Initial Setup of a Linux CentOS5 / RHEL5 System
From CVL Wiki
Running Linux straight out of the box is a bit of a raw experience. I make a number of tweaks after the initial install. I'm going to document those tweaks here.
Never login as root!
During the install, there will be a place to create an account. Create an account there. Login with the account you created during the install.
Get sudo working for your account.
Once you are logged in, start a "Terminal". Type su, type the root password. This will be the first and last time you type "su". Now, edit /etc/sudoers. Find the line
## Allow root to run any commands anywhere root ALL=(ALL) ALL
and add you account:
## Allow root to run any commands anywhere root ALL=(ALL) ALL jkh ALL=(ALL) NOPASSWD: ALL
I add the "NOPASSWD:" option, this allows you to run sudo with out typing your password. Many people would argue that this is a security problem. Just make sure that your password is strong.
## Allow root to run any commands anywhere root ALL=(ALL) ALL jkh ALL=(ALL) NOPASSWD: ALL
Since the /etc/sudoers is not "write-able" by anyone, to save the file you must use ":w!" followed by ":q". Now exit "su" with "Ctrl-D".
Setup ntp
To be done...
Get things up-to-date
Apply all updates since the CD/DVD was burned.
sudo yum -y update
Add yum repositories
There are three yum repositories I add: epel (Extra Packages for Enterprise Linux), Dag Wieers' excellent rpmforge, and for Adobe's flash and pdf. Its a bit tricky to do this properly, the yum repos will step on each-others' feet. Largely I follow this.
Update, 23 March 2009: Setting the priority order as suggested in the previous link does not work quite right. Also, I'm not going to install the Adobe repository until they get version 10 working. As of this update (23 March), I'm following this
file | section | priority |
---|---|---|
CentOS-Base.repo | [base], [addons], [updates], [extras] | priority=1 |
CentOS-Base.repo | [centosplus] | priority=2 |
adobe.repo | Not Installed! | priority=3 |
rpmforge.repo | [rpmforge] | priority=4 |
epel.repo | [epel] | priority=5 |
- First install yum-priorities as suggested.
sudo yum install yum-priorities
- Edit /etc/yum/pluginconf.d/priorities.conf and verify that it is on.
- Edit /etc/yum.repos.d/CentOS-Base.repo, add priority=1 for each section.
- Install epel. See this. Note that their instructions are not the best...
sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/$(uname -i)/epel-release-5-2.noarch.rpm
The 5-2 release number may not be correct as the releases march along with time.- Edit /etc/yum.repos.d/epel.repo, add priority=4 to each section
- Install rpmforge. See this.
sudo rpm -Uhv http://apt.sw.be/redhat/el5/en/$(uname -i)/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.$(uname -i).rpm
- Edit /etc/yum.repos.d/rpmforge.repo, add priority=3 to each section.
- Install Adobe's repo. See this, pick "YUM for Linux".
Update 23 March 2009: don't install repo, just install the two packages. As of this writing the 64 versions of Adobe's stuff was in beta. Later we might incorporate this.- Something like
sudo rpm -Uvh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
Note: this is a 32 bit version only (i386). Eventually we will get 64 bit everything for the browser, but for now we are going to do a 32 browser on a 64 bit system. See below (How to make everything work in firefox). - Edit /etc/yum.repos.d/adobe-linux-i386.repo, add priority=5 to the one section.
- Something like
- And one last update all to be sure.
sudo yum -y update
Add bash-completion
Bash-completion make the "tab-completion" intelligent. Before installing bash-completion, the tab key will only complete file names, after it will complete intelligently lots of commands.sudo yum -y install bash-completionAfter install, try it out. Type:
yum <TAB><TAB>You will see a list of sub-commands for yum, not file names! Use the tab key everywhere, you will be supprised what it will complete!
Add system commands to the path (/sbin, /usr/sbin, etc.) for everyone
By default the directories which have commands the are mostly used only by sys-admin types are not in the path. But, just so you don't have type type /sbin/ifconfig to see what your network is, I add /sbin to everyone's path.
Edit /etc/profile and look for this
# Path manipulation if [ "$EUID" = "0" ]; then pathmunge /sbin pathmunge /usr/sbin pathmunge /usr/local/sbin fi
Make it look like this (comment out the surrounding 'if' statement):
# Path manipulation # if [ "$EUID" = "0" ]; then pathmunge /sbin pathmunge /usr/sbin pathmunge /usr/local/sbin # fi
Make the beeping stop!
Every time vi / bash / etc. sends a beep it annoys me greatly. Stopping the beep is very obscure.
Edit /etc/inputrc and make this
#set bell-style none
look like this (i.e. uncomment the line):
set bell-style none
Making updates automatic
By default, the system will tell you about updates, but not actually do them. To fix this, edit /etc/yum/yum-updatesd.conf and change this
# how to send notifications (valid: dbus, email, syslog) emit_via = dbus # should we listen via dbus to give out update information/check for # new updates dbus_listener = yes # automatically install updates do_update = no # automatically download updates do_download = no # automatically download deps of updates do_download_deps = no
to this:
# how to send notifications (valid: dbus, email, syslog) emit_via = syslog # should we listen via dbus to give out update information/check for # new updates dbus_listener = no # automatically install updates do_update = yes # automatically download updates do_download = yes # automatically download deps of updates do_download_deps = yes
Tweak ssh, make it quiet, and turn on X forwarding
Ssh is great, but I like to not have to type "ssh -X <machine>" every time. Also, answering "yes" every time I connect to a new machine gets old.
Edit /etc/ssh/ssh_config and after the line that is Hosts * (NOT commented out), add the following:
Host * ForwardAgent yes ForwardX11 yes StrictHostKeyChecking no
Also, should you use ssh a lot (like me) and want it to be completely quiet, create an empty file in your home directory called .hushlogin on each machine you ssh to (not just this machine, but the machine where you are going).
touch ~/.hushlogin
Very important: Send root's email to someone who cares!
By default, the root account will receive email from various daemons detailing the general health of the system. This email should not be just ignored. Send it to someone who cares (you?).
Edit ~root/.forward, put your email address there.
[jkh@localhost ~]$ sudo su - [root@localhost ~]# echo 'your.email@address.here' > .forward
Sound and Video
Get gstream stuff to work (rhythmbox), video (mplayer) and xmms installed and working.
sudo yum -y install $(yum list | grep '^gstr' | grep -v 'devel' | awk '{print $1}' | sed -e 's/.[^.]*$//')
Get XMMS working:
Update 25 March 2009 -- issues with flac, skip xmms-flac -- jkh.
sudo yum -y install $(yum list | grep '^gstr' | grep -v 'devel' | grep -vi flac | awk '{print $1}' | sed -e 's/.[^.]*$//')
Install mplayer and codes:
sudo yum -y install $(yum list | grep '^gstr' | grep -v 'devel' | grep -vi flac | awk '{print $1}' | sed -e 's/.[^.]*$//')
Making firefox work
What we would like is to have a web browser that has flash, pdf, and Java working. If you are running a 64 bit install, the easiest way of doing this is to remove the 64
- Only on 64 bit installs, remove 64 bit version of firefox.
sudo yum -y remove firefox.x86_64
- Install 32 bit version of firefox
(Probably unnecessary on 32 bit machine but won't hurt.)sudo yum -y install firefox.i386
- Install flash
What we would like to do is this (Don't do this):sudo yum -y install flash-plugin
But that installs version 10 of the flash player. As of this writing (March 19, 2009) that version does not work. I recommend this:sudo rpm -Uvh http://computing.ece.vt.edu/Java/flash-plugin-9.0.48.0-1.el5.rf.i386.rpm
And now you need to exclude flash-plugin from yum's updates. So, edit /etc/yum.conf and add this line:exclude=flash-plugin
- Install Adobe PDF Reader
Don't do thissudo yum -y install AdobeReader_enu
Do this:sudo rpm -Uvh http://computing.ece.vt.edu/Java/AdbeRdr9.1.0-1_i486linux_enu.rpm
- Install Java
I don't follow most of the directions you might find on the net. This is much simpler. Eventually we will not have to do this, Sun has finally freed Java.sudo rpm -Uvh http://computing.ece.vt.edu/Java/jdk-6u4-linux-i586.rpm
And now, make it work:sudo rpm -Uvh http://computing.ece.vt.edu/Java/java-1.6.0-sun-compat-1.6.0.04-1jpp.i586.rpm
Now test them:
Gnome Applettes
Not done yet.
S.M.A.R.T. Configuration
For all of the disk drives we should properly setup smart monitoring.
Not done yet.
Intelligent firewall: Fail2Bain
To stop the brute force attacks on ssh, we need something. Fail2Bain is the best I've found so far.
Documentation not done yet.
Getting NVidia drivers
Not done yet.
Things a user should do
- Install firefox's plugin adblock plus
- touch .hushlogin