Re: [tlug] server installation best practices/ worksheet

["Erin D. Hughes" <erin-hughes@example.com>]

Micheal Cooper wrote:
> Yes, I did  a search on Google for such keywords first thing, but I 
> did not find anything useful, since what I did find were very specific 
> to the particular platform. There are a lot of Windows checklists, 
> actually.
Ya I agree that is why I didn't include them... I was pretty surprised 
about that. I wanted to post a link to one or 2 good ones but every one 
after about line 10 said some thing like...   Active Directory 
integration... or  Windows server version. Bleh...

I also tried adding unix linux red hat etc. and I did not find anything 
useful in the first page or two. Strange.....

> I was really just thinking that there should be some kind of generic 
> Linux checklist, or at least one for Red Hat systems. I will go ahead 
> and make one up myself, but it would have been nice to find one that 
> is used by folks more experienced than I.
>
> We have so few machines that Kickstart is not an option.
I would have to disagree, if you have 2 servers and want them all to be 
the same out of the gate it would be a time investment that could be 
useful later. Like in a emergency.  In a previous company we only had a 
4 server environment, making a kickstart file that I automated setup 
with and make sure everything was the same saved my butt one time.[1] It 
only takes a couple of minutes to do. [3]

> However, I would really like to find best practices documents on 
> system and network documentation.
My personal ones are pretty short but have always gotten me through.

1 strong passwords are a must 8 letters at least 2 # 2 UPPER CASE 2 
lower case 2 special #$%&'(()~
2.Make sure ssh is only using protocol 2 [2]
3.Disallow root log ons.[2]
4.Change SSH default port to something else.[2]
5. Set up users who need it with sudo
6.Don't install anything you do not need .  I usually do a minimal install.
7.Scan it with Nessus/nmap to make sure you didn't miss anything.

Everything else depends on the server, its role and who owns it.

Anyone else got a tip that might help?

E./

[1]Funny thing about hard drive mirroring it never seems to work if you 
can't convince your boss to buy the second hard disc.

[2] vi /etc/ssh/sshd_conf
  
Change
  #Protocol 2,1
to
  Protocol 2
 
Change
  #Port 22
to
  Port 69

Add
PermitRootLogin no
save changes and restart sshd and test ...


[3] I made this one in about 5 minutes but you can get more finite if 
you need.
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth  --useshadow  --enablemd5
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --none
# Use text mode install
text
# Firewall configuration
firewall --enabled --ssh
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard jp106
# System language
lang en_US
# Installation logging level
logging info
# Use network installation
url --url=http://www.hugedesigns.net/fedora/
# Network information
network --bootproto=static --device=eth0 
--gateway=Some.IP.here.--ip=and.anouther.IP.here
--nameserver=210.157.0.1 --netmask=255.255.255.xxx --onboot=
on
network --bootproto=dhcp --device=eth1 --onboot=on
# Reboot after installation
reboot
#Root password
rootpw --iscrypted myfavorite password.

# SELinux configuration
selinux --disabled
# System timezone
timezone  America/New_York
# Install OS instead of upgrade
install
# X Window System configuration information
xconfig  --defaultdesktop=KDE --depth=32 --resolution=1280x1024 --startxon
boot

%packages
@kde-desktop
@japanese-support
@editors




--
Erin D. Hughes 
I never said I wanted to be around for a long time. I always said I wanted to be here for a good time.
KidRock