Difference between revisions of "Fedora install for my own purposes"

Latest revision as of 08:03, 23 May 2018

At time of writing, Fedora 28 is current stable version

Download and install Fedora[edit]

• Download Fedora Image Writer and burn a live image to a USB drive and install to the actual drive

Configure Fedora[edit]

Enable SSH[edit]

To allow remote access

sudo systemctl enable sshd
sudo systemctl start sshd

Disable SELinux[edit]

Use the /usr/sbin/getenforce or /usr/sbin/sestatus commands to check the status of SELinux

$ /usr/sbin/getenforce
Enforcing

or

$ /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 23
Policy from config file:        targeted

Change SELINUX from enforcing to disabled in /etc/selinux/config

sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

sudo reboot

Assign hostname[edit]

hostnamectl set-hostname fedora
hostnamectl

Assign static IP address[edit]

Choose the network link to change

ifconfig -a

enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.206  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2a02:a03f:4ed2:5900:6096:f8fa:91b5:ce6e  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1704:4ccd:cf19:ac90  prefixlen 64  scopeid 0x20<link>
        ether 00:21:cc:65:a3:65  txqueuelen 1000  (Ethernet)
        RX packets 65231  bytes 96666417 (92.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27570  bytes 2020047 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf2500000-f2520000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 315 (315.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 315 (315.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 92:f0:49:fc:4b:10  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Easiest method is to use the command line!

sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s25

Before...

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=9097eb96-1ce2-38a2-8dd8-29a8bf56aba4
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25

After...

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=none
IPADDR=192.168.1.15
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.13
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=a8a3bec5-64b0-34de-9e27-9c732082c94b
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25
ZONE=FedoraWorkstation

Install Applications[edit]

sudo dnf install -y ksh terminator thunderbird ddclient lighttpd rrdtool

Configure directory permissions[edit]

sudo su -
cd /var/www
mkdir html cgi-bin
cd cgi-bin
git clone https://[email protected]/rockingh0rse/dbahawk_server.git
chmod 770 *
cd /var/www
chown -R lighttpd:dbahawk *
cd /home/dbahawk
chmod 770 spoolfiles
chgrp lighttpd spoolfiles

Configure Lighttpd[edit]

• Modify document_root

vi /etc/lighttpd/modules.conf

server.document-root = server_root + "/html"

• Enable mod_cgi: uncomment the mod_cgi include

##
## plain old CGI (mod_cgi)
##
include "conf.d/cgi.conf"

• Setup Basic Authentication to restrict web server access
• Enable server to serve perl files from cgi-bin directory

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"

$HTTP["url"] =~ "/cgi-bin/" {
    auth.require = (
        "" => (
        "method"  => "basic",
        "realm"   => "DbaHawk access",
        "require" => "valid-user"
        )
    )
    cgi.assign = (
        ".sh"  => "/bin/sh",
        ".cgi" => "/usr/bin/perl",
        ".pl"  => "/usr/bin/perl"
    )
}

alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )

• Bind the local address to port 80
• Disable IPV6

server.bind = "0.0.0.0"
server.use-ipv6 = "disable"

Configure firewall[edit]

Connection refused on port 80 from hosts on you lan? :-)
Firewalld is installed and running by default - and it blocks port 80!

firewall-cmd --permanent --add-service=http
systemctl stop firewalld
systemctl start firewalld

Install and configure add-on FiltaQuilla[edit]

*** not necessary if the whole of the .thunderbird profile is tar'd and gzipped ***
FiltaQuilla is an add-on that adds significant functionality to the filtering of emails in Thunderbird.
Setup the rule

• Where subject contains "dbahawk_forward"
• Save attachment to "Downloads/dbahawk_forward"
• Mark as read
• Delete mail

Configure Thunderbird[edit]

Copy the profile folder from the old machine if still available. While on the new machine, issue this command to copy directory structure between 2 hosts.

ssh dbahawk@fedora "cd $HOME/.thunderbird && tar -cf - . | gzip " | ( cd $HOME/.thunderbird && gunzip -c | tar -xvf - . ) | tee -a  $HOME/copy_thunderbird_profile.log 

Configure ddclient[edit]

To get the ddns for the domain name working, make sure ddclient is running in daemon mode.
Make sure use=web is uncommented in /etc/ddclient/ddclient.conf or /etc/ddclient.conf

use=web, web=checkip.dyndns.org/, web-skip='IP Address' 

and put these details in the zoneedit section

server=dynamic.zoneedit.com,  \
protocol=zoneedit1,           \
login=<username>,             \
password=<password>           \
stuartbarkley.com

Create user dbahawk[edit]

sudo su -
useradd -G wheel dbahawk
su - dbahawk
passwd
mkdir -p Downloads/dbahawk_forward spoolfiles
exit

Copy the contents of the old spoolfiles directory if possible as it contains the .rrd files.

Install CPAN[edit]

Some of the dbahawk perl scripts need modules not installed by default (eg. Switch.pm)

sudo dnf install -y perl-CPAN

or if Fedora already has it installed, try

sudo dnf install -y 'perl(Switch)'
sudo dnf install -y 'perl(DBI)'
sudo dnf install -y 'perl(CGI)'
sudo dnf install -y 'perl(DBD::SQLite)'

Add entries to crontab[edit]

crontab -e

*/5 *  * * * /var/www/cgi-bin/dbahawk_collector.ksh1            >/tmp/dbahawk_collector.log            2>&1
5   *  * * * /var/www/cgi-bin/dbahawk_archive.pl                >/tmp/dbahawk_archive.log              2>&1
35  *  * * * /var/www/cgi-bin/dbahawk_dbsize_grapher.ksh        >/tmp/dbahawk_dbsize_grapher.log       2>&1
36  *  * * * /var/www/cgi-bin/dbahawk_fssize_grapher.ksh        >/tmp/dbahawk_fssize_grapher.log       2>&1
37  *  * * * /var/www/cgi-bin/dbahawk_rmansize_grapher.ksh      >/tmp/dbahawk_rmansize_grapher.log     2>&1
38  *  * * * /var/www/cgi-bin/dbahawk_rmanduration_grapher.ksh  >/tmp/dbahawk_rmanduration_grapher.log 2>&1

Other goodies[edit]

• 22-things-to-do-after-fresh-installation-of-fedora-27 - itzgeek.com