Chinaunix首页 | 论坛 | 博客
  • 博客访问: 491523
  • 博文数量: 86
  • 博客积分: 4052
  • 博客等级: 上校
  • 技术积分: 914
  • 用 户 组: 普通用户
  • 注册时间: 2005-02-01 15:21
个人简介

If you don’t like this government, it won’t last forever.

文章分类

全部博文(86)

文章存档

2016年(2)

2015年(1)

2014年(4)

2013年(4)

2008年(4)

2007年(53)

2006年(17)

2005年(1)

我的朋友

分类: LINUX

2006-12-22 15:20:46

RedHat Linux Enterprise AS 3.0

 

 

一.             相关资源

 

 

 

Choosing the right Red Hat Enterprise Linux solution

Red Hat Enterprise Linux is available in a variety of configurations to fit your application, architecture and support needs. Picking the appropriate version for your needs involves answering a few key questions:

*       Are you looking for a single user desktop solution, a mid-range, or a mission-critical server application?

*       There's a version for just about any application.

*       Which services level do you require?

*       Red Hat offers a range of service level agreements for Red Hat Enterprise Linux.

*       What are your hardware architectures and memory requirements?

*       Supported environments range from small Intel x86 and compatibles through the largest IBM mainframe.

Armed with responses to these questions, the following chart helps narrow your selections to the right version of Red Hat Enterprise Linux for your environment.

 

 

I am using Linux, Unix or Windows for:

•  Large databases

•  Enterprise applications

•  24x7 mission critical environments

•  Edge of network applications

•  Small office or departmental servers

•  Technical Workstation applications

•  Desktop Productivity

•  High Performance Computing (multinode clusters) applications

Recommended product:

Common Usages

Databases, ERP, CRM, Applications

Small-medium web, file and print configurations

CAD/CAM, Rendering, Trading, Manufacturing, S/W development, Mail, Document processing, Browsing, Instant messaging, Beowulf; Oscar; MPI

Includes desktop applications

Yes

Yes

Yes

Supported by leading ISV applications

Yes

Yes

Yes

Includes Apache, Samba, NFS

Yes

Yes

Yes

Includes: amanda-server, arptables_jf, bind, caching-nameserver, dhcp, freeradius, inews, inn, krb5-server, netdump-server, openldap-servers, pxe, quagga, radvd, rarpd, redhat-config-bind, redhat-config-netboot, tftp-server, tux, vsftpd, ypserv

Yes

Yes

No

Available in Premium Edition

• Web and phone based comprehensive support

• 24 x 7

• 1 hour response

• Unlimited incidents

• 1 year Red Hat Network

Yes

No

No

Available in Standard Edition

• Web and phone based comprehensive support

• 5 x 12

• 4 hour response

• Unlimited incidents

• 1 year Red Hat Network

Yes

Yes

Yes

Available in Basic Edition

• 1 year Red Hat Network

No

Yes

Yes

Supports x86 compatible systems

Yes

Yes

Yes

Supports Itanium & AMD64 systems

Yes

No

Yes

Supports IBM z, i, p and S/390 series systems

Yes

No

No

Supports systems with >2 CPUs

Yes

No

No

Supports >8GB memory (x86)

Yes

No

Yes

 

 

 

 

 

 

 

Master Site (Canada)

 

 

OpenSSH 3.7.1 released September 16, 2003.

Contains support for SSH1 and SSH2 protocols.

 

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.

The OpenSSH suite includes the program which replaces rlogin and telnet, which replaces rcp, and which replaces ftp. Also included is which is the server side of the package, and the other basic utilities like , , , , and . OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.

OpenSSH is primarily developed by , and its first inclusion into an operating system was in . The software is developed outside the USA, using code from roughly 10 countries, and is freely useable and re-useable by everyone under a BSD license.

 

 

 

 

二.             安装前的准备工作

 

服务器硬件基本情况如下,RH AS 3.0都能找到相关驱动)

 

主板:SUPERMICRO  X5DPL-8GM(服务器)

    主板芯片组:Intel E7501 533FSB/Intel E7500 400FSB

 

CPUIntel Xeon2.4 * 2

 

硬盘:SCSI RAID-5 6*36GB

内存:2GB DDR266 ECC Reg

 

RAID卡:Adaptec 2010S Ultra 320/Adaptec 2110S Ultra 160

 

网卡:Intel 82551 100MB NIC/Intel 82545EM 1000MB NIC

       

 

PC机硬件基本情况如下,RH AS 3.0都能找到相关驱动)

 

主板:  GigaByte 8LD533PC

    主板芯片组:Intel 845GL 533 FSB

 

CPU:    Intel P4 2.4B 533 FSB

 

硬盘:Seagate 80GB IDE/WD 250GB IDE

内存:512MB-1GB DDR333(实际只支持DDR266

 

RAID卡:Promise TX2

 

        网卡:RealTek 8101 100MB NIC

 

 

三.             开始安装

 

1.  使用CDROM引导Linux的安装盘,选择输入linux text,以文本方式安装。

 

 

注释:如果系统中有适配器不能被系统自动识别,需要输入linux dd,然后要求插入相应的适配器的驱动盘,确定后,加载相关的驱动后开始安装。

 

 

 

 

2.  系统信息检测

 

 

3.  进行Linux 安装光盘的介质完整性检查(可选)

 

注释:第一次使用Linux安装光盘的时候建议进行检查。可以用类似的方法依次检测所有的Linux安装光盘的介质的完整性。

 

 

 

 

 

4.  光盘完整性检测完毕后,继续安装。

 

 

5.  出现欢迎页面,开始安装

 

 

 

6.  选择安装过程的所用语言种类,默认为英语,保持默认值。

 

 

 

 

 

7.  选择键盘类型。选择默认值:US

 

 

8.  选择鼠标类型,选择None(没有鼠标!!)。

 

 

9.  选择硬盘分区方式,采用Disk Druid方式。

 

 

 

 

 

注释:初次使用的硬盘或者RAID5硬盘组会显示没有被初始化,选择Yes进行初始化。

 

 

 

10.              列出系统所有的硬盘信息

 

 

 

 

 

注释:文件系统类型,除了swap外,都选用ext3类型。

 

分区原则如下:

 

A. 在有RAID-5的情况下:

 

/boot   100MB

swap    2048MB

/       24000MB

/data       剩余的其他硬盘空间

 

B. 没有RAID-5,有236G硬盘的情况下:

 

第一个硬盘(sda):

 

/boot   100M

swap    2048M

/       剩余的空间

 

    第二个硬盘(sdb)

 

/data       整个硬盘空间

 

 

C. 在有一块IDE 80GB(邮件投入/投出服务器)的情况下:

 

/boot   100MB

swap    1024MB

/       剩余的其他硬盘空间

 

 

D. 在备份服务器的情况下(1×80GB/4×250GB):

 

第一个硬盘(hda80GB):

/boot   100MB

swap    2048MB

/       剩余的其他硬盘空间

 

    其它硬盘(hde/hdf/hdg/hdh)

 

/dev/hde1             230G  152M  218G   1% /data1

/dev/hdf1             230G   33M  218G   1% /data2

/dev/hdg1             230G   33M  218G   1% /data3

/dev/hdh1             230G   33M  218G   1% /data4

 

 

 

11.              下图是一个标准情况。

 

 

 

12.              选择系统引导方式,选择:lilo引导。

 

 

注释:不建议使用GRUB,因为GRUB进入单用户的方式比较麻烦。

 

 

13.              可以指定内核特定启动参数:使用默认值。

 

 

14.              修改默认的启动卷标:使用默认值。

 

 

 

 

15.              选择boot启动块存放位置:使用默认值(master boot record)

 

注释:没有图,在安装时请参照具体的界面选择。

 

 

16.              网络配置

 

注释:Squid服务器和防火墙服务器需要使用2块网卡。

其它服务器一律使用那块1000MB的网卡,100MB的网卡不激活。

 

对于1000MB网卡:

 

取消选中:Configure using DHCP

选中:Activate on Boot

 

对于100MB网卡:

 

取消选中:Configure using DHCP

取消选中:Activate on Boot

 

 

配置网卡参数:

 

IP地址:

子网掩码(Netmask):

缺省网关(Gataway):

 

DNS服务器:202.106.0.20202.99.8.1202.94.1.33

 

 

 

 

 

17.              指定主机名(Host Name):具体的名字详见相关文档。

 

 

18.              选择防火墙方式:选择No firewall

 

 

 

19.              选择添加的系统支持语种。

 

使用默认值EnglishUSA),并增加简体中文:ChineseP.R. of China)。

 

 

 

20.              选择系统默认语种:English(USA)

 

 

21.              选择系统时区:选择Asia/Shanghai(中国地区)。

 

 

 

22.              设定root密码:初始密码为system(小写)。

 

 

 

 

 

23.              出现软件组安装欢迎页面。

 

 

一定要选中:Customize Software Selection,这样可以自己选择要安装的RPM包。

   

 

 

选择安装包说明:

 

不安装的(19)

x windows system

gnome desktop envirnment

kde desktop envionment

engineering and scientific

graphical internet

office/productivity

sound and viedo

authoring and publishing

graphics

games and entertainment

web server

sql database

mysql server

network servers

legacy network server(telnet server,rwho)

gnome software development

kde software development

printing support

注意不要选择:everything(完全安装所有RPM包)

 

 

安装的包(13项):

 

editors

text-based internetlynx,links等)

server configuration tools

mail serversendmail,imap等)

windows file server

dns name server

ftp server

development tools

kernel development

x software development(libpng,gd)

legacy software development(兼容老gcc等)

administration tools

system tools(注意选中sysstat)

 

 

    需要安装包的截图列表:

 

   

 

 

   

 

   

 

   

 

   

 

    注意:选完包后,应该为1667M

 

 

24.              开始安装

 

会依次要求插入其他几张CDROM介质

 

按照这个选择包的方法,不需要使用RH AS 3.0的第四张盘!!!

 

25.              出现Congratulation页面,安装结束。

 

 

26.              系统重新启动,一定要拿出CDROM安装介质。

 

 

 

27.              系统启动后的界面。

 

 

 

四.             系统安装后需要做的工作。

 

1.    系统会自动安装httpd包,即使安装的时候没有选择www服务。需要进行手工卸载。

 

以下四部可以干净的卸载httpd,php

 

# rpm -e squirrelmail-1.2.11-1

 

# rpm -e php-4.3.2-8.ent

 

# rpm -e redhat-config-httpd-1.1.0-4

 

# rpm -e httpd-2.0.46-25.ent

 

 

2.    确认网络没有问题。

 

ping 192.168.123.254

 

[root@backup1 root]# ping 192.168.123.254

PING 192.168.123.254 (192.168.123.254) 56(84) bytes of data.

64 bytes from 192.168.123.254: icmp_seq=0 ttl=64 time=2.28 ms

64 bytes from 192.168.123.254: icmp_seq=1 ttl=64 time=2.87 ms

64 bytes from 192.168.123.254: icmp_seq=2 ttl=64 time=1.32 ms

 

--- 192.168.123.254 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2021ms

rtt min/avg/max/mdev = 1.328/2.159/2.870/0.636 ms, pipe 2

[root@backup1 root]#

 

 

# ping sina.com.cn

   

[root@backup1 root]# ping

PING libra.sina.com.cn (202.106.185.237) 56(84) bytes of data.

64 bytes from 202.106.185.237: icmp_seq=0 ttl=56 time=3.04 ms

64 bytes from 202.106.185.237: icmp_seq=1 ttl=56 time=2.93 ms

64 bytes from 202.106.185.237: icmp_seq=2 ttl=56 time=3.06 ms

64 bytes from 202.106.185.237: icmp_seq=3 ttl=56 time=4.47 ms

64 bytes from 202.106.185.237: icmp_seq=4 ttl=56 time=3.18 ms

64 bytes from 202.106.185.237: icmp_seq=5 ttl=56 time=21.9 ms

 

--- libra.sina.com.cn ping statistics ---

6 packets transmitted, 6 received, 0% packet loss, time 9043ms

rtt min/avg/max/mdev = 2.938/6.440/21.925/6.944 ms, pipe 2

 

 

3.    设置时间同步

 

crontab -e

 

加入

 

#Update Time Everyday

00 02 * * * /usr/sbin/ntpdate 202.106.196.19

 

注意:请确保系统中要安装了ntp-4.1.2-4RPM包。

 

建议执行一次:

 

# /usr/sbin/ntpdate 202.106.196.19

 

 

这个说明没有找到NTP服务器:

 

[root@SM001 root]# /usr/sbin/ntpdate 202.106.196.19

 8 Nov 11:38:43 ntpdate[9551]: no server suitable for synchronization found

 

 

 

ntp-4.1.2-4包的情况(RH AS 3.0):

 

[root@SM001 root]# rpm -qil ntp-4.1.2-4

Name        : ntp                         

Relocations: (not relocateable)

Version     : 4.1.2                            

Vendor: Red Hat, Inc.

Release     : 4                            

Build Date: Thu 11 Sep 2003 05:38:43 PM CST

Install Date: Thu 06 Nov 2003 02:26:56 PM CST     

Build Host: bugs.devel.redhat.com

Group       : System Environment/Daemons   

Source RPM: ntp-4.1.2-4.src.rpm

Size        : 2266266                         

License: distributable

Signature   : DSA/SHA1,

Thu 25 Sep 2003 01:42:13 AM CST, Key ID 219180cddb42a60e

Packager    : Red Hat, Inc. <

URL         :

Summary     : Synchronizes system time using the

Network Time Protocol (NTP).

 

Description :

 

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. The ntp package contains

utilities and daemons that will synchronize your computer's time to

Coordinated Universal Time (UTC) via the NTP protocol and NTP servers.

The ntp package includes ntpdate (a program for retrieving the date

and time from remote machines via a network) and ntpd (a daemon which

continuously adjusts system time).

 

Install the ntp package if you need tools for keeping your system's

time synchronized via the NTP protocol.

/etc/ntp

/etc/ntp.conf

/etc/ntp/keys

/etc/ntp/step-tickers

/etc/rc.d/init.d/ntpd

/etc/sysconfig/ntpd

/usr/bin/ntpstat

/usr/sbin/ntp-genkeys

/usr/sbin/ntp-wait

/usr/sbin/ntpd

/usr/sbin/ntpdate

/usr/sbin/ntpdc

/usr/sbin/ntpq

/usr/sbin/ntptime

/usr/sbin/ntptimeset

/usr/sbin/ntptrace

/usr/sbin/tickadj

 

 

 

4.    设置定时检查磁盘空间报告(检查磁盘空间和日志大小)

 

crontab –e

 

加入:

 

#Check Disk everyday

00 03 * * * /var/check_disk.sh

 

[root@WWW1 root]# less /var/check_disk.sh

 

#Write by Francis Hao

#Update on 0606,2003

#Add for check disk space

 

#----Begin-----

/bin/cat /dev/null > /var/mailbody.txt

/bin/cat /dev/null > /var/mailcontent.txt

/bin/cat /dev/null > /var/mailheader.txt

 

/bin/echo "From: root@211.154.46.196" >> /var/mailheader.txt

/bin/echo "To: Xiaofei.Hao@18dx.com" >> /var/mailheader.txt

/bin/echo "Cc: blade@18dx.com" >> /var/mailheader.txt

/bin/echo "Cc: Yong.Cui@dudu-inc.com" >> /var/mailheader.txt

/bin/echo "Subject: Server_211.154.46.196(18DX_WWW2_RH_73) Disk report" >> /var/mailheader.txt

 

/bin/df -h >> /var/mailbody.txt

ls -alh /data/logs/ >> /var/mailbody.txt

#ls -alh /usr/local/apache/logs/www.focus.com.cn-access_log >> /var/mailbody.txt

#/bin/ls -alh /usr/local/apache/logs/*-access_log* >> /var/mailbody.txt

/bin/cat /var/mailheader.txt /var/mailbody.txt >> /var/mailcontent.txt

/usr/sbin/sendmail -t < /var/mailcontent.txt

#----Add for check disk space over----

 

 

注意:请根据服务器的IP地址和主机名修改相应的地方。

RedHat 9.0/RH AS 3.0需要把sendmail服务打开才能发送邮件。

 

 

5.    双网卡,网关设置

 

如果激活了双网卡,需要在文件:/etc/sysconfig/network中加入

 

 

GATEWAY=eth0

 

 

6.    取消多余的服务

 

使用ntsysv 命令取消系统中多余的服务,激活的服务有:

 

Crontab

Network

Sendmail(需要发送磁盘空间检查的都要打开)

Sshd

Syslog

Random

Vsftpd

 

 

7.    Disable 匿名FTP服务

 

 

默认安装完的vsftpd是允许匿名FTP访问的,必须关闭匿名FTP访问:

 

修改配置文件:

/etc/vsftpd/vsftpd.conf 

 

anonymous_enable=YES改为anonymous_enable=NO

 

 

8.    升级到最新的openssh

 

重新编译openssh,使用最新版本openssh-3.7.1p2

 

# tar zxfv openssh-3.7.1p2.tar.gz

 

# cd openssh-3.7.1p2

 

# vi version.h

 

改为:

 

#define SSH_VERSION     "OpenSSH_18DX" 来隐藏SSH标识

 

# ./configure

 

# make

 

# make install

 

 

如果提示有错误,加上用户sshd

 

# useradd sshd

 

# vi /usr/local/ssh_config /usr/local/sshd_config

 

将缺省的端口22  改为 7710

 

vi /etc/init.d/sshd

 

将:

 

KEYGEN=/usr/bin/ssh-keygen

SSHD=/usr/sbin/sshd

 

改为:

 

KEYGEN=/usr/local/bin/ssh-keygen

SSHD=/usr/local/sbin/sshd

 

重新启动sshd

 

# /etc/rc.d/init.d/sshd restart

 

 

9.    系统语言设置

 

安装多个语言包后,有些界面会出现乱码的情况。

 

修改/etc/sysconfig/i18n

改为LANG="en_US"

 

 

阅读(2754) | 评论(1) | 转发(0) |
给主人留下些什么吧!~~