[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
F14 post-install jewels
Having recently completed two from-scratch F14 installations, I thought
I'd pass along some of my latest post-install customizations for
command-line operation and improved security. These do not include my
local repo customizations, which are extensive. I'd be happy to share
those with anyone off-line.
--Doc
******************
GNOME-terminal profile customization (req'd for each user)
Add GNOME-terminal to the top toolbar:
Left-click on "Applications"
Move mouse over Accessories, then Terminal
Left click and hold on Terminal
Drag and drop onto to toolbar
Left-click on Terminal icon in top toolbar to open
Left-click on Terminal toolbar's Edit -> Current Profile...
In General tab
Uncheck "Use the system terminal font"
In Colors tab
Uncheck "Use colors from system theme"
In "Built-in schemes:" select "Custom"
In "Text color:"
In "Color name:" box enter "#F0F0F0"
In "Background color:"
In "Color name:" box enter "#000030"
In Scrolling tab:
Check "Unlimited" box under "Scrollback:"
Click on [X Close] box to save & close
******************
Custom bash prompt:
In /etc/bashrc replace line 34
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
with (this is all one long line)
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="\n\\033[1;31m`cat /etc/redhat-release`\n\\033[1;34m`date +%A` - `date +%B` `date +%d`, `date +%Y` \\033[0;32m\t `date +%Z`\n\\033[0;36m[\u@\h] \\033[1;33m\w\\033[0;37m\n\\$ "
******************
More bash customization. Create the following
as /etc/profile.d/custom.sh:
#!/bin/sh
# Microsoft/MS-DOS aliases
alias dir="ls -l --color"
alias dira="ls -al --color"
alias del="rm -f"
alias cls="clear"
alias md="mkdir"
alias rd="rmdir"
alias ren="mv"
alias move="mv"
# Behavior aliases (see man pages)
alias pingg="ping -a -f -c 100"
alias nslookup="nslookup -sil"
# "C"-type sort order
LC_COLLATE="C"
export LC_COLLATE
# Colored man pages
export LESS_TERMCAP_mb=$'\E[01;31m' # begin blinking
export LESS_TERMCAP_md=$'\E[01;38;5;74m' # begin bold
export LESS_TERMCAP_me=$'\E[0m' # end mode
export LESS_TERMCAP_se=$'\E[0m' # end standout-mode
export LESS_TERMCAP_so=$'\E[38;5;246m' # begin standout-mode - info box
export LESS_TERMCAP_ue=$'\E[0m' # end underline
export LESS_TERMCAP_us=$'\E[04;38;5;146m' # begin underline
# end-of-file
******************
Security hardening
Install fail2ban to protect against brute force ssh attacks from legions
of script kiddies:
# yum -y fail2ban
# chkconfig fail2ban on
# service fail2ban start
Edit /etc/ssh/sshd_config to prevent root ssh logins
Change line 39 from
#PermitRootLogin yes
to
PermitRootLogin no
Install Fedora's root kit hunter, configure it, then disable daily cron
job. Run it manually from time to time for peace of mind.
# yum -y install rkhunter
# chmod 644 /etc/cron.daily/rkhunter
# rkhunter --propupd <-- initialize rkhunter's database
# rkhunter -c
When you see [ Warning ] indicators, you will need to check the
log file at /var/log/rkhunter/rkhunter.log. Most can be cleared
by running 'prelink /pathto/binary'
Edit /etc/rkhunter.conf to change ALLOW_SSH_ROOT_USER from
"unset" to "no". This should match the corresponding setting
in /etc/sshd_config
If "Suspicious file types found in /dev:" are reported, manually
edit /etc/rkhunter.conf to add them in the ALLOWDEVFILE= section
starting at about line 623. Example: ALLOWDEVFILE=/dev/shm/mono*
Rerun:
# rkhunter -c <-- you should see no [ Warning ] flags
********************
Download and install Ksplice updater
Ensure Fedora's basic ksplice packages are both installed:
# rpm -qa | grep ksplice
ksplice-0.9.9-1.fc12.[i686|x86_64]
fedora-ksplice-0.5-7.fc12.[i686|x86_64]
Fetch the ksplice-update package and install it:
# wget http://www.ksplice.com/uptrack/dist/fedora/14/ksplice-uptrack.rpm
# yum -y install ksplice-uptrack.rpm
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.