At time of writing, Fedora 28 is current stable version
==== Download and install Fedora ====
* [[https://getfedora.org/en/workstation/download/|Download Fedora Image Writer and burn a live image to a USB drive and install to the actual drive]]
==== Configure Fedora ====
=== Enable SSH ===
To allow remote access
sudo systemctl enable sshd
sudo systemctl start sshd
=== Disable SELinux ===
Use the /usr/sbin/getenforce or /usr/sbin/sestatus commands to check the status of SELinux
$ /usr/sbin/getenforce
Enforcing
or
$ /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 23
Policy from config file: targeted
Change SELINUX from enforcing to disabled in /etc/selinux/config
sudo vi /etc/selinux/config
- This file controls the state of SELinux on the system.
- SELINUX= can take one of these three values:
- enforcing - SELinux security policy is enforced.
- permissive - SELinux prints warnings instead of enforcing.
- disabled - No SELinux policy is loaded.
SELINUX=enforcing
- SELINUXTYPE= can take one of these two values:
- targeted - Targeted processes are protected,
- mls - Multi Level Security protection.
SELINUXTYPE=targeted
sudo reboot
=== Assign hostname ===
hostnamectl set-hostname fedora
hostnamectl
=== Assign static IP address ===
Choose the network link to change
ifconfig -a
enp0s25: flags=4163 mtu 1500
inet 192.168.1.206 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 2a02:a03f:4ed2:5900:6096:f8fa:91b5:ce6e prefixlen 64 scopeid 0x0
inet6 fe80::1704:4ccd:cf19:ac90 prefixlen 64 scopeid 0x20
ether 00:21:cc:65:a3:65 txqueuelen 1000 (Ethernet)
RX packets 65231 bytes 96666417 (92.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27570 bytes 2020047 (1.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xf2500000-f2520000
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 4 bytes 315 (315.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 315 (315.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp3s0: flags=4099 mtu 1500
ether 92:f0:49:fc:4b:10 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Easiest method is to use the command line!
sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s25
Before...
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=9097eb96-1ce2-38a2-8dd8-29a8bf56aba4
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25
After...
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
- BOOTPROTO=dhcp
BOOTPROTO=none
IPADDR=192.168.1.15
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.13
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=a8a3bec5-64b0-34de-9e27-9c732082c94b
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25
ZONE=FedoraWorkstation
==== Install Applications ====
See further down to install Apache instead of lighttpd.
sudo dnf clean all
sudo dnf -y update
sudo dnf install -y ksh terminator thunderbird ddclient lighttpd rrdtool
=== Configure directory permissions ===
sudo su -
cd /var/www
mkdir html cgi-bin
cd cgi-bin
git clone https://rockingh0rse@bitbucket.org/rockingh0rse/dbahawk_server.git
chmod 770 *
cd /var/www
chown -R lighttpd:dbahawk *
cd /home/dbahawk
chmod 770 spoolfiles
chgrp lighttpd spoolfiles
=== Configure Lighttpd ===
* Modify document_root
vi /etc/lighttpd/modules.conf
server.document-root = server_root + "/html"
* Enable mod_cgi: uncomment the mod_cgi include
-
- plain old CGI (mod_cgi)
-
include "conf.d/cgi.conf"
* Setup Basic Authentication to restrict web server access
* Enable server to serve perl files from cgi-bin directory
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
$HTTP[["url"]] =~ "/cgi-bin/" {
auth.require = (
"" => (
"method" => "basic",
"realm" => "DbaHawk access",
"require" => "valid-user"
)
)
cgi.assign = (
".sh" => "/bin/sh",
".cgi" => "/usr/bin/perl",
".pl" => "/usr/bin/perl"
)
}
alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )
* Bind the local address to port 80
* Disable IPV6
server.bind = "0.0.0.0"
server.use-ipv6 = "disable"
=== Install Apache ===
Installing Apache is as simple as running just one command
sudo dnf -y install httpd
=== Allow Apache Through the Firewall ===
Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload
=== Configure Apache to Start on Boot ===
sudo systemctl enable httpd
and start it now...
sudo systemctl start httpd
=== Check the status of Apache ===
sudo systemctl status httpd
=== To stop Apache ===
sudo systemctl stop httpd
=== Configure firewall (if not configured as part of Apache install) ===
Connection refused on port 80 from hosts on you lan? :-)\\
Firewalld is installed and running by default - and it blocks port 80!
firewall-cmd --permanent --add-service=http
systemctl stop firewalld
systemctl start firewalld
=== Install and configure add-on FiltaQuilla ===
*** not necessary if the whole of the .thunderbird profile is tar'd and gzipped ***\\
FiltaQuilla is an add-on that adds significant functionality to the filtering of emails in Thunderbird.\\
Setup the rule
* Where subject contains "dbahawk_forward"
* Save attachment to "Downloads/dbahawk_forward"
* Mark as read
* Delete mail
=== Configure Thunderbird ===
Copy the profile folder from the old machine if still available. While on the new machine, issue this command to copy directory structure between 2 hosts.
ssh dbahawk@fedora "cd $HOME/.thunderbird && tar -cf - . | gzip " | ( cd $HOME/.thunderbird && gunzip -c | tar -xvf - . ) | tee -a $HOME/copy_thunderbird_profile.log
=== Configure ddclient ===
To get the dynamic dns (ddns) for the domain name working, make sure ddclient is running in daemon mode.\\
Make sure use=web is uncommented in /etc/ddclient/ddclient.conf or /etc/ddclient.conf
use=web, web=checkip.dyndns.org/, web-skip='IP Address'
and put these details in the zoneedit section
server=dynamic.zoneedit.com, \\
protocol=zoneedit1, \\
login=, \\
password= \\
stuartbarkley.com
=== Create user dbahawk ===
sudo su -
useradd -G wheel dbahawk
su - dbahawk
passwd
mkdir -p Downloads/dbahawk_forward spoolfiles
exit
Copy the contents of the old spoolfiles directory if possible as it contains the .rrd files.\\
=== Install CPAN ===
Some of the dbahawk perl scripts need modules not installed by default (eg. Switch.pm)
sudo dnf install -y perl-CPAN
or if Fedora already has it installed, try
sudo dnf install -y 'perl(Switch)'
sudo dnf install -y 'perl(DBI)'
sudo dnf install -y 'perl(CGI)'
sudo dnf install -y 'perl(DBD::SQLite)'
==== Install Dokuwiki ====
Pretty simple install but default install does not configure the apache config file correctly :-)
dnf install -y dokuwiki
vi /etc/httpd/conf.d/dokuwiki.conf
Change
# Apache 2.4
Require local
# Apache 2.2
Options +FollowSymLinks
Order Allow,Deny
Allow from 127.0.0.1 ::1
to
# Apache 2.4
AllowOverride None
Require all granted
# Apache 2.2
Options +FollowSymLinks
Order Allow,Deny
Allow from 127.0.0.1 ::1
=== Add entries to crontab ===
crontab -e
* /5 * * * * /var/www/cgi-bin/dbahawk_collector.ksh1 >/tmp/dbahawk_collector.log 2>&1
5 * * * * /var/www/cgi-bin/dbahawk_archive.pl >/tmp/dbahawk_archive.log 2>&1
35 * * * * /var/www/cgi-bin/dbahawk_dbsize_grapher.ksh >/tmp/dbahawk_dbsize_grapher.log 2>&1
36 * * * * /var/www/cgi-bin/dbahawk_fssize_grapher.ksh >/tmp/dbahawk_fssize_grapher.log 2>&1
37 * * * * /var/www/cgi-bin/dbahawk_rmansize_grapher.ksh >/tmp/dbahawk_rmansize_grapher.log 2>&1
38 * * * * /var/www/cgi-bin/dbahawk_rmanduration_grapher.ksh >/tmp/dbahawk_rmanduration_grapher.log 2>&1
==== Other goodies ====
* [[https://www.itzgeek.com/how-tos/linux/fedora-how-tos/22-things-to-do-after-fresh-installation-of-fedora-27-fedora-26.html|22-things-to-do-after-fresh-installation-of-fedora-27 - itzgeek.com]]