Difference between revisions of "OPS235 Resources"
(→Firewall Configuration) |
(→Number of packages) |
||
Line 29: | Line 29: | ||
[root@localhost ~]# rpm -qa | wc -l | [root@localhost ~]# rpm -qa | wc -l | ||
1017 | 1017 | ||
+ | |||
+ | == Super User Account == | ||
+ | There is no password for the super user account "root". You can simply type "su -" to switch to super user account in order to perform the following task: | ||
+ | * yum update | ||
+ | * yum install package-name | ||
+ | * switch SELinux mode | ||
+ | * list, flush, add, delete firewall rule using the iptables command | ||
+ | * start/stop network service | ||
+ | * add/remove/modify user accounts | ||
+ | * add/remove software package | ||
+ | * other administrative tasks | ||
== TCP/IP Network Services running on the Live DVD by default == | == TCP/IP Network Services running on the Live DVD by default == |
Revision as of 19:56, 25 November 2009
Contents
- 1 Installation Video
- 2 F12 Live CD update Tracker
- 3 Some facts about Fedora 12 Live DVD
- 4 Additional Software Package Installation
Installation Video
F12 Live CD update Tracker
The following table shows the number of packages available for update on a given date on a Live Fedora 12 system.
Date | No. of Packages | Size | Time(min.) |
---|---|---|---|
November 25, 2009 | 100 | 94MB | 5 |
November 24, 2009 | 89 | 87MB | 5 |
Date | No of Package | Size | Time(min.) |
Some facts about Fedora 12 Live DVD
Version information
[root@localhost ~]# uname -a Linux localhost.localdomain 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 athlon i386 GNU/Linux
Number of packages
[root@localhost ~]# rpm -qa | wc -l 1017
Super User Account
There is no password for the super user account "root". You can simply type "su -" to switch to super user account in order to perform the following task:
- yum update
- yum install package-name
- switch SELinux mode
- list, flush, add, delete firewall rule using the iptables command
- start/stop network service
- add/remove/modify user accounts
- add/remove software package
- other administrative tasks
TCP/IP Network Services running on the Live DVD by default
- cups on port 631 (Common Unix Print Service)
- smtp on port 25 (Simple Message Transfer protocol, for handling emails exchange between local users)
- avahi-daemon on port 5353 and 49032
- bootpc on port 68 (DHCP Client)
[root@localhost ~]# netstat -atup Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1500/cupsd tcp 0 0 localhost.localdomain:smtp *:* LISTEN 1800/sendmail: acce tcp 0 0 localhost6.localdomain6:ipp *:* LISTEN 1500/cupsd udp 0 0 *:mdns *:* 1489/avahi-daemon: udp 0 0 *:ipp *:* 1500/cupsd udp 0 0 *:49032 *:* 1489/avahi-daemon: udp 0 0 *:bootpc *:* 1698/dhclient
SELinux Configuration
Security Enhence Linux is enabled by default.
[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted [root@localhost ~]#
To Keep SELinux running but ask it not to enforce the Security Policy, do the following:
[root@localhost ~]# setenforce 0 [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
It is not recommended to turn off SELinux. If you encounter some SELinux policy issues and can not get it resolve, then you should set it to permissive mode.
To switch SELinux from "permissive" mode to "enforcing" mode, do the following:
[root@localhost ~]# setenforce 1 [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
Firewall Configuration
Fedora distribution use "netfilter" kernel module for building a Stateful Packet Filtering firewall. Firewall is enable on Fedora Live DVD by default.
Default Firewall Setting
The default firewall configuration:
[root@localhost ~]# iptables -L --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns 5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
- Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 5)
- Rule number 1 allows any packets which are related to any packets went out before
- Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
- Rule number 3 allows packets coming from the loop back network interface (lo), need to "-v" to show the interface name.
- Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
- Rule number 5 blocks all other incoming packets
- No packet will be forwarded.
- All outgoing packets is allowed.
Flush out firewall rules in the Filter table
To turn off the blocking of Incoming packet, do the following:
[root@localhost ~]# iptables -F [root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
The "iptables -F" command "flushes" out all the firewall rules in the filter table. The "iptables -L" displays the updated firewall rules in the filter table (none left after the iptables -F command).
Restore default firewall rules to the Filter table
To restore the default firewall, do the following:
[root@localhost ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: raw mangle nat f[ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules:
Additional Software Package Installation
Apache Manual
Installation using yum
[root@localhost ~]# yum install httpd-manual Loaded plugins: presto, refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd-manual.noarch 0:2.2.13-4.fc12 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd-manual noarch 2.2.13-4.fc12 fedora 767 k Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 0 Package(s) Total download size: 767 k Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata fedora/prestodelta | 1.3 kB 00:00 Processing delta metadata Package(s) data still to download: 767 k httpd-manual-2.2.13-4.fc12.noarch.rpm | 767 kB 00:02 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : httpd-manual-2.2.13-4.fc12.noarch 1/1 Installed: httpd-manual.noarch 0:2.2.13-4.fc12 Complete!
Starting Apache Server
[root@localhost ~]# service httpd start Starting httpd: [ OK ] [root@localhost ~]#
To access your Apache Web Server running on the Live DVD
- Open the Firefox Web Browser
- Type the url "http://localhost" into the address box and press ENTER
- Type the url "http://localhost/manual" to access the Apache manual