{note:title=Work in progress}
This site is in the process of being reviewed and updated.
{note}
h3. Create a local user account
Log in to the system as the root user, create a local user account, and assign a password to this local account.
{code}
useradd erodriguez -c "Enrique Rodriguez"
passwd erodriguez
{code}
h3. Configure sudo
The sudo ("superuser do") utility allows an unprivileged (i.e. non-root) normal user to execute commands with root privileges. It is good practice to only run commands as the root user when absolutely necessary. By running root commands with the sudo utility, we are less likely to commit errors that could cripple the system than if we had a full root session.
In this example, my local user account is erodriguez. Substitute your local user account accordingly.
To configure sudo, run /usr/sbin/visudo and add the following at the bottom of the /etc/sudoers file:
{code}
erodriguez ALL = NOPASSWD: ALL
{code}
h3. Finding what RPM provides a tool
You must determine the full path to the tool, on a machine that already has the tool installed.
{code}
$ which dig
/usr/bin/dig
{code}
If you have the RPM installed, you can use:
{code}
$ rpm -qf /usr/bin/dig
bind-utils-9.3.3-0.1.rc3.fc6
{code}
If the RPM is not installed, you can use your repository tool, such as 'yum':
{code}
$ yum provides /usr/bin/dig
...
bind-utils.i386 30:9.3.2-41.fc6 core
Matched from:
/usr/bin/dig
{code}
Now you can install the tool.
{code}
$ yum install bind-utils
{code}
h3. Install the CentOS RPM signing key
It is not installed as part of the base system install for security reasons. This provides you the opportunity to validate the key before installing it on your system.
RPM has the capacity to retrieve the key from a Centos Mirror:
{code}
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4
{code}
YUM: Setup and Usage
http://sial.org/howto/yum/
http://sial.org/howto/yum/yum-vhost.conf
Create a Local Yum Repository
http://tqmcube.com/repo.php
How to run your own yum repository
http://servers.linux.com/article.pl?sid=04/07/22/1718242
h3. Allowing daily yum updates
{code}
# vi /etc/updatedb.conf
# To enable the updatedb in cron, set DAILY_UPDATE to yes
DAILY_UPDATE=no
{code}
yum install openldap-servers
openldap-servers, openldap, openldap-clients
yum grouplist
yum groupinstall
h3. Disabling Linux Services
{code}
apmd
avahi-daemon
avahi-dns
bluetooth
hcid
hidd
sdpd
nfs
nfslock
portmap
rpcgssd
rpcidmapd
rpcsvcgssd
sendmail
{code}
h3. Additional Resources
Services in Fedora Core 6
http://www.mjmwired.net/resources/mjm-services-fc6.html
h3. Server Hardening
- {link:Bastille Hardening System|http://www.bastille-linux.org}
- {link:FOCUS on Linux: Installing Linux|http://online.securityfocus.com/infocus/1417}
h3. Dynamically Creating User Home Directories
If user home directories are going to be created locally then PAM will need to dynamically create a user home directory. The following configures PAM to create user home directories if they do not exist during the login process.
1. Open the /etc/pam.d/system-auth file and add the following line above the first session line:
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
{code}
#%PAM-1.0
# This is required for console ownership access
session optional /lib/security/pam_console.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
...
{code}
|