Index
Documents
Publications
ETH
Diving
Software
Pictures
Server info
Blog

Search

Matteo Corti — Fedora Post Installation Notes

This document contains a set of notes that I use after a fresh Linux installation. Some of them are specific to my setup but many of them could be useful for the general public. Feel free to send me corrections suggestions and additions.

Post-install configuration

man

Fedora automatically enables automatic nearby searches for man pages (see the man man page for details). You can disable it by uncommenting NOAUTOPATH in /etc/man.config

SSH

Since the SSH protocol version 1 has shown to be flawed it is advisable to allow only version 2. Set Protocol 2 in /etc/ssh/ssh_config for the client and in /etc/ssh/sshd_config for the server.

Paper format

If you live outside the US and you use a standard format for paper you might want to redefine the default output for several command line tools.
  • a2ps:
    Set Options: --medium=A4 in /etc/a2ps-site.cfg.

  • Ghostscript:
    In the file /usr/share/ghostscript/#.##/lib/gs_init.ps you will find: 
    % Optionally choose a default paper size other than U.S. letter.
% (a4) /PAPERSIZE where { pop pop } { /PAPERSIZE exch def } ifelse
    Just uncomment the second row.

  • Xpdf:
    In the file /etc/xpdfrc you will find: 
    # Set the default PostScript paper size -- this can be letter, legal,
# A4, or A3.  You can also specify a paper size as width and height
# (in points).

#psPaperSize            letter
    Uncomment the last line and change the format to A4.

  • CUPS:
    To eliminate the problem of blank pages printed after some print jobs (e.g., from a2ps) you can try to disable accounting in the PS files by setting ps_accounting to 0 in /etc/foomatic/filter.conf. Uncomment the last line and change the format to A4.

Compiler

In /etc/profile you can define the standard flags for the compiler by setting CFLAGS. An example for Pentium IV processors could be: 
export CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
export CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"

Postfix

After having checked that your Postfix configuration is working set the correct error code for unknown users. unknown_local_recipient_reject_code should be 550 and not 450.

Program configuration

XEmacs

  • AUCTeX, RefTeX and Bib-cite:
    Add the following to your $HOME/.xemacs/init.el: 
    ;; Auc-TeX 
(require 'tex-site) 
(setq-default TeX-master nil) 
(setq TeX-parse-self t) 
(setq TeX-auto-save t)

;; RefTeX 
(autoload 'reftex-mode    "reftex" "RefTeX Minor Mode" t) 
(autoload 'turn-on-reftex "reftex" "RefTeX Minor Mode" nil) 
(add-hook 'LaTeX-mode-hook 'turn-on-reftex)   ; with AUCTeX LaTeX mode 
(setq reftex-enable-partial-scans t) 
(setq reftex-save-parse-info t) 
(setq reftex-use-multiple-selection-buffers t) 
(setq reftex-plug-into-AUCTeX t) 
(setq bib-cite-use-reftex-view-crossref t) 

;; bib-cite 
(autoload 'turn-on-bib-cite "bib-cite") 
(add-hook 'LaTeX-mode-hook 'turn-on-bib-cite) 
(setq bib-novice nil)
  • mwheel:
    To enable wheel scrolling add the following to your $HOME/.xemacs/init.el: 
    ;; mwheel
(require 'mwheel)
(mwheel-install)
  • Fly-spell:
    To enable Fly-spell add the following to your $HOME/.xemacs/init.el: 
    ;; Fly-spell
(add-hook 'LaTeX-mode-hook 'flyspell-mode)
(autoload 'flyspell-mode "flyspell" "On-the-fly spelling checker." t)
(setq ispell-parser 'tex)
  • General:
    This setting forces a newline at the end of each file: 
    ;; Always end a file with a newline
(setq require-final-newline t)

xterm

It is possible to change the set of characters that are included in the selection when a word is double-clicked. For example in $HOME/.Xdefaults: 
XTerm*charClass: 33:48,37:48,45-47:48,64:48
The man page of xterm provides a description of the format of the character classes.

Pine

An example of a display filter (from UTF-8 to ISO-8859-2): 
_CHARSET(UTF-8)_  /usr/bin/iconv -f UTF-8 -t ISO-8859-2

bash

The behavior of the matcher in bash-2.05 and later versions depends on the current LC_COLLATE setting. Setting this variable to C or POSIX will result in the traditional behavior ([A-Z] matches all uppercase ASCII characters). Many other locales, including the en_US locale (the default on many US versions of Linux) collate the upper and lower case letters like this: AaBb...Zz which means that [A-Z] matches every letter except z. Remember that the portable way to specify upper case letters is [:upper:] instead of A-Z; lower case may be specified as [:lower:].

ALSA

To enable dmix put the following in $HOME/.asoundrc: 
pcm.dsp0 {
  type plug
  slave.pcm "dmix"
}
  • MPlayer:
    In .mplayer/config: 
    ao=alsa:device=dmix
  • XMMS:
    Put dmix in the audio device field of the ALSA configuration tab.

  • Storing the volume:
    When the machine boots all the devices are set to mute and all the volumes are set to 0. You can store the current levels with: 
    alsactl store
    and restore them at every boot by putting: 
    alsactl restore
    in /etc/rc.d/rc.local.

Firewall

Before modifying the firewall rules check the name of the iptables chain used by your RedHat version (in this section we will use RH-Firewall-1-INPUT). The easiest way is to enable the firewall and open one port with setup and later modify the /etc/sysconfig/iptables manually.
  • AFS: 
    # AFS ports
-A RH-Firewall-1-INPUT -p tcp --dport 7000:7009 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 7000:7009 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 30000:60000 -j ACCEPT

# Kerberos
-A RH-Firewall-1-INPUT -p tcp --dport 88 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 88 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 464 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 464 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 749:752 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 749:752 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 754 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 760 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 2053 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 4444 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 4444 -j ACCEPT
  • NFS:
    NFS in the default configuration uses some random port numbers. It is therefore useful to ``tie'' down the ports used by these services to fixed values:
    • portmapper: default on port 111
    • status: random port. To use another port (say 4000) set STATD_PORT=4000 in /etc/sysconfig/nfs
    • NFS daemon: default on port 2049
    • NFS lock manager: random port. To use another port (say 4001) put options lockd nlm_udpport=4001 nlm_tcpport=4001 in /etc/modprobe.conf.
    • mountd: random port. To use another port (say 4002) set MOUNTD_PORT=4002 in /etc/sysconfig/nfs
    This allows to open these ports with the following rules: 
    # NFS
-A RH-Firewall-1-INPUT -p tcp --dport  111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport  111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 4000:4002 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 4000:4002 -j ACCEPT
  • ETH specific:
    # NETBACKUP
-A RH-Firewall-1-INPUT -p tcp -m tcp -s ! 129.132.0.0/16 \
  --dport 13722 -d 0/0 -j REJECT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s ! 129.132.0.0/16 \
  --dport 13782 -d 0/0 -j REJECT
-A RH-Firewall-1-INPUT -p tcp --dport 13722 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 13722 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 13782 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 13782 -j ACCEPT

# nrpe (Nagios)
-A RH-Firewall-1-INPUT -p tcp --dport 5666 -j ACCEPT
  • Additional ports:
    The ports defined below can be opened with: 
    -A RH-Firewall-1-INPUT -p protocol --dport ports -j ACCEPT
    Ports Protocol
    137:139 SMB
    14238 J-Pilot
    6881:6999 Bit torrent

xDSL

If you have an outgoing connection to a cable modem or xDSL via Ethernet it is advisable to limit the outgoing traffic moving the queue on the Linux box: 
tc qdisc add dev INTERFACE root tbf rate UP_SPEED kbit latency 50ms burst 1540
Where INTERFACE is the network interface to the modem and UP_SPEED is the maximum upload speed (minus a few percent). It is also advisable to prioritize interactive traffic (e.g., SSH): 
-A PREROUTING -t mangle -p tcp --sport ssh \
  -j TOS --set-tos Minimize-Delay
-A PREROUTING -t mangle -p tcp --dport ssh \
  -j TOS --set-tos Minimize-Delay

Other

Palm OS

To connect a USB Palm OS device create /etc/udev/rules.d/ with: 
BUS="usb", KERNEL="ttyUSB*", SYMLINK="pilot"
This will create a /dev/pilot to communicate with your device.

Acknowledgments

I would like to thank Michael Gatto for his valuable contributions.
Valid HTML 4.01! Valid CSS! www.cacert.org Bone Marrow Donors Worldwide