en:dpi:dpi_components:platform:faq:first_install:install_remote_start [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_components:platform:faq:first_install:install_remote_start [2021/07/22 17:28] – ↷ Links adapted because of a move operation lexx26en:dpi:dpi_components:platform:faq:first_install:install_remote_start [2021/12/08 11:14] (current) – removed edrudichgmailcom
    Line 1: Line 1:
    -====== 1 We have got a server. What shall we do to install the VAS Experts DPI? ====== 
    -{{indexmenu_n>1}} 
      
    -  * Make sure that your appliance meets [[en:dpi:dpi_components:platform:dpi_requirements:start|hardware requirements]] 
    - 
    -  * Install CentOS 8.3: [[http://isoredirect.centos.org/centos/8/isos/x86_64/| ISO CentOS 8.3 minimal]] 
    - 
    -<note warning>CentOS 7 is not supported</note> 
    -<note tip>It is enough to automatically install CentOS by the installator. If stand-by is needed and if there are two disks it is permissible to combine them into RAID1 (software or hardware-software). [[.first_install:install_os_core|Information on OS kernel versions.]]</note> 
    - 
    -  * Create the new user **vasexpertsmnt** (choose the password by yourself). 
    - 
    - useradd vasexpertsmnt 
    - passwd vasexpertsmnt 
    - usermod -aG wheel vasexpertsmnt 
    - 
    -  * **Open sudo (or su).** 
    - 
    - visudo 
    - 
    -Uncomment the string 
    - 
    - ## Allows people in group wheel to run all commands 
    - %wheel  ALL=(ALL)       ALL 
    - 
    -  * Set up the ssh access restrictions: 
    - 
    -<note>45.151.108.0/24, 94.140.198.64/27, 78.140.234.98, 5.200.43.10,  193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247.170.134, 91.197.172.2, 46.243.181.242, 78.140.234.98, 93.159.236.11</note> 
    - 
    - iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
    - iptables -A INPUT -p tcp -s 45.151.108.0/24 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 5.200.43.10 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 91.197.172.2 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT 
    - iptables -A INPUT -p tcp --dport 22 -j DROP 
    - service iptables save 
    - 
    -If you are using firewalld: 
    - 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="5.200.43.10" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.47.212" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="77.247.170.134" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/24" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="91.197.172.2" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept' 
    - firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept' 
    - firewall-cmd --reload 
    - firewall-cmd --zone=public --remove-service=ssh --permanent 
    - 
    -<note warning>**Do not forget to allow server access from your addresses!**</note> 
    -  * Send us server IP, SSH port, vasexpertsmnt and password to email: sd@vas.expert. 
    -<note warning>**Save the settings! You will have to restart the server to complete installation!**</note>