Scientific Linux 6.1 で自宅サーバー再構築(その2)
September 21, 2011 – 7:25 pm我がサーバーのOSとして、今までお世話になったCentOSに代え、Scientific Linuxを使うことにした。
Scientfic Linuxのインストールから初期設定など主要部分についてメモしておく。
Scientific Linux 6.1のインストール: Scientific Linux 6.1(SL6.1) のインストールは、Scientific Linuxのダウンロードサイト からisoファイルをダウンロードし、DVDメディアを作成し、これを用いた。
ダウンロードサイトから入手可能なisoファイルのうち、今回のインストール作業には
SL-61-x86_64-2011-07-27-Install-DVD.iso
を用いた。
インストール作業にあたっては、インストール画面のインストラクションに沿って作業をすすめた。このうち、インストールタイプとして「Minimal Desktop」を選択しているが、これはOSのインストール時に不必要なものをできるだけ取り込まないようにし、必要な各種サービスあるいはアプリケーションなどについて、逐次、追加することにしたことによる。
初期的な設定:「初期的」な設定について、以下、項目別に簡単に記す:
・ネットワークの設定
(1) NICを以下のように設定し、固定IPアドレス(Local Address)を割り振る
[root@yamasserver01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" BOOTPROTO=none NM_CONTROLLED="yes" ONBOOT="yes" HWADDR=BC:AE:C5:12:78:E2 TYPE=Ethernet IPADDR=192.168.11.111 PREFIX=24 GATEWAY=192.168.11.1 DNS1=202.224.32.1 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth0"Networkサービスを再起動
[root@yamasserver01 ~]# service network restart Shutting down interface eth0: Device state: 3 (disconnected) [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Active connection state: activated Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1 [ OK ](2) IPv6を無効化: IPv6を使用しない状態でこれを有効にしておくと、ネットワークへの接続にかなりの遅延が生じる。これを避けるため、IPv6をはっきりと無効にしておく。その後,rebootしnetworkを起動スクリプトに登録:
[root@yamasserver01 ~]# echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf [root@yamasserver01 ~]#reboot [root@yamasserver01 ~]# chkconfig network on [root@yamasserver01 ~]# ifconfig eth0 Link encap:Ethernet HWaddr BC:AE:C5:12:78:E2 inet addr:192.168.11.111 Bcast:192.168.11.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1994520 errors:0 dropped:0 overruns:0 frame:0 TX packets:2251468 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:896456449 (854.9 MiB) TX bytes:1752853333 (1.6 GiB) Interrupt:38 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:7035 errors:0 dropped:0 overruns:0 frame:0 TX packets:7035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2611662 (2.4 MiB) TX bytes:2611662 (2.4 MiB)
・yum repository の設定
(1) Scientific Linux の yum repository は近くのミラーサイトを参照するように設定されていない。このため、jaistとrikenのサイトを参照するようにbasse urlを書き換えた
/etc/yum.repos.d/sl.repo:
[sl] name=Scientific Linux $releasever - $basearch baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/os/ http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/$basearch/os/ http://ftp.riken.jp/Linux/scientific/$releasever/$basearch/os/ http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/os/ http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/os/ ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/os/ #mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-base-6.txt enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson [sl-security] name=Scientific Linux $releasever - $basearch - security updates baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/$basearch/updates/security/ http://ftp.riken.jp/Linux/scientific/$releasever/$basearch/updates/security/ http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ #mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-security-6.txt enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson/etc/yum.repos.d/sl-update.repo:
[sl-fastbugs] name=Scientific Linux $releasever - $basearch - fastbug updates baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/ http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/$basearch/updates/fastbugs/ http://ftp.riken.jp/Linux/scientific/$releasever/$basearch/updates/fastbugs/ http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/ http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/ ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/ #mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-fastbugs-6.txt enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson [sl-debuginfo] name=Scientific Linux Debuginfo baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/ http://ftp.ne.jp/Linux/packages/scientificlinux/$releasever/archive/debuginfo/ http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/archive/debuginfo/ http://ftp1.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/ http://ftp2.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/ ftp://ftp.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/ enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson [sl-testing] name=Scientific Linux Testing - $basearch baseurl=http://ftp.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/ http://ftp.jaist.ac.jp/pub/Linux/scientific/6rolling/testing/$basearch/ http://ftp.riken.jp/Linux/scientific/6rolling/testing/$basearch/ http://ftp1.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/ http://ftp2.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/ ftp://ftp.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/ enabled=0 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson [sl-testing-source] name=Scientific Linux Testing - Source baseurl=http://ftp.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/ http://ftp.jaist.ac.jp/pub/Linux/scientific/6rolling/testing/SRPMS/ http://ftp.riken.jp/Linux/scientific/6rolling/testing/SRPMS/ http://ftp1.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/ http://ftp2.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/ ftp://ftp.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/ enabled=0 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson(2) RPMforge と Epel の repository を yum を用いて追加
Epel repository の追加:[root@yamasserver01 ~]# yum install epel-release Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:6-5 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================= Package Arch Version Repository Size ========================================================================================================= Installing: epel-release noarch 6-5 sl 13 k Transaction Summary ========================================================================================================= Install 1 Package(s) Total download size: 13 k Installed size: 22 k Is this ok [y/N]: y Downloading Packages: epel-release-6-5.noarch.rpm | 13 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : epel-release-6-5.noarch 1/1 Installed: epel-release.noarch 0:6-5 Complete!RPMforgeの追加: Epelと同様(省略)
vi /etc/yum.repos.d/epel.repo:
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] name=Extra Packages for Enterprise Linux 6 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 6 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1vi /etc/yum.repos.d/rpmforge.repo:
### Name: RPMforge RPM Repository for RHEL 6 - dag ### URL: http://rpmforge.net/ [rpmforge] name = RHEL $releasever - RPMforge.net - dag baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge enabled = 0 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag gpgcheck = 1 [rpmforge-extras] name = RHEL $releasever - RPMforge.net - extras baseurl = http://apt.sw.be/redhat/el6/en/$basearch/extras mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-extras #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-extras enabled = 0 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag gpgcheck = 1 [rpmforge-testing] name = RHEL $releasever - RPMforge.net - testing baseurl = http://apt.sw.be/redhat/el6/en/$basearch/testing mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-testing #mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-testing enabled = 0 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag gpgcheck = 1
・NTPサーバーの導入と設定
[root@yamasserver01 yum.repos.d]# yum install ntp\* Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.4p8-2.el6 will be installed --> Processing Dependency: libedit.so.0()(64bit) for package: ntp-4.2.4p8-2.el6.x86_64 ---> Package ntp-doc.noarch 0:4.2.4p8-2.el6 will be installed ---> Package ntp-perl.x86_64 0:4.2.4p8-2.el6 will be installed --> Processing Dependency: perl(Socket) for package: ntp-perl-4.2.4p8-2.el6.x86_64 --> Processing Dependency: perl(vars) for package: ntp-perl-4.2.4p8-2.el6.x86_64 --> Processing Dependency: /usr/bin/perl for package: ntp-perl-4.2.4p8-2.el6.x86_64 --> Processing Dependency: perl(Getopt::Std) for package: ntp-perl-4.2.4p8-2.el6.x86_64 ---> Package ntpdate.x86_64 0:4.2.4p8-2.el6 will be installed --> Running transaction check ---> Package libedit.x86_64 0:2.11-4.20080712cvs.1.el6 will be installed ---> Package perl.x86_64 4:5.10.1-119.el6 will be installed --> Processing Dependency: perl-libs = 4:5.10.1-119.el6 for package: 4:perl-5.10.1-119.el6.x86_64 --> Processing Dependency: perl-libs for package: 4:perl-5.10.1-119.el6.x86_64 --> Processing Dependency: perl(Pod::Simple) for package: 4:perl-5.10.1-119.el6.x86_64 --> Processing Dependency: perl(version) for package: 4:perl-5.10.1-119.el6.x86_64 --> Processing Dependency: perl(Module::Pluggable) for package: 4:perl-5.10.1-119.el6.x86_64 --> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.10.1-119.el6.x86_64 --> Running transaction check ---> Package perl-Module-Pluggable.x86_64 1:3.90-119.el6 will be installed ---> Package perl-Pod-Simple.x86_64 1:3.13-119.el6 will be installed --> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.13-119.el6.x86_64 ---> Package perl-libs.x86_64 4:5.10.1-119.el6 will be installed ---> Package perl-version.x86_64 3:0.77-119.el6 will be installed --> Running transaction check ---> Package perl-Pod-Escapes.x86_64 1:1.04-119.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================== Package Arch Version Repository Size ====================================================================================================================== Installing: ntp x86_64 4.2.4p8-2.el6 sl 444 k ntp-doc noarch 4.2.4p8-2.el6 sl 824 k ntp-perl x86_64 4.2.4p8-2.el6 sl 25 k ntpdate x86_64 4.2.4p8-2.el6 sl 57 k Installing for dependencies: libedit x86_64 2.11-4.20080712cvs.1.el6 sl 73 k perl x86_64 4:5.10.1-119.el6 sl 10 M perl-Module-Pluggable x86_64 1:3.90-119.el6 sl 36 k perl-Pod-Escapes x86_64 1:1.04-119.el6 sl 28 k perl-Pod-Simple x86_64 1:3.13-119.el6 sl 208 k perl-libs x86_64 4:5.10.1-119.el6 sl 574 k perl-version x86_64 3:0.77-119.el6 sl 47 k Transaction Summary ====================================================================================================================== Install 11 Package(s) Total download size: 12 M Installed size: 38 M Is this ok [y/N]: y Downloading Packages: (1/11): libedit-2.11-4.20080712cvs.1.el6.x86_64.rpm | 73 kB 00:00 (2/11): ntp-4.2.4p8-2.el6.x86_64.rpm | 444 kB 00:00 (3/11): ntp-doc-4.2.4p8-2.el6.noarch.rpm | 824 kB 00:01 (4/11): ntp-perl-4.2.4p8-2.el6.x86_64.rpm | 25 kB 00:00 (5/11): ntpdate-4.2.4p8-2.el6.x86_64.rpm | 57 kB 00:00 (6/11): perl-5.10.1-119.el6.x86_64.rpm | 10 MB 00:10 (7/11): perl-Module-Pluggable-3.90-119.el6.x86_64.rpm | 36 kB 00:00 (8/11): perl-Pod-Escapes-1.04-119.el6.x86_64.rpm | 28 kB 00:00 (9/11): perl-Pod-Simple-3.13-119.el6.x86_64.rpm | 208 kB 00:00 (10/11): perl-libs-5.10.1-119.el6.x86_64.rpm | 574 kB 00:00 (11/11): perl-version-0.77-119.el6.x86_64.rpm | 47 kB 00:00 ---------------------------------------------------------------------------------------------------------------------- Total 846 kB/s | 12 MB 00:15 warning: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID 192a7d7d: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl Importing GPG key 0x192A7D7D: Userid : Scientific Linux (RPM signing key for Scientific Linux) <scientific-linux-devel@fnal.gov> Package: sl-release-6.1-2.x86_64 (@anaconda-ScientificLinux-201107271550.x86_64) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-sl Is this ok [y/N]: y Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson Importing GPG key 0x82FD17B2: Userid : Troy Dawson (Spiky Hair Hawaiian Shirts) <dawson@fnal.gov> Package: sl-release-6.1-2.x86_64 (@anaconda-ScientificLinux-201107271550.x86_64) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-dawson Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 1:perl-Pod-Escapes-1.04-119.el6.x86_64 1/11 Installing : 4:perl-libs-5.10.1-119.el6.x86_64 2/11 Installing : 1:perl-Module-Pluggable-3.90-119.el6.x86_64 3/11 Installing : 3:perl-version-0.77-119.el6.x86_64 4/11 Installing : 1:perl-Pod-Simple-3.13-119.el6.x86_64 5/11 Installing : 4:perl-5.10.1-119.el6.x86_64 6/11 Installing : libedit-2.11-4.20080712cvs.1.el6.x86_64 7/11 Installing : ntpdate-4.2.4p8-2.el6.x86_64 8/11 Installing : ntp-4.2.4p8-2.el6.x86_64 9/11 Installing : ntp-doc-4.2.4p8-2.el6.noarch 10/11 Installing : ntp-perl-4.2.4p8-2.el6.x86_64 11/11 Installed: ntp.x86_64 0:4.2.4p8-2.el6 ntp-doc.noarch 0:4.2.4p8-2.el6 ntp-perl.x86_64 0:4.2.4p8-2.el6 ntpdate.x86_64 0:4.2.4p8-2.el6 Dependency Installed: libedit.x86_64 0:2.11-4.20080712cvs.1.el6 perl.x86_64 4:5.10.1-119.el6 perl-Module-Pluggable.x86_64 1:3.90-119.el6 perl-Pod-Escapes.x86_64 1:1.04-119.el6 perl-Pod-Simple.x86_64 1:3.13-119.el6 perl-libs.x86_64 4:5.10.1-119.el6 perl-version.x86_64 3:0.77-119.el6 Complete!localeを東京時間に設定:
[root@yamasserver01 ~]## cp /usr/share/zoneinfo/Asia/Tokyo /etc/localtime cp: overwrite `/etc/localtime'? y [root@yamasserver01 ~]## date Fri Aug 26 16:27:53 JST 2011
・SSH の設定:
rootでのLoginを行わないよう/etc/ssh/sshd.config のうち、次の2行について
#PermitRootLogin yes #PermitEmptyPasswords noそれぞれ下記のように変更
PermitRootLogin no PermitEmptyPasswords no変更後、サービスを再起動:
[root@yamasserver01 ssh]# service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
・ファイアウォールの構築: iptables を用いて、サーバー上にファイアウォールを構築し、公開サービス以外のポートへのアクセスをブロックする。また、sshd などへのアクセス制限を行う。アクセス制限の方法については、不正アクセスの波がやってきた を参照のこと。