CCP14
Methods, Problems and Solutions
Linux Information for Crystallography
Installing a secure Redhat 6.2 Linux and Win95 Dual Boot System via CD-ROM Install on a Toshiba Laptop
The CCP14 Homepage is at http://www.ccp14.ac.uk
As of 2000/2001 - Redhat 7.0, then 7.1 and then 7.2 have been released. The installation given below
is still pretty much valid - and when differences happen they are pretty obvious. Tutorials for
installing 7.2 will be done once a spare computer and (more difficult in London) some office
space for the computer becomes available.
Note: As of early March 2000, Redhat 6.2 was released. Workarounds have now
been determined in doing an equivalent secure 6.0 type install. Overall, Redhat 6.2 install is
quite good, but there are still some post install fixups to do after the install.
Please note that a significant change for a laptop install Redhat Linux 6.2 (compared to Redhat 6.0)
is that the pcmcia.img is now the boot floppy disk to use. One problem with doing
a CD-ROM install with Redhat 6.2 is that Redhat can forget to prompt for the internet information.
This is covered in the post install fixup information.
Disclaimer
The following install and configuration should leave no open services for potential
hackers to scan. This is consistent with setting up a client system or getting ready to
create a server. In the following, the text based install is used as this gives the
option to install scientific crystallography important options such as the Fortran Compiler.
(If you are running X, use of port 6000 by X can be disabled by adding the
flag '-nolisten tcp' to the X server command line.)
Note: Because of variations in install, multiple toolsets, (never knowing whether
a previous install might have affected the next one); some/all(?) of the following information
might be wrong; and there are probably better methods for doing the following. Keep this in
mind and feel free to think a bit before blindly following the instructions.
Note 2: Redhat does have a reputation of loading more than you really need and running
deamons that you may not really need. After installing, doing a security audit and removing
deamons you do not require is pretty much mandatory. Some of this is explained at the end
of install file. As stated above, this installation tutorial has been modified to try and have
this as hacker safe an installation as possible with by default, no scannable ports open.
Warning: (was advised by local department network support group to insert
the following) In some organisations and departments, installing unauthorized software
or operating systems such as Linux could be a sackable offence. If in doubt, check with
your network support group. Also, take note that some distributions and setup options may
also install software deemed to be "hacker tools". Presence of "hacker tools" on a
computer system could prompt management or criminal action against "offenders".
Also refer:
Backup your old stuff
The following method does the dual boot installation of Linux and Win95 from scratch using
an unpartitioned disk. It is possible to install Linux on an existing Windows system
without destroying the Windows area using FIPS or other similar non-destructive reformatting
software (e.g., Partition Magic). However implementing that is possibly part of a "future" X
hour hacking session; so we are doing "clean the disk - then install" method here.
"FIPS is a program for non-destructive splitting of harddisk partitions" -
FIPs Webpage at: http://bmrc.berkeley.edu/people/chaffee/fips/fips.html.
Note that an up to date FIPS is included in the Redhat Linux tools area.
Partition-Magic is a commercial program with a good reputation for repartitioning without destroying
your data:
http://www.partitionmagic.com/
If new to Linux, Expect to Initially Waste a Lot of Time
Like Austen Powers(?), "It's UNIX Baby Yeahhhh!"
Also refer Unix-haters handbook -
http://catalog.com/hopkins/unix-haters/handbook.html
Noting down the PC System Information
Note down all the information on your system including chip-sets, monitor refresh rates, etc.
If Linux makes a wrong choice, or prompts for a decision, you have to give it the
correct information. If you have Win95/Win98 or WinNT installed, you can
gain this information quite easily from the control panel (assuming the PC is
setup with the correct drivers). This also includes all the network information;
IP address, name, domain, gateway/router, NetMask, etc. Too much information
does not hurt, only too little. For network cards and the like, you may have to
go into Win95 or Win98 and get the memory addresses and the IRQs used. You tend to
find out what extra information you need the hard way.
In this case:
- Toshiba Tecra 520CDT Laptop Pentium 166 with 32 Meg RAM
- 3Com (3C562D-3C563D) EL III Lan + 336 Modem PC Card (From Win95 - Input/Output Range 0110-011F)
- Network card: IRQ = 3
- Modem card: IRQ = 9
- Yamaha OPL3-SAx Sound System - IRQ = 5
- 800x600 256 Colour (32h) Thin Film Transistor (TFT) LCD display - 60 Hz (can do high colour)
- Monitor Scanning Frequency:
- 800x600 16Mil Colours Vert: 60 Hz, Horiz: 37.9Hz
- 800x600 32k/64k Virtual Colours Vert: 60 Hz, Horiz: 48.5Hz
- 800x600 32k/64k Colours Vert: 60/75/85 Hz, Horiz: 31.5/37.6/43.2Hz
- 640x480 16Mil Colours Vert: 60 Hz, Horiz: 31.5Hz
- 640x480 32k/64k Colours Vert: 60/75/85 Hz, Horiz: 31.5/37.6/43.2Hz
- PCIC or compatiable PCMCIA Card / Multifunction Parent Card: IRQ = 3
- Toshiba IDE CD-ROM XM-1502BN
- Generic IDE/ESDI Hard Disk Type01 (4 Gig)
- Generic NEC Floppy Disk
- Chips and Technologies 65555 PCI Video Card - DirectDraw Version 4 - 2 Meg RAM
- Toshiba CPI to PCI bridge
- Hard-disk controller IRQ = 14 / IRQ = 15
- Keyboard IRQ = 1
- PCI IRQ = 11
- Serial Ports = IRQ = 10 (COM2) IRQ = 4 (COM1)
- Printer Port = IRQ = 7
- Internal 2-button laptop mouse and external PS/2 MS 3 button Intellimouse.
(NOTE: If using an external mouse as we are here (having the 3 buttons is far more
convenient than emulating an X-mouse via 2 mouse buttons), it would be safest to
configure your Laptop BIOS to not use both internal and external mice simultaneious as erratic things
can occur). If you have an external serial port mouse (not PS/2), Redhat may not be able to recognise
and use this mouse, so you may be stuck with using the internet Laptop mouse. A quick solution to this is
to get a "serial to PS/2" adapter for the mouse.
Either buying or Creating your Own Install CD-ROM
Buying the Redhat CD-ROM would be the easiest option but the following
installation used a home made CD-ROM by downloading the files from an FTP
mirror. Most of these sites also have ISO CD-ROM images that can be used to
create bootable CD-ROM images.
Refer to Redhat Mirrors at http://www.redhat.com/mirrors.html.
Obtaining Redhat 6.2 ISO Images
Any decent CD burning software should be able to handle the following ISO images. Read the program
help as it may require some special flags for burning ISO images (i.e., writing the File allocation table first).
If you want to make a hand crafted CD-ROM, the following directory structure should work (with extras to make it
as freestanding as possible) (this CD will not be bootable):
- /doc
- /dosutils
- /images
- /linux
- /ranish (freeware Ranish Partition Manager which includes a boot manager)
- /Redhat
- /updates
- Some useful tools are also included like the latest Apache web-server source code, tcl/tk source, etc.
Note: You may not have enough room to put all the updated rpms so may have to optimised
the ones you don't think you will need.
Deciding now on the partitions
Summary: the old Redhat 5.2 manual recommends you partition the hard-disk into segments.
An easy option is to just partition the disk into one large "/" partition that
everything fits into. This can be much simpler but "might" hurt you
in the future (though unlikely for a client crystallographic number crunching
computer). I prefer to put everything on one partition with this laptop as
expanding harddisk space is not a practical option - thus everything has to fit.
(Please note that decisions made now can cause much pain and gnashing of teeth later - though
using a single partition has not resulted in any problems so far).
The following decisions were made due to limitations of a 2 Gig Hard-disk (of which ~1 Gig is
for Linux). An easy option is just to have a single Linux "/" partition. This will get
you going without too many complications that other Linux partitioning strategies can cause.
- 950 meg for Win95 and Windows programs (FAT 32)
- 120 Meg of Linux SWAP - mandatory - don't forget to make the LINUX SWAP area
- rest goes to /
- The Previous Partitioning was as follows - but the above is far simpler
- 950 meg for Win95 and Windows programs (FAT 32)
- 5 Meg for /boot (very important partition for dual booting)
- 48 Meg of Linux SWAP - mandatory - don't forget to make the LINUX SWAP area
- 80 Meg of / (root partition - /var and /tmp will also go here)
- 65 Meg of /opt (KDE desktop rpm binary installs should be happy with this http://www.kde.org)
- 550 Meg of /usr (large number of Linux Packages get installed here)
- 110 Meg of /home (juggle this with /usr/local)
- rest goes to /usr/local
Obtain the Ranish Partition Manager for DOS and create a Win95 Boot disk
After mucking around with a few utilities, the freeware Ranish Partition Manager for DOS
is a work of genius for managing partitions and boot managing.
Menu driven, it is a breeze to create and delete partitions,
multiple primary partitions, configure the MBR area. It easily will fit on a Windows/DOS
boot floppy with the rest of your boot utilities. (latest beta version at time of writing (27th April 2000) :
was dated March 14, 2000)
New facilities in Ranish Partition Manager 2.38 not yet covered in these tutorials:
- Handle disks over 8G
- Copy disks and partitions
- Format and Resize FAT partitions
- Boot MS-, PC-, DR- DOS and Windows NT from partitions above 2G
- Boot Partition Manager from a floppy without any OS
- Now added SIMULATION program which lets you play with Partition Manager without messing the real disk
- "The REAL Multi-boot": Tutorials on using shareware/freeware Ranish Partition boot manager and
partition manager to get around the 4 Primary Partition limit with PC:
http://members.tripod.it/Trombettworks/multi-boot.htm
- It should be noted that new boot and partition managers are being created all the time. The
GPL'd XOSL is one worth checking out for Windows which allows 24 boot items (gets around
the 4 Primary partition limit) -
http://www.xosl.org/
Now before you consider deleting Windows, create a boot disk (format a: /u/s) and copy
over the required utility software.
- Copy over the following to the floppy disk:
- Ranish Partition Manager
- format.com
- fdisk.exe
- edit.com
- sys.com
- xcopy.exe
- xcopy32.exe
- himem.sys
- scandisk.exe
- CD-ROM driver and MSCDEX.EXE
- Anything else you fancy and that will fit.
- Configure the config.sys and autoexec.bat on the floppy so that it
will enable the CD-ROM on bootup; plus himem.sys and any country
specific drivers. Set MSCDEX to use D: drive for the CD-ROM. (We will
be formatting the DOS partition of the hard-disk as C: drive.)
In the case of this Toshiba Laptop:
- Note: Having a loaded CD-ROM pointing to C: drive can possibly
stuff up the partitioning process later on; though Ranish Partition
Manager will probably warn you that something is going wrong.
If in doubt, remove the CD-ROM booting from the config.sys and autoexec.bat.
Creating the LINUX Boot Images on Floppy Disk
If only installating Linux on a Laptop, all you require is the
pcmcia.img based floppy install disk
If you burn up a Redhat 6.2 ISO image from a web or ftp site, this CD is
bootable. However, depending on BIOS and Laptop nuances, the CD may not
boot on the Laptop. Thus this will use a floppy to boot up the Laptop
as this is more reproducable and reliable. Also, if you boot up using the
CD-ROM, you will probably go into a GUI mode. The text based install can
be more reliable, especially as some custom mods are required such as
installing the Fortran compilers.
Using the files located on the Redhat Linux CD-ROM or a mirror,
create the three Image disks depending on how you are installing (local or
network) and hardware type; boot, netboot and pcmcia. You can try
installing direct from the Redhat 6.2 CD-ROM if your system supports
booting from the CD-ROM. In theory, you only have to create the pcmcia.img
disk to install Redhat Linux 6.2 on a Laptop.
These are generally in the images directory of the media you intend
to install from.
(choose closest Redhat Linux mirrors via:
http://www.redhat.com/mirrors.html or
ftp://ftp.redhat.com/pub/MIRRORS.html)
For example, via FTP, mirror.ac.uk:
Use rawrite or rawrite2 for DOS from the dosutils directory to write/burn the images
onto the CD. Standard "copy" command will not work. Just type rawrite and answer the questions.
Also refer:
- RawWrite 0.3 for windows (NT & 95)
- "rawwrite (or rawrite) is the essential utility for creating boot and root disks for installing Linux.
Unfortunately, it required DOS to operate, so here is the long awaited WIN32 version. It works
under NT and 95."
- http://uranus.it.swin.edu.au/~jn/linux/rawwrite.htm
Alternatively, if you are already on a LINUX PC, you can use the command:
- dd if=filename.img of=/dev/fd0 bs=1440k
- dd if=bootnet.img of=/dev/fd0 bs=1440k
- dd if=pcmcia.img of=/dev/fd0 bs=1440k
- dd if=rescue.img of=/dev/fd0 bs=1440k
Determine the Install Process/Method you are going to Use
You have a variety of options to install the Redhat 6.2 Linux
distribution. In this case, we are using a CD-ROM. Though a page on
FTP/HTTP based network installation is also available.
Booting from Your DOS/Windows Floppy Boot Disk, Deleting Existing Partitions and Editing Master Boot Manager (MBR) Options
Boot from your DOS/Windows Floppy Boot Disk and run the menu driven Ranish Partition Manager.
- Delete the existing partitions.
- Highlight the MBR (Master Boot Record) and:
- Set the MBR Executable to "Boot Manager"
- Boot Interface type to "Compact"
- Check for Viruses "No" (otherwise you may not be allowed to save to the MBR)
- Boot prompt timeout = "6" is nice?
- Default Boot Choice of "Prompt User"
- Save (F2), then out of habit from using DOS, reboot to the floppy again. This may or
may not be optional.
Booting from Your DOS/Windows Floppy Boot Disk and Creating Partitions
Note: There are many possible permutations and combinations but the following
seems to work for me. Despite the literature, setting active partitions and
boot managers can be quite quirky due to limitations/nuances in PC hardware and the
various pieces of software.
Boot from your DOS/Windows Floppy Boot Disk and run the menu driven Ranish Partition Manager.
- (If you want a nice graphical boot manager, select Text 25x80
under the MBR config, then add a "small" "Boot Manager" Partition (4 Meg) as the first Primary partition
using the INS key (which gives a menu list of the possible file systems that can be added)) and
set this as the Bootable Partition . Then, taking into account the above, continue on with the following.
- In the first "Primary" Partition, create a 950 Meg Windows FAT-32 Partition (when promped, save
but DO NOT format as results may not be predictable. We use the Windows format.com program later.)
Set this as your default Boot area using the B key. (Don't be too worried at this point if Ranish is
unhappy about not letting it format the partition and says the DOS/Windows Boot Sector does not have valid information.
Once it is formatted using the format.com program, it should have valid information).
- In the second "Primary" Partition, create a 130 Meg Linux SWAP area
Partition (when promped, save)
- In the third "Primary" Partition, leave the rest as a Linux Partition (this will be "/") (when promped, save)
Formatting the C: Drive - Windows FAT-32
Boot from your DOS/Windows Floppy Boot Disk and run the menu driven Ranish Partition Manager.
- From the floppy disk, type format c: /s and when prompted:
Y - you want to proceed. (/s puts the boot files on the hard-disk)
- Give it a volume name of DOS
- If you want to, you can now install Win95; but I would wait until after getting Linux
happily installed in case some partition nuances (didn't allocate enough space to an
important partition) come to haunt you.
- Take the floppy disk out of the disk drive (to check the boot manager is happy).
- Reboot the PC and you should be given a prompt of HD/1. If you have a Compact boot manager
menu, entering 1 should take you into a command line based Win95/DOS prompt. You
can install more elaborate boot manager menus described in this text (Text
25x80 menu system on startup) if you want to but I was in a "minimalist" mood on this particular occassion.
But now the Text 25x80 menu system is my favourite.
Also Refer:
- reading linux ext2fs partitions with DOS/Windows
Redhat Linux Install
(Note: This assumes the floppy disk will be boot before the CD-ROM. Also,
remember to use the pcmcia.img, not the "desktop" boot.img floppy disk.)
- Making sure the network is connected and you have all the relevant information
specified above,
- Insert PCMCIA boot disk for Redhat 6.2 pcmcia.img floppy disk;
- insert the Redhat 6.2 CD-ROM
- reboot/startup laptop.
- Redhat Linux will then give you a Welcome to Red Hat Linux screen. Important:
type "text" then press [ENTER] to do this via the text based
non-GUI install which gives access to some extra important install options.
In this case, REDHAT detects the hard-disk and CD-ROM, as well as other peripherals
(which is a good sign).
(if you do not get above, but instead get a kernel panic and can't read file system message;
check that you have not accidentally inserted the "Linux Boot (recovery) Disk" you made during
the last attempt to install Redhat Linux before you wiped it)
- When prompted, choose the language you would prefer to use during
the installation (English seems best for me) Note: Tab toggles between menu
options.
- When prompted, select your keyboard type (in my case, UK)
- When prompted for Installation Type,
I tend to go for Install Custom System to get flexibility in
what I want (such as being prompted to install the Fortran compilers, and
especially when working on a laptop with limited space, but may want
to use as a server later on). Thus selectInstall Custom System.
- When prompted for Disk Setup, go to Disk Druid
- Now you should be in Disk Druid (assuming you correctly followed the instructions
under "Booting from Your DOS/Windows Floppy Boot Disk and Creating Partitions":
- Edit the DOS partition and give it the name of /dos
- Edit/Add an ~120 Meg Linux Swap file/partition
- Edit/Add the Linux partition as / (root partition - everything goes under here)
- (There are probably other better ways of doing the above but I found it
this is the most flexible for relatively small amounts of disk space)
- After Editing Disk Druid, select OK to continue.
- If you get prompted about not having much memory, just press YES to continue. (32 Meg is considered
a low amount of memory)
- When prompted about formatting, press OK to format. If unsure about the quality
of you hard-disk, also check for bad blocks
- IMPORTANT BIT: Here we come to the whole point of mucking around
with Ranish Partition Manager for DOS. When prompted about the "LILO configuration", put
the bootloader in the First sector of the boot partition (not the Master boot record).
This way, things actually have a good change of "dual"-booting up as desired on a restart. When
asked about "special options"; unless you know of some that you have to use, just select OK
which should work.
- When prompted for LILO configuration, as we are using the Ranish partition manager, have
Redhat install the bootloader into the First sector of boot partition
- When prompted about Bootable partitions; Linux at this point does not know that
we have "spat upon" its LILO loader for "dual booting", and that we are using Ranish Partition Manager's
MBR based program for dual booting. So just keep Linux happily deluded and select OK to
continue. Go with defaults (If you get the "Edit Boot Label" option, you pressed ENTER instead
of TAB, then ENTER to the OK button) and things should be happy.
- When prompted for your hostname configuration, insert the name of your computer.
- When prompted for Mouse Selection, select you type of mouse (MS 3 button Intellimouse -PS/2), then press OK to continue.
(if you are swapping between the internal laptop mouse and an external mouse, you may have to setup for this
change in Linux using the setup program as root). Also, as mentioned above, if using an external mouse, it would
be safest to configure your Laptop BIOS to not use both internal and external mice simultaneious as erratic things
can occur.
- Under "Configure Timezone", select it. (Europe, London for me)
- When prompted for the Root Password, enter a good, secure password. No dictionary words
and should have some numbers in it.
- When prompted with "Add User", add a user (yourself would be good). Then continue on.
- Under Authentication Configuration, just go with the default (Shadow, MD5 Passwords but not NIS)
- When prompted for packages to Install, in the list of options I tend to go for the KDE desktop but
it is up to you to choose the desktop of your liking (Gnome or KDE). KDE presently seems slicker
and more oriented towards users.
- When prompted for packages to Install, I tend to go for the defaults except:
- Deselect Gnome and go for KDE
- DOS/Windows Connectivity
- Graphics Manipulation
- Games
- Disable Dialup Workstation
- Development (need this for compilers(?))
- Extra Documentation
- Utilities
- I normally do not load Emacs (I am a "vi" type of person)
- I normally do not load Emacs with X windows (nuff said though
this can be quite user friendly if you don't like the UNIX "vi" editor)
- Important: At the end, go into Select Individual Packages and
select OK, using the space bar, expand Development/Languages
and manually select the compat-egcs options and egcs-g77; otherwise you will
not have a Fortran 77 compiler for compiling up crystallographic programs.
- Then select DONE to continue.
- If you are prompted about Dependencies, go with "Install packages to satisfy dependencies" and
continue.
- The install then does a "PCI Probe" and says it detects the video card, (in this case a
PCI Entry: 655555, X Server: SVGA)
A happy event indeed given getting X-windows to actually work can be a major pain and this is
encouraging. Thus select OK to continue; after which the relevant XFree-86 program will
be downloaded for installation.
- Redhat Install might(?) tell you it will be keeping a log of everything in /tmp/install.log With this
reassurance, continue by selecting OK
- Redhat Install will then create the partitions/filesystems then download the packages.
- Redhat will then say it is preparing to install, then will start downloading the packages off
the internet. Don't be too concerned if some things seem to stall for a while or you get a long
download time. This can change over time once it starts getting into the install.
In this example, it first stated that
package installation would take 3 hours, but this then too a bumpy ride down to
20 to 30 minutes after the first half dozen or so packages came across the CD.
- After downloading, Redhat will then do some post install configuration before prompting
whether you wish to create a boot disk.
- When prompted whether you wish to create a Boot Disk, you would normally say yes, but
I tend not to due to installing and reinstalling operating systems all the time.
- You will now be prompted for the Monitor Setup.
Be wary that giving the wrong monitor setup can damage the video monitor so check this
out with the hardware manual.
- (in this case), Custom Monitor setup
- Extended Super VGA, 800x600 @ 60 Hz, 640 x 480 @ 72Hz; then 50-70 for vertical
Sync Range)
Also, if some of the following does go pear shaped, continue on
and after installation, you can run Setup, then call Xconfigurator to try
another Xwindows setup. This information is given below.
- Input the monitor details. If on probing, Redhat has a problem, just ignore it for now
and this can be fixed up later. Redhat 6.1 and 6.2 seems to have a problem getting the
X setup correct during install - but is fine if re-done after the install.
- Redhat will then run Xwindows. Click OK if you get the screen. Do not be worried
if the screen is a bit strange, we will fix this in the post install fixup. When prompted if you
want to start X on booting, I tend to respond No. I like to boot up in the command line, then
type "startx" to start Xwindows.
- At this point, the Installer should be saying something like Congratulations. (If not,
such is life and it implies things are not happy - most likely in the file partitions)
Before selecting OK to continue, take out the
Boot Floopy you created. (Redhat will automatically eject the CD-ROM on shutdown)
If you don't do this, on reboot, Redhat will try to re-install the operating system. If you do end
up booting from the Boot Floppy or CD-ROM. into the installer, exit at first available
opportunity. (or press [CNTRL] [ALT] [DELETE] to restart)
- When the PC restarts, you should now be prompted with HD/1 Press 2 (the second
primary partition) to boot up linux. (A minimalist boot manager I have already admitted but
it should get the job done in a reproduceable manner - But installing a more visually
exiting menu implementation of the boot manager is described above)
If Kudzu runs and says some of the hardware does not exist anymore (most likely the
modem portion of the network card), do what makes you happy here, I tend to remove
the configuration for the card. (make your own decision depending on how important
the modem part of the network card is)
- (If instead, after a LILO boot prompt, the Laptop reboots, something must have gone
strange during the reboot. There may be smarter ways, but I would suggest going through
the install again. Most likely problem is that Linux go a bit mixed up where to put (or point to)
the kernel?)
- It is probable that a few things did not actually get implemented as advertised. Thus reboot redhat and log
in as root and we will get into the fixing up and securing the installation.
- X setup: Redhat 6.2 probably did not probe the hardware correctly during bootup; thus this
will have to be fixed.
- Log in as root.
- Run /usr/sbin/setup
- Select X configuration
- It should find the hardware during a PCI Probe
- Select Custom monitor (or if a known monitor type - select this)
- Select (in this case) Extended Super VGA, 800x600 @ 60Hz, 640x480 @ 72 Hz
- 50-70 Hz range for the vertical sync rate
- Now Probe the system
- One "probing" has finished, select Let Me Choose
- In select video mode, select 16 bit "800x600" (you can select more
than one graphics mode and then use [cntrl] [alt] + to cycle through the available
graphics modes.
- Confirm if you can see the "can you see this screen message"
- And I recommend not starting up X at boot time (thus select no)
(when you boot up Linux and get the command line, just type startx)
- And select OK after reading the information.
- Once back in Text Mode Setup program, you can quit.
- To not advertise port 6000 while running Xwindows, edit the "/usr/X11R6/bin/startx" file
and under "clientargs" and "serverargs" add -nolisten tcp within the quotes.
- Getting the Internet Working:
- To check that the network is working,
try and ping a local or foreign computer, e.g., "ping www.apple.com. If you get a
response that the network is unreachlable, the network card has not been set up.
- I am not sure of a rational way of fixing this up; However, the following trial and error
found solution seems to work. The trick is to find out the device name of the network card.
In this case, the network device name is eth0
- As root, run linuxconf from the command line.
- Browse into Networking, Client Tasks, Basic Host Information.
- The easiest solution is to enable DHCP on Adapter 1, and give the Net Device as eth0.
Exit from linuxconf (accepting the changes), the reboot. The laptop should then be happily connected
to the internet via a DHCP setup.
- As this laptop has a "Static IP Address", for Adapter 1 enter:
- Select Enabled
- Under Config mode select Manual
- Enter the full computer name (e.g., linux-laptop.department.university.ac.uk)
- Enter the IP Address
- Enter the netmask. On a class C network, this is usually, 255.255.255.0. On
a Class B network, this is usually 255.255.0.0
- Under Net Device enter eth0 (this might vary depending on the network card(?))
- Accept this configuration
- Under Name Server Specification (DNS), enter the default domain and the IP
address of the DNS Domain Name Server.
- Under Routing and Gateways, Set Defaults, insert the default gateway/router IP address.
- Now select Act/Changes (linuxconf might tell you there are some date problems but just
ignore them for now). You might get caught in a loop. Continue around the loop for a while then Quit
- Now reboot the laptop to get the network to start working. On booting up, "ping" a machine
and see if you get a response (i.e., poing www.apple.com)
- Securing the System Against Hackers:
- Redhat Linux 6.2 is quite woeful in letting lots of un-necessary services run that could be
a hacker's dream so we will be turning these off.
- As root, run /usr/sbin/setup and enter System Services. From the menu, disable:
- indentd
- linuxconf (deamon)
- lpd
- nfslock
- portmap
- sendmail
- The above changes in services will be enabled on reboot.
- Now might be a good time to reboot to enable all the above changes to the network services .
- Warning: Doing the following - and even just downloading nmap - may be a sackable offense
in many organisations. Check with your network support group first before downloading nmap and any other related
tools.
Providing this is consistent with your network usage policies (check with your network support people),
you can now try running a "scanner/probe" on the new Linux machine once it is connected to
the network. A very good scanner program is nmap (http://www.insecure.org/nmap/).
Nmap (using "nmap -sS -O -vv 127.0.0.1") should say there are no open ports.
Then run Xwindows (using the startx command), nmap should still state that there are no open ports. If
there are open ports, you may have forgot to turn a System Service off when using /usr/sbin/setup.
NMAP gives the following result on the above setup Linux computer:
nmap -sS computername
Starting nmap V. 2.30BETA20 by [email protected] ( www.insecure.org/nmap/ )
All 1518 scanned ports on computername (ip_address) are: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
Or trying to detect the operating system.
nmap -sS -O computername
Starting nmap V. 2.30BETA20 by [email protected] ( www.insecure.org/nmap/ )
All 1518 scanned ports on computername (ip_address) are: closed
Remote OS guesses: Linux 2.0.27 - 2.0.30, Linux 2.0.32-34, Linux 2.0.35-38, Linu
x 2.1.24 PowerPC, Linux 2.1.76, Linux Kernel 2.1.88, Linux 2.1.91 - 2.1.103, Lin
ux 2.1.122 - 2.2.14, Linux 2.2.12, Linux 2.3.12, NetBSD 1.4 / Generic mac68k (Qu
adra 610)
Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
- When running KDE desktop, you can change that the active Window is the one the Mouse is over by
going into Settings, Window Behavoir, Properties
and set "Focus Policy" to Focus Follows Mouse.
- A KDE FAQ on the Window manager is at:
http://www.kde.org/documentation/faq/kdefaq-7.html
- For getting back to programs you have minimised or switched from:
- While the mouse is on the desktop, click the middle mouse button will bring up a list of running applications
that you can select from.
Some other things
- As root, you may like to edit /etc/passwd and make the default shell for users, csh. Bash can
crash System S/Platon but runs fine with csh
- As root, edit /etc/aliases and set the the alias for root to your E-mail so you receive system
messages from root.
Things to do Now that Basic Linux has been Installed
- For some strange reason, Redhat put updates in a separate area and has no transparent way to
check for updates during and after installation. So when installing a version of Redhat fresh
off the internet, you may still be getting the old, buggy programs that may have security flaws. Thus
go to the Redhat website and find out what updates are available and relevant for your installation.
To to the updates directory at the FTP site you are downloading from; grab and install any updates
for programs you are using. These are in the form of RPMs. Thus install via rpm -Uvh filename.rpm.
An automatic/pseudo-transparent way of doing automatic updates or packages and RPMs with Redhat Linux
(and other versions of Linux) is to use autorpm that will do all of this for you once it
has been installed.
Debian Linux does a much better job of this having an automated update system warning that newer programs
are available. (http://www.debian.org using the apt program
- refer: http://www.debian.org/security/).
- The updates may have installed some "open" services you do not know about.
Thus you can now again try running a "scanner/probe" on the new Linux machine once it is connected to
the network such as nmap (http://www.insecure.org/nmap/).
Nmap should say there are no open ports. Then run Xwindows (using the startx command), nmap should
still state that there are no open ports.
- Get and compile the excellent snarf program for being able to quickly get programs via FTP and HTTP via a command line -
http://www.xach.com/snarf/
ftp://ftp.mint.net/pub/snarf/snarf-latest.tar.gz
One of the advantages for UNIX is that it can work on a command line. Useful when you have limited memory or are
remotely logging in. Snarf can be a lifesaver to quickly pull over install files off the internet,
saving you loading up a GUI netscape or bothering with Lynx which can occassionaly be quite finicky for downloading.
- Compile/Install Secure Shell (SSH) for Linux
and disable superfluous inetd.conf based deamons - telnetd, logind, rshd - which should not be running
as inetd was disabled in the installation.
- The above install makes this superfluous but just in case you did not go this way:
Disable unnecessary deamons in the portmapper, inetd.conf
(pretty much everything you don't need; ftpd, telnetd, fingerd, etc)
This means edit the /etc/inetd.conf file and remove everything you don't like the
look of. If you have installed SecureShell, you can pretty much REM out everything.
Then type killall -HUP inetd to restart inetd deamon.
- Refer to the TinityOS documentation which is quite excellent on how to
secure up and administer Linux - http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
- For limiting hacking on your system, by default, Redhat Linux comes with TCPWrappers enabled (tcpd) - which
can protect defined services or a global ALL for programs run from within inetd.
Again, superfluous if you followed the above in disabling inetd but you may have ignored this advice.
Do a man tpcd which sort of describes what this is about and gives some examples.
If you only want people from your domain to be able to access services, following are examples of
/etc/hosts.allow and /etc/hosts.deny that you can modify. You can create a banner depending on whether
the user is authorized or not to use this service from the particular domain they are logging in from.
- /etc/hosts.deny
ALL: ALL : banners /usr/etc/tcpwrap/banner1
- /etc/hosts.deny
ALL: LOCAL, 127.0.0.1 : banners /usr/etc/tcpwrap/banner2
ALL: .dl.ac.uk, .ccp14.ac.uk : banners /usr/etc/tcpwrap/banner2
- Where the /usr/etc/tcpwrap/banner1 directory has files depending on the service you wish to
give a message about - ftpd nul rlogind telnetd
e.g, for telnetd:
*********************************************************
* UNAUTHORIZED ACCESS TO THIS MACHINE IS PROHIBITED *
(and very naughty) *
*********************************************************
- Where the /usr/etc/tcpwrap/banner2 directory has files depending on the service you wish to
give a message about - ftpd nul rlogind telnetd
e.g., for telnetd: Hello, Hello %u@%h.
- Unlike the standard UNIX portmapper, the Redhat linux portmapper is protected by TCP Wrappers as described above.
This is important if you are running NFS and allowing some systems to nfs mount your directory areas; and
limit probes on your system.
- Check around some Securing Linux sites for extra info on keeping your system "unhacked":
- Fill up hard-disk with stuff