Регистрация Вход
Библиотека /
Поиск по библиотекеМоя библиотекаИскать книгу(обмен)

Things need to be fixed after installing Linux

Things need to be fixed after installing Linux


Things need to be fixed after installing - Slackware 3.1


Original of this document is at http://www.corbina.net/~ppinpro/alx/slackware-3.1.fix.html For the old beast you 'll need at least this (read ftp.cdrom.com/pub/Linux/distributions/Slackware/Slackware-3.1/ChangeLog.txt for things what I've missed): 1.rm /usr/bin/sendmail and install something more secure in place 2.rm /usr/bin/ncftp and install more appropriate version than 1.xx (in which rubbish pile Patrick found it?) 3.or do same thing with regular ftp client - at least, it may be compiled with libreadline (you 'll need libreadline sources for this and also for ncftp) 4.replace /bin/mount, /bin/smbmount, /bin/smbumount or remove setuid bit 5.remove setuid from /usr/X11/bin/SuperProbe 6.replace misconfigured /usr/sbin/wu.ftpd with patched version 7.replace lpd stuff with LPRng (you may find it on ftp.cdrom.com in 'patches' for 3.1, if it not already included in your version) 8.replace outdated proc-ps package by proc-101 suite 9.if you are 'lucky' owner of the very early version, go to /dev, ls tty[0-9]* and rm all that curiosity 'block' tty's. Create enough number of normal ttys with mknod /dev/ttyNN 4 NN 10.modify permissions on /dev/null (to 666), /dev/zero (the same), /dev/tty (at least 662) 11.find latest sources for ld.so, make and install - it contains security bug and misses dlfcn.h (Don't try to use anything except for this include file from 'official' ldso.tgs patch, or you 'll got also "massive filesystem corruption problems" as free bonus - seems like it compiled with wrong gcc version) 12.find latest sources for gdbm library and install gdbm.h from it 13.rm /usr/sbin/pppd-2.1 and /usr/sbin/pppd (it just wastes space), rename /usr/sbin/pppd-2.2 to pppd 14.consider about removing /usr/sbin/ppp-on|off |on-dialer - this is the complete shit and this scripts are bad even as examples (you may look here for some better secured dialing scripts or look for diald daemon and forget it all) 15.(optional) grab pppd-2.0.0f sources and remake pppd and chat. Slackware version had strange syslog facility - I can't figure it for chat (just not logged anything on my system) and don't like 'daemon' facility for pppd - it runs too often and 'll quickly fill logfiles with unwanted messages. (And it logs to 'local2' on many commercial unices, why not to do same on linux?) 16.go to /etc/securetty and remove all, except for first six virtual consoles 17.rm /usr/sbin/in.telnetsnoopd - snooping is the bad thing, if you want to know. (May be you will prefer to know what it have security hole? Not bad for such kind of software :) 18.enjoy... It must be enough to work, but I also like to mv /etc/rc.d/rc.cdrom to /etc/rc.d/rc.nocdrom (it should stop this boring CD mounting on system startup - newer versions of this distributive already do this, but seems likely all CD's created with much earlier version) into /etc/fstab something like /dev/cdrom /cdrom iso9660 noauto,user,ro,exec,nosuid,nodev 0 0

What to fix in just installed linux


From: olli@vgsn.glasnet.ru Date: 12 Feb 1999 Here is my script I use to fix something in Red Hat after installation. your comments are welcome. #!/bin/sh # This is an update script . It should update my linux configuration # files from backup. # It perform next steps: # 0) If any arguments are given - print help. # 1) Ask user should it proceed # 2) make shure that all commands inside it are avaliable. # 3) ask user what to do when errors (stop|continue|retry) # ) Print possible choices & descriptions & ask 4 user choice: # ) prompt for all files or assume yes on overwriting & creating # ) should it be quet or verbose # ) what user should be oner of updated files? # (same UID:GUID or current user or any existing user) # ) Make shure that it has enough privilegies to do such chown. # ) Ask what to do if insufficient ----"----- (stop|continue|retry) # # 4) Ask user should it install additional packets. ############################################################################### #echo "making mount points.." #mkdir /dsk #mkdir /dsk/hda1 #mkdir /dsk/hda2 #mkdir /dsk/hda3 #mkdir /dsk/hda4 #mkdir /dsk/hda5 #mkdir /dsk/hda6 #mkdir /dsk/hda7 #mkdir /dsk/hda8 #mkdir /dsk/cd #mkdir /dsk/hdb1 #mkdir /dsk/hdb2 #mkdir /dsk/hdb3 #mkdir /dsk/hdb4 #mkdir /dsk/hdb5 #mkdir /dsk/hdb6 #mkdir /dsk/hdb7 #mkdir /dsk/hdb8 #mkdir /dsk/hdc1 #mkdir /dsk/hdc2 #mkdir /dsk/hdc3 #mkdir /dsk/hdc4 #mkdir /dsk/hdc5 #mkdir /dsk/hdc6 #mkdir /dsk/hdc7 #mkdir /dsk/hdc8 echo "Making inbound dir.." mkdir /inbound chmod 700 /inbound echo "making ~/bin.." mkdir /root/bin echo "Done." echo "Making additional device files. Beware that 4 work kernel need 2 B reconfigured. " echo "Making watchdog device file " echo "(U need enable watchdog support in the kernel to use this future.)" mknod /dev/watchdog c 10 130 echo "Making network-route device file " echo "(U need to enable network-routing messsages support in the kernel to use this future.)" mknod /dev/route c 36 0 mknod /dev/rtc c 10 135 echo "Updating Ur modem configuration." echo "Run minicom to dial,minicom -s to configure Ur modem" echo "Making modem device file.." #mknod /dev/modem c 5 64 ln -s /dev/ttyS0 /dev/modem mkdir /root/modem ; mkdir /root/modem/inbound ; mkdir /root/modem/outbound mkdir /root/modem/script echo "Updating Ur aliases & startup files." echo -e "\n#Thees lines are added by update script:\n" >> /root/.bashrc echo -e "alias mail='mail -v'" >> /root/.bashrc echo -e "alias mail='mail -v'" >> /etc/skel/.bashrc echo -e "alias ls='ls -akFAqL --color=auto'\n" >> /root/.bashrc echo -e "alias ls='ls -akFAqL --color=auto'\n" >> /etc/skel/.bashrc echo -e "alias ps='ps aux | less'" >> /root/.bashrc echo -e "alias ps='ps aux | less'" >> /etc/skel/.bashrc echo -e "alias mc='mc -c'" >> /root/.bashrc echo -e "alias df='df -h'" >> /root/.bashrc echo -e "alias df='df -h'" >> /etc/skel/.bashrc echo -e "alias man='man -a'" >> /root/.bashrc echo -e "alias man='man -a'" >> /etc/skel/.bashrc echo -e "alias cls='clear'" >> /etc/skel/.bashrc echo -e "alias cls='clear'" >> /root/.bashrc echo -e "alias startx='startx & logout'" >> /root/.bashrc echo -e "alias startx='startx & logout'" >> /etc/skel/.bashrc echo -e "alias X='startx & logout'" >> /root/.bashrc echo -e "alias last='last|less'" >> /root/.bashrc echo -e "alias null='cat /dev/null > '" >> /root/.bashrc echo -e "alias null='cat /dev/null > '" >> /etc/skel/.bashrc echo -e "mesg n\n" >> /root/.bashrc echo -e "mesg y\n" >> /etc/skel/.bashrc echo "echo -ne '\033(K' " >> /root/.bash_profile echo -e "\n" >> /root/.bashrc echo -e "LANG=koi8-r\n" >> /root/.bashrc echo -e "export LANG\n" >> /root/.bashrc echo -e "######## These messages are displayed after logon ############" >> /root/.bashrc echo -e "echo \"\"" >> /root/.bashrc echo -e "echo \"\"" >> /root/.bashrc echo -e "echo Logged in at \`tty\`.\n" >> /root/.bashrc echo -e "echo \"\"" >> /root/.bashrc echo -e "echo \" NOTES: \"" >> /root/.bashrc echo -e "echo \" 1) Verify Ur last login information!\"" >> /root/.bashrc echo -e "echo \" 2) Aliases are defined. Use full command-path to override .\"" >> /root/.bashrc echo -e "echo -e \"At this moment these users are logged in:\"\n" >> /root/.bashrc echo -e "who\n" >> /root/.bashrc echo -e "echo \"The following alerts happend:\"\n" >> /root/.bashrc echo "cat /var/log/alert" >> /root/.bashrc echo "Configuring Ur telnet.." echo -e "#.telnetrc\nDEFAULT set outbinary" >> /inbound/.telnetrc cp /inbound/.telnetrc /root cp /inbound/.telnetrc /etc/skel echo Configuring Ur mc colors. mkdir /root/.mc mkdir /etc/skel/.mc mkdir /etc/skel/bin echo -e "\n[Colors]\nbase_color=normal=green,black:xterm=menu=cyan,gray:marked=,black:directory=lightgray,black:link=gray,black:device=,black:special=red,black:execute=cyan,black:viewunderline=,black:color_terminals=linux,xterm\n" >> /root/.mc/ini echo -e "\n[Colors]\nbase_color=normal=green,black:xterm=menu=cyan,gray:marked=,black:directory=lightgray,black:link=gray,black:device=,black:special=red,black:execute=cyan,black:viewunderline=,black:color_terminals=linux,xterm\n" >> /etc/skel/.mc/ini mkdir /root/nethack_save mkdir /root/txt echo "Making files U'll needed if U'll install qmail.." echo "But then U should also recompile & reconfigure some mail progs & dirs/files." touch /etc/skel/Mailbox touch /root/Mailbox echo Setting some permissions.. chmod 700 /root #echo "#!/bin/sh" > /root/bin/koi8 #echo "/usr/bin/setfont /usr/lib/kbd/consolefonts/Cyr_a8x16" >> /root/bin/koi8 #echo "/usr/bin/loadkeys /usr/lib/kbd/keytables/russian.map" >> /root/bin/koi8 #echo "/usr/bin/mapscrn /usr/lib/kbd/consoletrans/koi2alt" >> /root/bin/koi8 #echo "echo -ne \"\n\033(K"\" >> /root/bin/koi8 #echo "echo \"To load KOI8-RU support run $HOME/bin/koi8\"" echo "Removing some strange permissions.." chmod -s /usr/bin/lpr chmod -s /sbin/dump chmod -s /usr/bin/dos chmod -s /usr/bin/dip chmod -s /usr/bin/minicom chmod -s /usr/bin/zgv chmod -s /usr/X11R6/bin/seyon chmod go-rwx /usr/bin/resizecons chmod o-x /bin/sync chown root.wheel /bin/su chmod u+s /bin/su chmod -x /usr/man/man1/*.1 chmod -x /usr/man/man2/*.2 chmod -x /usr/man/man3/*.3 chmod -x /usr/man/man4/*.4 chmod -x /usr/man/man5/*.5 chmod -x /usr/man/man6/*.6 chmod -x /usr/man/man7/*.7 chmod -x /usr/man/man8/*.8 chmod -x /usr/man/man9/*.9 chmod 400 /boot/vmlinuz* echo "Don't forget to chmod 400 all new kernels in /boot." chmod o-rwx /sbin/ifconfig chmod o-rwx /sbin/route echo "Also U may wish to do chmod -s for: elm , xlock. & chmod o-x for rpm." echo "& it could be a good idea to chmod o-x mount" echo "Turning on user command execution logs." /sbin/accton /var/log/pacct # This file was made & modified by Olli .

Наша библиотека является официальным зеркалом библиотеки Максима Мошкова lib.ru

Реклама