MARCO CONCEPTUAL

After your partitions have been configured and selected for formatting and configurations have been set for your specific system, you are ready to select packages for installation. By default, Linux is a powerful operating system that runs many useful services. However, many of these services are unneeded and pose potential security risks.

Ideally, each network service should be on a dedicated, single-purpose host. Many Linux operating systems are configured by default to provide a wider set of services and applications than are required to provide a particular network service, so you may need to configure the server to eliminate unneeded services. Offering only essential services on a particular host can enhance your network security in several ways:

Other services cannot be used to attack the host and impair or remove desired network services.

The host can be configured to better suit the requirements of the particular service. Different services might require different hardware and software configurations, which could lead to needless vulnerabilities or service restrictions.

By reducing services, the number of logs and log entries is reduced so detecting unexpected behavior becomes easier.

Different individuals may administer different services. By isolating services so each host and service has a single administrator you will minimize the possibility of conflicts between administrators.

A proper installation of your Linux server is the first step to a stable, secure system. From the screen menu that appears (Selecting Package Groups), you first have to choose which system components you want to install, in our case; we must DESELECT ALL CHECKED Package Groups on the list.

Since we are configuring a Linux server, we don’t need to install a graphical interface (XFree86) on our system (a graphical interface on a server means less processes, less CPU availability, less memory, security risks, and so on), also computers are subject to the treachery of images as well. The image on your computer screen is not a computer file -- it's only an image on a computer screen. Images of files, processes, and network connections are very distant cousins of the actual bits in memory, in network packets, or on disks.

Layer upon layer of hardware and software produces the images that you see. When an intruder "owns" a machine, any of those layers could be tampered with. Application software can lie, OS kernels can lie, boot PROMs can lie, and even hard disk drives can lie. Graphical interfaces are usually used on only workstations.

Step 1

First of all, it is vital to verify and be SURE to deselect all of the following Package Group: Printing Support

Classic X Window System X Window System

Laptop Support GNOME KDE

Sound and Multimedia Support Network Support

Dialup Support

Messaging and Web Tools Graphics and Image Manipulation New Server

NFS File Server Windows File Server

Anonymous FTP Server SQL Database Server Web Server

Router / Firewall DNS Name Server

Network Managed Workstation Authoring and Publishing Emacs

Utilities

Legacy Application Support Software Development Kernel Development

Windows Compatibility / Interoperability Games and Entertainment

Everything

To resume, it is very important and I say VERY IMPORTANT to deselect (none is selected) every selected Packages Group before clicking on the Next button for continuing the installation.

We don’t want and don’t need to install any additional packages. The default install of this Linux distribution already comes with the most essential programs we need for the base functionality of the operating system.

Step 2

At this point, the installation program will check dependencies in packages selected for installation (in our case no packages are selected) and format every partition you selected for formatting in you system. This can take several minutes depending on the speed of your

machine. Once all partitions have been formatted, the installation program starts to install Linux to your hard drive.

Boot Disk Creation

From this section of the installation, we have the possibility to create a boot disk for our newly installed operating system. If you do not want to create a boot disk, you should check the “Skip boot disk creation” checkbox before you click Next. Creating a boot disk must be made if you decide to not install GRUB or LILO on the MBR (the Master Boot Record) or if you are not installing GRUB or LILO at all.

How to use RPM Commands

This section contains an overview of using RPM for installing, uninstalling, upgrading, querying, listing, and checking RPM packages on your Linux system. You must be familiar with these RPM commands now because we’ll use them often in this book and especially later in this chapter for software that must be uninstalled after installation of the server.

Install a RPM package:

Note that RPM packages have a file of names like foo-1.0-2.i386.rpm, which include the package name (foo), version (1.0), release (2), and architecture (i386).

• To install a RPM package, use the command:

[root@deep /]# rpm -ivh foo-1.0-2.i386.rpm

foo ##################################################

Uninstall a RPM package:

Notice that we used the package name “foo”, not the name of the original package file “foo- 1.0-2.i386.rpm”.

• To uninstall a RPM package, use the command:

Upgrade a RPM package:

With this command, RPM automatically uninstalls the old version of foo package and installs the new one. Always use “rpm -Uvh” command to install packages, since it works fine even when there are no previous versions of the package installed. This is the recommended method of installing package on the system.

• To upgrade a RPM package, use the command:

[root@deep /]# rpm -Uvh foo-1.0-2.i386.rpm

foo ##################################################

Force the installation of a RPM package:

With this command, RPM will force the installation of the specified package even if some conflict or other kind of problem exists. This command should be used with care and only if you know what you do. In most case, RPM can correctly guest problem and refuse to install. To bypass RPM warning, you can use the RPM command below.

• To force the installation of a RPM package, use the command:

[root@deep /]# rpm -Uvh --force foo-1.0-2.i386.rpm

foo ##################################################

Avoid RPM package dependency:

With this command, RPM will not take care of package dependency and will install the RPM software on your system. Package dependency is an important concept in the RPM world. Dependency is when some other packages depend of the RPM package you are trying to install. By default, RPM check if all other RPM packages required for the RPM you try to install are present before installing the RPM. If some required packages are not present, RPM will inform you. This is made to avoid problem and be sure that the software you want to install will perfectly work. In some special case, we don’t need to take care of dependency and can use the option below to inform it to skip the dependency check when installing the software.

• To avoid RPM package dependency, use the command:

[root@deep /]# rpm -Uvh --nodeps foo-1.0-2.i386.rpm

foo ##################################################

Query a RPM package:

This command will print the package name, version, and release number of installed package foo. Use this command to verify that a package is or is not installed on your system.

• To query a RPM package, use the command:

[root@deep /]# rpm -q foo

Display RPM package information:

This command displays package information; includes name, version, and description of the installed program. Use this command to get information about the installed package.

• To display RPM package information, use the command:

[root@deep /]# rpm -qi foo

Name : foo Relocations: none

Version : 2.3 Vendor: OpenNA.com, Inc.

Release : 8 Build Date: Thu 24 Aug 2000 11:16:53 AM EDT

Install date: Mon 12 Feb 2001 01:17:24 AM EST Build Host: openna.com Group : Applications/Archiving Source RPM: foo-2.3-8.src.rpm Size : 271467 License: distributable Packager : OpenNA.com, Inc. <http://www.openna.com/>

Summary : Here will appears summary of the package.

Description : Here will appears the description of the package.

Display RPM package information before installing the program:

This command displays package information; includes name, version, and description of the program without the need to install the program first. Use this command to get information about a package before you install it on your system.

• To display package information before installing the program, use the command:

[root@deep /]# rpm -qpi foo-2.3-8.i386.rpm

Name : foo Relocations: none

Version : 2.3 Vendor: OpenNA.com, Inc.

Release : 8 Build Date: Thu 24 Aug 2000 11:16:53 AM EDT

Install date: Mon 12 Feb 2001 01:17:24 AM EST Build Host: openna.com Group : Applications/Archiving Source RPM: foo-2.3-8.src.rpm Size : 271467 License: distributable Packager : OpenNA.com, Inc. <http://www.openna.com/>

Summary : Here will appears summary of the package.

Description : Here will appears the description of the package.

List files in a installed RPM package:

This command will list all files in a installed RPM package. It works only when the package is already installed on your system.

• To list files in a installed RPM package, use the command:

[root@deep /]# rpm -ql foo

/usr/bin/foo /usr/bin/foo1 /usr/sbin/foo2

List files in RPM package that is not already installed:

This command will list all files in a RPM package that is not already installed on your system. It is useful when you want to know which components are included in the package before installing it.

• To list files in RPM package that is not already installed, use the command:

[root@deep /]# rpm -qpl foo

/usr/lib/foo /usr/bin/foo1 /usr/sbin/foo2

Know which files is part of which RPM package:

This command will show you from which RPM package the file comes from. It works only when the package is already installed on your system and it is very useful when you see some files into Linux that you do not know about it and want to get more information about its RPM provenance.

• To know which files is part of which RPM package, use the command:

[root@deep /]# rpm -qf /etc/passwd

setup-2.3.4-1

Check RPM signature package:

This command checks the PGP signature of specified package to ensure its integrity and origin. Always use this command first before installing new RPM package on your system. GnuPG or PGP software must be already installed on your system before you can use this command. See the chapter related to GnuPG installation and configuration for more information.

• To check a RPM signature package, use the command:

[root@deep /]# rpm --checksig foo

Examine the md5sum of RPM package:

The RPMmd5sum is useful to verify that a package has not been corrupted or tampered with. You can use it to be sure that the download of your new RPM package was not corrupted during network transfer.

• To examine only the md5sum of the package, use the command:

[root@deep /]# rpm --checksig --nogpg foo

Starting and stopping daemon services

The init program of Linux (also known as process control initialization) is in charge of starting all the normal and authorized processes that need to run at boot time on your system. These may include the APACHE daemons, NETWORK daemons, and anything else that must be running when your machine boots.

Each of these processes has a script file under the /etc/init.d directory written to accept an argument, which can be start, stop, restart, etc. As you can imagine, those script are made to simplify the administration of the server and the way we can start or stop services under Linux. Of course, we can use the native way to start all required services under our server, but it is much simple to have some kind of script files that should provide us some easy method to automate and control the procedures. This is why init program and all initialization script files available under the /etc/init.d directory exist.

Below are some examples showing you how to execute those scripts by hand. For example:

• To start the httpd web server daemon manually under Linux, you’ll type:

[root@deep /]# /etc/init.d/httpd start

Starting httpd: [OK]

• To stop the httpd web server daemon manually under Linux, you’ll type:

[root@deep /]# /etc/init.d/httpd stop

• To restart the httpd web server daemon manually under Linux, you’ll type:

[root@deep /]# /etc/init.d/httpd restart

Shutting down http: [OK]

Starting httpd: [OK]

Check inside your /etc/init.d directory for services available and use the commands start |

stop | restart to work around. You will see along this book that we often use initialization script file to administration and control the way we start, restart, stop, etc services under Linux.