CSC 175: Linux Installation Instructions This document applies only to the isolated network in Adams 019 Please Follow Carefully This guide is meant to accompany my in-class demonstration and other explanations. There is never any excuse for not attending a class. A small, private network has been created for half the workstations in Adams 019. A server-class machine in adams 017 has been configured as a router/firewall. This machine separates the outside Internet from the internal network. To the internal network this machine is known as 10.1.0.98 (starbase), while from outside it is known as 96.57.41.74. This address is in fact independent of the Hofstra network, which does not trust its law-abiding faculty and students. All machines on our private network use 10.1.0.98 as their "gateway" (and name server). 1. Form groups. There cannot be any groups with less than two people or more than three people. Your group may be graded for collaboration, attendance, timeliness, and the ability to follow instructions. At any point, any member of a group may be asked to answer questions. Group projects will be graded by the least knowledgeable individual. 2. Once your group has informed the professor of your members, you will be assigned a workstation in Adams 019 and be given a "password". You must set your system to use this root password when installing Linux. You will also be given an IP address - and you must set up your system to use that address. YOU MAY NOT CHANGE THE ROOT PASSWORD. 3. Pick a one-word "hostname" for your machine. A secret name domain, "secret.hofstra.edu" has been created for the purpose of our class. This domain is not visible to the outside Internet and anyone who reveals its existence will be quietly taken care of. For example, if you pick "machine3" as the name of your machine, then your machine's full hostname will be machine3.secret.hofstra.edu. You will install Fedora 18 Linux. The procedure described below applies only to machines in Adams 019, which are connected to the router/firewall named starbase.secret.hofstra.edu, and has an IP address 10.1.0.98 - this machine will also be your "default gateway." Essentially, your first assignment is to install Linux from the network. CAVEAT: the instructions below form a general *guide* - What you actually encounter may vary. 4. Download a .iso disk image from a Fedora mirror (links on class homepage). You should just need the network instllation disk. Burn the disc. (booting from a pen drive is also possible). Please use this disk instead of the "live desktop" disk, which is incomplete. 6. The installation program will prompt you to set up the basic TCP/IP configuration. A. DO NOT SELECT automatic IP address assignment. B. Enter the IP (v4) address that I GAVE YOU. C. Enter 16 or 555.255.0.0 as the subnet mask (in the notation ip/mask) D. Enter 10.1.0.98 as the default gateway E. Enter 10.1.0.98 as the primary DNS (name server) F. Enter 167.206.112.138 as the secondary DNS (if ever prompted) G. Enter your hostname in the format whatever.secret.hofstra.edu If you mess up, start over. 7. When prompted for the URL, enter ftp://10.1.0.98/pub/fd14 8. Another important part of the installation process is to partition your hard drive. SELECT THE "CUSTOMIZE" or "CREATE CUSTOM LAYOUT" OPTION. DO NOT USE THE DEFAULT SETTINGS! Since some these machines were used by csc175 students during previous semesters, you may find that many partitions already exist. DO THIS PART VERY CAREFULLY: Delete the "swap" and "ext3" (or "ext4") partitions Do NOT delete any FAT or NTFS partitions. However, you may see a 31 byte vfat partition. Delete that. 9. Create a swap partition of 2 to 4 gigs (2048-4096 megs) It is considered politically correct to create several different "ext3" or "ext4" partitions when you install linux. However, for beginners I suggest creating a single large "ext4" partition with mount point at "/". The size of the "/" paritition should be about 12 gigs. NOTE: DO NOT USE ALL AVAILABLE SPACE FOR YOUR LINUX INSTALLATION Be sure to select formating the partitions. ******************** ** Show the professor your partition settings before committing them. ** ******************** 10. If Fedora would ask you if you want to do an "upgrade" or install a new system. Install a new system. Next you'll need to select the packages to install. Be sure to select the "Customize Now" option. Pick either KDE or Gnome (but not both). I like KDE but Redhat prefers Gnome. It's really a matter of personal taste. Check all the packages that sound like they have something to do with networking. Also select the "development" packages. But don't worry too much if you didn't install all the packages you needed because it's not hard to add them later. Do NOT install "Everything". Try to keep the total size of your installation to be less than 3 gigs. 11. When prompted, enter the root password I GAVE YOU. YOU MAY NOT EVER CHANGE the root password. Only the professor and the people in your group should know of this password. 12. Most of the rest of the steps are self-explanatory. The installation of the packages will take about half an hour and does not require monitoring. 13. After the packages have been installed, the system will reboot and you'll be asked some additional questions, which are straightforward. You are REQUIRED to set up a user account called "guest" with password "student". This is your public account. 14. Log in using the guest account, bring up a terminal (under applications/system tools) and type "su - root", enter your root password. This is usually what you will do first - become root. 15. IMPORTANT: YOU MUST DISABLE YOUR FIREWALL. We will be learning to set up our own firewalls using the iptables config language. Also, you're already behind the firewall on starbase. To do this, type the following command, as root: service firewalld stop. Note: Ubuntu server does not include a firewall by default, so don't set one up on your own until you understand the consequences of this. 16. Edit the file /etc/resolv.conf - this file should contain the following: search secret.hofstra.edu nameserver 10.1.0.98 nameserver 167.206.112.138 nameserver 167.206.7.4 These list the nameservers properly, and will allow you to refer to other machines on the network such as thincrust, deepdish, starbase, etc... 17. Other post-installation config: there's a lot that can be done after installation. Here are some of the things you should do. Change the "0" in /proc/sys/net/ipv4/ip_forward to "1" You can do this as follows by typing at the command prompt: echo 1 > /proc/sys/net/ipv4/ip_forward You must run these tools as root. To install new software on Fedora, you should use either "up2date" or "yum". Type "yum -y install wireshark wireshark-gnome" to install the wireshark (formerly "ethereal") protocol analyser. Final words: Linux installation has become much easier compared to earlier days, but it still may require you to withstand a good deal of frustration. Be flexible and patient. ----- Remotely accessing your Linux workstation. All external access to the "secret" network is done through the starbase gateway. Starbase has IP address 10.1.0.98 internally and 96.57.41.74 externally. Access to starbase from outside is, however, severely restricted, and you are asked to not share the following information casually. The latest Linux systems all disable telnet - as it's very unsafe. You need to learn to use the "ssh" program. ssh works like telnet. For example, to remotely access your account on husun3, you would type ssh -l username husun3.hofstra.edu Normally, ssh accepts connections to port 22 (every tcp/ip server program is assigned a port number). However, to access your "secret" host you must ssh into a special port on starbase. starbase then redirects this connection to the appropriate "secret" host. The ports are assigned as follows: 10.1.0.1 19001 10.1.0.2 19002 10.1.0.3 19003 ... ... 10.1.0.12 19012 Use the -p option to ssh tells it to connect to a port other than 22. For example, if you want to access 10.1.0.8 from outside Hofstra, do ssh -p 19008 -l root 96.57.41.74 Recall that 96.57.41.74 is the Internet IP address of starbase (do not refer to this host as starbase or 10.1.0.98 from outside of Adams 019!). When using ssh with Fedora, you also need to use the -Y option in order to forward graphics. When you ssh this way, you may get a warning that says "someone may be trying to do something nasty". Nobody is doing anything nasty, so just do "rm ~/.ssh/known_hosts" and try again.