Fedora Server Installation Guide

After reading this article you you should able to configure Fedore server for post installation and configuration of\r\n

    \r\n

  • NTP Server
  • \r\n

  • SSH Server
  • \r\n

  • Apache Web Server
  • \r\n

  • SSL installation and Configuration
  • \r\n

  • FTP Server
  • \r\n

  • Setup Samba File Server
  • \r\n

  • MySQL Server
  • \r\n

  • PHPmyAdmin to manage mySQL database from remote locations.
  • \r\n

\r\n[1] Download Fedora and Make a DVD for installing Fedora. \r\n\r\nDownload Fedora installation DVD ISO-file from Fedora website http://fedoraproject.org/get-fedora. Burn DVD according to instructions described on Fedora website and install Fedora according to instructions. Documentation for Fedora installation is available at their web sites and links are listed as below: \r\n

\r\n[2] Install Fedora\r\n\r\nIn this article we’re focussing to setup Fedora 11 Server.\r\n\r\n[3] Configure Fedora 11\r\nInitial Configuration After Installing Fedora.\r\n\r\n[a] Add a new user. \r\n\r\nI used user name as ‘fedora’ on following examples, but set any names you like to use.\r\n\r\n[root@dlp ~]#useradd fedora\r\n[root@dlp ~]#passwd fedora\r\nChanging password for user fedora.\r\nNew UNIX password: # input password you want to set\r\nRetype new UNIX password: # verify\r\npasswd: all authentication tokens updated successfully.\r\n[root@dlp ~]#exit # logout\r\n\r\n[b] Try to switch by user that was added in section [1].\r\n\r\nns login: fedora # input user name\r\npassword: # input password\r\n[pixel@dlp ~]$su - # switch to root\r\nPassword: # input password for root\r\n[root@dlp ~]# # done to switching to root\r\n\r\n[c] Make ‘fedora’ user that was added in section [1] be only a user who can switch to root.\r\n\r\n[root@dlp ~]#vi /etc/group\r\n\r\n# line 11: add user\r\nWheel:x:10:root,fedora\r\n[root@dlp ~]#vi /etc/pam.d/su\r\n#%PAM-1.0\r\nauth sufficient pam_rootok.so\r\n# Uncomment the following line to implicitly trust users in the “wheel” group.\r\n#auth sufficient pam_wheel.so trust use_uid\r\n# Uncomment the following line to require a user to be in the “wheel” group.\r\n# remove ‘#’ that was on the head of line\r\nauth required pam_wheel.so use_uid\r\nauth include system-auth\r\naccount sufficient pam_succeed_if.so uid = 0 use_uid quiet\r\naccount include system-auth\r\npassword include system-auth\r\nsession include system-auth\r\nsession optional pam_xauth.so\r\n\r\n[root@dlp ~]#vi /etc/login.defs\r\n\r\n# add this line at the bottom\r\nSU_WHEEL_ONLY yes\r\n\r\n[d] Set config to forward mails for root to a user who is a system administrator you set as.\r\n\r\n[root@dlp ~]#vi /etc/aliases\r\n\r\n# Person who should get root’s mail\r\n# bottom: remove ‘#’ and add user name\r\nroot:fedora\r\n\r\n[root@dlp ~]#newaliases # set new aliases\r\n/etc/aliases: 77 aliases, longest 10 bytes, 776 bytes total\r\n\r\nFw & SELinux :\r\n\r\n[1] It’s unnecessarry to enable FireWall because it’s enable on the Routers, so Change it to disabled.\r\n\r\n[root@dlp ~]#/etc/rc.d/init.d/iptables stop\r\niptables: Flushing firewall rules: [OK]\r\niptables: Setting chains to policy ACCEPT: filter [OK]\r\niptables: Unloading iptables modules: [OK]\r\n\r\n[root@dlp ~]#chkconfig iptables off\r\n[root@dlp ~]#chkconfig ip6tables off\r\n\r\n[2] Change to disabled SELinux (Security-Enhanced Linux).\r\n\r\n[root@dlp ~]#vi /etc/sysconfig/selinux\r\n# This file controls the state of SELinux on the system.\r\n# SELINUX= can take one of these three values:\r\n# enforcing – SELinux security policy is enforced.\r\n# permissive – SELinux prints warnings instead of enforcing.\r\n# disabled – SELinux is fully disabled.\r\nSELINUX=disabled # change\r\n# SELINUXTYPE= type of policy in use. Possible values are:\r\n# targeted – Only targeted network daemons are protected.\r\n# strict – Full SELinux protection.\r\nSELINUXTYPE=targeted\r\n\r\n[4] Installing NTP Server :\r\n

It’s an example to install and Configure NTP server for system clock.

\r\n[root@dlp ~]#yum -y install ntp\r\nIt will install NTP packages\r\n\r\n[root@dlp ~]#mv /etc/ntp.conf /etc/ntp.conf.bk\r\n[root@dlp ~]#vi /etc/ntp.conf\r\n

# Set servers for synchronizing

\r\n

server ntp1.ssysadmin.com

\r\n

server ntp2.ssysadmin.com

\r\n[root@dlp ~]#/etc/rc.d/init.d/ntpd start\r\nStarting ntpd: [ OK ]\r\n\r\n[root@dlp ~]#chkconfig ntpd on\r\n[root@dlp ~]#ntpq -p\r\n\r\n[5] Installing SSH Server\r\n\r\n[1] Configure SSH server for Windows clietnts computer to be able to login from them. This is the way with Password Authentication.\r\n\r\n[root@dlp ~]#vi /etc/ssh/sshd_config\r\n

\r\n

# line 42: make valid and change ‘no’

\r\nPermitRootLogin no\r\n

# line 63: make valid

\r\nPermitEmptyPasswords no\r\nPasswordAuthentication yes\r\n[root@dlp ~]#/etc/rc.d/init.d/sshd restart\r\n\r\n[2] Get an appreciation which you can login from Windows clients by using PUTTY.\r\n\r\n

\r\n[6] Installing Apache Web Server\r\n\r\nThis is an example to build Web Server. Install Apache for it. In addition to do it, Install PHP and SSL because there are often used with Web Server. And it’s also neccessary to configure router so that TCP and UDP packets to 80 and 443 can pass through.\r\n\r\n[root@www ~]#yum -y install httpd php php-mbstring php-pear mod_ssl\r\n\r\n[root@www ~]#rm -f /etc/httpd/conf.d/welcome.conf\r\n\r\n[root@www ~]#rm -f /var/www/error/noindex.html\r\n[root@www ~]#ln -s /usr/bin/perl /usr/local/bin/perl\r\n\r\nHere is an example to configure Apache. I set it that users can open to the public their Web site and can execute CGI in any directories. ( SSI is disabled because it’s not used so often )\r\n\r\n[root@www ~]#vi /etc/httpd/conf/httpd.conf\r\n\r\nServerTokens Prod // line 44: change\r\nKeepAlive On // line 74: change to ON\r\nServerAdmin root@server-linux.info // line 250: Admin’s address\r\nServerName www.server-linux.info:80 // line 264: server’s name\r\nOptions FollowSymLinks ExecCGI // line 319: change (disable Indexes)\r\nAllowOverride All // line 326: change\r\n

#UserDir disable // line 354: make it comment

\r\nUserDir public_html // line 361: make valid\r\n

// line 369 – 380 : remove # and make valid

\r\nAllowOverride All // change\r\nOptions ExecCGI // CGI enabled\r\nOrder allow,deny\r\nAllow from all\r\nOrder deny,allow\r\nDeny from all\r\n

// line 390: add file name that it can access only with directory’s name

\r\nDirectoryIndex index.html index.cgi index.php\r\nServerSignature Off // line 523: change\r\n

#AddDefaultCharset UTF-8 // line 746: make it comment

\r\n

// line 777: make valid and add file-type that apache looks them CGI

\r\nAddHandler cgi-script .cgi.pl\r\n\r\n[root@www ~]#/etc/rc.d/init.d/httpd start\r\nStarting httpd:[ OK ]\r\n[root@www ~]#chkconfig httpd on\r\n\r\n[2] Create HTML test page to make sure Apache is working.\r\n\r\n[7] Config SSL\r\n\r\nConfigure for SSL that is installed in above section. We made a Certification File for SSL in this example, but if you use server for business, It’s better to buy and use a Certification File from CA like verisign.com, thawte.com, etc…\r\n\r\n[root@www ~]#cd /etc/pki/tls/certs\r\n[root@www certs]#make server.key\r\numask 77 ; \\r\n

/usr/bin/openssl genrsa -des3 1024 > server.key

\r\nGenerating RSA private key, 1024 bit long modulus\r\n………………………………………………++++++\r\n………….++++++\r\ne is 61251 (0x10001)\r\nEnter pass phrase: // input pass phrase\r\nVerifying – Enter pass phrase: // verify\r\n

// it’s troublesome to input pass phrase always, so remove it from private key

\r\n[root@www certs]#openssl rsa -in server.key -out server.key\r\nEnter pass phrase for server.key: // input pass phrase\r\nwriting RSA key\r\n[root@www certs]#make server.csr\r\numask 77 ; \\r\n

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter ‘.’, the field will be left blank.\r\n—–\r\nCountry Name (2 letter code) [GB]: US\r\nState or Province Name (full name) [Berkshire]:CO\r\nLocality Name (eg, city) [Newbury]:Denver\r\nOrganization Name (eg, company) [My Company Ltd]:sSysAdmin\r\nOrganizational Unit Name (eg, section) []:Security\r\nCommon Name (eg, your server’s hostname) []:www.ssysadmin.com\r\nEmail Address []:root@ssysadmin.com\r\nPlease enter the following ‘extra’ attributes\r\nto be sent with your certificate request\r\nA challenge password []: // Enter with empty\r\nAn optional company name []:// Enter with empty\r\n\r\n[root@www certs]#openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 // make CertificateFile\r\nSignature ok\r\nsubject=/C=US/ST=CO/L=Denver/O=sSysAdmin/OU=Security/CN=www.ssysadmin.com/\r\nemailAddress=root@ssysadmin.com Getting Private key\r\n[root@www certs]#chmod 400 server.*\r\n[root@www certs]#vi /etc/httpd/conf.d/ssl.conf\r\n\r\nDocumentRoot “/var/www/html” // line 84: make valid\r\nServerName www.ssysadmin.com:443 // line 85: make valid and change\r\nSSLCertificateFile /etc/pki/tls/certs/server.crt // line 112: change\r\nSSLCertificateKeyFile /etc/pki/tls/certs/server.key // line 119: change\r\n

[root@www certs]#/etc/rc.d/init.d/httpd restart\r\nStopping httpd: [ OK ]\r\nStarting httpd: [ OK ]

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

\r\n

  Access to the page that is made in section (2) with https. Following window is shown because Certification File is not by CA. Click Ok to proceed.

\r\n[8] Installing FTP Server\r\n[1] Build FTP server to transfer files. Install and configure vsftpd for it.\r\n\r\n[root@www ~]#yum -y install vsftpd\r\n\r\n[root@www ~]#vi /etc/vsftpd/vsftpd.conf\r\n\r\nanonymous_enable= NO // line 12: no anonymous\r\nascii_upload_enable=YES // line 79: make valid\r\nascii_download_enable=YES (permit ascii mode transfer)\r\nchroot_list_enable=YES // line 94: make valid\r\n

\r\n

(enable chroot list)

\r\n

\r\nchroot_list_file=/etc/vsftpd/chroot_list // line 96: make valid\r\nls_recurse_enable=YES // line 102: make valid\r\nchroot_local_user=YES // bottom: enable chroot\r\n

local_root=public_html // root directory

\r\n

use_localtime=YES // use local time

\r\n[root@www ~]#vi /etc/vsftpd/chroot_list\r\n

fedora // write users you permit

\r\n[root@www ~]# /etc/rc.d/init.d/vsftpd start\r\nStarting vsftpd for vsftpd: [ OK ]\r\n[root@www ~]#chkconfig vsftpd on\r\n\r\n[9] Samba File Server\r\n\r\nBuild File server to share files between Windows computer and Linux Server computer. Install Samba for it. I created this File server in a GuestOS named ‘lan’ in this example.\r\n\r\n[root@lan ~]#yum -y install samba\r\nCreate a shared directory that anybody can read and write, and authentication is not needed.\r\n\r\n[1] Configure Samba\r\n[root@lan ~]#mkdir /home/share\r\n[root@lan ~]#chmod 777 /home/share\r\n[root@lan ~]#vi /etc/samba/smb.conf\r\n\r\nunix charset = UTF-8 // line 24: add the line\r\nworkgroup =WORKGROUP // line 27: change (Windows’ default)\r\nsecurity =share// line 35: change\r\nhosts allow =192.168.0. 127. // line 41: change IP address you permit\r\n

// add these lines at the bottom

\r\n

[Share] // any name you like\r\npath = /home/share // shared directory\r\nwritable = yes // OK to write\r\nguest ok = yes // guest OK\r\nguest only = yes // guest only\r\ncreate mode = 0777 // fully accessed\r\ndirectory mode = 0777 // fully accessed\r\nshare modes = yes

\r\n[root@lan ~]#/etc/rc.d/init.d/smb start\r\nStarting SMB services:[ OK ]\r\nStarting NMB services:[ OK ]\r\n[root@lan ~]#chkconfig smb on\r\n\r\n[10] Mysql\r\n\r\nInstall MySQL for database server.\r\n\r\n[root@www1 ~]# yum -y install mysql-server\r\n[root@www1 ~]# /etc/rc.d/init.d/mysqld start\r\n\r\n[root@www1 ~]#mysql -u root # login to MySQL\r\nWelcome to the MySQL monitor. Commands end with ; or \g.\r\nYour MySQL connection id is 2 to server version: 5.0.22\r\n\r\nType ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.\r\n

# show user info

\r\nmysql>select user, host, password from mysql.user;\r\n

# delete user that has no password

\r\nmysql>delete from mysql.user where user=”;\r\nQuery OK, 2 rows affected (0.00 sec)\r\n

# set root password

\r\nmysql>set password for root@localhost=password(‘password’);\r\nQuery OK, 0 rows affected (0.00 sec)\r\n

# set root password

\r\nmysql>set password for root@’www1.server-linux.info’=password(‘password’);\r\nQuery OK, 0 rows affected (0.00 sec)\r\n

# set root password

\r\nmysql>set password for root@127.0.0.1=password(‘password’);\r\nQuery OK, 0 rows affected (0.00 sec)\r\n

# show user info

\r\nmysql>select user,host,password from mysql.user;\r\n\r\nmysql>exit # logout\r\nBye\r\n[root@www1 ~]#mysql -u root -p # login with root\r\nEnter password: # password\r\nWelcome to the MySQL monitor. Commands end with ; or \g.\r\nYour MySQL connection id is 4 to server version: 5.0.22\r\n\r\nType ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.\r\n\r\nmysql>exit\r\nBye\r\n\r\nInstall phpmyadmin to operate MySQL from Web browser. Webserver is also needed.\r\n\r\n[1] Install and configure phpmyadmin\r\n\r\n[root@www1 ~]#yum -y install phpMyAdmin php-mysql php-mcrypt\r\n[root@www1 ~]#vi /etc/phpMyAdmin/config.inc.php\r\n

# add this line around line 13

\r\n

# set password

\r\n

$cfg[‘blowfish_secret’] = ‘password’;

\r\n

# line 28: change

\r\n$cfg[‘Servers’][$i][‘auth_type’] = ‘cookie’;\r\n\r\n[root@www1 ~]#vi /etc/httpd/conf.d/phpMyAdmin.conf\r\n

# line 8: change

\r\nAlias /mysql /usr/share/phpMyAdmin\r\n# line 13: add IPs you permit\r\nAllow from 127.0.0.1 192.168.0.0/24\r\n\r\n[root@www1 ~]#/etc/rc.d/init.d/httpd reload\r\nReloading httpd: [ OK ]\r\n\r\n[2] Access to ‘http://(your hostname)/(alias name you set)/’  i.e. http://localhost/phpMyAdmin through  web browser.\r\n\r\nCredits: yuvalinux @ bs