Note | ||
---|---|---|
| ||
This site is in the process of being reviewed and updated. |
Create a local user account
Log in to the system as the root user, create a local user account, and assign a password to this local account.
Code Block |
---|
Wiki Markup |
h3. Create a local user account Log in to the system as the root user, create a local user account, and assign a password to this local account. {code} useradd erodriguez -c "Enrique Rodriguez" passwd erodriguez {code} h3. Configure sudo The sudo |
Configure sudo
The sudo ("superuser
...
do")
...
utility
...
allows
...
an
...
unprivileged
...
(i.e.
...
non-root)
...
normal
...
user
...
to
...
execute
...
commands
...
with
...
root
...
privileges.
...
It
...
is
...
good
...
practice
...
to
...
only
...
run
...
commands
...
as
...
the
...
root
...
user
...
when
...
absolutely
...
necessary.
...
By
...
running
...
root
...
commands
...
with
...
the
...
sudo
...
utility,
...
we
...
are
...
less
...
likely
...
to
...
commit
...
errors
...
that
...
could
...
cripple
...
the
...
system
...
than
...
if
...
we
...
had
...
a
...
full
...
root
...
session.
...
In
...
this
...
example,
...
my
...
local
...
user
...
account
...
is
...
erodriguez.
...
Substitute
...
your
...
local
...
user
...
account
...
accordingly.
...
To
...
configure
...
sudo,
...
run
...
/usr/sbin/visudo
...
and
...
add
...
the
...
following
...
at
...
the
...
bottom
...
of
...
the
...
/etc/sudoers
...
file:
Code Block |
---|
} erodriguez ALL = NOPASSWD: ALL {code} h3. Finding what RPM provides a tool You must determine the full path to the tool, on a machine that already has the tool installed. |
Finding what RPM provides a tool
You must determine the full path to the tool, on a machine that already has the tool installed.
Code Block |
---|
{code} $ which dig /usr/bin/dig {code} |
If
...
you
...
have
...
the
...
RPM
...
installed,
...
you
...
can
...
use:
Code Block |
---|
} $ rpm -qf /usr/bin/dig bind-utils-9.3.3-0.1.rc3.fc6 {code} |
If
...
the
...
RPM
...
is
...
not
...
installed,
...
you
...
can
...
use
...
your
...
repository
...
tool,
...
such
...
as
...
'yum':
Code Block |
---|
} $ yum provides /usr/bin/dig ... bind-utils.i386 30:9.3.2-41.fc6 core Matched from: /usr/bin/dig {code} |
Now
...
you
...
can
...
install
...
the
...
tool.
Code Block |
---|
} $ yum install bind-utils {code} h3. Install the CentOS RPM signing key It is not installed as part of the base system install for security reasons. This provides you the opportunity to validate the key before installing it on your system. RPM has the capacity to retrieve the key from a Centos Mirror: |
Install the CentOS RPM signing key
It is not installed as part of the base system install for security reasons. This provides you the opportunity to validate the key before installing it on your system.
RPM has the capacity to retrieve the key from a Centos Mirror:
Code Block |
---|
{code} rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4 {code} |
YUM:
...
Setup
...
and
...
Usage
...
...
http://sial.org/howto/yum/yum-vhost.conf
...
Create
...
a
...
Local
...
Yum
...
Repository
...
...
How
...
to
...
run
...
your
...
own
...
yum
...
repository
...
http://servers.linux.com/article.pl?sid=04/07/22/1718242
...
Allowing
...
daily
...
yum
...
updates
Code Block |
---|
} # vi /etc/updatedb.conf # To enable the updatedb in cron, set DAILY_UPDATE to yes DAILY_UPDATE=no {code} |
yum
...
install
...
openldap-servers
...
openldap-servers,
...
openldap,
...
openldap-clients
...
yum
...
grouplist
...
yum
...
groupinstall
...
Disabling
...
Linux
...
Services
Code Block |
---|
} apmd avahi-daemon avahi-dns bluetooth hcid hidd sdpd nfs nfslock portmap rpcgssd rpcidmapd rpcsvcgssd sendmail {code} h3. Additional Resources Services in Fedora Core 6 |
Additional Resources
Services in Fedora Core 6 http://www.mjmwired.net/resources/mjm-services-fc6.html
...
Server
...
Hardening
Dynamically Creating User Home Directories
If user home directories are going to be created locally then PAM will need to dynamically create a user home directory. The following configures PAM to create user home directories if they do not exist during the login process.
1. Open the /etc/pam.d/system-auth
...
file
...
and
...
add
...
the
...
following
...
line
...
above
...
the
...
first
...
session
...
line:
...
session
...
required
...
/lib/security/pam_mkhomedir.so
...
skel=/etc/skel
...
umask=0022
Code Block |
---|
} #%PAM-1.0 # This is required for console ownership access session optional /lib/security/pam_console.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 ... {code} |