Next Previous Contents
2. Standard SuSE Linux 10.1 Professional Install
You should always try to do an install and not an upgrade. The install assures that all the latest software gets installed. An install also gives you a "fresh start" with a clean disk. Make sure the disk is reformatted when you do the install. If you are doing an install over an existing machine, make sure you have a current backup. You may even wish to copy critical files to another machine (/etc directory tree for example).
The general guidelines are to install "everything" then only start the minimum number of services that are absolutely necessary. There are some differences to the client machines: amount of memory, keyboard and mouse are the main differences. So make sure you know what hardware is installed in the system before you start the install.
Now create a bootable installation CD. Please note, there is a 32 bit and a 64 bit ISO image, so make sure you grab the correct one for your hardware. Grab the following ISO image and use it to burn a CD. For 32 bit SuSE 10.1: ftp://ftp.wss.yale.edu/pub/linux/suse/i386/10.1/iso/SUSE-Linux-10.1-GM-i386-mini.iso.
For 64 bit SuSE 10.1: ftp://ftp.wss.yale.edu/pub/linux/suse/x86_64/10.1/iso/SUSE-Linux-10.1-GM-i386-mini.iso.
Make sure you have the host name and IP number handy before you start the install. If you are installing over an existing system, make sure you have copies of the password file and the SSH keys.
OK let's start the install. Turn the machine on. Pay attention to the memory count. You'll want to create a swap file that is double the memory size. Before the machine comes up, enter into the BIOS (usually the F2 key), and change the boot sequence to floppy, cdrom then disk. Save the configuration and place the SuSE boot CD in the drive. Allow the machine to come up. When the first menu appears on the screen, quickly hit the TAB key. Now use the arrow keys and highlight Installation. In the "Boot Options" at the bottom of the menu type in the following options, all on one line separated by white space:
install=ftp://ftp.wss.yale.edu/pub/linux/suse/i386/10.1 nameserver=130.132.1.10 hostip=130.132.xxx.yyy/24 Gateway=130.132.xxx.1 NOTE: The hostip for Yale machines can also be of the form 128.36.xxx.yyy. Also, notice the "/24" at the end of the hostip. This sets the netmask and is required. Also, if you need 64 bit, replace the i386 with x86_64.
You will then be shown several menus with options. Here is how you should fill out the options:
English Language
Click Next
Licensing
Check off Yes, I agree
Click Next
A ramdisk is loaded and then Yast, the SuSE installer, will start. You will
now have more menus with options. Here is how you should fill in the options:
Click OK to activate ALL the drivers that appear on each screen
Make sure you have New Installation checked
Click Next
Timezone
USA, Eastern, localtime
Click Next
Check off KDE
Click Next
Click on Partitioning
Create custom partition setup
Click Next
Custom Partition for experts
Click Next
Delete all existing partitions (unless you are saving /home)
Create these three partitions:
/ 12 gigabytes
swap 1 gigabyte
/home "the rest of the disk"
Click Finish
Click on Software
Check off all the selection boxes on the left hand side
Click Accept
Click Accept for all the licensing
Click Accept
Click Yes, install
It will now take several minutes to format the disk and install all the packages. The machine will then reboot and more menus will come up on the screen with options. So here's how to answer the options:
Fill in the hostname, domain and uncheck DHCP
Click Next
Root password (enter twice)
Click on Expert Options
Click on MD5
Click OK
Click Next
Click Continue for all the devices that appear on each screen
Under Firewall
Click on SSH port is Open
Click Next
Click Yes, test connection to the Internet
Click Next
if the latest updates fails, don't worry
if the latest updates succeeds Click No, skip updates
Click Next
Check off Configure Later
Click Next
Authentication Method
Click Local (/etc/passwd)
Click Next
Add a user (leave blank)
Click Next
Empty User Click Yes
Release Notes
Click Next
Click Continue for all devices that appear on each screen
Click Next
Click Finish
Remove the CD from the drive. Login as root. Open a shell and type yast. A menu will appear. Use the TAB and arrows to move around the menu. Move down to Network Services in the left hand column. Now move down to DNS and hostname in the right hand column and hit enter. Fill in your hostname (short name only) and the domain. The nameservers should be 130.132.1.10, 130.132.1.9 and 130.132.1.11. Hit TAB a few times to highlight Finish and hit enter. Now move down to Kerberos Client and hit enter. You want "Use Kerberos", the default domain is NET.YALE.EDU, the default Realm is NET.YALE.EDU and the KDC Server Address is kserv2.net.yale.edu. Now click on "Advanced Settings...". Check off Kerberos Support for OpenSSH Client, click on NTP Configuration, Check off to start NTP During Boot, the address is clock.yale.edu. Click on Finish, click Accept and the Click Finish. Now get out of yast by going to quit.
2.1 Run post-install script
You should now run the post-install script. If you wish to do all of the custom configurations, upgrades and installs by hand, please skip to the next section. You may also wish to follow along with what the post-install script is doing. Just read the next section to follow along with the process. If you want to create a log file of the post-install script, just use the "script" command. See it's usage below.
Here's how to run the post-install script for SuSE 10.1:
mkdir /temp cd /temp lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/scripts/post-install-suse10.1 chmod +x ./post-install-suse10.1 script post-install.log (create a log file called post-install.log) ./post-install-suse10.1 ^D (control-D closes the post-install.log file) Note: there are other versions available for download as well.During the post-install-suse10.1 script you will have to answer a question:
Y (yes, I read the Aide information)
Configure Aide
IMPORTANT:
1) change SYSADMIN variable in /etc/cron.hourly/aidecheck to a real person
2) Set the BBHOME variable in /etc/cron.hourly/aidecheck if you are using Big Brother
3) Run the below command when you are done with everything else
/usr/local/bin/update-aide
Aide will run once an hour, every hour.
2.2 Post Installation Items
If you already ran the post-install script from the previous section, all the following steps in this section have been completed. When you run the post-install script, you may wish to follow along in this section so you know what's going on.
Stop all the services that are running that you don't need. You'll need to do the following:
/etc/init.d/SERVICE stop
where SERVICE is: smbfs, cups, cupsrenice, portmap
Set up LDAP:
cd /etc/openldap /bin/cp ldap.conf ldap.conf.orig /usr/bin/lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/ldap.conf
Make sure the at daemon is running:
/sbin/chkconfig atd on /etc/init.d/atd start
Install SmartPM, and install the latest RPM updates. Note, you will need to install either the 32 or 64 bit application depending on your hardware.
mkdir /temp cd /temp lftp -c "mget ftp://ftp.wss.yale.edu/pub/linux/yale/rpms/smart/32-bit/Suse10.1/*" rpm -hiv smart*.rpm smart update smart upgrade --yes
Install some other useful tools: Gnu Fortran, Linux books, xcdroast for burning CDs, and Mozilla Thunderbird email client.
cd /temp smart install gcc-fortran --yes smart install books --yes smart install xcdroast --yes smart install MozillaThunderbird --yes
Install a sample sudoers file:
cd /etc cp sudoers sudoers.orig lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/sudoers chmod 640 /etc/sudoers
If you saved old SSH keys, you should copy those back into /etc/ssh now and restart the SSH server.
Make sure all unnecessary chkconfig flags are turned off
cd /temp /sbin/chkconfig --del smbfs /sbin/chkconfig --del cupsrenice /sbin/chkconfig --del cups /sbin/chkconfig --del nfs /sbin/chkconfig --del nfsboot /sbin/chkconfig --del portmap /sbin/chkconfig --add atd
Make sure the log files get compressed
vi /etc/logrotate.conf
remove the "#" on the "#compress" line
Add Message of the Day (motd).
cd /etc /usr/bin/lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/motd
Remove shown users from kdmrc greeter:
cd /temp /bin/cp /etc/opt/kde3/share/config/kdm/kdmrc /etc/opt/kde3/share/config/kdm/kdmr c.orig cat > sed.in << EOF s/ShowUsers=NotHidden/ShowUsers=Selected/ EOF cat /etc/opt/kde3/share/config/kdm/kdmrc.orig | /bin/sed -f sed.in > /etc/opt/kd e3/share/config/kdm/kdmrc /bin/rm sed.in
Add the ssh Forwarding Agent so that ssh keys will be automatically forwarded.
cd /etc/ssh cp ssh_config ssh_config.orig echo "ForwardAgent yes" >> ssh_config
The default firewall is up and running. This should be fine for most users. If however, you need to start up other services and need a custom firewall, here is what you should do. Again, the next section is only an option.
cd /temp cd /etc/sysconfig /bin/cp SuSEfirewall2 SuSEfirewall2.orig cat > sed.in << EOF s/#FW_CUSTOMRULES/FW_CUSTOMRULES/ s/FW_CUSTOMRULES=""/#FW_CUSTOMRULES=""/ EOF cat ./SuSEfirewall2.orig | /bin/sed -f sed.in > ./SuSEfirewall2 /bin/rm sed.in cd scripts /bin/cp SuSEfirewall2-custom SuSEfirewall2-custom.orig lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/SuSEfirewall2-custom chkconfig --add SuSEfirewall2_setup chkconfig --add SuSEfirewall2_init
Set up Aide:
cd /etc
cp aide.conf aide.conf.orig
lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/aide.conf
chmod 600 aide.conf
cd /etc/cron.hourly
lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/aidecheck
chmod +x aidecheck
cd /usr/local/bin
lftpget ftp://ftp.wss.yale.edu/pub/linux/yale/configs/update-aide
chmod +x update-aide
IMPORTANT:
1) Change SYSADMIN variable in /etc/cron.hourly/aidecheck to a real person
2) Change the BBHOME variable in /etc/cron.hourly/aidecheck is you use Big Brother
3) Run the script below whey you're all done
/usr/local/bin/update-aide
Aide will run once an hour, every hour.
Next Previous Contents