Scientific Linux 6.1 で自宅サーバー再構築(その2)

September 21, 2011 – 7:25 pm

我がサーバーのOSとして、今までお世話になったCentOSに代え、Scientific Linuxを使うことにした。
Scientfic Linuxのインストールから初期設定など主要部分についてメモしておく。

Scientific Linux 6.1のインストール: Scientific Linux 6.1(SL6.1) のインストールは、Scientific Linuxのダウンロードサイト からisoファイルをダウンロードし、DVDメディアを作成し、これを用いた。

ダウンロードサイトから入手可能なisoファイルのうち、今回のインストール作業には

SL-61-x86_64-2011-07-27-Install-DVD.iso

を用いた。

インストール作業にあたっては、インストール画面のインストラクションに沿って作業をすすめた。このうち、インストールタイプとして「Minimal Desktop」を選択しているが、これはOSのインストール時に不必要なものをできるだけ取り込まないようにし、必要な各種サービスあるいはアプリケーションなどについて、逐次、追加することにしたことによる。

初期的な設定:「初期的」な設定について、以下、項目別に簡単に記す:

・ネットワークの設定

(1) NICを以下のように設定し、固定IPアドレス(Local Address)を割り振る

[root@yamasserver01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO=none
NM_CONTROLLED="yes"
ONBOOT="yes"
HWADDR=BC:AE:C5:12:78:E2
TYPE=Ethernet
IPADDR=192.168.11.111
PREFIX=24
GATEWAY=192.168.11.1
DNS1=202.224.32.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

Networkサービスを再起動

[root@yamasserver01 ~]# service network restart
Shutting down interface eth0:  Device state: 3 (disconnected)
                                                           [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1
                                                          [  OK  ]

(2) IPv6を無効化: IPv6を使用しない状態でこれを有効にしておくと、ネットワークへの接続にかなりの遅延が生じる。これを避けるため、IPv6をはっきりと無効にしておく。その後,rebootしnetworkを起動スクリプトに登録:

[root@yamasserver01 ~]# echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf

[root@yamasserver01 ~]#reboot

[root@yamasserver01 ~]# chkconfig network on
[root@yamasserver01 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr BC:AE:C5:12:78:E2  
          inet addr:192.168.11.111  Bcast:192.168.11.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1994520 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2251468 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:896456449 (854.9 MiB)  TX bytes:1752853333 (1.6 GiB)
          Interrupt:38 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7035 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7035 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2611662 (2.4 MiB)  TX bytes:2611662 (2.4 MiB)

・yum repository の設定

(1) Scientific Linux の yum repository は近くのミラーサイトを参照するように設定されていない。このため、jaistとrikenのサイトを参照するようにbasse urlを書き換えた

/etc/yum.repos.d/sl.repo:

[sl]
name=Scientific Linux $releasever - $basearch
baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/os/
                http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/$basearch/os/
                http://ftp.riken.jp/Linux/scientific/$releasever/$basearch/os/
                http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/os/
                http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/os/
                ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/os/
#mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-base-6.txt
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson

[sl-security]
name=Scientific Linux $releasever - $basearch - security updates
baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/
                http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/$basearch/updates/security/
                http://ftp.riken.jp/Linux/scientific/$releasever/$basearch/updates/security/
                http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/                http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/
                ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/
#mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-security-6.txt
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson

/etc/yum.repos.d/sl-update.repo:

[sl-fastbugs]
name=Scientific Linux $releasever - $basearch - fastbug updates
baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/
                http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/$basearch/updates/fastbugs/
                http://ftp.riken.jp/Linux/scientific/$releasever/$basearch/updates/fastbugs/
                http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/                http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/                ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/fastbugs/
#mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-fastbugs-6.txt
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson

[sl-debuginfo]
name=Scientific Linux Debuginfo
baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/
                http://ftp.ne.jp/Linux/packages/scientificlinux/$releasever/archive/debuginfo/
                http://ftp.jaist.ac.jp/pub/Linux/scientific/$releasever/archive/debuginfo/
                http://ftp1.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/                http://ftp2.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/                ftp://ftp.scientificlinux.org/linux/scientific/$releasever/archive/debuginfo/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson


[sl-testing]
name=Scientific Linux Testing - $basearch
baseurl=http://ftp.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/                http://ftp.jaist.ac.jp/pub/Linux/scientific/6rolling/testing/$basearch/                http://ftp.riken.jp/Linux/scientific/6rolling/testing/$basearch/                http://ftp1.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/                http://ftp2.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/                ftp://ftp.scientificlinux.org/linux/scientific/6rolling/testing/$basearch/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson

[sl-testing-source]
name=Scientific Linux Testing - Source
baseurl=http://ftp.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/                http://ftp.jaist.ac.jp/pub/Linux/scientific/6rolling/testing/SRPMS/                http://ftp.riken.jp/Linux/scientific/6rolling/testing/SRPMS/                http://ftp1.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/                http://ftp2.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/                ftp://ftp.scientificlinux.org/linux/scientific/6rolling/testing/SRPMS/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson

(2) RPMforge と Epel の repository を yum を用いて追加
Epel repository の追加:

[root@yamasserver01 ~]# yum install epel-release
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:6-5 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================
 Package                       Arch                    Version                 Repository           Size
=========================================================================================================
Installing:
 epel-release                  noarch                  6-5                     sl                   13 k

Transaction Summary
=========================================================================================================
Install       1 Package(s)

Total download size: 13 k
Installed size: 22 k
Is this ok [y/N]: y
Downloading Packages:
epel-release-6-5.noarch.rpm                                                       |  13 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : epel-release-6-5.noarch                                                               1/1 

Installed:
  epel-release.noarch 0:6-5                                                                              

Complete!

RPMforgeの追加: Epelと同様(省略)

vi /etc/yum.repos.d/epel.repo:

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

vi /etc/yum.repos.d/rpmforge.repo:

### Name: RPMforge RPM Repository for RHEL 6 - dag
### URL: http://rpmforge.net/
[rpmforge]
name = RHEL $releasever - RPMforge.net - dag
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

[rpmforge-extras]
name = RHEL $releasever - RPMforge.net - extras
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/extras
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-extras
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-extras
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

[rpmforge-testing]
name = RHEL $releasever - RPMforge.net - testing
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/testing
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-testing
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-testing
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

・NTPサーバーの導入と設定

[root@yamasserver01 yum.repos.d]# yum install ntp\*
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.4p8-2.el6 will be installed
--> Processing Dependency: libedit.so.0()(64bit) for package: ntp-4.2.4p8-2.el6.x86_64
---> Package ntp-doc.noarch 0:4.2.4p8-2.el6 will be installed
---> Package ntp-perl.x86_64 0:4.2.4p8-2.el6 will be installed
--> Processing Dependency: perl(Socket) for package: ntp-perl-4.2.4p8-2.el6.x86_64
--> Processing Dependency: perl(vars) for package: ntp-perl-4.2.4p8-2.el6.x86_64
--> Processing Dependency: /usr/bin/perl for package: ntp-perl-4.2.4p8-2.el6.x86_64
--> Processing Dependency: perl(Getopt::Std) for package: ntp-perl-4.2.4p8-2.el6.x86_64
---> Package ntpdate.x86_64 0:4.2.4p8-2.el6 will be installed
--> Running transaction check
---> Package libedit.x86_64 0:2.11-4.20080712cvs.1.el6 will be installed
---> Package perl.x86_64 4:5.10.1-119.el6 will be installed
--> Processing Dependency: perl-libs = 4:5.10.1-119.el6 for package: 4:perl-5.10.1-119.el6.x86_64
--> Processing Dependency: perl-libs for package: 4:perl-5.10.1-119.el6.x86_64
--> Processing Dependency: perl(Pod::Simple) for package: 4:perl-5.10.1-119.el6.x86_64
--> Processing Dependency: perl(version) for package: 4:perl-5.10.1-119.el6.x86_64
--> Processing Dependency: perl(Module::Pluggable) for package: 4:perl-5.10.1-119.el6.x86_64
--> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.10.1-119.el6.x86_64
--> Running transaction check
---> Package perl-Module-Pluggable.x86_64 1:3.90-119.el6 will be installed
---> Package perl-Pod-Simple.x86_64 1:3.13-119.el6 will be installed
--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.13-119.el6.x86_64
---> Package perl-libs.x86_64 4:5.10.1-119.el6 will be installed
---> Package perl-version.x86_64 3:0.77-119.el6 will be installed
--> Running transaction check
---> Package perl-Pod-Escapes.x86_64 1:1.04-119.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                            Arch                Version                                 Repository       Size
======================================================================================================================
Installing:
 ntp                                x86_64              4.2.4p8-2.el6                           sl              444 k
 ntp-doc                            noarch              4.2.4p8-2.el6                           sl              824 k
 ntp-perl                           x86_64              4.2.4p8-2.el6                           sl               25 k
 ntpdate                            x86_64              4.2.4p8-2.el6                           sl               57 k
Installing for dependencies:
 libedit                            x86_64              2.11-4.20080712cvs.1.el6                sl               73 k
 perl                               x86_64              4:5.10.1-119.el6                        sl               10 M
 perl-Module-Pluggable              x86_64              1:3.90-119.el6                          sl               36 k
 perl-Pod-Escapes                   x86_64              1:1.04-119.el6                          sl               28 k
 perl-Pod-Simple                    x86_64              1:3.13-119.el6                          sl              208 k
 perl-libs                          x86_64              4:5.10.1-119.el6                        sl              574 k
 perl-version                       x86_64              3:0.77-119.el6                          sl               47 k

Transaction Summary
======================================================================================================================
Install      11 Package(s)

Total download size: 12 M
Installed size: 38 M
Is this ok [y/N]: y
Downloading Packages:
(1/11): libedit-2.11-4.20080712cvs.1.el6.x86_64.rpm                                            |  73 kB     00:00     
(2/11): ntp-4.2.4p8-2.el6.x86_64.rpm                                                           | 444 kB     00:00     
(3/11): ntp-doc-4.2.4p8-2.el6.noarch.rpm                                                       | 824 kB     00:01     
(4/11): ntp-perl-4.2.4p8-2.el6.x86_64.rpm                                                      |  25 kB     00:00     
(5/11): ntpdate-4.2.4p8-2.el6.x86_64.rpm                                                       |  57 kB     00:00     
(6/11): perl-5.10.1-119.el6.x86_64.rpm                                                         |  10 MB     00:10     
(7/11): perl-Module-Pluggable-3.90-119.el6.x86_64.rpm                                          |  36 kB     00:00     
(8/11): perl-Pod-Escapes-1.04-119.el6.x86_64.rpm                                               |  28 kB     00:00     
(9/11): perl-Pod-Simple-3.13-119.el6.x86_64.rpm                                                | 208 kB     00:00     
(10/11): perl-libs-5.10.1-119.el6.x86_64.rpm                                                   | 574 kB     00:00     
(11/11): perl-version-0.77-119.el6.x86_64.rpm                                                  |  47 kB     00:00     
----------------------------------------------------------------------------------------------------------------------
Total                                                                                 846 kB/s |  12 MB     00:15     
warning: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID 192a7d7d: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl
Importing GPG key 0x192A7D7D:
 Userid : Scientific Linux (RPM signing key for Scientific Linux) <scientific-linux-devel@fnal.gov>
 Package: sl-release-6.1-2.x86_64 (@anaconda-ScientificLinux-201107271550.x86_64)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-sl
Is this ok [y/N]: y
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dawson
Importing GPG key 0x82FD17B2:
 Userid : Troy Dawson (Spiky Hair Hawaiian Shirts) <dawson@fnal.gov>
 Package: sl-release-6.1-2.x86_64 (@anaconda-ScientificLinux-201107271550.x86_64)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-dawson
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 1:perl-Pod-Escapes-1.04-119.el6.x86_64                                                            1/11 
  Installing : 4:perl-libs-5.10.1-119.el6.x86_64                                                                 2/11 
  Installing : 1:perl-Module-Pluggable-3.90-119.el6.x86_64                                                       3/11 
  Installing : 3:perl-version-0.77-119.el6.x86_64                                                                4/11 
  Installing : 1:perl-Pod-Simple-3.13-119.el6.x86_64                                                             5/11 
  Installing : 4:perl-5.10.1-119.el6.x86_64                                                                      6/11 
  Installing : libedit-2.11-4.20080712cvs.1.el6.x86_64                                                           7/11 
  Installing : ntpdate-4.2.4p8-2.el6.x86_64                                                                      8/11 
  Installing : ntp-4.2.4p8-2.el6.x86_64                                                                          9/11 
  Installing : ntp-doc-4.2.4p8-2.el6.noarch                                                                     10/11 
  Installing : ntp-perl-4.2.4p8-2.el6.x86_64                                                                    11/11 

Installed:
  ntp.x86_64 0:4.2.4p8-2.el6            ntp-doc.noarch 0:4.2.4p8-2.el6        ntp-perl.x86_64 0:4.2.4p8-2.el6       
  ntpdate.x86_64 0:4.2.4p8-2.el6       

Dependency Installed:
  libedit.x86_64 0:2.11-4.20080712cvs.1.el6                    perl.x86_64 4:5.10.1-119.el6                           
  perl-Module-Pluggable.x86_64 1:3.90-119.el6                  perl-Pod-Escapes.x86_64 1:1.04-119.el6                 
  perl-Pod-Simple.x86_64 1:3.13-119.el6                        perl-libs.x86_64 4:5.10.1-119.el6                      
  perl-version.x86_64 3:0.77-119.el6                          

Complete!

localeを東京時間に設定:

[root@yamasserver01 ~]## cp /usr/share/zoneinfo/Asia/Tokyo /etc/localtime
cp: overwrite `/etc/localtime'? y
[root@yamasserver01 ~]## date
Fri Aug 26 16:27:53 JST 2011

・SSH の設定:

rootでのLoginを行わないよう/etc/ssh/sshd.config のうち、次の2行について

  
#PermitRootLogin yes
#PermitEmptyPasswords no

それぞれ下記のように変更

PermitRootLogin no
PermitEmptyPasswords no

変更後、サービスを再起動:

[root@yamasserver01 ssh]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

・ファイアウォールの構築: iptables を用いて、サーバー上にファイアウォールを構築し、公開サービス以外のポートへのアクセスをブロックする。また、sshd などへのアクセス制限を行う。アクセス制限の方法については、不正アクセスの波がやってきた を参照のこと。


Post a Comment