calin radoni's humble web presence
docstoolboxabout
calin radoni's humble web presence |
homedocstoolboxabout
|
Adamantix - Quick Start
To see what Adamantix is all about, visit the Adamantix's web site.
Installation : not and easy and definitelly not as hard as it may seems. I am walking over two hills here: disk partitioning and basic post configuration.
I will not mention the full installation procedure. If you have installed Linux before then you should NOT have problems.
I am commenting just about the partitioning. Be avare that if you will make a /boot
partition you have loosed your time. Adamantix will not be able with a separate boot partition with it's default
boot configuration. Of course the boot configuration could be changed after installation but you need some sort
of bootable Linux Rescue CD.
Just for the sake of keep mentioning the good practice make yourself, at least the three partitions:
/, /var, swap. Here is an example presented similar to fdisk's output:
Device Boot Start End Blocks Id System /dev/hda1 * 1 672 5397504 83 Linux /dev/hda2 64 1344 5397504+ 83 Linux /dev/hda3 1345 1376 257008+ 82 Linux swapIn this example,
/dev/hda1 will be mounted as the / partition,
/dev/hda2 as /var and /dev/hda3
as swap.
The installation is pretty simple so I will not waste more page space with it, just a warning:
Warning
Do it wrong and (surprise) ALL YOUR DATA WILL BE LOST !
If you do not want to change the default firewall rules skip this section. I have an obsession in configuring MY firewall rules, that is why I always change the default ones. Completelly. Here is a small model:
#!/bin/sh
# chkconfig: 2345 08 92
#
# description: example iptables configuration
# author: Calin Radoni
# definition
IPTABLES='/sbin/iptables'
ANY='0/0'
LOCALHOST='127.0.0.1'
MANAGementPC='192.168.1.1'
# INPUT chain - packets destined to this machine
# OUTPUT chain - packets originated from this machine
# FORWARD chain - packets that must pass thru this machine
paranoia() {
# disable packet forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
# flush predefined chains
$IPTABLES -F
# flush nat tables
$IPTABLES -t nat -F
# destroy any user defined chains
$IPTABLES -X
$IPTABLES -t nat -X
}
policy_drop() {
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
}
policy_accept() {
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
}
block_all() {
$IPTABLES -I INPUT 1 -p all -s $ANY -d $ANY -j DROP
$IPTABLES -I OUTPUT 1 -p all -s $ANY -d $ANY -j DROP
$IPTABLES -I FORWARD 1 -p all -s $ANY -d $ANY -j DROP
}
unblock_all() {
$IPTABLES -D INPUT 1
$IPTABLES -D OUTPUT 1
$IPTABLES -D FORWARD 1
}
allow_local() {
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
}
start() {
paranoia
policy_drop
block_all
allow_local
$IPTABLES -A INPUT --source $MANAGementPC -j ACCEPT
$IPTABLES -A INPUT -p TCP \
-m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p UDP \
-m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A OUTPUT -j ACCEPT
unblock_all
}
stop() {
paranoia
policy_drop
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
start
;;
status)
$IPTABLES --list
;;
panic)
;;
*)
echo $"Usage: $0 {start|stop|restart|status|panic}"
exit1
esac
Put the above in a file, let's say /etc/init.d/iptables and set permissions:
# chmod 700 /etc/init.d/iptablesthen add the startup and shutdown links:
# mv /etc/rcS.d/S40shorewall /etc/rcS.d/_S40shorewall # mv /etc/rc0.d/K89shorewall /etc/rc0.d/_K89shorewall # mv /etc/rc6.d/K89shorewall /etc/rc6.d/_K89shorewall # cd /etc/rcS.d # ln -s ../init.d/iptables S40iptables # cd /etc/rc0.d # ln -s ../init.d/iptables K89iptables # cd /etc/rc6.d # ln -s ../init.d/iptables K89iptablesAnd put these rules in practice:
# /etc/init.d/iptables startNo is a good moment to connect the network cable.
Because I have encountered upgrading and installation problems, I have updated debsigs
package (debsigs are signatures on individual Debian Archive files) by downloading the newer ones:
# wget http://mirrors.teamix.net/adamantix/dists/stable-security/main/binary-i386/main/debsigs-adamantix_1.0.1-4_i386.deband install them:
# dpkg -i --force-all debsigs-adamantix_1.0.1-4_i386.deb
If this is the first time that you touch a distribution with roots in debian you probably will not believe me, but is as simple as:
# apt-get update # apt-get dist-upgradeand, when the previous commands will finish their jobs, you will have the newest packages installed.
Do you want to access your host through SSH ? First you must remove or rename the file
/etc/ssh/sshd_not_to_be_run:
# mv /etc/ssh/sshd_not_to_be_run /etc/ssh/_sshd_not_to_be_runand start
sshd by using of this methods:
To install nagios do the following:
# apt-get install nagiosthen you must change the permisions for the file /etc/nagios/hosts.cfg:
# cd /etc/nagios # ls -ls hosts.cfg 8 -rw------- 1 nagios www-data 6642 May 26 12:23 hosts.cfg # chmod 644 hosts.cfg # ls -ls hosts.cfg 8 -rw-r--r-- 1 nagios www-data 6642 May 26 12:23 hosts.cfg
To start it, execute this command:
# /usr/sbin/nagios /etc/nagios/nagios.cfg
This document is copyrighted (c) 2005 by Calin Radoni. Permission is granted to copy and/or distribute this document.
No liability for the contents of this document can be accepted. Use the concepts, examples and information at your own risk. There may be errors and inaccuracies that could be damaging to your system. Proceed with caution, the author do not take any responsibility.
All copyrights are held by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.
Hosted on http://www.oocities.org/calinradoni Last page modification is 07 July 2005