The Perfect Server - Fedora 9 - Page 4

9 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

/dev/VolGroup00/LogVol00 /                       ext3    defaults,usrquota,grpquota        1 1
UUID=03b23ff4-4dda-47a8-a23f-2f530df157b2 /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0

Then run

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

to enable quota.

 

10 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Next, we change a few permissions and start BIND:

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
chkconfig --levels 235 named on
/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).

 

11 MySQL (5.0)

To install MySQL, we do this:

yum install mysql mysql-devel mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap | grep mysql

It should show something like this:

[root@server1 ~]# netstat -tap | grep mysql
tcp        0      0 *:mysql                     *:*                         LISTEN      2407/mysqld
[root@server1 ~]#

If it does not, edit /etc/my.cnf and comment out the option skip-networking:

vi /etc/my.cnf

[...]
#skip-networking
[...]

and restart your MySQL server:

/etc/init.d/mysqld restart

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Share this page:

6 Comment(s)

Add comment

Comments

From: Anonymous at: 2009-01-05 14:30:25

Don't use the media test - it has bug in it and will drive you crazy reporting media errors when there are none. This type of problem gives Fedora a bad name. It's ridiculous. Other instructions tell you to be sure and use the media test, not to skip it. That goes to show you they don't know.

From: at: 2008-07-18 08:49:54

I would strongly recommened enabling SELinux.  SELinux is there for your protetion and comes highly recommneded by the Redhat Security team.  Mark Cox: team lead for the Red Hat Security Response explains why SELinux is beneficial here.

From: at: 2008-08-09 06:01:53

Just wanted to tell everyone as a novice Linux user the guide was very helpful. I installed Fedora 9 on an older system but it was a clean install. I would like to say that during the 'yum update' process depending upon a users setup the 'transaction test' can take a long time and not show any progress, so if you are a new Fedora/Linux user and are using this guide, when coming to this step please wait patiently because of my 451 updates, obviously there is a lot of data there to test, with no progress shown until the test is complete.

 -Thanks Again for the HOW-TO!

Loob

Fedora 9 installed on-

P4 2.2ghz 1 gig PC-3200 DDR

From: NetWebLogic at: 2008-10-02 14:41:45

If you run into the following error with  system-config-firewall.py

File "/usr/share/system-config-firewall/system-config-firewall.py", line 29, in <module>
os.execv(argv[0], argv)
OSError: [Errno 2] No such file or directory

You can solve this by opening  /usr/share/system-config-firewall/system-config-firewall.py

 and editing the following:

argv = [ "/usr/sbin/system-config-firewall-tui" ]
to
argv = [ "/usr/bin/system-config-firewall-tui" ]

And try again. That should work...

 Great Job on this article. Top Notch!

From: Plume at: 2009-03-15 05:53:16

Thanks you for all of your HowTo's, it's very helpfull to me to openup Linux.

I try to connect to my Fedora 9 server by SSH and met some difficulties

to config it. Could you include SSH to this tutorial?

From: Jason Roysdon at: 2008-11-16 04:48:42

I highly suggest adding to this guide rkhunter. It is a "root kit" hunter and is an absolute must for anyone connecting a server that the internet at large can access services on. Even with yum keeping things up to date, there are still vulnerabilities that come up that you might not get a patch for in time. You must have something like rkhunter to constantly check your system for root kits and to check the md5 signatures on key files.