Additional information Doc, this might help.
Redhat 7.1 has a new Firewall feature that may be enabled upon
installation. She also need to know this and probably provide her a basic
security info on Linux. (ipchains/ Iptables,Tripwire etc.)
On Sun, 9 Sep 2001, Pablo Manalastas wrote:
>
> I sent the following email to a colleague who will be teaching
> the Linux installation course in HP-Singapore. If you find
> anything wrong with the instructions that I sent her, please
> post your corrections here. Thanks.
>
> PMana
>
> ======
>
> Katherine,
>
> After teaching the HP course, "Linux installation and configuration",
> using RedHat 7.1, I would like to make the following recommendations:
>
> 1. On many machines (at least three that we tried), the network driver
> 3c59x is autoloaded during boot time using the load options indicated
> in /etc/modules.conf (the "eth0" line), but when the kernel daemon
> notices that there is no network activity for some time, this
> driver is automatically unloaded from the kernel, causing loss of
> network connectivity. An "ifconfig" command shows that "lo" is
> the only active network interface, and that "eth0" does not exist.
>
> I suggest the following "fixes":
>
> a. If you want temporary reconnection to the network, just start
> networking again, using the init script,
>
> /etc/rc.d/init.d/network start.
>
> The trouble with this fix is that it is temporary, and the kernel
> daemon will again unload the network support some time later.
> At that time, you can start the network init script again.
> Obviously, this can cause a lot of frustration.
>
> b. Modify the "eth0" entry in the /etc/modules.conf file, so that
> the 3c59x module is loaded permanently. To do this, you need to
> read the man pages for modprobe, insmod, rmmod, and modules.conf.
>
> c. Disable kerneld, the kernel daemon, by compiling a new kernel
> with no kerneld support. If you do this, you will not be able
> to automatically load support for other modules, and so is not
> a good idea.
>
> d. Compile a new kernel that has the network driver (3c59x)
> permanently included and not a loadable module. This is the
> recommended fix. Do not forget to run lilo to install the
> new kernel. Also you need to comment out the "eth0" line
> in /etc/modules.conf (a # at the start of the line should do
> the trick). This tells the boot time scripts that the network
> driver is now part of the kernel and not a loadable module.
> I recommend that you use the stock kernel version 2.4.2-X
> that ships with RedHat 7.1 when you compile this new kernel.
> Using the latest kernel version 2.4.9 breaks some of the
> RedHat apps that were compiled against 2.4.2. For example,
> NFS might stop working because nfs-utils compiled against
> 2.4.2 does not work with 2.4.9.
>
> 2. The stock sendmail that ships with RedHat 7.1 comes with the
> file /etc/mail/sendmail.cf that is configured to support only
> localhost mail. You can only send mail to a user on the same
> machine, but not across the network to a user on another machine.
>
> You can easily fix this by generating a new sendmail.cf file
> that supports smtp across machines.
> Look for the sendmail source code, and in the directory ./cf/cf
> look for the file tcpproto.mc. Modify this file to your taste.
> The recommendations given in ./cf/README should be taken into
> account when modifying ./cf/cf/tcpproto.mc. I suggest that you
> copy ./cf/cf/tcpproto.mc to ./cf/cf/mysendmail.mc and do your
> changes here. Run m4 to produce mysendamil.cf from the
> mysendmail.mc file. Then copy mysendmail.cf to
> /etc/mail/sendmail.mc. Restart the email service by running
> the script,
>
> /etc/rc.d/init.d/sendmail restart
>
> 3. The default RedHat 7.1 installation is more secure that RedHat 6.X.
> To do this, 7.1 shipped with the more secure xinetd, instead
> of the traditional inetd+tcpwrapper. Because of this you can not
> find the config file /etc/inetd.conf mentioned in the HP-Linux
> manuals. Instead, you have /etc/xinetd.conf and the directory
> /etc/xinetd.d containing configuration files for each one of
> the services finger, rlogin, telnet, wu-ftd, etc. All of these
> services are DISABLED, and so you can not do any of the lab exercises
> on telnet, NFS, etc mentioned in the HP-Linux manuals. You have to
> explicitly/manually enable each of the services that you need. For
> example, to enable telnet, edit the file /etc/xinetd.d/telnet
> and change the line "disable=yes" to "disable=no". You might also
> need to add a line to enable telnet to individual ports like
> 23(login), 25(mail), 80(http), etc. See "man xinetd" for
> additional instructions. After making the changes that you want
> to /etc/xinetd.d/telnet, you need to restart the xinetd server
> using the script
>
> /etc/rc.d/init.d/xinetd restart.
>
> Good luck. I think that the effort that we make in getting RedHat 7.1
> to work with the HP-Linux courseware will pay off in the end.
>
> Regards,
>
> Pablo
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
