Redhat Installation Guide-V0.2
Transcript of Redhat Installation Guide-V0.2
-
7/31/2019 Redhat Installation Guide-V0.2
1/20
Redhat ES 3 Build Document v.0.2 06/04/04
1. Overview
The following document provides an example of how to install Redhat as standard. All
basic packages are included, they should not all necessarily be turned on by default.
2. Intallation !roce
The installation process comprises several components:
Disk artitioning Recommendations
!ardware RA"D
#ase "nstallation of Redhat
Registering server with the Red!at$etwork %www.rhn.com&
"nstalling recommended upgrades to packages
'erver (ockdown
)onitoring
#ackups
Anti*+irus 'oftware
'ecurity Audit
A
2.1. Di" !artition
#ased on the following standard disks the following is a suggested disk partitioning
Assumption: - x /0# disks basic
/dev/cciss/c0d0p6 512Mb /
/dev/cciss/c0d0p1 512Mb /boot
/dev/cciss/c0d0p7 2Gb /home
/dev/cciss/c0d0p2 5Gb /tmp
/dev/cciss/c0d0p9 4.5Gb /usr
/dev/cciss/c0d0p11 15.5Gb /var
'wap
1dev1cciss1c2d2p partition -23455- 2 *5
1dev1cciss1c2d2p6 partition 52425/ 2 *-
1dev1cciss1c2d2p7 partition -23423/ 2 *
1dev1cciss1c2d2p52 partition -23423/ 2 *8
'ub!eading!ere
-
7/31/2019 Redhat Installation Guide-V0.2
2/20
2.2. #ardware Raid
"t is recommended that a minimum of - disks are used and configured as a RA"D5 pair.
"f additional disk space is re9uired it is recommended to increase the number of disks.
2.3. BIOS $on%i&uration '#!/$O(!)*+
or ! servers, ensure #";' is set to (inux, not
-
7/31/2019 Redhat Installation Guide-V0.2
3/20
The screen will look similar to the above picture.
hoose 0RC# to be installed on )#R %default&
5.4 0RC# asswordCnnecessary, 'kip
5.7 $etwork >onfigurationou can configure the network interface. The screen will look like the picture below:
'ub!eading!ere age
-
7/31/2019 Redhat Installation Guide-V0.2
4/20
5.3 irewall >onfiguration>hoose @$o firewall and click etto continue. The server will be behind the =duserv
firewalls which will allow certain connections to the server according to the specs.
5.52 (anguage 'upport 'election>hoose =nglish C? , deselect =nglish C'A, and press etto continue.
5.55 Time Eone 'election>hoose (ondon 0reenwich
5.5- Account >onfiguration=nter the root password and confirm it, press etto continue.
5.5 ackage 0roup 'election
'ub!eading!ere age 8
-
7/31/2019 Redhat Installation Guide-V0.2
5/20
'ub!eading!ere age 6
-
7/31/2019 Redhat Installation Guide-V0.2
6/20
'ub!eading!ere age /
-
7/31/2019 Redhat Installation Guide-V0.2
7/20
'ub!eading!ere age 4
-
7/31/2019 Redhat Installation Guide-V0.2
8/20
'ub!eading!ere age 7
-
7/31/2019 Redhat Installation Guide-V0.2
9/20
5.58 "nstalling ackages
At this point the system will install the ;' packagesF it will ask for the other >Ds of the
distribution.
After this you will be asked for #oot disk creation which can be ignored. "f graphical mode
has been chosen, G configuration will follow.
D from the >D*R;) Drive and press =nter, the system will
reboot and you will get a login prompt.
2.. Re&iterin& with the Redhat etwor"
The folloi!" shos ho to re"ister #$ ith the #edhat %etor&
2.1
'ub!eading!ere age 3
-
7/31/2019 Redhat Installation Guide-V0.2
10/20
'!ce the i!stallatio! is complete a!d the s(stem is successfull( !etor&ed e ca!
re"ister it to the #$% provided that there is a #$% lice!se available.
)s root ru!*
+ rh!,re"ister -for #$ 2.1
+ up2date re"ister -for #$ 3
This ill ta&e (ou throu"h a series of id"ets that eve!tuall( ill add the
s(stem to #$%.
More specificall(*
+ up2date re"ister
0. debu" %o
1. rh!uuid 61c4eec60b3a11d27daf52a26036
2. isatt( es
3. sho)vailable8ac&a %o
4. retrieve'!l( %o
5. e!able#ollbac&s %o
6. !oerver:# http*//;mlrpc.rh!.redhat.com/?rootClocalhost?A
10. !oDootoader %o
11. server:# https*//;mlrpc.rh!.redhat.com/A
13. versio!'verride
14. ssl=)=ert /usr/share/rh!/#$%=)=#T
15. !o#eplace=o!fi" es
16. use%oEor8ac&a"e %o
17. s(stemFd8ath /etc/s(sco!fi"/rh!/s(stemid
1. e!able8ro;()uth %o
19. retrieveource %o
20. disallo=o!f=ha!"e >?!o#eboot? ?ssl=)=ert? ?use%oEor8ac&a"es? ?!oe
21. headerEetch=ou!t 10
22. !etoretries 5
23. p&"sToF!stall%ot:p >?&er!el? ?&er!elmodules?A
24. e!able8ro;( %o
25. pro;(8assord
26. update:p2date es
27. &eep)fterF!stall %o
2. pro;(:ser
29. remove&ipist >?&er!el@?A
30. useG8G es
31. "p"He(#i!" /etc/s(sco!fi"/rh!/up2date&e(ri!"."p"
32. http8ro;(
33. header=acheiIe 40
34. forceF!stall %o
35. !o#eboot %o
!ter !umber of item to edit Jretur! to e;it K to Kuit ithout savi!"L*
'ub!eading!ere age 52
-
7/31/2019 Redhat Installation Guide-V0.2
11/20
Ff e press return
our G8G &e(ri!" does !ot co!tai! the #ed $at F!c. public &e(.
ithout it (ou ill be u!able to verif( that pac&a"es :pdate )"e!t do!loads
are securel( si"!ed b( #ed $at.
our :pdate )"e!t optio!s specif( that (ou a!t to use G8G.
To i!stall the &e( ru! the folloi!" as root*
rpm import /usr/share/rh!/#8MG8GH
run
+ rpm import /usr/share/rh!/#8MG8GH
+ up2date re"ister
a!d e "et a id"et similar to the o!e belo*
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNNNNNNNNNNNNNNNNNNNO #e"ister ith #ed $at %etor& NNNNNNNNNNNNNNNNNNNNNNN
N N
N %o for the first time ever i!formatio! updates a!d services + N
N that e!ha!ce the securit( a!d reliabilit( of (our #ed $at i!u; N N
N s(stems are available to (ou i! o!e place #ed $at %etor&. N N
N =hec& out these be!efits* N N
N N N
N #ed $at i!u; i!formatio! updates a!d services specific to N N
N (our s(stems N N
N East access a!d proactive deliver( of updates -securit( errata N N
N bu" fi;es e!ha!ceme!ts N N
N The latest !es from #ed $at he! !e products a!d services N N
N are available N N
N N N
N N
N NNNNNNNN NNNNNNNNNN N
N N %e;t N N =a!cel N N
N NNNNNNNN NNNNNNNNNN N
N N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
Next
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNNNNNNNNNNNNO tep 1* #evie the #ed $at 8rivac( tateme!t NNNNNNNNNNNNNNN
N N
N e thi!& our customers u!dersta!d better tha! a!(o!e else ho #ed + N
'ub!eading!ere age 55
-
7/31/2019 Redhat Installation Guide-V0.2
12/20
N $at ca! most effectivel( serve their !eeds. Decause of this #ed N N
N $at ma&es ever( effort to allo our customers to defi!e the N N
N relatio!ship the( ill have ith us. e as& customers ho the( N N
N ould li&e #ed $at to commu!icate ith them if at all. e disclose N N
N ho e ill be usi!" our customers? i!formatio! throu"h docume!ts N N
N li&e this o!e or b( a!seri!" i!dividual Kuestio!s customers ma( N N
N as&. 'ur polic( is !ot to sell or provide to others our customers? N N
N i!formatio! ithout ma&i!" it clear that e i!te!d to do to i! this N N
N stateme!t or at the time the i!formatio! is collected. %ote that N N
N he! (ou purchase a product or service from us e ma( !eed to N N
N co!tact (ou to follo up o! the product or service. $oever our N N
N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N %e;t N N Dac& N N =a!cel N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
Next
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNNNNNNNNNO tep 2* #e"ister a :ser )ccou!t NNNNNNNNNNNNN
N N
N )re (ou alread( re"istered ith redhat.comQ N
N es* !ter (our curre!t user !ame a!d passord belo. N
N %o* =hoose a !e user a!d passord a!d e!ter it belo. N
N N
N :ser !ame* d&Ceduserv,,,,,,,,,, N
N 8assord* @@@@@@,,,,,,,,,,,,,, N
N )"ai! for verificatio!* @@@@@@,,,,,,,,,,,,,, N
N N
N mail address* rhaC!iss.ac.u&,,,,,,,,,,,,,,,,,,,,,, N
N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N %e;t N N Dac& N N =a!cel N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
'ub!eading!ere age 5-
-
7/31/2019 Redhat Installation Guide-V0.2
13/20
Next
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNNNNNNNNNO tep 3* #e"ister a (stem 8rofile $ardare NNNNNNNNNNNNN
N N
N ) 8rofile %ame is a descriptive !ame that (ou choose to ide!tif( N
N this (stem 8rofile o! the #ed $at %etor& eb pa"es. 'ptio!all( N
N i!clude a computer serial or ide!tificatio! !umber. N
N 8rofile !ame* rh!elh1,,,,,,,,,,, N
N N
N >@A F!clude the folloi!" i!formatio! about hardare a!d !etor&* N
N N
N Rersio!* 3 =8: model* F!tel-# @A F!clude #8M pac&a"es i!stalled o! this s(stem i! m( (stem 8rofile N
N N
N ou ma( deselect i!dividual pac&a"es b( u!chec&i!" them belo. N
N >@A 4uite0.11.114 + N
N >@A lectricEe!ce2.2.215 N N
N >@A G=o!f22.2.11 N N
N >@A M)HBR3.3.1 N N
N >@A '#Dit22.6.21 N N
N >@A 'm!i0.7.24 N N
N >@A 'm!ifoomatic0.7.24 N N
N >@A 8(
-
7/31/2019 Redhat Installation Guide-V0.2
14/20
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N %e;t N N Dac& N N =a!cel N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
Next
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNNNNNNNNNNNNNO e!d 8rofile F!formatio! to #ed $at %etor& NNNNNNNNNNNNNNNN
N N
N e are fi!ished collecti!" i!formatio! for the (stem 8rofile. N
N N
N 8ress S%e;tS to se!d this (stem 8rofile to #ed $at %etor&. =lic& N
N S=a!celS a!d !o i!formatio! ill be se!t. ou ca! ru! the re"istratio! N
N pro"ram later b( t(pi!" up2date re"ister at the comma!d li!e. N
N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N %e;t N N Dac& N N =a!cel N N
N NNNNNNNN NNNNNNNN NNNNNNNNNN N
N N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNO e!di!" 8rofile to #ed $at %etor& NNNN
N N
N 0U N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
'ub!eading!ere age 58
-
7/31/2019 Redhat Installation Guide-V0.2
15/20
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
#ed $at %etor& #e"istratio! -c 20002001 #ed $at F!c.
NNNNNNNNNNNNNNNNNNNNNNNNNNNO #e"istratio! Ei!ished NNNNNNNNNNNNNNNNNNNNNNNNNN
N N
N ou have successfull( re"istered this (stem 8rofile o! #ed $at %etor&. N
N N
N 8lease visit http*//.redhat.com/!etor& to lo"i! a!d access (our #ed N
N $at %etor& be!efits. N
N N
N To up"rade (our s(stem ith the latest product updates bu" fi;es a!d N
N securit( e!ha!ceme!ts ru! up2date at the comma!d li!e or choose N
N S:pdate )"e!tS from the pa!el. N
N N
N NNNNNNNNNN N
N N Ei!ish N N
N NNNNNNNNNN N
N N
N N
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
JTabL/J)ltTabL betee! eleme!ts P JpaceL selects P JE12L !e;t scree!
!o i! theor( if e co!!ect to #$% https*//rh!.redhat.com/ a!d provided that e
have e!ou"h lice!ses e should be able to see the s(stem i! the list of s(stems
that appear if e select the s(stems tab.
The s(stem ill detect the cha!!el it belo!"s to automaticall( accordi!" to the
' versio! itVs ru!!i!". e ca! add the s(stem to "roups this "roupi!" is do!e
purel( for ma&i!" the admi!istratio! easier.
2.6. )dditional $omment on R# $on%i&uration
"n R!$ as the user IeduservI place the server within three groupsJ one for each of the
'ub!eading!ere age 56
https://rhn.redhat.com/https://rhn.redhat.com/ -
7/31/2019 Redhat Installation Guide-V0.2
16/20
following
customer hardware ;'
This is re9uired not only for sensible grouping but servers need to be in groups so thatordinary R!$ users can administer them.
or R!=( , also subscribe the server to R!=( extras channel. %This is re9uired to installcertain Knon*standardK but supported packages like mys9l&.
lace information about the location of the machine in the roperties section.
2.. Intallin& recommended u,&rade to ,ac"a&e
The folloi!" comma!d should be ru! to up"rade all i!stalled pac&a"es to the
latest versio!.
as root ru!*
+up2date co!fi"
+up2date u
+up2date
-
7/31/2019 Redhat Installation Guide-V0.2
17/20
radevices
apmd
cro!d
a!acro!!tpd
;i!etd
rh!sd
sshd
irKbala!ce
snmpd
!etdumpserver 0*off 1*off 2*off 3*off 4*off 5*off 6*of
&udIu 0*off 1*off 2*off 3*o! 4*o! 5*o! 6*of
!etfs 0*off 1*off 2*off 3*off 4*off 5*off 6*of
!etor& 0*off 1*off 2*o! 3*o! 4*o! 5*o! 6*of
ra!dom 0*off 1*off 2*o! 3*o! 4*o! 5*o! 6*of
radevices 0*off 1*off 2*off 3*o! 4*o! 5*o! 6*of
pcmcia 0*off 1*off 2*off 3*off 4*off 5*off 6*of
apmd 0*off 1*off 2*o! 3*o! 4*o! 5*o! 6*of
ipchai!s 0*off 1*off 2*off 3*off 4*off 5*off 6*of
iptables 0*off 1*off 2*off 3*off 4*off 5*off 6*of
smb 0*off 1*off 2*off 3*off 4*off 5*off 6*of
cro!d 0*off 1*off 2*o! 3*o! 4*o! 5*o! 6*of
a!acro! 0*off 1*off 2*o! 3*o! 4*o! 5*o! 6*of
;i!etd 0*off 1*off 2*off 3*o! 4*o! 5*o! 6*of
portmap 0*off 1*off 2*off 3*off 4*off 5*off 6*of
rstatd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
rusersd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
autofs 0*off 1*off 2*off 3*o! 4*o! 5*o! 6*of
!fs 0*off 1*off 2*off 3*off 4*off 5*off 6*of
!fsloc& 0*off 1*off 2*off 3*off 4*off 5*off 6*of
!scd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
!etdump 0*off 1*off 2*off 3*off 4*off 5*off 6*of
ide!td 0*off 1*off 2*off 3*off 4*off 5*off 6*of
radvd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
rh!sd 0*off 1*off 2*off 3*o! 4*o! 5*o! 6*of
(pbi!d 0*off 1*off 2*off 3*off 4*off 5*off 6*of
sshd 0*off 1*off 2*o! 3*o! 4*o! 5*o! 6*of
(ppassdd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
ralld 0*off 1*off 2*off 3*off 4*off 5*off 6*of
proftpd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
(pserv 0*off 1*off 2*off 3*off 4*off 5*off 6*of
(p;frd 0*off 1*off 2*off 3*off 4*off 5*off 6*of
!tpd 0*off 1*off 2*off 3*o! 4*o! 5*o! 6*of
e;im 0*off 1*off 2*off 3*off 4*off 5*off 6*of
2..2 '+Inetd ervice
The following services should be set in G"$=TD
bpcd
v!etd
vopied
bpWavamsvc
xinetd based services:
chargen*udp: off
rexec: off
rlogin: off
rsh: off
chargen: off
daytime*udp: off
daytime: off
echo*udp: off
echo: off
'ub!eading!ere age 54
-
7/31/2019 Redhat Installation Guide-V0.2
18/20
time*udp: off
time: off
services: off
telnet: off
finger: off
ntalk: off
talk: off
bpcd: on
servers: off
vopied: on
bpSava*msvc: on
3. )dditional $on%i&uration
3.1. (onitorin&
To monitor the server the $agios lugin needs to be installed, configured and monitoring
enabled on the $agios )onitoring 'ervers.
Refer to knowledge base
3.2. Bac"u,
The $etbackup client needs to be installed
)um,tionyou have a user account and can ftp to the target server
Co# 'ervers +.8
ssh to sparerib.niss.ac.uk
cd 1usr1openv1netbackup1client1(inux1Red!at-.8
.1ftptoclient PclientQ PuserQ
A! 'ervers +8.6
ssh to chin.niss.ac.uk
cd 1usr1openv1netbackup1client1(inux1Red!at-.8
.1ftptoclient PclientQ PuserQ
"n addition the $etbackup server needs to have the client set up in order to perform
backups, refer to separate documentation.
'ub!eading!ere age 57
-
7/31/2019 Redhat Installation Guide-V0.2
19/20
3.3. )dditional Securit5
3.3.1 7Scan Intallation
RHES 2.1 and RHES3 both require Compat-stdlibc++ libraryUcat vlnx858l.tar.E tar Mxf M
.1install*uvscan
vi 1usr1local1bin1uvscan.sh
add
LV1sbin1sh
DAT=WXdate BYdYmYX
C+'>A$W1usr1local1bin1uvscan
CARA$T"$=W1usr1uvscan19uarantine
TAR0=TW1data
=G>(CD=W1usr1local1bin1excludescan
(;0W1var1log1scanresults
1usr1bin1nice *53 ZC+'>A$ *r *cm ZCARA$T"$= **exclude Z=G>(CD= *p ZTAR0=T
1opt1bin1pmail.pl virus[niss.ac.uk
export =D"T;RWvi
crontab Me
add
2 5 \ \ \ 1usr1local1bin1uvscan.sh
2 2 \ \ \ 1usr1local1uvscan1datupdate.sh
3.3.2 eu Scan
Although not covered in this document it is recommended that a $essus scan is
performed on the server once the server has been installed.
$essus scan results should then be discussed with the 'ecurity ;fficer and 'enior
'ytems Analysts as to the appropriateness of any vulnerabilities that may be identified.
$essus is installed on 9ah*nagios5 and on uob*nagios5
4. *ualit5 )urance
After the basic installation has occurred the server needs to be Aed by a peer prior to
being handed over for A testing
'ub!eading!ere age 53
mailto:[email protected]:[email protected] -
7/31/2019 Redhat Installation Guide-V0.2
20/20
. 8uture Build