Versions Compared

Old Version 7

changes.mady.by.user Christine Koppelt

Saved on

compared with

New Version Current

changes.mady.by.user Christine Koppelt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Note
titleWork in progress

This site is in the process of being reviewed and updated.

Create a local user account

Log in to the system as the root user, create a local user account, and assign a password to this local account.

Code Block
Wiki Markup
h3. Create a local user account
Log in to the system as the root user, create a local user account, and assign a password to this local account.
{code}
useradd erodriguez -c "Enrique Rodriguez"
passwd erodriguez
{code}

h3. Configure sudo
The sudo

Configure sudo

The sudo ("superuser

...

do")

...

utility

...

allows

...

an

...

unprivileged

...

(i.e.

...

non-root)

...

normal

...

user

...

to

...

execute

...

commands

...

with

...

root

...

privileges.

...

It

...

is

...

good

...

practice

...

to

...

only

...

run

...

commands

...

as

...

the

...

root

...

user

...

when

...

absolutely

...

necessary.

...

By

...

running

...

root

...

commands

...

with

...

the

...

sudo

...

utility,

...

we

...

are

...

less

...

likely

...

to

...

commit

...

errors

...

that

...

could

...

cripple

...

the

...

system

...

than

...

if

...

we

...

had

...

a

...

full

...

root

...

session.

...

In

...

this

...

example,

...

my

...

local

...

user

...

account

...

is

...

erodriguez.

...

Substitute

...

your

...

local

...

user

...

account

...

accordingly.

...

To

...

configure

...

sudo,

...

run

...

/usr/sbin/visudo

...

and

...

add

...

the

...

following

...

at

...

the

...

bottom

...

of

...

the

...

/etc/sudoers

...

file:

{
Code Block
}
erodriguez   ALL = NOPASSWD: ALL
{code}

h3. Finding what RPM provides a tool
You must determine the full path to the tool, on a machine that already has the tool installed.

Finding what RPM provides a tool

You must determine the full path to the tool, on a machine that already has the tool installed.

Code Block

{code}
$ which dig
/usr/bin/dig
{code}

If

...

you

...

have

...

the

...

RPM

...

installed,

...

you

...

can

...

use:

{
Code Block
}
$ rpm -qf /usr/bin/dig
bind-utils-9.3.3-0.1.rc3.fc6
{code}

If

...

the

...

RPM

...

is

...

not

...

installed,

...

you

...

can

...

use

...

your

...

repository

...

tool,

...

such

...

as

...

'yum':

{
Code Block
}
$ yum provides /usr/bin/dig 
...
bind-utils.i386                          30:9.3.2-41.fc6        core            
Matched from:
/usr/bin/dig
{code}

Now

...

you

...

can

...

install

...

the

...

tool.

{
Code Block
}
$ yum install bind-utils
{code}

h3. Install the CentOS RPM signing key
It is not installed as part of the base system install for security reasons. This provides you the opportunity to validate the key before installing it on your system.

RPM has the capacity to retrieve the key from a Centos Mirror:

Install the CentOS RPM signing key

It is not installed as part of the base system install for security reasons. This provides you the opportunity to validate the key before installing it on your system.

RPM has the capacity to retrieve the key from a Centos Mirror:

Code Block
{code}
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4
{code}

YUM:

...

Setup

...

and

...

Usage

...

http://sial.org/howto/yum/

...

http://sial.org/howto/yum/yum-vhost.conf

...

Create

...

a

...

Local

...

Yum

...

Repository

...

http://tqmcube.com/repo.php

...

How

...

to

...

run

...

your

...

own

...

yum

...

repository

...

http://servers.linux.com/article.pl?sid=04/07/22/1718242

...

Allowing

...

daily

...

yum

...

updates

{
Code Block
}
# vi /etc/updatedb.conf
# To enable the updatedb in cron, set DAILY_UPDATE to yes
DAILY_UPDATE=no
{code}

yum

...

install

...

openldap-servers

...


openldap-servers,

...

openldap,

...

openldap-clients

...

yum

...

grouplist

...


yum

...

groupinstall

...

Disabling

...

Linux

...

Services

{
Code Block
}
apmd

avahi-daemon
avahi-dns

bluetooth
hcid
hidd
sdpd

nfs
nfslock
portmap
rpcgssd
rpcidmapd
rpcsvcgssd

sendmail
{code}

h3. Additional Resources
Services in Fedora Core 6

Additional Resources

Services in Fedora Core 6 http://www.mjmwired.net/resources/mjm-services-fc6.html

...

Server

...

Hardening

Dynamically Creating User Home Directories

If user home directories are going to be created locally then PAM will need to dynamically create a user home directory. The following configures PAM to create user home directories if they do not exist during the login process.

1. Open the /etc/pam.d/system-auth

...

file

...

and

...

add

...

the

...

following

...

line

...

above

...

the

...

first

...

session

...

line:

...


session

...

required

...

/lib/security/pam_mkhomedir.so

...

skel=/etc/skel

...

umask=0022

{
Code Block
}
#%PAM-1.0

# This is required for console ownership access
session optional /lib/security/pam_console.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
...
{code}