Open main menu

CDOT Wiki β

Changes

OPS335 Resources

7,013 bytes removed, 10:18, 7 January 2015
Removing some very outdated resources
[[Category:OPS335]]
= Installation Video =
[http://www.youtube.com/watch?v=AhXt8PnmAxQ Fedora 12 Installation]
= New Features in Fedora 15/16 =
* [[systemd_fedora | systemd resource]]
* Netfilter[http://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/sec-Comparison_of_Firewalld_to_system-config-firewall.html iptables** Added new built-in chain for the NAT table: INPUT chainand firewalld ]
= F12 Live CD update Tracker =The following table shows the number of packages available for update on a given date on a Live Fedora 12 system.{|border="1"|- style="width: 100%;color: white; background-color: #7430c2; font-weight: bold"| Date || No. of Packages || Size || Time(min.)|-|November 25, 2009|100|94MB|5|-|November 24, 2009|89|87MB|5|-|December 6, 2009|180|152MB|8|-style="width: 100%;color: white; background-color: #7430c2; font-weight: bold"|Date||No of Package||Size||Time(min.)|} = F13 Installation DVD update Tracker =The following table shows the number of packages available for update on a given date on a Live Fedora 13 system.{|border="1"|- style="width: 100%;color: white; background-color: #7430c2; font-weight: bold"| Date || No. of Packages || Size || Time(min.)|-|September 10, 2010|485|579MB|5|-style="width: 100%;color: white; background-color: #7430c2; font-weight: bold"|Date||No of Package||Size||Time(min.)|} = Some facts about Fedora 12 Live DVD = == Version information== [root@localhost ~]# uname -a Linux localhost.localdomain 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 athlon i386 GNU/Linux == Number of packages == [root@localhost ~]# rpm -qa | wc -l 1017 == Super User Account ==There is no password for the super user account "root". You can simply type "su -" to switch to super user account in order to perform the following task:* yum update* yum install package-name* switch SELinux mode* list, flush, add, delete firewall rule using the iptables command* start/stop network service* add/remove/modify user accounts* add/remove software package* other administrative tasks* reading system log files === Monitoring System Main Log File ===
Most system daemons write log messages to the main system log file at /var/log/messages. As a system administrator, you can view any new log messages written to the file in real time using the following command line in a terminal window:
The above messages were generated when a user plugged in an USB Flash drive to the system. In this example, the system assgined the device name [sdc] to identify the Flash drive.
== Mail Package ==Fedora 12 Live DVD does not install the malix package by default.To install the mailx package (so that user can use the mail command to read their local mails), follow the follwing steps: [root@localhost mail]# yum install mailx Loaded plugins: presto, refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package mailx.i686 0:12.4-3.fc12 set to be updated --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: mailx i686 12.4-3.fc12 fedora 214 k Transaction Summary ========================================================================================= Install 1 Package(s) Upgrade 0 Package(s) Total download size: 214 k Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata Processing delta metadata Package(s) data still to download: 214 k mailx-12.4-3.fc12.i686.rpm | 214 kB 00:01 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : mailx-12.4-3.fc12.i686 1/1 Installed: mailx.i686 0:12.4-3.fc12 Complete! == TCP/IP Network Services running on the Live DVD by default ==* cups on port 631 (Common Unix Print Service)* smtp on port 25 (Simple Message Transfer protocol, for handling emails exchange between local users)* avahi-daemon on port 5353 and 49032* bootpc on port 68 (DHCP Client)  [root@localhost ~]# netstat -atup Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1500/cupsd tcp 0 0 localhost.localdomain:smtp *:* LISTEN 1800/sendmail: acce tcp 0 0 localhost6.localdomain6:ipp *:* LISTEN 1500/cupsd udp 0 0 *:mdns *:* 1489/avahi-daemon: udp 0 0 *:ipp *:* 1500/cupsd udp 0 0 *:49032 *:* 1489/avahi-daemon: udp 0 0 *:bootpc *:* 1698/dhclient == SELinux Configuration ==Security Enhence Linux is enabled by default. [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted [root@localhost ~]#  To Keep SELinux running but ask it not to enforce the Security Policy, do the following: [root@localhost ~]# setenforce 0 [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted It is not recommended to turn off SELinux. If you encounter some SELinux policy issues and can not get it resolve, then you should set it to permissive mode. To switch SELinux from "permissive" mode to "enforcing" mode, do the following: [root@localhost ~]# setenforce 1 [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted == Firewall Configuration ==Fedora distribution use "netfilter" kernel module for building a Stateful Packet Filtering firewall. Firewall is enable on Fedora Live DVD by default.=== Default Firewall Setting ===
The default firewall configuration:
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
** Rule number 1 allows any packets which are related to any packets went out before
** Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
** Rule number 3 allows packets coming from the loop back network interface (lo), need to . Use the "-v" option to show the interface name.
** Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
** Rule number 5 blocks all other incoming packets
* No packet All packets will be forwarded.
* All outgoing packets are allowed.
=== Flush out firewall Improving system security with some better rules in the Filter table ===To turn off the blocking of Incoming packet, do the following:A better configuration [root@localhost ~]# iptables -F [root@localhost ~]# iptables L --line-Lnumber Chain INPUT (policy ACCEPTDROP) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPTDROP) num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination * Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 3)** Rule number 1 allows any packets which are related to any packets went out before** Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)** Rule number 3 allows packets coming from the loop back network interface (lo). Use the "-v" option to show the interface name.** As we aren't using MDNS, we can delete that rule.** Instead of rejecting unwanted traffic (which sends a response back), simply drop it (note the changed default policy).
The "iptables -F" command "flushes" out all the firewall rules in the filter table. The "iptables -L" displays the updated firewall rules in the filter table (none left after the iptables -F command)* No packets will be forwarded.** Unless you expect to be forwarding traffic, why allow it?
=== Logging unexpected traffic ===It can also be useful to keep a log of the traffic that your machine drops. This could be traffic that you want, but haven't added a rule to accept, or it could provide early warning that someone is trying to compromise your machine. This is particularly useful on machines/interfaces that face the outside world.  [root@localhost ~]# iptables -A INPUT -j LOG == Restore default firewall rules to the Filter table ===To restore the default firewallto saved settings, do the following: [root@localhost ~]# service systemctl restart iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: raw mangle nat f[ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules:
 
= Additional Software Package Installation =
 
== Apache Manual ==
 
=== Installation using yum ===
[root@localhost ~]# yum install httpd-manual
Loaded plugins: presto, refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd-manual.noarch 0:2.2.13-4.fc12 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd-manual noarch 2.2.13-4.fc12 fedora 767 k
Transaction Summary
================================================================================
Install 1 Package(s)
Upgrade 0 Package(s)
Total download size: 767 k
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
fedora/prestodelta | 1.3 kB 00:00
Processing delta metadata
Package(s) data still to download: 767 k
httpd-manual-2.2.13-4.fc12.noarch.rpm | 767 kB 00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : httpd-manual-2.2.13-4.fc12.noarch 1/1
Installed:
httpd-manual.noarch 0:2.2.13-4.fc12
Complete!
 
=== Starting Apache Server ===
[root@localhost ~]# service httpd start
Starting httpd: [ OK ]
[root@localhost ~]#
 
=== To access your Apache Web Server running on the Live DVD ===
* Open the Firefox Web Browser
* Type the url "http://localhost" into the address box and press ENTER
* Type the url "http://localhost/manual" to access the Apache manual
 
= Reporting Problems about your Fedora Installation =
932
edits