Process Number: 220	Revision Date: 3/24/2005 5:48:00 PM
Revision #: 9	Back | Access Password:

CCentral/CCentest Installation

Office Responsible:

DCS - District - Computing Services

Process Type:

internal

Position Title:	Network Administrator / Web Master		Author:	cbrady
Cross Trained Staff:	tcollins	Manager:	Brett Noble	Vice Pres.:	Ron Keith

Timeline (Deadlines or Time-Constraints) :

N/A

What must be done before this process is started:

Which processes are waiting for this process:

Source documents or communication with information needed for this process:

CCentral Installation with Red Hat Linux 9.0 ------ A : INSTALL – Red Hat LINUX 9..0 Install Linux 9.0 with Custom Settings, removing all selections, except for - "Mail Server", with "Sendmail" sub selection. - "Development Tools" (kept default sub selections) - “FTP Server” with “vsftpd – Very Secure FTP” (if not you will need to run the rpm install step). On the Custom selection, choose "Select Individual Packages", and make sure to select "gd" ------ B : Update to the latest software You must 1st have an account with Red Hat Network in order to run update. Until April 2004, This is free for 1 system per person. After that its for Enterprise only and it costs money. Step 1: Download the newest up2date from the Red Hat site. Their SSL certificate that they used for securing up2date transactions expired as of December 2004, and you must install the new up2date manually. Go to http://rhn.redhat.com/help/latest-up2date.pxt and download the latest up2date for Red Hat 9.0 (up2date-3.1.23.2-1.i386.rpm as of this writing). If you want to be sure it’s the proper up2date software, you can run the md5sum to verify the file. Instructions are available on the download page to verify the file. Step 2: Transfer the file to the Linux machine using either a floppy or Secure Shell (ssh program). We stored it in /usr/src/RedHat. Step 3: Install the up2date rpm: rpm -Fvh up2date-* Step 3a: Import Public Key. If you have a old download of Red Hat 9 OS, you may have a out of date public key. You will Need to run the following command to update the key. rpm --import /usr/share/rhn/RPM-GPG-KEY Step 4: Register the system with the Red Hat Network account. up2date –register Follow the prompts, inputting the username, password, and e-mail address used for the account. Follow the prompts and finish the registration. Step 4: Update the system To Update the system, except for skipped files (only the Kernel (main os program) by default) up2date –u To Update the entire system, up2date -uf ------ C : Install Apache/PHP/FREETDS/OPENSSL Step 1: Download the files from the following sites. The files should be saved in /usr/src/ in there separate directories. http://www.apache.org (Download, HTTPD 2.X) http://www.php.net http://www.freetds.org http://www.openssl.org http://www.mrunix.net/webalizer/ Pull the following rpm files from the Linux 9 Install disks into the /usr/src/expect directory. tcl-.i386.rpm tcllib-.i386.rpm expect-.i386.rpm libpng-devel-.i386.rpm gd-devel-cd .i386.rpm Step 2 : Go to /usr/src, and with in each directory extract the packages you downloaded with the appropriate command below. tar zxvf Example : tar zxvf freetds-0.61.tgz Step 3 : To install FreeTDS, open the freetds folder in /usr/src/ 1) ./configure --prefix=/usr/local/freetds --with-tdsver=4.2 2) make 3) make install 4) Insert "/usr/local/freetds/lib" in /etc/ld.so.conf and run "Idconfig -v" command. Step 4 : Configure OpenSSL 1) cd /usr/src/openssl/ 2) ./config --prefix=/usr/local/ssl 3) make 4) make test 5) make install Step 5 : Configure Apache (httpd) 1) cd /usr/src// 2) SSL_BASE=/usr/src/// 2) CFLAGS="-I/usr/kerberos/include" ./configure --enable-so --enable-ssl --enable-shared=ssl --prefix=/usr/local/httpd 3) make 4) make install Step 6 : Configure PHP 1) cd /usr/src/// 2) ./configure --with-apxs2=/usr/local/httpd/bin/apxs --with-apache2=../..// --disable-debug --enable-track-vars --with-sybase=/usr/local/freetds --with-xml --enable-ftp –enable-memory-limit 3) make 4) make install 5) cp php.ini-dist /usr/local/lib/php.ini 6) make configurations to php.ini - memory_limit = -1 - log_error = On - error_log = /usr/local/httpd/logs/php_log - register_globals = On - include_path = ".:/WebSites/CCentral" - upload_tmp_dir= /WebSites/Temp (Note: Create directory ("/WebSites/Temp") - sendmail_path = sendmail -t –i 7) make configurations to /usr/local/httpd/conf/httpd.conf : Check for these lines, and make sure they are present. - User apache - Group apache - StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 100 MaxRequestsPerChild 500 MaxMemFree 1000 - ServerAdmin ccentral@sbccd.cc.ca.us - ServerName ccentral.sbccd.cc.ca.us:80 - DocumentRoot "/WebSites/CCentral" - - DirectoryIndex index.html index.htm index.php index.html.var - AddType application/x-httpd-php .php - NameVirtualHost - > ServerName - > ServerName sbccd.cc.ca.us ServerAlias * Redirect permanent / http:// 8) groupadd apache 9) useradd -g apache apache 10) >>>> passwd apache <<<<<< Step 7 : Configure SSL 1) cd /usr/local/httpd/conf/ssl.conf 2) make configurations : DocumentRoot "/WebSites/CCentral" - ServerName ccentest.sbccd.cc.ca.us - ServerAdmin ccentral@sbccd.cc.ca.us - Place about the "" SSLPassPhraseDialog exec:/usr/local/httpd/sbin/pp-filter 3) Create /usr/local/httpd/sbin/pp-filter, and type in #! /bin/sh echo sbccd Step 8 : Alter apachectl to start with SSL automaticlly 1) Open /usr/local/httpd/bin/apachectl and add -DSSL, to Stop/Start code. start|stop|restart|graceful) $HTTPD -k $ARGV -DSSL Step 9 : SSL Key 1) Copy versign.key to /usr/local/httpd/conf/ssl.key as server.key 2) Copy versign.crt to /usr/local/httpd/conf/ssl.crt as server.crt Note: You may need to go through the request process. For Test Certificate 1) cd /usr/local/ssl/bin 2) openssl req -new -out server.csr 3) openssl rsa -in privkey.pem 4) openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 9999 5) mkdir /usr/local/httpd/conf/ssl.key 6) mkdir /usr/local/httpd/conf/ssl.crt 7) cp server.crt /usr/local/httpd/conf/ssl.crt 7) cp server.key /usr/local/httpd/conf/ssl.key Step 10 : Configure for startup and shutdown scripts. 1) cd /usr/local/httpd/bin/ 2) cp apachectl /etc/init.d/httpd 3) ln -s /etc/init.d/httpd /etc/rc.d/rc0.d/K15httpd 4) ln -s /etc/init.d/httpd /etc/rc.d/rc1.d/K15httpd 5) ln -s /etc/init.d/httpd /etc/rc.d/rc2.d/K15httpd 6) ln -s /etc/init.d/httpd /etc/rc.d/rc6.d/K15httpd 7) ln -s /etc/init.d/httpd /etc/rc.d/rc3.d/S85httpd 8) ln -s /etc/init.d/httpd /etc/rc.d/rc4.d/S85httpd 9) ln -s /etc/init.d/httpd /etc/rc.d/rc5.d/S85httpd Note : Re-Run Step 6 if message "Cannot load .... libphp4.so into server" appears when you start apache - Run "make clean" before re-doing steps above again. Step 12 – Install Expect and associated libraries with RPM 1) cd /usr/sr/expect 2) rmp –i expect.i386.rpm tcl.i386.rpm tcllib.i386.rpm Step 13 – FTP Server Self Install with RPM If you selected it with the Linux 9 Install, skip this step. 1) Download the latest vsftpd rpm or take it out of the source CD for i386. 2) rpm –i 3) vi /etc/vsftpd/vsftp.conf - ftpd_banner = Campus Central – FTP 4) chkconfig –level 345 vsftpd on Note: must be in root (su -) Step 14 : Installation of the Verisign Software (PayFlow Pro) for Credit Card Processing Contact information: www.verisign.com Payment Services Support: Phone: 888-883-9770 E-mail: vps-support@verisign.com Identifying Information: Organization name on contract: San Bernardino Community College District Login name: SBCCD1 The local scripts would have to be rebuilt of course. They are short and simple, easily altered from the sample script included with the executable. The local script needs to accept four command-line parameters passed from WebReg: card number, expiration date, amount, and Datatel ID. 1) Download files from \\alderaan\source\verisign or \\sbccdnas\comp_center\verisign to the /usr/src/Verisign directory. 2) Transfer the pfpro_linux_v3i.tar file to the /usr/local directory. 3) "tar -xf pfpro_linux_v3i.tar". 4) Copy the script files pfpro.live and pfpro.test to the /usr/local/verisign/payflowpro/linux/bin directory. 5a) If installing ccentral, "cp pfpro.live pfpro.reg". 5b) If installing ccentest, "cp pfpro.test pfpro.reg". 6) "chmod 775 pfpro.live pfpro.test pfpro.reg" Step 15: Install & Configure WebAlizer (Web Statistics) 1) rpm –i libpng-devel-.i386 gd-devel-.i386.rpm 2) cd /usr/src/webalizer// 3) cp webalizer.conf.ccentral /etc/webalizer.conf 4) ./configure –enable-dns –with-dblib=/usr/lib 5) make 6) make install 7) cd /usr/bin 8) touch webalizer.analyze.sh 9) chmod +x webalizer.analyze.sh 10) vi webalizer.analyze.hourly.sh 11) Type and Save: #!/bin/sh cp /usr/local/httpd/logs/access_log /tmp/access_log.webalizer /usr/local/bin/webalizer /tmp/access_log.webalizer rm -fr /tmp/access_log.webalizer Step 16 : Configure Rotate Log Configurations 1) /etc/logrotate.d 2) vi httpd 3) Enter : /usr/local/httpd/logs/access_log { rotate 4 weekly postrotate /bin/kill -HUP `cat /usr/local/httpd/logs/httpd.pid ` /usr/local/bin/webalizer /usr/local/httpd/logs/access_log.1 endscript } /usr/local/httpd/logs/error_log { rotate 4 weekly postrotate /bin/kill -HUP `cat /usr/local/httpd/logs/httpd.pid ` endscript } /usr/local/httpd/logs/ssl_request_log { rotate 4 weekly postrotate /bin/kill -HUP `cat /usr/local/httpd/logs/httpd.pid ` endscript } 4) vi php 5) Enter : /usr/local/httpd/logs/php_log { rotate 10 weekly postrotate chown apache:root /usr/local/httpd/logs/php_log endscript } 6) Touch /usr/local/httpd/logs/at_log 7) vi at 8) Enter : /usr/local/httpd/logs/at_log { rotate 10 weekly postrotate chown apache:root /usr/local/httpd/logs/at_log endscript } 9) Test Configuration : logrotate –dv /etc/logrotate.conf 10) Force Log Rotate : logrotate –f /etc/logrotate.conf Step 17 : Create Cron job for nightly reboot 1) cd /etc 2) vi crontab 3) Add at the bottom : # Campus Central Crons (Reboot Server) 01 4 * * * root reboot # Webalizer Analyze (Run Access Log at 30 mins past the hour) 30 * * * * root /usr/bin/webalizer.analyze.hourly.sh Step 18: Remove Auto-Hardware Detect on Boot up (kudzu) 1) cd /sbin/ 2) chkconfig kudzu off 3) chkconfig --list a. This allows you to verify it is off. Step 19: Configure Sendmail 1) cd /etc/mail 2) vi local-host-names 3) Add lines (For CCentral – do not include this line) ccentral.sbccd.cc.ca.us ccentral.sbccd.dmz (For CCentest – do not include this line) ccentest.sbccd.cc.ca.us ccentest.sbccd.dmz 4) vi sendmail.mc 5) Find and alter this line to the below: (removing Addr=:x.x.x.x) DAEMON_OPTIONS(`Port=smtp, Name=MTA`)dnl 6) Find and alter this line to the below: (replace mydomain.com, and remove dnl at the front) MASQUERADE_AS(`sbccd.cc.ca.us`)dnl 7) Find and remove the first dnl for the below lines: FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl 8) vi /usr/share/sendmail-cf/m4/proto.m4 Search for “HReceive” which should bring you to the following line HReceived: confRECEIVED_HEADER Add “#” in the front to comment it out. 9) vi submit.mc You will need to simply “w” (write) the file as is to force recompile of the file. 10) make clean 11) make Step 20 : Redirect Root mail to ccentral@sbccd.cc.ca.us 1) cd /root 2) vi .forward (Note: the “.” in front) 3) Type ccentral@sbccd.cc.ca.us 4) Save Step 21 : Start Services 1) reboot (shutdown –r now)

What is the end-result of this process, or the hand-off

What steps must be taken independent of the computer system (Manual Process)

Which steps must be taken on a computer (Electronic Process):

Related Documents to Process (e.g. Datatel documentation, Government code books, etc.)

Notes (Cautions, suggestions for improvement, etc.)