ServerSetupFedora22: Difference between revisions

From DrewWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 18: Line 18:
# Configure GRUB serial console redirection
# Configure GRUB serial console redirection
# Configure kdump for system panics
# Configure kdump for system panics
## Append kernel grub.conf crashkernel=128M for F14
## /etc/sysctl.conf :: kernel.sysrq =1
# Configure apcupsd for UPS alerts
# Configure apcupsd for UPS alerts
# Configure Time Server for local network access
# Configure Time Server for local network access
## Add UDP 123 to IPTables
## Add UDP123/24 to IPTables
# Configure syslog for network client writes
# Configure rsyslog for network clients
## Add UDP 514 to IPTables<br><br>
## Add UDP514/24 to IPTables<br><br>


# Mount raid array
# Mount raid array
# Configure md alerts
# Configure md alerts
# Enable NFS
# Enable NFS
##Add TCP 2049 to IPTables
##Add TCP2049/24 to IPTables
##Disable NFSv2/3 /etc/sysconfig/nfs
##Disable NFSv2/3 /etc/sysconfig/nfs
## $ service rpcbind start ; chkconfig rpcbind on
## $ service nfslock start ; chkconfig nfslock on
## $ service nfs start ;  chkconfig nfs on
# Enable samba
# Enable samba
## Add TCP port 139/445 to IPTables
## Add TCP139,445/24 to IPTables
## # chkconfig smb on; chkconfig nmb on;
## # chkconfig smb on; chkconfig nmb on;
# Enable iSCSI
# Enable iSCSI
## Add TCP port 3260
## Add TCP3260/24
# ^ Configure bacula and web interface<br><br>
# ^ Configure bacula and web interface<br><br>
# Setup mail relay
# Setup mail relay
Line 45: Line 40:
## echo "root: drew" >> /etc/aliases; newaliases
## echo "root: drew" >> /etc/aliases; newaliases
## Remove 127.0.0.1 /etc/mail/sendmail.mc
## Remove 127.0.0.1 /etc/mail/sendmail.mc
## Add TCP port 25 to IPTables
## Add TCP25/0 to IPTables
# Configure smartd to monitor hard drives
# Configure smartd/hddtemp for disk monitoring
# ^ Configure thermal alerts for server
# ^ Configure thermal alerts for server
# Configure logwatch
# Configure logwatch
Line 52: Line 47:


# Setup cron jobs
# Setup cron jobs
## Keep anacron from waking me up at night! # vi /etc/anacrontab // START_HOURS_RANGE<br><br>
## Keep anacron from waking me up at night! <pre># vi /etc/anacrontab // START_HOURS_RANGE</pre>
# ^ Configure Snort passive IDS
 
# ^ Transparent Proxy with Squid for bandwidth utilization tally<br><br>
# Upload firmware for tv tuner card
# Setup mythtv
# Setup mythtv
# Configure MythWeb
# Configure MythWeb
# Force http to https redirection
# Force http to https redirection
## Add TCP port 443 to IPTables
## Add TCP443/0 to IPTables
# Configure MediaWiki
# Configure mod_auth_pam / mod_auth_shadow / pecl-php-apc / phpMyAdmin
# Configure webdav for tomboy notes / foxit marks
# Configure DrewaWiki / WebDAV
# Configure mod_auth_pam for httpd authentication<br><br>
 


# ^ Verify all log files in /var/log are not giving any errors or notifications
# ^ Verify all log files in /var/log are not giving any errors or notifications
# ^ Check logs for whats growing!
# ^ Check logs for whats growing!
:* ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n
:* ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n

Revision as of 23:54, 1 August 2011

# yum install man screen wget rsync fail2ban mailx fdupes sendmail-cf strace \
logwatch etckeeper OpenIPMI ipmitool sysstat mutt clamav clamav-update nfs-utils \
lm_sensors hddtemp apcupsd apcupsd-cgi smartmontools \
mod_auth_pam mod_auth_shadow php-pecl-apc
# java-1.6.0-openjdk.x86_64 nss-mdns
  1. Install etckeeper
  2. Disable root login via ssh
  3. Enable sudo
  4. Install fail2ban
  5. yum remove unneeded software
  6. yum update
  7. Enable SElinux
  8. Extend days of sysstat logging

  1. Configure GRUB serial console redirection
  2. Configure kdump for system panics
  3. Configure apcupsd for UPS alerts
  4. Configure Time Server for local network access
    1. Add UDP123/24 to IPTables
  5. Configure rsyslog for network clients
    1. Add UDP514/24 to IPTables

  1. Mount raid array
  2. Configure md alerts
  3. Enable NFS
    1. Add TCP2049/24 to IPTables
    2. Disable NFSv2/3 /etc/sysconfig/nfs
  4. Enable samba
    1. Add TCP139,445/24 to IPTables
    2. # chkconfig smb on; chkconfig nmb on;
  5. Enable iSCSI
    1. Add TCP3260/24
  6. ^ Configure bacula and web interface

  7. Setup mail relay
    1. $ echo drew > /root/.forward
    2. echo "andrew: drew" >> /etc/aliases; newaliases
    3. echo "root: drew" >> /etc/aliases; newaliases
    4. Remove 127.0.0.1 /etc/mail/sendmail.mc
    5. Add TCP25/0 to IPTables
  8. Configure smartd/hddtemp for disk monitoring
  9. ^ Configure thermal alerts for server
  10. Configure logwatch
  11. Setup clamav virus protection for Samba and weekly scan

  1. Setup cron jobs
    1. Keep anacron from waking me up at night! 
      # vi /etc/anacrontab // START_HOURS_RANGE
  1. Setup mythtv
  2. Configure MythWeb
  3. Force http to https redirection
    1. Add TCP443/0 to IPTables
  4. Configure mod_auth_pam / mod_auth_shadow / pecl-php-apc / phpMyAdmin
  5. Configure DrewaWiki / WebDAV


  1. ^ Verify all log files in /var/log are not giving any errors or notifications
  2. ^ Check logs for whats growing!
  • ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n
Retrieved from "https://drew.invadelabs.com/index.php?title=ServerSetupFedora22&oldid=221"