 |
Linode.com Forum
Linode Community Forums
|
| Author |
Message |
caker
Joined: 15 Apr 2003
Posts: 2386
Location: Galloway, NJ
|
| Posted: Wed Jul 02, 2003 12:21 pm Post subject: Red Hat & Linode QuickStart |
|
|
This quickstart was provided by "kenny" -- the origional document is available here: http://muspellsheim.net/~kenny/linode/redhat_quickstart.html
-------------------------------------------
Warning - this information is only valid for the RedHat Linux OS. I know for a fact that the below (OpenSSH section, maybe others) will have a harmful effect on other distributions.
OpenSSH keys
The Redhat Image that was loaded onto your linode came with precreated SSH keys. In order for SSH to be secure, these keys need to be secret, for this you need to create new keys. Enter the below onto the commandline.
Code: /etc/init.d/sshd stop &&
rm -f /etc/ssh/*_key* &&
/etc/init.d/sshd start
OpenSSH should have restarted and created new keys in the process. Connect to your linode, your ssh client should warn you that the key has changed.
Cron Output
Unless you are hosting mail or planning on checking your mail on your linode, you will probably want the output of your cron jobs mailed to a different email address. You can change the address with the MAILTO environment variable inside a crontab. If you are working with a user's crontab, that can be done by simply adding a MAILTO=you@example.com at the top of the crontab. To change the address for the system's crontabs, open /etc/crontab in an editor (if you are not sure what editor to use, try pico by typing "pico /etc/crontab"). Now change the MAILTO to your email address. It should look something like:
Code: MAILTO=you@example.com
Cron's Schedule
Redhat comes with certain cron jobs scheduled to run hourly, daily, weekly, or monthly. These cron jobs are used for maintance, rotating logs, etc. The problem is that your linode is sharing a physical machine with other linodes that probably run the same jobs at the same times. This will result in a heavy load on the machine when every linode runs its daily jobs at the same time. Since you don't want to overload the machine anymore then you have to, plus you want your jobs to run faster :), you should change the time that your hourly, daily, etc jobs run. Open /etc/crontab again (see above for directions). You should see something like the below. The first column is the minute, the second is the hour that the job is ran.
Code: 01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
You should change the minutes and hours to something else, such as:
Code: 09 * * * * root run-parts /etc/cron.hourly
19 0 * * * root run-parts /etc/cron.daily
39 1 * * 0 root run-parts /etc/cron.weekly
49 2 1 * * root run-parts /etc/cron.monthly
Of course if everyone used the above, the problem would still exist. Make up your own times.
Disable ECN
ECN (Explicit Congestion Notification) is enabled by default on same kernels. As you probably won't be using your linode as a router, it is a good idea to disable it. Leaving the option enabled will mean that your linode will not be able to communicate with systems behind older routes that do not understand ECN. To disable upon bootup, edit /etc/rc.d/rc.local and add the following line.
Code: echo 0 > /proc/sys/net/ipv4/tcp_ecn
RedHat Updates
Keeping your server up to date is important. Lets do that.
Code: #Download rhupdate
wget http://www.jjminer.org/rhupdate/rhupdate-1.10-beta-1.102.tar.gz
#Unpack it
tar -zxf rhupdate-1.10-beta-1.102.tar.gz &&
cd rhupdate-1.10-beta-1.102
#Configure and install it
./configure &&
make install
#Download available updates
mkdir /tmp/updates &&
rhupdate --download /tmp/updates
Unless the download failed (if it did try again later), you should now have all of the available updates for your redhat server downloaded into /tmp/updates. As it is a good practice to pay attention to what packages are being updated, it's up to you to install them.
Misc.
The RedHat image came with Apache certificates prebuilt, however I don't consider this that big of an issue. If you are planning on using Apache over HTTPS you'll need to get your own certificates anyways. |
|
| Back to top |
|
wazdog
Joined: 10 Nov 2003
Posts: 57
Location: Japan
|
| Posted: Sat Jan 03, 2004 8:18 am Post subject: |
|
|
Anyone know if this info is still valid (and recommended) for Fedora.
I'd guess it is, but don't want to assume TOO much...
thanks
- j |
|
| Back to top |
|
kenny
Joined: 27 Jun 2003
Posts: 66
|
| Posted: Tue Jan 06, 2004 3:25 pm Post subject: |
|
|
wazdog wrote: Anyone know if this info is still valid (and recommended) for Fedora.
I'd guess it is, but don't want to assume TOO much...
thanks
- j
Although I haven't used Fedora, I know that Chris changed the images for RedHat and Debian (thus I'd assume Fedora too) so that you no longer have to recreate your SSH keys, change the schedule for cron, or disable ecn (i think).. which only leaves changing you cron output if you want and updating (check up2date).
short answer: it's done for you
Kenny |
|
| Back to top |
|
| |
|