I assume if you are setting up a Linux server, there must be a purpose, a new service you need to deploy, you want to learn it, you want to test it etc.
Once you have successfully installed your Red Hat/Centos server, there are few things you need to set, and think ahead.
I recommend
before you set to install your new server to take some time to think it
through.
There are
some questions you need to think about, some of them below:
Note: By no means is this a
comprehensive list, it is just some ideas.
1.
What is the purpose of the (new) server?
·
Test,
Production, learning
2.
What application the (new) server will host?
·
Web, DNS,
FTP, Mail, Custom app
3.
Will the server face the Internet?
·
web app, DNS
4.
How will it be exposed to the Internet?
a.
Directly (with a Public IP)
Via
a proxy (Behind a proxy sock or similar)
b.
Behind a physical Firewall (Juniper, Cisco)
Being NATted
c.
Positioning of the server on your network (LAN v
DMZ)
Note:
If your server needs to face the Internet, I think it is a good idea to isolate
it from the LAN.
5.
What Partition layout and how big each should be
I think it is always a good idea to
separate the following File Systems:
/boot
– normally 100MB – you can give more if you want to
/tmp
- depending on the system 2GB is a good starting point
/swap
– depending how much memory you have etc.
Note:
Some guys like giving twice the RAM memory size. If you have enough
Memory you will
not need to worry about /swap too much
/var
– a good starting point is 5GB
/home
– depending if you will be hosting users and what your users will be doing
/usr
– 5-10GB is ok (it all depends, how the server will be used, where the
Application
will be installed etc.
/ (the root file
system is very important not to run out of space here.
Note:
Depending on the server’s role, the level of security you need to apply to
certain partitions differ. i.e /tmp need extra care if you have web
applications.
6.
What services should be left running
I am in favour of, if the service is not needed,
then it should not be enabled.
This is a good practice, for stability and
security.
7.
What IP address will be assigned to the server
If your ISP provided you with a single Public IP,
then you have no choice. If you on the other hand you will be protecting the
server behind a Firewall. Just plan it, use private IPs.
Place the server in a different sub-net; I tend to
use 192.168.0.0/24 or 172.16.0.0/24.
Split the range into separate blocks, assign blocks
to different servers and services. For example: 192.168.1.1-10 to web servers,
192.168.11-30 to database servers etc.
8.
What name to give the server
There are many ways to create a name convention
9.
What Name servers to use
10.
The Default Gateway to access the Internet
11.
If you need to keep DATE/TIME in sync
I think I
covered most things, but there is many more, depending how secure and reliable
you want your server to be.
I start
setting up the server name, see below:
Set Hostname
# cd /etc
# vi hosts
192.168.1.34
centos63 centos63.adlinux.int
# vi /etc/sysconfig/network (this is
where you set the server name and the default gateway)
NETWORKING=yes
HOSTNAME=centos63.adlinux.int
GATEWAY=192.168.1.1
Set IP address
# vi
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR=192.168.1.34
NETMASK=255.255.255.0
Set Name servers
# vi /etc/resolv.conf
domain adlinux.int
search adlinux.int
nameserver 192.168.1.22
Just reboot
your Linux server and all the changes will take affect at boot time.
There are
many files which need to be set; it all depends on the role, of the server as already
pointed out above. The configuration above is just the basic network
configuration to get you up and running.
Don’t forget
to plan, think it through, break it down into smaller tasks and take note of
your plan, document it well otherwise when you need to revisit the
configuration, you may not remember the reasons for setting things up the way
you did.
Advice:
1.
Planning
2.
Documentation
3.
Backup
4.
Roll back
Hope you
enjoy it.
By Renato de
Oliveira
No comments:
Post a Comment