ServerSetupFedora22: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
<pre> | <pre> | ||
# yum install man screen wget strace rsync mailx fdupes logwatch grep lsof screen binutils tar mcelog nfs-utils \ | # yum install man screen wget strace rsync mailx fdupes logwatch grep lsof screen binutils tar mcelog nfs-utils \ | ||
OpenIPMI ipmitool sysstat clamav clamav-update | OpenIPMI ipmitool sysstat clamav clamav-update iscsi-initiator-utils samba openvpn lldpad ntp \ | ||
php-pecl-apc lm_sensors hddtemp smartmontools apcupsd apcupsd-cgi | php-pecl-apc lm_sensors hddtemp smartmontools apcupsd apcupsd-cgi | ||
</pre> | </pre> | ||
| Line 19: | Line 19: | ||
# Configure GRUB serial console redirection | # Configure GRUB serial console redirection | ||
# Configure kdump for system panics | # Configure kdump for system panics | ||
# Configure lm-sensors, hddtemp, lldpad, mcelog, and SMARTmon for temperature alerts. | # Configure lm-sensors, smartd/hddtemp+thermal alerts, lldpad, mcelog, and SMARTmon for temperature alerts. | ||
### | |||
<pre> DEVICESCAN -H -m root -M exec /usr/libexec/smartmontools/smartdnotify -n standby,10,q | |||
/dev/sda -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat | |||
/dev/sdb -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat | |||
/dev/sdc -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat | |||
/dev/sdd -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat | |||
/dev/sde -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,47 -d sat | |||
</pre> | |||
# Configure apcupsd for UPS alerts | # Configure apcupsd for UPS alerts | ||
# Configure Time Server for local network access | # Configure Time Server for local network access | ||
| Line 29: | Line 37: | ||
## <pre># echo drew > /root/.forward; echo "andrew: drew" >> /etc/aliases; newaliases; echo "root: drew" >> /etc/aliases; newaliases</pre> | ## <pre># echo drew > /root/.forward; echo "andrew: drew" >> /etc/aliases; newaliases; echo "root: drew" >> /etc/aliases; newaliases</pre> | ||
## Add TCP25/0 to IPTables | ## Add TCP25/0 to IPTables | ||
# Configure logwatch | # Configure logwatch | ||
# Setup clamav virus protection for Samba and weekly scan | # Setup clamav virus protection for Samba and weekly scan | ||
| Line 38: | Line 44: | ||
# Mount raid array | # Mount raid array | ||
# Configure md alerts | # Configure md alerts | ||
# Enable samba | # Enable samba | ||
## Add TCP139,445/24 to IPTables | ## Add TCP139,445/24 to IPTables | ||
## <pre># | ## <pre># systemctl enable smb; systemctl start smb</pre> | ||
### | |||
<pre> | |||
[global] | |||
workgroup = WORKGROUP | |||
server string = drewserv | |||
security = user | |||
passdb backend = tdbsam | |||
log file = /var/log/samba/log.%m | |||
max log size = 50 | |||
load printers = no | |||
show add printer wizard = no | |||
printcap name = /dev/null | |||
disable spoolss = yes | |||
[share] | |||
path = /mnt/raid5 | |||
valid users = drew pbr | |||
read only = No | |||
create mode = 0665 | |||
directory mode = 0775 | |||
</pre> | |||
# Enable iSCSI | # Enable iSCSI | ||
## Add TCP3260/24 | ## Add TCP3260/24 | ||
| Line 53: | Line 76: | ||
= Configure Web Services = | = Configure Web Services = | ||
# ddclient for dynamicdns updates | |||
# Configure MythTV / MythWeb / minidlna | # Configure MythTV / MythWeb / minidlna | ||
## Add TCP443/0 to IPTables | ## Add TCP443/0 to IPTables for bla, TCP1900/0 TCP8200/0, TCP 34531 for minidlna | ||
### | |||
<pre> | |||
port=8200 | |||
media_dir=/mnt/raid5/media | |||
db_dir=/var/cache/minidlna | |||
log_dir=/var/log/minidlna | |||
album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg/AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg/Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg | |||
inotify=yes | |||
enable_tivo=no | |||
strict_dlna=no | |||
notify_interval=900 | |||
serial=12345678 | |||
model_number=1 | |||
root_container=B | |||
</pre> | |||
# Configure pecl-php-apc / DrewWiki / WebDAV | # Configure pecl-php-apc / DrewWiki / WebDAV | ||
Revision as of 20:55, 29 May 2013
Immediate post install steps
sudo yum install etckeeper fail2ban
- Disable root login via ssh
- Add TCP22/0 to IPTables
- Enable sudo
- yum remove unneeded software
- yum update
- Enable SElinux
- Extend days of sysstat logging
Install rest of software
# yum install man screen wget strace rsync mailx fdupes logwatch grep lsof screen binutils tar mcelog nfs-utils \ OpenIPMI ipmitool sysstat clamav clamav-update iscsi-initiator-utils samba openvpn lldpad ntp \ php-pecl-apc lm_sensors hddtemp smartmontools apcupsd apcupsd-cgi
Configure system, monitoring, mail, AV, and VPN
- Configure GRUB serial console redirection
- Configure kdump for system panics
- Configure lm-sensors, smartd/hddtemp+thermal alerts, lldpad, mcelog, and SMARTmon for temperature alerts.
DEVICESCAN -H -m root -M exec /usr/libexec/smartmontools/smartdnotify -n standby,10,q /dev/sda -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat /dev/sdb -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat /dev/sdc -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat /dev/sdd -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,45 -d sat /dev/sde -H -m root -M daily -M exec /home/drew/cron/smartmon.sh -M daily -f -l error -o on -S on -s (S/../.././02|L/../../6/03) -W 0,0,47 -d sat
- Configure apcupsd for UPS alerts
- Configure Time Server for local network access
- Add UDP123/24 to IPTables
- Configure rsyslog for network clients
- Add UDP514/24 to IPTables
- Setup mail relay
- Remove 127.0.0.1 /etc/mail/sendmail.mc
# echo drew > /root/.forward; echo "andrew: drew" >> /etc/aliases; newaliases; echo "root: drew" >> /etc/aliases; newaliases
- Add TCP25/0 to IPTables
- Configure logwatch
- Setup clamav virus protection for Samba and weekly scan
- Configure OpenVPN
Configure RAID and filesharing
- Mount raid array
- Configure md alerts
- Enable samba
- Add TCP139,445/24 to IPTables
# systemctl enable smb; systemctl start smb
[global]
workgroup = WORKGROUP
server string = drewserv
security = user
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
[share]
path = /mnt/raid5
valid users = drew pbr
read only = No
create mode = 0665
directory mode = 0775
- Enable iSCSI
- Add TCP3260/24
- ^ Configure bacula and web interface
Setup cron jobs
- Keep anacron from waking me up at night!
# vi /etc/anacrontab // START_HOURS_RANGE
Configure Web Services
- ddclient for dynamicdns updates
- Configure MythTV / MythWeb / minidlna
- Add TCP443/0 to IPTables for bla, TCP1900/0 TCP8200/0, TCP 34531 for minidlna
- Add TCP443/0 to IPTables for bla, TCP1900/0 TCP8200/0, TCP 34531 for minidlna
port=8200 media_dir=/mnt/raid5/media db_dir=/var/cache/minidlna log_dir=/var/log/minidlna album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg/AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg/Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg inotify=yes enable_tivo=no strict_dlna=no notify_interval=900 serial=12345678 model_number=1 root_container=B
- Configure pecl-php-apc / DrewWiki / WebDAV
Completing / Wrap-up
- Verify all log files in /var/log are not giving any errors or notifications
- Check logs for whats growing!
# ls -alR /var/log | grep ^- | awk {'print $5" "$8'} | sort -k 2| sort -n - Create MondoRescue restore image