This customization is described here is down to command level for Fedora 21 XFCE live installation (a few commands are good only for AMD64). That is you can paste and execute the commands provided here in a terminal, but for that you need first to paste this whole post in a text file in a partition unaffected by installation (unformatted). Or print it. XFCE because i don't need an animated desktop and all the inconveniences (processor load) that come with it.
This whole new custom Fedora 21 installation as described here should not take more than 3 hours. That time is the only expense for a free and extremely performant and secure OS complete with free multimedia, internet and office software.
If i did it, everybody could.
Without customization and manual partitioning, it should take less than an hour and that is for the complete IT ignorant.
http://spins.fedoraproject.org/xfce/
But Fedora live DVD is much more than an installation kit. Once you boot from that DVD as described above, you get a functioning operating system with which you can even get online and browse the web. To start the installation process, you have to double click the Install icon on the desktop.
Any of the steps described below are optional and independent of each other.
Fedora (F) 21 installer has been modified since F20. There is an option to keep the old partitioning. There is an option for LVM. (There are other more options as partitioning.)
Don't know about LVM. I chose standard partitioning to keep the old partitioning from F20 which is similar to this in the link below.
https://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/s2-diskpartrecommend-x86.html
So in the first screen there is a partitioning option (i always forget after i am done with, can't save that screen). Left lower icon. I write here for those familiar with manual partitioning. After choosing that icon, i choose standard partitioning at top and select the manual partitioning button. Then i hit the Done button, that for some strange reason in this installer for F21 is at the upper left corner. Then i get to see the old Fedora installation with all its partitions that is hidden behind a drop menu. To grab a partition in the new installation all i have to do is click on it and rewrite the mounting point (/, /home, /tmp, etc.) and choose to format it or not.
These are the most critical moments. On an installation i always choose to keep the old /home and /var partitions unformatted. That is i don't make the mistake to check the format box near each. If i do so i would wipe out all my recent data and many settings, including desktop, browser, the last file i've been editing and all the others.
By keeping /home partition unformatted and creating when asked an non-privileged user name identical to the one in the old installation, there is very little work to be done for settings and after a clean install of a new version (or the same version), by keeping the /home and /var partitions unformatted, the desktop and the browser will look similar, bookmarks included, so the rest of your computer.
The non-privileged user is needed for doing everything on the computer except maintenance, for security reasons - if a non-privileged account is hacked, there is less they can do without the root password, pretty much like in Windows.
However, all commands (mostly with yum) described here are given in privileged a root terminal, that is a terminal after the command su has been issued and the root password introduced. (You can open a terminal in any directory found with the File Manager by right clicking and choosing Open terminal here). For the privileged (root) File Manager session, after issuing the su command in that terminal and introducing the root password, can type the command #thunar (that invokes the file manager, named like this in XFCE) and get into a privileged session with File Manager, that in turn can open (by clicking) privileged files for editing.
First thing that i do is i get rid of the annoying log-in for the non-privileged user at every boot (and the need to enter a 16 characters password each time, that number being my choice) by going in etc/lightdm/ and modifying and uncommenting two lines towards the end of the file lightdm.conf. By getting rid of the log-in and not needing to enter the password each time at boot time you don't compromise security except if somebody you don't trust has physical access to your computer.
autologin-user=george
autologin-user-timeout=0
After this, a graphical local install from a /var location (by double clicking on the rpm package in the the File Manager) of the yum plugin remove-with-leaves (among others, yes that's why i kept /var unformatted). If you don't have it saved for this purpose from the previous install, you may briefly go online by activating the network from the icon in the taskbar then install it by privileged terminal command
#yum install yum-plugin-remove-with-leaves
(yum is the name of the installation and removing program of choice in Fedora 21. The other one is rpm but more difficult to work with. yum-plugin-remove-with-leaves is a plugin that insures the removal of any useless (and potentially unsafe) packages that are linked only to the main packages removed so the cleanup is more complete).
Then i do this:
#yum remove claws-mail pidgin libpurple spice-vdagent sendmail pragha remmina tigervnc-server-minimal transmission liferea midori samba* openssh* --remove-leaves
By doing these two last steps i get rid of about 100 packages that i don't use, of which many are trying to connect to the internet on their own will. That is about 10% of the whole OS. Some of the packages on the list above are present only in Fedora 20 but the command will still work for the rest.
Then i copy the files iptables and ip6tables in etc/sysonfig from a location in /home which i kept from the F20 installation for this purpose. Later i will disable firewalld and install and enable iptables.
Then there is still a weird setting i will never understand. In etc/yum.conf there is a line keepcache=0. I modify it to 1 so all the rpm packages i ever download and install remain on my hard drive. However, lately this proved less and less useful. It was so while i was still installing it many times and tried to do the updates locally. It is possible by forcing yum to update locally.
#yum install iptables-services
#systemctl stop firewalld
#systemctl disable firewalld
#systemctl enable iptables
#systemctl start iptables
#yum update
Reboot to make sure everything works. Check iptables with
#iptables -S
About hosts file i wrote here http://georgesblogforfriends.blogspot.com/2013/04/hosts-file.html
About moving Chrome cache in RAM i wrote here https://www.facebook.com/george.ion.7505/posts/206431952892995
This is one setting that probably affects only my computer but i still write it
Go Chrome/Settings/Avanced and remove the check on Use hardware acceleration when available.
I create the files and paste in each
/etc/yum.repos.d/google-chrome.repo
[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=1
gpgcheck=1
[google-earth]
name=google-earth
baseurl=http://dl.google.com/linux/earth/rpm/stable/x86_64
enabled=1
gpgcheck=1
then
#yum install google-chrome-stable --nogpgcheck
#yum install google-earth-stable --nogpgcheck
For the more advanced user, here is the installation of the video drivers from Nvidia. This is critical as if you are not successful, your system will most like become useless and will need to be reinstalled and rely on the 30% slower, reverse engineered generic nouveau driver.
First, and the most important, you have to know exactly which of the drivers from nvidia you need, according to your video card. 340.xx, 304.xx, 173.14.xx, 96.43.xx or 71.86.xx This page will help you. http://www.nvidia.com/object/IO_32667.html
To find out what video card you have you do
#lspci -v | less
Then you go to this page
http://rpmfusion.org/Configuration
And install the free and non-free repos necessary to download the drivers, under the title
Graphical Setup via Firefox web browser
Then, after
#yum list *nvidia*
you will choose which driver you need, depending on the kernel version and video card found in the Nvidia web page above.
to find out which kernel version you have you do
#yum kernel list
Then installation of the driver. I think for my system the command was
#yum install kmod-nvidia-304xx-3.17.4-301.fc21.x86_64.x86_64
Then i install the optional programs like
#yum install gthumb (basic pictures management and adjusting).
#yum install audacity (audio recorder)
#yum install vlc (a complete media player)
#yum install stellarium (planetarium software)
#yum install libreoffice (Office equivalent for Linux
#yum install lmms (trackers, sequencers and synthesizers)
Last few times i had a problem with google earth. A conflict with a file, had to rebuild the rpm first by installing rpmrebuild
#yum install rpmrebuild
then
# rpmrebuild -ep /home/geek/Downloads/google-earth-stable_current_x86_64.rpm
Scroll down and remove line: %dir %attr(0755, root, root) "/usr/bin"
Save / exit the editor, with the command <ESC>:wq
After a while you will be asekd if to contine, should answer yes.
see rpmrebuild exiting saying something like: result: /root/rpmbuild/RPMS/x86_64/google-earth-stable-7.1.2.2041-0.x86_64.rpm
Then go cd /root/rpmbuild/RPMS/x86_64/ and run #yum localinstall google-earth-stable-7.1.2.2041-0.x86_64.rpm
etc.
Here is a version of the text file iptables that is needed in /etc/sysconfig for the iptables to work
# Generated by iptables-save v1.4.21 on Sat Dec 27 23:21:37 2014
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 --dport 30000:65535 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 --dport 30000:65535 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 1935 --dport 30000:65535 -j ACCEPT
-A INPUT -j LOG --log-prefix "[-P BLOCK] "
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j LOG --log-prefix "[-P BLOCK] "
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p udp -m udp --sport 20000:65535 --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 30000:65535 --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 30000:65535 --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 30000:65535 --dport 1935 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "[-P BLOCK] "
COMMIT
# Completed on Sat Dec 27 23:21:37 2014
1 comment:
Just removed two modification in firewall i didn't know existed
Post a Comment
Friendly comments welcome
Note: Only a member of this blog may post a comment.