ソフト設定忘却録: 2006

LOGを受取るサーバで、下記の設定を追加

ファイアフォールの設定

# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
#Syslogの受信許可
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# service iptables restart

ログの保存先を設定

# vi /etc/syslog.conf

#下記の1行を追加
local6.*                                                /var/log/router.log

ログのローテート設定

# vi /etc/logrotate.d/syslog

#設定追加
・・・・/var/log/cron /var/log/router.log {

外部のSyslog受信許可

# vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-r -m 0"
KLOGD_OPTIONS="-x"

ルータのsyslog出力先変更


> administrator
Password:
# syslog facility local6
#
# save
セーブ中... CONFIG0 終了
#

# /opt/fedora-ds/setup/setup
INFO Begin Setup . . .

LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY
FEDORA(TM) DIRECTORY SERVER

This agreement governs the use of Fedora Directory Server,
Administration Server and Management Console (collectively, the
"SOFTWARE") and any updates to the Software, regardless of the
delivery mechanism.

1. FEDORA DIRECTORY SERVER

1.1 LICENSE GRANT. Fedora Directory Server ("FDS") is a modular
application consisting of hundreds of software components and is a
collective work under U.S. Copyright Law. Subject to the following
terms, Red Hat, Inc. ("RED HAT") grants to the user ("LICENSEE") a
license to this collective work pursuant to the GNU General Public
License. Please note that Administration Server and Management
Console, which are binary-only code used to configure and administer
FDS, are subject to the license terms in Section 2. The end user
license agreement for each component of FDS is located in the
component's source code. The license terms for the components
permit LICENSEE to copy, modify, and redistribute the component, in
both source code and binary code forms. This agreement does not limit
LICENSEE's rights under, or grant LICENSEE rights that supersede, the
license terms of any particular component.

1.2 LICENSE EXCEPTION. In addition, as a special exception, Red Hat
gives LICENSEE the additional right to link the code of FDS with code
not covered under the GNU General Public License ("NON-GPL CODE") and
to distribute linked combinations including the two, subject to the
limitations in this paragraph. Non-GPL Code permitted under this
exception must only link to the code of FDS through those well defined
interfaces identified in that file named EXCEPTION in the source code
files for FDS (the "APPROVED INTERFACES"). The files of Non-GPL Code
may instantiate templates or use macros or inline functions from the
Approved Interfaces without causing the resulting work to be covered
by the GNU General Public License. Only Red Hat may make changes or
additions to the list of Approved Interfaces. LICENSEE must comply
with the GNU General Public License in all respects for all of the FDS
code and other code used in conjunction with FDS except the Non-GPL
Code covered by this exception. If LICENSEE modifies FDS, LICENSEE may
extend this exception to its version of FDS, but LICENSEE is not
obligated to do so. If LICENSEE does not wish to provide this
exception without modification, LICENSEE must delete this exception
statement from LICENSEE's version of FDS and license FDS solely under
the GPL without exception.

1.3 INTELLECTUAL PROPERTY RIGHTS. FDS and each of its components,
including the source code, documentation, appearance, structure and
organization are owned by Red Hat and others and are protected under
copyright and other laws. Title to FDS and any component, or to any
copy, modification, or merged portion shall remain with the
aforementioned, subject to the applicable license.

2. ADMINISTRATION SERVER, AND MANAGEMENT CONSOLE

2.1 LICENSE GRANT. Subject to the provisions of this Section 2.1, Red
Hat hereby grants LICENSEE a non-exclusive, non-transferable,
worldwide, perpetual, fully paid right (without the right to
sublicense) to use, reproduce and distribute Administration Server
("ADMIN SERVER"), and Management Console ("CONSOLE") in executable,
machine-readable form. LICENSEE must reproduce all copyright and
other proprietary notices on such copies. LICENSEE may only reproduce
and distribute Admin Server or Console to another party if the other
party agrees in writing to be obligated by the terms and conditions of
this Section 2.1. Except as provided in this Section 2.1, LICENSEE
may not modify, copy, transfer or otherwise use Admin Server, or
Console, and all licenses granted in this Section 2 are automatically
terminated if LICENSEE does so.

2.2 CHANGE IN LICENSING. It is Red Hat's intent to change the terms
of the license granted in this Section 2 to that of an open source
license. If such change is generally announced to the public,
LICENSEE will have the option to elect to have Admin Server and
Console governed by the terms of such open source license. If
LICENSEE does not make such election, the terms of this Agreement will
continue to govern LICENSEE's use of Admin Server and Console.

3. LIMITED WARRANTY. Except as specifically stated in this Section 3
or a license for a particular component, TO THE MAXIMUM EXTENT
PERMITTED UNDER APPLICABLE LAW, THE SOFTWARE AND THE COMPONENTS ARE
PROVIDED AND LICENSED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESSED
OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY,
NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE. Red Hat does
not warrant that the functions contained in the Software will meet
LICENSEE's requirements or that the operation of the Software will be
entirely error free or appear precisely as described in the
accompanying documentation.

4. LIMITATION OF REMEDIES AND LIABILITY. TO THE MAXIMUM EXTENT
PERMITTED BY APPLICABLE LAW, RED HAT WILL NOT BE LIABLE TO LICENSEE
FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS OR
LOST SAVINGS ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE,
EVEN IF RED HAT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

5. EXPORT CONTROL. As required by U.S. law, LICENSEE represents and
warrants that it: (a) understands that the Software is subject to
export controls under the U.S. Commerce Department's Export
Administration Regulations ("EAR"); (b) is not located in a prohibited
destination country under the EAR or U.S. sanctions regulations
(currently Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria); (c)
will not export, re-export, or transfer the Software to any prohibited
destination, entity, or individual without the necessary export
license(s) or authorizations(s) from the U.S. Government; (d) will
not use or transfer the Software for use in any sensitive nuclear,
chemical or biological weapons, or missile technology end-uses unless
authorized by the U.S. Government by regulation or specific license;
(e) understands and agrees that if it is in the United States and
exports or transfers the Software to eligible end users, it will, as
required by EAR Section 740.17(e), submit semi-annual reports to the
Commerce Department's Bureau of Industry & Security (BIS), which
include the name and address (including country) of each transferee;
and (f) understands that countries other than the United States may
restrict the import, use, or export of encryption products and that it
shall be solely responsible for compliance with any such import, use,
or export restrictions.

6. THIRD PARTY PROGRAMS. Red Hat may distribute third party software
programs with the Software that are not part of the Software. These
third party programs are subject to their own license terms. The
license terms either accompany the programs or can be viewed at
http://www.redhat.com/licenses/. If LICENSEE does not agree to abide
by the applicable license terms for such programs, then LICENSEE may
not install them. If LICENSEE wishes to install the programs on more
than one system or transfer the programs to another party, then
LICENSEE must contact the licensor of the programs.

7. GENERAL. If any provision of this agreement is held to be
unenforceable, that shall not affect the enforceability of the
remaining provisions. This agreement shall be governed by the laws of
the State of North Carolina and of the United States, without regard
to any conflict of laws provisions, except that the United Nations
Convention on the International Sale of Goods shall not apply.

Do you accept the license terms? (yes/no) yes
=======================================================================
Fedora Directory Server 1.0.2
=======================================================================

The Fedora Directory Server is subject to the terms detailed in the
license agreement file called LICENSE.txt.

Late-breaking news and information on the Fedora Directory Server is
available at the following location:

http://directory.fedora.redhat.com

Continue? (yes/no) yes
Fedora Directory Server system tuning analysis version 04-APRIL-2005.

NOTICE : System is i686-unknown-linux2.6.9-42.0.2.EL (1 processor).

WARNING: 293MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system.

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes). This may cause temporary server congestion from lost
client connections.

WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.

Continue? (yes/no) yes

Please select the install mode:
1 - Express - minimal questions
2 - Typical - some customization (default)
3 - Custom - lots of customization

Please select 1, 2, or 3 (default: 2) 2

Hostname to use (default: localhost.localdomain) host.hoge.com

Server user ID to use (default: nobody)

Server group ID to use (default: nobody)

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

Fedora server information is stored in the Fedora configuration
directory server, which you may have already set up. If so, you
should configure this server to be managed by the configuration
server. To do so, the following information about the configuration
server is required: the fully qualified host name of the form
.(e.g. hostname.domain.com), the port number,
the suffix, and the DN and password of a user having permission to
write the configuration information, usually the Fedora
configuration directory administrator.

If you want to install this software as a standalone server, or if you
want this instance to serve as your Fedora configuration directory
server, press Enter.

Do you want to register this software with an existing
Fedora configuration directory server? [No]:no

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

If you already have a directory server you want to use to store your
data, such as user and group information, answer Yes to the following
question. You will be prompted for the host, port, suffix, and bind
DN to use for that directory server.

If you want this directory server to store your data, answer No.

Do you want to use another directory to store your data? [No]: no

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

The standard directory server network port number is 389. However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use, and that you run the admin
server as the superuser.

Directory server network port [389]: 389

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

Each instance of a directory server requires a unique identifier.
Press Enter to accept the default, or type in another name and press
Enter.

Directory server identifier [host]: host

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

Please enter the administrator ID for the Fedora configuration
directory server. This is the ID typically used to log in to the
console. You will also be prompted for the password.

Fedora configuration directory server
administrator ID [admin]: admin
Password: xxxx
Password (again): xxxx

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

The suffix is the root of your directory tree. You may have more than
one suffix.

Suffix [dc=hoge, dc=com]:

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager. Press Enter to
accept the default value, or enter another DN. In either case, you
will be prompted for the password for this user. The password must
be at least 8 characters long.

Directory Manager DN [cn=Directory Manager]:
Password: xxxxx
Password (again): xxxxx

Fedora Project
Directory Installation/Uninstallation
-----------------------------------------------------------------------------------------

The Administration Domain is a part of the configuration directory
server used to store information about Fedora software. If you are
managing multiple software releases at the same time, or managing
information about multiple domains, you may use the Administration
Domain to keep them separate.

If you are not using administrative domains, press Enter to select the
default. Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization responsible
for managing the domain.

Administration Domain [hoge.com]: hoge.com

Fedora Project
Administration Installation/Uninstallation
-----------------------------------------------------------------------------------------

The Administration Server is separate from any of your application
servers since it listens to a different port and access to it is
restricted.

Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run an application server on, rather, select a number which you
will remember and which will not be used for anything else.

The default in brackets was randomly selected from the available
ports on your system. To accept the default, press return.

Administration port [37594]: 37594

Fedora Project
Administration Installation/Uninstallation
-----------------------------------------------------------------------------------------

The Administration Server program runs as a certain user on your
system. This user should be different than the one which your
application servers run as. Only the user you select will be
able to write to your configuration files. If you run the
Administration Server as "root", you will be able to use the Server
Administration screen to start and stop your application servers.

Run Administration Server as [root]:

Fedora Project
Administration Installation/Uninstallation
-----------------------------------------------------------------------------------------

The Administration Server runs on the Apache web server. Please provide the
directory where the Apache binary (httpd or httpd.worker) may be found. The
Administration Server needs an Apache compiled with the worker model.

Apache Directory [/usr/sbin/]:

[slapd-host]: starting up server ...
[slapd-host]: Fedora-Directory/1.0.2 B2006.060.1928
[slapd-host]: host.hoge.com:389 (/opt/fedora-ds/slapd-host)
[slapd-host]:
[slapd-host]: [09/Sep/2006:23:30:36 +0900] - Fedora-Directory/1.0.2 B2006.060.1928 starting up
[slapd-host]: [09/Sep/2006:23:30:44 +0900] - slapd started. Listening on All Interfaces port 389 for LDAP requests
Your new directory server has been started.
Created new Directory Server
Start Slapd Starting Slapd server configuration.
Success Slapd Added Directory Server information to Configuration Server.
Configuring Administration Server...
Setting up Administration Server Instance...
Configuring Administration Tasks in Directory Server...
Configuring Global Parameters in Directory Server...

You can now use the console. Here is the command to use to start the console:
cd /opt/fedora-ds
./startconsole -u admin -a http://host.hoge.com:37594/

INFO Finished with setup, logfile is setup/setup.log
#

ソフト設定忘却録

2006/12/30

GPartedでパーティションサイズ変更

2006/12/03

ルータの syslog管理

2006/10/22

yumリポジトリ（centosplus）

2006/09/09

Fedora-DS のインストール

2006/09/01

<CEntOS>yumリポジトリ（Java関連パッケージ）

<CEntOS>DAG：yum追加リポジトリ

2006/08/27

リバースプロキシpound

MySQL4 ダンプしてデータ移行

ディスク消去方法

ハードディスク消去

shred -n 2 -v /dev/hda

ブログアーカイブ