Index: openacs-4/packages/acs-core-docs/www/install-redhat.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-redhat.adp,v diff -u -r1.5 -r1.6 --- openacs-4/packages/acs-core-docs/www/install-redhat.adp 25 Apr 2018 08:38:27 -0000 1.5 +++ openacs-4/packages/acs-core-docs/www/install-redhat.adp 3 Sep 2024 15:37:32 -0000 1.6 @@ -1,17 +1,23 @@ -{/doc/acs-core-docs {ACS Core Documentation}} {Appendix A. Install Red Hat 8/9} +{/doc/acs-core-docs/ {ACS Core Documentation}} {Appendix A. Install Red Hat 8/9} Appendix A. Install Red Hat 8/9 +

-Appendix A. Install Red Hat 8/9

<authorblurb>

by Joel -Aufrecht -

</authorblurb>

This section takes a blank PC and sets up some supporting +Appendix A. Install Red Hat 8/9

+

by Joel Aufrecht +

+OpenACS docs are written by the named authors, and may be edited by +OpenACS documentation staff.

This section takes a blank PC and sets up some supporting software. You should do this section as-is if you have a machine you can reformat and you want to be sure that your installation works and is secure; it should take about an hour. (In my @@ -33,80 +39,78 @@ Unplug the network cable from your computer. We don't want to connect to the network until we're sure the computer is secure. - (Wherever you see the word secure, you -should always read it as, "secure enough for our purposes, -given the amount of work we're willing to exert and the -estimated risk and consequences.")

  • Insert Red Hat 8.0 or 9.0 Disk 1 into the CD-ROM and reboot the -computer

  • At the boot: prompt, press Enter for a graphical -install. The text install is fairly different, so if you need to do -that instead proceed with caution, because the guide won't -match the steps.

  • Checking the media is probably a waste of time, so when it asks -press Tab and then Enter to skip it.

  • After the graphical introduction page loads, click -Next -

  • Choose the language you want to use and then click -Next -

  • Select the keyboard layout you will use and Click -Next -

  • Choose your mouse type and Click -Next + (Wherever you +see the word secure, you should always read it as, "secure +enough for our purposes, given the amount of work we're willing +to exert and the estimated risk and consequences.")

  • Insert Red Hat 8.0 or 9.0 Disk 1 into the CD-ROM and reboot the +computer

  • At the boot: +prompt, press Enter for a graphical install. The text install is +fairly different, so if you need to do that instead proceed with +caution, because the guide won't match the steps.

  • Checking the media is probably a waste of time, so when it asks +press Tab and then Enter to skip it.

  • After the graphical introduction page loads, click +Next +

  • Choose the language you want to use and then click +Next +

  • Select the keyboard layout you will use and Click +Next +

  • Choose your mouse type and Click +Next

  • Red Hat has several templates for new computers. We'll start with the "Server" template and then fine-tune it during -the rest of the install. Choose Server and -click -Next.

  • +the rest of the install. Choose Server and click +Next.

  • Reformat the hard drive. If you know what you're doing, do this step on your own. Otherwise: we're going to let the installer wipe out the everything on the main hard drive and then arrange things to its liking.

      -

    1. Choose Automatically Partition and click - -Next -

    2. Uncheck Review (and modify if needed) -the partitions created and click -Next +

    3. Choose Automatically +Partition and click +Next +

    4. Uncheck Review (and modify if needed) the partitions +created and click +Next

    5. On the pop-up window asking "Are you sure you want to do -this?" click -Yes IF YOU ARE -WIPING YOUR HARD DRIVE.

    6. Click -Next on the -boot loader screen

      7. +this?" click +Yes IF YOU ARE WIPING YOUR +HARD DRIVE.

    7. Click +Next on the boot loader +screen

  • -

    Configure Networking. Again, if you -know what you're doing, do this step yourself, being sure to -note the firewall holes. Otherwise, follow the instructions in this -step to set up a computer directly connected to the internet with a -dedicated IP address.

      +

      Configure Networking. Again, if you know what you're doing, do this +step yourself, being sure to note the firewall holes. Otherwise, +follow the instructions in this step to set up a computer directly +connected to the internet with a dedicated IP address.

      1. DHCP is a system by which a computer that joins a network (such as on boot) can request a temporary IP address and other network information. Assuming the machine has a dedicated IP address (if it doesn't, it will be tricky to access the OpenACS service from the outside world), we're going to set up that address. If you don't know your netmask, 255.255.255.0 is usually a pretty safe -guess. Click Edit, uncheck Configure using -DHCP and type in your IP -and netmask. Click -Ok.

      2. Type in your host name, gateway, and DNS server(s). Then click - -Next.

      3. We're going to use the firewall template for high security, +guess. Click Edit, +uncheck Configure using DHCP and type in your IP +and netmask. Click +Ok.

      4. Type in your hostname, gateway, and DNS server(s). Then click + +Next.

      5. We're going to use the firewall template for high security, meaning that we'll block almost all incoming traffic. Then we'll add a few holes to the firewall for services which we -need and know are secure. Choose High security level. Check WWW, -SSH, and Mail (SMTP). -In the Other -ports box, enter +need and know are secure. Choose High security level. Check +WWW, SSH, and Mail +(SMTP). In the Other ports box, enter 443, 8000, 8443. -Click -Next. Port 443 -is for https (http over ssl), and 8000 and 8443 are http and https -access to the development server we'll be setting up.

        6. +Click +Next. Port 443 is for https +(http over ssl), and 8000 and 8443 are http and https access to the +development server we'll be setting up.

    1. -Select any additional languages you want -the computer to support and then click -Next -

    2. Choose your time zone and click -Next.

    3. Type in a root password, twice.

    4. +Select any +additional languages you want the computer to support and then +click +Next +

    5. Choose your timezone and click +Next.

    6. Type in a root password, twice.

    7. On the Package selection page, we're going to uncheck a lot of packages that install software we don't need, and add packages that have stuff we do need. You should install everything @@ -117,54 +121,65 @@ firewall, or a resource hog. Just don't install a database or web server, because that would conflict with the database and web server we'll install later.

      - -
      check Editors (this installs emacs),
      click Details next to Text-based -Internet, check lynx, and -click -OK;
      check Authoring and Publishing (this installs docbook),
      uncheck Server Configuration Tools,
      uncheck Web -Server,
      uncheck Windows File Server,
      check SQL -Database Server (this installs PostgreSQL),
      check Development Tools (this installs gmake and -other build tools),
      uncheck Administration Tools, and
      uncheck Printing Support.

      At the bottom, check -Select Individual -Packages and click -Next +check Editors +(this installs emacs),click Details next +to Text-based Internet, check +lynx, and click +OK;check Authoring and +Publishing (this installs docbook),uncheck Server Configuration +Tools,uncheck Web +Server,uncheck Windows File +Server,check SQL Database +Server (this installs PostgreSQL),check Development +Tools (this installs gmake and other build +tools),uncheck Administration +Tools, anduncheck Printing +Support. +

      At the bottom, check +Select Individual Packages +and click +Next

    8. We need to fine-tune the exact list of packages. The same rules apply as in the last step - you can add more stuff, but you shouldn't remove anything the guide adds. We're going to go -through all the packages in one big list, so select -Flat View and wait. In a minute, a -list of packages will appear.

      -
      uncheck apmd (monitors power, not very useful for -servers),
      check ImageMagick (required for the photo-album packages,
      uncheckisdn4k-utils (unless you are using isdn, -this installs a useless daemon),
      check mutt (a mail program that reads -Maildir),
      uncheck nfs-utils (nfs is a major security -risk),
      uncheck pam-devel (I don't remember why, but -we don't want this),
      uncheck portmap,
      uncheck postfix (this is an MTA, but we're -going to install qmail later),
      check postgresql-devel,
      uncheck rsh (rsh is a security hole),
      uncheck sendmail (sendmail is an insecure MTA; -we're going to install qmail instead later),
      check tcl (we need tcl), and
      uncheck xinetd (xinetd handles incoming tcp -connections. We'll install a different, more secure program, -ucspi-tcp).
      Click -Next +through all the packages in one big list, so select +Flat +View and wait. In a minute, a list of packages +will appear.

      +
      uncheck apmd +(monitors power, not very useful for servers),
      check ImageMagick +(required for the photo-album packages,
      uncheckisdn4k-utils +(unless you are using isdn, this installs a useless daemon),
      check mutt (a mail +program that reads Maildir),
      uncheck nfs-utils +(nfs is a major security risk),
      uncheck pam-devel (I +don't remember why, but we don't want this),
      uncheck portmap,
      uncheck postfix +(this is an MTA, but we're going to install qmail later),
      check postgresql-devel,
      uncheck rsh (rsh is +a security hole),
      uncheck sendmail +(sendmail is an insecure MTA; we're going to install qmail +instead later),
      check tcl (we need +tcl), and
      uncheck xinetd +(xinetd handles incoming tcp connections. We'll install a +different, more secure program, ucspi-tcp).
      Click +Next

    9. Red Hat isn't completely happy with the combination of packages we've selected, and wants to satisfy some dependencies. Don't let it. On the next screen, choose -Ignore Package Dependencies and click - -Next.

    10. Click -Next to start -the copying of files.

    11. Wait. Insert Disk 2 when asked.

    12. Wait. Insert Disk 3 when asked.

    13. If you know how to use it, create a boot disk. Since you can +Ignore Package +Dependencies and click +Next.

    14. Click +Next to start the copying +of files.

    15. Wait. Insert Disk 2 when asked.

    16. Wait. Insert Disk 3 when asked.

    17. If you know how to use it, create a boot disk. Since you can also boot into recovery mode with the Install CDs, this is less useful than it used to be, and we won't bother. Select -No,I -do not want to create a boot -disk and click -Next.

    18. Click -Exit, remove -the CD, and watch the computer reboot.

    19. +No,I do not want to +create a boot disk and click +Next.

    20. Click +Exit, remove the CD, and +watch the computer reboot.

    21. After it finishes rebooting and shows the login prompt, log in:

      yourserver login: root
 Password:
@@ -180,12 +195,12 @@
 
      Lock down SSH
        
 
      1. 
 
        
- SSH is the protocol we use to connect
-securely to the computer (replacing telnet, which is insecure).
-sshd is the daemon that listens for incoming ssh connections. As a
-security precaution, we are now going to tell ssh not to allow
-anyone to connect directly to this computer as root. Type this into
-the shell:
        emacs /etc/ssh/sshd_config
        
+ SSH is the
+protocol we use to connect securely to the computer (replacing
+telnet, which is insecure). sshd is the daemon that listens for
+incoming ssh connections. As a security precaution, we are now
+going to tell ssh not to allow anyone to connect directly to this
+computer as root. Type this into the shell:
        emacs /etc/ssh/sshd_config
        
 
      2. Search for the word "root" by typing C-s (that's emacs-speak for
 control-s) and then root.
      3. 
 
        Make the following changes:
        
@@ -220,22 +235,22 @@
 level indicating which services should be up and down at any given
 service level. We'll use this system for PostgreSQL, but
 we'll use daemontools to perform a similar function for
-AOLserver. (The reason for these discrepencies is that, while
+AOLserver. (The reason for these discrepancies is that, while
 daemontools is better, it's a pain in the ass to deal with and
 nobody's had any trouble leaving PostgreSQL the way it is.)
        [root root]# service pcmcia stop
 [root root]# service netfs stop
 [root root]# chkconfig --del pcmcia
 [root root]# chkconfig --del netfs
 [root root]#
-service pcmcia stop
+service pcmcia stop
 service netfs stop
 chkconfig --del pcmcia
-chkconfig --del netfs
+chkconfig --del netfs
 
        If you installed PostgreSQL, do also service postgresql start and chkconfig --add postgresql.
      4. Plug in the network cable.
      5. 
 
        Verify that you have connectivity by going to another computer
-and ssh'ing to yourserver, logging in as remadmin,
-and promoting yourself to root:
        [joeuser\@someotherserver]$  ssh remadmin\@yourserver.test
+and ssh'ing to yourserver, logging in as remadmin, and
+promoting yourself to root:
        [joeuser\@someotherserver]$  ssh remadmin\@yourserver.test
 
 The authenticity of host 'yourserver.test (1.2.3.4)' can't be established.
 DSA key fingerprint is 10:b9:b6:10:79:46:14:c8:2d:65:ae:c1:61:4b:a5:a5.
@@ -277,10 +292,10 @@
 
 The system is going down for reboot NOW!
 [root tmp]#
-cd /var/tmp
+cd /var/tmp
 wget http://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-27.7.x.i686.rpm
 rpm -Uvh kernel-2.4.18-27.7.x.i686.rpm
-reboot
+reboot
 
        
 
        6.