RedHat 7.3 Valhalla Install

#Installing to mirrored 8GB disks
Mouse not detected: Use text mode
Mouse selcection: Microsoft - compatible mouse (serial)
Device: /dev/ttyS0 (COM1)
Installation type: server
Disk Partitioning Setup: disk druid

hda1,hdb1    raid    /boot    47M
hda2,hdb2    raid    /        7750M
hda3,hdb3    swap    swap     256M

Fdisk
(N)ew | (P)rimary
Partition# 1
First Cylinder: 1
Size: +47M

(N)ew | (P)rimary
Partition# 2
First Cylinder: (default)
Size: +7750M

(N)ew | (P)rimary
Partition# 3
First Cylinder: (default)
Size: (default)

(T)ype
Partition# 1
fd - RAID

(T)ype
Partition# 2
fd  - RAID

(T)ype
Partition# 3
82  - swap

w - write table to disk and exit
 

Set up networking for AT&T Broadband
ETH0
# Turn off DHCP
192.168.1.99/255.255.255.0
Activate at boot
# Change DNS in /etc/resolv.conf if necessary
DNS 216.148.227.68
DNS 204.127.202.4

Monitor: Custom
SuperVGA 800x600
Vert Sync 50-70
Video Memory 2MB
No clockchip setting
Probe
16 bit 800x600

Boot loader: LILO
Boot loader config: clear the parameters line:
Boot loader config: [OK] to the Red Hat Linux on /dev/md1
Boot loader password: skip
eth0: IP 192.168.1.99
DNS:
Hostname: mail
Secruity level: No Firewall
Package Group Selection
Classic X Window System
Xwindow System
Gnome
Anonymous FTP server
SQL database server
Web server

Xserver - left default values for graphical configuration
choose to boot with text interface - Choosing boot to graphical may have problems, and this can be changed later by modifying the /etc/inittab
Test RAID disk failure
master disk booted fine
slave did not boot
cat /proc/mdstat
Add hdb2 back to raid md0
raidhotadd /dev/md0 /dev/hdb2
 
 

Turn off boot from CD in BIOS.

# Since NIS is not installed get rid of it in nsswitch.conf
cd /etc/
cp -p nsswitch.conf nsswitch.conf.orig
vi nsswitch.conf
%s/nisplus//g
%s/nis//g

Boot

80 80 both 99 http for Apache web server

# Install Trend command line virus scanner
mkdir filescan
cd filescan/
tar xvf ~tyler/filescanlinux.tar
# modify isinst to accept redhat version 7 instead of 6
vi isinst
# Install
./isinst

# Download latest Linux scan engine
# http://www.antivirus.com/download/engines/#isvw
# Backup scan engine
cd /etc/iscan/
mv libvsapi.so libvsapi.so.bak3
# extract to /etc/iscan
cd /etc/iscan/
tar zxvf ~tyler/vsapi5500rh.tar.z

# Download latest Linux pattern file for pc-cillin
# http://www.antivirus.com/download/pattern.asp
# extract to /etc/iscan
cd /etc/iscan/
tar xvf ~tyler/ptn935.tar

# Restart virus scanner
/etc/rc.d/init.d/iscanhttpd restart

# Configure
lynx localhost:1812/interscan
# username/password: admin
# Turn off scan of local computer /home directory.  We are not storing any files on the Linux machine.  We only want to scan email.
# Change auto-download of new pattern files to weekly instead of monthly.

# Open ports 25, 110, and 113 on firewall for qmail SMTP and POP3
# 25 25 both 99 SMTP
# 110 110 both 99 POP3
# 113 113 both 99 AUTH for mail authentication

# Install qmail to replace sendmail and qpopper

tar zxvf ~tyler/qmail-1.03.tar.gz
cd qmail-1.03/

# Follow instructions in INSTALL file.
#1. Create the qmail home directory:
mkdir /var/qmail

# 2. Read INSTALL.ids. You must set up the qmail group and the qmail users before compiling the programs.
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails

# Add users for family members
# The following command has not been tested.
for i in [tom, dottie, doug] do; groupadd $i ; useradd -g $i -d /home/$i $i ;done

# 3. Compile the programs and create the qmail directory tree:
make setup check

#  4. Read INSTALL.ctl and FAQ. Minimal survival command:
# ./config
 ./config-fast schoenke.com

# 5. Read INSTALL.alias. Minimal survival command:
# (cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
# chmod 644 ~alias/.qmail*
(cd ~alias; touch .qmail-abuse .qmail-virusalert .qmail-postmaster .qmail-mailer-daemon .qmail-root)
chmod 644 ~alias/.qmail*

# 6. Read INSTALL.mbox and INSTALL.vsm.

# 7. Read INSTALL.maildir.
# For each user do the following commands
maildirmake $HOME/Maildir
echo ./Maildir/ > ~/.qmail

# 8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc.
cp -p /var/qmail/boot/home /var/qmail/rc

# To test qmail deliveries (won't interfere with sendmail):
# 9. Enable deliveries of messages injected into qmail:
csh -cf '/var/qmail/rc &'
# Check to see that qmail started
tail /var/log/maillog

# 10. Read TEST.deliver.
# Send self a test message
echo to: tyler | /var/qmail/bin/qmail-inject

#  Local-error test: Send a message to a nonexistent local address.
echo to: nonexistent | /var/qmail/bin/qmail-inject

# Local-postmaster test: Send mail to postmaster, any capitalization.
# Look for the message in the alias mailbox, normally ~alias/Mailbox.
echo to: POSTmaster | /var/qmail/bin/qmail-inject

# Double-bounce test: Send a message with a completely bad envelope.
/var/qmail/bin/qmail-inject -f nonexistent
To: unknownuser
Subject: testing

This is a test. This is only a test.
# (Use end-of-file, not dot, to end the message.) Look for the double bounce in the alias mailbox.
 

# Disable sendmail
/etc/rc.d/init.d/sendmail stop
cd /etc/rc.d/init.d/
mv sendmail sendmail.bak

ls -l /usr/sbin/sendmail*
# lrwxrwxrwx    1 root     root           21 May 25 05:33 /usr/sbin/sendmail -> /etc/alternatives/mta
# -r-sr-xr-x    1 root     root       451280 Apr  8 04:55 /usr/sbin/sendmail.sendmail
chmod 0 /usr/sbin/sendmail.sendmail
 

# (Skip?) Disable binmail
# Not sure why this needs to be disabled.
# ls -l /bin/mail
# -rwxr-xr-x    1 root     mail       67740 Aug 24  2000 /bin/mail

# Setup qmail to auto start
# created /etc/rc.d/init.d/qmail
# copied to my tyler/linux/etc/rc.d/init.d directory
cp ~tyler/etc/rc.d/init.d/qmail /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/qmail

cd /etc/rc.d/init.d
ln -s ../init.d/qmail ../rc0.d/K30qmail
ln -s ../init.d/qmail ../rc1.d/K30qmail
ln -s ../init.d/qmail ../rc2.d/S80qmail
ln -s ../init.d/qmail ../rc3.d/S80qmail
ln -s ../init.d/qmail ../rc4.d/S80qmail
ln -s ../init.d/qmail ../rc5.d/S80qmail
ln -s ../init.d/qmail ../rc6.d/K30qmail

# Get mail from aliases account

# Add RELAY for specific hosts
# /var/qmail/control/rcpthosts. If qmail-send is running, give it a HUP
# (or do svc -h /var/run/qmail if qmail is supervised).

# Install ucspi-tcp
# http://cr.yp.to/ucspi-tcp/install.html
# http://cr.yp.to/qmail/faq/servers.html#tcpserver-smtpd
tar zxvf ~tyler/ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88/
make
make setup check

# Install checkpasswd
tar zxvf ~tyler/checkpassword-0.90.tar.gz
cd checkpassword-0.90
make
make setup check

Simulate a failed POP login:

     # /var/qmail/bin/qmail-popup blah /bin/checkpassword pwd
     +OK <...@blah>
     user Frodo
     +OK
     pass Friend
     -ERR authorization failed

Simulate a successful POP login, using a correct account name and password instead of Frodo and Friend. You should see the account's home directory.

Simulate a successful POP login again, with id instead of pwd. You should see the account's uid and gid.

# Set up qmail-smtpd to run via tcpserver instead of xinetd.  This means that all xintetd controlled processes have to be spawned a different way.

# files copied to tyler/linux/tcpserver

# Install qmail-conf (third party program) to launch daemons automatically (pop3d, smtp, telnet, ftp, etc.) in their tcpserver wrappers.

# Install daemon tools
# http://cr.yp.to/daemontools/install.html
mkdir -p /package
chmod 1755 /package
cd /package
tar zxpvf ~tyler/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install

# Start up service script automatically.
# This script will auto start all tcpserver scripts located under /service directory.
# Copy the scripts from tyler/linux/service directory on PC.
cp -R ~tyler/service/* /service
chmod a+x /service/*/run

# The following is taken care of by the installation of one daemontools or some other package that adds a line for svscan to /etc/inittab
# Script location /etc/rc.d/init.d/service
#cp ~tyler/etc/rc.d/init.d/service /etc/rc.d/init.d/
#chmod +x /etc/rc.d/init.d/service
#cd /etc/rc.d/
#ln -s ../init.d/service rc0.d/K30service
#ln -s ../init.d/service rc1.d/K30service
#ln -s ../init.d/service rc2.d/S80service
#ln -s ../init.d/service rc3.d/S80service
#ln -s ../init.d/service rc4.d/S80service
#ln -s ../init.d/service rc5.d/S80service
#ln -s ../init.d/service rc6.d/K30service
 

Install
# Set up control files for tcpserver
cp -R ~tyler/etc/tcpcontrol/ /etc

# Copy files to this directory from tyler/linux/etc/tcpcontrol
cd /etc/tcpcontrol
tcprules ftp.cdb ftp.tmp < ftp
tcprules smtp.cdb smtp.tmp < smtp
tcprules pop3d.cdb pop3d.tmp < pop3d
tcprules telnet.cdb telnet.tmp < telnet

# The smtp file is set to allow access to the world to send in smtp messages.   It selectively opens smtp relaying for specific clients (me, mom and dad, doug, localhost)
# The pop3d file is set to deny access to the world.  It allows access only to specific clients.
#  The ftp and telnet deny access to everyone and allow access for a few clients.

# Once you are 100% CERTAIN that the tcprules are correct, shut down xinetd
# If you are wrong, you will be unable to FTP, telnet, POP3 or SMTP into the machine.
cd /etc/rc.d/init.d/
mv xinetd xinetd.bak

# Install Berkeley DB (prereq)
tar zxvf ~tyler/db-4.0.14.tar.gz
cd db-4.0.14/
cd build_unix
../dist/configure
make
make install

# Install DB_File (prereq)
tar zxvf ~tyler/DB_File-1.802.tar.gz
cd DB_File-1.802/

vi config.in
# Fix the location of BerkeleyDB with the following substitute
sed -e s/BerkeleyDB/BerkeleyDB.4.0/g config.in > config.in.new
mv config.in config.in.orig
mv config.in.new config.in
perl Makefile.PL
make
make test
make install

# Install Time::HiRes
perl -MCPAN -e shell
install MD5
install Bundle::CPAN
install Time::HiRes

# Install Maildrop for the reformime piece
tar zxvf ~tyler/maildrop-1.3.7.tar.gz
cd maildrop-1.3.7/
./configure
make
make install-strip
make install-man

# Back to the qmail-scanner install
cd ..
cd qmail-scanner-1.10/
./configure
./configure --install
cd contrib
make
make install
./test_installation.sh -doit

# Remember to copy quarantine-attachments.txt to /var/spool/qmailscan and then run "qmail-scanner-queue.pl -g" to generate DB version.
cp quarantine-attachments.txt /var/spool/qmailscan
./qmail-scanner-queue.pl -g

ls -l /var/qmail/bin/qmail-scanner-queue.pl
-rwsr-xr-x    1 qmailq   qmail       50754 Feb  2 20:27 /var/qmail/bin/qmail-scanner-queue.pl
[root@mail qmail-scanner-1.10]#
chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

cd /var/qmail/bin

cd ~/qmail-scanner-1.10/
./contrib/test_installation.sh  -doit

/var/qmail/bin/qmail-scanner-queue.pl -z

cd /var/spool/qmailscan/
chown qmailq:qmail qmail-scanner-queue-version.txt
chmod ug+rw qmail-scanner-queue-version.txt
chmod o-r qmail-scanner-queue-version.txt
chown qmailq:qmail quarantine-attachments.db

/var/qmail/bin/qmail-scanner-queue.pl -g

cd ~/qmail-scanner-1.10/
./contrib/test_installation.sh  -doit

# Set up the virusalert alias
touch ~alias/.qmail-virusalert
vi ~alias/.qmail-virusalert
# Add my email address.  Put an & before the username as follows: &youremail@hostname.com
# Man the dot-qmail manual page for more info on the format of the alias files.

cd /var/qmail/bin/
cp qmail-scanner-queue.pl qmail-scanner-queue.pl.orig
vi qmail-scanner-queue.pl
# Change the following lines:
my $V_FROM='virusalert@schoenke.com';
my $QUARANTINE_CC='virusalert@schoenke.com';

#Change the following lines in qmail-scanner-queue.pl to remove the reply to the sender.  Wiith the forged email headers, it ends up just bouncing every email message anyway.
my $NOTIFY_ADDRS='admin';

vi /service/smtp/run
# Add this line
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE

# Restart email (reboot) to get the aliases to take effect

              ****** FINAL TEST ******

Please log into the "qmaild" account  and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.

(e.g.  "setuidgid qmaild "/var/qmail/bin/qmail-scanner-queue.pl -g"
or "su qmaild -c "/var/qmail/bin/qmail-scanner-queue.pl -g")
 

That's it! To report success:

   % (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nz
Replace First M. Last with your name.

Read section 5 of the README file.

# Since the virus scanner is forked after an email is recieved, stick crm114 in after virus scan, but before queueing by qmail.

cd /usr/local/bin
cp -rf ~/source/crm114/ .
cd crm114/installdir/
mv * ..
cd ..
rmdir installdir/
cd ..
chown -R qmailq:qmail crm114/

cd /var/qmail/bin/
# edit qmail-scanner-queue.pl
# change from:
my $qmailqueue  = '/var/qmail/bin/qmail-queue';
# to:
my $qmailqueue  = '/usr/local/bin/crm114/crm_mailfilter';

cp -p qmail-scanner-queue.pl qmail-scanner-queue.pl.2003-01-21
vi qmail-scanner-queue.pl

where crm_mailfilter contains:
/usr/bin/crm mailfilter.crm | /var/qmail/bin/qmail-queue
chmod +x crm_mailfilter
chmod 4755 crm_mailfilter

edit mailfilterconfig.crm
cp mailfilterconfig.crm mailfilterconfig.crm.orig
change the Secret password.  Everything between / and /
ex:
alter (:spw:) /SecretPasswordGoesHere_No_Blanks!!!jkal984884hj87fryfjd9ie8ru9/
alter (:spw:) /buggabugga/

alter (:general_fails_to:) /:*:_env_LOGNAME:/
alter (:general_fails_to:) /spambucket@mail.schoenke.com/
 

Send some mail through the filter

command buggabugga spam
command buggabugga nonspam
command buggabugga blacklist spammer@spam.com
command buggabugga whitelist me@mydomain.com

cd ~alias
touch .qmail-spambucket
echo "&youremail@hostname.com" >> .qmail-spambucket

Once some messages have been classified as spam or non-spam, run the following commands

cp -p spam.css spam.css.orig
cp -p nonspam.css nonspam.css.orig

# Delete spam and nonspam.css files.
rm spam.css
rm nonspam.css

# Remake the css files.
make cssfiles
or
./crm114 learntest.crm spam.css < spamtext.txt
./crm114 learntest.crm nonspam.css < nonspamtext.txt

cd /root/source/bogofilter-0.10.0
./configure
configure: error: Can not locate a suitable BerkeleyDB db.h header file.
Use --with-db=PATH to specify the path to a v3+ install directory.
You can download BerkeleyDB 4.0.x from http://www.sleepycat.com
./configure --with-db=/usr/local/BerkeleyDB.4.0/
make
make install

cp bogofilter.cf.example /etc/bogofilter.cf
vi  /etc/bogofilter.cf

vi /etc/ld.so.conf
Add
/usr/local/BerkeleyDB.4.0/lib/
ldconfig

bogofilter -s < spam_message
bogofilter -n < non_spam_message

bogofilter -vvv < 1044255514.25094.mail |more

cd ~spam/Maildir/new
for i in `ls`; do  bogofilter -vvv < $i; done|more

openssl req -new > new.cert.csr
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Colorado
Locality Name (eg, city) [Newbury]:Lakewood
Organization Name (eg, company) [My Company Ltd]:Schoenke.com
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.schoenke.com
Email Address []:youremail@hostname.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

openssl rsa -in privkey.pem -out new.cert.key
cp new.cert.key /etc/httpd/conf/ssl.key/server.key

http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/custom-guide/s1-installation-selfsigned.html
http://en.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap24sec196.html
certificate routines:X509_check_private_key:key values mismatch
http://www.fnal.gov/docs/products/apache/SSLNotes.html
 

cd /etc/httpd/conf/ssl.key
mv server.key server.key.orig
mv server.key.new server.key
cd /etc/httpd/conf/ssl.crt
mv server.crt server.crt.orig
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt

Restart httpd
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

# Crontab format
# 1. minute of the hour, 00 to 59
# 2. hour of the day, 00 to 32 (military time)
# 3. day of the month, 1 to 31
# 4. month of the year, 1 to 12
# 5. day of the week, sun, mon, tue,....
# 6. actual command to execute
# an asterisk that matches all possible values,
# a single integer that matches that exact value,
# a list of integers separated by commas (no spaces)used to match any one of the values
# two integers separated by a dash (a range)used to match any value within the range.

# Add entry for crontab to run script hourly
0 * * * * /root/zoneclient/zoneclient.script >/dev/null 2>&1

mkdir zoneclient
cd zoneclient/
cp ~tyler/zoneclient.py.txt .
chmod +x zoneclient.py.txt
mv zoneclient.py.txt zoneclient.py
# FTP tyler\linux\root\zoneclient\zoneclient.script
cp ~tyler/zoneclient.script .
chmod +x zoneclient.script

# Set date and time in BIOS when booting computer.  The time must be accurate to within one hour of atomic clock.   NTP can not make an adjustment of more than one hour.

# NTP is installed by default with Redhat 7.3

cd
tar zxf ~tyler/ntp-4.1.0.tar.gz
cd ntp-4.1.0/
./configure
make
make check
make install

# Open port 123 on firewall to linux PC for NTP traffic
# 123 123 both 99 NTP for Network Time Sync

# Copy the ntp startup into /etc/rc.d/init.d/
# cp ~tyler/etc/rc.d/init.d/ntpd /etc/rc.d/init.d/
ln -s /etc/rc.d/init.d/ntpd /etc/rc.d/rc3.d/S86ntpd
# ln -s /etc/rc.d/init.d/ntpd /etc/rc.d/rc2.d/K14ntpd

# Create needed directories
# mkdir /var/lib/ntp
# mkdir /var/log/ntpstats
# copy the /etc/ntpd.conf
mv /etc/ntp.conf /etc/ntp.conf.orig
cp ~tyler/etc/ntp.conf /etc/
/etc/rc.d/init.d/ntpd start

# Create /etc/pam.d/webmail file with following information
#%PAM-1.0
auth    required  /lib/security/pam_pwdb.so shadow nullok
account required  /lib/security/pam_pwdb.so

# Create authdaemonrc file
cd /usr/local/share/sqwebmail/
cp authdaemonrc.dist authdaemonrc

# Start up the auth modules
/usr/local/share/sqwebmail/libexec/authlib/authdaemond start

# Create script to start these automatically on reboot
cd /etc/rc.d/init.d/
chmod a+x authdaemond
ln -s /etc/rc.d/init.d/authdaemond /etc/rc.d/rc3.d/S86authdaemond
ln -s /etc/rc.d/init.d/authdaemond /etc/rc.d/rc2.d/K14authdaemond

# To get the correct domain name to show up when the user logs in.
cd /usr/local/share/sqwebmail
touch defaultdomain
touch hostname
echo 'schoenke.com' >> defaultdomain
echo 'schoenke.com' >> hostname

# Perl is having problems.  Try reinstalling from source.
# Download stable.tar.gz from http://www.perl.com/

rm -f config.sh Policy.sh
sh Configure -de
make
make test
make install
 

## SKIP THIS because I got it working with the C wrapper instead of suidperl
# Make suidperl version 5.6.1 for the qmail-scanner program
make suidperl
cd /usr/bin
mv suidperl suidperl.bak
cd -
cp suidperl /usr/bin
chgrp qmail /usr/bin/suidperl
chmod 7710 /usr/bin/suidperl
chmod 4710 /usr/bin/suidperl

This turned out to be a major hassle.   I didn't think it would be that tough, but it really was.   HP-UX is so much easier.  RAID on Linux leaves much to be desired.

NOTE:  I did this without a backup, which I know is stupid, so don't be stupid like me.  !!! MAKE A BACKUP before you proceed if you value your data!!!

Here are the steps to convert an existing "live" disk to a mirrored pair.
hda - disk to be mirrored that contains "live" data
hdc - disk that RAID is set up on, and then after data is moved to RAID, it is mirrored over the "live" hda disk.

• Create partitions on hdc that match or exceed the partition sizes of hda.
• Set type of partitions to fd - RAID
• Set hdc boot partition to be bootable.
• Make raidtab with hda as a failed drive to create the RAID on hdc only.
• Create RAID.
• Copy data from hda partitions to hdc RAID partitions.
• Create boot floppy
• Reboot using boot floppy to boot RAID array (hdc).  hda is not affected at this point.
• If RAID booted successfully, add the "failed" hda into the RAID mirror.
• Check to see that mirror is in sync.
• Test to see that the RAID mirror works.

fdisk -l /dev/hda

Disk /dev/hda: 255 heads, 63 sectors, 1027 cylinders
Units = cylinders of 16065 * 512 bytes

   Device Boot    Start       End    Blocks   Id  System
/dev/hda1   *         1         6     48163+  83  Linux
/dev/hda2             7       994   7936110   83  Linux
/dev/hda3           995      1027    265072+  82  Linux swap

We need a drive that is the same size or larger than hda to create a mirror on.  I happen to have a second 8 GB drive to use as hdc.  Write down or print out the above geometry for hda, so you can duplicate it on hdc.

Prepare partitions on hdc for RAID1 (mirror)
fdisk /dev/hdc

• delete any existing partitions

D(elete), 2 - delete partition 2
D(elete), 1 - delete partition 1
W - write and exit
• Create new partitions

(N)ew, (P)rimary, 1, First Cylinder 1, Last cylinder 6
(N)ew, (P)rimary, 2, First Cylinder 7, Last cylinder 994 (this value matches hda)
(N)ew, (P)rimary, 2, First Cylinder 995, Last cylinder 1027
• Change Type on the partitions.  fd = RAID, 82 = Linux swap

(T)ype, 1, fd
(T)ype, 2, fd
(T)ype, 3, 82
• Write changes and Exit

(W)rite and exit

fdisk -ul /dev/hdc

Disk /dev/hdc: 255 heads, 63 sectors, 1027 cylinders
Units = sectors of 1 * 512 bytes

   Device Boot    Start       End    Blocks   Id  System
/dev/hdc1   *        63     96389     48163+  fd  Linux raid autodetect
/dev/hdc2         96390  15968609   7936110   fd  Linux raid autodetect
/dev/hdc3      15968610  16498754    265072+  82  Linux swap

Rebuild kernel with jbd, ext3, and raid support.  This is necessary, because Redhat 7.3 by default comes with modules for ext3, raid1, and jbd.   I don't think jbd is necessary since it is a debugger, but might as well add it to the kernel anyway.   This kernel has to go on a floppy to test the RAID configuration, and the default RH 7.3 kernel will not work with the modules from what I was able to tell.  I also had problems getting the RAID to mount when using the modules, but it came up fine with the RAID1 built into the kernel.

Here are the error messages that I got before I compiled the above components into the kernel instead of using the modules:
ext3-fs: unable to read superblock
mount: error 22 mounting ext3
piviotroot: pivot_root (/sysroot,/sysroot/initrd) failed: 2

kernel panic: no init found.  Try passing init= option to kernel.

/proc/mounts: no such file or directory
mount point /boot does not exist

swapon /dev/hda3: device or resource busy

After recompiling the kernel with ext3 and raid support, those messages went away.

# Output from lsmod before modules were removed from kernel
[root@mail etc]# lsmod
Module                  Size  Used by    Not tainted
raid1                  14404   2  (autoclean)
eepro100               20336   1
ide-scsi                9664   0
scsi_mod              108608   1  [ide-scsi]
ide-cd                 30272   0
cdrom                  32192   0  [ide-cd]
usb-uhci               24484   0  (unused)
usbcore                73152   1  [usb-uhci]
ext3                   67136   2
jbd                    49400   2  [ext3]

cd /usr/src/linux-2.4
make menuconfig

Change the following to built-in instead of Modules
Select Filesystems (ext3 and jdb)
Select Multi-device Support (RAID and LVM) RAID-1 support.
Exit and save kernel config

depmod -a
ldconfig

backup and modify lilo.conf

---- lilo.conf -----
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
linear
default=linux_custom

image=/boot/vmlinuz-2.4.18-3custom
        label=linux_custom
        initrd=/boot/initrd-2.4.18-3.img
        read-only
        root=/dev/hda2

image=/boot/vmlinuz-2.4.18-3
        label=linux
        initrd=/boot/initrd-2.4.18-3.img
        read-only
        root=/dev/hda2
        append="hdd=ide-scsi"
--- end lilo.conf ---
 

Test lilo config
lilo -t -C /etc/lilo.conf

If test looks good, apply lilo.conf
lilo -C /etc/lilo.conf

Toggle the bootable flag on /boot partition on hdc.
 

Also, as a side note:  Raiding hda and hdb will kill your performance
because an IDE controller isn't smart enough to talk to both of them at
full speed simultaneously.  If at all possible, move hdb to your second
IDE controller (making it hdc).

Current disk to be mirrored is hda
Set up new blank disk as hdc

mkswap /dev/hdc3
# add /dev/hdc3 to /etc/fstab as sawp device in addtion to /dev/hda3
/dev/hda3               swap                    swap    defaults        0 0
/dev/hdc3               swap                    swap    defaults        0 0

# Turn on all swap devices
swapon -a
# Show all swap devices
swapon -s

Create /etc/raidtab

# example raidtab
#
# md0 = /boot
raiddev /dev/md0
        raid-level      1
        nr-raid-disks   2
        nr-spare-disks  0
        chunk-size      32
        persistent-superblock   1
        device          /dev/hda1
        failed-disk     0
        device          /dev/hdc1
        raid-disk       1

# md1 = root
raiddev /dev/md1
        raid-level      1
        nr-raid-disks   2
        nr-spare-disks  0
        chunk-size      32
        persistent-superblock   1
        device          /dev/hda2
        failed-disk     0
        device          /dev/hdc2
        raid-disk       1
 

# Create both Raid drives
mkraid /dev/md0
mkraid /dev/md1

handling MD device /dev/md0
analyzing super-block
disk 0: /dev/hda1, failed
disk 1: /dev/hdc1, 48163kB, raid superblock at 48064kB

Check to see that raid drives are running.
[root@mail etc]# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hdc2[1]
      7936000 blocks [2/1] [_U]

md0 : active raid1 hdc1[1]
      48064 blocks [2/1] [_U]

unused devices: <none>

Format the boot and root devices with ext3 file systems:

    mkfs -t ext3 /dev/md0
    mkfs -t ext3 /dev/md1

Mount the new root device somewhere handy and create the /boot directory and mount the boot partition.

    mkdir /mnt/newboot
    mount -t ext3 /dev/md1 /mnt/newboot
    mkdir /mnt/newroot
    mount -t ext3 /dev/md0 /mnt/newroot

4.4 Copy the current OS to the new raid device

This is pretty straightforward.  This operation can be tricky if you have mounted or linked other disks to your root file system. The example above assumes a very simple system, you may have to modify the procedure somewhat.

# copy all directories from root to the newroot partition.  Skip /mnt/proc and nfs mounts
cd /
unalias cp
for i in "bin command dev etc home initrd lib opt package root sbin service tmp usr var"
do
   cp -ax $i /mnt/newroot
done
cd /mnt/newroot
mkdir /boot
mkdir /proc
mkdir -p /mnt/cdrom
mkdir /mnt/floppy
 

# Copy the /boot filesystem to its new location.
cd /boot
cp -ax . /mnt/newboot

I am getting the following error messages after unmounting, then stopping and trying to restart md0 and md1.
md: can not import hda1, has active inodes!
md: could not import hda1!
md: autostart hda1 failed!
md: can not import hda2, has active inodes!
md: could not import hda2!
md: autostart hda2 failed!
 

4.5 Test your new RAID

This will probably not work unless all required modules are compiled into the kernel, such as ext3 and raid support.  A boot floppy can not load modules.

/dev/md0                /boot                   ext3    defaults        1 1
/dev/md1                /                       ext3    defaults        1 2
/dev/hdc3               swap                    swap    defaults        0 0

    umount /mnt/newboot
    umount /mnt/newroot
    raidstop /dev/md0
    raidstop /dev/md1

Move raidtab so that the RAID does not auto-start if machine is booted from hda

    mv /etc/raidtab /etc/raidtab.backup
    shutdown -r now

If something did not work, reboot your old system and go back and fix things up until you successfully complete this step.

raidhotadd /dev/md0 /dev/hda1
raidhotadd /dev/md1 /dev/hda2

lilo -t -C /etc/lilo.conf

lilo with md0 worked
rebooted without floppy

cat /proc/mdstat
# only hdc1, hdc2 active

dmesg output
md1: former device hda2 is unavailable, removing from arrary!
md: RAID level 1 does not need chunksize! Continuing anyway.
raid1: device hdc2 operational as mirror 1

change type from 83-linux to fd-linux raid autodetect

fdisk
t, 1, fd
t, 2, fd
(w)rite
 

Testing
unplug hda, reboot, make sure the OS comes up, reboot, plug hda back in, resync
cat /proc/mdstat shows both drives in sync

Personalities : [raid1]
read_ahead 1024 sectors
md0 : active raid1 hdc1[1] hda1[0]
      48064 blocks [2/2] [UU]

md1 : active raid1 hdc2[1] hda2[0]
      7936000 blocks [2/2] [UU]

unused devices: <none>

Here is the error message output from dmesg

 
md: raid1 personality registered as nr 3
md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: Autodetecting RAID arrays.
 [events: 0000002c]
 [events: 0000002c]
 [events: 0000002a]
 [events: 0000002a]
md: autorun ...
md: considering hdc2 ...
md:  adding hdc2 ...
md:  adding hda2 ...
md: created md1
md: bind<hda2,1>
md: bind<hdc2,2>
md: running: <hdc2><hda2>
md: hdc2's event counter: 0000002a
md: hda2's event counter: 0000002c
md: superblock update time inconsistency -- using the most recent one
md: freshest: hda2
md: kicking non-fresh hdc2 from array!
md: unbind<hdc2,1>
md: export_rdev(hdc2)
md1: removing former faulty hdc2!
md: RAID level 1 does not need chunksize! Continuing anyway.
md1: max total readahead window set to 508k
md1: 1 data-disks, max readahead per data-disk: 508k
raid1: device hda2 operational as mirror 0
raid1: md1, not all disks are operational -- trying to recover array
raid1: raid set md1 active with 1 out of 2 mirrors
md: updating md1 RAID superblock on device
md: hda2 [events: 0000002d]<6>(write) hda2's sb offset: 7936000
md: recovery thread got woken up ...
md1: no spare disk to reconstruct array! -- continuing in degraded mode
md: recovery thread finished ...
md: considering hdc1 ...
md:  adding hdc1 ...
md:  adding hda1 ...
md: created md0
md: bind<hda1,1>
md: bind<hdc1,2>
md: running: <hdc1><hda1>
md: hdc1's event counter: 0000002a
md: hda1's event counter: 0000002c
md: superblock update time inconsistency -- using the most recent one
md: freshest: hda1
md: kicking non-fresh hdc1 from array!
md: unbind<hdc1,1>
md: export_rdev(hdc1)
md0: removing former faulty hdc1!
md: RAID level 1 does not need chunksize! Continuing anyway.
md0: max total readahead window set to 508k
md0: 1 data-disks, max readahead per data-disk: 508k
raid1: device hda1 operational as mirror 0
raid1: md0, not all disks are operational -- trying to recover array
raid1: raid set md0 active with 1 out of 2 mirrors
md: updating md0 RAID superblock on device
md: hda1 [events: 0000002d]<6>(write) hda1's sb offset: 48064
md: recovery thread got woken up ...
md0: no spare disk to reconstruct array! -- continuing in degraded mode
md1: no spare disk to reconstruct array! -- continuing in degraded mode
md: recovery thread finished ...
md: ... autorun DONE.

checked mdstat until everything was synced up again.

without powering down, unplug  power to hdc, reboot, make sure the OS comes up, reboot, plug hdc back in, resync
unplugged power to hda
no response fore several minutes.  Manually rebooted machine with hda still unplugged.
booted fine from hdc only.
dmesg output:
 

md: raid1 personality registered as nr 3
md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: Autodetecting RAID arrays.
 [events: 00000025]
 [events: 00000025]
md: autorun ...
md: considering hdc2 ...
md:  adding hdc2 ...
md: created md1
md: bind<hdc2,1>
md: running: <hdc2>
md: hdc2's event counter: 00000025
md1: former device hda2 is unavailable, removing from array!
md: RAID level 1 does not need chunksize! Continuing anyway.
md1: max total readahead window set to 508k
md1: 1 data-disks, max readahead per data-disk: 508k
raid1: device hdc2 operational as mirror 1
raid1: md1, not all disks are operational -- trying to recover array
raid1: raid set md1 active with 1 out of 2 mirrors
md: updating md1 RAID superblock on device
md: hdc2 [events: 00000026]<6>(write) hdc2's sb offset: 7936000
md: recovery thread got woken up ...
md1: no spare disk to reconstruct array! -- continuing in degraded mode
md: recovery thread finished ...
md: considering hdc1 ...
md:  adding hdc1 ...
md: created md0
md: bind<hdc1,1>
md: running: <hdc1>
md: hdc1's event counter: 00000025
md0: former device hda1 is unavailable, removing from array!
md: RAID level 1 does not need chunksize! Continuing anyway.
md0: max total readahead window set to 508k
md0: 1 data-disks, max readahead per data-disk: 508k
raid1: device hdc1 operational as mirror 1
raid1: md0, not all disks are operational -- trying to recover array
raid1: raid set md0 active with 1 out of 2 mirrors
md: updating md0 RAID superblock on device
md: hdc1 [events: 00000026]<6>(write) hdc1's sb offset: 48064
md: recovery thread got woken up ...
md0: no spare disk to reconstruct array! -- continuing in degraded mode
md1: no spare disk to reconstruct array! -- continuing in degraded mode
md: recovery thread finished ...
md: ... autorun DONE.

rebooted with hda plugged in again.
cat /proc/mdstat shows that hda is not part of RAID
raidhotadd /dev/md0 /dev/hda1        (less than 1 minute)
raidhotadd /dev/md1 /dev/hda2        (approx. 20 minutes)

Disk /dev/hdc: 255 heads, 63 sectors, 1027 cylinders
Units = sectors of 1 * 512 bytes

   Device Boot    Start       End    Blocks   Id  System
/dev/hdc1   *        63     96389     48163+  fd  Linux raid autodetect
/dev/hdc2         96390  15968609   7936110   fd  Linux raid autodetect
/dev/hdc3      15968610  16498754    265072+  82  Linux swap

cd /etc/samba

vi smb.conf and change the following
workgroup = WORKGROUP
 

Create Samba user tyler that corresponds to NT user administrator.  This will then prompt for a Samba password.
smbadduser tyler:administrator

# Change case to lower for samba mounts.  This is because the virus definitions need to be in lowercase.
vi /etc/samba/smb.conf
preserve case = no
default case = lower
case sensitive = no
 
 

Start Samba daemons
/etc/rc.d/init.d/smb start
 

Set service to start at boot
chkconfig --level 2345 smb on

chkconfig --list

chkconfig --level 2345 isdn off
chkconfig --level 2345 pcmcia off
chkconfig --level 2345 lpd off
chkconfig --level 2345 sendmail off

tksysv and linuxconf will do the trick. Also on RH71, you can use the
chkconfig utility (man chkconfig). Basically:

/sbin/chkconfig --list (to view all daemons)
/sbin/chkconfig --list | grep ':on' (to view those set to run)
/sbin/chkconfig --level 234 httpd on (sets httpd daemon to autostart on
runlevels 2,3,&4)

Upgrade Apache to httpd-2.0.47
file:///C:/Data/TYLER/webpage_new/tyler/apache2php.html
    $ ./configure --prefix=PREFIX
./configure \
 --enable-so \
 --enable-cgi \
 --enable-info \
 --enable-rewrite \
 --enable-speling \
 --enable-usertrack \
 --enable-deflate \
 --enable-ssl \
 --enable-mime-magic
     $ make
     $ PREFIX/bin/apachectl stop
     $ make install
Add following line to /etc/ld.so.conf
/usr/local/apache2/lib
ldconfig

     $ PREFIX/bin/apachectl start
[root@mail conf]# diff httpd.conf httpd.conf.orig
291d290
< ServerName www.schoenke.com
307,308c306
< #DocumentRoot "/usr/local/apache2/htdocs"
< DocumentRoot /var/www/html
---
> DocumentRoot "/usr/local/apache2/htdocs"
1068,1075d1065
<
< NameVirtualHost *
<
< <VirtualHost *>
< ServerName www.schoenke.com
< DocumentRoot /var/www/html
< </VirtualHost>
<

List modules
../bin/httpd -l

Fix for apache2
 /usr/local/apache2/conf/httpd.conf
# ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

# CustomLog logs/access_log common
CustomLog /var/log/httpd/access_log common
 

cp -r ssl.crt /usr/local/apache2/conf/
 
 

/usr/lib/courier-imap/libexec/imapd-ssl.rc stop
/usr/lib/courier-imap/libexec/imapd-ssl.rc start

/usr/lib/courier-imap/libexec/pop3d-ssl.rc start

 

tcp        0      0 192.168.101.99:37982    xmlrpc.rhn.redhat:https ESTABLISHED
 /usr/local/apache2/bin/apachectl stop

cd /etc/httpd/conf/ssl.crt
openssl rsa -outform PEM -in ../ssl.key/server.key -out schoenke.com.pem
cd /usr/lib/courier-imap/share/
mv imapd.pem imapd.pem.orig
openssl genrsa -out imapd.pem 1024
Open the server.crt file and copy the text, then paste into imapd.pem
cat /etc/httpd/conf/ssl.crt/schoenke.com.pem >> /usr/lib/courier-imap/share/imapd.pem

cd
cd source/
tar zxvf ~tyler/software/webalizer-2.01-10-src.tgz
cd webalizer-2.01-10/
./configure --enable-dns
# Change db.h to db1/db.h in the following two files
vi dns_resolv.c
vi webalizer.c
make
make install

#usage
cd /var/www/html/
mkdir webalizer
cd webalizer/

# Copy webalizer.conf over from C:\Data\TYLER\LINUX\var\www\html\webalizer
Changes to webalizer.conf
#Incremental    no
Incremental     yes

#DNSCache       dns_cache.db
DNSCache        dns_cache.db

#DNSChildren    0
DNSChildren     5
 

webalizer /var/log/httpd/access_log

# Copy webalizer_script over from tyler\linux\var\scripts
# Add crontab entry to run daily at 01:00
* 1 * * * /var/scripts/webalizer_script >/dev/null 2>&1

# Cache DNS to IP addresses
 for i in /var/log/*/access_log*; do   webazolver -N 20 -D dns_cache.db $i; done

vi /usr/local/apache2/conf/httpd.conf

#AddType application/php4script .php
#Action application/php4script /cgi-bin/php

chown -R nobody data
chgrp -R nobody data

mkdir /var/squirrelmail
chgrp -R nobody /var/squirrelmail
chmod 730 /var/squirrelmail

http://www.schoenke.com/squirrelmail-1.4.2

/usr/local/apache2/bin/apachectl stop
http://us3.php.net/get/php-4.3.3.tar.bz2/from/a/mirror
./configure --with-apxs2=/usr/local/apache2/bin/apxs \
 --with-gettext --with-xml \
 --prefix=/usr/local/apache2/php

make
make install
cp php.ini-dist /usr/local/lib/php.ini
or cp -p php.ini-recommended /usr/local/lib/php/php.ini
vi /usr/local/apache2/conf/httpd.conf
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
# Make sure there's only **1** line with this directive:
LoadModule php4_module        modules/libphp4.so

# Add index.php to your DirectoryIndex line:
DirectoryIndex index.html index.php

AddType application/x-httpd-php php

# PHP Syntax Coloring (recommended):
AddType application/x-httpd-php-source phps
/usr/local/apache2/bin/apachectl stop
/usr/local/apache2/bin/apachectl start

Turba
ftp://ftp.horde.org/pub/turba/turba-1.2.tar.gz