CCP14
Methods, Problems and Solutions
Linux Information for Crystallography
Installing a Mandrake 7 Linux and Windows Dual Boot System via Local CD-ROM Install on a Generic Desktop PC
The CCP14 Homepage is at http://www.ccp14.ac.uk
Note: Mandrake 7 has been obtaining a good reputation from those claiming to
be in the know. Based on the installation and graphical administration tools, this is deserved.
G77 Fortran is installed by default, and administration and updating is very easy to perform via the GUI Desktop.
Disclaimer
The following install and configuration should leave no open services for potential
hackers to scan. This is consistent with setting up a client system or getting ready to
create a server. In the following, the graphical CD-ROM install is shown.
(If you are running X, use of port 6000 by X can be disabled by adding the
flag '-nolisten tcp' to the "startx" X server command script.)
Note: Because of variations in install, multiple toolsets, (never knowing whether
a previous install might have affected the next one); some/all(?) of the following information
might be wrong; and there are probably better methods for doing the following. Keep this in
mind and feel free to think a bit before blindly following the instructions.
Note 2: Most Linux installations have a habit of loading more than you really need and running
deamons that you may not really need. After installing, doing a security audit and removing
deamons you do not require is pretty much mandatory. Some of this is explained at the end
of install file. Mandrake 7 Linux actually makes this very easy to do.
As stated above, this installation tutorial has been modified to try and have
this as hacker safe an installation as possible with by default, no scannable ports open.
Note 3: If running crystallographic programs compiled on Redhat Linux, it could be safter
recompiling. Strange effects may occur otherwise with some programs such as Sir97, Dirdif and Crunch.
Warning: (was advised by local department network support group to insert
the following) In some organisations and departments, installing unauthorized software
or operating systems such as Linux could be a sackable offence. If in doubt, check with
your network support group. Also, take note that some distributions and setup options may
also install software deemed to be "hacker tools". Presence of "hacker tools" on a
computer system could prompt management or criminal action against "offenders".
Also refer:
Backup your old stuff
The following method does the dual boot installation of Linux and Win95 from scratch using
an unpartitioned disk. It is possible to install Linux on an existing Windows system
without destroying the Windows area using FIPS or other similar non-destructive reformatting
software (e.g., Partition Magic). However implementing that is possibly part of a "future" X
hour hacking session; so we are doing "clean the disk - then install" method here.
"FIPS is a program for non-destructive splitting of harddisk partitions" -
FIPs Webpage at: http://bmrc.berkeley.edu/people/chaffee/fips/fips.html.
Note that an up to date FIPS is included in the Mandrake Linux tools area.
Partition-Magic is a commercial program with a good reputation for repartitioning without destroying
your data:
http://www.partitionmagic.com/
If new to Linux, Expect to Initially Waste a Lot of Time
Like Austen Powers(?), "It's UNIX Baby Yeahhhh!"
Also refer Unix-haters handbook -
http://catalog.com/hopkins/unix-haters/handbook.html
Noting down the PC System Information
Note down all the information on your system including chip-sets, monitor refresh rates, etc.
If Linux makes a wrong choice, or prompts for a decision, you have to give it the
correct information. If you have Win95/Win98 or WinNT installed, you can
gain this information quite easily from the control panel (assuming the PC is
setup with the correct drivers). This also includes all the network information;
IP address, name, domain, gateway/router, NetMask, etc. Too much information
does not hurt, only too little. For network cards and the like, you may have to
go into Win95 or Win98 and get the memory addresses and the IRQs used. You tend to
find out what extra information you need the hard way.
The only information that Mandrake 7 Linux requires is the Monitor type and information.
It correctly probes the remaining hardware.
In this case:
- Viglan 300 MHZ Intel Pentium with 128 Meg RAM
- 3COMFast Etherlink XL 10/100 Mb TX Ethernet NIC (3C 905B-TX) on IRQ 9
- ATI Xpert@Work Video Card (ATI 3D RAGE PRO - DirectX) (MACH64 Drivers based for XFree86 Xwindows)
- iiyama 17" MT-9017T video monitor that can do (Frequency: 50/60Hz):
- 1024x768 at 75Hz VESA; 60.02kHz HorizontalFrequency; 75.0kHz Vertical Frequency
- 1280x1024 at 75Hz VESA; 79.98kHz HorizontalFrequency; 75.0kHz Vertical Frequency
- Generic Floppy Disk
- In board SYMBIOS Logic 875XSID (NCR53c8xx) (Hardcopy Manual: SYM8751SP) PCI Ultra SCSI
Host adapter
- 8 Gig SCSI Fujitsu Hard Disk drive
- Yamaha OPL3-Sax Sound System
- Atapi CD-ROM: TEAC CD-532E
- MS PS/2 3 button Intellimouse
Eitherbuying or Creating your Own Install CD-ROM
Buying the Mandrake CD-ROM would be the easiest option but downloading an ISO
CD-ROM can be quite easy as well if you have a good internet link.
Most of the mirror sites also have ISO CD-ROM images that can be used to
create bootable CD-ROM images.
Refer to Mandrake Mirrors at http://www.linux-mandrake.com/en/ftp.php3.
Obtaining Mandrake 7 ISO Images
Any decent CD burning software should be able to handle the following ISO images. Read the program
help as it may require some special flags for burning ISO images (i.e., writing the File allocation table first).
Deciding now on the partitions
Summary: the old Redhat Linux 5.2 manual recommended you partition the hard-disk into segments.
You can if you want to just partition the disk into one large partition that
everything fits into if you want to - this can be much simpler but might hurt you
in the future. I prefer to put everything on one partition with this laptop as
expanding harddisk space is not a practical option - thus everything has to fit.
(Please note that decisions made now can cause much pain and gnashing of teeth later).
Hewever, the Mandrake 7 installer seems to use quite "intelligent" auto-allocation.
When in doubt, go for a single "/" partition. But it could be worth while letting Mandrake 7
to the partition allocation for you - and that is what we will be doing here.
The following PC is configured to have 2 to 3 operating systems, Windows, Linux and FreeBSD.
In principle, if you set up a dual boot system, then a multiple boot system is a piece
of cake. The main limitation being that for PCs, each hard-disk can only have 4 primary
bootable partitions. In this case, we will handle the simpler case of just having
Windows or Linux.
- 4 to 8 Meg for the Partion Manager menu system
- 4 Gig for Win95
- 4 Gig for Mandrake Linux
Obtain the Ranish Partition Manager for DOS and create a Win95 Boot disk
After mucking around with a few utilities, the freeware Ranish Partition Manager for DOS
is a work of genius for managing partitions and boot managing.
Menu driven, it is a breeze to create and delete partitions,
multiple primary partitions, configure the MBR area. It easily will fit on a Windows/DOS
boot floppy with the rest of your boot utilities. (latest beta version at time of writing (27th April 2000) :
was dated March 14, 2000)
New facilities in Ranish Partition Manager 2.38 (covered in this tutorials):
- Handle disks over 8G
- Copy disks and partitions
- Format and Resize FAT partitions
- Boot MS-, PC-, DR- DOS and Windows NT from partitions above 2G
- Boot Partition Manager from a floppy without any OS
- Now added SIMULATION program which lets you play with Partition Manager without messing the real disk
Now before you consider deleting Windows, create a boot disk (format a: /u/s) and copy
over the required utility software.
- Copy over the following to the floppy disk:
- Ranish Partition Manager
- format.com
- fdisk.exe
- edit.com
- sys.com
- xcopy.exe
- xcopy32.exe
- himem.sys
- scandisk.exe
- CD-ROM driver and MSCDEX.EXE
- Anything else you fancy and that will fit.
- Configure the config.sys and autoexec.bat on the floppy so that it
will enable the CD-ROM on bootup; plus himem.sys and any country
specific drivers. Set MSCDEX to use D: drive for the CD-ROM. (We will
be formatting the DOS partition of the hard-disk as C: drive.)
In the case of this PC:
- Note: Having a loaded CD-ROM pointing to C: drive can possibly
stuff up the partitioning process later on; though Ranish Partition
Manager will probably warn you that something is going wrong.
If in doubt, remove the CD-ROM booting from the config.sys and autoexec.bat.
Creating the LINUX Boot Images on Floppy Disk
Just in case your system cannot boot from the CD-ROM, you can obtain floppy disk images from
the Mandrake mirrors. The Boot image you need is called cdrom.img
These are generally in the images directory of the media you intend
to install from.
(choose closest Mandrake Linux mirrors via:
http://www.linux-mandrake.com/en/ftp.php3)
Use rawritefor DOS or rawritewin for Windows from the dosutils directory to write/burn the images
onto the CD. Standard "copy" command will not work. Just type rawrite and answer the questions.
Also refer:
- RawWrite 0.3 for windows (NT & 95)
- "rawwrite (or rawrite) is the essential utility for creating boot and root disks for installing Linux.
Unfortunately, it required DOS to operate, so here is the long awaited WIN32 version. It works
under NT and 95."
- http://uranus.it.swin.edu.au/~jn/linux/rawwrite.htm
Alternatively, if you are already on a LINUX PC, you can use the command:
- dd if=filename.img of=/dev/fd0 bs=1440k
- dd if=bootnet.img of=/dev/fd0 bs=1440k
- dd if=pcmcia.img of=/dev/fd0 bs=1440k
- dd if=rescue.img of=/dev/fd0 bs=1440k
Determine the Install Process/Method you are going to Use
You have a variety of options to install the Mandrake 7 Linux
distribution. In this case, we are using a the bootable ISO CD-ROM. Though methods
such as network (FTP) based network installation are also available.
Booting from Your DOS/Windows Floppy Boot Disk, Deleting Existing Partitions and Editing Master Boot Manager (MBR) Options
Boot from your DOS/Windows Floppy Boot Disk and run the menu driven Ranish Partition Manager.
- If you had a single FAT-32windows partition, Ranish Partition manager might show the following information.
(Screen Image of Ranish Partition Manager and original )
- Delete the existing partitions. (if you make a mistake - you can use the F3 "undo" button. Also, if you
have already partitioned your hard-disk, you would only have to remove the non-windows partitions in
preparation for Mandrake Linux)
- (If you want a nice graphical boot manager, select Text 25x80
under the MBR config, then add a "small" "Boot Manager" Partition (4 Meg) as the first Primary partition
using the INS key (which gives a menu list of the possible file systems that can be added)) and
set this as the Bootable Partition . Then, taking into account the above, continue on with the following.
- In the first "Primary" Partition, create a 4 Gig Windows FAT-32 Partition (when promped, save
but DO NOT format as results may not be predictable. We use the Windows format.com program later.)
Set this as your default Boot area using the B key. (Don't be too worried at this point if Ranish is
unhappy about not letting it format the partition and says the DOS/Windows Boot Sector does not have valid information.
Once it is formatted using the format.com program, it should have valid information).
- Highlight the MBR (Master Boot Record) and:
- Set the MBR Executable to "Boot Manager"
- Boot Interface type to "Text 25x80"
- Check for Viruses "No" (otherwise you may not be allowed to save to the MBR)
- Boot prompt timeout = "60" is nice?
- Default Boot Choice of "Prompt User"
- Once you make these changes, Ranish Partition manager might show the following information.
(Ranish partition Manager Screen Image with new Partition Information)
- Save using the F2 key.
- Ranish Partition Manager will then tell you that it saved the partition information to the hard disk
(Ranish partition Manager Screen Image stating that is
has saved the partition information)
- Now exit Ranish partition manager.
Formatting the C: Drive - MS-Windows FAT-32
Formatting the Windows partition now is optional. Normally, it can be good to
install windows first to save on minor nuances later (MS-Windows likes to take ownership of
the Master Boot Record - when it does just use Ranish Partition Manager to
set thing back). Boot from your DOS/Windows Floppy Boot Disk and run the menu driven Ranish Partition Manager.
- Just in case, reboot the PC from the Floppy disk.
- From the floppy disk, type format c: /s and when prompted:
Y - you want to proceed. (/s puts the boot files on the hard-disk)
- Give it a volume name of DOS
- If you want to, you can now install Win95; but I would wait until after getting Linux
happily installed in case some partition nuances (didn't allocate enough space to an
important partition) come to haunt you.
- Take the floppy disk out of the disk drive (to check the boot manager is happy).
- Reboot the PC and you should be given a Boot Menu.
- The following is the type of menu to expectL
(Ranish partition Manager Boot Menu)
Also Refer:
- reading linux ext2fs partitions with DOS/Windows
- Go into your PC BIOS and check that the CD-ROM will boot prior to the hard-disk. This will
normally be in the "advanced configuration" or "boot" type of menu.
- Screen Image of: Order of Device booting as described in the PC BIOS
- Making sure the network is connected and you have all the relevant information
specified above, insert the Mandrake 7 Linux bootable CD-ROM and reboot the PC.
- Mandrake will give you the following starting screen prompting for
the language you wish to use. In this case, we select English(UK)
- (Note: You can go back anytime to a part of the installation by selecting from the menu
system on the left hand side of the screen).
- When Mandrake prompts for the Installation Class, choose Customized
so that you have more control of what is going on.
- When Mandrake prompts for the Usage you want, choose Development
which gives you the C and Fortran compilers.
- As the hard disk on this PC is off a SCSI card, Mandrake will probe and indentify the SCSI card,
choose Customized
then request information on whether you have another SCSI card. In this case, the
answer is No.
- When Mandrake prompts, this is an Install.
- A minor nuance with Mandrake, it automatically probed for a mouse but assigned a 2 button mouse. This is a
3 button mouse, so click on the Configure Mouse button on the left hand menu
and select the PS/2 MS IntelliMouse prompts,
- Now when prompte for the keyboard type, confirm the UK keyboard.
- For the Miscellaneious Questions, going with the defaults if OK
(Medium Security, etc)
- When presented with the FileSystem Types and Hard-disk Partitioning Screen, select Auto-allocate and
Continue on. (It will not overwrite the Windows partition). If feeling nervious at this point due to
the possibility of the "/" partition filling pu, delete the /home and expand the / partition.
- The installer will then warn that the new Partition Table is going to be
written to the disk. Continue on by selecting OK.
- When prompted format all Linux partitions.
- When prompted for packages to Install, in the list of options I tend to go for the KDE desktop but
it is up to you to choose the desktop of your liking (Gnome or KDE). KDE presently seems slicker
and more oriented towards users.
- Consider doing the following but feel free to make your own choices.
- Deselect Gnome
- Deselect Other window managers
- Deselect Web Server
- Deselect Network Management Workstation
- Deselect Databases
- The installer will then give the option of trimming down the
size of the install using a slide bar down to a minimum installation if you wish.
Continue on by selecting OK.
- Mandrake will then calculate the time it will take and start
downloading the selected packages. In this case, it will take about 12 minutes to install
the packages.
- After downloading the packages, you will be prompted for
the type of networking you wish to install. In this case, we are installing the PC on
a Local LAN.
- Insert your IP address information .
- Insert the full host name, DNS Server and Gateway/Router.
- If you have FTP and HTTP proxies, insert them, otherwise continue.
- Confirm the time zone.
- Configure a printer if you wish.
- Enter a good, secure root password.
- Add a user with the tcsh (csh) so that the System S/Platon
Single crystal suite will be happy.
- Get a floppy disk and create a boot disk.
- Important bit: It should be OK to
install LILO int he default area.
Do not install LILO over the MBR as this is where Ranish Partition Manager is and we
want to use this, not LILO. If Mandrake complains that it cannot install the LILO boot
loader, try using Linear mode.
- Stick with the default LILO entries. Select Done
- As part of the X setup, select your monitor type and continue.
- Select the resolution and colour depth you would like to use.
- It might be a good idea to test the configuration.
- If you want a pretty Graphical starting interface on bootup,
you can start X on booting. I tend to
not start X on bootup - but Log in via the command line, then type startx to start the
X session. You might prefer the Graphical interface.
- You should now have a congratulations screen. Selecting
OK should eject the CD-ROM, then reboot.
- On reboot, and you are given the Ranish Boot Manager Menu. Selecting
the partition after Windows, should boot Linux.
- Log in as a user (i.e., yourself). One strange nuance if you do the command line login approach is
that /usr/X11R6/bin is not part of the path for tcsh/csh users (so startx does not work).
Thus edit a .cshrc file in your home area and add the line:
set path = ( $path /usr/X11R6/bin)
Then re-source using source .cshrc
- You may want to log in as a user and check the network is working. Try and
ping a local or foreign computer, e.g., "ping www.apple.com. Everything should be happy,
if not, going into linuxconf will be required.
- To not advertise port 6000 while running Xwindows, (as root) edit the "/usr/X11R6/bin/startx" file
and under "clientargs" and "serverargs" add -nolisten tcp within the quotes.
- Warning: Re NMAP software: even just downloading nmap - may be a sackable offense
in many organisations. Check with your network support group first before downloading nmap and any other related
tools.
- As Linux can tend to run many un-necessary services run that could be
a hacker's dream so, we will be runing these off. I.e., on install, the following are generally open:
Starting nmap V. 2.30BETA20 by [email protected] ( www.insecure.org/nmap/ )
Interesting ports on ccp14vig1.dl.ac.uk (148.79.160.133):
(The 1510 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
98/tcp open linuxconf
110/tcp open pop-3
113/tcp open auth
119/tcp open nntp
515/tcp open printer
- In the KDE Desktop, as "root" or a "plain user" (Drakconf will prompt for the root password if
running as a plain user), run Drakconf and enter Startup Services.
From the GUI menu, disable:
- inet
- innd (deamon)
- linuxconf (the deamon version)
- lpd
- netfs
- postfix (SMTP/Sendmail alternative)
- The above changes in services will be enabled on reboot.
- To make sure you have no insecure/out of date programs running, now run Updates from the KDE desktop;
select a close mirror then OK. This will load information on what updated programs are available.
Select them all, then update by selecting Go.
- Now might be a good time to reboot to enable all the above changes to the network services by rebooting.
- Warning: Re NMAP software: even just downloading nmap - may be a sackable offense
in many organisations. Check with your network support group first before downloading nmap and any other related
tools.
Providing this is consistent with your network usage policies (check with your network support people),
you can now try running a "scanner/probe" on the new Linux machine once it is connected to
the network. A very good scanner program is nmap (http://www.insecure.org/nmap/).
Nmap (using "nmap -sS machinename") should say there are no open ports.
Then run Xwindows (using the startx command), nmap should still state that there are no open ports. If
there are open ports, you may have forgot to turn a System Service off when using /usr/sbin/setup.
NMAP gives the following result on the above setup Linux computer:
nmap -sS computername
Starting nmap V. 2.30BETA20 by [email protected] ( www.insecure.org/nmap/ )
All 1518 scanned ports on ccp14vig1.dl.ac.uk (148.79.160.133) are: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds
Or trying to detect the operating system.
nmap -sS -O computername
Starting nmap V. 2.30BETA20 by [email protected] ( www.insecure.org/nmap/ )
All 1518 scanned ports on ccp14vig1.dl.ac.uk (148.79.160.133) are: closed
Remote OS guesses: Linux 2.0.27 - 2.0.30, Linux 2.0.32-34, Linux 2.0.35-38, Linu
x 2.1.24 PowerPC, Linux 2.1.76, Linux Kernel 2.1.88, Linux 2.1.91 - 2.1.103, Lin
ux 2.1.122 - 2.2.14, Linux 2.2.12, Linux 2.3.12, NetBSD 1.4 / Generic mac68k (Qu
adra 610)
Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
- When running KDE desktop, you can change that the active Window is the one the Mouse is over by
going into Settings, Window Behavoir, Properties
and set "Focus Policy" to Focus Follows Mouse.
- A KDE FAQ on the Window manager is at:
http://www.kde.org/documentation/faq/kdefaq-7.html
- For getting back to programs you have minimised or switched from:
- While the mouse is on the desktop, click the middle mouse button will bring up a list of running applications
that you can select from.
Some other things
- If you did not do this before, as root, you may like to edit /etc/passwd and
make the default shell for users, csh. Bash can crash System S/Platon but runs fine with csh
- As root, edit /etc/aliases and set the the alias for root to your E-mail so you receive system
messages from root.
Things to do Now that Basic Linux has been Installed
- Always assume after running any updated, that some "open" services may have been reinstalled
that you do not know about (or changed your config).
Thus you can now again try running a "scanner/probe" on the new Linux machine once it is connected to
the network such as nmap (http://www.insecure.org/nmap/).
Nmap should say there are no open ports. Then run Xwindows (using the startx command), nmap should
still state that there are no open ports.
- Get and compile the excellent snarf program for being able to quickly get programs via FTP and HTTP via a command line -
http://www.xach.com/snarf/
ftp://ftp.mint.net/pub/snarf/snarf-latest.tar.gz
One of the advantages for UNIX is that it can work on a command line. Useful when you have limited memory or are
remotely logging in. Snarf can be a lifesaver to quickly pull over install files off the internet,
saving you loading up a GUI netscape or bothering with Lynx which can occassionaly be quite finicky for downloading.
- Compile/Install Secure Shell (SSH) for Linux
and disable superfluous inetd.conf based deamons - telnetd, logind, rshd - which should not be running
as inetd was disabled in the installation.
- Check around some Securing Linux sites for extra info on keeping your system "unhacked":