Redhat installation

This page is a collection of issues, notes and other comments regarding to the installation of the SURFids RPM's on a Redhat server.

Firewall

RHEL5 seems to come with a standard default iptables firewall. Some rules have to be added for the SURFids to work properly.

Logging server

/sbin/iptables -I RH-Firewall-1-INPUT -p tcp --dport 80 -d 192.168.1.10 -j ACCEPT

Tunnel server

/sbin/iptables -I RH-Firewall-1-INPUT -p tcp --dport 1194 -d 192.168.1.10 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp --dport 4443 -d 192.168.1.10 -j ACCEPT

SElinux

Another component that is important to configure properly is SElinux.

Logging server

/usr/sbin/setsebool httpd_can_network_connect_db on

Tunnel server

/usr/sbin/semanage port -a -t http_port_t -p tcp 4443
chcon -t httpd_sys_content_t '/opt/surfnetids/genkeys/sign_certificate.sh'
chcon -t httpd_sys_content_t '/opt/surfnetids/genkeys/generate_certificate.sh'
chcon -t httpd_sys_content_t '/opt/surfnetids/genkeys/build-key'
chcon -t httpd_sys_content_t '/opt/surfnetids/genkeys/sign-req'
chcon -t httpd_sys_content_t '/opt/surfnetids/clientkeys/'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/serial'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/serial.old'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/index.txt'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/index.txt.old'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/index.txt.attr'
chcon -t httpd_sys_content_t '/opt/surfnetids/serverkeys/index.txt.attr.old'

Packages

There were some packages that weren't in the standard repository that were needed. Here's a list of the packages which were manually installed.

Logging server

perl-Convert-BinHex-1.119-2.2.el5.rf.noarch.rpm
perl-Mail-POP3Client-2.18-1.el5.rf.noarch.rpm
perl-MIME-tools-5.425-1.el5.test.noarch.rpm
perl-GnuPG-0.09-1.2.el5.rf.noarch.rpm
perl-MailTools-2.04-1.el5.rf.noarch.rpm
perl-TimeDate-1.16-3_2.0.el5.noarch.rpm
perl-IO-stringy-2.110-3.el5.pp.noarch.rpm
perl-MIME-Lite-3.021-1.el5.rf.noarch.rpm
pgdg-redhat-8.3-6.noarch.rpm
php-pecl-json-1.2.1-4.el5.noarch.rpm

The default repository only has PostgreSQL 8.1, so we need to add a new repository for PostgreSQL 8.3.

The pgdg package comes from this page. This package installs the pgdg repository for Yum including the necessary gpg keys. After that, you can use Yum to install PostgreSQL 8.3.

Tunnel server

lzo2-2.02-3.el5.rf.i386.rpm
perl-NetPacket-0.04-1.2.el5.rf.noarch.rpm
perl-rrdtool-1.3.9-1.el5.pp.i386.rpm
openvpn-2.0.9-1.el5.rf.i386.rpm
perl-Net-Pcap-0.12-1.el5.rf.i386.rpm
rrdtool-1.3.9-1.el5.pp.i386.rpm
perl-IO-Interface-1.04-1.el5.rf.i386.rpm
perl-Net-PcapUtils-0.01-1.2.el5.rf.noarch.rpm

There was no package available for the perl modues Net::DHCP::Packet and Net::DHCP::Constants. These modules will need to be installed with the use of cpan. After that you will have to use –nodeps with rpm to install the tunnel package.

 
kb/redhat.txt · Last modified: 2012/07/12 11:27 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki