M$ Penguin ™'s Installing an All-In-One Box

I really wanted to call myself “The Angry Penguin”™, still might... Anyway, I really got into linux back in 1996 doing some product work. I then needed to have a virtual file space and a web page up. Some place where I could keep my resume and some files. I was going to have a database full of local car racing pictures and a little web site for all the local dogs that vist our local "Leash Free Park". These parks are great for the dogs and their owners.

Anyway, Microsoft was charge way too much money too buy one of their servers and I couldn't find cheap good hardware to run it. I also needed to get a firewall up and protecting... MicroSoft was just too much money! So, I went back to opensource just for fun. I have tried both OpenBSD and RedHat, but not Caldera, SuSE or Debian .

What I ended up with is far different than I expected. I have a system which is more of a Small Office Home Office (SOHO) or Small and Medium size Enterprises (SME) power plant. It now handles my office functionality with out any issues.

If you find any errors, mistakes, please let me know. If you know of some neat packages that I might want to use, drop me a line.

M$ Penguin™

Getting your distro

Why did I choose RedHat?

For the simple reason, it is the most popular. I am a lemming that follows everyone else. See http://www.linuxnovice.org/main_distro.php3 , http://www.linuxplanet.com/linuxplanet/tutorials/ , DistroWatch.com, LinuxPlanet - Tutorials or for a good general info. Check with http://www.linuxbase.org/ to ensure that you are using a Linux that is "Standarized".

Make sure you get puTTY while you are at it. It will save you lots of time an headackes.The most GNU/Linux on 1 floppy disk, The Linux Documentation Project and RPM Find are also a favorites.

Setup the network

1. setup the devices (should be done as part of the automatic install).
2. set up the path with
   route -n
route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0
route add default gw 192.168.1.2
route -n
3. ping some computer...

Installing DHCP Server

Taken from Dynamic Host Configuration Protocol RFC
The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses andadditional configuration options. DHCP captures the behavior of BOOTP relay agents, and DHCP participants can interoperate with BOOTP participants.

1. cd /mnt/cdrom/RedHat/RPMS
2. rpm -ih ./dhcp-2.0pl5-8.i386.rpm
3. vi /etc/dhcpd.conf

   subnet 192.168.1.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time -5hr*60min*60sec # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1 range dynamic-bootp 192.168.0.128 192.168.0.255; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address host ns { next-server marvin.redhat.com; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254; } }

4. Go back to the Service Configuration and make sure dhcpd is checked on
5. In a command prompt goto /etc/rc.d/init.d and type ./dhcpd start

Configuring Samba

Taken from the Samba Web Site

Here is a very short list of what samba includes, and what it does. For many networks this can be simply summarised by "Samba provides a complete replacement for Windows NT, Warp, NFS or Netware servers."

• a SMB server, to provide Windows NT and LAN Manager-style file and print services to SMB clients such as Windows 95, Warp Server, smbfs and others.
• a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing support. Samba can be the master browser on your LAN if you wish.
• a ftp-like SMB client so you can access PC resources (disks and printers) from unix, Netware and other operating systems
• a tar extension to the client for backing up PCs
• limited command-line tool that supports some of the NT administrative functionality, which can be used on Samba, NT workstation and NT server.

For a much better overview have a look at the web site at http://samba.org/samba, and browse the user survey. Related packages include:

• smbfs, a linux-only filesystem allowing you to mount remote SMBfilesystems from PCs on your linux box. This is included as standard with Linux 2.0 and later.
• tcpdump-smb, a extension to tcpdump to allow you to investigate SMB networking problems over netbeui and tcp/ip.
• smblib, a library of smb functions which are designed to make it easy to smb-ise any particular application. See ftp://samba.org/pub/samba/smblib .

Please note: Windows NT, Windows 95, OS/2 Warp Connect and OS/2 Warp 4 clients don't need any extra software in order to run talk to a Samba server. These OS's come standard with TCP/IP which is all you need. You may find the following doc s useful in configuring them: Windows NT 4.0 , Windows 95 , Warp 4 and Warp Connect.

1. cd /etc/samba

2. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = Name # server string is the equivalent of the NT Description field server string = My Samba Server # This option is important for security.It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 192.168.1. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest : : : : # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes : : : [public] comment = Public Stuff path = /share public = yes writable = yes printable = no write list = @staff [cds] comment = CDs For all path = /share/CDs browseable = yes printable = no public = yes writable = no

3. testparm
4. cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
5. smbpasswd username
6. /etc/init.d/smb restart
7. go to a windows machine and try \\192.168.1.4\public

Configuring Bind

BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:

• a Domain Name System server (named)
• a Domain Name System resolver library
• tools for verifying the proper operation of the DNS server

1. go to /etc/named.conf

2. / generated by named-bootconf.pl options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; #zone "." IN { # type hint; # file "named.ca"; #}; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "robertsearle.com" IN { notify no; type master; file "robertsearle.com.zone"; allow-update { none; }; }; zone "1.168.192.in-addr.arpa" IN { notify no; type master; file "1.168.192.zone"; allow-update { none; }; allow-transfer { 192.168.1/24; }; };

3. go to /var/named/ and create a file mydomain.com.zone

4. $TTL 86400 @ IN SOA robertsearle.com. root.robertsearle.com. ( 3 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) NS robertsearle.com. MX 10 robertsearle.com. TXT "Robert Searle domain" localhost A 127.0.0.1 robertsearle.com. A 192.168.1.4 cage A 192.168.1.4 cheese A 192.168.1.100 searlehome A 192.168.1.36 homepage CNAME www.wlfdle.phub.net.cable.rogers.com. smtp CNAME smtp.wlfdle.phub.net.cable.rogers.com. nntp CNAME nntp.wlfdle.phub.net.cable.rogers.com. pop3 CNAME pop3.wlfdle.phub.net.cable.rogers.com. pop CNAME pop3.wlfdle.phub.net.cable.rogers.com. include "/etc/rndc.key";

5. dig @localhost cage
6. dig @localhost -x 192.168.1.4

ntpd-Network Time Protocol(ntp)

• ntpq -p

• awk '/^server/ {print $2}' /etc/ntp.conf | grep -v '127.127.1.0' > /etc/ntp/step-tickers

• for h in `cat ./ntp/step-tickers`; do echo restrict `dig +short $h` >>/etc/ntp.conf; done

 
# Prohibit general access to this service.
restrict default ignore

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 


# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service.  Do not permit those systems to modify the
# configuration of this service.  Also, do not use those
# systems as peers for synchronization.
 restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap


# --- OUR TIMESERVERS ----- 
# or remove the default restrict line 
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery
# server mytrustedtimeserverip



# --- NTP MULTICASTCLIENT ---
# multicastclient			# listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
#  restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap



# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	

server ntp.cpsc.ucalgary.ca	#University of Calgary, Calgary, Alberta, Canada
server ntp1.cmc.ec.gc.ca	# Canadian Meteorological Centre, Dorval, Qu�bec, Canada
server ntp2.cmc.ec.gc.ca	# Canadian Meteorological Centre, Dorval, Qu�bec, Canada
server tick.utoronto.ca prefer	# University of Toronto, Toronto, Ontario, CANADA
server tock.utoronto.ca prefer	# University of Toronto, Toronto, Ontario, CANADA
server time.chu.nrc.ca 		# National Research Council of Canada, Ottawa, Ontario, Canada
server time.nrc.ca 		# National Research Council of Canada, Ottawa, Ontario, Canada


#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
broadcastdelay	0.008

#
# Authentication delay.  If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate yes

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys		/etc/ntp/keys

      

Configuring a Virtual CD-ROM Jukebox

1. /etc/init.d/autofs stop
2. cd /share/
3. mkdir ISOs CDs .automount
4. ls -a
5. vi /etc/auto.master

   # $Id: auto.master,v 1.2 1997/10/06 21:52:03 hpa Exp $ # Sample auto.master file # Format of this file: # mountpoint map options # For details of the format look at autofs(8). # time is 30 sec /share/.automount /etc/auto.misc --timeout=30

6. vi /etc/auto.master

   # $Id: auto.misc,v 1.2 1997/10/06 21:52:04 hpa Exp $ # This is an automounter map and it has the following format # key [ -mount-options-separated-by-comma ] location # Details may be found in the autofs(5) manpage #cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom docs -ro,loop,fstype=iso9660 :/share/ISOs/docs.iso Office2000.cd1 -ro,loop,fstype=iso9660 :/share/ISOs/Office2000.cd1.iso # the following entries are codeles to pique your imagination #linux -ro,soft,intr ftp.example.org:/pub/linux #boot -fstype=ext2 :/dev/hda1 #floppy -fstype=auto :/dev/fd0 #floppy -fstype=ext2 :/dev/fd0 #e2floppy -fstype=ext2 :/dev/fd0 #jaz -fstype=ext2 :/dev/sdc1 #removable -fstype=ext2 :/dev/hdd

7. cd CDs
8. ln -s ../.automount/docs
9. ln -s ../.automount/Office2000.cd1
10. get the RedHat 7.3 doc iso file from ftp.redhat.com called valhalla-docs.iso
11. umount /mnt/cdrom
12. dd if=/dev/cdrom of=/share/ISOs/Office2000.cd1.iso
13. /etc/init.d/autofs restart
14. Goto a windows machine and view your server and the share CDs

    RedHat

    setiathome_win_3_07.exe

    local

    wireless

Setting up Apache

1. add the follwing to /etc/httpd.conf

   # IndexIgnore .??* *~ *# .[!.]* images* unpublish* _* HEADER* README* RCS CVS *,v *,t : : : # The following lines prevent .htaccess files from being viewed by # Web clients. Since .htaccess files often contain authorization # information, access is disallowed for security reasons. Comment # these lines out if you want Web visitors to see the contents of # .htaccess files. If you change the AccessFileName directive above, # be sure to make the corresponding changes here. # # Also, folks tend to use names such as .htpasswd for password # files, so this will protect those as well. # <Files ~ "^\.ht"> Order allow,deny Options -Indexes Deny from all </Files> <Directory ~ "(/_|image).*"> Options -Indexes </Directory> <Directory ~ "/\..*" > AllowOverride None Options-Indexes Order deny,allow Deny fromAll </Directory>

2. The change

   # # # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" # AllowOverride AuthConfig : : : # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # #HostnameLookups Off HostnameLookups On

3. Change this line in the file

   AuthType Basic AuthName MyPrivateFile AuthUserFile /etc/httpd/conf/users Satisfy All Require valid-user

4. create users and passwords to access this protected directory
   htpasswd -c /etc/httpd/conf/users user1
htpasswd /etc/httpd/conf/users user2
   
5. Then for Virtual File names do

   # # Use name-based virtual hosting. # NameVirtualHost * # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # <VirtualHost *> ServerName platinumarchitecturegroup.com ServerAlias www.platinumarchitecturegroup.com ServerAlias platinumjava.com ServerAlias www.platinumjava.com ServerAdmin webmaster@platinumjava.com SSLDisable DocumentRoot /var/www/htdocs/platinumjava.com/ ErrorLog logs/platinumjava.com-error_log RefererLog logs/platinumjava.com-referer_log TransferLog logs/platinumjava.com-access_log </VirtualHost> <VirtualHost *> ServerName thegreedforspeed.com ServerAlias www.thegreedforspeed.com ServerAlias www.winnerscircleautoservice.com ServerAlias winnerscircleautoservice.com ServerAdmin webmaster@thegreedforspeed.com DocumentRoot /var/www/htdocs/winnerscircleautoservice.com/ RefererLog logs/winnerscircleautoservice.com-access_log ErrorLog logs/winnerscircleautoservice.com-error_log TransferLog logs/winnerscircleautoservice.com-access_log </VirtualHost> <VirtualHost 192.168.1.2> ServerName snotbox.platinumjava.com ServerAdmin webmaster@snotbox.platinumjava.com DocumentRoot /var/www/htdocs/ ErrorLog logs/snotbox.platinumjava.com-error_log CustomLog logs/snotbox.platinumjava.com-access_log common </VirtualHost>

Installing MRTG

1. Note you need snmpd working....
2. rpm -qa |grep mrtg to see if it is installed
3. cd /etc/mrtg
4. vi mrtg.cfg
5. make sure that snmpd is automatically loaded as a deamon
6. create a new MRTG file
7. cfgmaker public@machine_name > mrtg.cfg

Installing Analog

1. Goto http://www.analog.cx/
2. Get the pre built rpm file
3. rpm -ih rpm-file-name
4. Follow the directions at http://www.analog.cx/how-to/vhosts1/index.html

Installing Mailman

• bin/check_perms -f
• follow instructions at mailman.org

Misc Stuff

LaTeX

• Install TeTeX
• http://entropy.brni-jhu.org/linuxsetup30.html has great instructions for installing fonts.
• try
  
• the following must be run as root
  

  #!/bin/sh texhash for h in `ls *.mf`; \ do \ echo $h; mktextfm $h done texhash

  vi `kpsewhich --format=cnf fmtutil.cnf` ;uncomment the -en line fmtutil --missing

  
  

Linux Journal Dec 2001 -- Marcel Gagne's Ligher Admin Fare with Depth

XCruise

• goto http://www.unixuser.org/~euske/pub
• xmkmf -a
• make

TDFSB 3-D filesystem Browser

• goto http://www.hgb-leipzig.de/~leander
• install glut from your distro
• ./compile
• ./tdfsb

MisterHouse

Perl Stuff

1. xhost +localhost
   
2. su but do not su - since this will goof up xhost
3. Make sure you get the xlibs-dev, XFree86 development libraries(with header files) for perl  These are the x11 libraries you need.
4. apt-get -u install xlibs-dev
5. apt-get -u install libgd2-xpm-dev
6. apt-get -u install libwxgtk2.2-dev 
7. apt-get -u install tk8.4-dev
   
8. libpng2-dev
9.