How-To build Linux home server
The page is the record to build my home server. Basically the server is based on Redhat Linux 9.
Think about the folowing things.
Hard Ware
UPS
Hard Ware RAID-1 (Mirroring) [HotSwap?] (Spare Disk?)
NIC
- 100M Ethernet 1 <----Global
5 Inch Front Bay
- 2 for RAID-1
- (Do not need CD-ROM drive. We can do FTP based install.)
Soft Ware
Firewall (Filtering)
IP Masquerade
edit /etc/sysctl.conf
sshd
DNS
SMBd(Samba)
HTTPD(APATCH)
MTA
NTPD(xntp)
Serial connection setup
VPN
postgreSQL
NFSD
Dynamic DNS(ddclient)
Proxy(Squid)
syslogd, klogd
Line Printer Daemon(printcap, filter)
FTPd(wu-ftp)
Concern
Wireless LAN Security
多くのサイトがinetd を tcpserver で置き換えつつあります。以下にいくつかの理由をあげます:
- inetd は高負荷では信頼性が低下します。 1分間に「多過ぎる」接続要求を受けとると、10分間サービスを中断します。
- inetd の資源管理は有効ではありません。よく使われるサービスを動かしていると、いとも簡単に メモリを使い切る でしょう。
- inetd では活動が集中的に起きると、トラブルとなります。その listen() バックログ は通常 5 か 10 であり、大きくすることはできません。
Execution Note
Install RedHat Linux 9 by FTP
- Create bootdisk and driver disk and get FTP information.
- Install RedHat Linux 9, choose modules. Set high secure mode.
- Create new users (add sudoer list)
# adduser hideo
# password hideo
#TYPE password
# cp /etc/sudoers{,.20040410}
# visudo
Use new sudoed users to make configuration
sudo cp /etc/XF86Config{,.20040410}
sudo vi /etc/XF86Config
sudo cp /lib/kbd/keymaps/i386/qwerty/{us.map.gz,us_swap_ctrl_capsLock.map.gz}
gunzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map.gz
sudo vi /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
#Swap 28 and 59
sudo gzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
sudo cp /etc/sysconfig/keyboard{,.20040410}
sudo vi /etc/sysconfig/keyboard
#use new key map us_swap_ctrl_capsLock
- Drop run level 3 services
/etc/rc.d/rc3.d/S05kudzu -> ../init.d/kudzu
/etc/rc.d/rc3.d/S08iptables -> ../init.d/iptables
DELETE /etc/rc.d/rc3.d/S09isdn -> ../init.d/isdn
/etc/rc.d/rc3.d/S10network -> ../init.d/network
/etc/rc.d/rc3.d/S12syslog -> ../init.d/syslog
DELETE /etc/rc.d/rc3.d/S13portmap -> ../init.d/portmap
DELETE /etc/rc.d/rc3.d/S14nfslock -> ../init.d/nfslock
/etc/rc.d/rc3.d/S17keytable -> ../init.d/keytable
/etc/rc.d/rc3.d/S20random -> ../init.d/random
DELETE /etc/rc.d/rc3.d/S24pcmcia -> ../init.d/pcmcia
DELETE /etc/rc.d/rc3.d/S25netfs -> ../init.d/netfs
/etc/rc.d/rc3.d/S26apmd -> ../init.d/apmd
DELETE /etc/rc.d/rc3.d/S28autofs -> ../init.d/autofs
/etc/rc.d/rc3.d/S55sshd -> ../init.d/sshd
/etc/rc.d/rc3.d/S56rawdevices -> ../init.d/rawdevices
DELETE /etc/rc.d/rc3.d/S56xinetd -> ../init.d/xinetd
DELETE /etc/rc.d/rc3.d/S80sendmail -> ../init.d/sendmail
/etc/rc.d/rc3.d/S85gpm -> ../init.d/gpm
/etc/rc.d/rc3.d/S90canna -> ../init.d/canna
/etc/rc.d/rc3.d/S90crond -> ../init.d/crond
DELETE /etc/rc.d/rc3.d/S90cups -> ../init.d/cups
/etc/rc.d/rc3.d/S90FreeWnn -> ../init.d/FreeWnn
/etc/rc.d/rc3.d/S90xfs -> ../init.d/xfs
/etc/rc.d/rc3.d/S95anacron -> ../init.d/anacron
/etc/rc.d/rc3.d/S95atd -> ../init.d/atd
/etc/rc.d/rc3.d/S97rhnsd -> ../init.d/rhnsd
/etc/rc.d/rc3.d/S99local -> ../rc.local
sudo rm /etc/rc.d/rc3.d/S13portmap
sudo rm /etc/rc.d/rc3.d/S14nfslock
sudo rm /etc/rc.d/rc3.d/S24pcmcia
sudo rm /etc/rc.d/rc3.d/S25netfs
sudo rm /etc/rc.d/rc3.d/S28autofs
sudo rm /etc/rc.d/rc3.d/S56
sudo rm /etc/rc.d/rc3.d/S56xinetd
sudo rm /etc/rc.d/rc3.d/S80sendmail
sudo rm /etc/rc.d/rc3.d/S90cups
mkdir usr
mkdir usr/TARBALL
mkdir usr/src
mkdir usr/lib
mkdir usr/bin
mv ncftp-3.1.7-src.tar.gz ./usr/TARBALL/
- down load prism54 and patch on the latest Kernel
- compile new kernel
make mrproper
make menuconfig (follow the prism54 README)
(if you comple the libraries, that you need to boot)
make dep
make clean
make bzImage
make modules
sudo make modules_install
sudo cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.25
sudo cp System.map /boot/System.map-2.4.25
mkinitrd /boot/initrd-2.4.25.img 2.4.25
vi /etc/grub.conf <=== Add new entry for new kernel
sudo mv /etc/sysctl.conf{,.20040413}
sudo vi /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 (DHCP)
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1 (STATIC)
sudo cp /etc/sysconfig/iptables{,.20040413}
sudo vi /etc/sysconfig/iptables
- Wireless Networking Setup
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth2 (STATIC)
sudo vi /etc/rc.d/local (ifup eth2)
NOTE: eth2 is BOOT=NO
The eth2 is up in S99local. I do not know exactreason why but ON_BOOT does not work.
It sesms like hotplug does notwork because it fails upload firm waire accrding to the error message.
sudo cp ./WLANDCB.arm /usr/lib/hotplug/firmware/isl3890
wget http://prism54.org/~hvr/firmware.agent
sudo cp ./firmware.agent /etc/hotplug/
sudo chmod 755 /etc/hotplug/firmware.agent
ifup eth2
iwconfig eth2 essid "????"
iwconfig eth2 made Master
iwconfig eth2 off
sudo mv iwgetid{,.20040421}
sudo mv iwspy{,.20040421}
sudo mv iwevent{,.20040421}
sudo mv iwpriv{,.20040421}
sudo mv iwlist{,.20040421}
sudo mv iwconfig{,.20040421}
sudo cp ~hideo/usr/src/wireless_tools.26/iwgetid .
sudo cp ~hideo/usr/src/wireless_tools.26/iwevent .
sudo cp ~hideo/usr/src/wireless_tools.26/iwpriv .
sudo cp ~hideo/usr/src/wireless_tools.26/iwlist .
sudo cp ~hideo/usr/src/wireless_tools.26/iwconfig .
最終更新:2005年07月10日 03:01
