Fedora7

From Rivalug Wiki

Jump to: navigation, search

Back to HowToList

Also see Fedora7, Fedora7_Hardened_Evaluation and Fedora7_Appendix

Contents

This document

  • Written by Carlisle

This document is a draft and currently a work in progress. Heading begining with a '*' have not been updated to reflect Fedora Core 7 Yet.

--Carlisle 11:52, 12 Sep 2007 (PDT)

Disclaimer

Please don't try any of these suggestions on important systems without researching and understanding what they do first.

History

started on 12 Sep 2007

Reporting errors

Fedora 7 (Moonshine) has been released

The official announcement: http://fedoranews.org/cms/node/1719

The official download site: http://fedoraproject.org/wiki/

The official torrent site: http://torrent.fedoraproject.org/

Release summary: http://fedoraproject.org/wiki/FC6ReleaseSummary

Statistics of use: http://fedoraproject.org/wiki/Statistics

Downloads

Always double check your downloads against the official checksums to ensure the images do not have errors either due to transfer problems, or hacked mirror sites. Use command: sha1sum --check <file> where file in these cases in SHA1SUM

Live Imagess

The official Fedora 7 Live Images (one for Gnome desktop, one for KDE) are found here:

http://mirror.vcu.edu/pub/linux/fedora/releases/7/Live/i386/ http://mirror.vcu.edu/pub/linux/fedora/releases/7/Live/x86_64/

Note: the x86_64 isos are DVD images. There are no ppc live images.

Known Bugs

http://fedoraproject.org/wiki/Bugs/F7Common

Network Boot

Issues with http/ftp installs: http://marc.perkel.com/archives/001132.html http://groups.google.im/group/alt.os.linux/browse_thread/thread/c600273f7a6c7ffe/7fbf8d5c3b5efcb6?lnk=raot

Use minimal boot iso: http://mirror.vcu.edu/pub/linux/fedora/releases/7/Fedora/i386/os/images/boot.iso http://mirror.vcu.edu/pub/linux/fedora/releases/7/Fedora/x86_64/os/images/boot.iso

Partitioning

shrinking Windows partitions to make room for a linux installation

GPL defragmentation 

http://www.kessels.com/JkDefrag/

GPL partition resizing - gparted live disk 

http://gparted.sourceforge.net/download.php

Parted Magic 

http://partedmagic.com/
http://mirror.vcu.edu/pub/gnu+linux/partedmagic/

Improving Yum

yum fastestmirror yum protect


3rd Party Software

Fedora by default does not contain any software which are proprietary or may have patent issues within the USA, including such useful applications as media players for various formats including mp3s and DVD , the Java programming language, accelerated 3d drivers for nvidia or ati graphics cards, or wireless card drivers.

Also some well used open source applications are not included like MythTV or Asterisk.

Livna

many useful application which are not open source are found in the livna repository: http://rpm.livna.org/

Instructions to install livna are found here: 

http://rpm.livna.org/rlowiki/UsingLivna

Enabling Livna at install time

http://fedorasolved.org/installation-solutions/livna-setup-install/

rpmforge

make sure you install yum-protectbase

*Java

Note: Sun has announced that they will be releasing Java under GPL which may mean that linux distributions like Fedora will include Sun Java within their normal packages. This has not occured at the time this article was written so the instuctions explain how to install from the non-GPL Java releases.

Problems have been report when installing the sun java rpm package on Fedora Core 4 and above. The release notes for Fedora Core 4 recommend either installing the sun java binary or creating a sun java rpm using the jpackage repository.

*Installing java binary

The "quick and dirty" approach installs the java jre binary into either /opt or /usr/local and does not try to integrate java into the rpm database. This is the fastest method to get java installed on a single computer.

*Creating java rpm

The "jpackage" approach uses rpm wrappers provided by the jpackage project. It is up to the user to combine the java binary with the rpm wrapper to create a jpackage compatible rpm package. This method is required if one is going to use other package provided by jpackage. It also can be faster than the binary install if one has multiple computer to install java onto. A Java rpm can be created one and installed many times.

  • install rpmdevtools if needed. Note: this depends on gcc and related development tools - If you do not wish for development tools to be installed, please use an alternative system to create the rpm packages.
  • once rpmdevtools are installed, run the command rpmdev-setuptree to create the build tree.

The instructions provided in the above link are for Java 1.5.0.09, which has now been reported to have a serious security issue. As of the writing of this article, the most recent version of Java is 1.6.0 and the most recent version of Java5 is 1.5.0.10

The following instructions apply to Java 1.5.0.10

*Other Java References

http://fedora.redhat.com/docs/release-notes/fc6/en_US/sn-Java.html http://www.fedoraproject.org/wiki/JavaFAQ

Multimedia

Multilib

Mixing 32bit & 64bit Libraries Issue for x86_64 installations. If you have a 32-bit installation, skip this section and the Firefox 32-bit section.

/etc/yum.repos.d/fedora-32bit.repo 

[fedora-32bit]
name=Fedora Core $releasever - i386
baseurl=http://mirror.vcu.edu/pub/linux/fedora/releases/$releasever/Fedora/i386/os/
        http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/i386/os/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=i386
enabled=1
gpgcheck=1
includepkgs=seamonkey firefox libgnomeui libbonoboui libgnome SDL fribidi libXv libXvMC libdv mikmod slang aalib enca
imlib2 libmpcdec lirc lzo openal portaudio xmms-libs libid3tag
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora   file:///etc/pki/rpm-gpg/RPM-GPG-KEY

[updates-32bit]
name=Fedora Core $releasever - i386 - Updates
baseurl=http://mirror.vcu.edu/pub/linux/fedora/updates/$releasever/i386/
                http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/i386/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=i386
enabled=1
gpgcheck=1
includepkgs=seamonkey firefox libgnomeui libbonoboui libgnome SDL fribidi libXv libXvMC libdv mikmod slang aalib enca
imlib2 libmpcdec lirc lzo openal portaudio xmms-libs libid3tag
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

[livna-32bit]
name=Livna for Fedora Core $releasever - i386 - Base
baseurl=
       http://rpm.livna.org/fedora/$releasever/i386/
       http://livna.cat.pdx.edu/fedora/$releasever/i386/
       http://wftp.tu-chemnitz.de/pub/linux/livna/fedora/$releasever/i386/
       http://ftp-stud.fht-esslingen.de/pub/Mirrors/rpm.livna.org/fedora/$releasever/i386/
       http://mirror.atrpms.net/livna/fedora/$releasever/i386/
       ftp://mirrors.tummy.com/pub/rpm.livna.org/fedora/$releasever/i386/
#mirrorlist=http://rpm.livna.org/mirrorlist-7
failovermethod=priority
enabled=1
gpgcheck=1
includepkgs=mplayerplug-in libdvdnav libdca mplayer mplayer-gui a52dec faac faad2 ffmpeg gsm lame libdvdread libmad libmp4v2 mplayer-fonts xvidcore lame-libs
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-livna

Reference: http://fedora64.org/desktop-64-posts/installing-mplayer-32bit-on-x86_64/

Firefox 32-bit

Since all the following multimedia plugins are 32-bit, we need to replace the 64-bit Firefox that comes installed with Fedora with the 32-bit version

Reference: http://fedora64.org/desktop-64-posts/ff32-on-x86_64/

Flash

Flash Player 9 for linux was released on 16 Jan 2007.

The Adobe Flash Player Download Center for Linux: http://www.adobe.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash&P2_Platform=Linux

To add the repository do the following: 

rpm -Uvh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm

Once the repository is enabled, install flash with the command: 

yum install flash-plugin

Download Plugin or Standalone Player: http://labs.adobe.com/downloads/flashplayer9.html

Install notes: http://labs.adobe.com/technologies/flashplayer9/

Release notes: http://blogs.adobe.com/penguin.swf/

Display current version of flash: http://www.adobe.com/products/flash/about/

http://linux.slashdot.org/article.pl?sid=06/10/19/012230

Also, even if you aren't running linux, you should be running the latest version of flash due to a nasty security bug found a while ago.

Also for people who want to block flash while using firefox, you can install the the Flashblock extension: http://flashblock.mozdev.org/ or the Noscript extension: http://www.noscript.net, which also blocks Javascript and Java applets.

nspluginwrapper

http://gwenole.beauchesne.info/projects/nspluginwrapper/
http://www.linux.com/articles/55380

Mplayer

mplayer
mplayer-gui
mplyaerplug-in

Reference: http://fedora64.org/desktop-64-posts/installing-mplayer-32bit-on-x86_64/ 

mplayer codecs

Reference: http://fedorasolved.org/multimedia-solutions/win32-codecs/

VLC

vlc
mozilla-vlc plugin

Playing DVDs

Virtualization

VmWare

VmWare Workstation will run under Fedora 7 if you use the any-any patch.

References: 

http://communities.vmware.com/message/76957
http://knihovny.cvut.cz/ftp/pub/vmware/

Seamless Windows

with VmWare References: https://help.ubuntu.com/community/SeamlessVirtualization

with VirtualBox Reference: http://liquidat.wordpress.com/2007/09/03/virtualbox-15-released-with-seamless-windows-integration/

Basic Hardening

These are basic hardening steps that will be expanded into a full guide later. Many are based on recommendations by the CIS Security Benchmark for RedHat Linux: http://www.cisecurity.org/bench_linux.html

Firewall

SELinux

TCPWrap

/etc/hosts.allow
/etc/hosts.deny

Banner

SSH

wheel group

The wheel group can be used to specify non-root accounts that are used for administration purposes. Once select accounts are added to this group, changes can be made so that only members of the wheel group can access root or issue commands as root.

BSD and OSX follows this arrangement by default.

As for the origin of the name wheel, see: http://lists.freebsd.org/pipermail/freebsd-chat/2003-December/001724.html

sudo

sudo allows grants select users the ability to issue commands as root, without knowing the root password. It also logs all commands given this way.

The visudo command is the only proper way of editing the sudoers file.

To allow sudo access to all members of the wheel group uncomment this pre-existing line: 

# %wheel        ALL=(ALL)       ALL

sudo can also be configured to allow select users to issue only select commands as root.

su

PAM can be configured to restrict some commands to selected users.

The following restricts the su command used to switch users, to only members of the wheel groups. Thus, even if the password to root or any other user is known, only administrators are allowed to switch to root or another user.

Uncomment the following pre-existing line in /etc/pam.d/su 

auth           required        pam_wheel.so use_uid

single user mode

The configuration of the bootloader, grub, can be edited at boot time to allow one to boot linux into single user mode. This mode is the equivalent of becoming root and is present to allow for emergency access to the system.

By default Fedora, lets anyone at the console to get into single user mode without any authentication. This change forces authentication with the root password before entering single user mode:

Add this line to /etc/inittab 

~~:S:wait:/sbin/sulogin

BIOS Password

Bastille

http://www.bastille-unix.org

Other F7 References

This page has been accessed 1261 times. This page was last modified 13:55, 2 Apr 2008.

Retrieved from "http://wiki.rivalug.org/index.php/Fedora7"
Personal tools