Difference between revisions of "Trustix Linux Configuration Tips"
m (→DOWNLOAD TRUSTIX PACKAGES AND INSTALL WITH RPM) |
|||
(4 intermediate revisions by one user not shown) | |||
Line 45: | Line 45: | ||
:* ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.1/i586/trustix/rpms | :* ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.1/i586/trustix/rpms | ||
:* ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.2/i586/trustix/rpms | :* ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.2/i586/trustix/rpms | ||
− | :* ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0/i586/trustix/rpms | + | :* ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0/i586/trustix/rpms |
− | :* ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0.5/i586/ | + | :* ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0.5/i586/trustix/rpms |
Use the RPM package manager to install or upgrade packages downloaded manually. | Use the RPM package manager to install or upgrade packages downloaded manually. | ||
Line 52: | Line 52: | ||
== ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION == | == ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION == | ||
− | If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing: | + | [[Trustix Network Configuration]]: If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing: |
# cat /proc/sys/net/ipv4/ip_forward | # cat /proc/sys/net/ipv4/ip_forward | ||
Line 61: | Line 61: | ||
# vi /etc/sysctl.conf | # vi /etc/sysctl.conf | ||
net.ipv4.ip_forward = 1 | net.ipv4.ip_forward = 1 | ||
− | (see firewall-router.txt for details) | + | (see <del>firewall-router.txt</del> [[Netfilter Firewall and Router]] for details) |
== UPGRADE VIM TO FULL VIM ENHANCED == | == UPGRADE VIM TO FULL VIM ENHANCED == | ||
Line 75: | Line 75: | ||
There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm | There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm | ||
+ | |||
+ | See also: [[Linux and UNIX Secure Copy]] | ||
+ | |||
+ | == INSTALLING FROM SOURCES == | ||
+ | |||
+ | Compiler must be installed for you to compile from sources. If you get the error "-bash: make: command not found" for example, get and install make-3.80-7tr.i586.rpm | ||
+ | |||
+ | rpm -ih make-3.80-7tr.i586.rpm | ||
| |
Latest revision as of 16:30, 25 January 2016
Contents
SSHD CONFIGURATION / REMOTE ACCESS
To Enable sshd remote login for your local area network Ensure you installed sshd Before you can start the sshd service for the first time, you have to generate keys. You only need do this once for the new installation.
Generate sshd keys
# ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N # ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N # ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N
root access
By default no root access is avaible on trustix via ssh. There are 3 options to allow root. 1) Direct ssh as root 2) ssh as a user then 'su' to root 3) ssh as user then use 'sudo'.
- root 1 - To allow root direct ssh access modify the sshd_config file
# vi /etc/ssh/sshd_config add or modify the line: PermitRootLogin yes
- root 2 - To allow users to use 'su'; This requires user use the root password. When not configured, "su: incorrect password" even when the correct one is used. To enable
- root 3 - To allow a user to sudo
start the sshd service
# service sshd start
set sshd to start when system boots
# mv /etc/rc3.d/K45sshd /etc/rc3.d/S45sshd
CHECK AND APPLY PATCHES AND UPDATES
It is security wise to make sure your installation of the distribution is up to date. Use the swup command to update Trustix.
(see swup.txt for details)
# swup --upgrade
DOWNLOAD TRUSTIX PACKAGES AND INSTALL WITH RPM
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-1.2/i586/Trustix/RPMS
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-1.5/i586/Trustix/RPMS
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.0/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.1/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.2/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0.5/i586/trustix/rpms
Use the RPM package manager to install or upgrade packages downloaded manually.
ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION
Trustix Network Configuration: If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing:
# cat /proc/sys/net/ipv4/ip_forward 0=ip forwarding off, 1=ip forwarding on
In Trustix you shouldn't add "echo 1 > /proc/sys/net/ipv4/ip_forward" to the rc.local file such as was the practice in old distributions. Instead you should modify the sysctl.conf file.
# vi /etc/sysctl.conf net.ipv4.ip_forward = 1 (seefirewall-router.txtNetfilter Firewall and Router for details)
UPGRADE VIM TO FULL VIM ENHANCED
Trustix comes with shitty vim based on a shitty RPM. In fact, the vim distributions in rpm pretty much all suck. The enhanced one requires X but we can get around this. First obtain gpm-1.20.1-2tr.i586.rpm
# rpm -ih gpm-1.20.1-2tr.i586.rpm # rpm -ih vim-common-6.2.121-1.i386.rpm # rpm -ih vim-enhanced-6.2.121-1.i386.rpm # ln -s /usr/bin/vim /bin/vi
ABILITY TO TRANSFER FILES
There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm
See also: Linux and UNIX Secure Copy
INSTALLING FROM SOURCES
Compiler must be installed for you to compile from sources. If you get the error "-bash: make: command not found" for example, get and install make-3.80-7tr.i586.rpm
rpm -ih make-3.80-7tr.i586.rpm