Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Webalizer 13 FAQ-O-Mati wire P0e8gestalonsnciosasunm 13 tion Tr 138 1 C8nigrationcrthe/eictwncontge hese installation instructions assume 18 141 Netware T 经 14 14 inux FTP Serve These installation instructions assume 145 How the FTP Ser 145 e erve 1 /etc/ttph Tools Securing FTP 4414 Linux Secure Optimized Server New version of this document error rep send E-mail please make sure that the return address is comrect and working.I get a lot of Email and figuring out your e-mail address can be a lot of work If you want to translate this documentation please notify me so I can keep track of what languages I have been published in. Network Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 6 Webalizer......................................................................................................................................................................133 Packages ......................................................................................................................................................................133 FAQ-O-Matic ................................................................................................................................................................133 Packages ......................................................................................................................................................................134 Webmail IMP................................................................................................................................................................135 Packages ......................................................................................................................................................................135 Linux Tripwire ..............................................................................................................................................................136 Overview.......................................................................................................................................................................136 These installation instructions assume....................................................................................................................136 Packages ......................................................................................................................................................................136 Tarballs .........................................................................................................................................................................136 Compilation Tripwire-1.3.1-1.....................................................................................................................................136 Compile and Optimize ................................................................................................................................................136 Configurations ..............................................................................................................................................................138 Configuration of the /etc/tw.config file......................................................................................................................138 Configuration of the /etc/tripwire.verify script..........................................................................................................139 Commands ...................................................................................................................................................................139 Installed files ................................................................................................................................................................140 Linux GnuPG................................................................................................................................................................140 Overview.......................................................................................................................................................................140 These installation instructions assume....................................................................................................................140 Packages ......................................................................................................................................................................140 Tarballs .........................................................................................................................................................................140 Compilation ..................................................................................................................................................................141 Compile and Optimize ................................................................................................................................................141 Commands ...................................................................................................................................................................141 Installed files ................................................................................................................................................................142 Linux IPX Netware ™ .................................................................................................................................................142 Overview.......................................................................................................................................................................142 These installation instructions assume....................................................................................................................143 Build a kernel with IPX support and NCP protocol................................................................................................143 Trying to set up an IPX only network interface with no TCP/IP...........................................................................143 Ncpfs User Commands ..............................................................................................................................................144 Linux FTP Server.........................................................................................................................................................144 Overview.......................................................................................................................................................................144 These installation instructions assume....................................................................................................................145 Packages:.....................................................................................................................................................................145 How the FTP Server Works .......................................................................................................................................145 Configuring the FTP Server.......................................................................................................................................145 The /etc/ftpaccess file.................................................................................................................................................146 The /etc/ftphosts file....................................................................................................................................................149 FTP Administrative Tools ...........................................................................................................................................149 Securing FTP...............................................................................................................................................................149 Linux Secure & Optimized Server New version of this document New version of this document will be periodically posted to http://pages.infinit.net/lotus1/doc/opti/Linuxsos.pdf. All comments, error reports, additional information, criticism and money of all sorts should be directed to gmourani@videotron.ca. If you send E-mail please make sure that the return address is correct and working, I get a lot of E-mail and figuring out your e-mail address can be a lot of work. If you want to translate this documentation please notify me so I can keep track of what languages I have been published in
Comments and suggestions concemning this page should be mailed to gmourani@videotron.ca nent is copyrighted1999 Gerhard Mourani and distributed under the following terms Linuxsos.pdf documents may be edistibuitonisaoedanee8n8ohgecPYoae such distributions. All translations derivative work or ag Linuxsos pdf docur a Linuxsos.pat and rani BECAUSE THE GUIDE IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE GUIDE TO THE BLE LAWV.EX ART ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION FOR NG OUT OF PGP Public N PGE Key for ard Mouran inux) ://www.gnupg.org 603-D40 4y4 1A cl2jt8qt5RB7DXz/r/uG+3YHU+ID4iz KnbIG2U+t5QmxS PaC2+7 0F 1GD9 lhGBBg P10 gbd zQAniStW48nFU6CWkvQTy8frol 295n0 7 Netvork Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 7 Copyright Information This document is copyrighted © 1999 Gerhard Mourani and distributed under the following terms: Linuxsos.pdf documents may be reproduced and distributed in whole or in part, in any medium physical or electronic, as long as this copyright notice is retained on all copies. Commercial redistribution is allowed and encouraged; however the authors would like to be notified of any such distributions. All translations, derivative work, or aggregate works incorporating any Linuxsos.pdf documents must be covered under this copyright notice. That is, you may not produce a derivative work from a Linuxsos.pdf and impose additional restrictions on its distribution. Exceptions to these rules may be granted under certain conditions. If you have questions, please contact Gerhard Mourani at gmourani@netscape.net BECAUSE THE GUIDE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE GUIDE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE GUIDE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE OF THE GUIDE IS WITH YOU. SHOULD THE GUIDE PROVE FAULTY, INACCURATE, OR OTHERWISE UNACCEPTABLE YOU ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MIRROR AND/OR REDISTRIBUTE THE GUIDE AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE GUIDE, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. PGP Public Key for Gerhard Mourani -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDgU8UcRBADiuIKn95nz0qsvjU1GzBxv0AOxJHVTNhFBl6lt+3DzDA0G7UTu hOhT0aGwVGts3bzjXVbhS44CTfAvvuVYQq7Ic/BHkwIhFvSu/Xv/fGbD3IQy+Gn5 UYzhZegCGwB0KQhGkIwQPus2ONOS5oT3ChZ8L7JlCPBnlOcVBT+hZ3BXUwCg4y4L Mz5aEe0MPCZ3xkcNE7AE71EEAL4Jf2uVhIRgOfwIpdB1rKVKrDDFxZLx+yZeOZmq gdwa4m7wV+Rk+c4I1+qBxxkmcUBhTHigx+9kpBDE2J0aEGQezDN+RoqlmdyVFO98 T/znf4ZLIf0upu5aP4kAItJJuFB1AaJyDLesB5xGjfyWz+RhbKOmeqr2zHniOsa8 HcZ/BACKZFBjNElqFUf0niWf822W6IbNf7ASh8pwTgR9PmXcq2qtBBq8uCIpEYcD wzk+ccl2jt8qt5RB7DXz/r/uG+3YHU+ID4iz6Qm6zl84gYQLDXST2YXZ5BPURo7H O4nEIJfeHEuUCstE5ROKnblG2U+t5QmxSGbETnK9I/OZrzFwILRDR2VyaGFyZCBN b3VyYW5pIChPcGVuIE5ldHdvcmsgQXJjaGl0ZWN0dXJlKSA8Z21vdXJhbmlAdmlk ZW90cm9uLmNhPohVBBMRAgAVBQI4FPFHAwsKAwMVAwIDFgIBAheAAAoJEDPaC2+7 tLqbGcYAnjHIPAsZrRC5qU5OrqdPvvEmICUWAKCdeyWwJ785A58U8Vh1bpxzCVVb PbkCDQQ4FPI0EAgAy7qa88bVYWIEyAWxJPZRxl8G2GcxgshSu4+5udeP+4PlVAm8 3DUynzlcax4/ikx8Q8MoVR7s6lCLJXCycLENE8xFCJJQ26IxzBjdftGdmvKteVkZ Kld9PZMzjUsxKzmhZbGEWug6xaav68EIewTw/S0TFtPhXyUKFrYPV6aID7YGatzB P4hQJfh4Wt3NdP9QznASBze6bPZxR07iEZaUO0AMHeeBKwL6rptEcGuxHPMYc00R s+SdGTOAa9E/REIiiEike9mXTKKWJYG2e7leDP3SBruM/c7n+DC9ptFAapg1GD9f Re7LLFqj6EQzZqybPB61B9rB/8ShIrApcNYF4wADBQgAvROi9N0/J5kYvBVb60no xBUBYtZp4cJO9X1uVdVahCb9XZpbvxhKujaUoWpPCIb0pm8K+J8x0o9HFl9f/JTs 25N/eJwksr63+j8OdCHqxv4z+qQYgc/qvU42ekHlSfMc7vsiAIE1e1liuTBdN9KR 7oSBoaht+dKi16ffxXmMDvQs1YSBR114XXDSzI+xXRuaIISpi75NE6suLLlrksnL +i/NcLRbCTEv4p1UJGYT4OVnX6quC3CC+U4Drpjf2ohawsXqS7jKUYduZRr9Hbar /sE0pQ/P0uf+VAspQJgpvBqiDxbIRCDSx8VgDoRL7iayxPDXtFmbPOrUEPdS7qYX pIhGBBgRAgAGBQI4FPI0AAoJEDPaC2+7tLqbdzQAniStW48nFU6CWkvQTy8fr0lu ZXmXAKC5bgSLgg1gZAvx61Z20yzM+hwNFQ== =95nO
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca ---END PGP PUBLIC KEY BLOCK--- Overview epian9omoaner8aashtep2eaepeeaoentgnem This doo nent is tailored as a steh nent instead of a detailed h debugging asp oects since rojecrs (LDP) nt is intended speak ofsary optim ation and configu ation options,we wil e a source ution (tar.gz)program the most e us a fast ade h and a customization on our specific machines that often we can't have with RPM.We've used many freely available sources to w nte this documenta only fair to give the work ba ck to the These installation ins Installa-ROM nceandtecoiReRHatarco-RoM should under s yo ep-by-step.thougn installation process. Know your Hardware! Understanding the hardware is essential for a successful installation of RedHat Linux.Therefore asarhe188angoeto v and familiarize yourself with your hardware.Be prepared to How many hard drives do you have an ddrive.which is the primary one? A How much RAM do you have? Do you have a ho made itand what modeis How ny buttons do you hav youhave mouse what M? 10.t of your vide How much video RAM do you have? of 11.Will you be connecting to anetwork?fso.what will be the following: our b。 Your gateway address? Q Your domain name server's IP address? Your hostname? g.Your types of network(s)card(s)(make and model)? Copyright19 Open Netvork Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 8 -----END PGP PUBLIC KEY BLOCK----- Overview This document is tailored as a step-by-step, example driven document instead of a detailed explanation document on each Linux feature. It doesn't go into much debugging aspects since the Linux Documentation Project's (LDP) HOWTOs already cover this. This document is intended for a technical audience! It’s discuss how to install a RedHat Linux Server with all the necessary security and optimization for a high performance Linux specific machine. Since we speak of optimization and configuration options, we will use a source distribution (tar.gz) program the most possible especially for critical server software like Apache, Bind, Samba, Squid, Openssl etc. Source program will give us a fast upgrade when necessary and a customization, optimization for our specific machines that often we can’t have with RPM. We’ve used many freely available sources to write this documentation, it seems only fair to give the work back to the Linux community. It is focused on the Intel x86 hardware, so if you are looking for PPC, ARM, SPARC, APX, etc., features; you probably won't find what you are looking for. Minimal installation for this Server require that you recompile the kernel and install DNS Server, other programs are specific according to your needs. These installation instructions assume You have a CD-ROM drive and the Official Red Hat Linux CD-ROM. Installations were tested on the Official RedHat Linux 6.1. You should understand the hardware system on which the operating system will be installed. After examining the hardware, the rest of this document guides you, step-by-step, though the installation process. Know your Hardware! Understanding the hardware is essential for a successful installation of RedHat Linux. Therefore, you should take a moment now and familiarize yourself with your hardware. Be prepared to answer the following questions: 1. How many hard drives do you have? 2. What size is each hard drive (3.2GB)? 3. If you have more than one hard drive, which is the primary one? 4. How much RAM do you have? 5. Do you have a SCSI adapter? If so, who made it and what model is it? 6. What type of mouse do you have? 7. How many buttons? 8. If you have a serial mouse, what COM port is it connected to? 9. What is the make and model of your video card? How much video RAM do you have? 10. What kind of monitor do you have (make and model)? 11. Will you be connecting to a network? If so, what will be the following: a. Your IP address? b. Your netmask? c. Your gateway address? d. Your domain name server’s IP address? e. Your domain name? f. Your hostname? g. Your types of network(s) card(s) (make and model)?
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Creating the Boot Disk and Booting ake the boot disk inse the Official Red Hat linux 6 1 CD-ROM Part 1 in computer.When the program asks for the filename.you enter boomg for the boot disk.To o use these commandsO awrite.exe sou Enter ce file name:boot.img te drive:a Insert a floppy into drive A. we start the installatio directly off the CD-ROM,you have to boot with the boot disk.Insert th disk you create into the drive Aon the comuter were you wntonstaLinux reboot the computer.At the boot:prompt,press 'Enter to continue booting. Choose your language Choose your ke Select your mouse type 0 Installation Class and Method RedHat Linux 6.1 includes defines four different classes,or type of installation.They are: 86 These classes(GNOME Workstation,KDE Workstation,and Server)give you the option of simplifying the installation proce ess (with a lot lo of configuration flexibility that we don't want to have). or this reason w isr that resides o the bo the fewero Select Custom"and click Next. Disk Setup Warning 8ea82eiemmea3peratsenhtyoumakeabaekapofouraunenysembeoe your Netvork Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 9 I) Creating the Boot Disk and Booting Before you make the boot disk, insert the Official Red Hat Linux 6.1 CD-ROM Part 1 in your computer. When the program asks for the filename, you enter boot.img for the boot disk. To make the floppies under MS-DOS, you need to use these commands (assuming your CD-ROM is drive D: and contain the Official Red Hat Linux 6.1 CD-ROM). Open the Command Prompt under Windows: Start | Programs | Command Prompt Type d: Type cd \images Type \dosutils\rawrite.exe D:\images>\dosutils\rawrite.exe Enter disk image source file name: boot.img Enter target diskette drive: a -rawrite.exe asks for the filename of the disk image. Enter boot.img. Insert a floppy into drive A. It will then ask for a disk to write to. Enter a:. Label the disk Red Hat boot disk. Since we start the installation directly off the CD-ROM, you have to boot with the boot disk. Insert the boot disk you create into the drive A on the computer where you wan to install Linux and reboot the computer. At the boot: prompt, press “Enter” to continue booting. Choose your language Choose your keyboard type Select “Local CD-ROM” Select your mouse type II) Installation Class and Method RedHat Linux 6.1 includes defines four different classes, or type of installation. They are: GNOME Workstation KDE Workstation Server Custom These classes (GNOME Workstation, KDE Workstation, and Server) give you the option of simplifying the installation process (with a lot loss of configuration flexibility that we don’t want to have). For this reason we highly recommend “Custom”, as this allows you to choose what services are added and how the system is partitioned. The idea is to load the minimum packages, while maintaining maximum efficiency. The less software that resides on the box, the fewer potential security exploits or holes. Select “Custom” and click Next. III) Disk Setup Warning We highly recommend, therefore, that you make a backup of your current system before proceeding with the disk partitioning. For performance, stability and security reason you must do something like the following partition listed bellow on your system. We suppose for this partition configuration the fact that you wan to setup a Web server with a Proxy Server on your Server Machine. We will make two special
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca root"partitic rams.The"cache"partition is for our Squid Proxy server.If you are not intended to install Squid Proxy server you ion't need to create the cache"partition but mprov t yo 0 the mfor the same reason like home for users and us by default.In our partition guration we ll reser MB of dis sk space for chroot ea progra Apache,DNS and related to Ap e will pe installed in this partition.Take a note that the size of the Aache chrooted c chrooted partition is proportional to the size of yours thing like 10 MB for DNS server that you aays need. to add new riginal state.Whe adding a new partition,a new window appear on your screen and give you parameters to choose.Different parameters are: Mount Point:for where you wan to mount you new partition Size (Megs):for the size of y our nev partition in me abyte Partition Type:Linux native for Linux fs and Swap for Linux Swap Partition f you have a scSI disk the device will be /dev/sda and if you have an IDE disk it will be dev/hda.If you looking for high performance and stability.a SCSI disk is highly recommended scheme that is mo flexible operating systems.Here is a summary: The Next Letter-This letter indicates which device the partition is on.For example./dev/hda (the first IDE hard disk)and/dev/hdb(the second IDE disk). Keep this informatio n in mind,it will make things easier to understand when you're setting up the partitions Linux requires. as 16 partition iss The minimum s e of your swap partition sho uld be equa l to yo han tha mor than one swap ter poro r,so the ound per revolution. Now or ake the rtitions listed bellow o Network Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 10 partitions (chroot and cache), “chroot” partition is for DNS server chrooted, Apache server chrooted and other chrooted future programs. The “cache” partition is for our Squid Proxy server. If you are not intended to install Squid Proxy server you don’t need to create the “cache” partition but remember that Squid + Apache will improve a lot your machine performance and security. Other partitions are “/var”, by isolating the “/var” partition, you protect your root partition from overfilling. “/tmp” for the same reason like “/var”, “/home” for users and “/usr” by default. In our partition configuration we’ll reserve 400 MB of disk space for chrooted programs like Apache, DNS and other. This is necessary because Apache DocumentRoot files and other binaries, programs related to Apache will be installed in this partition. Take a note that the size of the Apache chrooted directory on the chrooted partition is proportional to the size of your DocumentRoot files. If you’re not intended to install and use Apache on your server, you can reduce the size of this partition to something like 10 MB for DNS server that you always need. Disk Druid Partitions is a program that partition your hard drive for you. Choose “Add” to add new partition, “Edit” to edit partition, “Delete” to delete partition and “Reset” to reset partition to the original state. When adding a new partition, a new window appear on your screen and give you parameters to choose. Different parameters are: Mount Point: for where you wan to mount you new partition. Size (Megs): for the size of your new partition in megabyte. Partition Type: Linux native for Linux fs and Swap for Linux Swap Partition. If you have a SCSI disk the device will be /dev/sda and if you have an IDE disk it will be /dev/hda. If you looking for high performance and stability, a SCSI disk is highly recommended. Linux refers to disk partitions using a combination of letters and numbers. It’s uses a naming scheme that is more flexible and conveys more information than the approach used by other operating systems. Here is a summary: First Two Letters – The first two letters of the partition name indicate the type of device on which the partition resides. You’ll normally see either hd (for IDE disks), or sd (for SCSI disks). The Next Letter – This letter indicates which device the partition is on. For example, /dev/hda (the first IDE hard disk) and /dev/hdb (the second IDE disk). Keep this information in mind, it will make things easier to understand when you’re setting up the partitions Linux requires. A swap partition – Swap partition are used to support virtual memory. If your computer has 16 MB of RAM or less, you must create a swap partition. Even if you have more memory, a swap partition is still recommended. The minimum size of your swap partition should be equal to your computer’s RAM or 16 MB (whichever is larger). The largest useable swap partition is roughly 1 GB, (since 2.2 kernel, 1 GB swap file are supported) so making a swap partition larger than that will result in wasted space. Note, however, that you can create and use more than one swap partition (although this is usually only necessary for very large server installations). Try to put your swap partitions near the beginning of your drive. The beginning of the drive is physically located on the outer portion of the cylinder, so the read/write head can cover much more ground per revolution. Now for example: To make the partitions listed bellow on your system (this is the partition we’ll need for our server installation); the command will be under Disk Druid: Add Mount Point: /boot fl our /boot directory