-
Notifications
You must be signed in to change notification settings - Fork 3
/
install.fc1
379 lines (308 loc) · 10.1 KB
/
install.fc1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
0.) PreInstall
- save the following:
/etc
/boot/grub
/usr/src
/var/yp (on NIS servers only)
1.) Fix all the shell stuff
- delete all the shell files in root's account
In /etc:
- copy csh.cshrc, bashrc, profile
- delete csh.login
- fix /etc/default/useradd
- change root's shell to tcsh
2.) Install rpms from CD's:
for NIS server: ypserv - CD3
gv - CD3
xosview - CD3
sharutils - CD3
itcl - CD3
xmms-devel - CD3
gstreamer-devel - CD3
gstreamer-plugins - CD3
3.) Add/configure services (not all of these will work yet; we'll get there)
in /etc/init.d, copy :
hdparm-mc (see note)
portsentry-mc
then run:
chkconfig --add <name>
on all of them
Note: hdparm might need to be tweaked for specific hardware, but
I doubt it
- then run redhat-config-services and configure the services
you want
REMEMBER:
NIS server needs:
- time
- portmap
- yppasswdd
- ypserv
- ypxfrd
NFS server needs (addl to above)
- nfs
- nfslock
NIS clients need:
- time
- portmap
NFS clients need:
- nfslock
- netfs
4.) Set up networking:
- change it in /etc/sysconfig/network
- add its hostname in /etc/hosts (or copy /etc/hosts)
(NIS client - make sure server is in /etc/hosts too)
- edit/copy /etc/sysconfig/network-scripts/ifcfg-eth0
- edit/copy /etc/resolv.conf (not necessary for DHCP)
(if applicable)
- edit/copy /etc/pcmcia/wireless.opts
- edit/copy /etc/sysconfig/network-scripts/ifup-wireless
replace all the redhat stuff with:
/etc/pcmcia/wireless start $DEVICE
because redhat's way of doing it is silly.
IMPORTANT: If you change the IP address, you might want to disable
sendmail. It seems to get pissed off on reboot. I never use it and
just turn it off, so I don't know why...
5.) Set up /etc/hosts.*
hosts.deny:
----------------
ALL:ALL
-----------------
hosts.allow:
----------------
sshd: ALL
# everything below here is only needed by NIS/NFS users
# only allow portmap entries in /etc/hosts
portmap: <see note below>
ntpd: @boxen
ypserv: @boxen
ypbind: @boxen
mountd: @boxen
nfsd: @boxen
statd: @boxen
-----------------
@boxen = access dictated by NIS netgroup
Note: unfortunately, portmap doesn't seem to support
NIS netgroups. So, this needs to be a list of each machine
needing to connect to it, which is:
1.) any NIS/NFS server it connects to
2.) any NIS/NFS client connecting to it.
So, on clients, it will be
portmap: servername myname
and on the server it will be:
portmap: myname client1 client2 ....
6.) Compile the kernel with the shit that you want in it
Notes:
- Make sure to compile sidewinder and the sblive gameport as
modules for proper support under ALSA
- do freeswan stuff for domain members
- as of 2.4.24 (perhaps earlier) I don't think you need to do drm
patching. Check and be sure.
cd /usr/src/freeswan
make xgo
(under "Networking options" choose the IPSEC stuff)
let it compile, then do:
make kinstall
create a key:
ipsec newhostkey --output /etc/ipsec.secrets --hostname xy.example.com
chmod 600 /etc/ipsec.secrets
install it by editing /etc/ipsec.conf
case is the left of each connection, client is right of each connection
to get hostkey, do:
ipsec showhostkey --right
or
ipsec showhostkey --left
7.) Reboot
8.) Accounts:
For NIS server or standalone machines:
Either:
- Make a "matt" account (UID 500)
- copy over desired account info for other accounts
or:
copy the following files in /etc
passwd
shadow
group
gshadow
For NIS servers or NIS clients
- run redhat-config-authentication and enter NIS info
- you'll have to restart gdm for it to use it
#### NIS SERVER ONLY ####
- the above will probably fail, on the server, because ypserv
isn't up yet. It's okay.
- Once the above is set, start ypserv
- then, either copy over the old /var/yp, or configure all the
stuff, then do:
Create maps:
/usr/lib/ypinit -m
If you change anything (such as adding users),
remember to do:
make -C /var/yp
9.) Filesystems:
Remounts:
/someplace/foo /otherplace/bar none bind 0 0
NFS server:
/etc/exports example shares:
/read_only_sharename @boxen(ro,sync)
/read_write_sharename @boxen(rw,sync)
if you change anything, do
exportfs -ra
NFS client:
/etc/fstab
# device mountpoint fs-type options dump fsckorder
case:/dir /mntpoint nfs rw,hard,intr 0 0
10.) Install rpms from /usr/local/apps/rpms
for new programs:
rpm -U *.rpm
for patches:
rpm -F *.rpm
if there are failed dependencies, do:
rpm --nodeps <rest of arguments>
12.) Set up printing:
CUPS setup (server)
redhat-config-printer-gui
- Add appropriate printers and stuff
- Under sharing, have it shared to:
192.168.1.0/255.255.255.0
Clients will just see printers
13.) in /etc/pam.d, remove the following:
poweroff
halt
reboot
14.) in /etc:
- copy the following:
a2ps-site.cfg
issue
rm issue.net; ln -s issue issue.net
- add /usr/local/lib and /usr/lib to ld.so.conf
15.) Set up latex:
cd /usr/share/texmf/tex/latex
ln -s /usr/local/apps/latex/local .
then run texconfig and rebuild the ls-R database
also, change the dvips configuration to be letter papersize instead
of A4.
16.) Fix grub; edit /etc/grub.conf
change timeout to 5
(for regular CD-ROM drives):
add hdX=ide-scsi to the kernel string
rm /dev/cdrom
ln -s /dev/scd0 /dev/cdrom
17.) Make the logfile readable by me.
chmod 640 /var/log/messages
chgrp matt /var/log/messages
18.) Make ntp work
cd /etc
rm ntp.conf
for NIS server:
ln -s /usr/local/apps/ntp/ntp.server.conf ./ntp.conf
for NIS client:
ln -s /usr/local/apps/ntp/ntp.client.conf ./ntp.conf
chown -R ntp /etc/ntp
19.) Set up emacs
cd /usr/share/emacs/site-lisp
rm side-start.el
ln -s /usr/local/apps/emacs/site-start.el .
20.) Add gimp scripts
cd /usr/share/gimp/1.2/scripts
ln -s /usr/local/apps/gimp/scripts/* .
21.) Make portsentry work:
cp -a /usr/local/apps/portsentry/* /etc/portsentry/.
Note: THIS MAY FAIL for security reasons (we don't want it readable
to anyone except root on case.
22.) Make ssh work:
cp -a /usr/local/apps/openssh/etc.<machinename>/* /etc/ssh/
rc-update add ssh default
Note: THIS MAY FAIL for security reasons for NFS clients, in
which case you'll have to tar it up. (we don't want it
readable to anyone except root on case. These .<machinename>
dirs are for backups of all the keys anyway.
For a new machine, copy etc.skel.
a.) tweak ssh.conf/sshd.conf as necessary
b.) generate keys:
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ""
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
c.) do hostbased auth for localhost (for mail tunnelling)
I.) ssh to localhost.localdomain and log in
(to get the public key).
II.) (should already be done)
put localhost.localdomain in
<openssh config dir>/etc/shosts.equiv
III.) put localhost.localdomain's public key in
<openssh config dir>/ssh_known_hosts2. You can get
this by looking in ~/.ssh/known_hosts, since you
got it when you ssh-ed to localhost.
IV.) (should already be done)
In <openssh>/etc/ssh_config, make sure:
HostbasedAuthentication yes
PreferredAuthentications hostbased,publickey,password
V.) (should already be done)
In <openssh>/etc/sshd_config, make sure
HostbasedAuthentication yes
There may be an option
HostbasedUsesNameFromPacketOnly yes
set. Delete it, or set it to no.
VI.) (shouldn't need to do this, because 5 should be done)
restart sshd if you made change 5.
23.) Make samba work (optional)
mkdir /etc/samba
cp /usr/local/apps/samba/etc.skel/* .
edit /etc/samba/smb.conf so your machine works right
mkdir /etc/samba/private ; chmod 700 /etc/samba/private
mkdir /var/samba
24.) Set up alsa: IMPORTANT - DO KERNEL FIRST. Doing a make_modules in kernel
build deletes extra modules, INCLUDING ALSA MODULES!!!
- copy the alsa dir out of /usr/local/apps/alsa in to
/usr/src on each client.
- for the alsa-drivers, do:
make clean
./configure --with-sequencer=yes --with-oss=yes --with-cards=all
make
make install
(you have to do this each kernel recompile)
the first time you set up alsa do: ./snddevices in the above dir too.
- for the rest of the utils, do:
make clean
./configure
make
make install
- for each soundcard put a lines like:
alias snd-card-0 snd-maestro3
in modules.conf
- for OSS compatibility, put in:
alias sound-slot-0 snd-card-0
alias sound-service-0-0 snd-mixer-oss
alias sound-service-0-1 snd-seq-oss
alias sound-service-0-3 snd-pcm-oss
alias sound-service-0-8 snd-seq-oss
alias sound-service-0-12 snd-pcm-oss
as well
25.) Make sure to make any appropriate dvd devices. (Try doing a DVD
under Xine and see what it complains about; I think it wants /dvd.)
26.) For joystick support, add the line:
post-install snd-emu10k1 modprobe emu10k1-gp; modprobe joydev; modprobe sidewinder
to /etc/modules.conf (the joydev line us unnecessary if compiled in;
the other two MUST be modules in order to load after ALSA)x
27.) for support for the i8k buttons, do a 'make', 'make install' as root and
then copy the i8kbuttons script into /etc/init.d. Link it to where
it should be.
- ln -s /usr/local/apps/i8kutils/i8kmon.conf /etc/i8kmon
28.) For cd burning support:
- chmod 4755 /usr/bin/cdrecord
- chmod 666 /dev/sg0
29.) For bittorrent support:
add the following line to /etc/mailcap
application/x-bittorrent; /usr/local/apps/bittorrent/BitTorrent-current/btdownloadgui.py %s; test=test -n "$DISPLAY"
30.) Get rid of the stupid rhn panel applets:
KDE: /usr/share/config/ksmserverrc
GNOME: /usr/share/gnome/default.session
The file formats should be self explanatory. Edit them smartly.
31.) Make lots of media formats work
ln -s /usr/local/apps/win32dlls/dlls ./win32
32.) Fix the hotplug scripts for the scanner:
add the line:
usbscanner 0x0003 0x05d8 0x4002 0x0000 0x0000 0x
ff 0xff 0xff 0xff 0xff 0x
ff 0x00000000
to /etc/hotplug/usb.usermap
and copy the usbscanner script from /usr/local/apps/sane/my_stuff
to /etc/hotplug/usb.