Difference between revisions of "Fedora install for my own purposes"

Revision as of 21:05, 2 May 2018 (edit) Stuart (talk | contribs) (→‎Install add-on FiltaQuilla) ← Older edit		Latest revision as of 08:03, 23 May 2018 (edit) (undo) Stuart (talk | contribs) (→‎Configure directory permissions)
(37 intermediate revisions by the same user not shown)
Line 25:		Line 25:
	Policy from config file:        targeted		Policy from config file:        targeted
	</pre>		</pre>
−	Change SELINUX to disabled in /etc/selinux/config	+	Change SELINUX from <tt>enforcing</tt> to <tt>disabled</tt> in /etc/selinux/config
	<pre>		<pre>
	sudo vi /etc/selinux/config		sudo vi /etc/selinux/config
Line 43:		Line 43:
	</pre>		</pre>
		+	====Assign hostname====
		+	<pre>
		+	hostnamectl set-hostname fedora
		+	hostnamectl
		+	</pre>
	====Assign static IP address====		====Assign static IP address====
	Choose the network link to change		Choose the network link to change
Line 126:		Line 131:
	</pre>		</pre>
−	====Create user dbav8====	+	===Install Applications===
		+	<pre>
		+	sudo dnf install -y ksh terminator thunderbird ddclient lighttpd rrdtool
		+	</pre>
		+	====Configure directory permissions====
		+	<pre>
		+	sudo su -
		+	cd /var/www
		+	mkdir html cgi-bin
		+	cd cgi-bin
		+	git clone https://[email protected]/rockingh0rse/dbahawk_server.git
		+	chmod 770 *
		+	cd /var/www
		+	chown -R lighttpd:dbahawk *
		+	cd /home/dbahawk
		+	chmod 770 spoolfiles
		+	chgrp lighttpd spoolfiles
		+	</pre>
		+
		+	====Configure Lighttpd====
		+	* Modify document_root
		+	<pre>
		+	vi /etc/lighttpd/modules.conf
		+
		+	server.document-root = server_root + "/html"
		+	</pre>
		+	* Enable mod_cgi: uncomment the mod_cgi include
		+	<pre>
		+	##
		+	## plain old CGI (mod_cgi)
		+	##
		+	include "conf.d/cgi.conf"
		+	</pre>
		+	* Setup Basic Authentication to restrict web server access
		+	* Enable server to serve perl files from cgi-bin directory
		+	<pre>
		+	auth.backend = "htpasswd"
		+	auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
		+
		+	$HTTP["url"] =~ "/cgi-bin/" {
		+	auth.require = (
		+	"" => (
		+	"method"  => "basic",
		+	"realm"  => "DbaHawk access",
		+	"require" => "valid-user"
		+	)
		+	)
		+	cgi.assign = (
		+	".sh"  => "/bin/sh",
		+	".cgi" => "/usr/bin/perl",
		+	".pl"  => "/usr/bin/perl"
		+	)
		+	}
		+
		+	alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )
		+	</pre>
		+	* Bind the local address to port 80
		+	* Disable IPV6
		+	<pre>
		+	server.bind = "0.0.0.0"
		+	server.use-ipv6 = "disable"
		+	</pre>
−	===Install Applications===	+	====Configure firewall====
		+	Connection refused on port 80 from hosts on you lan? :-)<br />
		+	Firewalld is installed and running by default - and it blocks port 80!
	<pre>		<pre>
−	sudo dnf install -y terminator thunderbird ddclient lighttpd	+	firewall-cmd --permanent --add-service=http
		+	systemctl stop firewalld
		+	systemctl start firewalld
	</pre>		</pre>
		+
		+	====Install and configure add-on FiltaQuilla====
		+	<nowiki>*** not necessary if the whole of the .thunderbird profile is tar'd and gzipped ***</nowiki><br />
		+	FiltaQuilla is an add-on that adds significant functionality to the filtering of emails in Thunderbird.<br />
		+	Setup the rule
		+	* Where subject contains "dbahawk_forward"
		+	* Save attachment to "Downloads/dbahawk_forward"
		+	* Mark as read
		+	* Delete mail
	====Configure Thunderbird====		====Configure Thunderbird====
−	===Configure ddclient===	+	Copy the profile folder from the old machine if still available. While on the new machine, issue this command to copy directory structure between 2 hosts.
−	To get the ddns for the domain name working, make sure ddclient is running in daemon mode.<br />
	<pre>		<pre>
−	sudo dnf install -y ddclient	+	ssh dbahawk@fedora "cd $HOME/.thunderbird && tar -cf - . | gzip " | ( cd $HOME/.thunderbird && gunzip -c | tar -xvf - . ) | tee -a  $HOME/copy_thunderbird_profile.log
	</pre>		</pre>
−	Make sure use=web is uncommented in /etc/ddclient/ddclient.conf	+
		+	====Configure ddclient====
		+	To get the ddns for the domain name working, make sure ddclient is running in daemon mode.<br />
		+	Make sure use=web is uncommented in <tt>/etc/ddclient/ddclient.conf</tt> or <tt>/etc/ddclient.conf</tt>
	<pre>		<pre>
	use=web, web=checkip.dyndns.org/, web-skip='IP Address'		use=web, web=checkip.dyndns.org/, web-skip='IP Address'
Line 150:		Line 231:
	password=<password>          \		password=<password>          \
	stuartbarkley.com</pre>		stuartbarkley.com</pre>
		+
		+	====Create user dbahawk====
		+	<pre>
		+	sudo su -
		+	useradd -G wheel dbahawk
		+	su - dbahawk
		+	passwd
		+	mkdir -p Downloads/dbahawk_forward spoolfiles
		+	exit
		+	</pre>
		+	Copy the contents of the old spoolfiles directory if possible as it contains the .rrd files.<br />
		+	<br />
		+
		+	====Install CPAN====
		+	Some of the dbahawk perl scripts need modules not installed by default (eg. Switch.pm)
		+	<pre>
		+	sudo dnf install -y perl-CPAN
		+	</pre>
		+	or if Fedora already has it installed, try
		+	<pre>
		+	sudo dnf install -y 'perl(Switch)'
		+	sudo dnf install -y 'perl(DBI)'
		+	sudo dnf install -y 'perl(CGI)'
		+	sudo dnf install -y 'perl(DBD::SQLite)'
		+	</pre>
		+
		+	====Add entries to crontab====
		+	<pre>
		+	crontab -e
		+	</pre>
		+	<pre>
		+	*/5 *  * * * /var/www/cgi-bin/dbahawk_collector.ksh1            >/tmp/dbahawk_collector.log            2>&1
		+	5  *  * * * /var/www/cgi-bin/dbahawk_archive.pl                >/tmp/dbahawk_archive.log              2>&1
		+	35  *  * * * /var/www/cgi-bin/dbahawk_dbsize_grapher.ksh        >/tmp/dbahawk_dbsize_grapher.log      2>&1
		+	36  *  * * * /var/www/cgi-bin/dbahawk_fssize_grapher.ksh        >/tmp/dbahawk_fssize_grapher.log      2>&1
		+	37  *  * * * /var/www/cgi-bin/dbahawk_rmansize_grapher.ksh      >/tmp/dbahawk_rmansize_grapher.log    2>&1
		+	38  *  * * * /var/www/cgi-bin/dbahawk_rmanduration_grapher.ksh  >/tmp/dbahawk_rmanduration_grapher.log 2>&1
		+	</pre>
		+
		+	===Other goodies===
		+	* [https://www.itzgeek.com/how-tos/linux/fedora-how-tos/22-things-to-do-after-fresh-installation-of-fedora-27-fedora-26.html 22-things-to-do-after-fresh-installation-of-fedora-27 - itzgeek.com]

---

Latest revision as of 08:03, 23 May 2018

At time of writing, Fedora 28 is current stable version

Download and install Fedora[edit]

• Download Fedora Image Writer and burn a live image to a USB drive and install to the actual drive

Configure Fedora[edit]

Enable SSH[edit]

To allow remote access

sudo systemctl enable sshd
sudo systemctl start sshd

Disable SELinux[edit]

Use the /usr/sbin/getenforce or /usr/sbin/sestatus commands to check the status of SELinux

$ /usr/sbin/getenforce
Enforcing

or

$ /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 23
Policy from config file:        targeted

Change SELINUX from enforcing to disabled in /etc/selinux/config

sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

sudo reboot

Assign hostname[edit]

hostnamectl set-hostname fedora
hostnamectl

Assign static IP address[edit]

Choose the network link to change

ifconfig -a

enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.206  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2a02:a03f:4ed2:5900:6096:f8fa:91b5:ce6e  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1704:4ccd:cf19:ac90  prefixlen 64  scopeid 0x20<link>
        ether 00:21:cc:65:a3:65  txqueuelen 1000  (Ethernet)
        RX packets 65231  bytes 96666417 (92.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27570  bytes 2020047 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf2500000-f2520000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 315 (315.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 315 (315.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 92:f0:49:fc:4b:10  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Easiest method is to use the command line!

sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s25

Before...

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=9097eb96-1ce2-38a2-8dd8-29a8bf56aba4
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25

After...

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=none
IPADDR=192.168.1.15
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.13
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=a8a3bec5-64b0-34de-9e27-9c732082c94b
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25
ZONE=FedoraWorkstation

Install Applications[edit]

sudo dnf install -y ksh terminator thunderbird ddclient lighttpd rrdtool

Configure directory permissions[edit]

sudo su -
cd /var/www
mkdir html cgi-bin
cd cgi-bin
git clone https://[email protected]/rockingh0rse/dbahawk_server.git
chmod 770 *
cd /var/www
chown -R lighttpd:dbahawk *
cd /home/dbahawk
chmod 770 spoolfiles
chgrp lighttpd spoolfiles

Configure Lighttpd[edit]

• Modify document_root

vi /etc/lighttpd/modules.conf

server.document-root = server_root + "/html"

• Enable mod_cgi: uncomment the mod_cgi include

##
## plain old CGI (mod_cgi)
##
include "conf.d/cgi.conf"

• Setup Basic Authentication to restrict web server access
• Enable server to serve perl files from cgi-bin directory

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"

$HTTP["url"] =~ "/cgi-bin/" {
    auth.require = (
        "" => (
        "method"  => "basic",
        "realm"   => "DbaHawk access",
        "require" => "valid-user"
        )
    )
    cgi.assign = (
        ".sh"  => "/bin/sh",
        ".cgi" => "/usr/bin/perl",
        ".pl"  => "/usr/bin/perl"
    )
}

alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )

• Bind the local address to port 80
• Disable IPV6

server.bind = "0.0.0.0"
server.use-ipv6 = "disable"

Configure firewall[edit]

Connection refused on port 80 from hosts on you lan? :-)
Firewalld is installed and running by default - and it blocks port 80!

firewall-cmd --permanent --add-service=http
systemctl stop firewalld
systemctl start firewalld

Install and configure add-on FiltaQuilla[edit]

*** not necessary if the whole of the .thunderbird profile is tar'd and gzipped ***
FiltaQuilla is an add-on that adds significant functionality to the filtering of emails in Thunderbird.
Setup the rule

• Where subject contains "dbahawk_forward"
• Save attachment to "Downloads/dbahawk_forward"
• Mark as read
• Delete mail

Configure Thunderbird[edit]

Copy the profile folder from the old machine if still available. While on the new machine, issue this command to copy directory structure between 2 hosts.

ssh dbahawk@fedora "cd $HOME/.thunderbird && tar -cf - . | gzip " | ( cd $HOME/.thunderbird && gunzip -c | tar -xvf - . ) | tee -a  $HOME/copy_thunderbird_profile.log 

Configure ddclient[edit]

To get the ddns for the domain name working, make sure ddclient is running in daemon mode.
Make sure use=web is uncommented in /etc/ddclient/ddclient.conf or /etc/ddclient.conf

use=web, web=checkip.dyndns.org/, web-skip='IP Address' 

and put these details in the zoneedit section

server=dynamic.zoneedit.com,  \
protocol=zoneedit1,           \
login=<username>,             \
password=<password>           \
stuartbarkley.com

Create user dbahawk[edit]

sudo su -
useradd -G wheel dbahawk
su - dbahawk
passwd
mkdir -p Downloads/dbahawk_forward spoolfiles
exit

Copy the contents of the old spoolfiles directory if possible as it contains the .rrd files.

Install CPAN[edit]

Some of the dbahawk perl scripts need modules not installed by default (eg. Switch.pm)

sudo dnf install -y perl-CPAN

or if Fedora already has it installed, try

sudo dnf install -y 'perl(Switch)'
sudo dnf install -y 'perl(DBI)'
sudo dnf install -y 'perl(CGI)'
sudo dnf install -y 'perl(DBD::SQLite)'

Add entries to crontab[edit]

crontab -e

*/5 *  * * * /var/www/cgi-bin/dbahawk_collector.ksh1            >/tmp/dbahawk_collector.log            2>&1
5   *  * * * /var/www/cgi-bin/dbahawk_archive.pl                >/tmp/dbahawk_archive.log              2>&1
35  *  * * * /var/www/cgi-bin/dbahawk_dbsize_grapher.ksh        >/tmp/dbahawk_dbsize_grapher.log       2>&1
36  *  * * * /var/www/cgi-bin/dbahawk_fssize_grapher.ksh        >/tmp/dbahawk_fssize_grapher.log       2>&1
37  *  * * * /var/www/cgi-bin/dbahawk_rmansize_grapher.ksh      >/tmp/dbahawk_rmansize_grapher.log     2>&1
38  *  * * * /var/www/cgi-bin/dbahawk_rmanduration_grapher.ksh  >/tmp/dbahawk_rmanduration_grapher.log 2>&1

Other goodies[edit]

• 22-things-to-do-after-fresh-installation-of-fedora-27 - itzgeek.com