Difference between revisions of "ASL installation"
m |
m |
||
Line 1: | Line 1: | ||
− | |||
== '''Before You Start''' == | == '''Before You Start''' == | ||
Line 41: | Line 40: | ||
Follow the instructions in the installer being sure to answer the configuration questions appropriately for your system. Once the installation is complete you will need to reboot your system to boot into the new hardened kernel that comes with ASL. You do not have to use this kernel to enjoy the other features of ASL, but we recommend you use the hardened kernel as it includes many additional security features that found in your system. | Follow the instructions in the installer being sure to answer the configuration questions appropriately for your system. Once the installation is complete you will need to reboot your system to boot into the new hardened kernel that comes with ASL. You do not have to use this kernel to enjoy the other features of ASL, but we recommend you use the hardened kernel as it includes many additional security features that found in your system. | ||
− | == | + | == Post-Installation Quickstart/Configuration == |
− | + | 1) Configure ASL | |
− | + | asl -c | |
− | 2) | + | 2) Scan the system for vulnerabilities, malware and other security issues. |
− | + | asl -s | |
− | + | ||
− | + | ||
− | 3) | + | 3) Scan the system for vulnerabilities, malware and other security issues and have ASL fix the system. |
− | + | asl -s -f | |
− | + | ||
− | + | ||
== '''Testing the Kernel''' == | == '''Testing the Kernel''' == | ||
Line 136: | Line 131: | ||
6) type lilo. Then reboot. | 6) type lilo. Then reboot. | ||
− | |||
− | + | == '''manual installation''' (Not Recommended or Supported) == | |
− | + | ||
+ | This method of installation is not supported. If the automated installer is not working for your system please notify our support team and we will be happy to fix the issue for you. | ||
− | + | 1) vim /etc/yum.repos.d/asl.repo | |
− | + | ||
− | + | 2) add the following: | |
− | + | ||
+ | [asl-2.0] | ||
+ | name=ASL 2.0 | ||
+ | baseurl=http://USERNAME:PASSWORD@atomicorp.com/channels/asl-2.0/DISTRO/$releasever/$basearch | ||
+ | |||
+ | 3) replace DISTRO with fedora, centos, redhat, and USERNAME/PASSWORD with your username and password from the signup page | ||
+ | |||
+ | 4) yum install asl | ||
+ | |||
+ | 5) asl -c |
Revision as of 13:43, 28 January 2009
Contents |
Before You Start
Dedicated systems will be using the ASL hardened kernel. Depending on the distribution you are running, this can involve changes in the names of core modules on the system involved with SATA, SCSI, and Network card modules.
Known issues:
1and1 network card module name changes
Vmware SCSI emulation name changes
1and1 Checklist for /etc/modules.conf or /etc/modprobe.conf
Step 1) Enumerate hardware with /sbin/lspci
Step 2) Check network cards,
Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] was
alias eth0 8139too
change to
alias eth0 via-rhine
Step 3) Check SATA modules
<PENDING>
Note for SELinux environments
SELinux policies can interfere with RPM updates. This manifests in mysterious failures in %pre and %post macros (confirmed on RHEL4). Disable SELinux if you encounter any issues of this nature by setting selinux=0 in the kernel boot parameters. setenable 0, and disabling SELinux with sysctl have thus far proved ineffective.
automated installer:
wget -q -O - http://www.atomicorp.com/installers/asl |sh
Or via SSL:
wget -q -O - https://www.atomicorp.com/installers/asl |sh
Follow the instructions in the installer being sure to answer the configuration questions appropriately for your system. Once the installation is complete you will need to reboot your system to boot into the new hardened kernel that comes with ASL. You do not have to use this kernel to enjoy the other features of ASL, but we recommend you use the hardened kernel as it includes many additional security features that found in your system.
Post-Installation Quickstart/Configuration
1) Configure ASL
asl -c
2) Scan the system for vulnerabilities, malware and other security issues.
asl -s
3) Scan the system for vulnerabilities, malware and other security issues and have ASL fix the system.
asl -s -f
Testing the Kernel
Grub Users
1) Once the Atomic kernel is installed, determine which position the Atomic kernel has been installed.
Example:
[root@ac3 ~]# cat /etc/grub.conf
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda3 # initrd /initrd-version.img #boot=/dev/hda default=1 timeout=5 serial --unit=0 --speed=57600 terminal --timeout=5 serial console title CentOS (2.6.17-1.art) root (hd0,0) kernel /vmlinuz-2.6.17-1.art ro root=LABEL=/ console=ttyS0,57600n8 selinux=0 initrd /initrd-2.6.17-1.art.img title CentOS (2.6.9-34.0.2.ELsmp) root (hd0,0) kernel /vmlinuz-2.6.9-34.0.2.ELsmp ro root=LABEL=/ console=ttyS0,57600n8 initrd /initrd-2.6.9-34.0.2.ELsmp.img
Note the line: default=1, this indicates the kernel the system will boot by default, starting at position 0. Position 0 is "title CentOS (2.6.17-1.art)", and position 1 is "title CentOS (2.6.9-34.0.2.ELsmp)" in this example, indicating the system is configured to boot into the default CentOS kernel.
2) Type: grub
the following will be displayed:
GNU GRUB version 0.97 (640K lower / 3072K upper memory) [ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB lists the possible completions of a device/filename.] grub>
3) At the grub prompt set the default kernel to 0, and to only boot once with the following:
grub> savedefault --default=0 --once
4) type: quit
5) reboot the system. If for some reason the kernel does not work with the Atomic kernel, or is otherwise non-responsive, powercycling the system will restore the system to the default kernel.
Lilo Users
1) The art kernel should be listed in /boot - for example:
/boot/vmlinuz-2.6.19-7.art
2) Create a symbolic link to this:
ln -s /boot/vmlinuz-2.6.19-7.art /boot/vmlinuz-art
3) edit /etc/lilo.conf to add a section for the art kernel. Eg:
image=/boot/vmlinuz-art label=lxart append="console=tty0 console=ttyS0,57600 panic=30"
4) Type: lilo to make the change permanent. Then to test that you can boot into the new kernel do
lilo -v -v lilo -R lxart shutdown -r now
5) When it's rebooted, doing a uname -r should show the new art kernel. Now you can make it permanent. Edit /etc/lilo.conf so that it has the line:
default=lxart
6) type lilo. Then reboot.
manual installation (Not Recommended or Supported)
This method of installation is not supported. If the automated installer is not working for your system please notify our support team and we will be happy to fix the issue for you.
1) vim /etc/yum.repos.d/asl.repo
2) add the following:
[asl-2.0] name=ASL 2.0 baseurl=http://USERNAME:PASSWORD@atomicorp.com/channels/asl-2.0/DISTRO/$releasever/$basearch
3) replace DISTRO with fedora, centos, redhat, and USERNAME/PASSWORD with your username and password from the signup page
4) yum install asl
5) asl -c