PDA

View Full Version : Slim Server on Fedora 6



Wotan
2007-09-15, 14:16
I attempted an RPM installation of Slim Server on Fedora 6. It didn't work. Somewhere I found a command to run to make SE Linux happy--I do not wish to disable it. As of the last boot, the SS did not start because the user slimsever did not exist. It turns out the group does, but not the user. The group was apparently prevented from being created by SE Linux. I attempted to re-install the RPM. If I just double-click on the file to activate the "software installer" it claims it is already installed. But, if I do "rpm -e" or "rpm -e --allmatch" it claims it is not installed.

Short question: is there a place where I can find all this information together for a successful FC6 install? I looked for the SE Linux article but can no longer find it.

sdonham
2007-09-16, 01:33
I wish I had seen this post yesterday as I've had slimserver running on Fedora 6 for the past few months (with SE linux enabled). Today, however, I dismantled the entire system and I'm in the middle of building one with Fedora 8.
I will have to go through all the SE linux steps again, if you can wait a day or two while I reinstall Fedora and get my system back online, I'll be sure to send you detailed instructions.

As a side note, unless your system is connected directly to the internet with a static IP and a huge pipe, or has many users logged into it, for instance, using it as a web or mail server, I don't think you will benefit much from having SE Linux active. For my home use, a well configured firewall is sufficient. SE Linux is a pain in the neck to configure, especially if you're making frequent changes to the system as I do. I find the difficulty of configuring SE Linux far out-weighs the benefits when used in a home environment. I'm sure there are many who disagree with me, but that's my opinion.
Is there a reason why you want SE Linux enabled?

mikeruss
2007-09-16, 15:05
I agree SE Linux - Grrrrrr

If it's a home system disable it.

-----------

vi etc/selinux/config


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

Wotan
2007-09-17, 06:42
I wish I had seen this post yesterday as I've had slimserver running on Fedora 6 for the past few months (with SE linux enabled). Today, however, I dismantled the entire system and I'm in the middle of building one with Fedora 8.
I will have to go through all the SE linux steps again, if you can wait a day or two while I reinstall Fedora and get my system back online, I'll be sure to send you detailed instructions.

As a side note, unless your system is connected directly to the internet with a static IP and a huge pipe, or has many users logged into it, for instance, using it as a web or mail server, I don't think you will benefit much from having SE Linux active. For my home use, a well configured firewall is sufficient. SE Linux is a pain in the neck to configure, especially if you're making frequent changes to the system as I do. I find the difficulty of configuring SE Linux far out-weighs the benefits when used in a home environment. I'm sure there are many who disagree with me, but that's my opinion.
Is there a reason why you want SE Linux enabled?

I plan on using this box as a general-purpose server: Samba, FTP or SFTP for remote access, possibly NFS--with all the cheap terabytes of storage I can throw its way at a given time. At some point the web server may find itself running (though of course I don't run services I'm not using at the moment). Also, at some point I probably want Internet access to my music collection.

Thanks for the reply, though. I have all the time in the world. The machine on which I'm attempting to install this SS is my main desktop machine, which also has SS running under Windows XP, working fine. When WXP is not booted Squeezebox goes to sleep. The idea is to have a permanent, always-on server. I'm practicing on my main machine so it doesn't take me half a year to build the server.

When you get around to posting those detailed instructions it will be much appreciated.

mikeruss
2007-09-22, 09:41
Thought I'd let you know about this guide for sftp

http://www.brennan.id.au/14-FTP_Server.html

Excellent guide - basically cut and past commands - job done ;-)

Remember switch off Anonymous Users - otherwise you will be discovered in a matter of hours and have all sorts of issues. When you create a user either set up virtual users or if you plan on having just one login make sure they have nologin or noshell set.

madopal
2007-10-09, 22:49
I know this is a tangent, but change all the ports for ssh & sftp access. That cut my random hacking attempts down to about nil.

bltst2
2007-10-14, 12:11
I know this is a tangent, but change all the ports for ssh & sftp access. That cut my random hacking attempts down to about nil.

I've been using DenyHosts on my internet facing Fedora Server with great results. Cut down my hacking and anonymous account attempts from about 30 a day to about 1-2 a week.

http://denyhosts.sourceforge.net/

Wotan
2007-10-15, 09:48
I appreciate all the network security tips. What I'd really like, though, is tips on getting Slim Server to work under Fedora 6!