Difference between revisions of "Trustix Linux Configuration Tips"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
(ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION)
Line 52: Line 52:
 
== ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION ==
 
== ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION ==
  
If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding.  Test to see if it is enabled by typing:
+
[[Trustix Network Configuration]]: If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding.  Test to see if it is enabled by typing:
  
 
   # cat /proc/sys/net/ipv4/ip_forward
 
   # cat /proc/sys/net/ipv4/ip_forward

Revision as of 16:09, 6 July 2011

SSHD CONFIGURATION / REMOTE ACCESS

To Enable sshd remote login for your local area network Ensure you installed sshd Before you can start the sshd service for the first time, you have to generate keys. You only need do this once for the new installation.

Generate sshd keys

  # ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N 
  # ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N 
  # ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N 

root access

By default no root access is avaible on trustix via ssh. There are 3 options to allow root. 1) Direct ssh as root 2) ssh as a user then 'su' to root 3) ssh as user then use 'sudo'.

root 1 - To allow root direct ssh access modify the sshd_config file
  # vi /etc/ssh/sshd_config
  add or modify the line: PermitRootLogin yes
root 2 - To allow users to use 'su'; This requires user use the root password. When not configured, "su: incorrect password" even when the correct one is used. To enable
root 3 - To allow a user to sudo

start the sshd service

  # service sshd start

set sshd to start when system boots

  # mv /etc/rc3.d/K45sshd /etc/rc3.d/S45sshd

CHECK AND APPLY PATCHES AND UPDATES

It is security wise to make sure your installation of the distribution is up to date. Use the swup command to update Trustix.

  (see swup.txt for details)
  # swup --upgrade

DOWNLOAD TRUSTIX PACKAGES AND INSTALL WITH RPM

Use the RPM package manager to install or upgrade packages downloaded manually.

ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION

Trustix Network Configuration: If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing:

  # cat /proc/sys/net/ipv4/ip_forward
  0=ip forwarding off, 1=ip forwarding on

In Trustix you shouldn't add "echo 1 > /proc/sys/net/ipv4/ip_forward" to the rc.local file such as was the practice in old distributions. Instead you should modify the sysctl.conf file.

  # vi /etc/sysctl.conf
  net.ipv4.ip_forward = 1
  (see firewall-router.txt for details)

UPGRADE VIM TO FULL VIM ENHANCED

Trustix comes with shitty vim based on a shitty RPM. In fact, the vim distributions in rpm pretty much all suck. The enhanced one requires X but we can get around this. First obtain gpm-1.20.1-2tr.i586.rpm

  # rpm -ih gpm-1.20.1-2tr.i586.rpm
  # rpm -ih vim-common-6.2.121-1.i386.rpm
  # rpm -ih vim-enhanced-6.2.121-1.i386.rpm
  # ln -s /usr/bin/vim /bin/vi

ABILITY TO TRANSFER FILES

There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm

INSTALLING FROM SOURCES

Compiler must be installed for you to compile from sources. If you get the error "-bash: make: command not found" for example, get and install make-3.80-7tr.i586.rpm

  rpm -ih make-3.80-7tr.i586.rpm