神马文学网The Perfect Server - Fedora 12 x86_64 [ISPConfig 2] - Page 3 | HowtoForge - Linux Howtos and Tutorials
来源:百度文库 编辑:神马文学网 时间:2024/04/29 20:50:45
4 Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
# hostname server1.example.com added to /etc/hosts by anaconda 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.0.100 server1.example.com server1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 server1.example.com
It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.
5 Disable SELinux
SELinux is a security extension of Fedora that should provideextended security. In my opinion you don't need it to configure asecure system, and it usually causes more problems than advantages(think of it after you have done a week of trouble-shooting becausesome service wasn't working as expected, and then you find out thateverything was ok, only SELinux was causing the problem). Therefore Idisable it (this is a must if you want to install ISPConfig later on).
Edit /etc/selinux/config and set SELINUX=disabled:
vi /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Afterwards we must reboot the system:
reboot
6 Install Some Software
Next we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
');
7 Journaled Quota
(If you have chosen a different partitioningscheme than I did, you must adjust this chapter so that quota appliesto the partitions where you need it.)
To install quota, we run this command:
yum install quota
Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):
vi /etc/fstab
# # /etc/fstab # Created by anaconda on Fri Nov 20 15:18:09 2009 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_server1-lv_root / ext4 defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 1 1 UUID=1fe0122f-c969-4b2c-9b89-27a0c26115ec /boot ext4 defaults 1 2 /dev/mapper/vg_server1-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0
Then run
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
to enable quota.
8 Install A Chrooted DNS Server (BIND9)
To install a chrooted BIND9, we do this:
yum install bind-chroot
Next, we change a few permissions:
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
Then we open /etc/sysconfig/named and add the following line to tell BIND that it's running chrooted in /var/named/chroot:
vi /etc/sysconfig/named
[...] ROOTDIR="/var/named/chroot"
Then we create the system startup links for BIND:
chkconfig --levels 235 named on
We don't start BIND now because it will fail because of a missing /var/named/chroot/etc/named.conf. This will be created later on by ISPConfig (if you use ISPConfig's DNS Manager, that is).
previousnextupThe Perfect Server - Fedora 12 x86_64 [ISPConfig 2] - Page 2The Perfect Server - Fedora 12 x86_64 [ISPConfig 2] - Page 4