Home arrow BlueQuartz arrow Things to do to a blank BlueQuartz install

Sections

Skating
Security
Technology
BlueQuartz
In The News
Musings
Procrastination
Downloads

Popular Articles

Latest Articles

Things to do to a blank BlueQuartz install PDF Print
Monday, 21 August 2006

After just rebuilding a BlueQuartz box I thought I would copy my install notes. This is an entirely personal list of things that I do to a vanilla install of CentOS/BlueQuartz.  I thought it may be useful to other people. 

Contents

  • Change root passwords
  • Secure SSH
  • Apache Obscurity
  • Install ImageMagick
  • PHP upload settings
  • Add Mime Types
  • yum checker
  • Setup floppy drive
  • Majordomo logfile

 

Change root password

BQ is initially set with no root MySQL password and the systems root password is set the same as the admin user. These should be changed to something different!

  • Change MySQL password wth `/usr/bin/mysqladmin --user=root password NEW_PASSWORD`
  • Change root password with `passwd`

Secure SSH

SSH is obviously better than telnet but did you know that the SSH protocol v1 has been cracked for quite some time now. I lock all my boxes down to only use protocol v2 and haven't had any come back on compatability issues.

  • Modify `/etc/ssh/sshd_config` to set `Protocol 2`
  • Run `/etc/rc.d/init.d/sshd reload`

Apache Obscurity

Yes, this is security through obscurity but everything helps. The following will remove the "signature" at the bottom of pages generated by Apache and will also only report the webserver as "Apache" instaed of the full version number and OS

  • Modify (and add if necessary) the following lines in `/etc/httpd/conf/httpd.conf` & `/etc/admserv/conf/httpd.conf`

ServerSignature Off

ServerTokens Prod

  • Run `/etc/rc.d/init.d/httpd reload`
  • Run `/etc/rc.d/init.d/admserv reload`

 

Install ImageMagick

A must for most hosting nowadays.  Simply run `yum install ImageMagick ImageMagick-perl` as root.

 

PHP upload settings

In this new broadband age people are uploading pictures and such to their sites so I change the PHP upload defaults.  Change lines in /etc/php.ini (or your own php.ini) and run `/etc/rc.d/init.d/httpd reload`

post_max_size = 20M

upload_max_filesize = 10M

 

Add Mime Types

There seem to be some common mime types missing from the default install.  Add the following to `/etc/mime.types` and run `/etc/rc.d/init.d/httpd reload`

application/x-ms-wmz wmz

application/x-ms-wmd wmd

audio/x-ms-wax wax

audio/x-ms-wma wma

image/x-icon ico

text/csv csv

video/x-ms-asf asf asx

video/x-ms-wm wm

video/x-ms-wmv wmv

video/x-ms-wmx wmx

video/x-ms-wvx wvx

 

yum checker

Now I love the Nuonce/Solarspeed automatic yum installer however I like to install patches on systems when I am there, that way if there are any problems I can fix them straight away.  I have this little script that mails me when there are packages to install.

  • touch /etc/cron.daily/yum-check
  • chmod 755 /etc/cron.daily/yum-check
  • vi /etc/cron.daily/yum-check

#!/bin/sh 

SERVER=`hostname`

OUTPUT=`/usr/bin/yum check-update`

EXITCODE=$?

if [ ${EXITCODE} != 0 ]

then

echo "${OUTPUT}" | /bin/mail -s "${SERVER}: Yum Updater" root

fi

Setup floppy drive

If your system has a floppy disc drive you won't be able to use it until you run `floppy --createrc > /etc/floppy`

 

Majordomo logfile

I know it's silly but I like all my log files to be in one place....

  • cd /var/log/mail
  • ln -s /usr/local/majordomo/log majordomo

 

I hope this is of use to people

Last Updated ( Monday, 04 June 2007 )
 

My other websites

Share This

Now showing on my TV

  • Channel : 104 Channel 4
  • Program : The IT Crowd
  • Episode : From Hell
  • Description : Jen deals with a builder from hell, Roy loses £20, and Moss stands up to ruffians.
  • Status : Season Pass