APT Linux Machine Setup

1. Make changes in the BIOS configuration:
• Turn off Plug & Play OS
• Turn on LBA (if necessary) for all discs
2. Check that all cards are recognised in the BIOS P&P probing (you may need to play around with the boot order in order to see this screen)
3. Install RedHat:
• Get the latest isos that are either lying around the office or go to www.mirror.ac.uk
• Answer networking questions, have strict firewall
• Install everything (under Custom) if possible
• Network configuration will be something like:
• IP Address: 130.88.xx.xx
• Gateway: 130.88.192.250 (gw.cs.man.ac.uk)
• Netmask: 255.255.0.0
• Nameserver: 130.88.192.9
4. Boot in single user mode (add the option single to the kernel boot parameters in lilo or grub - or boot the machine and run "init s")
5. Modify /etc files:
• resolv.conf:
• search cs.man.ac.uk
• nameserver 130.88.192.9
• nameserver 130.88.193.9
• auto.master (copy the file auto.jeeves into /etc):
• /home yp:auto.home --timeout 600
• /opt yp:auto.opt --timeout 600
• /appl yp:auto.appl --timeout 600
• /mnt/jeeves /etc/auto.jeeves --timeout 600
• yp.conf:
• domain cs.man.ac.uk server kiss
• domain cs.man.ac.uk server mailhost
• domain cs.man.ac.uk server sonofemu
• domain cs.man.ac.uk server sonoflea
• Modify sysconfig/harddisks to enable DMA (default in modern installs)
• nsswitch.conf:
• Remove nis/nisplus entries on automountline
6. Modify cron jobs:
• Remove all *inn* and *locate* files from the /etc/cron.* directories
• Modify crontab so that cron.daily runs at 7am (after dept. database does an update)
• 01 7 * * * root run-parts /etc/cron.daily
7. Setup postfix (local mail delivery program):
1. Copy files transport, main.cf and master.cf into /etc/postfix
2. Create a symbolic link from /mnt/jeeves/etc/linux.clients/aliases.research to /etc/postfix/aliases
3. Run postalias: "/usr/sbin/postalias /etc/postfix/aliases"
4. Run postmap: "/usr/sbin/postmap /etc/postfix/transport"
5. Copy postalias.cron to /etc/cron.daily
8. Remove unneeded rc.x/xinetd services:
• Run "/sbin/chkconfig --list" which should report the following services as being on:
• kudzu, syslog, netfs, network, random, rawdevices, keytable, apmd, atd, gpm, autofs, iptables, sshd, portmap, nfs, nfslock, rhnsd, crond, anacron, ypbind, xfs, xinetd, canna, lpd, postfix
• And the xinetd based services:
• rlogin, rsh
• Anything else should be turned off (NB. to turn something on or off type "/sbin/chkconfig <service> <on|off>")
9. Make some links:
• ln -s /usr /usr/common
• ln -s /bin/bash /usr/bin/bash # to make /usr/common/bin/bash
• ln -s /usr/bin/pdksh /usr/local/bin/ksh
• ln -s /usr/X11R6 /usr/X11 # for convenience
10. Setup printing:
• copy local.adl to /etc/alchemist/namespace/printconf/
• copy lpd.perms to /etc
• You may need to switch to LPRng printing using redhat-switch-printer
11. Firewall (iptables):
• Add this line to allow anything from a 130.88 address:
• -A RH_Lokkit-0-50-INPUT -s 130.88.0.0/16 -j ACCEPT
12. Little things:
• Moding /etc/security/console.perms to allow anyone access to the floppy
• Moding /etc/DIR_COLORS to change directory colour from 34 to 33
  
13. Reboot and test