「Linux home server」の編集履歴(バックアップ)一覧はこちら
「Linux home server」(2005/07/10 (日) 03:01:52) の最新版変更点
追加された行は緑色になります。
削除された行は赤色になります。
#contents
How-To build Linux home server
The page is the record to build my home server. Basically the server is based on Redhat Linux 9.
Think about the folowing things.
http://www.linux.or.jp/JF/JFdocs/Security-Quickstart-Redhat-HOWTO/
Update to the Linux kernel 2.6
http://homepage1.nifty.com/mcn/linux/topic1.5/kernel_rebuild.2.6.htm
*Hard Ware
** UPS
-http://en.tldp.org/HOWTO/UPS-HOWTO/
** Hard Ware RAID-1 (Mirroring) [HotSwap?] (Spare Disk?)
-http://www.accusys.com.tw/
-http://www.infortrend.com/
-http://www.raidon.com.tw/
-http://www.promise.com/
-http://www.maxtronic.com.tw/
-http://www.hans.or.jp/MALL/able/parts/raid-1.html
-I have Iwill SIDE Pro66 that uses HighPoint HPT366.http://www.highpoint-tech.com/370drivers_down.htm
**NIC
-802.11b 802.11g Wireless LAN (PLANEX GW-DS54G http://www.planex.co.jp/product/bwave/gwds54g.shtml) (PLANEX GW-DS54G http://www.planex.net/product/bwave/gwds54g.shtml)
--Linux Driver for the 802.11g Prism GT / Prism Duette / Prism Indigo Chipsets http://prism54.org
--A Linux Wireless Access Point HOWTO http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html
--Wireless LAN resources for Linux http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html
-100M Ethernet 1 <----Global
**5 Inch Front Bay
-2 for RAID-1
-(Do not need CD-ROM drive. We can do FTP based install.)
*Soft Ware
** Firewall (Filtering)
** IP Masquerade
edit /etc/sysctl.conf
** sshd
** DNS
-bind
-djbdns http://cr.yp.to/djbdns.html
** SMBd(Samba)
** HTTPD(APATCH)
** MTA
-qmail http://www.qmail.org/
** NTPD(xntp)
http://www.ntp.org/index.html
** Serial connection setup
** VPN
** postgreSQL
** NFSD
** Dynamic DNS(ddclient)
** Proxy(Squid)
** syslogd, klogd
** Line Printer Daemon(printcap, filter)
** FTPd(wu-ftp)
*Concern
**Wireless LAN Security
-Allied telesis http://www.allied-telesis.co.jp/products/list/wireless/knowl.html#sec
-Data Encription
--WEP: Wireless tools for Linux supports http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html
--WPA: http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/hostap/wpa_supplicant/
--Access Control: prism54 driver support MAC Address filtering
**多くのサイトがinetd を tcpserver で置き換えつつあります。以下にいくつかの理由をあげます:
-inetd は高負荷では信頼性が低下します。 1分間に「多過ぎる」接続要求を受けとると、10分間サービスを中断します。
-inetd の資源管理は有効ではありません。よく使われるサービスを動かしていると、いとも簡単に メモリを使い切る でしょう。
-inetd では活動が集中的に起きると、トラブルとなります。その listen() バックログ は通常 5 か 10 であり、大きくすることはできません。
*Execution Note
**Install RedHat Linux 9 by FTP
-Create bootdisk and driver disk and get FTP information.
-Install RedHat Linux 9, choose modules. Set high secure mode.
----
-Create new users (add sudoer list)
# adduser hideo
# password hideo
#TYPE password
# cp /etc/sudoers{,.20040410}
# visudo
----
Use new sudoed users to make configuration
-Settinup /etc/XF86Config
sudo cp /etc/XF86Config{,.20040410}
sudo vi /etc/XF86Config
-Change keyboard setting
sudo cp /lib/kbd/keymaps/i386/qwerty/{us.map.gz,us_swap_ctrl_capsLock.map.gz}
gunzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map.gz
sudo vi /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
#Swap 28 and 59
sudo gzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
sudo cp /etc/sysconfig/keyboard{,.20040410}
sudo vi /etc/sysconfig/keyboard
#use new key map us_swap_ctrl_capsLock
-Drop run level 3 services
/etc/rc.d/rc3.d/S05kudzu -> ../init.d/kudzu
/etc/rc.d/rc3.d/S08iptables -> ../init.d/iptables
DELETE /etc/rc.d/rc3.d/S09isdn -> ../init.d/isdn
/etc/rc.d/rc3.d/S10network -> ../init.d/network
/etc/rc.d/rc3.d/S12syslog -> ../init.d/syslog
DELETE /etc/rc.d/rc3.d/S13portmap -> ../init.d/portmap
DELETE /etc/rc.d/rc3.d/S14nfslock -> ../init.d/nfslock
/etc/rc.d/rc3.d/S17keytable -> ../init.d/keytable
/etc/rc.d/rc3.d/S20random -> ../init.d/random
DELETE /etc/rc.d/rc3.d/S24pcmcia -> ../init.d/pcmcia
DELETE /etc/rc.d/rc3.d/S25netfs -> ../init.d/netfs
/etc/rc.d/rc3.d/S26apmd -> ../init.d/apmd
DELETE /etc/rc.d/rc3.d/S28autofs -> ../init.d/autofs
/etc/rc.d/rc3.d/S55sshd -> ../init.d/sshd
/etc/rc.d/rc3.d/S56rawdevices -> ../init.d/rawdevices
DELETE /etc/rc.d/rc3.d/S56xinetd -> ../init.d/xinetd
DELETE /etc/rc.d/rc3.d/S80sendmail -> ../init.d/sendmail
/etc/rc.d/rc3.d/S85gpm -> ../init.d/gpm
/etc/rc.d/rc3.d/S90canna -> ../init.d/canna
/etc/rc.d/rc3.d/S90crond -> ../init.d/crond
DELETE /etc/rc.d/rc3.d/S90cups -> ../init.d/cups
/etc/rc.d/rc3.d/S90FreeWnn -> ../init.d/FreeWnn
/etc/rc.d/rc3.d/S90xfs -> ../init.d/xfs
/etc/rc.d/rc3.d/S95anacron -> ../init.d/anacron
/etc/rc.d/rc3.d/S95atd -> ../init.d/atd
/etc/rc.d/rc3.d/S97rhnsd -> ../init.d/rhnsd
/etc/rc.d/rc3.d/S99local -> ../rc.local
sudo rm /etc/rc.d/rc3.d/S13portmap
sudo rm /etc/rc.d/rc3.d/S14nfslock
sudo rm /etc/rc.d/rc3.d/S24pcmcia
sudo rm /etc/rc.d/rc3.d/S25netfs
sudo rm /etc/rc.d/rc3.d/S28autofs
sudo rm /etc/rc.d/rc3.d/S56
sudo rm /etc/rc.d/rc3.d/S56xinetd
sudo rm /etc/rc.d/rc3.d/S80sendmail
sudo rm /etc/rc.d/rc3.d/S90cups
----
mkdir usr
mkdir usr/TARBALL
mkdir usr/src
mkdir usr/lib
mkdir usr/bin
mv ncftp-3.1.7-src.tar.gz ./usr/TARBALL/
----
-down load prism54 and patch on the latest Kernel
-compile new kernel
make mrproper
make menuconfig (follow the prism54 README)
(if you comple the libraries, that you need to boot)
make dep
make clean
make bzImage
make modules
sudo make modules_install
sudo cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.25
sudo cp System.map /boot/System.map-2.4.25
mkinitrd /boot/initrd-2.4.25.img 2.4.25
vi /etc/grub.conf <=== Add new entry for new kernel
----
-Wired Networking Setup
sudo mv /etc/sysctl.conf{,.20040413}
sudo vi /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 (DHCP)
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1 (STATIC)
sudo cp /etc/sysconfig/iptables{,.20040413}
sudo vi /etc/sysconfig/iptables
----
-Wireless Networking Setup
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth2 (STATIC)
sudo vi /etc/rc.d/local (ifup eth2)
NOTE: eth2 is BOOT=NO
The eth2 is up in S99local. I do not know exactreason why but ON_BOOT does not work.
It sesms like hotplug does notwork because it fails upload firm waire accrding to the error message.
sudo cp ./WLANDCB.arm /usr/lib/hotplug/firmware/isl3890
wget http://prism54.org/~hvr/firmware.agent
sudo cp ./firmware.agent /etc/hotplug/
sudo chmod 755 /etc/hotplug/firmware.agent
ifup eth2
iwconfig eth2 essid "????"
iwconfig eth2 made Master
iwconfig eth2 off
-Compile wireless tools
sudo mv iwgetid{,.20040421}
sudo mv iwspy{,.20040421}
sudo mv iwevent{,.20040421}
sudo mv iwpriv{,.20040421}
sudo mv iwlist{,.20040421}
sudo mv iwconfig{,.20040421}
sudo cp ~hideo/usr/src/wireless_tools.26/iwgetid .
sudo cp ~hideo/usr/src/wireless_tools.26/iwevent .
sudo cp ~hideo/usr/src/wireless_tools.26/iwpriv .
sudo cp ~hideo/usr/src/wireless_tools.26/iwlist .
sudo cp ~hideo/usr/src/wireless_tools.26/iwconfig .
How-To build Linux home server
The page is the record to build my home server. Basically the server is based on Redhat Linux 9.
#contents
Think about the folowing things.
http://www.linux.or.jp/JF/JFdocs/Security-Quickstart-Redhat-HOWTO/
Update to the Linux kernel 2.6
http://homepage1.nifty.com/mcn/linux/topic1.5/kernel_rebuild.2.6.htm
*Hard Ware
** UPS
-http://en.tldp.org/HOWTO/UPS-HOWTO/
** Hard Ware RAID-1 (Mirroring) [HotSwap?] (Spare Disk?)
-http://www.accusys.com.tw/
-http://www.infortrend.com/
-http://www.raidon.com.tw/
-http://www.promise.com/
-http://www.maxtronic.com.tw/
-http://www.hans.or.jp/MALL/able/parts/raid-1.html
-I have Iwill SIDE Pro66 that uses HighPoint HPT366.http://www.highpoint-tech.com/370drivers_down.htm
**NIC
-802.11b 802.11g Wireless LAN (PLANEX GW-DS54G http://www.planex.co.jp/product/bwave/gwds54g.shtml) (PLANEX GW-DS54G http://www.planex.net/product/bwave/gwds54g.shtml)
--Linux Driver for the 802.11g Prism GT / Prism Duette / Prism Indigo Chipsets http://prism54.org
--A Linux Wireless Access Point HOWTO http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html
--Wireless LAN resources for Linux http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html
-100M Ethernet 1 <----Global
**5 Inch Front Bay
-2 for RAID-1
-(Do not need CD-ROM drive. We can do FTP based install.)
*Soft Ware
** Firewall (Filtering)
** IP Masquerade
edit /etc/sysctl.conf
** sshd
** DNS
-bind
-djbdns http://cr.yp.to/djbdns.html
** SMBd(Samba)
** HTTPD(APATCH)
** MTA
-qmail http://www.qmail.org/
** NTPD(xntp)
http://www.ntp.org/index.html
** Serial connection setup
** VPN
** postgreSQL
** NFSD
** Dynamic DNS(ddclient)
** Proxy(Squid)
** syslogd, klogd
** Line Printer Daemon(printcap, filter)
** FTPd(wu-ftp)
*Concern
**Wireless LAN Security
-Allied telesis http://www.allied-telesis.co.jp/products/list/wireless/knowl.html#sec
-Data Encription
--WEP: Wireless tools for Linux supports http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html
--WPA: http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/hostap/wpa_supplicant/
--Access Control: prism54 driver support MAC Address filtering
**多くのサイトがinetd を tcpserver で置き換えつつあります。以下にいくつかの理由をあげます:
-inetd は高負荷では信頼性が低下します。 1分間に「多過ぎる」接続要求を受けとると、10分間サービスを中断します。
-inetd の資源管理は有効ではありません。よく使われるサービスを動かしていると、いとも簡単に メモリを使い切る でしょう。
-inetd では活動が集中的に起きると、トラブルとなります。その listen() バックログ は通常 5 か 10 であり、大きくすることはできません。
*Execution Note
**Install RedHat Linux 9 by FTP
-Create bootdisk and driver disk and get FTP information.
-Install RedHat Linux 9, choose modules. Set high secure mode.
----
-Create new users (add sudoer list)
# adduser hideo
# password hideo
#TYPE password
# cp /etc/sudoers{,.20040410}
# visudo
----
Use new sudoed users to make configuration
-Settinup /etc/XF86Config
sudo cp /etc/XF86Config{,.20040410}
sudo vi /etc/XF86Config
-Change keyboard setting
sudo cp /lib/kbd/keymaps/i386/qwerty/{us.map.gz,us_swap_ctrl_capsLock.map.gz}
gunzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map.gz
sudo vi /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
#Swap 28 and 59
sudo gzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
sudo cp /etc/sysconfig/keyboard{,.20040410}
sudo vi /etc/sysconfig/keyboard
#use new key map us_swap_ctrl_capsLock
-Drop run level 3 services
/etc/rc.d/rc3.d/S05kudzu -> ../init.d/kudzu
/etc/rc.d/rc3.d/S08iptables -> ../init.d/iptables
DELETE /etc/rc.d/rc3.d/S09isdn -> ../init.d/isdn
/etc/rc.d/rc3.d/S10network -> ../init.d/network
/etc/rc.d/rc3.d/S12syslog -> ../init.d/syslog
DELETE /etc/rc.d/rc3.d/S13portmap -> ../init.d/portmap
DELETE /etc/rc.d/rc3.d/S14nfslock -> ../init.d/nfslock
/etc/rc.d/rc3.d/S17keytable -> ../init.d/keytable
/etc/rc.d/rc3.d/S20random -> ../init.d/random
DELETE /etc/rc.d/rc3.d/S24pcmcia -> ../init.d/pcmcia
DELETE /etc/rc.d/rc3.d/S25netfs -> ../init.d/netfs
/etc/rc.d/rc3.d/S26apmd -> ../init.d/apmd
DELETE /etc/rc.d/rc3.d/S28autofs -> ../init.d/autofs
/etc/rc.d/rc3.d/S55sshd -> ../init.d/sshd
/etc/rc.d/rc3.d/S56rawdevices -> ../init.d/rawdevices
DELETE /etc/rc.d/rc3.d/S56xinetd -> ../init.d/xinetd
DELETE /etc/rc.d/rc3.d/S80sendmail -> ../init.d/sendmail
/etc/rc.d/rc3.d/S85gpm -> ../init.d/gpm
/etc/rc.d/rc3.d/S90canna -> ../init.d/canna
/etc/rc.d/rc3.d/S90crond -> ../init.d/crond
DELETE /etc/rc.d/rc3.d/S90cups -> ../init.d/cups
/etc/rc.d/rc3.d/S90FreeWnn -> ../init.d/FreeWnn
/etc/rc.d/rc3.d/S90xfs -> ../init.d/xfs
/etc/rc.d/rc3.d/S95anacron -> ../init.d/anacron
/etc/rc.d/rc3.d/S95atd -> ../init.d/atd
/etc/rc.d/rc3.d/S97rhnsd -> ../init.d/rhnsd
/etc/rc.d/rc3.d/S99local -> ../rc.local
sudo rm /etc/rc.d/rc3.d/S13portmap
sudo rm /etc/rc.d/rc3.d/S14nfslock
sudo rm /etc/rc.d/rc3.d/S24pcmcia
sudo rm /etc/rc.d/rc3.d/S25netfs
sudo rm /etc/rc.d/rc3.d/S28autofs
sudo rm /etc/rc.d/rc3.d/S56
sudo rm /etc/rc.d/rc3.d/S56xinetd
sudo rm /etc/rc.d/rc3.d/S80sendmail
sudo rm /etc/rc.d/rc3.d/S90cups
----
mkdir usr
mkdir usr/TARBALL
mkdir usr/src
mkdir usr/lib
mkdir usr/bin
mv ncftp-3.1.7-src.tar.gz ./usr/TARBALL/
----
-down load prism54 and patch on the latest Kernel
-compile new kernel
make mrproper
make menuconfig (follow the prism54 README)
(if you comple the libraries, that you need to boot)
make dep
make clean
make bzImage
make modules
sudo make modules_install
sudo cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.25
sudo cp System.map /boot/System.map-2.4.25
mkinitrd /boot/initrd-2.4.25.img 2.4.25
vi /etc/grub.conf <=== Add new entry for new kernel
----
-Wired Networking Setup
sudo mv /etc/sysctl.conf{,.20040413}
sudo vi /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 (DHCP)
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1 (STATIC)
sudo cp /etc/sysconfig/iptables{,.20040413}
sudo vi /etc/sysconfig/iptables
----
-Wireless Networking Setup
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth2 (STATIC)
sudo vi /etc/rc.d/local (ifup eth2)
NOTE: eth2 is BOOT=NO
The eth2 is up in S99local. I do not know exactreason why but ON_BOOT does not work.
It sesms like hotplug does notwork because it fails upload firm waire accrding to the error message.
sudo cp ./WLANDCB.arm /usr/lib/hotplug/firmware/isl3890
wget http://prism54.org/~hvr/firmware.agent
sudo cp ./firmware.agent /etc/hotplug/
sudo chmod 755 /etc/hotplug/firmware.agent
ifup eth2
iwconfig eth2 essid "????"
iwconfig eth2 made Master
iwconfig eth2 off
-Compile wireless tools
sudo mv iwgetid{,.20040421}
sudo mv iwspy{,.20040421}
sudo mv iwevent{,.20040421}
sudo mv iwpriv{,.20040421}
sudo mv iwlist{,.20040421}
sudo mv iwconfig{,.20040421}
sudo cp ~hideo/usr/src/wireless_tools.26/iwgetid .
sudo cp ~hideo/usr/src/wireless_tools.26/iwevent .
sudo cp ~hideo/usr/src/wireless_tools.26/iwpriv .
sudo cp ~hideo/usr/src/wireless_tools.26/iwlist .
sudo cp ~hideo/usr/src/wireless_tools.26/iwconfig .