Can you give me steps for virgin RHEL5 install?

am commissioning a ServerBeach self-managed 64-bit x86 box.

its primary role in life is to serve 3 web domains using Apache, PHP and MySQL; two of the domains include SSL-secured shopping carts. in the near term, it will have to handle email services, though I eventually hope to hand that off to Google.

minutes from now, it will have a fresh reload of a RHEL5-without-Plesk image, on a virgin-formatted drive.

am 'Nix admin newbie but a) quick learner and b) highly-motivated! I’d like to know:

a) can you confirm this is a supported hw/OS configuration?
(from reading forums etc., am expecting answer "yes"!)

b) what are the specific steps I must take to install VM Pro & WM, immediately after I have logged in and done su - to gain root privs? please include where payment fits in the process…

c) can you give me any pointers to a reasonably current set of Next Steps/best practices I can use to reasonably secure the box, once VM/WM are in place?

many thanks!

Adrian
Adrian Russell-Falla

a) can you confirm this is a supported hw/OS configuration? (from reading forums etc., am expecting answer "yes"!)

Yes!

b) what are the specific steps I must take to install VM Pro & WM, immediately after I have logged in and done su - to gain root privs? please include where payment fits in the process...

Be sure you know what you want to name your server–it can always be changed later, but it’s easiest to set it in advance. It needs to be a fully qualified domain name. I’d go for something of the form ns1.virtualmin.com or master.virtualmin.com or something that isn’t the name of one of the domains you’ll be hosting on the system (e.g. don’t call it just “virtualmin.com”). This name will usually be what shows up in mail headers and it’ll be the default name server for DNS records. You may want to set this in advance of the install, since our install script will only stop to ask you about it if the system does not have a fully qualified domain name.

Buy whichever Virtualmin license is suitable for your needs in the store: http://www.virtualmin.com/shop/page,shop.browse/category_id,1/

Browse to http://www.virtualmin.com/serial/

Select the line beginning with “wget” under your license, copy it, and paste it into the root terminal on your system. Make sure you get the whole thing, as every piece is important…and make sure that when you paste it it doesn’t cut it into two lines as it won’t work that way.

Hit "Enter"

Answer the one question it asks you ("Are you sure?"), and wait a while. Watch for errors.

We’ve had reports of OS mis-detection on some variants of RHEL. If that happens, file a ticket, and we’ll get it corrected quickly. I’m not sure why this just started happening…I guess RH changed their version string format a bit in thet latest version.

c) can you give me any pointers to a reasonably current set of Next Steps/best practices I can use to reasonably secure the box, once VM/WM are in place?

Joe’s three steps to unbeatable security:

  1. Strong passwords. 8+ chars, including numbers, letters, and symbols. No dictionary words.

  2. Update your software religiously. yum update is the ticket. Virtualmin also has multiple tools to help you keep your system up to date…we use yum for all packages on RHEL, so a yum update gets everything from RH and from us.

  3. Don’t run anything you don’t need. If you aren’t sure what a service is for, google it or ask us. If you don’t need it, shut it down.

That’ll put you ahead of about 90% of systems on the net (sad, I know).

There are lots of other discussions on the forums here about various security techniques and tactics. Mostly pretty good advice from folks who’ve been managing servers for a long time.

Joe,

thanks for the prompt, clear & helpful answer!

I especially appreciate the pragmatic FQDN recommendation, way upfront.

won’t have any problems with the Joe’s 3 Steps; those are long-established personal standard practice, on all sorts of machines.

[well, aside from a big preference for using public key authentication/encryption as fast as I can get it set up.]

best,

Adrian
Adrian Russell-Falla

Joe,

I’m hoping this same install recipe works when the new RHEL5 OS actually shows up with Webmin installed… 'cos that’s how ServerBeach has set it up, it turns out.

best,

Adrian
Adrian Russell-Falla