ServerSetupFedora22: Difference between revisions

From DrewWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
<pre>
= Immediate post install steps =
# yum install man screen wget strace rsync fail2ban mailx mutt fdupes sendmail-cf logwatch etckeeper \
# <pre>sudo yum install etckeeper fail2ban</pre>
OpenIPMI ipmitool sysstat clamav clamav-update nfs-utils iscsi-initiator-utils samba openvpn \
mod_auth_pam mod_auth_shadow php-pecl-apc phpMyAdmin \
lm_sensors hddtemp smartmontools apcupsd apcupsd-cgi
# java-1.6.0-openjdk.x86_64 nss-mdns
</pre>
 
# Install etckeeper
# Disable root login via ssh
# Disable root login via ssh
## Add TCP22/0 to IPTables
## Add TCP22/0 to IPTables
# Enable sudo
# Enable sudo
# Install fail2ban
# yum remove unneeded software
# yum remove unneeded software
# yum update
# yum update
Line 17: Line 9:
# Extend days of sysstat logging
# Extend days of sysstat logging


= Install rest of software =
<pre>
# yum install man screen wget strace rsync mailx mutt fdupes sendmail-cf logwatch \
OpenIPMI ipmitool sysstat clamav clamav-update nfs-utils iscsi-initiator-utils samba openvpn \
mod_auth_pam mod_auth_shadow php-pecl-apc phpMyAdmin \
lm_sensors hddtemp smartmontools apcupsd apcupsd-cgi
# java-1.6.0-openjdk.x86_64 nss-mdns
</pre>


= Configure system, monitoring, mail, AV, and VPN =
# Configure GRUB serial console redirection
# Configure GRUB serial console redirection
# Configure kdump for system panics
# Configure kdump for system panics
Line 36: Line 37:
# Configure OpenVPN
# Configure OpenVPN


 
= Configure RAID and filesharing =
# Mount raid array
# Mount raid array
# Configure md alerts
# Configure md alerts
Line 50: Line 51:




# Setup cron jobs
= Setup cron jobs =
## Keep anacron from waking me up at night! <pre># vi /etc/anacrontab // START_HOURS_RANGE</pre>
# Keep anacron from waking me up at night!  
 
<pre># vi /etc/anacrontab // START_HOURS_RANGE</pre>


= Configure Web Services =
# Configure MythTV / MythWeb
# Configure MythTV / MythWeb
## Add TCP443/0 to IPTables
## Add TCP443/0 to IPTables
Line 59: Line 61:
# Configure DrewWiki / WebDAV
# Configure DrewWiki / WebDAV


 
= Completing / Wrap-up =
# Verify all log files in /var/log are not giving any errors or notifications
# Verify all log files in /var/log are not giving any errors or notifications
# Check logs for whats growing! <pre># ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n</pre>
# Check logs for whats growing! <pre># ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n</pre>
# Create MondoRescue restore image
# Create MondoRescue restore image
.

Revision as of 12:34, 9 January 2013

Immediate post install steps

  1. sudo yum install etckeeper fail2ban
  2. Disable root login via ssh
    1. Add TCP22/0 to IPTables
  3. Enable sudo
  4. yum remove unneeded software
  5. yum update
  6. Enable SElinux
  7. Extend days of sysstat logging

Install rest of software

# yum install man screen wget strace rsync mailx mutt fdupes sendmail-cf logwatch \
OpenIPMI ipmitool sysstat clamav clamav-update nfs-utils iscsi-initiator-utils samba openvpn \
mod_auth_pam mod_auth_shadow php-pecl-apc phpMyAdmin \
lm_sensors hddtemp smartmontools apcupsd apcupsd-cgi 
# java-1.6.0-openjdk.x86_64 nss-mdns

Configure system, monitoring, mail, AV, and VPN

  1. Configure GRUB serial console redirection
  2. Configure kdump for system panics
  3. Configure lm-sensors, hddtemp, and SMARTmon for temperature alerts.
  4. Configure apcupsd for UPS alerts
  5. Configure Time Server for local network access
    1. Add UDP123/24 to IPTables
  6. Configure rsyslog for network clients
    1. Add UDP514/24 to IPTables
  7. Setup mail relay
    1. Remove 127.0.0.1 /etc/mail/sendmail.mc
    2. # echo drew > /root/.forward; echo "andrew: drew" >> /etc/aliases; newaliases; echo "root: drew" >> /etc/aliases; newaliases
    3. Add TCP25/0 to IPTables
  8. Configure smartd/hddtemp for disk monitoring
  9. ^ Configure thermal alerts for server
  10. Configure logwatch
  11. Setup clamav virus protection for Samba and weekly scan
  12. Configure OpenVPN

Configure RAID and filesharing

  1. Mount raid array
  2. Configure md alerts
  3. Enable NFS
    1. Add TCP2049/24 to IPTables
    2. Disable NFSv2/3 /etc/sysconfig/nfs
  4. Enable samba
    1. Add TCP139,445/24 to IPTables
    2. # chkconfig smb on; chkconfig nmb on;
  5. Enable iSCSI
    1. Add TCP3260/24
  6. ^ Configure bacula and web interface


Setup cron jobs

  1. Keep anacron from waking me up at night!
# vi /etc/anacrontab // START_HOURS_RANGE

Configure Web Services

  1. Configure MythTV / MythWeb
    1. Add TCP443/0 to IPTables
  2. Configure mod_auth_pam / mod_auth_shadow / pecl-php-apc / phpMyAdmin
  3. Configure DrewWiki / WebDAV

Completing / Wrap-up

  1. Verify all log files in /var/log are not giving any errors or notifications
  2. Check logs for whats growing! 
    # ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n
  3. Create MondoRescue restore image
Retrieved from "https://drew.invadelabs.com/index.php?title=ServerSetupFedora22&oldid=312"