2013年1月11日 星期五

Linux installation tips

http://easyfreeunix.com/content/installing-and-setting-centos-5-server

There are plenty of Youtube videos on installing Linux. I should know, I have done a few. However, it is quite different when you want to set up a server. Installing the default Linux system really is not such a good idea when it comes to setting up a server. For servers, you really want to install the minimum amount of software on the machine as you can get by with. From a security standpoint, this is really important as it leaves fewer places a savvy hacker can get into your system by. It is also important that while maintaining your server, you really do not want to burden your server with updates to software you are not using. Do you really need to suck down bandwidth while your DNS server is getting the lates updates for OpenOffice? Probably not. This video covers installing CentOS 5 (a RedHat Enterprise Linux clone) with the bare minimum stuff. I even skipped the base system, which I show you how to install without any more CD's in subsequent videos. No X Windows, either. As a sys admin, you just do not need it. There are others ways of maintaining your server graphically, without needing to worry about XAuth and which firewall ports to open for X Windows. You could set up ssh to run your X window apps, but come on, really? There is a universal way to manage all your Linux servers, without even going there with running X apps through ssh. And it takes fewer of your server CPU and mem cycles to run things without X. The video is oriented toward systems administrators, but I would love feedback from the novice as well, who wants a Linux server. It will only make me wiser to recieve your feedback! Thanks!


GUI consume too much CPU and RAM

can turn off GUI by
1. vi /etc/inittab
2. change the boot level from 5 to 3.
3. restart the linux
4. see if any change on the cpu/ram consumption


Setup network connection

http://diznix.com/2011/07/11/network-configuration-in-minimal-linux-installs/

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
change:
ONBOOT="yes"


http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/

Security Tip: Disable Root SSH Login on Linux

One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.
To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.
vi /etc/ssh/sshd_config
Find this section in the file, containing the line with “PermitRootLogin” in it.
#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
Make the line look like this to disable logging in through ssh as root.

PermitRootLogin no
Now you’ll need to restart the sshd service:

/etc/init.d/sshd restart
Now nobody can brute force your root login, at least.


修改主機名稱

# vi /etc/sysconfig/network
Change HOSTNAME

# vi /etc/hosts
Add hostname with the local IP.

/etc/init.d/network restart
It will restart the new network setting.

To verify success or not:
# hostname
# dig www.google.com
# ping (hostname)
# ifconfig eth0

Setting your timezone

http://www.linuxsa.org.au/tips/time.html

The timezone under Linux is set by a symbolic link from /etc/localtime[1] to a file in the /usr/share/zoneinfo[2] directory that corresponds with what timezone you are in. For example, since I'm in South Australia, /etc/localtime is a symlink to /usr/share/zoneinfo/Australia/South. To set this link, type:
ln -sf /usr/share/zoneinfo/your/zone /etc/localtime
Replace your/zone with something like Australia/NSW or Australia/Perth. Have a look in the directories under /usr/share/zoneinfo to see what timezones are available.

To verify:
# date