Install_Fedora

*

LinWin

4/20/20

Install_Fedora

Home

Install

Host

IP address

Version

Install / Fedora

foxconn

192.168.1.69

F23 Desktop

cronjobs

Release notes claim minimum memory of 256 MB.  We were unable to intall on old DARC pc with 256 MB.

ra68

192.168.1.68

F27 Server

Info (inxi)

With 512 MB memory, were able to install with no problems.

Desktops

dnf

Hard drive options:

Use Entire Drive

DNS

Use Free Space

firewalld

Use Linux Partitions

LVM

LVM2

After installation -  check the Automountfs with a flash drive.

N.Neighbor'd

NM

Wireless

Info

Services

cat /proc/version

www.gnome3.org

Sys Jour

systemctl -a

Search:   Term   (to get a term window)

Initial Settings

1

Add Common Users

This was done during installtion.

2

Firewall & SELinux

https://www.server-world.info/query?os=Fedora_27&p=initial_conf&f=2

Disable SELINUX

Cur:

Fed 27

getenforce

"SELinux is enabled"

vi  /etc/selinux/config

(as root)

SELINUX=disabled

reboot

getenforce  or   /usr/bin/getenforce

"SELinux is disabled"

Prev:

Fed 17

vi  /etc/sysconfig/selinux

(as root)

SELINUX=disabled

reboot

Firewall

Note:

Fedora 18 introduced firewalld as a replacement for the previous iptables service

Although firewalld is a replacement for the firewall management provided by iptables service,

it still uses the iptables command for dynamic communication with the kernel packet filter (netfilter).

So it is only the iptables service that is replaced, not the iptables command.

Cur:

Fed 27

systemctl status firewalld

systemctl start firewalld.service

Start the firewall

1

systemctl enable firewalld.service

Enable firewall startup on boot-up

2

firewall-cmd --get-default-zone

ip.67

ip.68

ip.69

3

firewall-cmd --get-active-zone

vnc

5900

5900

5900

4

firewall-cmd --permanent  --add-port=5900/tcp

ftp

21150

default ----->

5

firewall-cmd --permanent   --add-port=8067/tcp

http

8067

8068

8069

6

firewall-cmd --permanent  --add-service=samba

ssh

8267

8268

8269

7

firewall-cmd --reload

copy permanent config to running config

8

firewall-cmd --permanent --list-all

verify

9

systemctl status firewalld

verify

10

11

Prev:

Fed 23

systemctl status firewalld

systemctl start firewalld.service

Start the firewall

systemctl enable firewalld.service

Enable firewall startup on boot-up

firewall-cmd --get-default-zone

ip.67

ip.68

ip.69

firewall-cmd --get-active-zone

vnc

5900

5900

5900

firewall-cmd --permanent --zone=FedoraServer --add-port=5900/tcp

ftp

21150

firewall-cmd --permanent --zone=FedoraServer --add-port=8067/tcp

http

8067

8068

8069

firewall-cmd --permanent --zone=FedoraServer --add-service=samba

ssh

8267

8268

8269

firewall-cmd --reload

copy permanent config to running config

firewall-cmd --permanent --zone=FedoraServer --list-all

verify

systemctl status firewalld

verify

3

Networking

This can be done during installtion.

https://www.server-world.info/query?os=Fedora_27&p=initial_conf&f=3

Cur:

Fed 27

hostnamectl   set-hostname   dlp.srv.world

can use abbreviations, ie

nmcli   device

nmcli  connection  mod  enp0s8  ipv4.addresses 192.168.1.68/24

nmcli  c  mod  enp0s8  ipv4.addresses 192.168.1.68/24

nmcli  connection  mod  enp0s8  ipv4.gateway    192.168.1.1

nmcli  c  mod  enp0s8  ipv4.gateway    192.168.1.1

nmcli  connection  mod  enp0s8  ipv4.dns          8.8.8.8

nmcli  connection  mod  enp0s8  ipv4.method    manual

nmcli  c  down  enp0s8

nmcli  connection  down  enp0s8 ;  nmcli  connection  up  enp0s8

nmcli  c  up    enp0s8

nmcli  device  show  enp0s8

ip  addr  show

Prev:

Fed 23

# hostnamectl set-hostname myPCname

set hostname

# nmcli d

display devices

find your interface's "device name"

# nmcli c modify enp3s4 ipv4.addresses 192.168.1.69/24

set IPv4 address

# nmcli c modify enp3s4 ipv4.gateway 192.168.1.1

set default gateway

# nmcli c modify enp3s4 ipv4.dns  8.8.8.8

set DNS

# nmcli c modify enp3s4 ipv4.method  manual

set manual for static setting (it's "auto" for DHCP)

# nmcli c down enp3s4; nmcli c up enp3s4

restart the interface and reload the settings

(or reboot if shelled in)

# nmcli d show enp3s4

show settings

# ip addr show

show status

# ifconfig -a

show status

Prev:

Fed 17

Disable NetworkManager

service NetworkManager stop

and prevent it from loading at each boot.

chkconfig NetworkManager off

Setup the "Network Neighborhood"

network neighborhood

Start Network Service

chkconfig network on

and enable it on each boot.

service network start

systemctl status network.service

( enable, disable, start, stop, restart, status )

to verify:

reboot & then -->     # ifconfig -a

#  dmesg | grep eth0

Prev:

Fed ??

Disable NetworkManager

/etc/init.d/NetworkManager stop

and prevent it from loading at each boot.

/sbin/chkconfig  --level 345  NetworkManager off

Note:  that's 2 dashes in front of "level"

Setup the "Network Neighborhood"

network neighborhood

Start Network Service

/etc/init.d/network start  (restart)

"Bringing up loopback "

[ ok ]

and enable it on each boot.

/sbin/chkconfig  --level 345  network on

"Bringing up eth0 "

[ ok ]

to verify:

reboot & then -->     # ifconfig -a

#  dmesg | grep eth0

1

4

SSH  (scp)

Cur:

Fed 27

/etc/ssh/sshd_config

PermitRootLogin no

2

port  8267

3

systemctl restart sshd

4

open up port xxxx in the firewall

5

6

Setup passwordless SSH

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

7

8

1

$

ssh-keygen -t rsa

Create the RSA Key Pair

9

2

$

Enter file in which to save the key (/home/mdh/.ssh/id_rsa):

<enter>

(accept default location)

Store the Keys and Passphrase

10

$

Enter passphrase (empty for no passphrase):

<enter>

(don't add a passphrase)

11

3

$

ssh-copy-id  -p 8269 mdh@192.168.2.69

(copy the public key to the remote host)

Copy the Public Key

12

13

ssh -p 8269 [email protected]

14

15

Setup passwordless login in Putty

https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY-

16

17

18

Prev:

Fed 17

/etc/ssh/sshd_config

PermitRootLogin no

19

port  8267

20

systemctl restart sshd.service

21

open up port xxxx in the firewall

5

Services

http://www.server-world.info/en/note?os=Fedora_23&p=initial_conf&f=3

6

system update (as root)

Cur:

Fed 27

dnf -y upgrade

Prev:

Fed 23

dnf update

or

dnf clean all

dnf check-update

7

Vim Settings

http://www.server-world.info/en/note?os=Fedora_23&p=initial_conf&f=3

8

Sudo Settings

http://www.server-world.info/en/note?os=Fedora_23&p=initial_conf&f=3

9

Use Cockpit Admin Console

http://www.server-world.info/en/note?os=Fedora_23&p=initial_conf&f=3

10

NTP Server

http://www.server-world.info/en/note?os=Fedora_23&p=initial_conf&f=3

11

Apache

Cur:

Fed 27

/etc/httpd/conf/httpd.conf

httpd.conf file

Line

http://stackoverflow.com/questions/21551840/forbidden-you-dont-have-permission-to-access-on-this-server

systemctl start httpd

Listen 8068

42

http://stackoverflow.com/questions/12140559/error-with-htaccess-and-mod-rewrite

systemctl status httpd

Alias's > etc, logs, FreeAgent, TFLASH

232

systemctl enable httpd

AddDefaultCharset  UTF-8

330

Alias's

/etc/

Alias  /FreeAgent/   "/mnt/FreeAgent/"

alias's (previous)

/var/log/

<Directory "/mnt/FreeAgent/">

<Directory /logs/   "/var/log/"

/mnt/FreeAgent/

Options Indexes MultiViews FollowSymLinks

Options Indexes MuliViews FollowSymLinks

/mnt/TFLASH/

AllowOverride None

AllowOverride None

Require all granted

Order allow,deny

</Directory>

Allow from all

</Directory>

12

VSFtpd

Cur:

Fed 27

/etc/vsftpd/vsftpd.conf

anonymous_enable=NO

filezilla setup

systemctl status vsftpd.service

connect_from_port_20=NO

systemctl start vsftpd.service

xferlog_file=/var/log/vsftpd.log

systemctl enable vsftpd.service

Prev:

Fed 23

/etc/vsftpd/vsftpd.conf

anonymous_enable=NO

systemctl status vsftpd.service

connect_from_port_20=NO

systemctl start vsftpd.service

xferlog_file=/var/log/vsftpd.log

systemctl enable vsftpd.service

listen_port=21150

pasv_enable=YES

no

pasv_promiscuous=NO

longer

port_enable=NO

needed

port_promiscuous=NO

pasv_max_port=21170

pasv_min_port=21160

13

SAMBA

Cur:

Fed 27

smbpasswd  -a  mdh

( new samba user )

New SMB password:

mdh

Shares

Network-Related Options

Retype new SMB password:

mdh

www

workgroup = hvezda

FreeAgent

netbios name = ra68

/etc/samba/

cp smb.conf  smb.conf-org

apache-logs

cp smb.conf.example  smb.conf

home

vi  smb.conf    >>>>>>>>>>>>>>>>>>>>>>>>>>

scripts

TFLASH

systemctl restart smb

systemctl restart nmb

Prev:

Fed 23

smbpasswd  -a  mdh

samba users

Shares

Network-Related Options

/etc/samba/smb.conf

samba shares

www

workgroup = hvezda

systemctl restart smb.service

FreeAgent

netbios name = lka67

systemctl restart nmb.service

apache-logs

home

scripts

TFLASH

14

File Ownership / Permissions

orig

new

Cur:

Fed 27

/var/log/

httpd

700

755

cron job needed

samba

700

755

cd /var/log

**

ToDo >

create a  ---

secure

600

644

chmod 755 httpd

logpermissions.bash

messages

600

644

hawkey

600

644

maillog

600

644

dnf.log

600

644

cron job needed

fail2ban.log

600

644

cron job needed

**

/var/www/

html

chown -R  mdh:mdh  /var/www/html

html

chmod -R 755  /var/www/html

15

copy webs:

Cur:

Fed 23

(from)  www ------->  (to) www

note:  be sure you have changed ownership of  /var/www/  before executing this step.

scp  -rp  -P 8269   [email protected]:/var/www/html/    /var/www/

from server(69) --->  to server(xx) ("on xx")

successful, added new key   (could pull from remote host)

scp  -rp  -P 8268   [email protected]:/var/www/html/    /var/www/

from server(68) --->  to server(xx) ("on xx")

successful, added new key   (could pull from remote host)

scp  -rp  -P 8267    /var/www/html/*    [email protected]:/var/www/html/

from server(xx)  ("on xx")  --->  to server(67)

failed due to "strict checking"   (could not push to a remote host)

(successful, after I deleted the contents of .68's known_hosts)

scp  -rp  -P 8268    /var/www/html/*    [email protected]:/var/www/html/

from server(xx)  ("on xx") --->  to server(68)

failed due to "strict checking"   (could not push to a remote host)

scp        -P 8268     testfile               [email protected]:/home/mdh/

(successful)

note:

-P (the port to connect to, on the remote Host)

16

Misc stuff

Cur:

Fed 23

(from) prev  -----> (to) cur

Scripts

Cron Jobs

/home/scripts/*    --->     /home/scripts

copy scripts to new server

Drive Mappings:  Win pc's

crontab  -e            ---->     crontab  -e

copy and paste cron jobs to new server

Drive Mappings:  [ apache-logs (L:) ,  www (w:) ,  and FreeAgent (Z:) ]

on Win pc's

17

Email

1

Install sSMTP

capability to send email

2

Install mailx

(see Unix_Mail.xlsm)

3

setup 3 config files >>>

/etc/ssmtp/ssmtp.conf

/etc/ssmtp/revaliases

/root/.mailrc

[email protected]

set sendmail="/usr/sbin/ssmtp"

mailhub=smtp.gmail.com:587

# sSMTP aliases

RewriteDomain=gmail.com

root:[email protected]:smtp.gmail.com:587

AuthUser=rvhvezda

mdh:[email protected]:smtp.gmail.com:587

AuthPass=markie2204

FromLineOverride=YES

UseTLS=YES

UseSTARTTLS=YES

TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt

# Debug=YES

4

test >>>>>>

echo `date` | mail -v -s "ssmtp test"   [email protected]

18

Freezer

pyserial might have to be installed  >>

# python3 -m pip install pyserial

( see Programming_Python.xlsm )

python3  /home/scripts/freezer.py

20

Fail2ban

Cur:

Fed 23

dnf install fail2ban ipset

https://fedoraproject.org/wiki/Fail2ban_with_FirewallD

dnf install postfix whois fail2ban-sendmail

dnf install fail2ban-firewalld

dnf install fail2ban-systemd

dnf install fail2ban-server

/etc/fail2ban/jail.conf

do not edit this file

/etc/fail2ban/jail.d/ 01-mdh.conf

create and use this file

systemctl enable fail2ban.service

to make it auto start

XX

mount

Cur:

Fed 23

ls -l  /dev/disk/by-uuid

/etc/fstab  (make a bak copy of this file, then edit the new file)

by-id

put on the bottom of the file

…   …   …

by-path

UUID=8b745b70-7522-4b69-b94e-c143a9b6d9d2    /mnt/FreeAgent    ext4    defaults     0   2

and then reboot

Prev:

Fed 17

Mounting a Flash drive

ls -l  /dev/disk/by-label

by-id

Automount

umount   /dev/sde1

by-path

/run/media/mdh/FreeAgent

mkdir /mnt/TFLASH

by-uuid

mount -t ntfs-3g,uid=mdh,gid=mdh   /dev/sde1   /mnt/TFLASH

FreeAgent -->  ../../sdd1

Mounting an ext4 drive

Mounting a NTFS drive

TFLASH -->   ../../sde1

umount /dev/sdb1

umount  /dev/sdd1

mount   /dev/sdb1  /mnt/FreeAgent

mkdir /mnt/FreeAgent

mount -t ntfs-3g  /dev/sdd1  /mnt/FreeAgent

XX

Desktop Sharing

Cur:

Fed 23

Prev:

Fed 17

Activities > Applications > Internet > Desktop Sharing

use TightVNC client on Windows machines to access.

XX

Sound

Cur:

Fed 23

System > Preferences > Sound --------------->

unmute

(optional)

enable windows and button sounds

XX

at

Work

Prev:

Fed 17

proxy

System > Preferences > Network Proxy  --------------------

ignored hosts

localhost

Firefox

Edit > Preferences > Advanced >  Network: settings -----------

no proxy for

127.0.0.0/8

.faa.gov

/etc/yum.conf

proxy=http://amcproxy.faa.gov:8080

172.

10.