Changeset 2318 for trunk/server/doc/install-howto.sh
- Timestamp:
- Sep 5, 2012, 11:41:51 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/doc/install-howto.sh
r2316 r2318 307 307 308 308 # [PROD] Create fedora-ds user (needed for credit-card) 309 # [TEST] too if you want to run a local dirsrv instance 309 310 useradd -r -d /var/lib/dirsrv fedora-ds 310 311 … … 319 320 # This is superseded by credit-card, which works for [PRODUCTION] and 320 321 # [WIZARD]. We don't have an easy way of running credit-card for XVM... 322 #b 321 323 # 322 324 # # All types of servers will have an /etc/daemon.keytab file, however, … … 387 389 find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list 388 390 find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list 389 # You can prune binaries using 'chmod u-s' and 'chmod g-s' 391 # You can prune the first set of binaries using 'chmod u-s' and 'chmod g-s' 392 # and remove capabilities using 'setcap -r' 393 394 # XXX check for selinux gunk 390 395 391 396 # Fix etc by making sure none of our config files got overwritten … … 430 435 # XXX: Someone should write sed scripts to do this 431 436 # This involves editing the following files: 432 \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}433 \rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only437 svn rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3} 438 svn rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only 434 439 # o /etc/nslcd.conf 435 440 # replace: uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/ … … 454 459 # [TESTSERVER] 455 460 # - You need a self-signed SSL cert or Apache will refuse to start 456 # or do SSL. Generate with: 457 openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts .cert-nodes461 # or do SSL. Generate with: (XXX recommended CN?) 462 openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts-cert.pem -nodes 458 463 ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key 459 # Also make /etc/pki/tls/certs/ca.pem match up 460 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem 464 # Also make the various public keys match up 465 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/star.scripts.pem 466 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts.pem 467 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts-cert.pem 468 # Nuke the CSRs since they will all mismatch 469 # XXX alternate strategy replace all the pem's as above 470 cd /etc/httpd/vhosts.d 471 svn rm *.conf 472 473 # [TESTSERVER] 474 # Remove vhosts.d which we don't have rights for XXX 461 475 462 476 # [TESTSERVER] More stuff for test servers
Note: See TracChangeset
for help on using the changeset viewer.