2. Standard Red Hat Enterprise Linux (RHEL) Desktop4/AS4 Install

RHEL is not free. Red Hat does offer substantial discounts on their Desktop and AS versions, however there is only support to download updates. There is no email or phone support with these academic offerings. The current pricing is $25 for Desktop and $50 for Advanced Server (AS). You can purchase these academic versions here:

http://www.redhat.com/rhel/details/academic/individual/

If you are looking for a free version of Linux, you should try SuSE linux. It is becoming very popular at Yale:

http://wss.yale.edu/doco/SUSE/.

You should always try to do an install and not an upgrade. The install assures that all the latest software gets installed. An install also gives you a "fresh start" with a clean disk. Make sure the disk is reformatted when you do the install. If you are doing an install over an existing machine, make sure you have a current backup. You may even wish to copy critical files to another machine (/etc directory tree for example).

The general guidelines are to install "everything" then only start the minimum number of services that are absolutely necessary. There are some differences to the client machines: video board, monitor and network cards are the main differences. So make sure you know what hardware is installed in the system before you start the install.

Now create a bootable installation CD. Grab the following ISO image and use it to burn a CD. For Desktop4: ftp://ftp.wss.yale.edu/pub/linux/redhat/desktop4/images/boot.iso. For AS4: ftp://ftp.wss.yale.edu/pub/linux/redhat/as4/images/boot.iso.

Make sure you have the host name and IP number handy before you start the install. If you are installing over an existing system, make sure you have copies of the password file and the SSH keys. Make sure you pay attention to the amount of Video RAM so you can configure the Xserver properly.

I usually make the slash partition about 12 gigabytes, the swap file is double the amount of RAM and the whatever disk space is left you can name whatever you like (local, scratch, data, home).

When performing the Desktop/AS install use the TAB key to move between selections, the arrow keys to highlight a choice and the ENTER (sometimes the space bar) to make your selection.

OK let's start the install. Turn the machine on. Pay attention to the memory count. You'll want to create a swap file that is double the memory size. Before the machine comes up, enter into the BIOS (usually the DEL key), and change the boot sequence to floppy, cdrom then disk. Save the configuration and place the RHEL Desktop/AS boot CD in the drive. Allow the machine to come up. At the boot: prompt type text. Here is a run through of the prompts and answers to the questions during the install:

    English (language)
  OK
    US (keyboard)
  OK
    FTP
  OK
    turn off Use bootp/dhcp
    IP is 130.132.X.N
    Netmask is 255.255.255.0
    Default Gateway is 130.132.X.1
    Primary NameServer is 130.132.1.10
  OK
    ftp.wss.yale.edu  (FTP site name)
    pub/linux/redhat/desktop4   (Directory)
  OK
  OK  (Welcome)
  OK
  Disk Druid
    Pre-existing partition tables can be used again, just Edit and add mounts
    Otherwise ...
       Delete (all existing partitions)
       New / (should be about 12 gigabytes)
       New Linux Swap OK (should be twice the size of the memory)
       New /data (or /home, should be what's ever let over)
    OK (done with partitioning)
    Format / (and any other partitions you created, except swap)
  OK
    Use GRUB Boot Loader
  OK
  OK (leave boot parameters blank)
    Don't use a GRUB password (unless you need the extra security)
  OK
    /dev/hda1  
  OK
    /dev/hda  (Master Boot Record)
  OK
    Activate on boot
    (IP and Netmask should be OK, but in case they're not)
    IP is 130.132.X.N
    Netmask is 255.255.255.0
  OK
    (Gateway and Primary NameServer should be OK, but in case they're not)
    Default Gateway is 130.132.X.1
    Primary NameServer is 130.132.1.10
    Secondary NameServer is 130.132.1.9
    Ternary NameServer is 130.132.1.11
  OK
    Manually (should already have correct hostname)
  OK
    Enable Firewall
      Click on Custom
        Check off Remote Login (SSH)
  SELinux
    Check off Active
  OK
    English
  OK
    America/New York time zone
  OK
    root password
  OK
    Customize Software Selection
  OK
    Install everything (6,118mb)
  OK
  reboot

Before the machine comes back up, go into the BIOS and change the boot sequence back to floppy, disk then CDROM. Make sure you remove the CD from the drive.

The first thing that comes up is the RedHat Setup Agent. Here's how to respond to the qustions:

  Next  (Welcome)
    I agree                  
  Next   
    Set time and date
    Enable Network Time Protocol
      Server: clock.yale.edu
      Click Add
  Next
    Configure Display
      1024x768
      Millions of Colors
  Next
  Red Hat Login (perform this)
    Use Network Login (click on Authentication Tab)
      Use shadow
      Use MD5 passwords
      Enable Kerberos (click on Configure Kerberos)
        Realm: NET.YALE.EDU
        KDC: kserv2.net.yale.edu
        Admin Server: kserv1.net.yale.edu
      OK
    OK
   Next
   Next (sound)
   Next (no additional CDs)
   Next (finish)

If you like to use the KDE window manager, then at the Login screen click on the Session in the bottom right, then click on KDE.

2.1 Run post-install script

Before running the post-install script, you should decide if you want to get your updates directly from Red Hat or if you wish to use the WSS apt repository. If you wish to use the WSS apt repository, you need to send confirmation of your RHEL license to wss@yale.edu, along with the hostname of the computer. The post-install script has commented out lines that will configure smartpm for you to use the WSS RHEL apt repository. You simply need to uncomment the smartpm lines before you execute the post-install script. You will not have access to the WSS RHEL apt repository until your machine has been granted access.

You should now run the post-install script. If you wish to do all of the custom configurations, upgrades and installs by hand, please skip to the next section. You may also wish to follow along with what the post-install script is doing. Just read the next section to follow along with the process. If you want to create a log file of the post-install script, just use the "script" command. See it's usage below.

Here's how to run the post-install script for RHEL Desktop4/AS4:

  mkdir /temp
  cd /temp
  script post-install.log (create a log file called post-install.log) 
  lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/scripts/post-install-as4
  chmod +x ./post-install-as4
  ./post-install-as4
  ^D   (control-D closes the post-install.log file)

  Note: there are other versions available for download as well.

   Enter your Class C subnet
   Y (yes, run the iptables script)

Getting the latest RPM updates

If you are getting the updates from Red Hat you will need to get them now. If you are getting the updates using the WSS RHEL apt repository, and uncommented the lines in the post-install script, you already have the latest updates.

You should now get the latest RPMs, including kernel updates, and install them. If you look at the lower right hand corner of the screen, you'll see a flashing red explanation mark "!". This means there are critical updates that you must install in order to secure the machine. You will first have to configure the Critical Updates applet, then use it to get the current updates.

2.2 Post Installation Items

If you already ran the post-install script from the previous section, all the following steps in this section have been completed. When you run the post-install script, you may wish to follow along in this section so you know what's going on.

Enable software firewall using IPtables

  cd /temp
  /usr/bin/lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/scripts/iptables-std.sh
  chmod +x ./iptables-std.sh
  ./iptables-std.sh

Stop all the services that are running. You'll need to do the following:

   /etc/rc.d/init.d/SERVICE  stop
         where SERVICE is: autofs, gpm, xinetd, canna, portmap, nfslock, cups,
                           isdn, netfs, pcmcia, cups-config-daemon

Install a sample sudoers file:

  cd /etc
  cp sudoers sudoers.orig
  lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/sudoers 
  chmod 440 /etc/sudoers

Install Adobe Acrobat Reader:

  lftp ftp.wss.yale.edu
    cd pub/linux/other/acroread/
    mget AdobeReader*.rpm
    quit
  rpm -hiv AdobeReader*.rpm

If you wish to use the WSS apt repository to install your updates, you need to send confirmation of your RHEL license to wss@yale.edu, along with the hostname of the computer. Once you have confirmation that your hostname has been granted access to the repository, you can use it. You will not have access to the WSS RHEL apt repository until your machine has been granted access. Here is what you need to do to use the WSS RHEL apt repository:

  cd /temp
  lftpget  ftp://ftp.wss.yale.edu/pub/linux/other/smart/smart-0.40.tar
  tar xvf smart-0.40.tar
  cd smart-0.40
  make
  make install
  cd /temp
  lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/smart.RHEL-desktop4
  smart channel --add ./smart.RHEL-desktop4 --yes
  smart update
  smart upgrade

NOTE: AS installs should use this configuration file instead:
  lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/smart.as4
  smart channel --add ./smart.as4 --yes

If you saved old SSH keys, you should copy those back into /etc/ssh now and restart the SSH server.

Make sure all unnecessary chkconfig flags are turned off

  cd /temp
  /usr/bin/lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/chkconfig.options.as4
  chmod +x ./chkconfig.options.as4
  ./chkconfig.options.as4

Remove Process Accounting

  rpm -e psacct

Install LDAP config

  cd /etc/openldap
  /bin/cp ldap.conf ldap.conf.orig
  /usr/bin/lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/ldap.conf

Fix entry in /etc/hosts

 vi /etc/hosts
  remove "localhost.localdomain" 

Make sure the log files get compressed

  vi /etc/logrotate.conf
    remove the "#" on the "#compress" line

Add Message of the Day (motd).

  cd /etc
  /usr/bin/lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/motd

Enable TCP wrappers:

  cd /etc
  /bin/cp hosts.allow hosts.allow.orig
  /bin/cp hosts.deny hosts.deny.orig
  /usr/bin/lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/hosts.allow
  /usr/bin/lftpget  ftp://ftp.wss.yale.edu/pub/linux/yale/configs/hosts.deny

Turn off logwatch:

  cd /etc/log.d/scripts
  chmod -x logwatch.pl

Getting the latest RPM updates

If you are getting the updates from Red Hat you will need to get them now. If you are getting the updates using the WSS RHEL apt repository, and uncommented the lines in the post-install script or ran the commands by hand, you already have the latest updates.

You should now get the latest RPMs, including kernel updates, and install them. If you look at the lower right hand corner of the screen, you'll see a flashing red explanation mark "!". This means there are critical updates that you must install in order to secure the machine. You will first have to configure the Critical Updates applet, then use it to get the current updates.

Now reboot the machine.