Linux is an Open Source version of Unix developed by Linus Torvalds to port Unix to the Intel x86 processor [Torvalds+ 01]. This made Unix available on the most ubiquitous computer hardware that has ever existed, and therefore available to almost everyone. Linux has since been ported to almost every processor and function one could imagine, including game-boxes, personal digital assistants (PDAs), personal digital video recorders , and IBM mainframes, expanding the original concept of Unix for x86 to Unix for everything. Linux isn't the only version of Unix available to most people (also notable are the various BSD variants, also Open Source), but it's by far the most popular. In this chapter, we discuss how to get Linux, how to install it, and some of the basic commands. Here we are caught in a familiar bind: If you are familiar with Linux, this will be too simplistic, and if you are not, it will not be nearly enough. If you are in the former category, you can skim or skip this chapter; if the latter, we try to point you in the right direction. 2.1.1 Linux DistributionsAlthough Linux is free and Open Source, and you can download individual packages and compile them all yourself, that's rather masochistic. Most people get Linux as a packaged distribution from a vendor, either by paying for a CD or downloading it. The distribution route is fast and easy and resolves many hardware and software dependency issues (though not all of them). Paying for a CD both gives the prospective user the documentation and usually some degree of technical support, and supports the companies that propagate and improve Linux. Many individuals, organizations, and companies make Linux distributions for different purposes and with different philosophies. The following is a quick list of the main ones, in no particular order (see www. distrowatch .com to keep up with them):
There's also Immunix, a distribution based on Red Hat, which is hardened for security. The NSA also makes a secure version of Linux (see www.nsa.gov/selinux/). Because we have to choose something, Red Hat Linux version 7 (the latest distribution as of this writing [1] ) will be our base. Aside from the usual holy wars about Linux distributions (and you can always roll your own from the source) or Linux versus BSD, we've found that Red Hat is the one you're most likely to be able to walk into a store in the United States and buy. Although this is not an endorsement, [2] Red Hat does a good job of keeping up to date with bug fixes and security issues and making its distribution relatively painless. Many resources are available for Red Hat, and one of our favorites, the Unix System Administration Handbook, Third Edition [Nemeth+ 01], now includes Red Hat Linux explicitly, which is very nice since Red Hat, like all the other distributions of Linux, does things slightly different from other Unices. [3]
The directory structure referenced here is based on Red Hat. The Red Hat structure differs slightly from the Filesystem Hierarchy Standard, aka Linux Filesystem Standard (www.pathname.com/fhs/). All the configurations and directory structures we discuss in this book are based on the standard Red Hat RPMs. However, you can use any other Linux distribution or package manager if you prefer, including ./configure; make; make install . If you've already installed a non “Red Hat Linux, you should be able to translate these instructions to another distribution with little difficulty. 2.1.2 Download and InstallThe easiest way to get this free software is to pony up a sawbuck or two for a shrink-wrapped CD with instructions ”this might seem an oxymoron, but it's a capitalistic society. Or get it from www.cheapbytes.com for a very minimal cost. Because most of this is Open Source software, you don't have to buy any of it ”you can download it for free. But free might not be cheap, depending on how you value your time. Failing that, you can download the software from Red Hat (or whatever distribution you choose) or a mirror under your existing non-Linux software and burn a CD or do a network install. Having a CD around is nice for reinstalling, fixing problems, having a backup, and other necessary tasks . One issue to consider if you aren't purchasing a distribution with a CD, printed instructions, and so forth, is that the computer won't have a network connection or browser or printer while you are doing the installation, so you have to be prepared and have access to the instructions, documentation, etc., beforehand ”it's not always feasible to stop in the middle because you don't know the answer to a question. Once you start installing Linux, you can't click on the browser (on that machine ”if you have another, no problem) and look up the answer ”the browser won't be installed yet. We're going assume you have a CD in hand, because otherwise the options branch too much for us to cover all the complications, and if you aren't installing from a CD, you aren't going to take our advice anyway ” you know what you are doing. Once you have the software in hand, you can run the installer (whether Red Hat or not, most are fairly painless these days), following either the instructions you printed or the book you got with your distribution. Having learned from experience, we highly recommend keeping an old-fashioned paper logbook of your setup, starting with how your disk is partitioned. If you have to tweak some odd configuration, you'll be very happy two years from now when you're installing your new system on your 5GHz Pentium 9 if you've written it down and very frustrated if you haven't ” especially when you're trying to recover your system after that hard disk that you got for $50 from Joe Bob's Computer Hut dies. The utility of keeping it on paper should be obvious, as is the canard about computers making for a paperless society. Back up your important data, and keep track of changes made to system configuration files somewhere other than on your system. It's also a really good idea to make a copy of any configuration file before you change it, renaming it with the date, and placing it out of the install path. Extensions ”.orig, .bak, etc. ”are not recommended because many install scripts use those to save the files they're about to overwrite. Consider keeping a directory in your home path with the latest version of working configuration files, in addition to backups and paper copies, or better yet, on another computer entirely. You could also use something more technical for this purpose, such as CVS. 2.1.3 Decisions, DecisionsBefore you start the installation, you must make some important decisions about your installation. Do you want to have a dual Windows/Linux boot or run strictly Linux? If you dual boot, do you want to put both operating systems on one disk, or do you want to install another hard drive for Linux? Is this going to be a workstation in addition to being a server, or strictly a command line interface (CLI) accessed server? One advantage of dual booting is that you get to keep all the Windows software you already paid for, because of the nonmonopolistic practices that make it easy for you to buy a computer without a Microsoft operating system preinstalled (sarcasm alert!). [4] With dual booting, you can even run Windows under an emulator in Linux.
But if this machine is to be a full-time webserver , not a user machine, you may want to keep things simple and go with Linux as your only operating system. This does make installation much simpler. N If you decide to go strictly with Linux, you can't go back to Windows without reformatting your hard disk and reinstalling Windows. As always, before you start any major system task like this, back up ! Back your system up ”you can lose everything when you start playing with fundamental things like disk partitions. At the very least, copy your important files to another computer, a CD-ROM, a tape, or an external disk. Therefore, there are several installation options.
2.1.4 Linux Partition SizesYou should create several partitions for Linux (see Table 2.1). You could use a single partition, but your life as a sysadmin and webmaster will be easier if you create several. The advantage to having several partitions is that it provides a degree of protection against filling up a disk, or accidently overwriting data, or should you need to reinstall the system, losing user data. It also makes for simpler upgrades because the system software will be installed into its own partition and will leave /home alone. Table 2.1. Recommended Linux Partition Sizes.
Red Hat uses software called Disk Druid to partition the disk during installation. You can have the Red Hat installer automatically partition the disk if you wish. Assuming you have a 10GB disk, we recommend making these partitions. If you have a larger disk, you could add extra partitions for such things as /web [6] and /root , and add more space in /home and /usr .
After you've backed up and partitioned, the next thing to do is insert the Linux installation CD and reboot from it. Follow the directions included with your distribution, and install everything. [7] You probably have no need for Samba, cluster software, multiple language support, etc., but you can turn this stuff off and remove it later after reading HLE. It's possible to install Linux using a very small amount of disk space (a few megabytes), but this requires some know-how, and if you really have gigabytes of disk space, it's not worth doing ”it isn't Linux that'll be using it up, it's your MP3s. You do need to install the development packages so that you will have a compiler environment because some of the software that will be installed later will have to be compiled. If this is to be a user machine in addition to a webserver, install one or more of the graphical user interfaces (GUIs), KDE or Gnome.
In the best of all possible worlds , the webserver itself would be separate from the machine on which code is developed and tested, and the webserver would run only the necessary daemons to be a secure server, and all the X Windows and Gnome/KDE GUI and development code would be necessary only on the development machine. For most of us, however, the server and development box will be one and the same, meaning that you should install everything you want on this one machine. 2.1.5 AccountsThe installer will ask you to create at least one account, the root account. The root account, or superuser, is the godlike figure of the system. Just like the real Supreme Being, as countless explanatory tales from Paradise Lost onward tell, it's easy to use your rootly powers for destructive purposes, and it requires care to use your superpowers only for good ”that is, you can screw up your system royally if you rm -rf * under the # prompt. At this time, it would be convenient to create at least one other user account for yourself and an account for any other user of the system. Other users can be added later. As a general practice, you should not log in as root but as a user; then su to a root account.
The Red Hat installer creates several other users for specific purposes: Apache will be owned by the apache user, Squid under squid , etc. This is part of a strategy to keep powerful daemons that run on low ports walled away from the root account. Ports numbered under 1024 are owned by root , and by accessing one of these ports, a cracker could compromise your system. Apache runs on port 80 and thus must have this sort of access, but it can be walled off from an actual root account by running under its own user, which has certain powers but isn't root .
2.1.6 SecurityRed Hat now allows you to pick the services turned on during installation; in fact, it actively requires that you turn things on. Woo-hoo! This is a major security improvement and much better than in the old days (two years ago), when everything was turned on by default, and the secure user had to know to go through and turn things off. Leave everything off except secure services that you know you will use, such as secure shell (SSH). Do not turn on FTP, Telnet, Apache ( httpd ), or any of the other services. Not to worry ”when and if they are needed, they can be started later in a secure fashion. Red Hat also allows you to pick a firewall level of security during installation, with the default of medium. Choose this for now. Once you get started or even before, read Hacking Linux Exposed [Hatch+ 00]. Build a firewall and implement a log-watching program and a tripwire. Investing $80 in a firewalled router (such as an SMC Barricade) is a cheap first (but not last) step toward security.
|