OPS235 Resources

From CDOT Wiki
Revision as of 20:56, 25 November 2009 by Cheping (talk | contribs) (Number of packages)
Jump to: navigation, search

Installation Video

Fedora 12 Installation

F12 Live CD update Tracker

The following table shows the number of packages available for update on a given date on a Live Fedora 12 system.

Date No. of Packages Size Time(min.)
November 25, 2009 100 94MB 5
November 24, 2009 89 87MB 5
Date No of Package Size Time(min.)

Some facts about Fedora 12 Live DVD

Version information

[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 athlon i386 GNU/Linux

Number of packages

[root@localhost ~]# rpm -qa | wc -l
1017

Super User Account

There is no password for the super user account "root". You can simply type "su -" to switch to super user account in order to perform the following task:

  • yum update
  • yum install package-name
  • switch SELinux mode
  • list, flush, add, delete firewall rule using the iptables command
  • start/stop network service
  • add/remove/modify user accounts
  • add/remove software package
  • other administrative tasks

TCP/IP Network Services running on the Live DVD by default

  • cups on port 631 (Common Unix Print Service)
  • smtp on port 25 (Simple Message Transfer protocol, for handling emails exchange between local users)
  • avahi-daemon on port 5353 and 49032
  • bootpc on port 68 (DHCP Client)
[root@localhost ~]# netstat -atup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address   State       PID/Program name   
tcp        0      0 localhost.localdomain:ipp   *:*               LISTEN      1500/cupsd          
tcp        0      0 localhost.localdomain:smtp  *:*               LISTEN      1800/sendmail: acce 
tcp        0      0 localhost6.localdomain6:ipp *:*               LISTEN      1500/cupsd          
udp        0      0 *:mdns                      *:*                           1489/avahi-daemon:  
udp        0      0 *:ipp                       *:*                           1500/cupsd          
udp        0      0 *:49032                     *:*                           1489/avahi-daemon:  
udp        0      0 *:bootpc                    *:*                           1698/dhclient

SELinux Configuration

Security Enhence Linux is enabled by default.

[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
[root@localhost ~]# 

To Keep SELinux running but ask it not to enforce the Security Policy, do the following:

[root@localhost ~]# setenforce 0
[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

It is not recommended to turn off SELinux. If you encounter some SELinux policy issues and can not get it resolve, then you should set it to permissive mode.

To switch SELinux from "permissive" mode to "enforcing" mode, do the following:

[root@localhost ~]# setenforce 1
[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Firewall Configuration

Fedora distribution use "netfilter" kernel module for building a Stateful Packet Filtering firewall. Firewall is enable on Fedora Live DVD by default.

Default Firewall Setting

The default firewall configuration:

[root@localhost ~]# iptables -L --line-number
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  anywhere             anywhere            
3    ACCEPT     all  --  anywhere             anywhere            
4    ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp dpt:mdns 
5    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination          

  • Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 5)
    • Rule number 1 allows any packets which are related to any packets went out before
    • Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
    • Rule number 3 allows packets coming from the loop back network interface (lo), need to "-v" to show the interface name.
    • Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
    • Rule number 5 blocks all other incoming packets
  • No packet will be forwarded.
  • All outgoing packets is allowed.

Flush out firewall rules in the Filter table

To turn off the blocking of Incoming packet, do the following:

[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination          

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

The "iptables -F" command "flushes" out all the firewall rules in the filter table. The "iptables -L" displays the updated firewall rules in the filter table (none left after the iptables -F command).

Restore default firewall rules to the Filter table

To restore the default firewall, do the following:

[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: raw mangle nat f[  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:

Additional Software Package Installation

Apache Manual

Installation using yum

[root@localhost ~]# yum install httpd-manual
Loaded plugins: presto, refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd-manual.noarch 0:2.2.13-4.fc12 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch           Version               Repository      Size
================================================================================
Installing:
 httpd-manual         noarch         2.2.13-4.fc12         fedora         767 k 

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s) 

Total download size: 767 k
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
fedora/prestodelta                                       | 1.3 kB     00:00     
Processing delta metadata
Package(s) data still to download: 767 k
httpd-manual-2.2.13-4.fc12.noarch.rpm                    | 767 kB     00:02     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : httpd-manual-2.2.13-4.fc12.noarch                        1/1 

Installed:
  httpd-manual.noarch 0:2.2.13-4.fc12                                           

Complete!

Starting Apache Server

[root@localhost ~]# service httpd start
Starting httpd:                                            [  OK  ]
[root@localhost ~]# 

To access your Apache Web Server running on the Live DVD