INSTALL CENTOS
Boot the CentOS 4.4 disk
Language selection :English (English)
Keyboard Configuration : US English
Upgrade Examine : Install CentOS
Installation Type : Server
Disk Partition Setup : Manually partition with Disk Druid
Your 1st disk doesn't need to be very large.
- /boot : ext3, 256Mb, force to be primary partition
- /tmp : ext3 - 2000Mb, force to be primary partition
- swap : 2000Mb, force to be primary partition
- / : ext3 - Fill to max available size, force to be primary partition
Your 2nd disk should be large. If its an IDE drive, you should put it on a separate controller to the 1st disk:
- /var/vmail : ext3, Fill to max available size, force to be primary partition. (This is where all our mailboxes and user websites are going to live)
If your server is going to be busy, and you have a 3rd disk you can make further enhancements. The disk doesn't need to be very large. Note, that if you have IDE drives, then this 3rd drive wont really help much unless you have a 3rd IDE controller available
- /var/spool/postfix : ext3. (Postfix uses this location for storing queued mail.)
Boot Loader Configuration : press next
Network Configuration :
- Choose eth0, edit
- Configure using DHCP : unticked
- Activate on boot : ticked
- IP address : eg 192.168.1.10
- Netmask : eg 255.255.255.0
- Set hostname manually : ticked
- Gateway : eg 192.168.1.1
- Primary DNS : eg 192.168.1.2
- Secondary DNS : eg 192.168.1.3
Firewall Configuration :
- Enable Firewall
- Tick : SSH, HTTP, FTP, SMTP
- Enable Selinux : Disabled
Additional Language Support :
- Tick : English ( Australia )
- Choose English (Australia) from the dropdown box at the top
Timezone Selection :
- Choose your city on the map
- System clock uses UTC : Unticked
Set root Password : ChooseSomethingGood!
Package Group Selection :
- Leave default selections as-is, except for :
- Editors : tick
- Windows file server : untick
- MySQL database : tick, Click on details, mysql-server : tick
- Development tools : tick
- Printing support : untick
TWEAK THE CENTOS INSTALL
Configure the internationalisation settings. By default CentOS will set UTF8 ( Unicode ) character encoding schemes. but I find this causes problems with the console display in my SSH client. Also some perl programs are known to have problems with the UTF8
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.original
vi /etc/sysconfig/i18n# Remove any UTF-8 entries from the LANG line
# ie change it from LANG="en_US.UTF-8" to LANG="en_US"LANG="en_US"
Import the GPG keys for software packages
rpm --import /usr/share/rhn/RPM-GPG-KEY*
Configure the log rotation scheme, to rotate daily, for 30 days, compressing the old logs
vi /etc/logrotate.conf#weekly
daily#rotate 4
rotate 30#compress
compress
Configure the NTP clock sync ( very important that mail servers have correct clock! )
vi /etc/ntp.conf#server 0.pool.ntp.org
#server 1.pool.ntp.org
#server 2.pool.ntp.org
server ntp.yourdomain.com
Tweak the firewall rules. Need to add some extra ports
TCP 20 : ftp-data
TCP 21 : ftp
TCP 110 : pop3
TCP 143 : imap
TCP 443 : https
TCP 465 : smtps
TCP 993 : imaps
TCP 995 : pop3s
UDP 161 : snmpvi /etc/sysconfig/iptables-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
Configure which services are starting at boot time. The aim is to disable any unneeded services.
chkconfig apmd off
chkconfig bluetooth off
chkconfig cpuspeed off
chkconfig cups off
chkconfig httpd on
chkconfig isdn off
chkconfig mysqld on
chkconfig netfs off
chkconfig nfslock off
chkconfig ntpd on
chkconfig pcmcia off
chkconfig portmap off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig saslauthd off
chkconfig sendmail off# these two are in Fedora, but not CentOS
chkconfig mDNSResponder off
chkconfig nifd off
For your spool and mailbox partitions, set the noatime flag. This is an important performance tweak which works by preventing the need for writing any updates to the disk when processes are reading files ( eg when Postfix's qmgr process scans mail in the queue ). I had a busy server where loads dropped from a steady 20 to sub 10's by making this simple change! Also, as a security precaution, tweak the fstab, to disable /tmp from permitting SUID or exec functionality.
vi /etc/fstabLABEL=/tmp /tmp ext3 defaults,nosuid,noexec 1 2LABEL=/var/vmail /var/vmail ext3 defaults,noatime 1 2# and if you made a dedicated partition for the postfix mail queue...
LABEL=/var/spool/postf /var/spool/postfix ext3 defaults,noatime 1 2
That noexec fstab tweak has an unfortunate side-effect of causing the "logrotate" script to break. A workaround for this is :
mkdir /var/logrotate.tmpvi /etc/cron.daily/logrotate#!/bin/sh
export TMPDIR=/var/logrotate.tmp
/usr/sbin/logrotate /etc/logrotate.conf
Take advantage of the colors and other advanced features of the vim editor, compared with basic vi editor
# only required on Fedora, a CentOS install appears to already default to vim
echo "alias vi='vim'" >> /root/.bashrc
If you are using CentOS, you can grab the "fastestmirror plugin" for yum, as this should allow your rpm downloads to run quicker
yum install centos-yum yum-plugin-fastestmirrorvi /etc/yum.confplugins=1
Then give the server a reboot
shutdown -r now
UPDATE ALL THE RPMS
Run the update manager. It will go and look for updated RPMs, then will download and install them.
TIP : If you are running a 64 bit platform eg Opteron, add this line to the /etc/yum.conf to prevent conflicts between the 64bit and non-64bit librariesvi /etc/yum.conf# add this line if you are running 64bit |
Be warned that the first update pass on Fedora can be pretty large. Its not uncommon to see 250M+ of updates to be downloaded. CentOS isnt so "bleeding edge" so for that platform there are usually a lot less updates to download.
yum update
Enable ongoing auto-updating
crontab -e# Keep up to date. Lets only do it during business hours, just to be safe :-)
#
# Dont download kernel updates, or our /boot will overflow eventually.
# Dont download mysql updates, as I have seen mysql shutdown and not automatically come back up.
#
# If we want to update kernel or mysql, we can run these manually via a "yum update".
50 10 * * 1-5 /usr/bin/yum --exclude=kernel* --exclude=hal --exclude=mysql* -y update
Give the server are reboot, so the new kernel that yum downloaded can take effect
shutdown -r now
22 komentar:
Hi !!! Good job!
Wuzzap?
Very amusing post. Thanks )
Thanks. I repost it on my Facebook.
Bob Peters, CA
Good Article
Everyone involved advertising online knows that backlink building is an essential a part of success. There are lots of link building instruments available on the market, as well as the list continues to grow provided that incoming inbound links are so crucial that you the life body of an on the internet presence. You'll be able to build the hyperlinks to your website oneself, use building links software as well as outsource the full job.
xrumer
http://xrumerblasts.in/
Good Article
Its awesome all of the time to view how folks can compose wonderful stuff about people topics! Thank you and I ve bookmarked you
However, chiropractors actually help alleviate a variety of problems., proxy facebook school. This is where individuals or even groups of people use there power to undermine the other people in the society. No one knows this more than today's professional speaker. vpn password 63. Every school makes an effort to educate the child in such a manner that his inner qualities get a platform and enough opportunity. web based vpn server
I have a contrarian streak, however, that sometimes gets me in trouble (just ask my lovely wife), but also leads me to study lesser known competitors and whether their approach is more suited to my needs. Formative assessments assess students understanding during learning through symposiums, classroom quizzes, surprise tests, projects etc., vpn not connecting on mac. I am grateful to her for all that she does. vpn error 778
While this takes care of the home cleaning professionals, there are a few things regarding you that will have to be considered too, to ensure that you or your family will not get affected with the cleaning process. vpn port forwarding draytek
The power transformers have several configurations based on segments and links. Right now is an exciting time to enter the world of satellite television. cisco vpn types. In the age of internet, every business organization needs some form of visual messages to effectively communicate with their customers and fascinate them. Even worse, it may be crumbling or filled with bugs or small animals., vpn client vista failed to. No doubt, they may exhibit an undesirable behavior when upset, tired, or hungry. vpn setup windows server 2008 r2
The numbers of people who treat you right will be smaller as time goes on, which you would know slowly. For more details visitwww., dsm server. If you are relocating to a distant destination, you can safely transfer the responsibilities of shifting all your goods to these long distance moving companies and rest in peace. private sexkontakte munchen
The company must have some professional webdesigners to implement your ideas towards your business needs. Striped bass have also been hybridized with white bass to produce hybrid striped bass also known as wiper. ospf virtual link. So as you can see, there is more to large color poster printing that you might imagine. Do not overestimate your power in the group, because when you chose to leave, you will find that the sun also rises even though without you., configure outlook web access. Majority of car owners buy fresh automotive components assuming that they're the best for their automobile. owl intranet
There also many people with lower financial resources. Instead, greater emphasis should be given to a combination of these methodologies. mysql mac os x client. Shields' grandkids are heading into a future in this country where freedom is more or less a distant memory. It will best for individuals to consult any professional health advisor., private label energy bars. Perhaps they have to match a particular outfit, or be the same colour as your car. universal remote roe c
Then go to the wall and unplug the power cord from the outlet. Just plug in the micro sim card and adapt the device to your computer., the server room. Their practicing physicians and staff understand the time constraints of a busy practice. a connectionless protocol
However, this kind of deals can be hard to come by because the people that refurbish used computers usually do not want to provide warranties., unable to load riched dll. But before going further, let’s have a look on the reasons why this show is so admired. One reason is that a new earth to sleep early changes in the environment, noise, light feel and smell changes lead to difficulty falling asleep; second reason is that overexcitement, fatigue or discomfort caused by the impact of chronic sleep. pin remote. One of the most important benefits for many home swappers is the cost savings. freebsd virtual host
Call the online church or seminary you decide to use to obtain the ordination. dublin network sport and social club
Claim your listing and get a head start on your competitors before they wise up!, neural network journal. If plaque starts build up in an artery, the artery gradually become narrows. By becoming so you are given the access to limitless flash games. servicios adsl. Later, he became a security specialist and helps the people whose lives are in danger. great wall of china virtual
The latter research was important in highlighting some of the benefits of living in clean air quality conditions. export client. One of the greatest benefits of online shopping is the ability to quickly find the product you are looking for at the lowest possible price. kc www cw network info
I got this web page from my friend who told me regarding this web site and at the moment this time I am visiting this site and reading
very informative posts here.
my page ... Ohio Moving
This info is worth everyone's attention. When can I find out more?
My blog post; mouse click the up coming article
Hey! Someone in my Myspace group shared this site with us so
I came to take a look. I'm definitely enjoying the information. I'm bookmarking and will be tweeting this
to my followers! Fantastic blog and wonderful design.
Here is my web page atlaslm.com
Posting Komentar