|
Softpanorama
(slightly skeptical)
Open Source Software Educational Society |
May the
source be with you,
but remember the KISS principle ;-)
|
Reboot the system and perform post-install configuration
Open Yast2 and make the following configuration changes:
- ___ In Security and Users tab select Local Security
and modify default local security policies
- min passwd length=8,
- 5 Sec delay
- 5 retries in case of wrong password
- Alt-Ctrl-Del ignore
- Allow Remote Graphical,
- Set UID select limits 100-999999, for GID
limits 100-999999
- File Permission (leave easy)
- In User management select expert option
- Change default users so that they were not members of dialout group
- Prepare for sudo: In group management chose system group and add yourself to
wheel group.
- ___ Configure NTP
- ____ Go to Network Services tab. click on expert option
and add
two or more servers. For example:
- “server ntp1.YourCompany-corp.com”
- "server ntp2.YourCompany-corp.com"
Notes:
- two NTP servers always should be specified.
- Delete undisciplined local clock entry
- ___ Verify if telnet is installed.
- change /etc/xinetd.d/telnet
to disable=no
- ____ Verify if pure-ftpd is
installed.
Note: if you have a lot of Red Hat servers you can install
vsftpd FTP daemon instead
for consistency...
- ____ Configure /etc/pure-ftpd/pure-ftpd.conf
file
- ____ Disallow anonymous access by copying the file from already
configured server (pure-ftp is rather tricky to configure)
- ____ Edit file /etc/xinetd.d/pure-ftpd.conf
and enable ftpd (disable=no)
- ___ Important: turn on ftpd daemon in
xinetd services (chkcfg.sh
) or via Yast2.
- ___ Modify
/etc/hosts
- verify and remove 127.0.0.2 <hostname…> entry (it should be
absent in SP2 )
- ___ remove if necessary all references in
/etc/hosts for
IPv6 addresses unless you plan to use
IPv6
- add loghost entry for SYSLOG collection, for example:
- 10.201.13.253 nti253
loghost
- ___ Modify /etc/services
adding those that you need (for example SecurID)
-
___ Verify that you can access internet using FireFox.
Set proxy.
- ___ Verify NIC
speed
- ___ Set the second NIC to fixed speed to backup segment,
if this architecture is used.
- Test with sftp the actual
speed of transfer to another host in the same datacenter
- Notes
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- ___ Install additional utilities from Suse 10 DVD
- Install telnet_server
package
- Install mc RPM package
(from SUSE 10 DVD 1)
- Install unrar
- gvim might be useful
- wdiff is useful
- I would recommend expect,
your mileage may vary
- sgrep might be
useful too
- ___ Update/update Shells
- Suse 10 SP 2 ships with bash 3.1. You are better off upgrading
it to bash 3.2 which is less buggy and have new and important functionality.
- ___ Install ksh93 RPM package
(to be used as standard Korn shell for users that prefer ksh)
- ___ Modify crontab adding standard
corporate scripts, if necessary
- Notes
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- Configure SSH for applications, if necessary (SSH is enabled out
of the box in Suse)
- Disable SSH 1 protocol in
/etc/ssh/ssh_config
- You may wish to restrict IP range for SSHD daemon
- ___ Verify is xinetd is running and if necessary enable it (you can
do it from Yast/Network services or console). From console:
service --status-all
Checking for service
xinetd: unused
chkconfig xinetd on
- Enable telnet and pure-ftpd, if nessesary
- Via Yast
- To so network services/Network Services (xinetd)
- Enable in that table telnet and pure-ftpd (or vftpd)
- Via console
- Enable telnet, if necessary
- check if RPM is installed and install it if necessary
- chkconfig telnetd on
- Test telnet ot localhost and
some external server. It ahould work
Edit xinetd configuration for
pure-ftpd daemon
(it is run via Xnetd, not directly):
/etc/xinetd.d/pure-ftpd
and change
disable = yes
to
disable = no
- Note Please note that there can
be multiple disable statements in the file. Please delete all redundant
entries and leave the first.
- Edit configuration file
/etc/pure-ftpd/pure-ftpd.conf
- Notes
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
Note: The best way is to use Red Hat style of primary group assignments:
each user has GID identical to UID and all enrollment into groups is done
in /etc/group
- ___ Install standard accounts via script
- Note: Use bash as the
default shell for all human users
- ___ Group staff should contain
software application owners who use the servers and periodically are
grated root for maintainance).
- ___ Group operators should contain
operators
- ___ Enroll yourself into the group
wheel.
- ___ Edit /etc/sudoers
to make group wheel root equivalent.
- ___ Create application specific users and directories
- ___ Enable NSF Create NFS mounts, if necessary
- Notes
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- Notes
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
- __________________________________________________________________________________
Copyright © 1996-2009 by Dr. Nikolai Bezroukov.
www.softpanorama.org was
created as a service to the UN Sustainable Development Networking Programme (SDNP)
in the author free time.
Submit
comments This document is an industrial compilation designed and created
exclusively for educational use and is placed under the copyright of the
Open Content License(OPL).
Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made
for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
- The statements, views and opinions presented on
this web page are those of the author and are not endorsed by, nor do they necessarily
reflect, the opinions of the author present and former employers, SDNP or any other
organization the author may be associated with.
- We do not warrant the correctness of the information provided or its
fitness for any purpose
- In no way this site is associated with or endorse cybersquatters
using
the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with
bad faith intent to profit from the goodwill belonging to
someone else.
Last modified:
August 21, 2009
