KOHA Install and NIC Problems:

Due to a thunderstorm last night, the Aparajita server's internet connection went down around 7:30 AM because the 3COM NIC connected to the DSL modem went dead, more than likely because of lightening or an electrical surge. Had a similar 3COM NIC as a backup and server came online again after installation, no new configuration was required.
Mr. IM Faisal called to tell me to install the KOHA library interface as the librarians were sitting idle nowadays and needed to finish up entering the the books. Starting KOHA install at 6:27PM as I did not get time all day because of FED computers.

Following the instructions on "Software / lib installs on host "mhkhan"" blog to install KOHA and its dependencies, that blog is dated February 20, 2004.

Downloading and installing the following dependencies first as they are listed in the previous install blog.

perl-Event-0.87-1.noarch.rpm 147766
perl-HTML-Template-2.6-1.noarch.rpm 53067
perl-Mail-Sendmail-0.79-1.noarch.rpm 19818
perl-MARC-Record-1.29-1.noarch.rpm 94703
perl-Net-Z3950-0.34-1.noarch.rpm

Used the following commands to install the dependencies listed above:

perl -MCPAN -e 'install "HTML::Template"'

perl -MCPAN -e 'install "MARC::Record"'

perl -MCPAN -e 'install "Mail::Sendmail"'

perl -MCPAN -e 'install "Event"'

Need to install the "yaz" libraries before installing the last Perl module as it will not install without it.

Downloading Yaz from ftp://ftp.pbone.net/mirror/ftp.nest.pld-linux.org/test/i386/yaz-2.0.15-1.i386.rpm
since the default host references in the KOHA documentation http://www.indexdata.dk/yaz is down at this time.
Getting the devel package also
ftp://ftp.pbone.net/mirror/ftp.pld-linux.org/dists/2.0/PLD/i586/PLD/RPMS/yaz-devel-2.0.4-1.i586.rpm

Installed the yaz client and devel rpm with the --nodeps sqitch as it was failing some dependencies ...


perl -MCPAN -e 'install "Net::Z3950"'


Module installed succesffuly. Installed Webmin as well to start up the MySQL Server and going to restart the KOHA library installation.

Installation compeleted, now going to test the library database on Northstar.

Aparajita lost its internet connection at 8 AM due to a surge in the electrical supply which hung the modem. Resetting the modem did not help and thus the server was rebooted by Shah Alam manually by turning the switch off and then on again after I called at 8:15. It seems that this created a problem with the Apache configuration which prevented it from running after it restarted. The problem was the ssl cache file in /var/cache/mod_ssl/scache. It was not deleted due to an uclean shutdown and I had to manually delete it at which point it started to work ok again. However, it still gives the following error message - something which I'll look into at a later time after creating DISK images from Norton Ghost.

"[Mon May 17 13:19:24 2004] [error] Cannot allocate shared memory: (17)File exists
[Mon May 17 13:20:02 2004] [warn] Init: (aparajita.presidency.edu.bd:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Mon May 17 13:20:02 2004] [notice] Digest: generating secret for digest authentication ...
[Mon May 17 13:20:02 2004] [notice] Digest: done
[Mon May 17 13:20:03 2004] [warn] Init: (aparajita.presidency.edu.bd:443) You configured HTTP(80) on the standard HTTPS(443) port!"

The 40GB Hard Disk Drive on Aparajita has completely failed with the HD showing up as Mactor AXIS C64A as the hd on the BIOS. The Maxtor website and google search showed that when this is displayed by a maxtor drive, it means that the firmware is corrupted and the HD platter damamged due to high temperature. Had backups of the /var/mail/spool, /etc, /var/www, DNS files and BELTA website backup.

Installed ASPLinux 9.0 and starting on rebuilding the entire server.

Issues that need to be addressed immediately:

a) Upgrade SquirrelMail from version 1.2 to the latest version as the configuration file from the production version is 1.4 and is not working with the older version.

b) Configure Postfix to receieve email from the domain
c) Configure the firewall with firestarter and fine tune the squid proxy server again.


Downloaded the latest version(0.9.3) of firestarter from http://firestarter.sourceforge.net/ Installing with the following command:

rpm -Uvh firestarter*rpm

rpm -Uvh firestarter-0.9.3-1.i386.rpm
Preparing... ########################################### [100%]
1:firestarter ########################################### [100%]

Had moved the customized configs to firestarter-original, now deleteing the newly installed ones and putting the customized ones back.

Installed successfully and working now.

Now going to download and install the latest version of the squirrelmail webmail interface.
Installing / upgrading to squirrelmail-1.4.2-1.noarch.rpm since this is the latest one in FC1 RPM format. Installing via the webmin interface on Aparajita. Cannot install, no package for ASPLinux. Downloading the source and doing a rpmbuild -rebuild to rebuild the rpm package so that it can be installed.
Rebuilt Squirrelmail 1.4.2 rpm for ASP Linux and now installing.
Failed dependency, reuires aspell, installing from
ftp://ftp.pbone.net/mirror/ftp.nest.pld-linux.org/test/i386/aspell-0.50.5-1.i386.rpm
RPM packages were not working, manually downloaded aspell 0.50-3 from the GNU website, configure, compiled and installed in /usr/local/bin
Downloaded, compiled and installed the english dictionaries for aspell.
Going on to installing squirrelmail now!
Also upgrading webmin to the latest version while the squirrelmail package is built

Updating the aparajita host DNS Server with faculty SMTP/IMAP/POP access names to classify emails generated by Presidency Faculty.

Securing the aparajita.presidency.edu.bd server from hints at faqs.org/docs/securing.

Will have to run this command on many files, just storing for the time being,

chattr +i /etc/inetd.conf

This will prevent any changes accidental or otherwise to the inetd.conf file. A file with the immutable attribute set i cannot be modified, deleted or renamed, no link can be created to this file and no data can be written to it. The only person that can set or clear this attribute is the super-user root. If you wish later to modify the inetd.conf file you will need to unset the immutable flag: To unset the immutable flag, simply execute the following command:

chattr -i /etc/inetd.conf

# Lookup names via DNS first then fall back to /etc/hosts.
order bind,hosts
# We have machines with multiple IP addresses.
multi on
# Check for IP address spoofing.
nospoof on

Did chattr +i /etc/services to make this file immutable.

Updated the /etc/securetty file to minimize the avaialble terminals for root to login.

Deleted the following user/groups as they are not required for proper system functioning:

[mhkhan@aparajita]# userdel adm
[mhkhan@aparajita]# userdel lp
[mhkhan@aparajita]# userdel sync
[mhkhan@aparajita]# userdel news
[mhkhan@aparajita]# userdel uucp
[mhkhan@aparajita]# userdel gopher
[mhkhan@aparajita]# userdel operator
[mhkhan@aparajita]# groupdel adm
[mhkhan@aparajita]# groupdel lp
[mhkhan@aparajita]# groupdel news
[mhkhan@aparajita]# groupdel uucp
[mhkhan@aparajita]# groupdel dip
[mhkhan@aparajita]# groupdel pppusers
[mhkhan@aparajita]# groupdel slipusers


Adding the following lines in /etc/pam.d/su to restrict the use of "su" to particular users.

# Added by mhkhan on May 04, 2004 to strengthen and restrict su usage and access to root

auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=wheel

# ** end modification - mhkhan

password required /lib/security/pam_cracklib.so

Have to install sXid from ftp://marcus.seva.net/pub/sxid/, going to install on equinox as a test first.

Wrote some scripts to find security holes and mail automatic reports
Updated the /etc/sysctl file to reflect optimisations of the bdflush service, default values saved in text file