If you don’t like this government, it won’t last forever.
全部博文(86)
分类: LINUX
2006-12-22 15:20:46
RedHat Linux Enterprise AS 3.0
一. 相关资源
Red Hat Enterprise Linux is available in a variety of configurations to fit your application, architecture and support needs. Picking the appropriate version for your needs involves answering a few key questions:
Are you looking for a single user desktop solution, a mid-range, or a mission-critical server application?
There's a version for just about any application.
Which services level do you require?
Red Hat offers a range of service level agreements for Red Hat Enterprise Linux.
What are your hardware architectures and memory requirements?
Supported environments range from small Intel x86 and compatibles through the largest IBM mainframe.
Armed with responses to these questions, the following chart helps narrow your selections to the right version of Red Hat Enterprise Linux for your environment.
|
I am using Linux, Unix or Windows for: |
• Large databases • • 24x7 mission critical environments |
• Edge of network applications • Small office or departmental servers |
• Technical Workstation applications • Desktop Productivity • High Performance Computing (multinode clusters) applications | |
|
Recommended product: |
|
|
| |
|
|
Common Usages |
Databases, ERP, CRM, Applications |
Small-medium web, file and print configurations |
CAD/CAM, Rendering, Trading, Manufacturing, S/W development, Mail, Document processing, Browsing, Instant messaging, Beowulf; Oscar; MPI |
|
Includes desktop applications |
Yes |
Yes |
Yes | |
|
Supported by leading ISV applications |
Yes |
Yes |
Yes | |
|
Includes Apache, Samba, NFS |
Yes |
Yes |
Yes | |
|
Includes: amanda-server, arptables_jf, bind, caching-nameserver, dhcp, freeradius, inews, inn, krb5-server, netdump-server, openldap-servers, pxe, quagga, radvd, rarpd, redhat-config-bind, redhat-config-netboot, tftp-server, tux, vsftpd, ypserv |
Yes |
Yes |
No | |
|
|
Available in Premium Edition • Web and phone based comprehensive support • 24 x 7 • 1 hour response • Unlimited incidents • 1 year Red Hat Network |
Yes |
No |
No |
|
Available in Standard Edition • Web and phone based comprehensive support • 5 x 12 • 4 hour response • Unlimited incidents • 1 year Red Hat Network |
Yes |
Yes |
Yes | |
|
Available in Basic Edition • 1 year Red Hat Network |
No |
Yes |
Yes | |
|
|
Supports x86 compatible systems |
Yes |
Yes |
Yes |
|
Supports Itanium & AMD64 systems |
Yes |
No |
Yes | |
|
Supports IBM z, i, p and S/390 series systems |
Yes |
No |
No | |
|
Supports systems with >2 CPUs |
Yes |
No |
No | |
|
Supports >8GB memory (x86) |
Yes |
No |
Yes | |
|
Master Site ( |
|
OpenSSH
Contains support for SSH1 and SSH2 protocols.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
The OpenSSH suite includes the program which replaces rlogin and telnet, which replaces rcp, and which replaces ftp. Also included is which is the server side of the package, and the other basic utilities like , , , , and . OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
OpenSSH is primarily developed by , and its first inclusion into an operating system was in . The software is developed outside the
二. 安装前的准备工作
服务器硬件基本情况如下,RH AS 3.0都能找到相关驱动)
主板:SUPERMICRO X5DPL
主板芯片组:Intel E7501 533FSB/Intel E7500 400FSB
CPU:Intel Xeon2.4 * 2
硬盘:SCSI RAID-5 6*36GB
内存:2GB DDR266 ECC Reg
RAID卡:Adaptec 2010S Ultra 320/Adaptec 2110S Ultra 160
网卡:Intel 82551 100MB NIC/Intel 82545EM 1000MB NIC
PC机硬件基本情况如下,RH AS 3.0都能找到相关驱动)
主板: GigaByte 8LD533(PC)
主板芯片组:Intel 845GL 533 FSB
CPU: Intel P4 2.4B 533 FSB
硬盘:Seagate 80GB IDE/WD 250GB IDE
内存:512MB-1GB DDR333(实际只支持DDR266)
RAID卡:Promise TX2
网卡:RealTek 8101 100MB NIC
三. 开始安装
1. 使用CDROM引导Linux的安装盘,选择输入linux text,以文本方式安装。
注释:如果系统中有适配器不能被系统自动识别,需要输入linux dd,然后要求插入相应的适配器的驱动盘,确定后,加载相关的驱动后开始安装。
2. 系统信息检测
3. 进行Linux 安装光盘的介质完整性检查(可选)
注释:第一次使用Linux安装光盘的时候建议进行检查。可以用类似的方法依次检测所有的Linux安装光盘的介质的完整性。
4. 光盘完整性检测完毕后,继续安装。
5. 出现欢迎页面,开始安装
6. 选择安装过程的所用语言种类,默认为英语,保持默认值。
7. 选择键盘类型。选择默认值:US。
8. 选择鼠标类型,选择None(没有鼠标!!)。
9. 选择硬盘分区方式,采用Disk Druid方式。
注释:初次使用的硬盘或者RAID5硬盘组会显示没有被初始化,选择Yes进行初始化。
10. 列出系统所有的硬盘信息
注释:文件系统类型,除了swap外,都选用ext3类型。
分区原则如下:
A. 在有RAID-5的情况下:
/boot 100MB
swap 2048MB
/ 24000MB
/data 剩余的其他硬盘空间
B. 没有RAID-5,有2块
第一个硬盘(sda):
/boot
swap
/ 剩余的空间
第二个硬盘(sdb):
/data 整个硬盘空间
C. 在有一块IDE 80GB(邮件投入/投出服务器)的情况下:
/boot 100MB
swap 1024MB
/ 剩余的其他硬盘空间
D. 在备份服务器的情况下(1×80GB/4×250GB):
第一个硬盘(hda:80GB):
/boot 100MB
swap 2048MB
/ 剩余的其他硬盘空间
其它硬盘(hde/hdf/hdg/hdh):
/dev/hde1
/dev/hdf1
/dev/hdg1
/dev/hdh1
11. 下图是一个标准情况。
12. 选择系统引导方式,选择:lilo引导。
注释:不建议使用GRUB,因为GRUB进入单用户的方式比较麻烦。
13. 可以指定内核特定启动参数:使用默认值。
14. 修改默认的启动卷标:使用默认值。
15. 选择boot启动块存放位置:使用默认值(master boot record)。
注释:没有图,在安装时请参照具体的界面选择。
16. 网络配置
注释:Squid服务器和防火墙服务器需要使用2块网卡。
其它服务器一律使用那块1000MB的网卡,100MB的网卡不激活。
对于1000MB网卡:
取消选中:Configure using DHCP
选中:Activate on Boot
对于100MB网卡:
取消选中:Configure using DHCP
取消选中:Activate on Boot
配置网卡参数:
IP地址:
子网掩码(Netmask):
缺省网关(Gataway):
DNS服务器:202.106.0.20,202.99.8.1,202.94.1.33
17. 指定主机名(Host Name):具体的名字详见相关文档。
18. 选择防火墙方式:选择No firewall。
19. 选择添加的系统支持语种。
使用默认值English(USA),并增加简体中文:Chinese(P.R. of China)。
20. 选择系统默认语种:English(USA)。
21. 选择系统时区:选择Asia/Shanghai(中国地区)。
22. 设定root密码:初始密码为system(小写)。
23. 出现软件组安装欢迎页面。
一定要选中:Customize Software Selection,这样可以自己选择要安装的RPM包。
选择安装包说明:
不安装的(19项)
x windows system
gnome desktop envirnment
kde desktop envionment
engineering and scientific
graphical internet
office/productivity
sound and viedo
authoring and publishing
graphics
games and entertainment
web server
sql database
mysql server
network servers
legacy network server(telnet server,rwho等)
gnome software development
kde software development
printing support
注意不要选择:everything(完全安装所有RPM包)
安装的包(13项):
editors
text-based internet(lynx,links等)
server configuration tools
mail server(sendmail,imap等)
windows file server
dns name server
ftp server
development tools
kernel development
x software development(libpng,gd等)
legacy software development(兼容老gcc等)
administration tools
system tools(注意选中sysstat)
需要安装包的截图列表:
注意:选完包后,应该为
24. 开始安装
会依次要求插入其他几张CDROM介质
按照这个选择包的方法,不需要使用RH AS 3.0的第四张盘!!!
25. 出现Congratulation页面,安装结束。
26. 系统重新启动,一定要拿出CDROM安装介质。
27. 系统启动后的界面。
四. 系统安装后需要做的工作。
1. 系统会自动安装httpd包,即使安装的时候没有选择www服务。需要进行手工卸载。
以下四部可以干净的卸载httpd,php。
# rpm -e squirrelmail-
# rpm -e php-
# rpm -e redhat-config-httpd-
# rpm -e httpd-
2. 确认网络没有问题。
ping 192.168.123.254
[root@backup1 root]# ping 192.168.123.254
64 bytes from 192.168.123.254: icmp_seq=0 ttl=64 time=2.28 ms
64 bytes from 192.168.123.254: icmp_seq=1 ttl=64 time=2.87 ms
64 bytes from 192.168.123.254: icmp_seq=2 ttl=64 time=1.32 ms
--- 192.168.123.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2021ms
rtt min/avg/max/mdev = 1.328/2.159/2.870/0.636 ms, pipe 2
[root@backup1 root]#
# ping sina.com.cn
[root@backup1 root]# ping
64 bytes from 202.106.185.237: icmp_seq=0 ttl=56 time=3.04 ms
64 bytes from 202.106.185.237: icmp_seq=1 ttl=56 time=2.93 ms
64 bytes from 202.106.185.237: icmp_seq=2 ttl=56 time=3.06 ms
64 bytes from 202.106.185.237: icmp_seq=3 ttl=56 time=4.47 ms
64 bytes from 202.106.185.237: icmp_seq=4 ttl=56 time=3.18 ms
64 bytes from 202.106.185.237: icmp_seq=5 ttl=56 time=21.9 ms
--- libra.sina.com.cn ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 9043ms
rtt min/avg/max/mdev = 2.938/6.440/21.925/6.944 ms, pipe 2
3. 设置时间同步
crontab -e
加入
#Update Time Everyday
00 02 * * * /usr/sbin/ntpdate 202.106.196.19
注意:请确保系统中要安装了ntp-
建议执行一次:
# /usr/sbin/ntpdate 202.106.196.19
这个说明没有找到NTP服务器:
[root@SM001 root]# /usr/sbin/ntpdate 202.106.196.19
8 Nov 11:38:43 ntpdate[9551]: no server suitable for synchronization found
ntp-
[root@SM001 root]# rpm -qil ntp-
Name : ntp
Relocations: (not relocateable)
Version :
Vendor: Red Hat, Inc.
Release : 4
Build Date: Thu 11 Sep 2003 05:38:43 PM CST
Install Date: Thu 06 Nov 2003 02:26:56 PM CST
Build Host: bugs.devel.redhat.com
Group : System Environment/Daemons
Source RPM: ntp-
Size : 2266266
License: distributable
Signature : DSA/SHA1,
Thu 25 Sep 2003 01:42:13 AM CST, Key ID 219180cddb
Packager : Red Hat, Inc. <
URL :
Summary : Synchronizes system time using the
Network Time Protocol (NTP).
Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. The ntp package contains
utilities and daemons that will synchronize your computer's time to
Coordinated Universal Time (UTC) via the NTP protocol and NTP servers.
The ntp package includes ntpdate (a program for retrieving the date
and time from remote machines via a network) and ntpd (a daemon which
continuously adjusts system time).
Install the ntp package if you need tools for keeping your system's
time synchronized via the NTP protocol.
/etc/ntp
/etc/ntp.conf
/etc/ntp/keys
/etc/ntp/step-tickers
/etc/rc.d/init.d/ntpd
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/sbin/ntp-genkeys
/usr/sbin/ntp-wait
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/ntptimeset
/usr/sbin/ntptrace
/usr/sbin/tickadj
4. 设置定时检查磁盘空间报告(检查磁盘空间和日志大小)
crontab –e
加入:
#Check Disk everyday
00 03 * * * /var/check_disk.sh
[root@WWW1 root]# less /var/check_disk.sh
#Write by Francis Hao
#Update on 0606,2003
#Add for check disk space
#----Begin-----
/bin/cat /dev/null > /var/mailbody.txt
/bin/cat /dev/null > /var/mailcontent.txt
/bin/cat /dev/null > /var/mailheader.txt
/bin/echo "From: root@211.154.46.196" >> /var/mailheader.txt
/bin/echo "To: Xiaofei.Hao@18dx.com" >> /var/mailheader.txt
/bin/echo "Cc: blade@18dx.com" >> /var/mailheader.txt
/bin/echo "Cc: Yong.Cui@dudu-inc.com" >> /var/mailheader.txt
/bin/echo "Subject: Server_211.154.46.196(18DX_WWW2_RH_73) Disk report" >> /var/mailheader.txt
/bin/df -h >> /var/mailbody.txt
ls -alh /data/logs/ >> /var/mailbody.txt
#ls -alh /usr/local/apache/logs/www.focus.com.cn-access_log >> /var/mailbody.txt
#/bin/ls -alh /usr/local/apache/logs/*-access_log* >> /var/mailbody.txt
/bin/cat /var/mailheader.txt /var/mailbody.txt >> /var/mailcontent.txt
/usr/sbin/sendmail -t < /var/mailcontent.txt
#----Add for check disk space over----
注意:请根据服务器的IP地址和主机名修改相应的地方。
RedHat 9.0/RH AS 3.0需要把sendmail服务打开才能发送邮件。
5. 双网卡,网关设置
如果激活了双网卡,需要在文件:/etc/sysconfig/network中加入
GATEWAY=eth0
6. 取消多余的服务
使用ntsysv 命令取消系统中多余的服务,激活的服务有:
Crontab
Network
Sendmail(需要发送磁盘空间检查的都要打开)
Sshd
Syslog
Random
Vsftpd
7. Disable 匿名FTP服务
默认安装完的vsftpd是允许匿名FTP访问的,必须关闭匿名FTP访问:
修改配置文件:
/etc/vsftpd/vsftpd.conf
将anonymous_enable=YES改为anonymous_enable=NO
8. 升级到最新的openssh
重新编译openssh,使用最新版本openssh-3.7.1p2
# tar zxfv openssh-3.7.1p2.tar.gz
# cd openssh-3.7.1p2
# vi version.h
改为:
#define SSH_VERSION "OpenSSH_18DX" 来隐藏SSH标识
# ./configure
# make
# make install
如果提示有错误,加上用户sshd:
# useradd sshd
# vi /usr/local/ssh_config /usr/local/sshd_config
将缺省的端口22 改为 7710
vi /etc/init.d/sshd
将:
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
改为:
KEYGEN=/usr/local/bin/ssh-keygen
SSHD=/usr/local/sbin/sshd
重新启动sshd
# /etc/rc.d/init.d/sshd restart
9. 系统语言设置
安装多个语言包后,有些界面会出现乱码的情况。
修改/etc/sysconfig/i18n
改为LANG="en_US"
