2. General System Setup

2.1. A Few Words About Security

Even before your system boots, you should decide what level of security you want to implement. To begin with, don't connect your machine to the network until you have decided what to do.

Security is a vast subject that goes beyond the scope of this HOWTO; two good starting points are the Linux Security Administrator's Guide http://www.securityportal.com/lasg and the Linux Security Guide http://nic.com/~dave/SecurityAdminGuide/index.html . You should consider at least the following steps: using shadow passwords (Shadow Password HOWTO), restricting network access to the machine (Section Section 3.4), using the Secure Shell (http://www.openssh.org ) or the Secure Remote Password ( http://srp.stanford.edu/srp/). Good luck.

2.2. Start the Logbook!

To keep your installation in shape, it's essential that you know exactly what happened to your machine, which packages you installed that day, what you removed or modified, and so on. So, the first thing you'll do before you tamper with your machine is start a ``logbook''. Therein you'll take note of every move you make as root; in my own logbook I also keep a section where I list all modified system files, additional .rpms, and .tar.gz I installed. Optimally, backtracking your moves you should be able to re-obtain a fresh installation.

Make a backup copy of the system files you touch. Better still, use RCS; you'll be able to backtrack all changes. Never work as root without logging your moves!

2.3. Keyboard

If you missed this step during installation or have changed your keyboard, you'll have to:

To load the key table, issue

/etc/rc.d/init.d/keytable start

Other special keys will be dealt with in the following sections. To enable NumLock on by default, add these lines to /etc/rc.d/rc.sysinit:

for tty in /dev/tty[1-9]*; do
  setleds -D +num < $tty
done

Normally, the Linux console cannot distinguish between, say, Arrow and Shift-arrow, but some applications (namely, the editor Section 4.5.3) do. Normally, these key bindings are only available in xterm. The following key map, which you can choose to load at boot time, is very handy:

# Load this key map with: loadkey shift.map
# Shift + Up
shift keycode 103 = F100
string F100 = "\033[a"
# Shift + Left
shift keycode 106 = F101
string F101 = "\033[c"
# Shift + Right
shift keycode 105 = F102
string F102 = "\033[d"
# Shift + Down
shift keycode 108 = F103
string F103 = "\033[b"
# Ctrl + Ins
control keycode 110 = F104
string F104="\033[2^"
# Shift + Ins
shift keycode 110 = F105
string F105="\033[2$"
# Shift + PgUp
shift keycode 104 = F106
string F106 = "\033[5$"
# Shift + PgDn
shift keycode 109 = F107
string F107 = "\033[6$"
# Shift + Home
shift keycode 102 = F108
string F108 = "\033[1$"
# Shift + End
shift keycode 107 = F109
string F109 = "\033[4$"
# Shift + Del
shift keycode 111 = F110
string F110 = "\033[3$"
# Ctrl + Del
control keycode 111 = F111
string F111 = "\033[3^"

2.4. Boot and Rescue Floppy

Make a couple of boot floppies for your newly installed system. Your distribution may include a command for creating such a floppy (say, mkbootdisk or something like that); if not, these commands will do:

#~ dd if=/boot/vmlinuz-2.0.36-0.7 of=/dev/fd0  # use your kernel image
#~ rdev /dev/fd0 /dev/hda2                     # your Linux root partition

Also, have at least a couple of rescue disks ready. There's a wide choice of rescue disks at ftp://metalab.unc.edu/pub/Linux/system/recovery ; if you don't know which one to choose, I suggest you try out Tomsbtrt, whose home page is http://www.toms.net/rb . It's very complete, but some utilities seem missing at first; for example, ftp is not there but you get nc (netcat) instead. Please read its documentation.

2.5. Console Colours

Why stick to white on black in Linux console? With the setterm command you can choose nicer combinations:

setterm -background blue -foreground red -bold on -store

Type setterm alone for a list of arguments.

2.6. Kernel Matters

IMHO, the first thing to do next is build a kernel that best suits your system. It's very simple to do but, in any case, refer to the README file in /usr/src/linux/ or the Kernel HOWTO. Hints:

2.7. Hard Disk Performance

Your (E)IDE hard disk's performance can be greatly enhanced by carefully using hdparm(8). If your Linux distribution doesn't include it, you'll find on ftp://metalab.unc.edu/pub/Linux/system/hardware ; look for a file called hdparm-X.Y.tar.gz.

Since many details depend on your hard disk and HD controller, I can't give you a general recipe. You risk to toast your filesystem, so read the man page carefully before using some of the options. At its simplest, you could add the following line to /etc/rc.d/rc.sysinit:

/sbin/hdparm -c1 /dev/hda  # first IDE drive assumed

which enables (E)IDE 32-bit I/O support. As for the `-m' option, this is what hdparm author Mark Lord emailed me:

" (...) if your system uses components from the past couple of years [< 1997], it will be fine. Older than that, there *may* be a problem (unlikely). The really buggy chips were the CMD0646 and RZ1000 chips, used *extensively* on 486 and (early) 586 motherboards about 2-3 years ago. "

For recent machines, these settings should work fine:

/sbin/hdparm -c1 -A1 -m16 -d1 /dev/hda

2.8. Parallel Port Zip Drive

Stock kernels include the driver for both old (ppa) and new (imm) Zip drives. If you recompile the kernel, make sure that SCSI support and SCSI disk support are enabled. Remember, there can be conflicts between the printer and the Zip drive on the same parallel port, so you have better use kernel modules.

Zip disks are sold preformatted on partition /dev/sda4. To enable the Zip, append this to /etc/rc.d/rc.sysinit:

# Enable the Zip drive
/sbin/modprobe ppa  # imm for recent models

Zip disks can be mounted via /etc/fstab as shown below, or via Mtools adding this line to your /etc/mtools.conf:

drive z: file="/dev/sda4" exclusive

besides, the command mzip allows you to eject, query the status, write and password protect Zip disks; man mzip for details. The Mtools home page is at http://linux.wauug.org/pub/knaff/mtools.

2.9. Device Drivers

Devices in /dev (or better, links to the actual device drivers) may be missing. Check what devices your mouse, modem, and CD--ROM drive correspond to, then do what follows:

~# cd /dev
/dev# ln -s ttyS0 mouse; ln -s ttyS1 modem; ln -s hdb cdrom; ln -s sda4 zip

In most notebooks the mouse device is /dev/psaux: take this into account when configuring X11. If you wish, do chmod 666 to these devices to make them fully accessible by every user.

2.10. Sound Card

My desktop PC is fitted with an old Sound Blaster 16; even if you've got something different, you may take what follows as guidelines.

I compiled the sound card support as a module (sb.o). Then I put this in /etc/conf.modules:

options sb io=0x220 irq=5 dma=1 dma16=5 mpu_io=0x330
alias sound sb

To enable the sound, make sure that modprobe sound is invoked in /etc/rc.d/rc.sysinit. Alternatively, get the tool sndconfig from the RedHat site.

Besides the standard kernel sound drivers, the Alsa drivers ( http://www.alsa-project.org) are an excellent choice. Strangely, though, the sound channels are muted by default. You'll want to use aumix and this /etc/aumixrc to set the volume to 100%:

vol:100:100:P
synth:100:100:P
pcm:100:100:P
line:100:100:P
mic:100:100:R
cd:100:100:P

2.11. Login Messages

If you wish to customise the login messages, check whether your /etc/rc.d/rc.local overwrites /etc/issue and /etc/motd. (RedHat does.) If so, get on with your editor.

If you'd like a colourised login message, you may adapt your rc.local inserting lines like these:

# put a real escape character instead of ^[. To do this:
# emacs: ^Q ESC   vi: ^V ESC   joe:  ` 0 2 7   jed: ` ESC
ESC="^["  # a real escape character
BLUE="$ESC[44;37m"
NORMAL="$ESC[40;37m"
CLEAR="$ESC[H$ESC[J"

> /etc/issue
echo "$CLEAR" >> /etc/issue
echo "$BLUE   Welcome to MyServer (192.168.1.1)   " >> /etc/issue
echo "$NORMAL " >> /etc/issue
echo "" >> /etc/issue

2.12. Hostname

Issuing the command hostname new_host_name may not be enough. To avoid the dreaded sendmail lock, follow these steps (only valid for a stand--alone machine):

2.13. Mouse

gpm mouse services are useful to perform cut and paste in tty mode, and to use the mouse in some applications. Make sure that you have a file called /etc/sysconfig/mouse and that it reads:

MOUSETYPE="Microsoft"
XEMU3=yes

Moreover, you must have a file /etc/rc.d/init.d/gpm, where you'll put additional command line parameters. Mine reads:

...
       daemon gpm -t $MOUSETYPE -d 2 -a 5 -B 132 # two-button mouse
...

Obviously, make sure this configuration is right for your mouse type. In most notebooks, MOUSETYPE is ``PS/2''.

If you like to use menus in console with Ctrl-button, then configure gpm-root. Edit the default menu in /etc/gpm-root.conf, then launch gpm-root from /etc/rc.d/rc.local.

2.14. Mount Points

It's handy to have mount points for the floppy, other devices and NFS-exported directories. For example, you can do the following:

~# cd /mnt; mkdir floppy cdrom win zip server

This creates mount points for a DOS/Win floppy, the CD--ROM, the Windows partition, the parallel port Zip drive, and an NFS directory.

Now edit the file /etc/fstab and add the following entries:

/dev/fd0        /mnt/floppy     auto            user,noauto 0 1
/dev/cdrom      /mnt/cdrom      iso9660         ro,user,noauto 0 1
/dev/zip        /mnt/zip        vfat            user,noauto,exec 0 1
/dev/hda1       /mnt/win        vfat            user,noauto 0 1
server:/export  /mnt/server     nfs             defaults

Obviously, you must use the correct device in the first field.

Note the `auto' filesystem type in the first line; it allows you to mount both ext2 and vfat (DOS/Windows) floppies, but you need a recent version of mount. You may find mtools more convenient.

2.15. Automount Points

If you don't like the mounting/unmounting thing, consider using autofs(5). You tell the autofs daemon what to automount and where starting with a file, /etc/auto.master. Its structure is simple:

/misc	/etc/auto.misc
/mnt	/etc/auto.mnt

In this example you tell autofs to automount media in /misc and /mnt, while the mountpoints are specified in/etc/auto.misc and /etc/auto.mnt. An example of /etc/auto.misc:

# an NFS export
server	 	-ro			my.buddy.net:/pub/export
# removable media
cdrom       	-fstype=iso9660,ro	:/dev/hdb
floppy		-fstype=auto		:/dev/fd0

Start the automounter. From now on, whenever you try to access the inexistent mount point /misc/cdrom, il will be created and the CD-ROM will be mounted.

2.16. lilo(8) and LOADLIN.EXE

Many users run both Linux and DOS/Windows on their PC, and want to choose at boot time which os to use; this should be done at install time, but in case, do what follows. Let's suppose that /dev/hda1 contains DOS/Windows and that /dev/hda2 contains Linux.

~# fdisk
Using /dev/hda as default device!

Command (m for help):a
Partition number (1-4): 2

Command (m for help):w
~#

This makes the Linux partition bootable. Then write this basic /etc/lilo.conf file:

boot = /dev/hda2
compact                # may conflict with "linear"
delay = 100            # 10 seconds
linear                 # gets rid of the "1024 cylinder" problem
#lba32                 # alternative
message = /boot/bootmesg.txt  # write your own, if you will
root = current
image = /boot/vmlinuz  # boot linux by default as this entry comes first
  label = linux
  read-only
#  append="mem=128M"   # to see more memory than 64M
other = /dev/hda1
  table = /dev/hda
  label = win

Now issue /sbin/lilo and you're done. Being lilo a crucial part of your installation, you're strongly advised to read its documentation anyway.

To boot Linux from DOS/Windows without resetting, put LOADLIN.EXE in a directory (in the DOS partition!) included in the DOS path; then copy your kernel to, say, C:\TEMP\VMLINUZ. The following simple .BAT file will boot Linux:

rem   linux.bat
smartdrv /C
loadlin c:\temp\vmlinuz root=/dev/hda2 ro

If you use Windows 9x, set the properties of this .BAT so as it starts in MS--DOS mode.

2.16.1. Security Tip

Making a backup copy of your MBR before installing Linux is a safe move. Prepare a Windows rescue floppy, and make sure it includes FDISK.EXE. To restore the MBR, all you have to do is

A:\> fdisk /mbr

2.17. Printer Configuration (lpd)

All distributions I know have a configuration tool for setting up the printer (printtool, yast, or magicfilter); if you don't have it, this is a basic manual configuration.

Let's suppose you have a non--PostScript (non ``Windows-only'' too!) printer you want to use to print raw text (e.g., C source files) and PostScript files via Ghostscript, which is assumed to be already installed.

Setting up the printer involves a few steps:

For more complex or exotic printing configurations, the Printing-HOWTO awaits you.

If you use printtool, be aware that the GSDEVICE chosen by Printtool will work, but not necessarily at its best for your printer. You may consider fiddling a bit with the file postscript.cfg; for instance, I changed GSDEVICE from cdj500 to djet500 and now my prints come out much quicker.

2.18. SVGATextMode

This utility, available on ftp://tsx-11.mit.edu/pub/linux/sources/sbin, is useful for changing the console screen resolution, font, and cursor shape. Users whose language include accented characters will be able to use them in console applications, while notebook users may change the cursor shape to make it more visible.

Edit /etc/TextConfig or /etc/TextMode, starting with the default VGA definition. Europeans should be happy with this ``LoadFont'' section:

Option "LoadFont"
FontProg "/usr/bin/setfont"
FontPath "/usr/lib/kbd/consolefonts"
FontSelect "lat1u-16.psf"   8x16 9x16 8x15 9x15
FontSelect "lat1u-14.psf"   8x14 9x14 8x13 9x13
FontSelect "lat1u-12.psf"   8x12 9x12 8x11 9x11
FontSelect "lat1u-08.psf"   8x8  9x8  8x7  9x7

Once you're done, try your configuration with a command like SVGATextMode "80x34x9", and if everything appears to be working fine, remove the warnings from /etc/TextMode and include this line in etc/rc.d/rc.sysinit:

# SVGATextMode
/usr/sbin/SVGATextMode "80x34x9"

Please note that the block cursor only works with some modes; on my notebook, "80x30x9".