-applications
(applications that are not direct accessible by an user but
inevitable for work) are (among others): |
