(Generic) Linux Setup

 Go Back
Braindump Index
Braindump Home
Post-install Linux setup:
  • Time NTP Sync
  • Sendmail
    1. Edit /etc/rc.d/init.d/sendmail
      Set daemon /usr/sbin/sendmail -bd -q1h to be daemon /usr/sbin/sendmail -q1h (Set sendmail to process queued messages, but not to listen to port 25 SMTP)
    2. Create a symlink so the sendmail daemon is started automatically
      cd /etc/rc.d/rc3.d
      ln -s ../init.d/sendmail S80sendmail
      Start sendmail: ./S80sendmail start
    3. or Edit /etc/rc.d/init.d/sendmail
      Set DAEMON=no
  • shutdown beep
    1. Make linux beep as its rebooting or shutting down (very usefull when you're running your server without a monitor!) Modify your /etc/rc.d/init.d/halt file:

      # Now halt or reboot.
      echo -en "\a" > /dev/tty0
      sleep 2
      echo "$message"
      [ -f /fastboot ] && echo "On the next boot fsck will be skipped."
      echo -en "\a" > /dev/tty0
      eval $command -i -d

  • Disable Screen-blanking
    1. Add the following to your /etc/rc.d/rc.local file: 
      echo "Disable Screen Blanking"
setterm -blank 0
  • LogRotate
    1. Uncomment #compress in /etc/logrotate.conf
    2. Add a section to the end of /etc/logrotate.conf for any other logs that should be rotated 
      /var/log/named {
    postrotate
        /usr/bin/killall -HUP syslogd
    endscript
}
  • inittab
    1. Add --noclear to the mingetty line in /etc/inittab 
      # Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty --noclear vc/1
  • Install CURL
    1. Download from curl.sourceforge.net
    2. ./configure && make && make install
  • Re-enable Ctl-Alt-Del
    1. Edit /etc/inittab
    2. Uncomment the line that starts with 
      ca::ctrlaltdel:/sbin/shutdown -t3 -r now
    3. Restart init 
      kill -HUP 1
  • Forward all server (root) mail to your admin account
    1. echo "sysadmin@MrZesty.net" > /root/.forward
  • Install softdog (if not using heartbeat)
    1. http://www.ibiblio.org/pub/Linux/system/daemons/watchdog/
    2. Add to /etc/rc.d/rc.local 
      echo "Starting softdog timer"
/sbin/softdog
  • Kernel Panic Reboot
    1. Inside /etc/rc.d/rc.local 
      echo "Enabling Kernel Panic reboot"
echo "20" > /proc/sys/kernel/panic
  • Update zlib to > 1.1.3 and OpenSSL to > 0.9.6d.
  • Reiserfs:
    • If you're using reiserfs (and no ext2 partions) you may want to touch /fastboot and remove any references to rm /fastboot from the startup scripts.
  • Tripwire:
    • Assuming tripwire is installed already as a package 
      /usr/sbin/twadmin --generate-keys -L /etc/tripwire/$HOSTNAME-local.key
/usr/sbin/twadmin --generate-keys -S /etc/tripwire/site.key
/usr/sbin/twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
    • Create the /etc/tripwire/twpol.txt file [cp /usr/share/doc/packages/tripwire/twpol.txt /etc/tripwire/twpol.txt], then: 
      /usr/sbin/twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt
/usr/sbin/tripwire --init
    • Fix any problems reported, then import your new (revised) policy 
      /usr/sbin/tripwire -m p -Z low /etc/tripwire/twpol.txt
    • Generate a report, then update the database 
      /usr/sbin/tripwire --check
/usr/sbin/tripwire --update -r /var/lib/tripwire/report/$HOSTNAME-YYYYMMDD-HHMMSS.twr
    • Schedule report in cron 
      1 1 * * 1,3,5 /usr/sbin/tripwire -m c 2>/dev/null | mail -s "`hostname -f`: Tripwire Report" root
  • SHMFS
    1. /etc/fstab
      shmfs	/dev/shm	shm	defaults	0 0


Last modified: Wednesday, December 31 1969 @ 19:00 EST
Google
WWW braindump.MrZesty.net
© Ian Samuel, 2010
http://braindump.MrZesty.net