Difference between revisions of "Animal Setup Process"

Latest revision as of 07:30, 29 October 2014

This page summarizes how Animal was set up in Spring 2010.

This wiki entry is being kept as a reference until we have a new way of backing things up. This page might be useful to someone setting up a successor to Animal's successor, Elephant.

Install

Installed CentOS 5.4 x86.
- Partition Scheme
  - /dev/sdb - Hardware RAID 1
    - 100 MB /boot
    - 261 GB /
    - 1 GB /home
    - 1 GB /tmp
    - 4 GB /var
    - 3 GB swap
  - /dev/sda - Hardware RAID 10
    - 1.6 TB /mnt/raidA

Kickstart File

# Kickstart file automatically generated by anaconda.

install
cdrom
lang en_US.UTF-8
keyboard us
network --device eth0 --bootproto static --ip 128.153.145.216 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal
network --device eth1 --bootproto static --ip 10.0.1.25 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal
rootpw --iscrypted 
firewall --enabled
authconfig --enableshadow --enablemd5
selinux --permissive
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sdb,sda --md5pass=
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --linux
#part /boot --fstype ext3 --size=100 --ondisk=sdb
#part /mnt/raidA --fstype ext3 --noformat --onpart sda1
#part /var --fstype ext3 --size=4096 --ondisk=sdb
#part swap --size=3072 --ondisk=sdb
#part /tmp --fstype ext3 --size=1024 --ondisk=sdb
#part /home --fstype ext3 --size=1024 --ondisk=sdb
#part / --fstype ext3 --size=100 --grow --ondisk=sdb --asprimary

%packages
@base
@core
keyutils
trousers
fipscheck
device-mapper-multipath
-aspell-en
-aspell
-cpuspeed
-NetworkManager
-bluez-utils

%post
/sbin/chkconfig --level 123456 cups off

Configuration

Updated System

Added Extra Repositories
- RPMForge Yum Repository
  - rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.i386.rpm
    - From Dag Wieers
- Fedora EPEL Yum Repository
  - rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
    - From Fedora

Configured Yum Priorities & to use our mirror
- Edited /etc/yum.repos.d/CentOS-Base.repo

# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2

- Edited /etc/yum.repos.d/rpmforge.repo

# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
# URL: http://rpmforge.net/
[rpmforge]
name = Red Hat Enterprise $releasever - RPMforge.net - dag
baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
priority=15

- Edited /etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
baseurl=http://mirror.clarkson.edu/epel/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=30

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30

[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30

- Edited /etc/yum.repos.d/epel-testing.repo

[epel-testing]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=40

[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40

[epel-testing-source]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40

Disabled Yum FastestMirror since using local mirror
- sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf

Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
- yum install yum-priorities

Configured Yum Priorities to check for obsoletes
- echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf

yum install vim-enhanced gcc emacs-nox screen
yum update

Created User

Created user mccarrms
- /usr/sbin/useradd -m mccarrms
Set password for mccarrms
- passwd mccarrms

Configured Sudo

/usr/sbin/visudo

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

#User_Alias ADMINS = mccarrms

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
%admins ALL=(root)      ALL, !SHELLS

Configured Networks

Configured hostname in /etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=animal
GATEWAY=128.153.145.1

Verified eth0 configuration for Clarkson Network in /etc/sysconfig/network-scripts/ifcfg-eth0

# Intel Corporation 82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=static
BROADCAST=128.153.145.255
HWADDR=00:C0:9F:2A:32:40
IPADDR=128.153.145.216
NETMASK=255.255.255.0
NETWORK=128.153.145.0
ONBOOT=yes

Verified eth1 configuration for the Server Room Network in /etc/sysconfig/network-scripts/ifcfg-eth1

# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth1
BOOTPROTO=static
BROADCAST=10.0.1.255
HWADDR=00:1B:21:28:C8:46
IPADDR=10.0.1.25
NETMASK=255.255.255.0
NETWORK=10.0.1.0
ONBOOT=yes

Configured Hosts

Edited /etc/hosts

127.0.0.1       localhost.localdomain localhost
128.153.145.216 animal.cslabs.clarkson.edu animal.cslabs animal
10.0.1.25       animal.sr.cslabs.clarkson.edu animal.sr.cslabs animal.sr

Edited /etc/hosts.allow

For security purposes, this information has been intentionally left off.

Edited /etc/hosts.deny

ALL: ALL

Configured DNS Servers

Edited /etc/resolv.conf

search cslabs.clarkson.edu clarkson.edu
nameserver 128.153.145.3
nameserver 128.153.145.4

Disabled IP v6

Appended the following to /etc/modprobe.conf

alias ipv6 off
alias net-pf-10 off

Disabled IP v6 firewall
- /sbin/chkconfig ip6tables off

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.

Restarted iptables
- /etc/init.d/iptables restart

Configured SSH

Edited /etc/ssh/sshd_config

Due to the sensitivity of this material, this config file has been left off.

Restarted sshd
- /etc/init.d/sshd restart

Set Up SSH Login Banner

Edited /etc/issue.net

            _            __
 ___ ____  (_)_ _  ___ _/ /
/ _ `/ _ \/ /  ' \/ _ `/ / 
\_,_/_//_/_/_/_/_/\_,_/_/

Configured Password Requirements

Edited /etc/login.defs

MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   360
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   60

UID_MIN                   500
UID_MAX                 60000

GID_MIN                   500
GID_MAX                 60000

CREATE_HOME     yes

UMASK           077

USERGROUPS_ENAB yes

MD5_CRYPT_ENAB yes

ENCRYPT_METHOD MD5

Added Custom PATH Variables

Added the following to /etc/profile

PATH=$PATH:/usr/sbin:/sbin
export PATH

Set Up & Configured NTP

Installed NTP
- yum install ntp

Edited /etc/ntp.conf

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery

server tick.clarkson.edu
server tock.clarkson.edu

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift

keys /etc/ntp/keys

Edited /etc/ntp/step-tickers

tick.clarkson.edu
tock.clarkson.edu

Configured ntpd to start on boot
- /sbin/chkconfig --levels 2345 ntpd on

Started ntpd
- /etc/init.d/ntpd start

Configured ntpd to Sync Hardware Clock

Edited /etc/sysconfig/ntpd

# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes

# Additional options for ntpdate
NTPDATE_OPTIONS=""

Installed and Configured APCUPSD

This package is used to monitor the UPSes which Animal is plugged into and is used to shutdown the system in the event of a power failure.

Installed and configured `apcupsd`

Checked that the UPS was detected
- cat /proc/bus/usb/devices

T:  Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor=051d ProdID=0002 Rev= 1.01
S:  Manufacturer=American Power Conversion
S:  Product=Back-UPS RS 1500 LCD FW:839.H7 .D USB FW:H7
S:  SerialNumber=JB0802018491
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  2mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms

T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor=051d ProdID=0002 Rev= 1.01
S:  Manufacturer=American Power Conversion
S:  Product=Back-UPS RS 1500 LCD FW:839.H5 .D USB FW:H5
S:  SerialNumber=JB0730001020
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  2mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms

Appended the following to /etc/udev/rules.d/50-udev.rules

#####################################
# UPSes
#####################################

KERNEL=="hiddev*", SYSFS{serial}=="JB0802018491", SYMLINK="ups1"
KERNEL=="hiddev*", SYSFS{serial}=="JB0730001020", SYMLINK="ups2"

Installed apcupsd
- yum install apcupsd

Edited /etc/apcupsd/apcupsd.ups1.conf

## apcupsd.conf v1.1 ##

UPSNAME ups1

UPSCABLE usb

UPSTYPE usb
DEVICE /dev/ups1

LOCKFILE /var/lock

SCRIPTDIR /etc/apcupsd

PWRFAILDIR /etc/apcupsd

NOLOGINDIR /etc

ONBATTERYDELAY 6

BATTERYLEVEL 7

MINUTES 10

TIMEOUT 0

ANNOY 300

ANNOYDELAY 60

NOLOGON disable

KILLDELAY 0

NETSERVER on

NISIP 0.0.0.0

NISPORT 3551

EVENTSFILE /var/log/apcupsd.ups1.events

EVENTSFILEMAX 10

UPSCLASS standalone

UPSMODE disable

STATTIME 0

STATFILE /var/log/apcupsd.ups1.status

LOGSTATS off

DATATIME 0

SELFTEST 336

Edited /etc/apcupsd/apcupsd.ups2.conf

## apcupsd.conf v1.1 ##

UPSNAME ups2

UPSCABLE usb

UPSTYPE usb
DEVICE /dev/ups2

LOCKFILE /var/lock

SCRIPTDIR /etc/apcupsd

PWRFAILDIR /etc/apcupsd

NOLOGINDIR /etc

ONBATTERYDELAY 6

BATTERYLEVEL 7

MINUTES 10

TIMEOUT 0

ANNOY 300

ANNOYDELAY 60

NOLOGON disable

KILLDELAY 0

NETSERVER on

NISIP 0.0.0.0

NISPORT 3552

EVENTSFILE /var/log/apcupsd.ups2.events

EVENTSFILEMAX 10

UPSCLASS standalone

UPSMODE disable

STATTIME 0

STATFILE /var/log/apcupsd.ups2.status

LOGSTATS off

DATATIME 0

SELFTEST 336

Edited /etc/init.d/apcupsd

#! /bin/sh
#
# apcupsd      This shell script takes care of starting and stopping
#              the apcupsd UPS monitoring daemon.
#
# chkconfig: 2345 60 99
# description: apcupsd monitors power and takes action if necessary
#

if test -f /etc/whitebox-release ; then
   f=/etc/whitebox-release
else
   f=/etc/redhat-release
fi
if test `cat $f | grep release |\
     cut -f 3 -d ' '`x = "Enterprise"x ; then
   DISTVER="Enterprise "`cat $f | grep release |\
     cut -f 6 -d ' '`
else
   DISTVER=`cat /etc/redhat-release | grep release |\
     cut -f 5 -d ' '`
fi

# Source function libarary
. /etc/rc.d/init.d/functions

case "$1" in
    start)
       rm -f /etc/apcupsd/powerfail
       rm -f /etc/nologin
       for conf in /etc/apcupsd/apcupsd.*.conf ; do
          inst=`basename $conf`
          echo -n "Starting UPS monitoring ($inst):"
          daemon /sbin/apcupsd -f $conf -P /var/run/apcupsd-$inst.pid
          RETVAL=$?
          echo
          [ $RETVAL -eq 0 ] && touch /var/lock/subsys/apcupsd-$inst
       done
       ;;
    stop)
       for conf in /etc/apcupsd/apcupsd.*.conf ; do
          inst=`basename $conf`
          echo -n "Shutting down UPS monitoring ($inst):"
          killproc -p /var/run/apcupsd-$inst.pid apcupsd
          echo
          rm -f /var/run/apcupsd-$inst.pid
          rm -f /var/lock/subsys/apcupsd-$inst
       done
       ;;
    restart|force-reload)
       $0 stop
       sleep 15
       $0 start
       ;;
    reload)
       echo "$0: reload not implemented"
       exit 3
       ;;
    status)
       for conf in /etc/apcupsd/apcupsd.*.conf ; do
          inst=`basename $conf`
          status -p /var/run/apcupsd-$inst.pid apcupsd-$inst
          RETVAL=$?
          if [ $RETVAL -eq 0 ]
          then
             NISPORT=`grep ^NISPORT < $conf | sed -e "s/NISPORT *\([0-9]\)/\1/"`
             /sbin/apcaccess status localhost:$NISPORT
          fi
       done
       ;;
    *)
       echo "Usage: $0 {start|stop|restart|status}"
       exit 1
       ;;
esac
exit 0

Configured apcupsd to start on boot
- /sbin/chkconfig --levels 2345 apcupsd on

Started apcupsd
- /etc/init.d/apcupsd start

Configured Aliases

Edited /etc/aliases

#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from /bin/mail.
#
#       >>>>>>>>>>      The program "newaliases" must be run after
#       >> NOTE >>      this file is updated for any changes to
#       >>>>>>>>>>      show through to sendmail.
#

# Basic system aliases -- these MUST be present.
mailer-daemon:  postmaster
postmaster:     logwatch@cslabs.clarkson.edu

# General redirections for pseudo accounts.
bin:            logwatch@cslabs.clarkson.edu
daemon:         logwatch@cslabs.clarkson.edu
adm:            logwatch@cslabs.clarkson.edu
lp:             logwatch@cslabs.clarkson.edu
sync:           logwatch@cslabs.clarkson.edu
shutdown:       logwatch@cslabs.clarkson.edu
halt:           logwatch@cslabs.clarkson.edu
mail:           logwatch@cslabs.clarkson.edu
news:           logwatch@cslabs.clarkson.edu
uucp:           logwatch@cslabs.clarkson.edu
operator:       logwatch@cslabs.clarkson.edu
games:          logwatch@cslabs.clarkson.edu
gopher:         logwatch@cslabs.clarkson.edu
ftp:            logwatch@cslabs.clarkson.edu
nobody:         logwatch@cslabs.clarkson.edu
radiusd:        logwatch@cslabs.clarkson.edu
nut:            logwatch@cslabs.clarkson.edu
dbus:           logwatch@cslabs.clarkson.edu
vcsa:           logwatch@cslabs.clarkson.edu
canna:          logwatch@cslabs.clarkson.edu
wnn:            logwatch@cslabs.clarkson.edu
rpm:            logwatch@cslabs.clarkson.edu
nscd:           logwatch@cslabs.clarkson.edu
pcap:           logwatch@cslabs.clarkson.edu
apache:         logwatch@cslabs.clarkson.edu
webalizer:      logwatch@cslabs.clarkson.edu
dovecot:        logwatch@cslabs.clarkson.edu
fax:            logwatch@cslabs.clarkson.edu
quagga:         logwatch@cslabs.clarkson.edu
radvd:          logwatch@cslabs.clarkson.edu
pvm:            logwatch@cslabs.clarkson.edu
amanda:         logwatch@cslabs.clarkson.edu
privoxy:        logwatch@cslabs.clarkson.edu
ident:          logwatch@cslabs.clarkson.edu
named:          logwatch@cslabs.clarkson.edu
xfs:            logwatch@cslabs.clarkson.edu
gdm:            logwatch@cslabs.clarkson.edu
mailnull:       logwatch@cslabs.clarkson.edu
postgres:       logwatch@cslabs.clarkson.edu
sshd:           logwatch@cslabs.clarkson.edu
smmsp:          logwatch@cslabs.clarkson.edu
postfix:        logwatch@cslabs.clarkson.edu
netdump:        logwatch@cslabs.clarkson.edu
ldap:           logwatch@cslabs.clarkson.edu
squid:          logwatch@cslabs.clarkson.edu
ntp:            logwatch@cslabs.clarkson.edu
mysql:          logwatch@cslabs.clarkson.edu
desktop:        logwatch@cslabs.clarkson.edu
rpcuser:        logwatch@cslabs.clarkson.edu
rpc:            logwatch@cslabs.clarkson.edu
nfsnobody:      logwatch@cslabs.clarkson.edu

ingres:         logwatch@cslabs.clarkson.edu
system:         logwatch@cslabs.clarkson.edu
toor:           logwatch@cslabs.clarkson.edu
manager:        logwatch@cslabs.clarkson.edu
dumper:         logwatch@cslabs.clarkson.edu
abuse:          logwatch@cslabs.clarkson.edu

newsadm:        news
newsadmin:      news
usenet:         news
ftpadm:         ftp
ftpadmin:       ftp
ftp-adm:        ftp
ftp-admin:      ftp
www:            webmaster
webmaster:      logwatch@cslabs.clarkson.edu
noc:            logwatch@cslabs.clarkson.edu
security:       logwatch@cslabs.clarkson.edu
hostmaster:     logwatch@cslabs.clarkson.edu
info:           postmaster
marketing:      postmaster
sales:          postmaster
support:        postmaster


# trap decode to catch security attacks
decode:         logwatch@cslabs.clarkson.edu

# Person who should get roots's mail
root:           logwatch@cslabs.clarkson.edu

Updated aliases
- /usr/bin/newaliases

Configured umask

Modified umask settings in /etc/bashrc

if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then
        umask 007
else
        umask 022
fi

Disabled `CTRL-ALT-DELETE`

Removed trap entry to prevent accidental reboots

sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab

Made Changes Active

init q

Disabled Various Kernel Modules

Added the following to /etc/modprobe.conf

install pppox /bin/true
install bluetooth /bin/true
install sctp /bin/true

Installed & Configured SNMP

Installed needed packages

yum install net-snmp ntp

Configured SNMP Daemon /etc/snmp/snmpd.conf

rocommunity     <passphrase>  127.0.0.1
rocommunity     <passphrase>  <ipsallowed>
rocommunity     <passphrase>  <ipsallowed>
 
syslocation Clarkson University Applied CS Labs
syscontact Matt McCarrell <mccarrms@gmail.com>
disk /
disk /var
disk /boot
disk /tmp
disk /home
disk /mnt/raidA
exec timeskew /usr/local/sbin/ntp_check
exec uptime /usr/bin/uptime
proc MegaServ

Deployed ntp_check script
- Copied over /usr/local/sbin/ntp_check from Isengard to /usr/local/sbin/
- chown root.root /usr/local/sbin/ntp_check

Configured SNMP to start at specific run levels

/sbin/chkconfig --levels 2345 snmpd on

Started daemon

/etc/init.d/snmpd start

Increased Detail of Logwatch Reports

Set detail level to be high

echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf

Disabled Unneeded Services

Referenced this page

chkconfig nfs off
/etc/init.d/nfs stop
chkconfig nfslock off
/etc/init.d/nfslock stop
chkconfig rpcgssd off
/etc/init.d/rpcgssd stop
chkconfig rpcidmapd off
/etc/init.d/rpcidmapd stop
chkconfig rpcsvcgssd off
/etc/init.d/rpcsvcgssd stop
chkconfig portmap off
/etc/init.d/portmap stop
chkconfig netfs off
/etc/init.d/netfs stop
chkconfig anacron off
/etc/init.d/anacron stop
chkconfig autofs off
/etc/init.d/autofs stop
chkconfig avahi-daemon off
/etc/init.d/avahi-daemon stop
chkconfig avahi-dnsconfd off
/etc/init.d/avahi-dnsconfd stop
chkconfig bluetooth off
/etc/init.d/bluetooth stop
chkconfig hidd off
/etc/init.d/hidd stop
chkconfig cups off
/etc/init.d/cups stop
chkconfig firstboot off
/etc/init.d/firstboot stop
chkconfig gpm off
/etc/init.d/gpm stop
chkconfig haldaemon off
/etc/init.d/haldaemon stop
chkconfig irda off
/etc/init.d/irda stop
chkconfig kudzu off
/etc/init.d/kudzu stop
chkconfig messagebus off
/etc/init.d/messagebus stop
chkconfig microcode_ctl off
/etc/init.d/microcode_ctl stop
chkconfig pcscd off
/etc/init.d/pcscd stop
chkconfig readahead_early off
/etc/init.d/readahead_early stop
chkconfig readahead_later off
/etc/init.d/readahead_later stop
chkconfig ypbind off
/etc/init.d/ypbind stop

Installed Software for the RAID Units

Installed MegaMon for Linux to monitor the RAID units

Downloaded MegaMon for Linux

wget http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/HWR_Monitor_Linux_3.8.zip

Unziped MegaMon

unzip HWR_Monitor_Linux_3.8.zip
unzip MegaMon.zip

Installed it

[root@animal megaraid]# ./install
If your goal is to install this utility in DEBIAN, SUSE
or CALDERA Linux, Execute the install with option as below:
./install -debian
./install -suse
./install -caldera
For other linux/solaris system including REDHAT please continue this
install with no option
Do you want quit this installation [y/n]
n
Installation Completed

Modified /etc/init.d/raidmon start line to disable root emails (emails will be handled by a separate script to prevent me from being spammed)

#echo -n 'Starting NetRAID Monitor:'
echo -n 'Starting RAID Monitor:'
MegaCtrl -start > /dev/null ; sleep 1 ; MegaCtrl -disMail

Started raidmon

/etc/init.d/raidmon start

Installed Configuration Utility

Downloaded MegaMGR for Linux

wget http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/megamgr/ut_linux_mgr_5.20.zip

Unziped MegaMGR Linux

unzip ut_linux_mgr_5.20.zip

Installed it

chmod +x megamgr
chmod +x megamgr.bin
sed -i "s/.\/megamgr.bin/\/usr\/local\/sbin\/megamgr.bin/g"
mv megamgr* /usr/local/sbin/

Difference between revisions of "Animal Setup Process"

Latest revision as of 07:30, 29 October 2014

Contents

Install

Kickstart File

Configuration

Updated System

Created User

Configured Sudo

Configured Networks

Configured Hosts

Configured DNS Servers

Disabled IP v6

Configured IPtables

Configured SSH

Set Up SSH Login Banner

Configured Password Requirements

Added Custom PATH Variables

Set Up & Configured NTP

Configured ntpd to Sync Hardware Clock

Installed and Configured APCUPSD

Installed and configured `apcupsd`

Configured Aliases

Configured umask

Disabled `CTRL-ALT-DELETE`

Disabled Various Kernel Modules

Installed & Configured SNMP

Increased Detail of Logwatch Reports

Disabled Unneeded Services

Installed Software for the RAID Units

Installed MegaMon for Linux to monitor the RAID units

Installed Configuration Utility

Navigation menu

Views

Personal tools

Navigation

Search

Tools

@@ Line 1: / Line 1: @@
+{{deprecated
-This page summarizes how [[Animal]] was set up in Spring 2009.
+| This machine was replaced with [[Elephant]]}}
+This page summarizes how [[Animal]] was set up in Spring 2010.
+This wiki entry is being kept as a reference until we have a new way of backing things up. This page might be useful to someone setting up a successor to [[Animal]]'s successor, [[Elephant]].
 ==Install==
-*Installed CentOS 5.3 x86.
+*Installed CentOS 5.4 x86.
 **Partition Scheme
-***100 MB /boot - Hardware RAID 1
+***/dev/sdb - Hardware RAID 1
+****100 MB /boot
-***270 GB root_lvg - Logical Volume Group - Hardware RAID 1
-****262 GB / (root_lvg-root_lv)
+****261 GB /
-****4 GB /var (root_lvg-var_lv)
+****1 GB /home
-****4 GB swap (root_lvg-swap_lv)
+****1 GB /tmp
+****4 GB /var
-***1.6 TB /mnt/raidA - Hardware RAID 10
+****3 GB swap
-***1.6 TB /mnt/raidB - Hardware RAID 10
+***/dev/sda - Hardware RAID 10
+****1.6 TB /mnt/raidA
 ===Kickstart File===
@@ Line 20: / Line 26: @@
 lang en_US.UTF-8
 keyboard us
-network --device eth0 --bootproto static --ip 128.153.145.216 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal.cslabs.clarkson.edu
+network --device eth0 --bootproto static --ip 128.153.145.216 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal
-network --device eth1 --bootproto static --ip 10.0.0.19 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal.cslabs.clarkson.edu
+network --device eth1 --bootproto static --ip 10.0.1.25 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal
-rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
+rootpw --iscrypted
-firewall --enabled --port=22:tcp
+firewall --enabled
 authconfig --enableshadow --enablemd5
-selinux --enforcing
+selinux --permissive
 timezone --utc America/New_York
-bootloader --location=mbr --driveorder=sdc,sda,sdb --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
+bootloader --location=mbr --driveorder=sdb,sda --md5pass=
 # The following is the partition information you requested
 # Note that any partitions you deleted are not expressed
 # here so unless you clear all partitions first, this is
 # not guaranteed to work
-clearpart --linux
+#clearpart --linux
-part /boot --fstype ext3 --size=100 --ondisk=sdc
+#part /boot --fstype ext3 --size=100 --ondisk=sdb
-part /mnt/raidB --fstype ext3 --size=100 --grow --ondisk=sdb
+#part /mnt/raidA --fstype ext3 --noformat --onpart sda1
-part /mnt/raidA --fstype ext3 --size=100 --grow --ondisk=sda
+#part /var --fstype ext3 --size=4096 --ondisk=sdb
-part pv.5 --size=100 --grow --ondisk=sdc
+#part swap --size=3072 --ondisk=sdb
+#part /tmp --fstype ext3 --size=1024 --ondisk=sdb
-volgroup root_lvg --pesize=32768 pv.5
-logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=276832
+#part /home --fstype ext3 --size=1024 --ondisk=sdb
-logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=4096
+#part / --fstype ext3 --size=100 --grow --ondisk=sdb --asprimary
-logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=4096
 %packages
-@core
 @base
+@core
+keyutils
+trousers
+fipscheck
 device-mapper-multipath
+-aspell-en
+-aspell
+-cpuspeed
 -NetworkManager
 -bluez-utils
+%post
+/sbin/chkconfig --level 123456 cups off
 </pre></code>
 ==Configuration==
-===Updated VM===
+===Updated System===
-*Added RPMForge Yum Repository
+*Added Extra Repositories
+**RPMForge Yum Repository
-**<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm</code>
+***<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.i386.rpm</code>
-***From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
+****From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
-*Installed Yum ProtectBase
+**Fedora EPEL Yum Repository
+***<code>rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm</code>
-**<code>yum install yum-protectbase</code>
+****From [http://download.fedora.redhat.com/pub/epel/5/i386/repoview/epel-release.html Fedora]
-*Configured Yum ProtectBase & to use our mirror
+*Configured Yum Priorities & to use our mirror
 **Edited <code>/etc/yum.repos.d/CentOS-Base.repo</code>
 <code><pre>
@@ Line 80: / Line 95: @@
 baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
 gpgcheck=1
-protect=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+priority=1
 #released updates
@@ Line 89: / Line 104: @@
 baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
 gpgcheck=1
-protect=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+priority=1
 #packages used/produced in the build but not released
@@ Line 98: / Line 113: @@
 baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
 gpgcheck=1
-protect=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+priority=1
 #additional packages that may be useful
@@ Line 107: / Line 122: @@
 baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
 gpgcheck=1
-protect=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+priority=1
 #additional packages that extend functionality of existing packages
@@ Line 117: / Line 132: @@
 gpgcheck=1
 enabled=0
-protect=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+priority=2
 #contrib - packages by Centos Users
@@ Line 127: / Line 142: @@
 gpgcheck=1
 enabled=0
-protect=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+priority=2
 </pre></code>
-**Edited <code>/etc/yum.repos.d/</code>
+**Edited <code>/etc/yum.repos.d/rpmforge.repo</code>
 <code><pre>
 # Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
@@ Line 136: / Line 152: @@
 [rpmforge]
 name = Red Hat Enterprise $releasever - RPMforge.net - dag
-baseurl = http://mirror.clarkson.edu/dag/redhat/el5/en/$basearch/dag
+baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
 #mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
 #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
 enabled = 1
-protect = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
 gpgcheck = 1
+priority=15
 </pre></code>
+**Edited <code>/etc/yum.repos.d/epel.repo</code>
-*<code>yum install yum-fastestmirror vim-enhanced gcc emacs-nox screen</code>
+<code><pre>
+[epel]
+name=Extra Packages for Enterprise Linux 5 - $basearch
+baseurl=http://mirror.clarkson.edu/epel/5/$basearch
+#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
+failovermethod=priority
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
+priority=30
+[epel-debuginfo]
+name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
+baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
+#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
+gpgcheck=1
+priority=30
+[epel-source]
+name=Extra Packages for Enterprise Linux 5 - $basearch - Source
+baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
+#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
+gpgcheck=1
+priority=30
+</pre></code>
+**Edited <code>/etc/yum.repos.d/epel-testing.repo</code>
+<code><pre>
+[epel-testing]
+name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
+baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
+#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
+priority=40
+[epel-testing-debuginfo]
+name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
+baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
+#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
+gpgcheck=1
+priority=40
+[epel-testing-source]
+name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
+baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
+#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
+gpgcheck=1
+priority=40
+</pre></code>
+*Disabled Yum FastestMirror since using local mirror
+**<code>sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf</code>
+*Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
+**<code>yum install yum-priorities</code>
+*Configured Yum Priorities to check for obsoletes
+**<code>echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf</code>
+*<code>yum install vim-enhanced gcc emacs-nox screen</code>
 *<code>yum update</code>
@@ Line 206: / Line 297: @@
 root    ALL=(ALL)       ALL
 %wheel  ALL=(ALL)       ALL
-%admins localhost=/sbin/shutdown -h now
+%admins ALL=(root)      ALL, !SHELLS
 </pre></code>
@@ Line 214: / Line 305: @@
 NETWORKING=yes
 NETWORKING_IPV6=no
-HOSTNAME=animal.cslabs.clarkson.edu
+HOSTNAME=animal
 GATEWAY=128.153.145.1
 </pre></code>
@@ Line 231: / Line 322: @@
 </pre></code>
-*Verified eth1 configuration for the Internal Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
+*Verified eth1 configuration for the Server Room Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
 <code><pre>
 # Intel Corporation 82541PI Gigabit Ethernet Controller
 DEVICE=eth1
 BOOTPROTO=static
-BROADCAST=10.0.0.255
+BROADCAST=10.0.1.255
 HWADDR=00:1B:21:28:C8:46
-IPADDR=10.0.0.19
+IPADDR=10.0.1.25
 NETMASK=255.255.255.0
-NETWORK=10.0.0.0
+NETWORK=10.0.1.0
 ONBOOT=yes
 </pre></code>
@@ Line 248: / Line 339: @@
 <code><pre>
 .0.0.1       localhost.localdomain localhost
-::1             localhost6.localdomain6 localhost6
 .153.145.216 animal.cslabs.clarkson.edu animal.cslabs animal
-.0.0.19       animal.int.cslabs.clarkson.edu animal.int.cslabs animal.int
+.0.1.25       animal.sr.cslabs.clarkson.edu animal.sr.cslabs animal.sr
+</pre></code>
+*Edited <code>/etc/hosts.allow</code>
+<code><pre>
+For security purposes, this information has been intentionally left off.
+</pre></code>
+*Edited <code>/etc/hosts.deny</code>
+<code><pre>
+ALL: ALL
 </pre></code>
@@ Line 256: / Line 356: @@
 *Edited <code>/etc/resolv.conf</code>
 <code><pre>
-search clarkson.edu
+search cslabs.clarkson.edu clarkson.edu
-nameserver 128.153.0.254
+nameserver 128.153.145.3
-nameserver 128.153.5.254
+nameserver 128.153.145.4
+</pre></code>
+====Disabled IP v6====
+*Appended the following to <code>/etc/modprobe.conf</code>
+<code><pre>
+alias ipv6 off
+alias net-pf-10 off
 </pre></code>
+*Disabled IP v6 firewall
+**<code>/sbin/chkconfig ip6tables off</code>
 ===Configured IPtables===
@@ Line 318: / Line 427: @@
 PATH=$PATH:/usr/sbin:/sbin
 export PATH
-</pre></code>
-===Modified Root's Crontab===
-*<code>crontab -e</code>
-<code><pre>
-# Used to update locate database
-* * * * /usr/bin/updatedb
 </pre></code>
@@ Line 379: / Line 481: @@
 ===Installed and Configured [http://www.apcupsd.org/ APCUPSD]===
-This package is used to monitor the UPS which [[Animal]] is plugged into and is used to shutdown the system in the event of a power failure.
+This package is used to monitor the UPSes which [[Animal]] is plugged into and is used to shutdown the system in the event of a power failure.
 ====Installed and configured <code>apcupsd</code>====
@@ Line 386: / Line 488: @@
 **<code>cat /proc/bus/usb/devices</code>
 <code><pre>
-T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
+T:  Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
 D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
 P:  Vendor=051d ProdID=0002 Rev= 1.01
@@ Line 395: / Line 497: @@
 I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
 E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms
+T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
+D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
+P:  Vendor=051d ProdID=0002 Rev= 1.01
+S:  Manufacturer=American Power Conversion
+S:  Product=Back-UPS RS 1500 LCD FW:839.H5 .D USB FW:H5
+S:  SerialNumber=JB0730001020
+C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  2mA
+I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
+E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms
+</pre></code>
+*Appended the following to <code>/etc/udev/rules.d/50-udev.rules</code>
+<code><pre>
+#####################################
+# UPSes
+#####################################
+KERNEL=="hiddev*", SYSFS{serial}=="JB0802018491", SYMLINK="ups1"
+KERNEL=="hiddev*", SYSFS{serial}=="JB0730001020", SYMLINK="ups2"
 </pre></code>
@@ Line 400: / Line 522: @@
 **<code>yum install apcupsd</code>
-*Edited <code>/etc/apcupsd/apcupsd.conf</code>
+*Edited <code>/etc/apcupsd/apcupsd.ups1.conf</code>
 <code><pre>
 ## apcupsd.conf v1.1 ##
@@ Line 409: / Line 531: @@
 UPSTYPE usb
-DEVICE
+DEVICE /dev/ups1
 LOCKFILE /var/lock
@@ Line 441: / Line 563: @@
 NISPORT 3551
-EVENTSFILE /var/log/apcupsd.events
+EVENTSFILE /var/log/apcupsd.ups1.events
 EVENTSFILEMAX 10
@@ Line 451: / Line 573: @@
 STATTIME 0
-STATFILE /var/log/apcupsd.status
+STATFILE /var/log/apcupsd.ups1.status
 LOGSTATS off
@@ Line 458: / Line 580: @@
 SELFTEST 336
+</pre></code>
+*Edited <code>/etc/apcupsd/apcupsd.ups2.conf</code>
+<code><pre>
+## apcupsd.conf v1.1 ##
+UPSNAME ups2
+UPSCABLE usb
+UPSTYPE usb
+DEVICE /dev/ups2
+LOCKFILE /var/lock
+SCRIPTDIR /etc/apcupsd
+PWRFAILDIR /etc/apcupsd
+NOLOGINDIR /etc
+ONBATTERYDELAY 6
+BATTERYLEVEL 7
+MINUTES 10
+TIMEOUT 0
+ANNOY 300
+ANNOYDELAY 60
+NOLOGON disable
+KILLDELAY 0
+NETSERVER on
+NISIP 0.0.0.0
+NISPORT 3552
+EVENTSFILE /var/log/apcupsd.ups2.events
+EVENTSFILEMAX 10
+UPSCLASS standalone
+UPSMODE disable
+STATTIME 0
+STATFILE /var/log/apcupsd.ups2.status
+LOGSTATS off
+DATATIME 0
+SELFTEST 336
+</pre></code>
+*Edited <code>/etc/init.d/apcupsd</code>
+<code><pre>
+#! /bin/sh
+#
+# apcupsd      This shell script takes care of starting and stopping
+#              the apcupsd UPS monitoring daemon.
+#
+# chkconfig: 2345 60 99
+# description: apcupsd monitors power and takes action if necessary
+#
+if test -f /etc/whitebox-release ; then
+   f=/etc/whitebox-release
+else
+   f=/etc/redhat-release
+fi
+if test `cat $f | grep release |\
+     cut -f 3 -d ' '`x = "Enterprise"x ; then
+   DISTVER="Enterprise "`cat $f | grep release |\
+     cut -f 6 -d ' '`
+else
+   DISTVER=`cat /etc/redhat-release | grep release |\
+     cut -f 5 -d ' '`
+fi
+# Source function libarary
+. /etc/rc.d/init.d/functions
+case "$1" in
+    start)
+       rm -f /etc/apcupsd/powerfail
+       rm -f /etc/nologin
+       for conf in /etc/apcupsd/apcupsd.*.conf ; do
+          inst=`basename $conf`
+          echo -n "Starting UPS monitoring ($inst):"
+          daemon /sbin/apcupsd -f $conf -P /var/run/apcupsd-$inst.pid
+          RETVAL=$?
+          echo
+          [ $RETVAL -eq 0 ] && touch /var/lock/subsys/apcupsd-$inst
+       done
+       ;;
+    stop)
+       for conf in /etc/apcupsd/apcupsd.*.conf ; do
+          inst=`basename $conf`
+          echo -n "Shutting down UPS monitoring ($inst):"
+          killproc -p /var/run/apcupsd-$inst.pid apcupsd
+          echo
+          rm -f /var/run/apcupsd-$inst.pid
+          rm -f /var/lock/subsys/apcupsd-$inst
+       done
+       ;;
+    restart|force-reload)
+       $0 stop
+       sleep 15
+       $0 start
+       ;;
+    reload)
+       echo "$0: reload not implemented"
+       exit 3
+       ;;
+    status)
+       for conf in /etc/apcupsd/apcupsd.*.conf ; do
+          inst=`basename $conf`
+          status -p /var/run/apcupsd-$inst.pid apcupsd-$inst
+          RETVAL=$?
+          if [ $RETVAL -eq 0 ]
+          then
+             NISPORT=`grep ^NISPORT < $conf | sed -e "s/NISPORT *\([0-9]\)/\1/"`
+             /sbin/apcaccess status localhost:$NISPORT
+          fi
+       done
+       ;;
+    *)
+       echo "Usage: $0 {start|stop|restart|status}"
+       exit 1
+       ;;
+esac
+exit 0
 </pre></code>
@@ Line 570: / Line 832: @@
 **<code>/usr/bin/newaliases</code>
+===Configured umask===
-[[Category:Documentation]]
+*Modified umask settings in <code>/etc/bashrc</code>
-[[Category:Infrastructure]]
+<code><pre>
+if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then
+        umask 007
+else
+        umask 022
+fi
+</pre></code>
+===Disabled <code>CTRL-ALT-DELETE</code>===
+*Removed trap entry to prevent accidental reboots
+<code><pre>
+sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
+</pre></code>
+*Made Changes Active
+<code><pre>
+init q
+</pre></code>
+===Disabled Various Kernel Modules===
+*Added the following to <code>/etc/modprobe.conf</code>
+<code><pre>
+install pppox /bin/true
+install bluetooth /bin/true
+install sctp /bin/true
+</pre></code>
+===Installed & Configured SNMP===
+*Installed needed packages
+<code><pre>
+yum install net-snmp ntp
+</pre></code>
+*Configured SNMP Daemon <code>/etc/snmp/snmpd.conf</code>
+<code><pre>
+rocommunity     <passphrase>  127.0.0.1
+rocommunity     <passphrase>  <ipsallowed>
+rocommunity     <passphrase>  <ipsallowed>
+syslocation Clarkson University Applied CS Labs
+syscontact Matt McCarrell <mccarrms@gmail.com>
+disk /
+disk /var
+disk /boot
+disk /tmp
+disk /home
+disk /mnt/raidA
+exec timeskew /usr/local/sbin/ntp_check
+exec uptime /usr/bin/uptime
+proc MegaServ
+</pre></code>
+*Deployed <code>ntp_check</code> script
+**Copied over <code>/usr/local/sbin/ntp_check</code> from [[Isengard]] to /usr/local/sbin/
+**<code>chown root.root /usr/local/sbin/ntp_check</code>
+*Configured SNMP to start at specific run levels
+<code><pre>
+/sbin/chkconfig --levels 2345 snmpd on
+</pre></code>
+*Started daemon
+<code><pre>
+/etc/init.d/snmpd start
+</pre></code>
+===Increased Detail of Logwatch Reports===
+*Set detail level to be high
+<code><pre>
+echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf
+</pre></code>
+===Disabled Unneeded Services===
+*Referenced [http://www.cyberciti.biz/faq/linux-default-services-which-are-enabled-at-boot/ this page]
+<code><pre>
+chkconfig nfs off
+/etc/init.d/nfs stop
+chkconfig nfslock off
+/etc/init.d/nfslock stop
+chkconfig rpcgssd off
+/etc/init.d/rpcgssd stop
+chkconfig rpcidmapd off
+/etc/init.d/rpcidmapd stop
+chkconfig rpcsvcgssd off
+/etc/init.d/rpcsvcgssd stop
+chkconfig portmap off
+/etc/init.d/portmap stop
+chkconfig netfs off
+/etc/init.d/netfs stop
+chkconfig anacron off
+/etc/init.d/anacron stop
+chkconfig autofs off
+/etc/init.d/autofs stop
+chkconfig avahi-daemon off
+/etc/init.d/avahi-daemon stop
+chkconfig avahi-dnsconfd off
+/etc/init.d/avahi-dnsconfd stop
+chkconfig bluetooth off
+/etc/init.d/bluetooth stop
+chkconfig hidd off
+/etc/init.d/hidd stop
+chkconfig cups off
+/etc/init.d/cups stop
+chkconfig firstboot off
+/etc/init.d/firstboot stop
+chkconfig gpm off
+/etc/init.d/gpm stop
+chkconfig haldaemon off
+/etc/init.d/haldaemon stop
+chkconfig irda off
+/etc/init.d/irda stop
+chkconfig kudzu off
+/etc/init.d/kudzu stop
+chkconfig messagebus off
+/etc/init.d/messagebus stop
+chkconfig microcode_ctl off
+/etc/init.d/microcode_ctl stop
+chkconfig pcscd off
+/etc/init.d/pcscd stop
+chkconfig readahead_early off
+/etc/init.d/readahead_early stop
+chkconfig readahead_later off
+/etc/init.d/readahead_later stop
+chkconfig ypbind off
+/etc/init.d/ypbind stop
+</pre></code>
+==Installed Software for the RAID Units==
+===Installed MegaMon for Linux to monitor the RAID units===
+*Downloaded MegaMon for Linux
+<code><pre>
+wget http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/HWR_Monitor_Linux_3.8.zip
+</pre></code>
+*Unziped MegaMon
+<code><pre>
+unzip HWR_Monitor_Linux_3.8.zip
+unzip MegaMon.zip
+</pre></code>
+*Installed it
+<code><pre>
+[root@animal megaraid]# ./install
+If your goal is to install this utility in DEBIAN, SUSE
+or CALDERA Linux, Execute the install with option as below:
+./install -debian
+./install -suse
+./install -caldera
+For other linux/solaris system including REDHAT please continue this
+install with no option
+Do you want quit this installation [y/n]
+n
+Installation Completed
+</pre></code>
+*Modified <code>/etc/init.d/raidmon</code> start line to disable root emails (emails will be handled by a separate script to prevent me from being spammed)
+<code><pre>
+#echo -n 'Starting NetRAID Monitor:'
+echo -n 'Starting RAID Monitor:'
+MegaCtrl -start > /dev/null ; sleep 1 ; MegaCtrl -disMail
+</pre></code>
+*Started <code>raidmon</code>
+<code><pre>
+/etc/init.d/raidmon start
+</pre></code>
+===Installed Configuration Utility===
+*Downloaded MegaMGR for Linux
+<code><pre>
+wget http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/megamgr/ut_linux_mgr_5.20.zip
+</pre></code>
+*Unziped MegaMGR Linux
+<code><pre>
+unzip ut_linux_mgr_5.20.zip
+</pre></code>
+*Installed it
+<code><pre>
+chmod +x megamgr
+chmod +x megamgr.bin
+sed -i "s/.\/megamgr.bin/\/usr\/local\/sbin\/megamgr.bin/g"
+mv megamgr* /usr/local/sbin/
+</pre></code>
+[[Category:Server Setup Documentation]]

Difference between revisions of "Animal Setup Process"

Latest revision as of 07:30, 29 October 2014

Contents

Install

Kickstart File

Configuration

Updated System

Created User

Configured Sudo

Configured Networks

Configured Hosts

Configured DNS Servers

Disabled IP v6

Configured IPtables

Configured SSH

Set Up SSH Login Banner

Configured Password Requirements

Added Custom PATH Variables

Set Up & Configured NTP

Configured ntpd to Sync Hardware Clock

Installed and Configured APCUPSD

Installed and configured apcupsd

Configured Aliases

Configured umask

Disabled CTRL-ALT-DELETE

Disabled Various Kernel Modules

Installed & Configured SNMP

Increased Detail of Logwatch Reports

Disabled Unneeded Services

Installed Software for the RAID Units

Installed MegaMon for Linux to monitor the RAID units

Installed Configuration Utility

Navigation menu

Search

Installed and configured `apcupsd`

Disabled `CTRL-ALT-DELETE`