Red Hat & Linode QuickStart

Linode Staff

This quickstart was provided by "kenny" – the origional document is available here: http://muspellsheim.net/~kenny/linode/r … start.html">http://muspellsheim.net/~kenny/linode/redhat_quickstart.html


Warning - this information is only valid for the RedHat Linux OS. I know for a fact that the below (OpenSSH section, maybe others) will have a harmful effect on other distributions.

OpenSSH keys

The Redhat Image that was loaded onto your linode came with precreated SSH keys. In order for SSH to be secure, these keys need to be secret, for this you need to create new keys. Enter the below onto the commandline.

/etc/init.d/sshd stop &&
rm -f /etc/ssh/*_key* &&
/etc/init.d/sshd start 

OpenSSH should have restarted and created new keys in the process. Connect to your linode, your ssh client should warn you that the key has changed.

Cron Output

Unless you are hosting mail or planning on checking your mail on your linode, you will probably want the output of your cron jobs mailed to a different email address. You can change the address with the MAILTO environment variable inside a crontab. If you are working with a user's crontab, that can be done by simply adding a MAILTO=you@example.com at the top of the crontab. To change the address for the system's crontabs, open /etc/crontab in an editor (if you are not sure what editor to use, try pico by typing "pico /etc/crontab"). Now change the MAILTO to your email address. It should look something like:

MAILTO=you@example.com

Cron's Schedule

Redhat comes with certain cron jobs scheduled to run hourly, daily, weekly, or monthly. These cron jobs are used for maintance, rotating logs, etc. The problem is that your linode is sharing a physical machine with other linodes that probably run the same jobs at the same times. This will result in a heavy load on the machine when every linode runs its daily jobs at the same time. Since you don't want to overload the machine anymore then you have to, plus you want your jobs to run faster :), you should change the time that your hourly, daily, etc jobs run. Open /etc/crontab again (see above for directions). You should see something like the below. The first column is the minute, the second is the hour that the job is ran.

01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly 

You should change the minutes and hours to something else, such as:

09 * * * * root run-parts /etc/cron.hourly
19 0 * * * root run-parts /etc/cron.daily
39 1 * * 0 root run-parts /etc/cron.weekly
49 2 1 * * root run-parts /etc/cron.monthly 

Of course if everyone used the above, the problem would still exist. Make up your own times.

Disable ECN

ECN (Explicit Congestion Notification) is enabled by default on same kernels. As you probably won't be using your linode as a router, it is a good idea to disable it. Leaving the option enabled will mean that your linode will not be able to communicate with systems behind older routes that do not understand ECN. To disable upon bootup, edit /etc/rc.d/rc.local and add the following line.

echo 0 > /proc/sys/net/ipv4/tcp_ecn

RedHat Updates

Keeping your server up to date is important. Lets do that.

#Download rhupdate
wget http://www.jjminer.org/rhupdate/rhupdate-1.10-beta-1.102.tar.gz
#Unpack it
tar -zxf rhupdate-1.10-beta-1.102.tar.gz &&
cd rhupdate-1.10-beta-1.102
#Configure and install it
./configure &&
make install
#Download available updates
mkdir /tmp/updates &&
rhupdate --download /tmp/updates

Unless the download failed (if it did try again later), you should now have all of the available updates for your redhat server downloaded into /tmp/updates. As it is a good practice to pay attention to what packages are being updated, it's up to you to install them.

Misc.

The RedHat image came with Apache certificates prebuilt, however I don't consider this that big of an issue. If you are planning on using Apache over HTTPS you'll need to get your own certificates anyways.

2 Replies

Anyone know if this info is still valid (and recommended) for Fedora.

I'd guess it is, but don't want to assume TOO much…

thanks

  • j

@wazdog:

Anyone know if this info is still valid (and recommended) for Fedora.

I'd guess it is, but don't want to assume TOO much…

thanks

  • j

Although I haven't used Fedora, I know that Chris changed the images for RedHat and Debian (thus I'd assume Fedora too) so that you no longer have to recreate your SSH keys, change the schedule for cron, or disable ecn (i think).. which only leaves changing you cron output if you want and updating (check up2date).

short answer: it's done for you

Kenny

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct