0. Have a IP address, gateway, netmask info.

1. Boot.

2. Select media as FTP. Enter IP info.

3. Install from mirror.sit.wisc.edu, /mirrors/linux/distributions/redhat/redhat-7.1/en/os/i386

4. Wait.

5. Install a custom system.

6. Manually partition the drives using Disk Druid.

7. Format all of the partitions, including /home.

8. When prompted for LILO configuration, skip extra options.

9. Install the boot loader to the master boot record (MBR).

10. When it asks about multibooting, just press OK.

11. The machine will find the hostname. Yawn.

12. Firewall Configuration: Select "No Firewall"

13. When prompted for a mouse, select "None"

14. Choose the languages you wish to support.

15. Set the time to the closest local city.

16. Set the root password. Remember it.

17. Add users if you wish.

18. Authentication Configurations: Leave the defaults (Shadow passwords and MD5 hashes)

19. Package Group Selection: Select individual packages

20. Pick the separate packages (see attached list). Agree to the dependencies.

21. Say OK to the XFree86 probe.

22. Watch the packages install. YAWN.

23. When prompted for a boot disk, the answer you choose should be YES.

24. When prompted for a monitor selection, pick a generic VGA of some sort (not a huge deal)

25. Video memory: make an intelligent choice.

26. Clockchip Configuration: No Clockchip

27. Select Video Modes: 8 bit, 800x600

28. Skip starting X.

29. Reboot. Bask in the glory of Linux.

------------------------

1. Log in as root.

2. Run /usr/sbin/setup. Enter "System Services"

3. Disable everything you don't need. This includes:

- apmd
- gpm
- ipchains (LEAVE iptables on)
- isdn
- kudzu
- lpd
- pppoe
- rawdevices

4. Reboot again to disable the stuff you shut off.

5. Create /etc/cron.daily/settime, set it to be executable, enter this as the contents. Add it to /etc/rc.d/rc.local.

/usr/sbin/ntpdate -s -b -p 8 -u ntp1.cs.wisc.edu ntp2.cs.wisc.edu
/sbin/hwclock --systohc


6. Edit /etc/rc.d/rc.local to remove it's rewriting the /etc/issue files.

7. Edit /etc/issue & /etc/issue.net to say:

UNAUTHORIZED ACCESS PROHIBITED
** hostname.domain.wisc.edu **

8. Install Net::FTP into Perl.

perl -MCPAN -e shell

Are you ready for manual configuration? [yes]
CPAN build and cache directory? [/root/.cpan]
Cache size for build directory (in MB)? [10]
Perform cache scanning (atstart or never)? [atstart]
Policy on building prerequisites (follow, ask or ignore)? [follow] ask
Where is your gzip program? [/bin/gzip] 
Where is your tar program? [/bin/tar] 
Where is your unzip program? [/usr/bin/unzip] 
Where is your make program? [/usr/bin/make] 
Where is your lynx program? [/usr/bin/lynx] 
Where is your ncftpget program? [/usr/bin/ncftpget] 
Where is your ftp program? [/usr/bin/ftp] 
What is your favorite pager program? [/usr/bin/less] 
What is your favorite shell? [/bin/bash]
Parameters for the 'perl Makefile.PL' command? [] 
Parameters for the 'make' command? [] 
Parameters for the 'make install' command? []
Timeout for inactivity during Makefile.PL? [0] 

* Choose the continent you're on when it prompts you.

Your favorite WAIT server?
   [wait://ls6.informatik.uni-dortmund.de:1404]

* Now issue the command "install Net::FTP". Answer some questions with their defaults.

9. lynx http://www.jjminer.org/rhupdate/

   * grab the latest rhupdate

   gtar xlzf rhupdate-whatever.tar.gz

   cd rhupdate-whatever/
   ./configure
   make install

   * delete that stuff

10. Update the system using: rhupdate --download --retry 15
    Apply the updates. WATCH FOR KERNEL UPDATES -- THOSE ARE ODD -- DO NOT UPGRADE THESE (read Red Hat's notes)

11. Edit /etc/lilo.conf (you'll probably have to anyhow for the kernel updates).
    Remove the lines saying:

default=linux
message=/boot/message

* and rerun /sbin/lilo

12. Add DoS-denial stuff

# shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog

echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps

echo 64000 > /proc/sys/fs/file-max

ulimit -n 64000

# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route 
do
        echo 0 > $i
done

# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
        echo 1 > $i
done


13. Edit /etc/logrotate.conf for the proper settings (compress, etc)

14. Edit /etc/sysctl.conf and change kernel.sysrq to equal 1:

# Enables the magic-sysrq key 
kernel.sysrq = 1


15. Edit hosts.{allow,deny}