Linux home server

How-To build Linux home server

The page is the record to build my home server. Basically the server is based on Redhat Linux 9.

Think about the folowing things.



Hard Ware

UPS


Hard Ware RAID-1 (Mirroring) [HotSwap?] (Spare Disk?)





NIC



  • 100M Ethernet 1 <----Global


5 Inch Front Bay

  • 2 for RAID-1
  • (Do not need CD-ROM drive. We can do FTP based install.)

Soft Ware

Firewall (Filtering)

IP Masquerade

edit /etc/sysctl.conf

sshd

DNS

SMBd(Samba)

HTTPD(APATCH)

MTA

NTPD(xntp)

Serial connection setup

VPN

postgreSQL

NFSD

Dynamic DNS(ddclient)

Proxy(Squid)

syslogd, klogd

Line Printer Daemon(printcap, filter)

FTPd(wu-ftp)



Concern


Wireless LAN Security


多くのサイトがinetd を tcpserver で置き換えつつあります。以下にいくつかの理由をあげます:

  • inetd は高負荷では信頼性が低下します。 1分間に「多過ぎる」接続要求を受けとると、10分間サービスを中断します。
  • inetd の資源管理は有効ではありません。よく使われるサービスを動かしていると、いとも簡単に メモリを使い切る でしょう。
  • inetd では活動が集中的に起きると、トラブルとなります。その listen() バックログ は通常 5 か 10 であり、大きくすることはできません。


Execution Note

Install RedHat Linux 9 by FTP

  • Create bootdisk and driver disk and get FTP information.
  • Install RedHat Linux 9, choose modules. Set high secure mode.


  • Create new users (add sudoer list)
# adduser hideo
# password hideo
  #TYPE password
# cp /etc/sudoers{,.20040410}
# visudo


Use new sudoed users to make configuration

  • Settinup /etc/XF86Config
sudo cp /etc/XF86Config{,.20040410}
sudo vi /etc/XF86Config

  • Change keyboard setting
sudo cp /lib/kbd/keymaps/i386/qwerty/{us.map.gz,us_swap_ctrl_capsLock.map.gz}
gunzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map.gz
sudo vi /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
   #Swap 28 and 59
sudo gzip /lib/kbd/keymaps/i386/qwerty/us_swap_ctrl_capsLock.map
sudo cp /etc/sysconfig/keyboard{,.20040410}
sudo vi /etc/sysconfig/keyboard
   #use new key map us_swap_ctrl_capsLock

  • Drop run level 3 services
/etc/rc.d/rc3.d/S05kudzu -> ../init.d/kudzu
/etc/rc.d/rc3.d/S08iptables -> ../init.d/iptables
DELETE /etc/rc.d/rc3.d/S09isdn -> ../init.d/isdn
/etc/rc.d/rc3.d/S10network -> ../init.d/network
/etc/rc.d/rc3.d/S12syslog -> ../init.d/syslog
DELETE /etc/rc.d/rc3.d/S13portmap -> ../init.d/portmap
DELETE /etc/rc.d/rc3.d/S14nfslock -> ../init.d/nfslock
/etc/rc.d/rc3.d/S17keytable -> ../init.d/keytable
/etc/rc.d/rc3.d/S20random -> ../init.d/random
DELETE /etc/rc.d/rc3.d/S24pcmcia -> ../init.d/pcmcia
DELETE /etc/rc.d/rc3.d/S25netfs -> ../init.d/netfs
/etc/rc.d/rc3.d/S26apmd -> ../init.d/apmd
DELETE /etc/rc.d/rc3.d/S28autofs -> ../init.d/autofs
/etc/rc.d/rc3.d/S55sshd -> ../init.d/sshd
/etc/rc.d/rc3.d/S56rawdevices -> ../init.d/rawdevices
DELETE /etc/rc.d/rc3.d/S56xinetd -> ../init.d/xinetd
DELETE /etc/rc.d/rc3.d/S80sendmail -> ../init.d/sendmail
/etc/rc.d/rc3.d/S85gpm -> ../init.d/gpm
/etc/rc.d/rc3.d/S90canna -> ../init.d/canna
/etc/rc.d/rc3.d/S90crond -> ../init.d/crond
DELETE  /etc/rc.d/rc3.d/S90cups -> ../init.d/cups
/etc/rc.d/rc3.d/S90FreeWnn -> ../init.d/FreeWnn
/etc/rc.d/rc3.d/S90xfs -> ../init.d/xfs
/etc/rc.d/rc3.d/S95anacron -> ../init.d/anacron
/etc/rc.d/rc3.d/S95atd -> ../init.d/atd
/etc/rc.d/rc3.d/S97rhnsd -> ../init.d/rhnsd
/etc/rc.d/rc3.d/S99local -> ../rc.local

sudo rm /etc/rc.d/rc3.d/S13portmap
sudo rm /etc/rc.d/rc3.d/S14nfslock
sudo rm /etc/rc.d/rc3.d/S24pcmcia
sudo rm /etc/rc.d/rc3.d/S25netfs
sudo rm /etc/rc.d/rc3.d/S28autofs
sudo rm /etc/rc.d/rc3.d/S56
sudo rm /etc/rc.d/rc3.d/S56xinetd
sudo rm /etc/rc.d/rc3.d/S80sendmail
sudo rm /etc/rc.d/rc3.d/S90cups


 mkdir usr
 mkdir usr/TARBALL
 mkdir usr/src
 mkdir usr/lib
 mkdir usr/bin

 mv ncftp-3.1.7-src.tar.gz ./usr/TARBALL/


  • down load prism54 and patch on the latest Kernel
  • compile new kernel
make mrproper
make menuconfig (follow the prism54 README)
(if you comple the libraries, that you need to boot)

make dep
make clean
make bzImage
make modules
sudo make modules_install

sudo cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.25
sudo cp System.map /boot/System.map-2.4.25

mkinitrd /boot/initrd-2.4.25.img 2.4.25
vi /etc/grub.conf <=== Add new entry for new kernel



  • Wired Networking Setup
sudo mv /etc/sysctl.conf{,.20040413}
sudo vi /etc/sysctl.conf
   # Controls source route verification
   net.ipv4.conf.default.rp_filter = 1

sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0  (DHCP)
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1  (STATIC)

sudo cp /etc/sysconfig/iptables{,.20040413}
sudo vi /etc/sysconfig/iptables


  • Wireless Networking Setup
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth2  (STATIC)
sudo vi /etc/rc.d/local  (ifup eth2)
NOTE: eth2 is BOOT=NO
The eth2 is up in S99local.  I do not know exactreason why but ON_BOOT does not work. 
It sesms like hotplug does notwork because it fails upload firm waire accrding to the error message.
sudo cp ./WLANDCB.arm /usr/lib/hotplug/firmware/isl3890

wget http://prism54.org/~hvr/firmware.agent
sudo cp ./firmware.agent /etc/hotplug/
sudo chmod 755 /etc/hotplug/firmware.agent

ifup eth2
iwconfig eth2 essid "????"
iwconfig eth2 made Master
iwconfig eth2 off

  • Compile wireless tools
sudo mv iwgetid{,.20040421}
sudo mv iwspy{,.20040421}
sudo mv iwevent{,.20040421}
sudo mv iwpriv{,.20040421}
sudo mv iwlist{,.20040421}
sudo mv iwconfig{,.20040421}
sudo cp ~hideo/usr/src/wireless_tools.26/iwgetid .
sudo cp ~hideo/usr/src/wireless_tools.26/iwevent .
sudo cp ~hideo/usr/src/wireless_tools.26/iwpriv .
sudo cp ~hideo/usr/src/wireless_tools.26/iwlist .
sudo cp ~hideo/usr/src/wireless_tools.26/iwconfig .