Difference between revisions of "Fedora install for my own purposes"

Revision as of 14:44, 11 May 2018 (edit) Stuart (talk | contribs) (→‎Configure Lighttpd) ← Older edit		Revision as of 18:07, 11 May 2018 (edit) (undo) Stuart (talk | contribs) (→‎Configure Lighttpd) Newer edit →
Line 130:		Line 130:
	sudo dnf install -y ksh terminator thunderbird ddclient lighttpd		sudo dnf install -y ksh terminator thunderbird ddclient lighttpd
	</pre>		</pre>
−	====Configure Lighttpd====	+	====Configure directory permissions====
	<pre>		<pre>
	sudo su -		sudo su -
−	cd /var/www/lighttpd/cgi-bin	+	cd /var/www
		+	mkdir html cgi-bin
		+	cd cgi-bin
	git clone 192.168.1.11:/Google\ Drive/dbahawk_server/		git clone 192.168.1.11:/Google\ Drive/dbahawk_server/
−	chmod 775 *	+	chmod 770 *
	cd /var/www		cd /var/www
	chown -R lighttpd:dbahawk *		chown -R lighttpd:dbahawk *
		+	cd /home/dbahawk
		+	chmod 770 spoolfiles
		+	chgrp lighttpd spoolfiles
	</pre>		</pre>
−	Enable mod_cgi: Uncomment the mod_cgi include	+	====Configure Lighttpd====
		+	* Modify document_root
		+	<pre>
		+	server.document-root = server_root + "/html"
		+	</pre>
		+	* Enable mod_cgi: Uncomment the mod_cgi include
	<pre>		<pre>
	vi /etc/lighttpd/modules.conf		vi /etc/lighttpd/modules.conf
Line 147:		Line 157:
	##		##
	include "conf.d/cgi.conf"		include "conf.d/cgi.conf"
		+	</pre>
		+	* Setup Basic Authentication to restrict web server access
		+	* Enable server to serve perl files from cgi-bin directory
		+	<pre>
		+	auth.backend = "htpasswd"
		+	auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
		+
		+	$HTTP["url"] =~ "/cgi-bin/" {
		+	auth.require = (
		+	"" => (
		+	"method"  => "basic",
		+	"realm"  => "DbaHawk access",
		+	"require" => "valid-user"
		+	)
		+	)
		+	cgi.assign = (
		+	".sh"  => "/bin/sh",
		+	".cgi" => "/usr/bin/perl",
		+	".pl"  => "/usr/bin/perl"
		+	)
		+	}
		+
		+	alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )
		+	</pre>
		+	* Bind the local address to port 80
		+	* Disable IPV6
		+	<pre>
		+	server.bind = "0.0.0.0"
		+	server.use-ipv6 = "disable"
		+	</pre>
		+	====Configure firewall====
		+	Connection refused on port 80 from hosts on you lan? :-)<br />
		+	Firewalld is installed and running by default - and it blocks port 80!
		+	<pre>
		+	firewall-cmd --permanent --add-service=http
	</pre>		</pre>

---

Revision as of 18:07, 11 May 2018

At time of writing, Fedora 28 is current stable version

Download and install Fedora

• Download Fedora Image Writer and burn a live image to a USB drive and install to the actual drive

Configure Fedora

Enable SSH

To allow remote access

sudo systemctl enable sshd
sudo systemctl start sshd

Disable SELinux

Use the /usr/sbin/getenforce or /usr/sbin/sestatus commands to check the status of SELinux

$ /usr/sbin/getenforce
Enforcing

or

$ /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 23
Policy from config file:        targeted

Change SELINUX from enforcing to disabled in /etc/selinux/config

sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

sudo reboot

Assign static IP address

Choose the network link to change

ifconfig -a

enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.206  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2a02:a03f:4ed2:5900:6096:f8fa:91b5:ce6e  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1704:4ccd:cf19:ac90  prefixlen 64  scopeid 0x20<link>
        ether 00:21:cc:65:a3:65  txqueuelen 1000  (Ethernet)
        RX packets 65231  bytes 96666417 (92.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27570  bytes 2020047 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf2500000-f2520000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 315 (315.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 315 (315.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 92:f0:49:fc:4b:10  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Easiest method is to use the command line!

sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s25

Before...

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=9097eb96-1ce2-38a2-8dd8-29a8bf56aba4
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25

After...

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=none
IPADDR=192.168.1.15
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.13
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s25
UUID=a8a3bec5-64b0-34de-9e27-9c732082c94b
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=enp0s25
ZONE=FedoraWorkstation

Install Applications

sudo dnf install -y ksh terminator thunderbird ddclient lighttpd

Configure directory permissions

sudo su -
cd /var/www
mkdir html cgi-bin
cd cgi-bin
git clone 192.168.1.11:/Google\ Drive/dbahawk_server/
chmod 770 *
cd /var/www
chown -R lighttpd:dbahawk *
cd /home/dbahawk
chmod 770 spoolfiles
chgrp lighttpd spoolfiles

Configure Lighttpd

• Modify document_root

server.document-root = server_root + "/html"

• Enable mod_cgi: Uncomment the mod_cgi include

vi /etc/lighttpd/modules.conf

##
## plain old CGI (mod_cgi)
##
include "conf.d/cgi.conf"

• Setup Basic Authentication to restrict web server access
• Enable server to serve perl files from cgi-bin directory

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"

$HTTP["url"] =~ "/cgi-bin/" {
    auth.require = (
        "" => (
        "method"  => "basic",
        "realm"   => "DbaHawk access",
        "require" => "valid-user"
        )
    )
    cgi.assign = (
        ".sh"  => "/bin/sh",
        ".cgi" => "/usr/bin/perl",
        ".pl"  => "/usr/bin/perl"
    )
}

alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin/" )

• Bind the local address to port 80
• Disable IPV6

server.bind = "0.0.0.0"
server.use-ipv6 = "disable"

Configure firewall

Connection refused on port 80 from hosts on you lan? :-)
Firewalld is installed and running by default - and it blocks port 80!

firewall-cmd --permanent --add-service=http

Install and configure add-on FiltaQuilla

*** not necessary if the whole of the .thunderbird profile is tar'd and gzipped ***
FiltaQuilla is an add-on that adds significant functionality to the filtering of emails in Thunderbird.
Setup the rule

• Where subject contains "dbahawk_forward"
• Save attachment to "Downloads/dbahawk_forward"
• Mark as read
• Delete mail

Configure Thunderbird

Copy the profile folder from the old machine if still available. While on the new machine, issue this command to copy directory structure between 2 hosts.

ssh dbahawk@fedora "cd $HOME/.thunderbird && tar -cf - . | gzip " | ( cd $HOME/.thunderbird && gunzip -c | tar -xvf - . ) | tee -a  $HOME/copy_thunderbird_profile.log 

Configure ddclient

To get the ddns for the domain name working, make sure ddclient is running in daemon mode.
Make sure use=web is uncommented in /etc/ddclient/ddclient.conf or /etc/ddclient.conf

use=web, web=checkip.dyndns.org/, web-skip='IP Address' 

and put these details in the zoneedit section

server=dynamic.zoneedit.com,  \
protocol=zoneedit1,           \
login=<username>,             \
password=<password>           \
stuartbarkley.com

Create user dbahawk

sudo su -
useradd -G wheel dbahawk
su - dbahawk
passwd
mkdir -p Downloads/dbahawk_forward spoolfiles
exit

Copy the contents of the old spoolfiles directory if possible as it contains the .rrd files.

Install CPAN

Some of the dbahawk perl scripts need modules not installed by default (eg. Switch.pm)

sudo dnf install -y perl-CPAN

or if Fedora already has it installed, try

sudo dnf install -y 'perl(Switch)'
sudo dnf install -y 'perl(DBI)'
sudo dnf install -y 'perl(CGI)'
sudo dnf install -y 'perl(DBD::SQLite)'

Add entries to crontab

crontab -e

*/5 *  * * * /var/www/cgi-bin/dbahawk_collector.ksh1            >/tmp/dbahawk_collector.log            2>&1
5   *  * * * /var/www/cgi-bin/dbahawk_archive.pl                >/tmp/dbahawk_archive.log              2>&1
35  *  * * * /var/www/cgi-bin/dbahawk_dbsize_grapher.ksh        >/tmp/dbahawk_dbsize_grapher.log       2>&1
36  *  * * * /var/www/cgi-bin/dbahawk_fssize_grapher.ksh        >/tmp/dbahawk_fssize_grapher.log       2>&1
37  *  * * * /var/www/cgi-bin/dbahawk_rmansize_grapher.ksh      >/tmp/dbahawk_rmansize_grapher.log     2>&1
38  *  * * * /var/www/cgi-bin/dbahawk_rmanduration_grapher.ksh  >/tmp/dbahawk_rmanduration_grapher.log 2>&1