Difference between revisions of "Configuring laptop after Cent-OS re-installation"
m |
|||
(32 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[New machine configuration]] > [[Configuring laptop after Cent-OS re-installation]] | |||
This page is intended to describe settings to be done, files to be copied, packages to be installed via yum or source after OS has been re-installed on laptop. '''It was last updated during Cent-OS 6.3 installation on 8 January, 2013''' | This page is intended to describe settings to be done, files to be copied, packages to be installed via yum or source after OS has been re-installed on laptop. '''It was last updated during Cent-OS 6.3 installation on 8 January, 2013''' | ||
Line 7: | Line 7: | ||
Install OS with following partitioning: | Install OS with following partitioning: | ||
* | *30 GB for root(/) partition | ||
*swap partition of size 1.5 or 2 times RAM | *swap partition of size 1.5 or 2 times RAM | ||
*Rest for /mnt/das1 partition (where das stands for directly attached storage) | |||
*Rest for /mnt/ | |||
Line 22: | Line 21: | ||
**View executable text files when they are opened | **View executable text files when they are opened | ||
**Preview for files smaller than 500KB | **Preview for files smaller than 500KB | ||
*Set preferred email application to | *Set preferred email application to kmail | ||
*Add lock icon to panel for locking screen | |||
==Configure firefox== | ==Configure firefox== | ||
<strike> | |||
*Edit preferences for file download | *Edit preferences for file download | ||
*Configure proper proxy and no proxy for values | *Configure proper proxy and no proxy for values | ||
Line 37: | Line 38: | ||
*#Better privacy | *#Better privacy | ||
*#Ad-block plus | *#Ad-block plus | ||
</strike> | |||
Use: | |||
<pre> | |||
rm -rf ~/.mozilla | |||
ln -s /documents/room-documents/documents/general/configuration_files/mozilla ~/.mozilla | |||
</pre> | |||
==Configure pidgin== | |||
<pre> | |||
ln -s /documents/room-documents/documents/general/configuration_files/purple ~/.purple | |||
</pre> | |||
==Configure ssh keys== | |||
<pre> | |||
ln -s /documents/room-documents/documents/general/configuration_files/ssh .ssh | |||
</pre> | |||
==Configure bazaar== | |||
<pre> | |||
ln -s /documents/room-documents/documents/general/configuration_files/bazaar .bazaar | |||
</pre> | |||
==Configure aws== | |||
<pre> | |||
ln -s /documents/room-documents/documents/general/configuration_files/aws ~/.aws | |||
</pre> | |||
Line 48: | Line 80: | ||
#Create shortcut for root terminal in gnome-panel with command '<tt>sudo su -</tt>' to be run in terminal with '<tt>/usr/share/pixmaps/keyring.png</tt>' as image file. | #Create shortcut for root terminal in gnome-panel with command '<tt>sudo su -</tt>' to be run in terminal with '<tt>/usr/share/pixmaps/keyring.png</tt>' as image file. | ||
#Remove all temporary files created in /root by anaconda | #Remove all temporary files created in /root by anaconda | ||
#Add '<tt>alias mplayer="mplayer -idx -zoom -softvol -softvol-max 400"</tt>' to .bashrc | |||
==Configure start-up applications== | ==Configure start-up applications== | ||
Go to System - | Go to System -> Preferences -> Start-up applications and disable following start-up applications: | ||
*AT SPI Registry Wrapper | *AT SPI Registry Wrapper | ||
*Automatic bug reporting tool | *Automatic bug reporting tool | ||
Line 90: | Line 124: | ||
#fcoe | #fcoe | ||
#fcoe-target | #fcoe-target | ||
#ibacm | |||
#iscsi | #iscsi | ||
#iscsid | #iscsid | ||
Line 102: | Line 137: | ||
#rpcidmapd | #rpcidmapd | ||
#sandbox | #sandbox | ||
#spice-vdagentd | |||
#stap-server | #stap-server | ||
#tog-pegasus | #tog-pegasus | ||
Line 122: | Line 158: | ||
fcoe | fcoe | ||
fcoe-target | fcoe-target | ||
ibacm | |||
iscsi | iscsi | ||
iscsid | iscsid | ||
Line 134: | Line 171: | ||
rpcidmapd | rpcidmapd | ||
sandbox | sandbox | ||
spice-vdagentd | |||
stap-server | stap-server | ||
tog-pegasus | tog-pegasus | ||
Line 200: | Line 238: | ||
Configure yum with following repositories | Configure yum with following repositories | ||
*rpmfusion | *rpmfusion | ||
*rpmforge | |||
*epel | |||
To configure | To configure use following steps: | ||
# Vist http://www.rpmfusion.org/ and choose link 'Enable RPM Fusion no your system'. | # Vist http://www.rpmfusion.org/ and choose link 'Enable RPM Fusion no your system'. | ||
# Then download both RPM Fusion free and RPM Fusion nonfree setup rpms | # Then download both RPM Fusion free and RPM Fusion nonfree setup rpms | ||
# Install epel using from http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm | # Install epel using from http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm | ||
# Install downloaded rpms using '<tt>rpm -ivh rpmfusion*</tt>' | # Install downloaded rpms using '<tt>rpm -ivh rpmfusion*</tt>' | ||
# Disable 'rpmfusion-free-updates-testing' and 'rpmfusion-nonfree-updates-testing' repositories | # Disable 'rpmfusion-free-updates-testing' and 'rpmfusion-nonfree-updates-testing' repositories | ||
# Visit http://repoforge.org/use/ and download rpmfile for configuring repoforge (rpmforge) repository. | |||
# Configure repoforge repository using downloaded rpm file '<tt>rpm -ivh repo*.rpm</tt>' | |||
# Edit '<tt>/etc/yum.conf</tt>' and configure proper proxy and do '<tt>keepcache=1</tt>' | # Edit '<tt>/etc/yum.conf</tt>' and configure proper proxy and do '<tt>keepcache=1</tt>' | ||
==Installing packages from yum== | ==Installing packages from yum== | ||
Line 218: | Line 261: | ||
#denyhosts | #denyhosts | ||
#dia | #dia | ||
#dot | |||
#dvdisaster | #dvdisaster | ||
#encfs | #encfs | ||
Line 228: | Line 272: | ||
#john | #john | ||
#kile | #kile | ||
#libotf-devel | |||
#mplayer | #mplayer | ||
#openvpn | #openvpn | ||
Line 243: | Line 288: | ||
denyhosts | denyhosts | ||
dia | dia | ||
dot | |||
dvdisaster | dvdisaster | ||
encfs | encfs | ||
Line 253: | Line 299: | ||
john | john | ||
kile | kile | ||
libotf-devel | |||
mplayer | mplayer | ||
openvpn | openvpn | ||
Line 264: | Line 311: | ||
exit 0 | exit 0 | ||
</pre> | </pre> | ||
==Install vlc and mp3 codecs== | ==Install vlc and mp3 codecs== | ||
Line 269: | Line 318: | ||
To install vlc | To install vlc | ||
# Remove all conflicting packages (libdvdread etc.) | # Remove all conflicting packages (libdvdread etc.) | ||
# <tt>yum -y --disablerepo='epel' install vlc</tt> | # <span style="text-decoration: line-through;"><tt>yum -y --disablerepo='epel' install vlc</tt></span> <tt>yum -y install vlc</tt> | ||
# <tt>yum -y install gstreamer-plugins-{bad,ugly} </tt> | # <span style="text-decoration: line-through;"><tt>yum -y install gstreamer-plugins-{bad,ugly} </tt></span> <tt>yum -y install gstreamer-plugins-ugly</tt> | ||
If problems are faced during installation of mplayer or gstreamer-plugins-{bad,ugly} then disable testing repositories and try again. | If problems are faced during installation of mplayer or gstreamer-plugins-{bad,ugly} then disable testing repositories and try again. | ||
==Mount all filesystems== | ==Mount all filesystems== | ||
Line 284: | Line 335: | ||
#!/bin/bash | #!/bin/bash | ||
while : | |||
do | |||
read -s -p "Password: " PASSWORD | |||
sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/backup_raw /mnt/data1/backup_snapshots | |||
echo | |||
echo -n "Was password incorrect (y/n) : " | |||
read VAL1 | |||
if [[ "$VAL1" = "n" || "$VAL1" = "N" ]] ; then | |||
break | |||
fi | |||
echo | |||
done | |||
sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/documents_raw /documents | |||
sudo /sbin/service httpd start | |||
/documents/room-documents/documents/programs/erlang/web_application/start_yaws.sh | |||
sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/personal_raw /mnt/personal | |||
sshpass -p "$PASSWORD" sudo encfs --public /var/lib/mysql_raw /var/lib/mysql | |||
sudo /sbin/service mysqld start | |||
sshpass -p "$PASSWORD" sudo encfs --public /var/lib/pgsql_raw /var/lib/pgsql | |||
sudo /sbin/service postgresql start | |||
sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/virtual_labs_raw /mnt/data1/virtual_labs | |||
echo "Mounting of encrypted folders complete." | |||
exit 0 | exit 0 | ||
</pre> | </pre> | ||
==Configure rhythmbox== | ==Configure rhythmbox== | ||
Line 310: | Line 369: | ||
#Configure library location | #Configure library location | ||
#Enable watch my library for new files | #Enable watch my library for new files | ||
Line 326: | Line 386: | ||
Install following packages from source: | Install following packages from source: | ||
#[[Emacs installation from source]] | |||
# | #[[Installing emacs package manager]] | ||
# | #[[Installing Erlang by source]] | ||
#[[Installing yaws by source]] | |||
#[[Installing latest org mode]] | |||
#[[Configure .emacs file]] | |||
#[[Connecting to SSH server listening on port 443 using HTTP proxy server with HTTP CONNECT | Install corkscrew]] | |||
#[[Installaing Android SDK]] | |||
Line 360: | Line 424: | ||
-A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 60 --name PHASE4 -j ACCEPT | -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 60 --name PHASE4 -j ACCEPT | ||
-A INPUT -p udp -j DROP | -A INPUT -p udp -j DROP | ||
#To disable denied_connection_attempt logs for multicast packets | |||
-A INPUT -d 224.0.0.1 -j DROP | |||
-A INPUT -m state --state NEW -m limit --limit 2/min -j LOG --log-prefix "denied_connection_attempt_" | -A INPUT -m state --state NEW -m limit --limit 2/min -j LOG --log-prefix "denied_connection_attempt_" | ||
-A INPUT -j REJECT --reject-with icmp-host-prohibited | -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
Line 389: | Line 455: | ||
==Configure kmail== | |||
Use following to configure kmail: | |||
<pre> | |||
ln -s /documents/room-documents/documents/general/configuration_files/kmail ~/.kde/share/apps/kmail | |||
</pre> | |||
Refer to [[Kmail]] for detailed information | |||
Line 399: | Line 467: | ||
#Edit '<tt>/etc/logwatch/conf/logwatch.conf</tt>' and write '<tt>Detail = High</tt>' in the file. | #Edit '<tt>/etc/logwatch/conf/logwatch.conf</tt>' and write '<tt>Detail = High</tt>' in the file. | ||
#Edit '<tt>/usr/share/logwatch/scripts/services/kernel</tt>' and set Detail to 0 statically using '<tt>my $Detail = 0;</tt>' | |||
#Edit '<tt>/etc/mail/sendmail.mc</tt>' and configure it such that it can send emails | #Edit '<tt>/etc/mail/sendmail.mc</tt>' and configure it such that it can send emails | ||
#Edit '<tt>/etc/aliases</tt>' file and enter email address as alias for root. | #Edit '<tt>/etc/aliases</tt>' file and enter email address as alias for root. | ||
#Run '<tt>newaliases</tt>', '<tt>make</tt>', '<tt>service sendmail restart</tt>' etc. appropriately. | #Run '<tt>newaliases</tt>', '<tt>make</tt>', '<tt>service sendmail restart</tt>' etc. appropriately. | ||
#Test by sending email to root@localhost whether email configuration is working properly or not. | #Test by sending email to root@localhost whether email configuration is working properly or not. | ||
==Configure openvpn== | |||
#Use '<tt>yum -y install openvpn</tt>' | |||
#Create connect_to_vpn.sh file with following contents: | |||
#:<pre> | |||
#:: #!/bin/bash | |||
#:: | |||
#::sudo /sbin/service openvpn start | |||
#::echo "Waiting for connection establishment to complete" | |||
#::STATUS=$(ifconfig | grep '10\.7\.1\.1') | |||
#::while [[ "$STATUS" = "" ]]; do | |||
#:: echo -n "."; | |||
#:: sleep 1 | |||
#:: STATUS=$(ifconfig | grep '10\.7\.1\.1') | |||
#::done | |||
#::echo "Connection successful" | |||
#::echo "Going to replace nameserver" | |||
#::sudo mv /etc/resolv.conf /etc/resolv.conf.backup | |||
#::echo "nameserver 10.4.3.222" > /tmp/resolv.conf | |||
#::sudo mv /tmp/resolv.conf /etc/resolv.conf | |||
#::echo "Nameserver replaced" | |||
#::echo "Press enter to disconnect..." | |||
#::read A | |||
#::sudo /sbin/service openvpn stop | |||
#::echo "Going to restore nameserver" | |||
#::sudo mv /etc/resolv.conf.backup /etc/resolv.conf | |||
#::echo "Nameserver restored" | |||
#:: | |||
#::exit 0 | |||
#:: | |||
#:</pre> | |||
#Use following to use openvpn folder from /documents | |||
#:<pre> | |||
#::rm -rf /etc/openvpn | |||
#::sudo ln -s /documents/room-documents/documents/general/configuration_files/openvpn /etc/openvpn | |||
#::</pre> | |||
==Configure apache, MySQL and various wikis== | |||
#Use following to use httpd.conf file kept in /documents | |||
#:<pre> | |||
#::rm -rf /etc/httpd/conf/httpd.conf | |||
#::sudo ln -s /documents/room-documents/documents/general/configuration_files/httpd.conf /etc/httpd/conf/ | |||
#:</pre> | |||
#Ensure that directory /var/lib/mysql is properly protected, possibly through encryption (encfs) | |||
#Start mysqld service using '<tt>sudo /sbin/service mysqld start</tt>' | |||
#Secure mysql installation using '<tt>/usr/bin/mysql_secure_installation</tt>' | |||
#Login into mysql as root using '<tt>mysql -u root -p</tt>' | |||
#Create required MySQL usernames and databases using: | |||
#:<pre> | |||
#::create database wikidb_notes; | |||
#::grant all on wikidb_notes.* to wikidb_notes@localhost identified by '<password>'; | |||
#::create database wikidb_res; | |||
#::grant all on wikidb_res.* to wikidb_res@localhost identified by '<password>'; | |||
#::create database wikidb_readme; | |||
#::grant all on wikidb_readme.* to wikidb_readme@localhost identified by '<password>'; | |||
#::create database notes_wiki; | |||
#::grant all on notes_wiki.* to notes_wiki@localhost identified by '<password>'; | |||
#::flush privileges; | |||
#:</pre> | |||
#Restore various database backups using: | |||
#:<pre> | |||
#::cd /documents/public_html/ | |||
#::bunzip2 -k notes_wiki.sql.bz2 | |||
#::cat notes_wiki.sql | mysql -u notes_wiki -p notes_wiki | |||
#::rm notes_wiki.sql | |||
#:: | |||
#::cd /documents/room-documents/documents/databases/mysql/notes_wiki/ | |||
#::bunzip2 -k wikidb_notes.sql.bz2 | |||
#::cat wikidb_notes.sql | mysql -u wikidb_notes -p wikidb_notes | |||
#::rm wikidb_notes.sql | |||
#:: | |||
#::cd /documents/room-documents/documents/databases/mysql/research_wiki | |||
#::bunzip2 -k wikidb_res.sql.bz2 | |||
#::cat wikidb_res.sql | mysql -u wikidb_res -p wikidb_res | |||
#::rm wikidb_res.sql | |||
#:: | |||
#::cd /documents/room-documents/documents/databases/mysql/readme_wiki | |||
#::bunzip2 -k wikidb_readme.sql.bz2 | |||
#::cat wikidb_readme.sql | mysql -u wikidb_readme -p wikidb_readme | |||
#::rm wikidb_readme.sql | |||
#:</pre> | |||
==Configure PostgreSQL== | |||
#Ensure that directory /var/lib/pgsql is properly protected, probably through encryption (encfs) | |||
#Initialize PostgreSQL database using '<tt>service postgresql initdb</tt>' | |||
#Configure login through passwords using: | |||
#:<pre> | |||
#::sudo rm /var/lib/pgsql/data/pg_hba.conf | |||
#::sudo ln -s /documents/room-documents/documents/general/configuration_files/pg_hba.conf /var/lib/pgsql/data/ | |||
#::sudo chown postgres:postgres /documents/room-documents/documents/general/configuration_files/pg_hba.conf | |||
#:</pre> | |||
#Start PostgreSQL database using '<tt>service postgresql start</tt>' | |||
#Create accounts and databases using: | |||
#:<pre> | |||
#::sudo su - postgres | |||
#::psql | |||
#:: | |||
#::CREATE USER saurabh WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>'; | |||
#::CREATE DATABASE saurabh WITH OWNER=saurabh; | |||
#:: | |||
#::CREATE USER sen WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>'; | |||
#::CREATE DATABASE sen WITH OWNER=sen; | |||
#::\q | |||
#:: | |||
#::exit | |||
#:</pre> | |||
#Restore various database backups using: | |||
#:<pre> | |||
#::cd /documents/room-documents/documents/databases/pgsql/ | |||
#::gpg -d account.sql.gpg > account.sql | |||
#::psql -U saurabh -d account < account.sql | |||
#::rm -f account.sql | |||
#:: | |||
#::cd /documents/room-documents/documents/databases/pgsql/ | |||
#::bunzip2 -k sen.sql.bz2 | |||
#::psql -U sen -d sen < sen.sql | |||
#::rm -f sen.sql | |||
#::</pre> | |||
==Configure backups== | |||
Configure backups by using tools such as [[Rsnapshot]]. Configure [[updatedb]] to exclude backup folders and encrypted file-systems such as 'encfs' | |||
==Enable various services== | |||
Enable various services using: | |||
<pre> | |||
chkconfig {httpd,mysqld,postgresql} on | |||
</pre> | |||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[New machine configuration]] > [[Configuring laptop after Cent-OS re-installation]] |
Latest revision as of 13:35, 14 July 2022
Home > CentOS > CentOS 6.x > New machine configuration > Configuring laptop after Cent-OS re-installation
This page is intended to describe settings to be done, files to be copied, packages to be installed via yum or source after OS has been re-installed on laptop. It was last updated during Cent-OS 6.3 installation on 8 January, 2013
Installing OS
Install OS with following partitioning:
- 30 GB for root(/) partition
- swap partition of size 1.5 or 2 times RAM
- Rest for /mnt/das1 partition (where das stands for directly attached storage)
GUI configuration
- Remove user switch option from panel from top right corner of screen
- Add system monitor panel extension for monitoring CPU, hard-disk and network usage.
- Remove all folders (Documents, Downloads, Music, Pictures, etc.) from home folder except Desktop
- Configure nautilus properly
- Show hidden and backup files
- Always open in browser window
- View executable text files when they are opened
- Preview for files smaller than 500KB
- Set preferred email application to kmail
- Add lock icon to panel for locking screen
Configure firefox
- Edit preferences for file download
- Configure proper proxy and no proxy for values
- Install following firefox plugins and configure them properly:
- NoScript
- Whitelist xmarks.com (can also be done by restoring noscript preferences backup)
- WOT (Web of trust)
- Xmarks
- Ghostery
- Better privacy
- Ad-block plus
- NoScript
Use:
rm -rf ~/.mozilla ln -s /documents/room-documents/documents/general/configuration_files/mozilla ~/.mozilla
Configure pidgin
ln -s /documents/room-documents/documents/general/configuration_files/purple ~/.purple
Configure ssh keys
ln -s /documents/room-documents/documents/general/configuration_files/ssh .ssh
Configure bazaar
ln -s /documents/room-documents/documents/general/configuration_files/bazaar .bazaar
Configure aws
ln -s /documents/room-documents/documents/general/configuration_files/aws ~/.aws
Configure terminal
Do following changes immediately after OS install to configure terminals
- Create file /etc/profile.d/history.sh as mentioned at Storing date / time along with commands in history
- Configure Ctl+Alt+t to be shortcut for running terminal
- Configure sudo to allow user saurabh to run all commands as root as mentioned at Allowing user to run all commands as root without specifying password
- Create shortcut for root terminal in gnome-panel with command 'sudo su -' to be run in terminal with '/usr/share/pixmaps/keyring.png' as image file.
- Remove all temporary files created in /root by anaconda
- Add 'alias mplayer="mplayer -idx -zoom -softvol -softvol-max 400"' to .bashrc
Configure start-up applications
Go to System -> Preferences -> Start-up applications and disable following start-up applications:
- AT SPI Registry Wrapper
- Automatic bug reporting tool
- Bluetooth
- File context maintainer
- Network manager
- Packetkit update
- Personal file sharing
- Policykit authentication agent
- Remote desktop
- SELinux troubleshooter
- Smart card manager
- Spice vdagents
- Terminal server client autostart
- User folder update
- Visual assistance
Disable SELinux
Edit file '/etc/sysconfig/selinux' and set value for SELINUX parameter to 'disabled'
Disabling services
Disable following services after OS is installed from automatically starting in run-levels 3 to 5: (List is alphabetic)
- abrt-ccpp
- abrt-oops
- abrtd
- avahi-daemon
- bluetooth
- cachefilesd
- cgconfig
- edac
- fcoe
- fcoe-target
- ibacm
- iscsi
- iscsid
- isdn
- lldpad
- nfslock
- pcscd
- pppoe-server
- qpidd
- rpcbind
- rpcgssd
- rpcidmapd
- sandbox
- spice-vdagentd
- stap-server
- tog-pegasus
- trace-cmd
- xinetd
One can use following shell script to disable all above mentioned services:
#!/bin/bash SERVICES="abrt-ccpp abrt-oops abrtd avahi-daemon bluetooth cachefilesd cgconfig edac fcoe fcoe-target ibacm iscsi iscsid isdn lldpad nfslock pcscd pppoe-server qpidd rpcbind rpcgssd rpcidmapd sandbox spice-vdagentd stap-server tog-pegasus trace-cmd xinetd " for SERVICE1 in $SERVICES; do echo "Going to run " chkconfig $SERVICE1 off chkconfig $SERVICE1 off done exit 0
In case LVM, Virtualization, Auditing, Software raid etc. are not going to be used then following services can also be stopped:
- auditd (Auditing)
- libvirt-guests, libvirt-qmf, libvirtd (Virtualization)
- lvm2-monitor (LVM)
- mdmonitor (Software raid)
- ksm, ksmtuned (Kernel same page merging)
Following script can be used to stop above mentioned additional services:
#!/bin/bash SERVICES="auditd libvirt-guests libvirt-qmf libvirtd lvm2-monitor mdmonitor ksm ksmtuned" for SERVICE1 in $SERVICES; do echo "Going to run " chkconfig $SERVICE1 off chkconfig $SERVICE1 off done exit 0
In case of configuring a VM and not laptop following services can also be stopped: Need to be updated based on CentOS-6.2
- acpid
- cpuspeed
- cups
- hddtemp
- irqbalance
- lm_sensors
- microcode_ctl
- smartd
Note:
- Do not worry if some command gives error service not found. It is possible that default installation of Cent-OS does not contains few of above mentioned services.
Configure yum
Configure yum with following repositories
- rpmfusion
- rpmforge
- epel
To configure use following steps:
- Vist http://www.rpmfusion.org/ and choose link 'Enable RPM Fusion no your system'.
- Then download both RPM Fusion free and RPM Fusion nonfree setup rpms
- Install epel using from http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
- Install downloaded rpms using 'rpm -ivh rpmfusion*'
- Disable 'rpmfusion-free-updates-testing' and 'rpmfusion-nonfree-updates-testing' repositories
- Visit http://repoforge.org/use/ and download rpmfile for configuring repoforge (rpmforge) repository.
- Configure repoforge repository using downloaded rpm file 'rpm -ivh repo*.rpm'
- Edit '/etc/yum.conf' and configure proper proxy and do 'keepcache=1'
Installing packages from yum
Install following packages using yum (List is alphabetic)
- atop
- denyhosts
- dia
- dot
- dvdisaster
- encfs
- emacs
- flash-plugin
- geany
- htop
- hunt
- iptraf
- john
- kile
- libotf-devel
- mplayer
- openvpn
- phpMyAdmin
- tcptrack
- wireshark
- wireshark-gnome
Following script can be used to install above packages:
#!/bin/bash PACKAGES="atop denyhosts dia dot dvdisaster encfs emacs flash-plugin geany htop hunt iptraf john kile libotf-devel mplayer openvpn phpMyAdmin tcptrack wireshark wireshark-gnome" yum -y install $PACKAGES exit 0
Install vlc and mp3 codecs
To install vlc
- Remove all conflicting packages (libdvdread etc.)
- yum -y --disablerepo='epel' install vlc yum -y install vlc
- yum -y install gstreamer-plugins-{bad,ugly} yum -y install gstreamer-plugins-ugly
If problems are faced during installation of mplayer or gstreamer-plugins-{bad,ugly} then disable testing repositories and try again.
Mount all filesystems
- Install ntfs-3g using 'yum -y install ntfs-3g'
- Create /mnt/cdrive folder if it does not exists
- Try to mount NTFS partition on /mnt/cdrive
- Get block IDS of all partitions using blkid
- Do proper entries in /etc/fstab for interesting partitions. Use 'umask=0000' option whereever required like vfat partitions
- Create following script to mount encrypted /documents folder.
#!/bin/bash while : do read -s -p "Password: " PASSWORD sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/backup_raw /mnt/data1/backup_snapshots echo echo -n "Was password incorrect (y/n) : " read VAL1 if [[ "$VAL1" = "n" || "$VAL1" = "N" ]] ; then break fi echo done sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/documents_raw /documents sudo /sbin/service httpd start /documents/room-documents/documents/programs/erlang/web_application/start_yaws.sh sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/personal_raw /mnt/personal sshpass -p "$PASSWORD" sudo encfs --public /var/lib/mysql_raw /var/lib/mysql sudo /sbin/service mysqld start sshpass -p "$PASSWORD" sudo encfs --public /var/lib/pgsql_raw /var/lib/pgsql sudo /sbin/service postgresql start sshpass -p "$PASSWORD" sudo encfs --public /mnt/data1/raw_folders/virtual_labs_raw /mnt/data1/virtual_labs echo "Mounting of encrypted folders complete." exit 0
Configure rhythmbox
- Disable all plugins except status icon
- Configure library location
- Enable watch my library for new files
Configure SSH
- Enable connection multiplexing as explained at Sharing multiple ssh connections
- Disable GSSAPI authentication using 'GSSAPIAuthentication no'
Disable guest account
- Use 'userdel -r xguest' to disable guest account
Install packages from source
Install following packages from source:
- Emacs installation from source
- Installing emacs package manager
- Installing Erlang by source
- Installing yaws by source
- Installing latest org mode
- Configure .emacs file
- Install corkscrew
- Installaing Android SDK
Configure firewall
Configure iptables firewall with proper port knocking rules. Following configuration can be used as basic '/etc/sysconfig/iptables' file on new installations:
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :INTO-PHASE1 - [0:0] :INTO-PHASE2 - [0:0] :INTO-PHASE3 - [0:0] :INTO-PHASE4 - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 22 -s 10.3.1.183 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 22 -s 10.3.3.230 -j ACCEPT -A INPUT -p tcp -m tcp --dport 100 -j INTO-PHASE1 -A INPUT -p tcp -m tcp --dport 200 -m recent --rcheck --name PHASE1 -j INTO-PHASE2 -A INPUT -p tcp -m tcp --dport 300 -m recent --rcheck --name PHASE2 -j INTO-PHASE3 -A INPUT -p tcp -m tcp --dport 400 -m recent --rcheck --name PHASE3 -j INTO-PHASE4 -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 60 --name PHASE4 -j ACCEPT -A INPUT -p udp -j DROP #To disable denied_connection_attempt logs for multicast packets -A INPUT -d 224.0.0.1 -j DROP -A INPUT -m state --state NEW -m limit --limit 2/min -j LOG --log-prefix "denied_connection_attempt_" -A INPUT -j REJECT --reject-with icmp-host-prohibited # -A INTO-PHASE1 -m recent --remove --name PHASE2 -A INTO-PHASE1 -m recent --remove --name PHASE3 -A INTO-PHASE1 -m recent --remove --name PHASE4 -A INTO-PHASE1 -m recent --set --name PHASE1 -A INTO-PHASE1 -j LOG --log-prefix "INTO PHASE1: " # -A INTO-PHASE2 -m recent --remove --name PHASE1 -A INTO-PHASE2 -m recent --set --name PHASE2 -A INTO-PHASE2 -j LOG --log-prefix "INTO PHASE2: " # -A INTO-PHASE3 -m recent --remove --name PHASE2 -A INTO-PHASE3 -m recent --set --name PHASE3 -A INTO-PHASE3 -j LOG --log-prefix "INTO PHASE3: " # -A INTO-PHASE4 -m recent --remove --name PHASE3 -A INTO-PHASE4 -m recent --set --name PHASE4 -A INTO-PHASE4 -j LOG --log-prefix "INTO PHASE4: " # -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT #
Configure kmail
Use following to configure kmail:
ln -s /documents/room-documents/documents/general/configuration_files/kmail ~/.kde/share/apps/kmail
Refer to Kmail for detailed information
Configure logging
- Edit '/etc/logwatch/conf/logwatch.conf' and write 'Detail = High' in the file.
- Edit '/usr/share/logwatch/scripts/services/kernel' and set Detail to 0 statically using 'my $Detail = 0;'
- Edit '/etc/mail/sendmail.mc' and configure it such that it can send emails
- Edit '/etc/aliases' file and enter email address as alias for root.
- Run 'newaliases', 'make', 'service sendmail restart' etc. appropriately.
- Test by sending email to root@localhost whether email configuration is working properly or not.
Configure openvpn
- Use 'yum -y install openvpn'
- Create connect_to_vpn.sh file with following contents:
- #!/bin/bash
- sudo /sbin/service openvpn start
- echo "Waiting for connection establishment to complete"
- STATUS=$(ifconfig | grep '10\.7\.1\.1')
- while [[ "$STATUS" = "" ]]; do
- echo -n ".";
- sleep 1
- STATUS=$(ifconfig | grep '10\.7\.1\.1')
- done
- echo "Connection successful"
- echo "Going to replace nameserver"
- sudo mv /etc/resolv.conf /etc/resolv.conf.backup
- echo "nameserver 10.4.3.222" > /tmp/resolv.conf
- sudo mv /tmp/resolv.conf /etc/resolv.conf
- echo "Nameserver replaced"
- echo "Press enter to disconnect..."
- read A
- sudo /sbin/service openvpn stop
- echo "Going to restore nameserver"
- sudo mv /etc/resolv.conf.backup /etc/resolv.conf
- echo "Nameserver restored"
- exit 0
- Use following to use openvpn folder from /documents
- rm -rf /etc/openvpn
- sudo ln -s /documents/room-documents/documents/general/configuration_files/openvpn /etc/openvpn
Configure apache, MySQL and various wikis
- Use following to use httpd.conf file kept in /documents
- rm -rf /etc/httpd/conf/httpd.conf
- sudo ln -s /documents/room-documents/documents/general/configuration_files/httpd.conf /etc/httpd/conf/
- Ensure that directory /var/lib/mysql is properly protected, possibly through encryption (encfs)
- Start mysqld service using 'sudo /sbin/service mysqld start'
- Secure mysql installation using '/usr/bin/mysql_secure_installation'
- Login into mysql as root using 'mysql -u root -p'
- Create required MySQL usernames and databases using:
- create database wikidb_notes;
- grant all on wikidb_notes.* to wikidb_notes@localhost identified by '<password>';
- create database wikidb_res;
- grant all on wikidb_res.* to wikidb_res@localhost identified by '<password>';
- create database wikidb_readme;
- grant all on wikidb_readme.* to wikidb_readme@localhost identified by '<password>';
- create database notes_wiki;
- grant all on notes_wiki.* to notes_wiki@localhost identified by '<password>';
- flush privileges;
- Restore various database backups using:
- cd /documents/public_html/
- bunzip2 -k notes_wiki.sql.bz2
- cat notes_wiki.sql | mysql -u notes_wiki -p notes_wiki
- rm notes_wiki.sql
- cd /documents/room-documents/documents/databases/mysql/notes_wiki/
- bunzip2 -k wikidb_notes.sql.bz2
- cat wikidb_notes.sql | mysql -u wikidb_notes -p wikidb_notes
- rm wikidb_notes.sql
- cd /documents/room-documents/documents/databases/mysql/research_wiki
- bunzip2 -k wikidb_res.sql.bz2
- cat wikidb_res.sql | mysql -u wikidb_res -p wikidb_res
- rm wikidb_res.sql
- cd /documents/room-documents/documents/databases/mysql/readme_wiki
- bunzip2 -k wikidb_readme.sql.bz2
- cat wikidb_readme.sql | mysql -u wikidb_readme -p wikidb_readme
- rm wikidb_readme.sql
Configure PostgreSQL
- Ensure that directory /var/lib/pgsql is properly protected, probably through encryption (encfs)
- Initialize PostgreSQL database using 'service postgresql initdb'
- Configure login through passwords using:
- sudo rm /var/lib/pgsql/data/pg_hba.conf
- sudo ln -s /documents/room-documents/documents/general/configuration_files/pg_hba.conf /var/lib/pgsql/data/
- sudo chown postgres:postgres /documents/room-documents/documents/general/configuration_files/pg_hba.conf
- Start PostgreSQL database using 'service postgresql start'
- Create accounts and databases using:
- sudo su - postgres
- psql
- CREATE USER saurabh WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>';
- CREATE DATABASE saurabh WITH OWNER=saurabh;
- CREATE USER sen WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>';
- CREATE DATABASE sen WITH OWNER=sen;
- \q
- exit
- Restore various database backups using:
- cd /documents/room-documents/documents/databases/pgsql/
- gpg -d account.sql.gpg > account.sql
- psql -U saurabh -d account < account.sql
- rm -f account.sql
- cd /documents/room-documents/documents/databases/pgsql/
- bunzip2 -k sen.sql.bz2
- psql -U sen -d sen < sen.sql
- rm -f sen.sql
Configure backups
Configure backups by using tools such as Rsnapshot. Configure updatedb to exclude backup folders and encrypted file-systems such as 'encfs'
Enable various services
Enable various services using:
chkconfig {httpd,mysqld,postgresql} on
Home > CentOS > CentOS 6.x > New machine configuration > Configuring laptop after Cent-OS re-installation