The Perfect Server - Fedora 15 x86_64 [ISPConfig 2] - Page 3
4 Change Name Of Your NIC To ethx
Now we must configure Fedora to not use BIOS device names for our network interface anymore. Instead of p3p1, we need our good, old eth0 back (because otherwise ISPConfig's firewall will go crazy and block everything because it expects eth0 instead of p3p1). Open /etc/grub.conf...
... and add biosdevname=0 to the kernel line:
Then reboot the system:
After the reboot, your NIC should be named eth0. Run...
... to verify:
[root@server1 ~]# ifconfig
5 Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.
6 Configure The Firewall
(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall).
and disable the firewall.
To check that the firewall has really been disabled, you can run
afterwards. The output should look like this:
[root@server1 ~]# iptables -L
7 Disable SELinux
SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
Edit /etc/selinux/config and set SELINUX=disabled:
Afterwards we must reboot the system:
8 Install Some Software
First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Next we update our existing packages on the system:
Now we install some software packages that are needed later on:
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
9 Journaled Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
yum install quota
Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):
mount -o remount /
to enable quota.
10 Install A Chrooted DNS Server (BIND9)
To install a chrooted BIND9, we do this:
yum install bind-chroot
Next, we change a few permissions:
chmod 755 /var/named/
Then we open /etc/sysconfig/named and make sure that it has the following line to tell BIND that it's running chrooted in /var/named/chroot:
Next open /etc/rsyslog.conf...
... and add the line $AddUnixListenSocket /var/named/chroot/dev/log to it:
Then we create the system startup links for BIND:
chkconfig --levels 235 named on
We don't start BIND now because it will fail because of a missing /var/named/chroot/etc/named.conf. This will be created later on by ISPConfig (if you use ISPConfig's DNS Manager, that is).