This section describes Suse (version 9.3) specific commands.
Packages to install: rcs xntp sharutils tcpdump iptraf whois nmap automake gcc ethereal rsync lynx links pin scanlogd rsync uudeview ltrace smartmontools zip unzip pcre net-snmp ntop arpwatch perl-dbi flex pytn python-dev
a) via the nework
Yast -> Network services -> proxy
http://YOUR.PROXY.COM:80/
Set Patch source 9.x in Switzerland
http://mirror.switch.ch/ftp/mirror/SuSE/suse/
Install source 9.x:
http://sunsite.cnlab-switch.ch//ftp/mirror/suse/suse/i386/9.3/
sunsite.cnlab-switch.ch /ftp/mirror/suse/suse/i386/9.3/
yast -i
yast online_update
b) or, if you have no internet access,
by downloading the Suse 9.3 ISO images to /opt/install/suse9.3
and then mounting/unmounting a CD as needed:
umount /mnt/cd
mount -o loop -t iso9660 /opt/install/suse9.3/cd1.iso /mnt/cd
In Yast, set the install source to the local directory "/mnt/cd".
Create /etc/mods (documentation of system changes) and "chmod 600" it
/etc/hosts : timehost, loghost, mailhost
rcSuSEfirewall2 stop
chkconfig SuSEfirewall2 off
chkconfig SuSEfirewall2_init off
chkconfig SuSEfirewall2_setup off
rcportmap stop
chkconfig nfs off
chkconfig nfsboot off
chkconfig portmap off
chkconfig mdnsd off
rcmdnsd stop
## optional
vi /etc/snmpd.conf [enable a read-only community if you want SNMP monitoring]
rcsnmpd start
chkconfig snmpd on
Disable powersaving on servers and especially VMs:
/etc/sysconfig/powersave/cpufreq
POWERSAVE_CPUFREQD_MODULE="off"
Email
Yast -> Network services -> mail transfer agent
Outgoing mail server = [YOUR_OUTBOUND_SERVER]
vi /etc/aliases, and set "root" alias to the sysadmin
newaliases
Test email:
echo test | mailx -s "test" root
Time sync
cp /etc/localtime /etc/localtime.orig
cp /usr/share/zoneinfo/Europe/Zurich /etc/localtime [Switzerland]
cron:
0,30 7-20 * * 1-5 /usr/sbin/ntpdate -s A.B.C.D X.Y.Z.Z; /sbin/hwclock --systohc
Setup syslog for centralised logging to the master server:
In /etc/hosts, add an entry for each NAC server
XX vmps1
YY vmps2
On the Master, enable the syslog server:
vi /etc/syslog-ng/syslog-ng.conf.in
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
SuSEconfig
rcsyslog restart
Slave: syslog client:
/etc/syslog-ng/syslog-ng.conf.in
## Forward *.info to loghost
filter f_info { level(info) ; };
destination network { udp("loghost" port(514)); };
log { source(src); filter(f_info); destination(network); };
add loghost to the vmps2 line in /etc/hosts
SuSEconfig
rcsyslog restart
change the root GECOS field in /etc/passwd to "root MACHINE"
Also check: /root/.ssh/authorized_keys
naming:
vi /etc/resolv.conf
If you use DNS domains with ".local", then replace dns library since Suse
does not like domains ending int ".local". Backup libresolv.so.2 and create a new /lib/libresolv.so.2.orig that is not so brain dead:
cd /lib cp libresolv.so.2 libresolv.so.2.orig
cat libresolv.so.2.orig |sed 's/local/lokal/g' > libresolv.so.2.NO_LOCAL
cp libresolv.so.2.NO_LOCAL libresolv.so.2
If SSH logins seem very slow, you might have to replace LOCAL with 127.0.0.1 in /etc/hosts.allow for the sshd entry.
create /secure check_disk, monitor_processes, secure.conf
ln -s /usr/bin/perl /bin/perl
Environment
copy /etc/profile.local from another machine
. /etc/profile.local
Setup filewatch
mkdir -p /var/filewatcher/archive
copy /usr/local/bin/filewatcher from another machine
copy /etc/filewatcher.conf from another machine
filewatcher -c /etc/filewatcher.conf
Setup Cron entry:
2 6-18 * * 1-5 /usr/local/bin/filewatcher -c /etc/filewatcher.conf
check_disk in root cron
*/3 * * * * /secure/check_disk 90 800