文档详细内容(约151页)
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca ype Linux Native Size(Megs):1000 Type:mux Natv Add Type:Lnu Natlv Add root our /chroot directory Add Mount Point:/ca Type Linux Native Size(Megs):200 Type:Linux Naiv Add gsfs0SappanonleaveteMaurmPoeanh &nm%elnerSwop Add pe:Linux Native Ok Add Mount Point:/ou/directory. Size (Megs):316 Linux Native st see something like the following information on your screen.Our mount point will look Mount Point Device Requested Actual Type 11
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 11 Size (Megs): 5 Partition Type: Linux Native Ok Add Mount Point: /usr fl our /usr directory. Size (Megs): 1000 Partition Type: Linux Native Ok Add Mount Point: /home fl our /home directory. Size (Megs): 500 Partition Type: Linux Native Ok Add Mount Point: /chroot fl our /chroot directory. Size (Megs): 400 Partition Type: Linux Native Ok Add Mount Point: /cache fl our /cache directory. Size (Megs): 400 Partition Type: Linux Native Ok Add Mount Point: /var fl our /var directory. Size (Megs): 200 Partition Type: Linux Native Ok Add Mount Point: fl our /Swap partition (leave the Mount Point Blank). Size (Megs): 150 Partition Type: Linux Swap Ok Add Mount Point: /tmp fl our /tmp directory. Size (Megs): 100 Partition Type: Linux Native Ok Add Mount Point: / fl our / directory. Size (Megs): 316 Partition Type: Linux Native Ok You must see something like the following information on your screen. Our mount point will look like that: Mount Point Device Requested Actual Type
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca teol 5M Linux Native 1000M 1000M Linuy Native Linux Native M 20 Linux Native ap> Sda10 inux /tmp 8d12 315M Linux Native Drive Fren(M) g Us and press Next.This formats the paritions and makes them active so On the next screen you will see the LILO Configuration where you have the choice to install LILO boot record on Master Boot Record(MBR) allyifs the m a ootp3ou password and aut nticati eaigaioguimghe For Au thentic select:1)Enable MD5 passv rds and 2) IV)Components to Install After your partitio selected for formating.you are ready to select useful services ver most of these services are unneeded and You first have to choose w components you want to install.Choos e the components en you ct o ual pa oericeourystem cpu:less me interface is usually used on After selecting the components you wish to install.you may select or deselect packages have Copyright19 Open Netvork Architecture 2
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 12 /boot /usr /home /chroot /cache /var <Swap> /tmp / Sda1 Sda5 Sda6 Sda7 Sda8 Sda9 Sda10 Sda11 Sda12 5M 1000M 500M 400M 400M 200M 150M 100M 316M 5M 1000M 500M 400M 400M 200M 150M 100M 315M Linux Native Linux Native Linux Native Linux Native Linux Native Linux Native Linux Swap Linux Native Linux Native Drive Geom [C/H/S] Total (M) Free (M) Used (M) Used (%) sda [3079/64/32] 3079M 1M 3078M 99% Now that you are partitioning and choosing the mount point of your directories, select “Next” to continue. After your partitions are created, the installation program will ask you to choose partitions to format. Choose the partitions you want to initialize, check the (Check for bad blocks during format) box, and press “Next”. This formats the partitions and makes them active so Linux can use them. On the next screen you will see the LILO Configuration where you have the choice to install LILO boot record on: Master Boot Record (MBR) Or First Sector of Boot Partition Usually if Linux is the only OS on your machine you must choose “Master Boot Record (MBR)”. After you need to configure your LAN and clock. After you finish configuring the clock, you need to give your system a root password and authentication configuration. NOTE: For Authentication Configuration don’t forget to select: 1) Enable MD5 passwords and 2) Enable Shadow passwords. Enable NIS doesn’t need to be selected since we are not configuring a NIS service on this server. IV) Components to Install After your partitions have been configured and selected for formatting, you are ready to select packages for installation. By default, Linux is a powerful operating system that executes many useful services. However, most of these services are unneeded and pose a potential security risk. You first have to choose which system components you want to install. Choose the components, and then you can go through and select or deselect each individual package of each component by selecting (Select individual packages) option. Since we are configuring a Linux Server, we don’t need to install a graphical interface (XFree86) on our system (graphical interface on a server mean; less process; less cpu; less memory; security risks and so on). Graphical interface is usually used on workstation only. Select the following packages for installation. Networked Workstation Network Management Workstation Utilities After selecting the components you wish to install, you may select or deselect packages. Note: select the (Select individual packages) options (very important) before continuing to have the possibility to select and deselect packages
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Individual Packages Selection The installation program presents a list of the package groups available.select a group to examine Component listed bellow must be unselected from the Menu Group for security:optimization and other reason described bellow. Applications/File: Applications/: finger.fp.fwhois,ncftp.rsh.rsync.talk,telnet Appications/System watch.pind-tils.nfsd-clientsrdate.rdist.scren.ucd- Saeme2aionnenvBase snmp-utils ath.ipchains.vptools System Environment/Daemons: XFree86-xfs,knfsd,Ipr.portmap.routed,rusers.rwho,tftp SgeemefcexmentLubraies rw-font wan to uninstall s ed If those programs are not installed on your new server.he will be compelled to use those f9egrRoalteyycemieen6heygaRnibtsxCiemyeognname,homedrecioy vides the standa d UNIX command-line FTP client.FTP is the fil The fwhois program allows you or your system's users for querying whois databases.[Security risks] The ntalk packag provides client and dae ams for the Internet talk protocol.which allows you to Telnet is a popular protocol for logging into remote systems over the Intemet.[Security risks] Ghostscript is a setof software that provides a PostScript(TM)interpreter.a set ofCprocedures (the es in the PostScript language)and an interpreter h8s8etes8a8genSgst'tacegg1edrendeimgTmeyarenadiontothe 13 Copyright 199 Open Netvork Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 13 Individual Packages Selection The installation program presents a list of the package groups available, select a group to examine. Component listed bellow must be unselected from the Menu Group for security; optimization and other reason described bellow. Applications/File: git Applications/Internet: finger, ftp, fwhois, ncftp, rsh, rsync, talk, telnet Applications/Publishing: ghostscript, ghostscript-fonts, mpage, rhs-printfilters Applications/System: arpwatch, bind-utils, knfsd-clients, rdate, rdist, screen, ucdsnmp-utils Documentation indexhtml System Environment/Base: chkfontpath, ipchains, yptools System Environment/Daemons: XFree86-xfs, knfsd, lpr, portmap, routed, rusers, rwho, tftp, ucd-snmp, ypbind System Environment/Libraries: XFree86-libs, libpng User Interface/X: XFree86-75dpi-fonts, urw-fonts Before we explain each description of programs we wan to uninstall, someone can ask why I need to uninstall finger, ftp, fwhois and telnet on the server? First of all we know that those programs by their nature are insecure. Now imagine that cracker have acceded your new server, he can use finger, ftp, fwhois and telnet programs to query or access other node on your network. If those programs are not installed on your new server, he will be compelled to use those programs from the outside or try to install program on your server in which case you can trace it with toll like Tripwire. Finger is a utility, which allows users to see information about system users (login name, home directory, name, how long they've been logged in to the system, etc.). [Security risks] The ftp package provides the standard UNIX command-line FTP client. FTP is the file transfer protocol, which is a widely used Internet protocol for transferring files and for archiving files. [Security risks] The fwhois program allows you or your system's users for querying whois databases. [Security risks] Ncftp is an improved FTP client. Ncftp's improvements include support for command line editing, command histories, recursive gets, automatic anonymous logins and more. [Security risks, unnecessary] The rsh package contains a set of programs, which allow users to run commands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). [Security risks] The ntalk package provides client and daemon programs for the Internet talk protocol, which allows you to chat with other users on different systems. [Security risks] Telnet is a popular protocol for logging into remote systems over the Internet. [Security risks] Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. [Unnecessary] These fonts can be used by the GhostScript interpreter during text rendering. They are in addition to the shared fonts between GhostScript and X11. [Unnecessary]
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca The mpage utility takes plain text files or PostScript(TM)documents as input.reduces the size of the text G6ieg6nasapmiewhseredpasomeachshetopapeUneasayand fpoart8e38SyananoctBs8rmteonhehR8ganymeantobeusedwhtheRe Texinfo is a documentation system that can produce both online information and printed output from a single source file.[Unnecessary] IbgibeCg6eecaiygmetomanohermachneonyournewokusngheprooca tnes3ap3etayvaiousuiesrusewhtheUco.swPnetwokmanagemeproe contains the HTML p [Unnecessary,not a firewall server] ome directones,group i icnines on a ovides a much higher level of performance eAoappchapm8gegteo88nGSNF8andosegypooeoske computer,so that it knows where packets need to be sent nnecessary,Securityrisks] a user machine.[Security risks,Unnecessary] SmSaeosgantsen2Sneooco0saproocolusediornetwotmanagemenheneethe This is a font se rver for XFree86.You ca s to of herX se syste I be able to us computer.[Unnecessary] Copyright 199Open Network Architecture
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 14 The mpage utility takes plain text files or PostScript(TM) documents as input, reduces the size of the text, and prints the files on a PostScript printer with several pages on each sheet of paper. [Unnecessary and not printer installed on the server] The rhs-printfilters package contains a set of print filters, which are primarily meant to be used with the Red Hat printtool. [Unnecessary and not printer installed on the server] Texinfo is a documentation system that can produce both online information and printed output from a single source file. [Unnecessary] Bind-utils contains a collection of utilities for querying DNS (Domain Name Service) name servers to find out information about Internet hosts. [We will compile it later on this documentation]. The rdate utility retrieves the date and time from another machine on your network, using the protocol described in RFC 868. [Security risks] The rdist program maintains identical copies of files on multiple hosts. If possible, rdist will preserve the owner, group, mode and mtime of files and it can update programs that are executing. [Security risks] The ucd-snmp package contains various utilities for use with the UCD-SNMP network management project. [Unnecessary, Security risks] The indexhtml package contains the HTML page and graphics for a welcome page shown by your Web browser, which you'll see after you've successfully installed Red Hat Linux. [Unnecessary] Chkfontpath is a simple terminal mode program for adding, removing and listing the directories contained in the X font server's path. [Unnecessary] Linux IP Firewalling Chains is an update to (and hopefully an improvement upon) the normal Linux Firewalling codes, for 2.0 and 2.1 kernels. It let’s you do things like firewalls, IP masquerading, etc. [Unnecessary, not a firewall server] The Network Information Service (NIS) is a system, which provides network information (login names, passwords, home directories, group information) to all of the machines on a network. [Security risks] The knfsd is the *new* kernel NFS server and related tools. It provides a much higher level of performance than the traditional Linux user-land NFS server. [Security risks] The lpr package provides the basic system utility for managing printing services. [Unnecessary and not printer installed on the server] The portmapper program is a security tool which prevents theft of NIS (YP), NFS and other sensitive information via the portmapper. A portmapper manages RPC connections, which are used by protocols like NFS and NIS. [Unnecessary, Security risks] The routed routing daemon handles incoming RIP traffic and broadcasts outgoing RIP traffic about network traffic routes, in order to maintain current routing tables. These routing tables are essential for a networked computer, so that it knows where packets need to be sent. [Unnecessary, Security risks] The rwho command displays output similar to the output of the who command (it shows who is logged in) for all machines on the local network running the rwho daemon. [Security risks] The Trivial File Transfer Protocol (TFTP) is normally used only for booting diskless workstations. The tftp package provides the user interface for TFTP, which allows users to transfer files to and from a remote machine. [Security risks, Unnecessary] SNMP (Simple Network Management Protocol) is a protocol used for network management (hence the name). [Unnecessary, Security risks] This is a font server for XFree86. You can serve fonts to other X servers remotely with this package, and the remote system will be able to use all fonts installed on the font server, even if they are not installed on the remote computer. [Unnecessary]
Comments and suggestions conceming this page should be mailed to gmourani@videotron.ca Xg6epereiepgokgehndeaiebgtmeXepeaeeeopeOneenshamegbgnes e needed to ons on a n2 Free version s of the 35 standard PostScript fonts.With newer releases of ghostscript quality versions of the standard 35Type 1PostScript fonts are shipped.[Unnecessary] XFree86-75dpi-fonts contain the 75 dpi fonts used on most X Window Systems.[Unnecessary] At this point.the installation program will format every partition you selected for formatting.This can take several minuts the spee ed of your machine.Once all partitions have been ormatte How to use RPM Commands This section contains an overview of principal modes using with RPM for installing.uninstalling. upgrading and querying RPM packages on your Linux system. command: RPM packages have file names like foo-1.0-2.i386.rpm,which includes the package name(foo), version(1.0),release(2),and architecture (i386). eep#rpm-e age.use the command: Notice that we used the package name Too".not the name of the original package file"foo-1.0- 2.i386.rpm RPM automatically uninstall the old version of foo package and install the new one.Always use- Uvh to install pac ckages,since it works fine even when there are no previous versions of the package installec use the command: VI)Starting and stopping daemon services Init is the program that gets run by the kemnel at boot time.it is in charge of starti g all the normal processes that need to run at boot time.These include the APACHE daemons,NETWORK daemons.and anything else you want to run when your machine boots. 15
Comments and suggestions concerning this page should be mailed to gmourani@videotron.ca © Copyright 1999 Open Network Architecture ® 15 XFree86-libs contain the shared libraries that most X programs need to run properly. These shared libraries are in a separate package in order to reduce the disk space needed to run X applications on a machine without an X server (i.e, over a network). [Unnecessary] Free versions of the 35 standard PostScript fonts. With newer releases of ghostscript quality versions of the standard 35 Type 1 PostScript fonts are shipped. [Unnecessary] XFree86-75dpi-fonts contain the 75 dpi fonts used on most X Window Systems. [Unnecessary] At this point, the installation program will format every partition you selected for formatting. This can take several minutes depending of the speed of your machine. Once all partitions have been formatted, the installation program starts to install packages. V) How to use RPM Commands This section contains an overview of principal modes using with RPM for installing, uninstalling, upgrading and querying RPM packages on your Linux system. To install a RPM package, use the command: [root@deep]# rpm -ivh foo-1.0-2.i386.rpm RPM packages have file names like foo-1.0-2.i386.rpm, which includes the package name (foo), version (1.0), release (2), and architecture (i386). To uninstall a RPM package, use the command: [root@deep]# rpm -e foo Notice that we used the package name “foo”, not the name of the original package file “foo-1.0- 2.i386.rpm”. To upgrade a RPM package, use the command: [root@deep]# rpm -Uvh foo-1.0-2.i386.rpm RPM automatically uninstall the old version of foo package and install the new one. Always use – Uvh to install packages, since it works fine even when there are no previous versions of the package installed. To query a RPM package, use the command: [root@deep]# rpm -q foo This command will print the package name, version, and release number of installed package foo. Use this command to verify if package are or are not installed on your system. VI) Starting and stopping daemon services Init is the program that gets run by the kernel at boot time. It is in charge of starting all the normal processes that need to run at boot time. These include the APACHE daemons, NETWORK daemons, and anything else you want to run when your machine boots
