Things need to be fixed after installing Linux
Things need to be fixed after installing - Slackware 3.1
Original of this document is at
http://www.corbina.net/~ppinpro/alx/slackware-3.1.fix.html
For the old beast you 'll need at least this (read
ftp.cdrom.com/pub/Linux/distributions/Slackware/Slackware-3.1/ChangeLog.txt for things what I've missed):
1.rm /usr/bin/sendmail and install something more secure in place
2.rm /usr/bin/ncftp and install more appropriate version than 1.xx (in which rubbish pile
Patrick found it?)
3.or do same thing with regular ftp client - at least, it may be compiled with libreadline (you 'll need
libreadline sources for this and also for ncftp)
4.replace /bin/mount, /bin/smbmount, /bin/smbumount or remove setuid bit
5.remove setuid from /usr/X11/bin/SuperProbe
6.replace misconfigured /usr/sbin/wu.ftpd with patched version
7.replace lpd stuff with LPRng (you may find it on ftp.cdrom.com in 'patches' for 3.1, if it not already
included in your version)
8.replace outdated proc-ps package by proc-101 suite
9.if you are 'lucky' owner of the very early version, go to /dev, ls tty[0-9]* and rm all that curiosity
'block' tty's. Create enough number of normal ttys with mknod /dev/ttyNN 4 NN
10.modify permissions on /dev/null (to 666), /dev/zero (the same), /dev/tty (at least 662)
11.find latest sources for ld.so, make and install - it contains security bug and misses dlfcn.h (Don't
try to use anything except for this include file from 'official' ldso.tgs patch, or you 'll got also
"massive filesystem corruption problems" as free bonus - seems like it compiled with wrong gcc
version)
12.find latest sources for gdbm library and install gdbm.h from it
13.rm /usr/sbin/pppd-2.1 and /usr/sbin/pppd (it just wastes space), rename /usr/sbin/pppd-2.2 to
pppd
14.consider about removing /usr/sbin/ppp-on|off |on-dialer - this is the complete shit and this scripts
are bad even as examples
(you may look here for some better secured dialing scripts or look for diald daemon and forget it all)
15.(optional) grab pppd-2.0.0f sources and remake pppd and chat. Slackware version had strange
syslog facility - I can't figure it for chat (just not logged anything on my system) and don't like
'daemon' facility for pppd - it runs too often and 'll quickly fill logfiles with unwanted messages.
(And it logs to 'local2' on many commercial unices, why not to do same on linux?)
16.go to /etc/securetty and remove all, except for first six virtual consoles
17.rm /usr/sbin/in.telnetsnoopd - snooping is the bad thing, if you want to know. (May be you will
prefer to know what it have security hole? Not bad for such kind of software :)
18.enjoy...
It must be enough to work, but I also like to
mv /etc/rc.d/rc.cdrom to /etc/rc.d/rc.nocdrom (it should stop this
boring CD mounting on system startup - newer versions of this
distributive already do this, but seems likely all
CD's created with much earlier version) into /etc/fstab something like
/dev/cdrom /cdrom iso9660 noauto,user,ro,exec,nosuid,nodev 0 0
What to fix in just installed linux
From: olli@vgsn.glasnet.ru
Date: 12 Feb 1999
Here is my script I use to fix something in Red Hat after installation.
your comments are welcome.
#!/bin/sh
# This is an update script . It should update my linux configuration
# files from backup.
# It perform next steps:
# 0) If any arguments are given - print help.
# 1) Ask user should it proceed
# 2) make shure that all commands inside it are avaliable.
# 3) ask user what to do when errors (stop|continue|retry)
# ) Print possible choices & descriptions & ask 4 user choice:
# ) prompt for all files or assume yes on overwriting & creating
# ) should it be quet or verbose
# ) what user should be oner of updated files?
# (same UID:GUID or current user or any existing user)
# ) Make shure that it has enough privilegies to do such chown.
# ) Ask what to do if insufficient ----"----- (stop|continue|retry)
#
# 4) Ask user should it install additional packets.
###############################################################################
#echo "making mount points.."
#mkdir /dsk
#mkdir /dsk/hda1
#mkdir /dsk/hda2
#mkdir /dsk/hda3
#mkdir /dsk/hda4
#mkdir /dsk/hda5
#mkdir /dsk/hda6
#mkdir /dsk/hda7
#mkdir /dsk/hda8
#mkdir /dsk/cd
#mkdir /dsk/hdb1
#mkdir /dsk/hdb2
#mkdir /dsk/hdb3
#mkdir /dsk/hdb4
#mkdir /dsk/hdb5
#mkdir /dsk/hdb6
#mkdir /dsk/hdb7
#mkdir /dsk/hdb8
#mkdir /dsk/hdc1
#mkdir /dsk/hdc2
#mkdir /dsk/hdc3
#mkdir /dsk/hdc4
#mkdir /dsk/hdc5
#mkdir /dsk/hdc6
#mkdir /dsk/hdc7
#mkdir /dsk/hdc8
echo "Making inbound dir.."
mkdir /inbound
chmod 700 /inbound
echo "making ~/bin.."
mkdir /root/bin
echo "Done."
echo "Making additional device files. Beware that 4 work kernel need 2 B reconfigured. "
echo "Making watchdog device file "
echo "(U need enable watchdog support in the kernel to use this future.)"
mknod /dev/watchdog c 10 130
echo "Making network-route device file "
echo "(U need to enable network-routing messsages support in the kernel to use this future.)"
mknod /dev/route c 36 0
mknod /dev/rtc c 10 135
echo "Updating Ur modem configuration."
echo "Run minicom to dial,minicom -s to configure Ur modem"
echo "Making modem device file.."
#mknod /dev/modem c 5 64
ln -s /dev/ttyS0 /dev/modem
mkdir /root/modem ; mkdir /root/modem/inbound ; mkdir /root/modem/outbound
mkdir /root/modem/script
echo "Updating Ur aliases & startup files."
echo -e "\n#Thees lines are added by update script:\n" >> /root/.bashrc
echo -e "alias mail='mail -v'" >> /root/.bashrc
echo -e "alias mail='mail -v'" >> /etc/skel/.bashrc
echo -e "alias ls='ls -akFAqL --color=auto'\n" >> /root/.bashrc
echo -e "alias ls='ls -akFAqL --color=auto'\n" >> /etc/skel/.bashrc
echo -e "alias ps='ps aux | less'" >> /root/.bashrc
echo -e "alias ps='ps aux | less'" >> /etc/skel/.bashrc
echo -e "alias mc='mc -c'" >> /root/.bashrc
echo -e "alias df='df -h'" >> /root/.bashrc
echo -e "alias df='df -h'" >> /etc/skel/.bashrc
echo -e "alias man='man -a'" >> /root/.bashrc
echo -e "alias man='man -a'" >> /etc/skel/.bashrc
echo -e "alias cls='clear'" >> /etc/skel/.bashrc
echo -e "alias cls='clear'" >> /root/.bashrc
echo -e "alias startx='startx & logout'" >> /root/.bashrc
echo -e "alias startx='startx & logout'" >> /etc/skel/.bashrc
echo -e "alias X='startx & logout'" >> /root/.bashrc
echo -e "alias last='last|less'" >> /root/.bashrc
echo -e "alias null='cat /dev/null > '" >> /root/.bashrc
echo -e "alias null='cat /dev/null > '" >> /etc/skel/.bashrc
echo -e "mesg n\n" >> /root/.bashrc
echo -e "mesg y\n" >> /etc/skel/.bashrc
echo "echo -ne '\033(K' " >> /root/.bash_profile
echo -e "\n" >> /root/.bashrc
echo -e "LANG=koi8-r\n" >> /root/.bashrc
echo -e "export LANG\n" >> /root/.bashrc
echo -e "######## These messages are displayed after logon ############" >> /root/.bashrc
echo -e "echo \"\"" >> /root/.bashrc
echo -e "echo \"\"" >> /root/.bashrc
echo -e "echo Logged in at \`tty\`.\n" >> /root/.bashrc
echo -e "echo \"\"" >> /root/.bashrc
echo -e "echo \" NOTES: \"" >> /root/.bashrc
echo -e "echo \" 1) Verify Ur last login information!\"" >> /root/.bashrc
echo -e "echo \" 2) Aliases are defined. Use full command-path to override .\"" >> /root/.bashrc
echo -e "echo -e \"At this moment these users are logged in:\"\n" >> /root/.bashrc
echo -e "who\n" >> /root/.bashrc
echo -e "echo \"The following alerts happend:\"\n" >> /root/.bashrc
echo "cat /var/log/alert" >> /root/.bashrc
echo "Configuring Ur telnet.."
echo -e "#.telnetrc\nDEFAULT set outbinary" >> /inbound/.telnetrc
cp /inbound/.telnetrc /root
cp /inbound/.telnetrc /etc/skel
echo Configuring Ur mc colors.
mkdir /root/.mc
mkdir /etc/skel/.mc
mkdir /etc/skel/bin
echo -e "\n[Colors]\nbase_color=normal=green,black:xterm=menu=cyan,gray:marked=,black:directory=lightgray,black:link=gray,black:device=,black:special=red,black:execute=cyan,black:viewunderline=,black:color_terminals=linux,xterm\n" >> /root/.mc/ini
echo -e "\n[Colors]\nbase_color=normal=green,black:xterm=menu=cyan,gray:marked=,black:directory=lightgray,black:link=gray,black:device=,black:special=red,black:execute=cyan,black:viewunderline=,black:color_terminals=linux,xterm\n" >> /etc/skel/.mc/ini
mkdir /root/nethack_save
mkdir /root/txt
echo "Making files U'll needed if U'll install qmail.."
echo "But then U should also recompile & reconfigure some mail progs & dirs/files."
touch /etc/skel/Mailbox
touch /root/Mailbox
echo Setting some permissions..
chmod 700 /root
#echo "#!/bin/sh" > /root/bin/koi8
#echo "/usr/bin/setfont /usr/lib/kbd/consolefonts/Cyr_a8x16" >> /root/bin/koi8
#echo "/usr/bin/loadkeys /usr/lib/kbd/keytables/russian.map" >> /root/bin/koi8
#echo "/usr/bin/mapscrn /usr/lib/kbd/consoletrans/koi2alt" >> /root/bin/koi8
#echo "echo -ne \"\n\033(K"\" >> /root/bin/koi8
#echo "echo \"To load KOI8-RU support run $HOME/bin/koi8\""
echo "Removing some strange permissions.."
chmod -s /usr/bin/lpr
chmod -s /sbin/dump
chmod -s /usr/bin/dos
chmod -s /usr/bin/dip
chmod -s /usr/bin/minicom
chmod -s /usr/bin/zgv
chmod -s /usr/X11R6/bin/seyon
chmod go-rwx /usr/bin/resizecons
chmod o-x /bin/sync
chown root.wheel /bin/su
chmod u+s /bin/su
chmod -x /usr/man/man1/*.1
chmod -x /usr/man/man2/*.2
chmod -x /usr/man/man3/*.3
chmod -x /usr/man/man4/*.4
chmod -x /usr/man/man5/*.5
chmod -x /usr/man/man6/*.6
chmod -x /usr/man/man7/*.7
chmod -x /usr/man/man8/*.8
chmod -x /usr/man/man9/*.9
chmod 400 /boot/vmlinuz*
echo "Don't forget to chmod 400 all new kernels in /boot."
chmod o-rwx /sbin/ifconfig
chmod o-rwx /sbin/route
echo "Also U may wish to do chmod -s for: elm , xlock. & chmod o-x for rpm."
echo "& it could be a good idea to chmod o-x mount"
echo "Turning on user command execution logs."
/sbin/accton /var/log/pacct
# This file was made & modified by Olli .
Last-modified: Fri, 12 Feb 1999 06:17:47 GMT