Difference between revisions of "Animal Setup Process"

From CSLabsWiki
m (Installed & Configured SNMP)
m (Installed MegaMon for Linux to monitor the RAID units)
Line 944: Line 944:
 
n
 
n
 
Installation Completed
 
Installation Completed
  +
</pre></code>
  +
  +
*Modified start line to disable root emails (emails will be handled by a separate script to prevent me from being spammed)
  +
<code><pre>
  +
#echo -n 'Starting NetRAID Monitor:'
  +
echo -n 'Starting RAID Monitor:'
  +
MegaCtrl -start > /dev/null ; sleep 1 ; MegaCtrl -disMail
 
</pre></code>
 
</pre></code>
   

Revision as of 21:08, 20 January 2010

This page summarizes how Animal was set up in Fall 2009.

Install

  • Installed CentOS 5.3 x86.
    • Partition Scheme
      • 100 MB /boot - Hardware RAID 1
      • 270 GB root_lvg - Logical Volume Group - Hardware RAID 1
        • 262 GB / (root_lvg-root_lv)
        • 4 GB /var (root_lvg-var_lv)
        • 4 GB swap (root_lvg-swap_lv)
      • 1.6 TB /mnt/raidA - Hardware RAID 10

Kickstart File

# Kickstart file automatically generated by anaconda.

install
cdrom
lang en_US.UTF-8
keyboard us
network --device eth0 --bootproto static --ip 128.153.145.216 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal
network --device eth1 --bootproto static --ip 10.0.1.25 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname animal
rootpw --iscrypted 
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --permissive
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sdb,sda --md5pass=
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --all --initlabel
part /boot --fstype ext3 --size=100 --ondisk=sdb
part /mnt/raidA --fstype ext3 --size=100 --grow --ondisk=sda
part pv.5 --size=100 --grow --ondisk=sdb
volgroup root_lvg --pesize=32768 pv.5
logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=276832
logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=4096
logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=4096

%packages
@core
@base
device-mapper-multipath
-NetworkManager
-bluez-utils
-cpuspeed

%post
/sbin/chkconfig --level 123456 cups off

Grub Modification

Upon first boot, grub needs to be modified to use root (hd1,0), instead of root (hd0,0).

The grub config should then be modified to look like the following.

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd1,0)
#          kernel /vmlinuz-version ro root=/dev/root_lvg/root_lv
#          initrd /initrd-version.img
#boot=/dev/sdb
default=0
timeout=5
splashimage=(hd1,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 
title CentOS (2.6.18-128.el5)
        root (hd1,0)
        kernel /vmlinuz-2.6.18-128.el5 ro root=/dev/root_lvg/root_lv
        initrd /initrd-2.6.18-128.el5.img

Configuration

Updated System

  • Configured Yum Priorities & to use our mirror
    • Edited /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2
    • Edited /etc/yum.repos.d/rpmforge.repo
# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
# URL: http://rpmforge.net/
[rpmforge]
name = Red Hat Enterprise $releasever - RPMforge.net - dag
baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
priority=15
    • Edited /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
baseurl=http://mirror.clarkson.edu/epel/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=30

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30

[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30
    • Edited /etc/yum.repos.d/epel-testing.repo
[epel-testing]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=40

[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40

[epel-testing-source]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40
  • Disabled Yum FastestMirror since using local mirror
    • sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf
  • Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
    • yum install yum-priorities
  • Configured Yum Priorities to check for obsoletes
    • echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf
  • yum install vim-enhanced gcc emacs-nox screen
  • yum update

Created User

  • Created user mccarrms
    • /usr/sbin/useradd -m mccarrms
  • Set password for mccarrms
    • passwd mccarrms

Configured Sudo

  • /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

#User_Alias ADMINS = mccarrms

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
%admins ALL=(root)      ALL, !SHELLS

Configured Networks

  • Configured hostname in /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=animal
GATEWAY=128.153.145.1
  • Verified eth0 configuration for Clarkson Network in /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:C0:9F:2A:32:40
IPADDR=128.153.145.216
NETMASK=255.255.255.0
ONBOOT=yes
  • Verified eth1 configuration for the Server Room Network in /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth1
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:1B:21:28:C8:46
IPADDR=10.0.1.25
NETMASK=255.255.255.0
ONBOOT=yes

Configured Hosts

  • Edited /etc/hosts
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
128.153.145.216 animal.cslabs.clarkson.edu animal.cslabs animal
10.0.1.25       animal.sr.cslabs.clarkson.edu animal.sr.cslabs animal.sr
  • Edited /etc/hosts.allow
For security purposes, this information has been intentionally left off.
  • Edited /etc/hosts.deny
ALL: ALL

Configured DNS Servers

  • Edited /etc/resolv.conf
search cslabs.clarkson.edu clarkson.edu
nameserver 128.153.0.254
nameserver 128.153.5.254

Disabled IP v6

  • Appended the following to /etc/modprobe.conf
alias ipv6 off
alias net-pf-10 off
  • Disabled IP v6 firewall
    • /sbin/chkconfig ip6tables off

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
  • Restarted iptables
    • /etc/init.d/iptables restart

Configured SSH

  • Edited /etc/ssh/sshd_config
Due to the sensitivity of this material, this config file has been left off.
  • Restarted sshd
    • /etc/init.d/sshd restart

Set Up SSH Login Banner

  • Edited /etc/issue.net
            _            __
 ___ ____  (_)_ _  ___ _/ /
/ _ `/ _ \/ /  ' \/ _ `/ / 
\_,_/_//_/_/_/_/_/\_,_/_/  
                           

Configured Password Requirements

  • Edited /etc/login.defs
MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   360
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   60

UID_MIN                   500
UID_MAX                 60000

GID_MIN                   500
GID_MAX                 60000

CREATE_HOME     yes

UMASK           077

USERGROUPS_ENAB yes

MD5_CRYPT_ENAB yes

ENCRYPT_METHOD MD5

Added Custom PATH Variables

  • Added the following to /etc/profile
PATH=$PATH:/usr/sbin:/sbin
export PATH

Set Up & Configured NTP

  • Installed NTP
    • yum install ntp
  • Edited /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery

server tick.clarkson.edu
server tock.clarkson.edu

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift

keys /etc/ntp/keys
  • Edited /etc/ntp/step-tickers
tick.clarkson.edu
tock.clarkson.edu
  • Configured ntpd to start on boot
    • /sbin/chkconfig --levels 2345 ntpd on
  • Started ntpd
    • /etc/init.d/ntpd start

Configured ntpd to Sync Hardware Clock

  • Edited /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes

# Additional options for ntpdate
NTPDATE_OPTIONS=""

Installed and Configured APCUPSD

This package is used to monitor the UPSes which Animal is plugged into and is used to shutdown the system in the event of a power failure.

Installed and configured apcupsd

  • Checked that the UPS was detected
    • cat /proc/bus/usb/devices
T:  Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor=051d ProdID=0002 Rev= 1.01
S:  Manufacturer=American Power Conversion
S:  Product=Back-UPS RS 1500 LCD FW:839.H7 .D USB FW:H7
S:  SerialNumber=JB0802018491
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  2mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms

T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=1.5 MxCh= 0
D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor=051d ProdID=0002 Rev= 1.01
S:  Manufacturer=American Power Conversion
S:  Product=Back-UPS RS 1500 LCD FW:839.H5 .D USB FW:H5
S:  SerialNumber=JB0730001020
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  2mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
E:  Ad=81(I) Atr=03(Int.) MxPS=   6 Ivl=100ms
  • Appended the following to /etc/udev/rules.d/50-udev.rules
#####################################
# UPSes
#####################################

KERNEL=="hiddev*", SYSFS{serial}=="JB0802018491", SYMLINK="ups1"
KERNEL=="hiddev*", SYSFS{serial}=="JB0730001020", SYMLINK="ups2"
  • Installed apcupsd
    • yum install apcupsd
  • Edited /etc/apcupsd/apcupsd.ups1.conf
## apcupsd.conf v1.1 ##

UPSNAME ups1

UPSCABLE usb

UPSTYPE usb
DEVICE /dev/ups1

LOCKFILE /var/lock

SCRIPTDIR /etc/apcupsd

PWRFAILDIR /etc/apcupsd

NOLOGINDIR /etc

ONBATTERYDELAY 6

BATTERYLEVEL 7

MINUTES 10

TIMEOUT 0

ANNOY 300

ANNOYDELAY 60

NOLOGON disable

KILLDELAY 0

NETSERVER on

NISIP 0.0.0.0

NISPORT 3551

EVENTSFILE /var/log/apcupsd.ups1.events

EVENTSFILEMAX 10

UPSCLASS standalone

UPSMODE disable

STATTIME 0

STATFILE /var/log/apcupsd.ups1.status

LOGSTATS off

DATATIME 0

SELFTEST 336
  • Edited /etc/apcupsd/apcupsd.ups2.conf
## apcupsd.conf v1.1 ##

UPSNAME ups2

UPSCABLE usb

UPSTYPE usb
DEVICE /dev/ups2

LOCKFILE /var/lock

SCRIPTDIR /etc/apcupsd

PWRFAILDIR /etc/apcupsd

NOLOGINDIR /etc

ONBATTERYDELAY 6

BATTERYLEVEL 7

MINUTES 10

TIMEOUT 0

ANNOY 300

ANNOYDELAY 60

NOLOGON disable

KILLDELAY 0

NETSERVER on

NISIP 0.0.0.0

NISPORT 3552

EVENTSFILE /var/log/apcupsd.ups2.events

EVENTSFILEMAX 10

UPSCLASS standalone

UPSMODE disable

STATTIME 0

STATFILE /var/log/apcupsd.ups2.status

LOGSTATS off

DATATIME 0

SELFTEST 336
  • Edited /etc/init.d/apcupsd
#! /bin/sh
#
# apcupsd      This shell script takes care of starting and stopping
#              the apcupsd UPS monitoring daemon.
#
# chkconfig: 2345 60 99
# description: apcupsd monitors power and takes action if necessary
#

if test -f /etc/whitebox-release ; then
   f=/etc/whitebox-release
else
   f=/etc/redhat-release
fi
if test `cat $f | grep release |\
     cut -f 3 -d ' '`x = "Enterprise"x ; then
   DISTVER="Enterprise "`cat $f | grep release |\
     cut -f 6 -d ' '`
else
   DISTVER=`cat /etc/redhat-release | grep release |\
     cut -f 5 -d ' '`
fi

# Source function libarary
. /etc/rc.d/init.d/functions

case "$1" in
    start)
       rm -f /etc/apcupsd/powerfail
       rm -f /etc/nologin
       for conf in /etc/apcupsd/apcupsd.*.conf ; do
          inst=`basename $conf`
          echo -n "Starting UPS monitoring ($inst):"
          daemon /sbin/apcupsd -f $conf -P /var/run/apcupsd-$inst.pid
          RETVAL=$?
          echo
          [ $RETVAL -eq 0 ] && touch /var/lock/subsys/apcupsd-$inst
       done
       ;;
    stop)
       for conf in /etc/apcupsd/apcupsd.*.conf ; do
          inst=`basename $conf`
          echo -n "Shutting down UPS monitoring ($inst):"
          killproc -p /var/run/apcupsd-$inst.pid apcupsd
          echo
          rm -f /var/run/apcupsd-$inst.pid
          rm -f /var/lock/subsys/apcupsd-$inst
       done
       ;;
    restart|force-reload)
       $0 stop
       sleep 15
       $0 start
       ;;
    reload)
       echo "$0: reload not implemented"
       exit 3
       ;;
    status)
       for conf in /etc/apcupsd/apcupsd.*.conf ; do
          inst=`basename $conf`
          status -p /var/run/apcupsd-$inst.pid apcupsd-$inst
          RETVAL=$?
          if [ $RETVAL -eq 0 ]
          then
             NISPORT=`grep ^NISPORT < $conf | sed -e "s/NISPORT *\([0-9]\)/\1/"`
             /sbin/apcaccess status localhost:$NISPORT
          fi
       done
       ;;
    *)
       echo "Usage: $0 {start|stop|restart|status}"
       exit 1
       ;;
esac
exit 0
  • Configured apcupsd to start on boot
    • /sbin/chkconfig --levels 2345 apcupsd on
  • Started apcupsd
    • /etc/init.d/apcupsd start

Configured Aliases

  • Edited /etc/aliases
#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from /bin/mail.
#
#       >>>>>>>>>>      The program "newaliases" must be run after
#       >> NOTE >>      this file is updated for any changes to
#       >>>>>>>>>>      show through to sendmail.
#

# Basic system aliases -- these MUST be present.
mailer-daemon:  postmaster
postmaster:     logwatch@cslabs.clarkson.edu

# General redirections for pseudo accounts.
bin:            logwatch@cslabs.clarkson.edu
daemon:         logwatch@cslabs.clarkson.edu
adm:            logwatch@cslabs.clarkson.edu
lp:             logwatch@cslabs.clarkson.edu
sync:           logwatch@cslabs.clarkson.edu
shutdown:       logwatch@cslabs.clarkson.edu
halt:           logwatch@cslabs.clarkson.edu
mail:           logwatch@cslabs.clarkson.edu
news:           logwatch@cslabs.clarkson.edu
uucp:           logwatch@cslabs.clarkson.edu
operator:       logwatch@cslabs.clarkson.edu
games:          logwatch@cslabs.clarkson.edu
gopher:         logwatch@cslabs.clarkson.edu
ftp:            logwatch@cslabs.clarkson.edu
nobody:         logwatch@cslabs.clarkson.edu
radiusd:        logwatch@cslabs.clarkson.edu
nut:            logwatch@cslabs.clarkson.edu
dbus:           logwatch@cslabs.clarkson.edu
vcsa:           logwatch@cslabs.clarkson.edu
canna:          logwatch@cslabs.clarkson.edu
wnn:            logwatch@cslabs.clarkson.edu
rpm:            logwatch@cslabs.clarkson.edu
nscd:           logwatch@cslabs.clarkson.edu
pcap:           logwatch@cslabs.clarkson.edu
apache:         logwatch@cslabs.clarkson.edu
webalizer:      logwatch@cslabs.clarkson.edu
dovecot:        logwatch@cslabs.clarkson.edu
fax:            logwatch@cslabs.clarkson.edu
quagga:         logwatch@cslabs.clarkson.edu
radvd:          logwatch@cslabs.clarkson.edu
pvm:            logwatch@cslabs.clarkson.edu
amanda:         logwatch@cslabs.clarkson.edu
privoxy:        logwatch@cslabs.clarkson.edu
ident:          logwatch@cslabs.clarkson.edu
named:          logwatch@cslabs.clarkson.edu
xfs:            logwatch@cslabs.clarkson.edu
gdm:            logwatch@cslabs.clarkson.edu
mailnull:       logwatch@cslabs.clarkson.edu
postgres:       logwatch@cslabs.clarkson.edu
sshd:           logwatch@cslabs.clarkson.edu
smmsp:          logwatch@cslabs.clarkson.edu
postfix:        logwatch@cslabs.clarkson.edu
netdump:        logwatch@cslabs.clarkson.edu
ldap:           logwatch@cslabs.clarkson.edu
squid:          logwatch@cslabs.clarkson.edu
ntp:            logwatch@cslabs.clarkson.edu
mysql:          logwatch@cslabs.clarkson.edu
desktop:        logwatch@cslabs.clarkson.edu
rpcuser:        logwatch@cslabs.clarkson.edu
rpc:            logwatch@cslabs.clarkson.edu
nfsnobody:      logwatch@cslabs.clarkson.edu

ingres:         logwatch@cslabs.clarkson.edu
system:         logwatch@cslabs.clarkson.edu
toor:           logwatch@cslabs.clarkson.edu
manager:        logwatch@cslabs.clarkson.edu
dumper:         logwatch@cslabs.clarkson.edu
abuse:          logwatch@cslabs.clarkson.edu

newsadm:        news
newsadmin:      news
usenet:         news
ftpadm:         ftp
ftpadmin:       ftp
ftp-adm:        ftp
ftp-admin:      ftp
www:            webmaster
webmaster:      logwatch@cslabs.clarkson.edu
noc:            logwatch@cslabs.clarkson.edu
security:       logwatch@cslabs.clarkson.edu
hostmaster:     logwatch@cslabs.clarkson.edu
info:           postmaster
marketing:      postmaster
sales:          postmaster
support:        postmaster


# trap decode to catch security attacks
decode:         logwatch@cslabs.clarkson.edu

# Person who should get roots's mail
root:           logwatch@cslabs.clarkson.edu
  • Updated aliases
    • /usr/bin/newaliases

Configured umask

  • Modified umask settings in /etc/bashrc
if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then
        umask 007
else
        umask 022
fi

Disabled CTRL-ALT-DELETE

  • Removed trap entry to prevent accidental reboots
sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
  • Made Changes Active
init q

Disabled Various Kernel Modules

  • Added the following to /etc/modprobe.conf
install pppox /bin/true
install bluetooth /bin/true
install sctp /bin/true

Installed & Configured SNMP

  • Installed needed packages
yum install net-snmp ntp
  • Configured SNMP Daemon /etc/snmp/snmpd.conf
rocommunity     <passphrase>  127.0.0.1
rocommunity     <passphrase>  <ipsallowed>
rocommunity     <passphrase>  <ipsallowed>
 
syslocation Clarkson University Applied CS Labs
syscontact Matt McCarrell <mccarrms@gmail.com>
disk /
disk /var
disk /boot
disk /mnt/raidA
exec timeskew /usr/local/sbin/ntp_check
exec uptime /usr/bin/uptime
proc MegaServ
  • Deployed ntp_check script
    • Copied over /usr/local/sbin/ntp_check from Isengard to /usr/local/sbin/
    • chown root.root /usr/local/sbin/ntp_check
  • Configured SNMP to start at specific run levels
/sbin/chkconfig --levels 2345 snmpd on
  • Started daemon
/etc/init.d/snmpd start

Increased Detail of Logwatch Reports

  • Set detail level to be high
echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf

Installed Software for the RAID Units

Installed MegaMon for Linux to monitor the RAID units

  • Downloaded MegaMon for Linux
wget http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/HWR_Monitor_Linux_3.8.zip
  • Unziped MegaMon
unzip HWR_Monitor_Linux_3.8.zip
unzip MegaMon.zip
  • Installed it
[root@animal megaraid]# ./install
If your goal is to install this utility in DEBIAN, SUSE
or CALDERA Linux, Execute the install with option as below:
./install -debian
./install -suse
./install -caldera
For other linux/solaris system including REDHAT please continue this
install with no option
Do you want quit this installation [y/n]
n
Installation Completed
  • Modified start line to disable root emails (emails will be handled by a separate script to prevent me from being spammed)
#echo -n 'Starting NetRAID Monitor:'
echo -n 'Starting RAID Monitor:'
MegaCtrl -start > /dev/null ; sleep 1 ; MegaCtrl -disMail
  • Started raidmon
/etc/init.d/raidmon start

Installed Configuration Utility

  • Downloaded MegaMGR for Linux
wget http://www.lsi.com/DistributionSystem/AssetDocument/files/support/rsa/utilities/megamgr/ut_linux_mgr_5.20.zip
  • Unziped MegaMGR Linux
unzip ut_linux_mgr_5.20.zip
  • Installed it
chmod +x megamgr
chmod +x megamgr.bin
sed -i "s/.\/megamgr.bin/\/usr\/local\/sbin\/megamgr.bin/g"
mv megamgr* /usr/local/sbin/