Anything to watch out for??
- Thread starter truenegative
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Interestingly enough, I answered this question earlier tonight.tarionyx said:
Yes, you can but you'll need a public IP#, as DA won't install or run without it.
Jeff
truenegative
Verified User
- Joined
- Feb 16, 2006
- Messages
- 166
yeah the public IP thing becomes the problem because I don't usually use network bridged mode in VMware, I use NAT because it seems to work better for me, and I can isolate the VM better.
Quick question though, I was installing CentOS in VM yesterday, and I did a minimal install, and it still installed samba, and a large number of packages. What do you usually do to get a server ready for DA?
Minimal install
remove samba
update?
put on public IP
ship/bring to datacenter
ssh/console in
install DA
voila?
Anything I'm missing because I'm going to finish building the server tonite, and get CentOS on it.
Quick question though, I was installing CentOS in VM yesterday, and I did a minimal install, and it still installed samba, and a large number of packages. What do you usually do to get a server ready for DA?
Minimal install
remove samba
update?
put on public IP
ship/bring to datacenter
ssh/console in
install DA
voila?
Anything I'm missing because I'm going to finish building the server tonite, and get CentOS on it.
Remove everything you don't need - cups, pcmcia-cs, bluez-utils, isdn4kutils, ncsd, psacct, NetworkManager, netdump, kernel-utils, nfs-utils, portmap, tux, xorg-x11-libs, rhnlib, redhat-artwork, cups-libs, gamin.
For a DA system, remove other installed packages that DA will update itself.
then yum update.
I always leave in a local IP too, it doesn't hurt and its always easier when/if you have to bring it home.
I also do everything using ssh with key auth the moment I can, even on my own network - last thing you want is not to be able to connect once its far away.
I also install the firewall locally and make sure I can connect with my home IP.
I also install webmin just in case SSHD fails.
For a DA system, remove other installed packages that DA will update itself.
then yum update.
I always leave in a local IP too, it doesn't hurt and its always easier when/if you have to bring it home.
I also do everything using ssh with key auth the moment I can, even on my own network - last thing you want is not to be able to connect once its far away.
I also install the firewall locally and make sure I can connect with my home IP.
I also install webmin just in case SSHD fails.
truenegative
Verified User
- Joined
- Feb 16, 2006
- Messages
- 166
I have console access in the event that ssh doesn't work, but definitely some good suggestions!! 
which firewall do you use on the system, and what do you use to configure it? I have minimal experience with linux/bsd firewalls, and more experience with cisco ACLs/PIX, etc
which firewall do you use on the system, and what do you use to configure it? I have minimal experience with linux/bsd firewalls, and more experience with cisco ACLs/PIX, etc
truenegative
Verified User
- Joined
- Feb 16, 2006
- Messages
- 166
bump! Any suggestions for a firewall to use, or good ways to lock down the box?
nobaloney
NoBaloney Internet Svcs - In Memoriam †
We use kiss or APF. Both are for linux, and both have been discussed on these forums.
Both work by controlling the iptables userspace access to netfilter.
Is netfilter compiled in to your linux kernel?
Jeff
Both work by controlling the iptables userspace access to netfilter.
Is netfilter compiled in to your linux kernel?
Jeff
truenegative
Verified User
- Joined
- Feb 16, 2006
- Messages
- 166
jlasman said:
I'm not sure...I'm just about to start the minimal installation for CentOS
truenegative
Verified User
- Joined
- Feb 16, 2006
- Messages
- 166
well, I went through it, and everything installed fine, I locked things down, installed APF+BFD and everything looked great. Shipped the server out yesterday.
However, I installed SELinux, and I just read on here that DA won't work with SELinux....what can I do???
However, I installed SELinux, and I just read on here that DA won't work with SELinux....what can I do???
truenegative
Verified User
- Joined
- Feb 16, 2006
- Messages
- 166
well i think i just found something...
I can change /etc/selinux/config to read
SELINUX=permissive
and reboot....so i'm trying this with my VMWare install, and playing with snmpd
I can change /etc/selinux/config to read
SELINUX=permissive
and reboot....so i'm trying this with my VMWare install, and playing with snmpd