To study Linux security, you must first install the LINUX system securely.
1. Secure installation of Linux servers. Here we assume that you already know your server hardware)
First, create a boot disk and boot Linux. Before that, I suggest you download a special floppy disk image from the RedHatLinux website)
Open MS-DOS mode Start in windows | program | MS-DOS mode ):
C:$#@62;d:D:$#@62;cddosutilsD:dosutils$#@62;rawriteEnterdiskimagesourcefilename:..imagesroot.imgEntertargetdiskettedrive:a:PleaseinsertaformatteddisketteintodriveA:andpress--ENTER--:D:dosutils$#@62; |
When rawrite.exe requires A floppy disk image, enter the complete path name of boot. img and insert the floppy disk into drive. When the program asks which floppy disk drive you want to write the image to, enter :.
Because we cannot start from CDROW, we use a soft drive to start. Insert the floppy disk into A: Drive and restart the computer. When "boot:" appears, press the Enter key to continue the boot.
◆ Select language
◆ Select the keyboard type
◆ Select the mouse type
When selecting the installation type, we recommend that you select Custom installation.
Partitioning is a headache. We recommend that you back up your current system before partitioning.
Use DiskDruid partitioning Tool
DiskDruid is a partition tool in RedHatLinux. Select "Add" to Add a new partition, "Edit" to change the partition, "Delete" to Delete the partition, and "Reset" to restore the original partition status. When you add a new partition, a window appears asking you to add necessary information about the partition. The required information is:
◆ MountPoint: directory where mount is mounted by partitions.
◆ Size: partition Size, in megabytes
◆ PartitionType: partition type. Linux file systems use Linuxnative-type partitions. For Linux swap partitions, use LinuxSwap.
If you have a SCSI hard disk, the device name will be "/dev/sda". If you have an IDE hard disk, the device name will be "/dev/hda ". If you are very concerned about the high performance and stability of the system, we recommend that you use a SCSI hard disk.
Linux partition naming is a combination of letters and numbers. This naming method is flexible and intuitive. The following is a summary:
◆ First two letters: The first two letters indicate the device type, "hd" indicates the IDE hard disk, and "sd" indicates the SCSI hard disk.
◆ The third letter indicates the specific device. For example, "/dev/hda" indicates the first IDE hard disk; "/dev/hdb" indicates the second IDE hard disk.
Remember this. In this way, it will be easier or confusing to partition Linux.
Swap Partition
Swap partitions are used for virtual memory. If the computer memory is less than 16 MB, you must create swap partitions. Even if you have more memory, we recommend that you create swap partitions. The minimum swap partition must be equal to the computer's memory. If the memory is larger than 16 MB, the minimum is 16 Mb. The swap partition is about 1 GB at most, and the Linux2.2 kernel now supports 1 GB swap files. If it is more than 1 GB, it is a waste ). Note: You can create more than one swap partition, although this is necessary only when installing a large server. Try to place the swap partition at the starting position of the hard drive. Because the starting position of a disk is physically on the outermost cylinder, the head can cover a larger area for each lap.
After partitioning, You can see similar information on the screen:
MountPointDeviceRequestedActualType/bootsda15M5MLinuxNative/usrsda51000M1000MLinuxNative/homesda6500M500MLinuxNative/chrootsda7400M400MLinuxNative/cachesda8400M400MLinuxNative/varsda9200M200MLinuxNativeSwapsda10150M150MLinuxSwap/tmpsda11100M100MLinuxNative/sda12316M315MLinuxNativeDriveGeom[C/H/S]Total(M)Free(M)Used(M)Used(%)sda[3079/64/32]3079M1M3078M99% |
Now, select "Next" to continue the installation. After the partition is created, the installer will allow you to format the partition. Select the partition to be formatted, select the "Checkforbadblocksduringformat" option box, and press "Next" to continue. In this way, format the partition and activate the partition. Linux can use this partition.
Next, if you choose to install LILO, you will see the configuration of LILO. You can choose to install LILO in the primary Boot Sector MBR) or the first sector of the boot partition.
In general, you should choose to install LILO in the primary Boot Sector. If your computer is installed with NT, or multiple boot programs such as SystemCommand, you 'd better read the LILO-HOWTO carefully to avoid unnecessary losses ). Then, configure the network and clock. Then, enter the root password and the Security Authentication configuration. Don't forget to choose:
◆ EnableMD5passwords
◆ EnableMD5passwords
There is no need to select EnableNIS because we do not install the NIS service on this server.
