Linux Setup Checksheet by Rudy Magyar 2/18/0 What we'll do: 1. Shut down unwanted and perhaps deletorious services. 2. Restrict access. 3. Set remote shell login. 4. Restrict logins. 5. Find and get security patches. 6. Convert normal passwords to shadow passwords. O.K. Let's go. A quick note on syntax; means press the enter key. means leave the editor and save the file on the way out. Reboot machine. At "lilo: ", hit TAB key. Type: linux single We just hacked into the machine. At "bash #", write: passwd , and change the password. Now type: mkdir rpm; cd rpm Search for security patches or SRPMS. Do this by connecting to http:\\redhat.com.download.mirror.html pick a random .edu site to get patches from. FTP to that site, and try to look in pub and Redhat 6.1 directories for SRPMS. Make sure you have the latest patches. Then download the whole directory of patches. If there is trouble with ftp, you might want to "traceroute". This command will tell you the route by which information flows from the origin to you. Type: rpm -Fvh * to install patches. Good you finished loading the patches. Now, on to other things. Type: cd .. ;cd etc pico host.deny You can use the editor of your choice. I prefer pico. Add to host.deny the line: ALL:ALL pico host.allow Add: ALL:cool_collegue@good-uni.edu ALL:chestnut.rutgers.edu ALL:128.6.28. These are just examples of allowable syntax. Basically, you add people, machines, and sets of IP numbers you like here. pico inetd.conf Remark insalubrious commands, i.e. finger, telnet, etc. Example: #Finger Restart the "inet" process. You could wait to and just reboot to restart all these processes, but that might get some one quite perturbed. cd rc.d; cd init.d; ./inet restart cd to etc. cd ..; cd .. pico issue Delete all the text. Write some clever message. This message will appear when hapless souls log in. pico issuenet Delete all the text. Write another clever message. cd rc.d; pico rc.local Find the part of this file that says: "This part will overwrite issue and issuenet upon login..." Comment out this part using #'s. killall -HUP inetd cd ..; cd etc; pico syslog.conf This file tells linux where to dump erros. Lines will be of the form: * some error Some name of a machine Redirect messages for certain emergencies to certain machines of choice. .syslog restart Now, we'll work on services. cd rc.d Note: rc.d files are boot stuff. rc3.d is relevant to text mode, and rc5.d is relevant to graphical mode. I presume you are in graphical mode. pico rc5.d Get rid of send mail, S45PCMCIA by commenting out those lines. Check what's running by using: px -aux | more To check system logs: cd /var/log; tail server more dmesg -> This is what is outputted at reboot time. Now, go to GUI. Click on Linux ->Config->New users group: users cd etc more passwd To convert to shadow passwords: pwconv Don't forget to restart the deamon. /etc/rc.d/init.d/inet restart You can graphically install RPMS using GnuRPM, but this is a bit awkward. 3/31/0 I learned some new things. To find files use: locate my_file.file This takes up less system resources, but can only be done if the database is regularly updated using updatedb I think updating the database can only be done by root so whoever is root be sure to set up a script to do this. Telnet is unsafe; therefore, we will use secure shell. ssh christopher_robin -l rudy When it prompts me, I type my password. Then, I'm logged in to christopher_robin. Now, back to installing rpms as root. cd /rpms We want to go on the web, ftp somewhere, and do whatever is necessary to install useful rpms. Try www.redhat.com. Click on download. At the RPM search page, enter the rpm you want. For example, let's say you want enscript. Type enscript (enter). You won't find it, but rather will be redirected to another search engine. Type what you want again and check the box for search on linux sites. Now, you should find lots of nice sites with the desired enscript rpm. If you want suse stuff, ftp.suse.com is a good place to look. Once you down load the rpms and put them in the rpms directory, you can install them by typing rpm -Uvh * Where the star is the name of the desired rpm. Another random aside: When transfering or ftping large files it helps to tar them. tar -zcvf my_archive.tz fileA fileB fileC Makes a tar. z zip, c create, v verbose, f force. To look at a tar. tar - ztvf * To untar: tar -zxvf my_archive.tz Next, I will append the email Heiko and I sent about newly installed packages. We have installed the following useful packages: acroread - reader for PDF files secure shell - secure (preferred) remote login Here's an example of how to use this: > ssh kanga -l dft This will log you onto kanga and handle all the xhost-setenv business. > scp my_local.file dft@kanga:my_remote.file This copies "my_local.file" to the dft account on kanga, and it gives the file the new name "my_remote.file". This is much like ftp. > scp dft@kanga:my_remote.file . This puts "my_remote.file" on kanga to the current local directory. gnuplot - plotting program xmgr - another plotting program xfig - graphics tool xgraph - yet another graphing program enscript - utility which converts txt files to nice postscript formats. >enscript -2GfCourier7 text.txt -opostscript.ps This converts text.txt to postscript using a two column format with Courier7 font. Notice that there is no space between "o" and "postscript.ps" xosview - CPU and system workload monitor