LASG - Installation of Linux

Installation of Linux

Bastille Linux

A proper installation of Linux is the first step to a stable, secure system. There are various tips and tricks to make the install go easier, as well as some issues that are best handled during the install (such as disk layout).

Choosing your install media

This is the #1 issue that will affect speed of install and to a large degree safety. My personal favorite is ftp installs since popping a network card into a machine temporarily (assuming it doesn't have one already) is quick and painless, and going at 1+ megabyte/sec makes for quick package installs. Installing from CD-ROM is generally the easiest, as they are bootable, Linux finds the CD and off you go, no pointing to directories or worrying about filename case sensitivity (as opposed to doing a harddrive based install). This is also original Linux media and you can be relatively sure it is safe (assuming it came from a reputable source), if you are paranoid however feel free to check the signatures on the files.

FTP - quick, requires network card, and an ftp server (Windows box running something like warftpd will work as well).
HTTP – also fast, and somewhat safer then running a public FTP server for installs
Samba - quick, good way if you have a windows machine (share the CDROM out).
NFS - not as quick, but since NFS is usually implemented in most existing UNIX networks (and NT now has an NFS server from MS for free) it's mostly painless. NFS is the only network install supported by Red Hat’s kickstart.
CDROM - if you have a fast CDROM drive, your best bet, pop the CD and boot disk in, hit enter a few times and you are done. Most Linux CDROM’s are now bootable.
Harddrive - generally the most painful, windows messes up filenames/etc, installing from an ext2 partition is usually painless though (catch 22 for new users however).

CD ISO images

If you want to burn your own CD of distribution X, then head over to http://freeiso.linuxsw.net/ and burn it onto CD.

Red Hat kickstart

Red hat provides a facility for automating installs, which can be very useful. Simply put you create a text file with various specifications for the install, and point the Red Hat installer at it, then sit back and let it go. This is very useful if rolling out multiple machines, or giving users a method of recovery (assuming their data files are safe). You can get more information at: http://www.redhat.com/mirrors/LDP/HOWTO/KickStart-HOWTO.html.

It ain't over 'til...

So you've got a fresh install of Linux (Red Hat, Debian, whatever, please, please, DO NOT install really old versions and try to upgrade them, it's a nightmare), but chances are there is a lot of extra software installed, and packages you might want to upgrade or things you had better upgrade if you don't want the system compromised in the first 15 seconds of uptime (in the case of BIND/Sendmail/etc.). Keeping a local copy of the updates directory for your distributions is a good idea (there is a list of errata for distributions at the end of this document), and making it available via NFS/ftp or burning it to CD is generally the quickest way to make it available. As well there are other items you might want to upgrade, for instance imapd or bind. You will also want to remove any software you are not using, and/or replace it with more secure versions (such as replacing RSH with SSH).

Bastille Linux

If you are running Red Hat Linux you might want to use the Bastille Linux hardening script available at: http://www.bastille-linux.org/.

Back

Written by Kurt Seifried