Difference between revisions of "ASL installation"

From Atomicorp Wiki
Jump to: navigation, search
m
m
Line 1: Line 1:
 
  
 
== '''Before You Start''' ==
 
== '''Before You Start''' ==
Line 41: Line 40:
 
Follow the instructions in the installer being sure to answer the configuration questions appropriately for your system.  Once the installation is complete you will need to reboot your system to boot into the new hardened kernel that comes with ASL.  You do not have to use this kernel to enjoy the other features of ASL, but we recommend you use the hardened kernel as it includes many additional security features that found in your system.
 
Follow the instructions in the installer being sure to answer the configuration questions appropriately for your system.  Once the installation is complete you will need to reboot your system to boot into the new hardened kernel that comes with ASL.  You do not have to use this kernel to enjoy the other features of ASL, but we recommend you use the hardened kernel as it includes many additional security features that found in your system.
  
== '''manual installation''' (Not Recommended or Supported) ==
+
== Post-Installation Quickstart/Configuration ==
  
This method of installation is not supported.  If the automated installer is not working for your system please notify our support team and we will be happy to fix the issue for you.
+
1) Configure ASL
  
1) vim /etc/yum.repos.d/asl.repo
+
  asl -c
  
2) add the following:
+
2) Scan the system for vulnerabilities, malware and other security issues.
  
[asl-2.0]
+
  asl -s
name=ASL 2.0
+
baseurl=http://USERNAME:PASSWORD@atomicorp.com/channels/asl-2.0/DISTRO/$releasever/$basearch
+
  
3) replace DISTRO with fedora, centos, redhat, and USERNAME/PASSWORD with your username and password from the signup page
+
3) Scan the system for vulnerabilities, malware and other security issues and have ASL fix the system.
  
4) yum install asl
+
  asl -s -f
 
+
5) asl -c
+
  
 
== '''Testing the Kernel''' ==
 
== '''Testing the Kernel''' ==
Line 136: Line 131:
 
6) type lilo. Then reboot.
 
6) type lilo. Then reboot.
  
== Post-Installation Quickstart/Configuration ==
 
  
1) Configure ASL
+
== '''manual installation''' (Not Recommended or Supported) ==
  asl -c
+
  
 +
This method of installation is not supported.  If the automated installer is not working for your system please notify our support team and we will be happy to fix the issue for you.
  
2) Scan the system
+
1) vim /etc/yum.repos.d/asl.repo
  asl -s
+
  
3) Fix the system
+
2) add the following:
  asl -s -f
+
 
 +
[asl-2.0]
 +
name=ASL 2.0
 +
baseurl=http://USERNAME:PASSWORD@atomicorp.com/channels/asl-2.0/DISTRO/$releasever/$basearch
 +
 
 +
3) replace DISTRO with fedora, centos, redhat, and USERNAME/PASSWORD with your username and password from the signup page
 +
 
 +
4) yum install asl
 +
 
 +
5) asl -c

Revision as of 13:43, 28 January 2009

Contents

Before You Start

Dedicated systems will be using the ASL hardened kernel. Depending on the distribution you are running, this can involve changes in the names of core modules on the system involved with SATA, SCSI, and Network card modules.

Known issues:

1and1 network card module name changes

Vmware SCSI emulation name changes


1and1 Checklist for /etc/modules.conf or /etc/modprobe.conf

Step 1) Enumerate hardware with /sbin/lspci

Step 2) Check network cards,

Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] was

 alias eth0 8139too

change to

 alias eth0 via-rhine

Step 3) Check SATA modules

 <PENDING>

Note for SELinux environments

SELinux policies can interfere with RPM updates. This manifests in mysterious failures in %pre and %post macros (confirmed on RHEL4). Disable SELinux if you encounter any issues of this nature by setting selinux=0 in the kernel boot parameters. setenable 0, and disabling SELinux with sysctl have thus far proved ineffective.

automated installer:

wget -q -O - http://www.atomicorp.com/installers/asl |sh

Or via SSL:

wget -q -O - https://www.atomicorp.com/installers/asl |sh

Follow the instructions in the installer being sure to answer the configuration questions appropriately for your system. Once the installation is complete you will need to reboot your system to boot into the new hardened kernel that comes with ASL. You do not have to use this kernel to enjoy the other features of ASL, but we recommend you use the hardened kernel as it includes many additional security features that found in your system.

Post-Installation Quickstart/Configuration

1) Configure ASL

 asl -c

2) Scan the system for vulnerabilities, malware and other security issues.

 asl -s

3) Scan the system for vulnerabilities, malware and other security issues and have ASL fix the system.

 asl -s -f

Testing the Kernel

Grub Users

1) Once the Atomic kernel is installed, determine which position the Atomic kernel has been installed.

Example:

[root@ac3 ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/hda3
#          initrd /initrd-version.img
#boot=/dev/hda
default=1
timeout=5
serial --unit=0 --speed=57600
terminal --timeout=5 serial console
title CentOS (2.6.17-1.art)
       root (hd0,0)
       kernel /vmlinuz-2.6.17-1.art ro root=LABEL=/ console=ttyS0,57600n8 selinux=0
       initrd /initrd-2.6.17-1.art.img
title CentOS (2.6.9-34.0.2.ELsmp)
       root (hd0,0)
       kernel /vmlinuz-2.6.9-34.0.2.ELsmp ro root=LABEL=/ console=ttyS0,57600n8
       initrd /initrd-2.6.9-34.0.2.ELsmp.img

Note the line: default=1, this indicates the kernel the system will boot by default, starting at position 0. Position 0 is "title CentOS (2.6.17-1.art)", and position 1 is "title CentOS (2.6.9-34.0.2.ELsmp)" in this example, indicating the system is configured to boot into the default CentOS kernel.

2) Type: grub

the following will be displayed:

GNU GRUB  version 0.97  (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported.  For the first word, TAB
  lists possible command completions.  Anywhere else TAB lists the possible
  completions of a device/filename.]
grub>

3) At the grub prompt set the default kernel to 0, and to only boot once with the following:

grub> savedefault --default=0 --once

4) type: quit

5) reboot the system. If for some reason the kernel does not work with the Atomic kernel, or is otherwise non-responsive, powercycling the system will restore the system to the default kernel.

Lilo Users

1) The art kernel should be listed in /boot - for example:

       /boot/vmlinuz-2.6.19-7.art

2) Create a symbolic link to this:

       ln -s  /boot/vmlinuz-2.6.19-7.art   /boot/vmlinuz-art

3) edit /etc/lilo.conf to add a section for the art kernel. Eg:

       image=/boot/vmlinuz-art
       label=lxart
       append="console=tty0 console=ttyS0,57600 panic=30"

4) Type: lilo to make the change permanent. Then to test that you can boot into the new kernel do

      lilo -v -v
      lilo -R lxart
      shutdown -r now

5) When it's rebooted, doing a uname -r should show the new art kernel. Now you can make it permanent. Edit /etc/lilo.conf so that it has the line:

      default=lxart

6) type lilo. Then reboot.


manual installation (Not Recommended or Supported)

This method of installation is not supported. If the automated installer is not working for your system please notify our support team and we will be happy to fix the issue for you.

1) vim /etc/yum.repos.d/asl.repo

2) add the following:

[asl-2.0]
name=ASL 2.0
baseurl=http://USERNAME:PASSWORD@atomicorp.com/channels/asl-2.0/DISTRO/$releasever/$basearch

3) replace DISTRO with fedora, centos, redhat, and USERNAME/PASSWORD with your username and password from the signup page

4) yum install asl

5) asl -c

Personal tools