This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C200FD.857FA57A Content-Type: text/plain I am pretty new to Linux and have limited knowledge. I have the Ret Hat Linux v7.3 CD''s and am ready to install it, but would like to know how exactly I install it as minimal as possible to run as only a shorewall/iptables firewall with a DMZ. Todd De Ryck Todd.deryck@eds.com ------_=_NextPart_001_01C200FD.857FA57A Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2655.61"> <TITLE>Minimal Linux Install</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2 FACE=3D"Arial">I am pretty new to Linux and have limited knowledge. I have the Ret Hat Linux v7.3 CD''s and am ready to install it, but would like to know how exactly I install it as minimal as possible to run as only a shorewall/iptables firewall with a DMZ.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Arial">Todd De Ryck</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">Todd.deryck@eds.com</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C200FD.857FA57A--
Le Mardi 21 Mai 2002 21:27, De Ryck, Todd a écrit :> I am pretty new to Linux and have limited knowledge. I have the Ret Hat > Linux v7.3 CD''s and am ready to install it, but would like to know how > exactly I install it as minimal as possible to run as only a > shorewall/iptables firewall with a DMZ.You might give a try to Bering. A single floppy based distro using shorewall. http://leaf.sf.net/devel/jnilo Jacques
On Tue, 21 May 2002, De Ryck, Todd wrote:> I am pretty new to Linux and have limited knowledge. I have the Ret Hat > Linux v7.3 CD''s and am ready to install it, but would like to know how > exactly I install it as minimal as possible to run as only a > shorewall/iptables firewall with a DMZ. >I''ve listed the packages that I have on my firewall at: http://www.shorewall.net/pub/shorewall/misc/packages.txt During the installation, you are given the opportunity to select packages individually. You can use my list a a guide. I don''t claim that my set is the minimum necessary as I have installed a number of non-essential packages; nevertheless, my list represents a usable set of packages that results in a very small set of running processes: [root@gateway root]# mx PID TTY STAT TIME COMMAND 1 ? S 0:03 init [3] 2 ? SW 0:00 [keventd] 3 ? SW 0:00 [kapmd] 4 ? SWN 0:00 [ksoftirqd_CPU0] 5 ? SW 0:00 [kswapd] 6 ? SW 0:00 [bdflush] 7 ? SW 0:00 [kupdated] 8 ? SW 0:00 [scsi_eh_0] 9 ? SW 0:01 [kjournald] 83 ? SW 0:00 [khubd] 148 ? SW 0:00 [kjournald] 683 ? S 0:07 syslogd -m 0 688 ? S 0:00 klogd -x 794 ? S 0:00 /usr/local/sbin/pptpd 3204 ? S 0:00 /usr/sbin/apmd -p 10 -w 5 -W -P /etc/sysconfig/apm-scripts/apmscript 3224 ? SL 0:00 ntpd -U ntp -g 3255 ? S 3:23 /usr/sbin/snmpd -s -l /dev/null -P /var/run/snmpd -a 3273 ? S 0:17 /usr/sbin/sshd 3324 ? S 0:00 gpm -t ps/2 -m /dev/mouse 3342 ? S 0:00 crond 3402 ? S 0:00 login -- root 3403 tty2 S 0:00 /sbin/mingetty tty2 3406 tty1 S 0:00 -bash 8573 ? S 0:00 /usr/sbin/dhcpd eth2 [root@gateway root]# Note that some of the packages that I have installed are not available from RedHat but they shouldn''t be needed in most environments. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
"De Ryck, Todd" wrote:> I am pretty new to Linux and have limited knowledge. I have the Ret > Hat Linux v7.3 CD''s and am ready to install it, but would like to > know how exactly I install it as minimal as possible to run as only > a shorewall/iptables firewall with a DMZ.I''ve put a list similar to Tom''s on my web page: http://paulgear.webhop.net/redhat_packages.txt I use RH 7.2, not 7.3 (haven''t had the time to upgrade yet), and like Tom, i make no claims that the package set is minimal. My package list is sorted by group and includes the size so that i can print it out and keep it next to me whenever i do an install or upgrade. I install X (which is certainly not minimal) because i want to use X tools like ethereal and up2date (although you can use both of these without X - dunno what the interface is like). If you are pretty new to Linux and have limited knowledge, make sure you sign up for the Red Hat Network. Install the packages rhn_register and up2date (and their -gnome equivalents if reqired), and run rhn_register after you''re connected to the ''Net. Then they will email you whenever there is a security problem with one of your packages, and you can upgrade it easily. (You can choose not to send your details to them, but i am fairly liberal with giving my hardware inventory and package list to Red Hat, since i figure they will support my aging hardware for longer if they know it''s there. :-) Paul http://paulgear.webhop.net
On Wed, 22 May 2002, Paul Gear wrote:> > If you are pretty new to Linux and have limited knowledge, make sure > you sign up for the Red Hat Network. Install the packages > rhn_register and up2date (and their -gnome equivalents if reqired), > and run rhn_register after you''re connected to the ''Net. Then they > will email you whenever there is a security problem with one of your > packages, and you can upgrade it easily.I also think that this is a valuable service -- in fact I pay for it (I download the software and burn my own CDs so I think that it''s only reasonable that I pay RedHat for the update service). I used to manage my own downloads for updates and it''s a PITA if you have four Linux systems as I do (one uses i586 rpms, one is an athlon and two are i686''s). Much easier to just type "up2date -u" and forget it. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> On Wed, 22 May 2002, Paul Gear wrote: > > > If you are pretty new to Linux and have limited knowledge, make sure > > you sign up for the Red Hat Network. Install the packages > > rhn_register and up2date (and their -gnome equivalents if reqired), > > and run rhn_register after you''re connected to the ''Net. Then they > > will email you whenever there is a security problem with one of your > > packages, and you can upgrade it easily. > > I also think that this is a valuable service -- in fact I pay for it (I > download the software and burn my own CDs so I think that it''s only > reasonable that I pay RedHat for the update service).Note that you don''t *have* to pay for it though, folks. You can register each system separately and manage it separately for free. (I say this not to encourage you not to pay, but to encourage you to sign up regardless.) Paul http://paulgear.webhop.net
On 21 May 2002 at 17:30, Tom Eastep wrote:> On Wed, 22 May 2002, Paul Gear wrote: > > > > > If you are pretty new to Linux and have limited knowledge, make sure > > you sign up for the Red Hat Network.> I also think that this is a valuable service -- in fact I pay for it (I > download the software and burn my own CDs so I think that it''s only > reasonable that I pay RedHat for the update service). I used to manage > my own downloads for updates and it''s a PITA if you have four Linux > systems > as I do (one uses i586 rpms, one is an athlon and two are i686''s). MuchSuse has the same capabllity with YAST2 (gui or text mode). It will only install security patches when used this way. There may be many newer packages out there on their site but only the security patches will be automatically updated. And it has never once put me in RPM hell (chaseing dependencies). ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/