Installation Notes

The following are literally notes and tips. The Linux installation document is very clear and straight forward.

3.1 Hardware Needed for a Home LAN

You'll need 2 or more computers, the Linux installation software, preferably on cd-rom, your Windows installation floppies and CD, 2 ethernet cards in the Linux box, including the one already connected to a cable modem, DSL modem, etc., 1 ethernet card in each additional machine, a small ethernet hub, and additional ethernet cables to connect the machines to the hub).

Note: On an Intel platform, you must have at least an i386 processor. Linux runs fine on older machines, so there's not necessarily any reason to purchase the latest and greatest to run Linux. Memory is more important than CPU horsepower.

Note: In a 2 machine setup, you could replace the hub and additional cables with a "crossover" ethernet cable running between the two machines. The crossover cable connects the two ethernet cards directly, much as a null modem cable between to two serial ports.

Note: In a 2 machine setup, you could replace the hub with a 10base2 (thinnet) setup if your ethernet card includes a BNC connector. (Thanks to Kevin Ormbrek.)

3.2 Before You Begin

Presumably, your Intel machine is running Microsoft Windows at this point. Take the time to use the system tools and documentation to identify every piece of hardware information you can find before starting the Linux installation. Write this down. You'll need some piece of information about almost every board and device somewhere along the line during installation and setup. If you intend to run X-Windows, pay special attention to the video card and monitor information.

Things to pay special attention to include:

  • Device IRQ settings.
  • Mouse type and manufactuer.
  • Video card type, make, model, chip set and amount of onboard ram.
  • Monitor resolutions, color depth, horizontal frequency range, vertical frequency, and interlaced or non-interlaced.
  • SCSI adapter and devices, if any.
  • CD-ROM type, make and model (probably ATAPI).
  • Sound card type, make and model.
  • Ethernet card type, make, model, chip set, IRQ, and bus base address. The hardware ethernet address of the card connected to the internet, if you haven't already registered this address with your ISP. (If you connected to the internet from this machine earlier, or if your ISP doesn't require you to register your MAC address, then you're all set.)
  • Phone modem make, model, speed.
  • Your hostname, domain name and nameserver IP addresses.
  • Your IP address, if it's statically assigned.

While you're still running Windows, make sure you can connect to your ISP or your favorite internet site. This might be a good time to visit www.redhat.com and double check that your hardware, especially your ethernet and video cards, are supported under Linux.

3.3 Keeping a Windows Partition

If you're starting out with a single drive system, chances are Windows is living in a single partition spanning the entire disk. This is gonna change. Be sure you've backed up anything you don't want to lose.

What you decide to do here is going to depend on your own tastes, and whether or not the ethernet card connected to the internet can easily be moved to another machine on your LAN. If your ISP repair comes visiting one day, their tools are for Windows and Macintosh machines, not Linux. They can work around that by plugging directly into your modem, but they'll be partially crippled, and it's probably confusing enough to face a different configuration in each customer's home as it is. So, it might be a good idea to keep a minimal Windows partition (on a single drive system), at least until you have confidence in your Linux setup.

This means you'll need to repartition your hard drive, allocating as small a Windows partition as you can. Then you'll have to re-install Windows. The Linux installation process will you let partition the rest of the disk later.

3.4 Swap Space

If you have plenty of memory or don't intend to run X-Windows, Netscape or memory intensive programs, then the installation manual recommendations are probably adequate and you'll find that your system rarely uses the swap space available.

If you use Netscape, CDE, graphics programs, or build large programs, you can quickly run out of memory and swap. You can define additional swap files later, but using a regular swap partition is the better choice.

Ignore the installation manual in this case. Linux allows a maximum of 128 MB of addressable swap space per swap partition. Allocate the maximum now and you won't have to worry about it later.

Changing the size of the swap partition at a later date will probably mean having to recreate other partitions, as well. Allocating the maximum leaves room for the day you decide to add more physical memory, look at that humungous jpeg image of your Family and Friends, watch the latest space station video clip, or play that cool, video intensive network game.

At a bare minimum, a typical Unix configuration is set up with a swap space equal to the size of physical memory. (Typical UNIX workstations usually have swap space set to two to three times the size of physical memory.) The standard rule of thumb doesn't seem to hold for Linux, however. The amount of swap space needed seems to be inversely related to the amount of RAM. Unfortunately, I have no metrics. At 32MB of RAM, I was constantly running out of swap while using Netscape. At 128 MB of RAM, swap space is rarely used at all - but my reference machine is primarily a server and firewall.

3.5 Choosing Packages to Install

Provided your have the memory to run X Windows comfortably, install all of them if you have the disk space (e.g. 1.5 GB or more). Once the system is up and running, it's much easier to remove unwanted packages using either glint or rpm than it is to select individual packages in the initial setup environment.

3.6 Configuring TCP/IP Networking

You'll be able to configure the network interface as soon as you're up and running. This will be more convenient if you're running X Windows at the time.

Use the network configuration tool available through the control-panel program to configure networking.

Names

Enter your computer's host name, your domain name, and the IP addresses of your name servers.

Hosts

Be sure there's a line: 

127.0.0.1       localhost

If you have a static IP address, add a line for your IP address and fully qualified host name.

Interfaces

Be sure there's a line: 

Interface       IP      proto   atboot  active
lo           127.0.0.1  none    yes     active

If you have a dynamically assigned IP address from your ISP's DHCP server, add a line like this (using eth0 for the external interface in this example). 

eth0                    dhcp    yes     active

If you have a static IP address, add a line like this (using eth0 for the external interface in this example). 

eth0         <IP address>    none    yes     active

If you have a second internal interface, add a line like this: 

eth1         <IP address>    none    yes     active

Routing

If you have a LAN, enable the Network Packet Forwarding option. Leave the other settings blank.

3.8 Selecting Services to Start Automatically on Reboot

The first step in securing your system is deciding which services and daemons you intend to run. Each service has its own security considerations. When it comes to selecting services to run under UNIX, the general rule of thumb is: if you don't need it, use it or understand it, then just don't run it.

You'll need or want crond, inetd, kerneld, keytable, network, random, syslog and local.

Do NOT enable dhcpd. This is the daemon that your ISP is using to provide their customers with dynamic IP addresses. Running the daemon yourself could interfere with their DHCP service, and probably cause havoc for you and other customers.

I'm making a special point of this because the names of the illegal server, dhcpd, and the client daemon you need to run, dhcpcd, are easily confused.

Do not enable portmap unless you really need RPC services. Pay special attention to related security issues if you need to use any of these services. portmap is the single most exploited service today.

Also of particular concern are NFS mountd, pppd, and imapd. mountd was the source of many recent successful hacking attempts due to a security flaw in mountd. Also, pppd and imapd are the other two most frequent successful points of entry into a system.

Most people won't need amd, autofs, gated, nfs, nfsfs, routed, snmpd or NIS (ypbind).

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred network auditing solution?