The Perfect Server - Fedora 15 x86_64 [ISPConfig 3] - Page 3
4 Change Name Of Your NIC To ethx
Now we must configure Fedora to not use BIOS device names for our network interface anymore. Instead of p3p1, we need our good, old eth0 back (because otherwise ISPConfig's firewall will go crazy and block everything because it expects eth0 instead of p3p1). Open /etc/grub.conf...
vi /etc/grub.conf
... and add biosdevname=0 to the kernel line:
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/mapper/vg_server1-lv_root # initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=0 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora (2.6.38.6-27.fc15.x86_64) root (hd0,0) kernel /vmlinuz-2.6.38.6-27.fc15.x86_64 ro root=/dev/mapper/vg_server1-lv_root rd_LVM_LV=vg_server1/lv_root rd_LVM_LV=vg_server1/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=de rhgb quiet biosdevname=0 initrd /initramfs-2.6.38.6-27.fc15.x86_64.img |
Then reboot the system:
reboot
After the reboot, your NIC should be named eth0. Run...
ifconfig
... to verify:
[root@server1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:15:60:FA
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe15:60fa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5226 (5.1 KiB) TX bytes:9682 (9.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
[root@server1 ~]#
5 Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.0.100 server1.example.com server1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 |
It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.
6 Configure The Firewall
(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall).
Run
system-config-firewall
and disable the firewall.
To check that the firewall has really been disabled, you can run
iptables -L
afterwards. The output should look like this:
[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server1 ~]#
7 Disable SELinux
SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
Edit /etc/selinux/config and set SELINUX=disabled:
vi /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted |
Afterwards we must reboot the system:
reboot
8 Install Some Software
First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Next we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
9 Journaled Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
yum install quota
Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):
vi /etc/fstab
# # /etc/fstab # Created by anaconda on Wed May 25 15:57:24 2011 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_server1-lv_root / ext4 defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 1 1 UUID=366ba6a7-7e68-4ec9-9743-4b02dd105180 /boot ext4 defaults 1 2 /dev/mapper/vg_server1-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 |
Then run
mount -o remount /
quotacheck -avugm
quotaon -avug
to enable quota.
10 Install Apache, MySQL, phpMyAdmin
This can all be installed with one single command:
yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpMyAdmin