|
|
(26 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | This page summarizes how [[Mirror]] was set up in Spring 2009.
| + | [[Category:Server Setup Documentation]] |
− | | |
− | ==Install==
| |
− | *Installed CentOS 5.3 x64.
| |
− | **Partition Scheme ('''Note: This isn't the most ideal partition layout but was the best use of space at the time while providing redundancy for some things that we mirror.''')
| |
− | ***100 MB /boot - Software RAID 1
| |
− | ***73 GB root_lvg - Logical Volume Group Software RAID 1
| |
− | ****53 GB / (root_lvg-root_lv)
| |
− | ****10 GB /var (root_lvg-var_lv)
| |
− | ****10 GB swap (root_lvg-swap_lv)
| |
− | ***903 GB /mnt/raid - Software RAID 1
| |
− | ***1.8 TB /mnt/lvg_storage (storage_lvg-storage_lv)
| |
− | ***903 GB /mnt/storage1
| |
− | ***903 GB /mnt/storage2
| |
− | | |
− | ===Kickstart File===
| |
− | <code><pre>
| |
− | # Kickstart file automatically generated by anaconda.
| |
− | | |
− | install
| |
− | cdrom
| |
− | lang en_US.UTF-8
| |
− | keyboard us
| |
− | network --device eth0 --bootproto static --ip 128.153.145.19 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
| |
− | network --device eth1 --bootproto static --ip 10.0.1.36 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
| |
− | network --device eth2 --bootproto static --ip 10.0.0.14 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
| |
− | rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
| |
− | firewall --enabled --port=22:tcp
| |
− | authconfig --enableshadow --enablemd5
| |
− | selinux --enforcing
| |
− | timezone --utc America/New_York
| |
− | bootloader --location=partition --driveorder=hda,hdb,sda,sdc,sdb,sdd,sde,sdf --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
| |
− | # The following is the partition information you requested
| |
− | # Note that any partitions you deleted are not expressed
| |
− | # here so unless you clear all partitions first, this is
| |
− | # not guaranteed to work
| |
− | clearpart --linux
| |
− | part raid.11 --size=100 --ondisk=hda
| |
− | part raid.14 --size=100 --ondisk=hdb
| |
− | part /mnt/storage2 --fstype ext3 --size=100 --grow --ondisk=sdf
| |
− | part /mnt/storage1 --fstype ext3 --size=100 --grow --ondisk=sde
| |
− | part pv.25 --size=100 --grow --ondisk=sdd
| |
− | part pv.24 --size=100 --grow --ondisk=sdc
| |
− | part raid.22 --size=100 --grow --ondisk=sdb
| |
− | part raid.21 --size=100 --grow --ondisk=sda
| |
− | part raid.13 --size=100 --grow --ondisk=hdb
| |
− | part raid.12 --size=100 --grow --ondisk=hda
| |
− | raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.11 raid.14
| |
− | raid pv.16 --fstype "physical volume (LVM)" --level=RAID1 --device=md1 raid.12 raid.13
| |
− | raid /mnt/raid --fstype ext3 --level=RAID1 --device=md2 raid.21 raid.22
| |
− | volgroup root_lvg --pesize=32768 pv.16
| |
− | volgroup storage_lvg --pesize=32768 pv.24 pv.25
| |
− | logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=10240
| |
− | logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=10240
| |
− | logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=55712
| |
− | logvol /mnt/lvg_storage --fstype ext3 --name=storage_lv --vgname=storage_lvg --size=1907712
| |
− | | |
− | %packages
| |
− | @core
| |
− | @base
| |
− | device-mapper-multipath
| |
− | -NetworkManager
| |
− | -bluez-utils
| |
− | </pre></code>
| |
− | | |
− | ==Configuration==
| |
− | ===Updated System===
| |
− | *Added Extra Repositories
| |
− | **RPMForge Yum Repository
| |
− | ***<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm</code>
| |
− | ****From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
| |
− | **Fedora EPEL Yum Repository
| |
− | ***<code>rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm</code>
| |
− | ****From [http://download.fedora.redhat.com/pub/epel/5/x86_64/repoview/epel-release.html Fedora]
| |
− | | |
− | *Configured Yum Priorities & to use our mirror
| |
− | **Edited <code>/etc/yum.repos.d/CentOS-Base.repo</code>
| |
− | <code><pre>
| |
− | # CentOS-Base.repo
| |
− | #
| |
− | # This file uses a new mirrorlist system developed by Lance Davis for CentOS.
| |
− | # The mirror system uses the connecting IP address of the client and the
| |
− | # update status of each mirror to pick mirrors that are updated to and
| |
− | # geographically close to the client. You should use this for CentOS updates
| |
− | # unless you are manually picking other mirrors.
| |
− | #
| |
− | # If the mirrorlist= does not work for you, as a fall back you can try the
| |
− | # remarked out baseurl= line instead.
| |
− | #
| |
− | #
| |
− | | |
− | [base]
| |
− | name=CentOS-$releasever - Base
| |
− | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
| |
− | baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
| |
− | gpgcheck=1
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
| |
− | priority=1
| |
− | exclude=rsync
| |
− | | |
− | #released updates
| |
− | [updates]
| |
− | name=CentOS-$releasever - Updates
| |
− | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
| |
− | baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
| |
− | gpgcheck=1
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
| |
− | priority=1
| |
− | exclude=rsync
| |
− | | |
− | #packages used/produced in the build but not released
| |
− | [addons]
| |
− | name=CentOS-$releasever - Addons
| |
− | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
| |
− | baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
| |
− | gpgcheck=1
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
| |
− | priority=1
| |
− | | |
− | #additional packages that may be useful
| |
− | [extras]
| |
− | name=CentOS-$releasever - Extras
| |
− | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
| |
− | baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
| |
− | gpgcheck=1
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
| |
− | priority=1
| |
− | | |
− | #additional packages that extend functionality of existing packages
| |
− | [centosplus]
| |
− | name=CentOS-$releasever - Plus
| |
− | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
| |
− | baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
| |
− | gpgcheck=1
| |
− | enabled=0
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
| |
− | priority=2
| |
− | | |
− | #contrib - packages by Centos Users
| |
− | [contrib]
| |
− | name=CentOS-$releasever - Contrib
| |
− | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
| |
− | baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
| |
− | gpgcheck=1
| |
− | enabled=0
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
| |
− | priority=2
| |
− | </pre></code>
| |
− | | |
− | **Edited <code>/etc/yum.repos.d/rpmforge.repo</code>
| |
− | <code><pre>
| |
− | # Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
| |
− | # URL: http://rpmforge.net/
| |
− | [rpmforge]
| |
− | name = Red Hat Enterprise $releasever - RPMforge.net - dag
| |
− | baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
| |
− | #mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
| |
− | #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
| |
− | enabled = 1
| |
− | gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
| |
− | gpgcheck = 1
| |
− | priority=15
| |
− | </pre></code>
| |
− | | |
− | **Edited <code>/etc/yum.repos.d/epel.repo</code>
| |
− | <code><pre>
| |
− | [epel]
| |
− | name=Extra Packages for Enterprise Linux 5 - $basearch
| |
− | baseurl=http://mirror.clarkson.edu/epel/5/$basearch
| |
− | #mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
| |
− | failovermethod=priority
| |
− | enabled=1
| |
− | gpgcheck=1
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
| |
− | priority=30
| |
− | | |
− | [epel-debuginfo]
| |
− | name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
| |
− | baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
| |
− | #mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
| |
− | failovermethod=priority
| |
− | enabled=0
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
| |
− | gpgcheck=1
| |
− | priority=30
| |
− | | |
− | [epel-source]
| |
− | name=Extra Packages for Enterprise Linux 5 - $basearch - Source
| |
− | baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
| |
− | #mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
| |
− | failovermethod=priority
| |
− | enabled=0
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
| |
− | gpgcheck=1
| |
− | priority=30
| |
− | </pre></code>
| |
− | | |
− | **Edited <code>/etc/yum.repos.d/epel-testing.repo</code>
| |
− | <code><pre>
| |
− | [epel-testing]
| |
− | name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
| |
− | baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
| |
− | #mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
| |
− | failovermethod=priority
| |
− | enabled=0
| |
− | gpgcheck=1
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
| |
− | priority=40
| |
− | | |
− | [epel-testing-debuginfo]
| |
− | name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
| |
− | baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
| |
− | #mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
| |
− | failovermethod=priority
| |
− | enabled=0
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
| |
− | gpgcheck=1
| |
− | priority=40
| |
− | | |
− | [epel-testing-source]
| |
− | name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
| |
− | baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
| |
− | #mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
| |
− | failovermethod=priority
| |
− | enabled=0
| |
− | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
| |
− | gpgcheck=1
| |
− | priority=40
| |
− | </pre></code>
| |
− | | |
− | *Disabled Yum FastestMirror since using local mirror
| |
− | **<code>sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf</code>
| |
− | | |
− | *Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
| |
− | **<code>yum install yum-priorities</code>
| |
− | | |
− | *Configured Yum Priorities to check for obsoletes
| |
− | **<code>echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf</code>
| |
− | | |
− | *<code>yum install vim-enhanced gcc emacs-nox screen iftop</code>
| |
− | *<code>yum update</code>
| |
− | | |
− | ===Created User===
| |
− | *Created user mccarrms
| |
− | **<code>/usr/sbin/useradd -m mccarrms</code>
| |
− | *Set password for mccarrms
| |
− | **<code>passwd mccarrms</code>
| |
− | | |
− | ===Configured Sudo===
| |
− | *<code>/usr/sbin/visudo</code>
| |
− | | |
− | <code><pre>
| |
− | ## Sudoers allows particular users to run various commands as
| |
− | ## the root user, without needing the root password.
| |
− | | |
− | ## Networking
| |
− | Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
| |
− | | |
− | ## Installation and management of software
| |
− | Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
| |
− | | |
− | ## Services
| |
− | Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
| |
− | | |
− | ## Updating the locate database
| |
− | Cmnd_Alias LOCATE = /usr/sbin/updatedb
| |
| | | |
− | ## Storage
| + | This page summarizes how [[Old Mirror]] was set up in Spring 2014. |
− | Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
| |
| | | |
− | ## Delegating permissions
| + | =Install= |
− | Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
| + | See [[Debian Server Setup]] |
| | | |
− | ## Processes
| + | ==Debian 7 x64== |
− | Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
| + | *71 GB / - Software RAID 1 |
| + | *4GB Swap per OS Drive |
| | | |
− | ## Drivers
| + | =Setup= |
− | Cmnd_Alias DRIVERS = /sbin/modprobe
| + | See [[Debian Server Setup]] |
| | | |
− | ## Shells
| + | ==Raid== |
− | Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su
| + | *sda sdb sdc sde sdg sdh |
| + | */dev/md2 |
| + | *Software RAID 10 |
| + | */storage xfs |
| | | |
− | ## Users
| + | ==Networking== |
− | Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl
| |
| | | |
− | Defaults requiretty
| + | ===eth2=== |
| + | *Intel Corporation 82541PI Gigabit Ethernet Controller |
| + | *HWADDR=00:1B:21:28:C8:48 |
| + | *IPADDR=128.153.145.19 |
| | | |
− | Defaults env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
| + | ===eth1=== |
− | Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
| + | *Intel Corporation 82566DM-2 Gigabit Network Connection |
− | LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
| + | *HWADDR=00:30:48:9A:DB:26 |
− | LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
| + | *IPADDR=10.0.1.36 |
− | LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
| |
− | LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
| |
− | _XKB_CHARSET XAUTHORITY"
| |
| | | |
− | ## Allow root to run any commands anywhere
| + | ===eth3=== |
− | root ALL=(ALL) ALL
| + | *Intel Corporation 82573L Gigabit Ethernet Controller |
− | %wheel ALL=(ALL) ALL
| + | *HWADDR=00:30:48:9A:DB:27 |
− | </pre></code>
| + | *IPADDR=10.0.0.14 |
| | | |
− | ===Configured Networks===
| + | ==Set Up SSH Login Banner== |
− | *Configured hostname in <code>/etc/sysconfig/network</code>
| + | /etc/issue.net |
− | <code><pre>
| |
− | NETWORKING=yes
| |
− | NETWORKING_IPV6=no
| |
− | HOSTNAME=mirror
| |
− | GATEWAY=128.153.145.1
| |
− | </pre></code>
| |
− | | |
− | *Verified eth0 configuration for Clarkson Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth0</code>
| |
− | <code><pre>
| |
− | # Intel Corporation 82541PI Gigabit Ethernet Controller
| |
− | DEVICE=eth0
| |
− | BOOTPROTO=static
| |
− | BROADCAST=128.153.145.255
| |
− | HWADDR=00:1B:21:28:C8:48
| |
− | IPADDR=128.153.145.19
| |
− | NETMASK=255.255.255.0
| |
− | NETWORK=128.153.145.0
| |
− | ONBOOT=yes
| |
− | </pre></code>
| |
− | | |
− | *Verified eth1 configuration for the Server Room Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
| |
− | <code><pre>
| |
− | # Intel Corporation 82566DM-2 Gigabit Network Connection
| |
− | DEVICE=eth1
| |
− | BOOTPROTO=static
| |
− | BROADCAST=10.0.1.255
| |
− | HWADDR=00:30:48:9A:DB:26
| |
− | IPADDR=10.0.1.36
| |
− | NETMASK=255.255.255.0
| |
− | NETWORK=10.0.1.0
| |
− | ONBOOT=yes
| |
− | </pre></code>
| |
− | | |
− | *Verified eth2 configuration for the Internal Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth2</code>
| |
− | <code><pre>
| |
− | # Intel Corporation 82573L Gigabit Ethernet Controller
| |
− | DEVICE=eth2
| |
− | BOOTPROTO=static
| |
− | BROADCAST=10.0.0.255
| |
− | HWADDR=00:30:48:9A:DB:27
| |
− | IPADDR=10.0.0.14
| |
− | NETMASK=255.255.255.0
| |
− | NETWORK=10.0.0.0
| |
− | ONBOOT=yes
| |
− | </pre></code>
| |
− | | |
− | ====Configured Hosts====
| |
− | *Edited <code>/etc/hosts</code>
| |
− | <code><pre>
| |
− | 127.0.0.1 localhost.localdomain localhost
| |
− | ::1 localhost6.localdomain6 localhost6
| |
− | 128.153.145.19 mirror.clarkson.edu mirror.cslabs.clarkson.edu mirror.cslabs mirror
| |
− | 10.0.1.36 mirror.sr.cslabs.clarkson.edu mirror.sr.cslabs mirror.sr
| |
− | 10.0.0.14 mirror.int.cslabs.clarkson.edu mirror.int.cslabs mirror.int
| |
− | </pre></code>
| |
− | | |
− | *Edited <code>/etc/hosts.allow</code>
| |
− | <code><pre>
| |
− | For security purposes, this information has been intentionally left off.
| |
− | </pre></code>
| |
− | | |
− | *Edited <code>/etc/hosts.deny</code>
| |
− | <code><pre>
| |
− | ALL: ALL
| |
− | </pre></code>
| |
− | | |
− | ====Configured DNS Servers====
| |
− | *Edited <code>/etc/resolv.conf</code>
| |
− | <code><pre>
| |
− | search cslabs.clarkson.edu clarkson.edu
| |
− | nameserver 128.153.0.254
| |
− | nameserver 128.153.5.254
| |
− | </pre></code>
| |
− | | |
− | ====Disabled IP v6====
| |
− | *Appended the following to <code>/etc/modprobe.conf</code>
| |
− | <code><pre>
| |
− | install ipv6 /bin/true
| |
− | </pre></code>
| |
− | *Disabled IP v6 firewall
| |
− | **<code>/sbin/chkconfig ip6tables off</code>
| |
− | | |
− | ===Configured IPtables===
| |
− | <code><pre>
| |
− | Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
| |
− | </pre></code>
| |
− | *Restarted iptables
| |
− | **<code>/etc/init.d/iptables restart</code>
| |
− | | |
− | ===Configured SSH===
| |
− | *Edited <code>/etc/ssh/sshd_config</code>
| |
− | <code><pre>
| |
− | Due to the sensitivity of this material, this config file has been left off.
| |
− | </pre></code>
| |
− | *Restarted sshd
| |
− | **<code>/etc/init.d/sshd restart</code>
| |
− | | |
− | ====Set Up SSH Login Banner====
| |
− | *Edited <code>/etc/issue.net</code>
| |
| <code><pre> | | <code><pre> |
| _ | | _ |
Line 407: |
Line 45: |
| | | |
| </pre></code> | | </pre></code> |
| + | ==SSHD config== |
| + | uncomment |
| + | Banner /etc/issue.net |
| | | |
− | ===Configured Password Requirements=== | + | ==Installed nginx== |
− | *Edited <code>/etc/login.defs</code>
| + | apt-get install install nginx |
− | <code><pre>
| |
− | MAIL_DIR /var/spool/mail
| |
− | | |
− | PASS_MAX_DAYS 360
| |
− | PASS_MIN_DAYS 0
| |
− | PASS_MIN_LEN 8
| |
− | PASS_WARN_AGE 60
| |
− | | |
− | UID_MIN 500
| |
− | UID_MAX 60000
| |
− | | |
− | GID_MIN 500
| |
− | GID_MAX 60000
| |
− | | |
− | CREATE_HOME yes
| |
− | | |
− | UMASK 077
| |
− | | |
− | USERGROUPS_ENAB yes
| |
− | | |
− | MD5_CRYPT_ENAB yes
| |
− | | |
− | ENCRYPT_METHOD MD5
| |
− | </pre></code>
| |
− | | |
− | ===Added Custom PATH Variables===
| |
− | *Added the following to <code>/etc/profile</code>
| |
− | <code><pre>
| |
− | PATH=$PATH:/usr/sbin:/sbin
| |
− | export PATH
| |
− | </pre></code>
| |
− | | |
− | ===Modified Root's Crontab===
| |
− | *<code>crontab -e</code>
| |
− | <code><pre>
| |
− | # Used to update locate database
| |
− | 0 * * * * /usr/bin/updatedb
| |
− | </pre></code>
| |
− | | |
− | ===Set Up & Configured NTP===
| |
− | *Installed NTP
| |
− | **<code>yum install ntp</code>
| |
− | | |
− | *Edited <code>/etc/ntp.conf</code>
| |
− | <code><pre>
| |
− | restrict default kod nomodify notrap nopeer noquery
| |
− | restrict -6 default kod nomodify notrap nopeer noquery
| |
− | | |
− | restrict 127.0.0.1
| |
− | restrict -6 ::1
| |
− | | |
− | restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
| |
− | restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
| |
− | | |
− | server tick.clarkson.edu
| |
− | server tock.clarkson.edu
| |
− | | |
− | server 127.127.1.0 # local clock
| |
− | fudge 127.127.1.0 stratum 10
| |
− | | |
− | driftfile /var/lib/ntp/drift
| |
− | | |
− | keys /etc/ntp/keys
| |
− | </pre></code>
| |
− | | |
− | *Edited <code>/etc/ntp/step-tickers</code>
| |
− | <code><pre>
| |
− | tick.clarkson.edu
| |
− | tock.clarkson.edu
| |
− | </pre></code>
| |
− | | |
− | *Configured ntpd to start on boot
| |
− | **<code>/sbin/chkconfig --levels 2345 ntpd on</code>
| |
− | | |
− | *Started ntpd
| |
− | **<code>/etc/init.d/ntpd start</code>
| |
− | | |
− | ====Configured ntpd to Sync Hardware Clock==== | |
− | *Edited <code>/etc/sysconfig/ntpd</code>
| |
− | <code><pre>
| |
− | # Drop root to id 'ntp:ntp' by default.
| |
− | OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
| |
− | | |
− | # Set to 'yes' to sync hw clock after successful ntpdate
| |
− | SYNC_HWCLOCK=yes
| |
− | | |
− | # Additional options for ntpdate
| |
− | NTPDATE_OPTIONS=""
| |
− | </pre></code>
| |
− | | |
− | ===Installed and Configured [http://www.apcupsd.org/ APCUPSD]===
| |
− | This package is used to monitor the UPS which [[Mirror]] is plugged into and is used to shutdown the system in the event of a power failure.
| |
− | | |
− | ====Configured to Power On when Power is Restored====
| |
− | *Edited the BIOS to have <code>Restore on AC/Power Loss</code> set to <code>Power On</code>.
| |
− | | |
− | ====Installed and configured <code>apcupsd</code>====
| |
− | *Installed <code>apcupsd</code>
| |
− | **<code>yum install apcupsd</code>
| |
− | | |
− | *Edited <code>/etc/apcupsd/apcupsd.conf</code>
| |
− | <code><pre>
| |
− | ## apcupsd.conf v1.1 ##
| |
− | | |
− | UPSNAME ups3
| |
− | | |
− | UPSCABLE ether
| |
− | | |
− | UPSTYPE net
| |
− | DEVICE 128.153.145.215:3551
| |
− | | |
− | LOCKFILE /var/lock
| |
− | | |
− | SCRIPTDIR /etc/apcupsd
| |
− | | |
− | PWRFAILDIR /etc/apcupsd
| |
− | | |
− | NOLOGINDIR /etc
| |
− | | |
− | ONBATTERYDELAY 6
| |
− | | |
− | BATTERYLEVEL 10
| |
− | | |
− | MINUTES 15
| |
− | | |
− | TIMEOUT 0
| |
− | | |
− | ANNOY 300
| |
− | | |
− | ANNOYDELAY 60
| |
− | | |
− | NOLOGON disable
| |
− | | |
− | KILLDELAY 0
| |
− | | |
− | NETSERVER on
| |
− | | |
− | NISIP 127.0.0.1
| |
− | | |
− | NISPORT 3551
| |
− | | |
− | EVENTSFILE /var/log/apcupsd.events
| |
− | | |
− | EVENTSFILEMAX 10
| |
− | | |
− | UPSCLASS standalone
| |
− | | |
− | UPSMODE disable
| |
− | | |
− | STATTIME 0
| |
− | | |
− | STATFILE /var/log/apcupsd.status
| |
− | | |
− | LOGSTATS off
| |
− | | |
− | DATATIME 0
| |
− | | |
− | SELFTEST 336
| |
− | </pre></code>
| |
− | | |
− | *Configured <code>apcupsd</code> to start on boot
| |
− | **<code>/sbin/chkconfig --levels 2345 apcupsd on</code>
| |
− | | |
− | *Started <code>apcupsd</code>
| |
− | **<code>/etc/init.d/apcupsd start</code>
| |
− | | |
− | ===Configured Aliases===
| |
− | *Edited <code>/etc/aliases</code>
| |
− | <code><pre>
| |
− | #
| |
− | # Aliases in this file will NOT be expanded in the header from
| |
− | # Mail, but WILL be visible over networks or from /bin/mail.
| |
− | #
| |
− | # >>>>>>>>>> The program "newaliases" must be run after
| |
− | # >> NOTE >> this file is updated for any changes to
| |
− | # >>>>>>>>>> show through to sendmail.
| |
− | #
| |
− | | |
− | # Basic system aliases -- these MUST be present.
| |
− | mailer-daemon: postmaster
| |
− | postmaster: logwatch@cslabs.clarkson.edu
| |
− | | |
− | # General redirections for pseudo accounts.
| |
− | bin: logwatch@cslabs.clarkson.edu
| |
− | daemon: logwatch@cslabs.clarkson.edu
| |
− | adm: logwatch@cslabs.clarkson.edu
| |
− | lp: logwatch@cslabs.clarkson.edu
| |
− | sync: logwatch@cslabs.clarkson.edu
| |
− | shutdown: logwatch@cslabs.clarkson.edu
| |
− | halt: logwatch@cslabs.clarkson.edu
| |
− | mail: logwatch@cslabs.clarkson.edu
| |
− | news: logwatch@cslabs.clarkson.edu
| |
− | uucp: logwatch@cslabs.clarkson.edu
| |
− | operator: logwatch@cslabs.clarkson.edu
| |
− | games: logwatch@cslabs.clarkson.edu
| |
− | gopher: logwatch@cslabs.clarkson.edu
| |
− | ftp: logwatch@cslabs.clarkson.edu
| |
− | nobody: logwatch@cslabs.clarkson.edu
| |
− | radiusd: logwatch@cslabs.clarkson.edu
| |
− | nut: logwatch@cslabs.clarkson.edu
| |
− | dbus: logwatch@cslabs.clarkson.edu
| |
− | vcsa: logwatch@cslabs.clarkson.edu
| |
− | canna: logwatch@cslabs.clarkson.edu
| |
− | wnn: logwatch@cslabs.clarkson.edu
| |
− | rpm: logwatch@cslabs.clarkson.edu
| |
− | nscd: logwatch@cslabs.clarkson.edu
| |
− | pcap: logwatch@cslabs.clarkson.edu
| |
− | apache: logwatch@cslabs.clarkson.edu
| |
− | webalizer: logwatch@cslabs.clarkson.edu
| |
− | dovecot: logwatch@cslabs.clarkson.edu
| |
− | fax: logwatch@cslabs.clarkson.edu
| |
− | quagga: logwatch@cslabs.clarkson.edu
| |
− | radvd: logwatch@cslabs.clarkson.edu
| |
− | pvm: logwatch@cslabs.clarkson.edu
| |
− | amanda: logwatch@cslabs.clarkson.edu
| |
− | privoxy: logwatch@cslabs.clarkson.edu
| |
− | ident: logwatch@cslabs.clarkson.edu
| |
− | named: logwatch@cslabs.clarkson.edu
| |
− | xfs: logwatch@cslabs.clarkson.edu
| |
− | gdm: logwatch@cslabs.clarkson.edu
| |
− | mailnull: logwatch@cslabs.clarkson.edu
| |
− | postgres: logwatch@cslabs.clarkson.edu
| |
− | sshd: logwatch@cslabs.clarkson.edu
| |
− | smmsp: logwatch@cslabs.clarkson.edu
| |
− | postfix: logwatch@cslabs.clarkson.edu
| |
− | netdump: logwatch@cslabs.clarkson.edu
| |
− | ldap: logwatch@cslabs.clarkson.edu
| |
− | squid: logwatch@cslabs.clarkson.edu
| |
− | ntp: logwatch@cslabs.clarkson.edu
| |
− | mysql: logwatch@cslabs.clarkson.edu
| |
− | desktop: logwatch@cslabs.clarkson.edu
| |
− | rpcuser: logwatch@cslabs.clarkson.edu
| |
− | rpc: logwatch@cslabs.clarkson.edu
| |
− | nfsnobody: logwatch@cslabs.clarkson.edu
| |
− | | |
− | ingres: logwatch@cslabs.clarkson.edu
| |
− | system: logwatch@cslabs.clarkson.edu
| |
− | toor: logwatch@cslabs.clarkson.edu
| |
− | manager: logwatch@cslabs.clarkson.edu
| |
− | dumper: logwatch@cslabs.clarkson.edu
| |
− | abuse: logwatch@cslabs.clarkson.edu
| |
− | | |
− | newsadm: news
| |
− | newsadmin: news
| |
− | usenet: news
| |
− | ftpadm: ftp
| |
− | ftpadmin: ftp
| |
− | ftp-adm: ftp
| |
− | ftp-admin: ftp
| |
− | www: webmaster
| |
− | webmaster: logwatch@cslabs.clarkson.edu
| |
− | noc: logwatch@cslabs.clarkson.edu
| |
− | security: logwatch@cslabs.clarkson.edu
| |
− | hostmaster: logwatch@cslabs.clarkson.edu
| |
− | info: postmaster
| |
− | marketing: postmaster
| |
− | sales: postmaster
| |
− | support: postmaster
| |
− | | |
− | | |
− | # trap decode to catch security attacks
| |
− | decode: logwatch@cslabs.clarkson.edu
| |
− | | |
− | # Person who should get roots's mail
| |
− | root: logwatch@cslabs.clarkson.edu
| |
− | </pre></code>
| |
− | | |
− | *Updated aliases
| |
− | **<code>/usr/bin/newaliases</code>
| |
− | | |
− | ===Disabled <code>CTRL-ALT-DELETE</code>===
| |
− | *Removed trap entry to prevent accidental reboots
| |
− | <code><pre>
| |
− | sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
| |
− | </pre></code>
| |
− | | |
− | *Made Changes Active
| |
− | <code><pre>
| |
− | init q
| |
− | </pre></code>
| |
− | | |
− | ===Disabled Various Kernel Modules===
| |
− | *Added the following to <code>/etc/modprobe.conf</code>
| |
− | <code><pre>
| |
− | install pppox /bin/true
| |
− | install bluetooth /bin/true
| |
− | install sctp /bin/true | |
− | </pre></code>
| |
− | | |
− | ===Installed & Configured SNMP===
| |
− | *Installed needed packages
| |
− | <code><pre>
| |
− | yum install net-snmp ntp
| |
− | </pre></code>
| |
− | | |
− | *Configured SNMP Daemon <code>/etc/snmp/snmpd.conf</code>
| |
− | <code><pre>
| |
− | rocommunity <passphrase> 127.0.0.1
| |
− | rocommunity <passphrase> <ipsallowed>
| |
− |
| |
− | syslocation Clarkson University Applied CS Labs
| |
− | syscontact Matt McCarrell <mccarrms@gmail.com>
| |
− | disk /
| |
− | disk /var
| |
− | disk /boot
| |
− | disk /mnt/raid
| |
− | disk /mnt/lvg_storage
| |
− | disk /mnt/storage1
| |
− | disk /mnt/storage2
| |
− | exec timeskew /usr/local/sbin/ntp_check
| |
− | exec uptime /usr/bin/uptime
| |
− | </pre></code>
| |
− | | |
− | *Deployed <code>ntp_check</code> script
| |
− | **Copied over <code>/usr/local/sbin/ntp_check</code> from [[Isengard]] to /usr/local/sbin/
| |
− | **<code>chown root.root /usr/local/sbin/ntp_check</code>
| |
− | | |
− | *Configured SNMP to start at specific run levels
| |
− | <code><pre>
| |
− | /sbin/chkconfig --levels 2345 snmpd on
| |
− | </pre></code>
| |
− | | |
− | *Started daemon
| |
− | <code><pre>
| |
− | /etc/init.d/snmpd start
| |
− | </pre></code>
| |
− | | |
− | ===Increased Detail of Logwatch Reports===
| |
− | *Set detail level to be high
| |
− | <code><pre>
| |
− | echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf
| |
− | </pre></code>
| |
− | | |
− | ===Modified <code>/etc/fstab</code> to increase performance===
| |
− | *Configured to not update inode access times
| |
− | <code><pre>
| |
− | /dev/root_lvg/root_lv / ext3 defaults 1 1
| |
− | /dev/md2 /mnt/raid ext3 defaults,noatime 1 2
| |
− | /dev/storage_lvg/storage_lv /mnt/lvg_storage ext3 defaults,noatime 1 2
| |
− | /dev/md0 /boot ext3 defaults 1 2
| |
− | /dev/root_lvg/var_lv /var ext3 defaults 1 2
| |
− | LABEL=/mnt/storage1 /mnt/storage1 ext3 defaults,noatime 1 2
| |
− | LABEL=/mnt/storage2 /mnt/storage2 ext3 defaults,noatime 1 2
| |
− | tmpfs /dev/shm tmpfs defaults 0 0
| |
− | devpts /dev/pts devpts gid=5,mode=620 0 0
| |
− | sysfs /sys sysfs defaults 0 0
| |
− | proc /proc proc defaults 0 0
| |
− | /dev/root_lvg/swap_lv swap swap defaults 0 0
| |
− | </pre></code>
| |
− | | |
− | ==Installed Apache==
| |
− | *Installed <code>httpd</code>
| |
− | **<code>yum install httpd</code>
| |
− | | |
− | *Modified <code>/etc/httpd/conf/httpd.conf</code>
| |
− | <code><pre>
| |
− | ServerTokens Prod
| |
− | ServerRoot "/etc/httpd"
| |
− | PidFile run/httpd.pid
| |
− | Timeout 120
| |
− | KeepAlive On
| |
− | MaxKeepAliveRequests 100
| |
− | KeepAliveTimeout 2
| |
− | TraceEnable Off
| |
− | | |
− | <IfModule prefork.c>
| |
− | StartServers 32
| |
− | MinSpareServers 20
| |
− | MaxSpareServers 80
| |
− | ServerLimit 768
| |
− | MaxClients 768
| |
− | MaxRequestsPerChild 1000
| |
− | </IfModule>
| |
− | | |
− | <IfModule worker.c>
| |
− | StartServers 8
| |
− | MaxClients 600
| |
− | MinSpareThreads 100
| |
− | MaxSpareThreads 300
| |
− | ThreadsPerChild 100
| |
− | MaxRequestsPerChild 0
| |
− | </IfModule>
| |
− | | |
− | Listen 80
| |
− | | |
− | LoadModule auth_basic_module modules/mod_auth_basic.so
| |
− | LoadModule auth_digest_module modules/mod_auth_digest.so
| |
− | LoadModule authn_file_module modules/mod_authn_file.so
| |
− | LoadModule authn_alias_module modules/mod_authn_alias.so
| |
− | LoadModule authn_anon_module modules/mod_authn_anon.so
| |
− | LoadModule authn_dbm_module modules/mod_authn_dbm.so
| |
− | LoadModule authn_default_module modules/mod_authn_default.so
| |
− | LoadModule authz_host_module modules/mod_authz_host.so
| |
− | LoadModule authz_user_module modules/mod_authz_user.so
| |
− | LoadModule authz_owner_module modules/mod_authz_owner.so
| |
− | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
| |
− | LoadModule authz_dbm_module modules/mod_authz_dbm.so
| |
− | LoadModule authz_default_module modules/mod_authz_default.so
| |
− | LoadModule ldap_module modules/mod_ldap.so
| |
− | LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
| |
− | LoadModule include_module modules/mod_include.so
| |
− | LoadModule log_config_module modules/mod_log_config.so
| |
− | LoadModule logio_module modules/mod_logio.so
| |
− | LoadModule env_module modules/mod_env.so
| |
− | LoadModule ext_filter_module modules/mod_ext_filter.so
| |
− | LoadModule mime_magic_module modules/mod_mime_magic.so
| |
− | LoadModule expires_module modules/mod_expires.so
| |
− | LoadModule deflate_module modules/mod_deflate.so
| |
− | LoadModule headers_module modules/mod_headers.so
| |
− | LoadModule usertrack_module modules/mod_usertrack.so
| |
− | LoadModule setenvif_module modules/mod_setenvif.so
| |
− | LoadModule mime_module modules/mod_mime.so
| |
− | LoadModule dav_module modules/mod_dav.so
| |
− | LoadModule status_module modules/mod_status.so
| |
− | LoadModule autoindex_module modules/mod_autoindex.so
| |
− | LoadModule info_module modules/mod_info.so
| |
− | LoadModule dav_fs_module modules/mod_dav_fs.so
| |
− | LoadModule vhost_alias_module modules/mod_vhost_alias.so
| |
− | LoadModule negotiation_module modules/mod_negotiation.so
| |
− | LoadModule dir_module modules/mod_dir.so
| |
− | LoadModule actions_module modules/mod_actions.so
| |
− | LoadModule speling_module modules/mod_speling.so
| |
− | LoadModule userdir_module modules/mod_userdir.so
| |
− | LoadModule alias_module modules/mod_alias.so
| |
− | LoadModule rewrite_module modules/mod_rewrite.so
| |
− | #LoadModule proxy_module modules/mod_proxy.so
| |
− | #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
| |
− | #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
| |
− | #LoadModule proxy_http_module modules/mod_proxy_http.so
| |
− | #LoadModule proxy_connect_module modules/mod_proxy_connect.so
| |
− | LoadModule cache_module modules/mod_cache.so
| |
− | LoadModule suexec_module modules/mod_suexec.so
| |
− | LoadModule disk_cache_module modules/mod_disk_cache.so
| |
− | LoadModule file_cache_module modules/mod_file_cache.so
| |
− | LoadModule mem_cache_module modules/mod_mem_cache.so
| |
− | LoadModule cgi_module modules/mod_cgi.so
| |
− | LoadModule version_module modules/mod_version.so
| |
− | | |
− | Include conf.d/*.conf
| |
− | | |
− | User apache
| |
− | Group apache
| |
− | | |
− | ServerAdmin mirror-admin@cslabs.clarkson.edu
| |
− | | |
− | UseCanonicalName Off
| |
− | | |
− | DocumentRoot "/var/www/html"
| |
− | | |
− | <Directory />
| |
− | Options FollowSymLinks
| |
− | AllowOverride None
| |
− | </Directory>
| |
− | | |
− | <Directory "/var/www/html">
| |
− | Options Indexes FollowSymLinks Includes
| |
− | AllowOverride FileInfo Indexes Limit
| |
− | Order allow,deny
| |
− | Allow from all
| |
− | </Directory>
| |
− | | |
− | <IfModule mod_userdir.c>
| |
− | UserDir disable
| |
− | </IfModule>
| |
− | | |
− | DirectoryIndex index.html index.html.var
| |
− | | |
− | AccessFileName .htaccess
| |
− | | |
− | XBitHack On
| |
− | | |
− | <Files ~ "^\.ht">
| |
− | Order allow,deny
| |
− | Deny from all
| |
− | </Files>
| |
− | | |
− | TypesConfig /etc/mime.types
| |
− | | |
− | DefaultType text/plain
| |
− | | |
− | <IfModule mod_mime_magic.c>
| |
− | # MIMEMagicFile /usr/share/magic.mime
| |
− | MIMEMagicFile conf/magic
| |
− | </IfModule>
| |
− | | |
− | HostnameLookups Off
| |
− | | |
− | ErrorLog logs/error_log
| |
− | LogLevel warn
| |
− | | |
− | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
| |
− | LogFormat "%h %l %u %t \"%r\" %>s %b" common
| |
− | LogFormat "%{Referer}i -> %U" referer
| |
− | LogFormat "%{User-agent}i" agent
| |
− | | |
− | CustomLog logs/access_log combined
| |
− | | |
− | ServerSignature Off
| |
− | | |
− | Alias /icons/ "/var/www/icons/"
| |
− | | |
− | <Directory "/var/www/icons">
| |
− | Options Indexes MultiViews
| |
− | AllowOverride None
| |
− | Order allow,deny
| |
− | Allow from all
| |
− | </Directory>
| |
− | | |
− | <IfModule mod_dav_fs.c>
| |
− | # Location of the WebDAV lock database.
| |
− | DAVLockDB /var/lib/dav/lockdb
| |
− | </IfModule>
| |
− | | |
− | ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
| |
− | | |
− | <Directory "/var/www/cgi-bin">
| |
− | AllowOverride None
| |
− | Options None
| |
− | Order allow,deny
| |
− | Allow from all
| |
− | </Directory>
| |
− | | |
− | IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
| |
− | | |
− | AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
| |
− | | |
− | AddIconByType (TXT,/icons/text.gif) text/*
| |
− | AddIconByType (IMG,/icons/image2.gif) image/*
| |
− | AddIconByType (SND,/icons/sound2.gif) audio/*
| |
− | AddIconByType (VID,/icons/movie.gif) video/*
| |
− | | |
− | AddIcon /icons/binary.gif .bin .exe
| |
− | AddIcon /icons/binhex.gif .hqx
| |
− | AddIcon /icons/tar.gif .tar
| |
− | AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
| |
− | AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
| |
− | AddIcon /icons/a.gif .ps .ai .eps
| |
− | AddIcon /icons/layout.gif .html .shtml .htm .pdf
| |
− | AddIcon /icons/text.gif .txt
| |
− | AddIcon /icons/c.gif .c
| |
− | AddIcon /icons/p.gif .pl .py
| |
− | AddIcon /icons/f.gif .for
| |
− | AddIcon /icons/dvi.gif .dvi
| |
− | AddIcon /icons/uuencoded.gif .uu
| |
− | AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
| |
− | AddIcon /icons/tex.gif .tex
| |
− | AddIcon /icons/bomb.gif core
| |
− | | |
− | AddIcon /icons/back.gif ..
| |
− | AddIcon /icons/hand.right.gif README
| |
− | AddIcon /icons/folder.gif ^^DIRECTORY^^
| |
− | AddIcon /icons/blank.gif ^^BLANKICON^^
| |
− | | |
− | DefaultIcon /icons/unknown.gif
| |
− | | |
− | ReadmeName README.html
| |
− | HeaderName HEADER.html
| |
− | | |
− | IndexIgnore .??* *~ *#
| |
− | | |
− | AddLanguage ca .ca
| |
− | AddLanguage cs .cz .cs
| |
− | AddLanguage da .dk
| |
− | AddLanguage de .de
| |
− | AddLanguage el .el
| |
− | AddLanguage en .en
| |
− | AddLanguage eo .eo
| |
− | AddLanguage es .es
| |
− | AddLanguage et .et
| |
− | AddLanguage fr .fr
| |
− | AddLanguage he .he
| |
− | AddLanguage hr .hr
| |
− | AddLanguage it .it
| |
− | AddLanguage ja .ja
| |
− | AddLanguage ko .ko
| |
− | AddLanguage ltz .ltz
| |
− | AddLanguage nl .nl
| |
− | AddLanguage nn .nn
| |
− | AddLanguage no .no
| |
− | AddLanguage pl .po
| |
− | AddLanguage pt .pt
| |
− | AddLanguage pt-BR .pt-br
| |
− | AddLanguage ru .ru
| |
− | AddLanguage sv .sv
| |
− | AddLanguage zh-CN .zh-cn
| |
− | AddLanguage zh-TW .zh-tw
| |
− | | |
− | LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
| |
− | | |
− | ForceLanguagePriority Prefer Fallback
| |
− | | |
− | AddDefaultCharset UTF-8
| |
− | | |
− | AddType application/x-compress .Z
| |
− | AddType application/x-gzip .gz .tgz
| |
− | | |
− | AddHandler type-map var
| |
− | | |
− | AddType text/html .shtml
| |
− | AddOutputFilter INCLUDES .shtml
| |
− | | |
− | AddType application/octet-stream .iso
| |
− | AddType application/octet-stream .rpm
| |
− | | |
− | Alias /error/ "/var/www/error/"
| |
− | | |
− | <IfModule mod_negotiation.c>
| |
− | <IfModule mod_include.c>
| |
− | <Directory "/var/www/error">
| |
− | AllowOverride None
| |
− | Options IncludesNoExec
| |
− | AddOutputFilter Includes html
| |
− | AddHandler type-map var
| |
− | Order allow,deny
| |
− | Allow from all
| |
− | LanguagePriority en es de fr
| |
− | ForceLanguagePriority Prefer Fallback
| |
− | </Directory>
| |
− | | |
− | </IfModule>
| |
− | </IfModule>
| |
− | | |
− | <LocationMatch "\.(xml|xml\.gz|xml\.asc|sqlite)">
| |
− | Header set Cache-Control "must-revalidate"
| |
− | ExpiresActive On
| |
− | ExpiresDefault "now"
| |
− | </LocationMatch>
| |
− | | |
− | AddType application/pgp-signature .sig
| |
− | # make sure .sig files are _not_ sent with "Content-Encoding: gzip".
| |
− | <Files *.gz.sig>
| |
− | RemoveEncoding .gz
| |
− | </Files>
| |
− | | |
− | BrowserMatch "Mozilla/2" nokeepalive
| |
− | BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
| |
− | BrowserMatch "RealPlayer 4\.0" force-response-1.0
| |
− | BrowserMatch "Java/1\.0" force-response-1.0
| |
− | BrowserMatch "JDK/1\.0" force-response-1.0
| |
− | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
| |
− | BrowserMatch "MS FrontPage" redirect-carefully
| |
− | BrowserMatch "^WebDrive" redirect-carefully
| |
− | BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
| |
− | BrowserMatch "^gnome-vfs/1.0" redirect-carefully
| |
− | BrowserMatch "^XML Spy" redirect-carefully
| |
− | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
| |
− | | |
− | NameVirtualHost *:80
| |
− | | |
− | <VirtualHost *:80>
| |
− | ServerName mirror.clarkson.edu
| |
− | ServerAdmin mirror-admin@cslabs.clarkson.edu
| |
− | DocumentRoot "/var/www/html/"
| |
− | ErrorLog logs/error_log
| |
− | CustomLog logs/access_log combined
| |
− | ServerAlias mirror
| |
− | </VirtualHost>
| |
− | | |
− | <VirtualHost *:80>
| |
− | ServerName mirror.cslabs.clarkson.edu
| |
− | ServerAdmin mirror-admin@cslabs.clarkson.edu
| |
− | DocumentRoot "/var/www/html/"
| |
− | ErrorLog logs/error_log
| |
− | CustomLog logs/access_log combined
| |
− | ServerAlias mirror.cslabs*
| |
− | Redirect permanent / http://mirror.clarkson.edu/
| |
− | </VirtualHost>
| |
− | | |
− | <VirtualHost 128.153.145.18>
| |
− | ServerName kernelmirror.clarkson.edu
| |
− | ServerAdmin mirror-admin@cslabs.clarkson.edu
| |
− | DocumentRoot "/var/www/html/"
| |
− | ErrorLog logs/error_log
| |
− | CustomLog logs/access_log combined
| |
− | ServerAlias kernelmirror*
| |
− | Redirect permanent / http://mirror.clarkson.edu/
| |
− | </VirtualHost>
| |
− | | |
− | <VirtualHost 128.153.145.44>
| |
− | ServerName mirror.dev.cslabs.clarkson.edu
| |
− | ServerAdmin mirror-admin@cslabs.clarkson.edu
| |
− | DocumentRoot "/var/www/html/"
| |
− | ErrorLog logs/error_log
| |
− | CustomLog logs/access_log combined
| |
− | ServerAlias mirror.dev*
| |
− | Redirect permanent / http://mirror.clarkson.edu/
| |
− | </VirtualHost>
| |
− | </pre></code>
| |
− | | |
− | *Removed unneeded files
| |
− | **<code>rm /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/proxy_ajp.conf</code>
| |
− | | |
− | *Configured Apache to start on boot
| |
− | **<code>/sbin/chkconfig --levels 345 httpd on</code>
| |
− | | |
− | *Started Apache
| |
− | **<code>/etc/init.d/httpd start</code>
| |
− | | |
− | ====AWStats====
| |
− | *Mirror is configured to be monitored by AWStats on [[Netstat]]. The basic process for doing this is on the [[Configure a Remote Red Hat Based Linux Server for AWStats]] how-to.
| |
| | | |
| ==Configure rsync to run as a daemon== | | ==Configure rsync to run as a daemon== |
| *Installed <code>xinetd</code> | | *Installed <code>xinetd</code> |
− | **<code>yum install xinetd</code>
| + | apt-get install rsync |
| | | |
− | *Enabled rsync <code>/etc/xinetd.d/rsync</code> | + | *Configured rsync /etc/rsyncd.conf |
− | <code><pre>
| |
− | # default: off
| |
− | # description: The rsync server is a good addition to an ftp server, as it # allows crc checksumming etc.
| |
− | service rsync
| |
− | {
| |
− | disable = no
| |
− | socket_type = stream
| |
− | wait = no
| |
− | user = root
| |
− | server = /usr/bin/rsync
| |
− | server_args = --daemon
| |
− | log_on_failure += USERID
| |
− | }
| |
− | </pre></code>
| |
− | | |
− | *Created configuration and shares for rsync daemon <code>/etc/rsyncd.conf</code>
| |
| <code><pre> | | <code><pre> |
| uid = nobody | | uid = nobody |
− | gid = nobody | + | gid = nogroup |
| use chroot = yes | | use chroot = yes |
| max connections = 20 | | max connections = 20 |
Line 1,143: |
Line 68: |
| log format = %t %a %m %f %b | | log format = %t %a %m %f %b |
| syslog facility = local3 | | syslog facility = local3 |
− | timeout = 300 | + | timeout = 900 |
| dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 | | dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 |
| refuse options = checksum | | refuse options = checksum |
| | | |
− | [archlinux] | + | [name] |
− | comment = Arch Linux | + | comment = Name of Repository |
− | path = /mnt/storage1/archlinux | + | path = /storage/repository |
| exclude = lost+found/ | | exclude = lost+found/ |
| read only = true | | read only = true |
− | ignore nonreadable = yes | + | ignore nonreadable = yes</pre></code> |
| | | |
− | [centos]
| + | *Created rsync motd /etc/rsyncd.motd |
− | comment = CentOS - Including DVDs
| |
− | path = /mnt/raid/centos
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [dag]
| |
− | comment = RPMforge Repository
| |
− | path = /mnt/raid/rpmforge
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [debian-cd]
| |
− | comment = Debian CD
| |
− | path = /mnt/storage2/debian-cd
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [debian]
| |
− | comment = Debian
| |
− | path = /mnt/storage2/debian
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [fedora]
| |
− | comment = Fedora - RedHat community project
| |
− | path = /mnt/lvg_storage/fedora
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [fedora-epel]
| |
− | comment = Extra Packages for Enterprise Linux (EPEL)
| |
− | path = /mnt/raid/epel
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [freebsd]
| |
− | comment = FreeBSD
| |
− | path = /mnt/lvg_storage/freebsd
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [gentoo]
| |
− | comment = Gentoo
| |
− | path = /mnt/storage1/gentoo
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [gentoo-portage]
| |
− | comment = Gentoo Portage
| |
− | path = /mnt/storage1/gentoo-portage
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [gnu]
| |
− | comment = GNU
| |
− | path = /mnt/storage2/gnu
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [jailtime.org]
| |
− | comment = Jailtime Project - Now relaunched as Stacklet
| |
− | path = /mnt/storage2/jailtime.org
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [knoppix]
| |
− | comment = Knoppix
| |
− | path = /mnt/storage1/knoppix
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [knoppix-dvd]
| |
− | comment = Knoppix DVD
| |
− | path = /mnt/storage1/knoppix-dvd
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [linux]
| |
− | comment = Linux Kernel
| |
− | path = /mnt/raid/linux
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [mozilla]
| |
− | comment = Mozilla Project
| |
− | path = /mnt/storage1/mozilla
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [openbsd]
| |
− | comment = OpenBSD
| |
− | path = /mnt/storage1/openbsd
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [openoffice]
| |
− | comment = OpenOffice
| |
− | path = /mnt/storage2/openoffice
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [opensuse]
| |
− | comment = OpenSUSE
| |
− | path = /mnt/storage1/opensuse
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [rpmforge]
| |
− | comment = RPMforge Repository
| |
− | path = /mnt/raid/rpmforge
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [slackware]
| |
− | comment = Slackware
| |
− | path = /mnt/storage1/slackware
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [software]
| |
− | comment = Kernel.org's Software
| |
− | path = /mnt/raid/software
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [stacklet]
| |
− | comment = Stacklet (Formerly the Jailtime Project)
| |
− | path = /mnt/storage1/stacklet
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [ubuntu-releases]
| |
− | comment = Ubuntu Releases
| |
− | path = /mnt/raid/ubuntu-releases
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [ubuntu]
| |
− | comment = Ubuntu
| |
− | path = /mnt/raid/ubuntu
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [videolan]
| |
− | comment = VideoLAN
| |
− | path = /mnt/storage1/videolan
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | | |
− | [vms]
| |
− | comment = CSLabs VMs
| |
− | path = /mnt/storage2/vms
| |
− | exclude = lost+found/
| |
− | read only = true
| |
− | ignore nonreadable = yes
| |
− | </pre></code>
| |
− | | |
− | *Created rsync motd <code>/etc/rsyncd.motd</code> | |
| <code><pre> | | <code><pre> |
− | #########################################################################################
| + | ############################################################### |
| | | |
| The Clarkson University mirror is located in Potsdam, NY, US. | | The Clarkson University mirror is located in Potsdam, NY, US. |
Line 1,346: |
Line 88: |
| http://cosi.clarkson.edu/ | | http://cosi.clarkson.edu/ |
| | | |
− | If you have any questions or problems, please email mirror-admin@cslabs.clarkson.edu. | + | If you have any questions or problems, please email |
| + | mirror-admin@cslabs.clarkson.edu. |
| | | |
− | Recent changes can be found at http://status.cslabs.clarkson.edu/tag/mirror. | + | Recent changes can be found at |
| + | http://status.cslabs.clarkson.edu/tag/mirror. |
| | | |
− | #########################################################################################
| + | ############################################################### |
| </pre></code> | | </pre></code> |
− |
| |
− | *Secured rsync
| |
− | **<code>chown root.root /etc/rsyncd.*</code>
| |
− | **<code>chmod 600 /etc/rsyncd.*</code>
| |
− |
| |
− | *Restarted xinetd
| |
− | **<code>/etc/init.d/xinetd restart</code>
| |
| | | |
| ==Set Up Fedora Mirror Manager== | | ==Set Up Fedora Mirror Manager== |
| *Installed mirrormanager | | *Installed mirrormanager |
− | **<code>yum install mirrormanager-client</code>
| + | cd /usr/local/sbin |
| + | git clone git://git.fedorahosted.org/mirrormanager/ |
| + | ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror |
| + | |
| | | |
| *Configured mirrormanager | | *Configured mirrormanager |
− | **Modified <code>/etc/mirrormanager-client/report_mirror.conf</code> | + | **Modified /etc/mirrormanager-client/report_mirror.conf |
| <code><pre> | | <code><pre> |
| [global] | | [global] |
Line 1,422: |
Line 162: |
| [Fedora Linux] | | [Fedora Linux] |
| enabled=1 | | enabled=1 |
− | path=/var/www/html/fedora/linux | + | path=/usr/share/nginx/www/fedora/linux |
| | | |
| [Fedora EPEL] | | [Fedora EPEL] |
| enabled=1 | | enabled=1 |
− | path=/var/www/html/epel | + | path=/usr/share/nginx/www/epel |
| | | |
| # lesser used categories below | | # lesser used categories below |
Line 1,432: |
Line 172: |
| [Fedora Web] | | [Fedora Web] |
| enabled=0 | | enabled=0 |
− | path=/var/www/html/pub/fedora/web | + | path=/usr/share/nginx/www/pub/fedora/web |
| | | |
| [Fedora Secondary Arches] | | [Fedora Secondary Arches] |
| enabled=0 | | enabled=0 |
− | path=/var/www/html/pub/fedora-secondary | + | path=/usr/share/nginx/www/pub/fedora-secondary |
| | | |
| [Fedora Other] | | [Fedora Other] |
| enabled=0 | | enabled=0 |
− | path=/var/www/html/pub/alt | + | path=/usr/share/nginx/www/pub/alt |
| | | |
| # historical content | | # historical content |
Line 1,446: |
Line 186: |
| [Fedora Core] | | [Fedora Core] |
| enabled=0 | | enabled=0 |
− | path=/var/www/html/pub/fedora/linux/core | + | path=/usr/share/nginx/www/pub/fedora/linux/core |
| | | |
| [Fedora Extras] | | [Fedora Extras] |
| enabled=0 | | enabled=0 |
− | path=/var/www/html/pub/fedora/linux/extras | + | path=/usr/share/nginx/www/pub/fedora/linux/extras |
| | | |
| [Fedora Archive] | | [Fedora Archive] |
| enabled=0 | | enabled=0 |
− | path=/var/www/html/pub/fedora-archive | + | path=/usr/share/nginx/www/pub/fedora-archive |
| </pre></code> | | </pre></code> |
| | | |
− | [[Category:Server Setup Documentation]] | + | *Added cron entries for root |
| + | <code><pre> |
| + | # Dir sizes |
| + | 0 0 * * * /usr/local/bin/dir_sizes.sh |
| + | |
| + | # backup |
| + | 45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh |
| + | |
| + | 10 0 * * * /usr/local/sbin/report_mirror |
| + | </pre></code> |
| + | |
| + | |
| + | [[mirror rsync setup|Setup Rsync Scripts]] |