fedora_install_for_my_own

Download and install Fedora
Configure Fedora
Install Applications
Install Dokuwiki
Other goodies

At time of writing, Fedora 28 is current stable version

Download and install Fedora

Download Fedora Image Writer and burn a live image to a USB drive and install to the actual drive

Configure Fedora

Enable SSH

To allow remote access

sudo systemctl enable sshd
sudo systemctl start sshd

Disable SELinux

Use the /usr/sbin/getenforce or /usr/sbin/sestatus commands to check the status of SELinux

$ /usr/sbin/getenforce
Enforcing

$ /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 23
Policy from config file:        targeted

Change SELINUX from <tt>enforcing</tt> to <tt>disabled</tt> in /etc/selinux/config

sudo vi /etc/selinux/config
  -  This file controls the state of SELinux on the system.
  -  SELINUX= can take one of these three values:
  -        enforcing - SELinux security policy is enforced.
  -        permissive - SELinux prints warnings instead of enforcing.
  -        disabled - No SELinux policy is loaded.
SELINUX=enforcing
  -  SELINUXTYPE= can take one of these two values:
  -        targeted - Targeted processes are protected,
  -        mls - Multi Level Security protection.
SELINUXTYPE=targeted

sudo reboot

Assign hostname

hostnamectl set-hostname fedora
hostnamectl

Assign static IP address

Choose the network link to change

ifconfig -a

enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.206  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2a02:a03f:4ed2:5900:6096:f8fa:91b5:ce6e  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1704:4ccd:cf19:ac90  prefixlen 64  scopeid 0x20<link>
        ether 00:21:cc:65:a3:65  txqueuelen 1000  (Ethernet)
        RX packets 65231  bytes 96666417 (92.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27570  bytes 2020047 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf2500000-f2520000

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 315 (315.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 315 (315.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 92:f0:49:fc:4b:10  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Easiest method is to use the command line!

sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s25

Before…

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=9097eb96-1ce2-38a2-8dd8-29a8bf56aba4
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25

After…

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
  - BOOTPROTO=dhcp
BOOTPROTO=none
IPADDR=192.168.1.15
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.13
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=a8a3bec5-64b0-34de-9e27-9c732082c94b
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25
ZONE=FedoraWorkstation

Install Applications

See further down to install Apache instead of lighttpd.

sudo dnf clean all
sudo dnf -y update

sudo dnf install -y ksh terminator thunderbird ddclient lighttpd rrdtool

Configure directory permissions

sudo su -
cd /var/www
mkdir html cgi-bin
cd cgi-bin
git clone https://[email protected]/rockingh0rse/dbahawk_server.git
chmod 770 *
cd /var/www
chown -R lighttpd:dbahawk *
cd /home/dbahawk
chmod 770 spoolfiles
chgrp lighttpd spoolfiles

Configure Lighttpd

Modify document_root

vi /etc/lighttpd/modules.conf

server.document-root = server_root + "/html"

Enable mod_cgi: uncomment the mod_cgi include

  - 
  -  plain old CGI (mod_cgi)
  - 
include "conf.d/cgi.conf"

Setup Basic Authentication to restrict web server access
Enable server to serve perl files from cgi-bin directory

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"

$HTTP[["url"]] =~ "/cgi-bin/" {
    auth.require = (
        "" => (
        "method"  => "basic",
        "realm"   => "DbaHawk access",
        "require" => "valid-user"
        )
    )
    cgi.assign = (
        ".sh"  => "/bin/sh",
        ".cgi" => "/usr/bin/perl",
        ".pl"  => "/usr/bin/perl"
    )
}

alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )

Bind the local address to port 80
Disable IPV6

server.bind = "0.0.0.0"
server.use-ipv6 = "disable"

Install Apache

Installing Apache is as simple as running just one command

sudo dnf -y install httpd

Allow Apache Through the Firewall

Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload

Configure Apache to Start on Boot

sudo systemctl enable httpd

and start it now…

sudo systemctl start httpd

Check the status of Apache

sudo systemctl status httpd

To stop Apache

sudo systemctl stop httpd

Configure firewall (if not configured as part of Apache install)

Connection refused on port 80 from hosts on you lan?
Firewalld is installed and running by default - and it blocks port 80!

firewall-cmd --permanent --add-service=http
systemctl stop firewalld
systemctl start firewalld

Install and configure add-on FiltaQuilla

*** not necessary if the whole of the .thunderbird profile is tar'd and gzipped ***
FiltaQuilla is an add-on that adds significant functionality to the filtering of emails in Thunderbird.
Setup the rule

Where subject contains “dbahawk_forward”
Save attachment to “Downloads/dbahawk_forward”
Mark as read
Delete mail

Configure Thunderbird

Copy the profile folder from the old machine if still available. While on the new machine, issue this command to copy directory structure between 2 hosts.

ssh dbahawk@fedora "cd $HOME/.thunderbird && tar -cf - . | gzip " | ( cd $HOME/.thunderbird && gunzip -c | tar -xvf - . ) | tee -a  $HOME/copy_thunderbird_profile.log

Configure ddclient

To get the dynamic dns (ddns) for the domain name working, make sure ddclient is running in daemon mode.
Make sure use=web is uncommented in <tt>/etc/ddclient/ddclient.conf</tt> or <tt>/etc/ddclient.conf</tt>

use=web, web=checkip.dyndns.org/, web-skip='IP Address'

and put these details in the zoneedit section

server=dynamic.zoneedit.com,  \\
protocol=zoneedit1,           \\
login=<username>,             \\
password=<password>           \\
stuartbarkley.com

Create user dbahawk

sudo su -
useradd -G wheel dbahawk
su - dbahawk
passwd
mkdir -p Downloads/dbahawk_forward spoolfiles
exit

Copy the contents of the old spoolfiles directory if possible as it contains the .rrd files.

Install CPAN

Some of the dbahawk perl scripts need modules not installed by default (eg. Switch.pm)

sudo dnf install -y perl-CPAN

or if Fedora already has it installed, try

sudo dnf install -y 'perl(Switch)'
sudo dnf install -y 'perl(DBI)'
sudo dnf install -y 'perl(CGI)'
sudo dnf install -y 'perl(DBD::SQLite)'

Install Dokuwiki

Pretty simple install but default install does not configure the apache config file correctly

dnf install -y dokuwiki
</code
The edit the Apache config file for dokuwiki
<code>
vi /etc/httpd/conf.d/dokuwiki.conf

Change

<Directory /usr/share/dokuwiki>
        <IfModule mod_authz_core.c>
                # Apache 2.4
                Require local
        </IfModule>
        <IfModule !mod_authz_core.c>
                # Apache 2.2
                Options +FollowSymLinks
                Order Allow,Deny
                Allow from 127.0.0.1 ::1
        </IfModule>
</Directory>

<Directory /usr/share/dokuwiki>
        <IfModule mod_authz_core.c>
                # Apache 2.4
                AllowOverride None
                Require all granted
        </IfModule>
        <IfModule !mod_authz_core.c>
                # Apache 2.2
                Options +FollowSymLinks
                Order Allow,Deny
                Allow from 127.0.0.1 ::1
        </IfModule>
</Directory>

Add entries to crontab

crontab -e

  * /5 *  * * * /var/www/cgi-bin/dbahawk_collector.ksh1            >/tmp/dbahawk_collector.log            2>&1
5   *  * * * /var/www/cgi-bin/dbahawk_archive.pl                >/tmp/dbahawk_archive.log              2>&1
35  *  * * * /var/www/cgi-bin/dbahawk_dbsize_grapher.ksh        >/tmp/dbahawk_dbsize_grapher.log       2>&1
36  *  * * * /var/www/cgi-bin/dbahawk_fssize_grapher.ksh        >/tmp/dbahawk_fssize_grapher.log       2>&1
37  *  * * * /var/www/cgi-bin/dbahawk_rmansize_grapher.ksh      >/tmp/dbahawk_rmansize_grapher.log     2>&1
38  *  * * * /var/www/cgi-bin/dbahawk_rmanduration_grapher.ksh  >/tmp/dbahawk_rmanduration_grapher.log 2>&1

Other goodies

22-things-to-do-after-fresh-installation-of-fedora-27 - itzgeek.com

Table of Contents