Bringing CentOS Linux into MS Network

PREFACE

Recently I found myself working for a company which internal network is entirely MS Windows-based. Ironically, the company manufactures software which runs only on UNIX (Linux + a bunch of commercial ones like HP-UX, AIX or Solaris). Since my work required everyday low-level interaction not only with this software, but also with other enterprise stuff like Oracle database, I decided that running a VM with Linux was way too crippled. I needed real Linux on real hardware to be productive. This series of articles is a summary of my efforts to see the Windows ™ logo on my desktop as rarely as possible.

Because RHEL was the only open-source OS, supported by my company’s product and its dependencies, CentOS 6 was the obvious choice. For the same reason I had to go with the 64-bit version, which complicated a lot of desktop-related stuff. CentOS is very stable, but nearly 4 years old (feature-wise); if you can afford it:

  • Go for as recent distribution as possible (it will make your life in the MS network easier), and
  • Go for a 32-bit edition – it will save you lots of time and efforts.

Because security is paramount, well do everything needed to comply even with the strictest security policy your company might have (although, what security may there be when there is Windows…?).

Important! The guide assumes you know how to install, set up and administer Linux. It expects you to be familiar with command line and be able to perform relatively advanced system administration tasks. It also assumes you know how to obtain Administrative privileges in Windows and how to use Computer Management tools from it. If you’re not confident, quit or seek advice.

CHAPTER 1: BITLOCKER

Note: This procedure applies to Windows 7. It will probably work with Window Vista. It will not work for Windows XP; if you have XP, you’re on your own here.

Note: You’ll need Windows administrative privileges to install Linux.

Since my laptop was ‘enterprise’, it came with an ‘enterprise-level’ protection: BitLocker. My main goal was to install Linux alongside Wndows and keep the level of security my company insists on. Therefore, I could not afford to remove or disable BitLocker.

Step 1.  Go to the Control Panel, open BitLocker and print on paper the recovery key. This is the single most important step (!) during the whole set-up! You’ll need this key every time you modify the partition table (or even just overwrite it with the same content). Without it you won’t be able to boot – not just Windows, but Linux too!

Step 2. In Windows, open Administrative Tools -> Computer Management and go to your hard disk. You will likely see 2 partitions: one small (less than 1 GB), without a letter (invisible to Windows) and the main Windows partition (C:). Re-size the Windows partition to free some space. Windows will allow you to free less space than it shows as  ‘free space’ on the partition, because it treats some files as ‘unmovable‘ (those which are currently mapped to virtual memory) and it can only shrink from the last sector of the last unmovable file on.

Step 3. Install Linux. Use the 64-bit version (x86_64). You’ll need a bootable media (USB or CD/DVD). For CentOS by far quickest and easiest way is to get a Live CD image and install from it – it rarely takes more than 10 minutes. When installing Linux take care of several things:

  • Create 2 partitions: one small (1 GB is enough, could be several times smaller), assign to /boot (likely, /dev/sda3); one with the rest of the disk space, assign to ‘/‘ and encrypt it (likely, /dev/sda4). If you have SSD, do not set up swap. If you decide to have swap partition, you’ll probably need to set up extended partition (with MBR layout you can only have 4 primary partitions and the extended one is actually your last primary).
  • When installing boot loader (most likely GRUB), do NOT set it up on MBR; instead, set it up on the /boot partition (likely, /dev/sda3). If installing from USB drive, it will likely be set as /dev/sda and your hard disk as /dev/sdb, which will result in wrong (unbootable) GRUB config. Use the GRUB config screen to set your HDD as first one (or, alternatively, fix the /boot/grub/grub.conf by replacing hd1 with hd0 when installation completes).

Step 4. Because BitLocker needs a compatible boot manager, we cannot use GRUB to dual-boot. Instead, we’ll use the Windows boot manager to boot Linux. For Windows 7 follow these steps:

  • Reboot after installing Linux. BitLocker will ask your recovery key. Then you’ll be booted into Windows.
  • While you can (in theory) manage your Windows boot manager only with the native command line tool (bcdedit.exe), the approach that worked on Vista (copying only the GRUB boot sector) seems not to work on Windows 7. Therefore, install a GUI utility named EasyBCD (free for personal use). (Using GRUB4DOS is an alternative way, not described in detail here; yet another, more exotic approach, is to set up DOS on a separate partition and use LoadLin from it to boot Linux.)
  • Using Computer Management from Administrative Tools, assign a drive letter to your hidden Windows partition.
  • Using EasyBCD, add new entry to the boot manager’s configuration. Click Add New Entry button, go to Linux/BSD tab, select GRUB Legacy. Check the check-box Use EasyBCD-supplied GRUB. From the drop-down, select the partition before your Linux one (likely, the main Windows partition). The latter circumvents what is seems to be a bug in the EasyBCD partitin numbering. On your small Windows partition you’ll now have several new files, including one named ANG0 and a boot sector (in the root directory or in a folder named NST). You can use EasyBCD to tweak boot entries’ names and order, default boot, timeout etc.
  • From Control Panel, go to BitLocker. Suspend it, then Resume it (this is the say to tell it to accept the modified boot configuration – otherwise you’ll be prompted for your recovery key on every boot, even you chose to boot Linux).
  • Reboot. You’ll now see menu with two options. Select the Linux one. You should be then taken to GRUB menu in CentOS from which you can continue booting Linux.

CHAPTER 2: LINUX SETUP

These are some recommended fist things to do on your CentOS 6. More nice stuff will be discussed later on.

  • If you have a commonly used UNIX account, create a user with the same username. It will allow you to easyly SSH from a terminal.
  • Kill selinux: in /etc/selinux/config set SELINUX to disabled (will be applied on next reboot). In order to disengage it immediately, run ‘setenforce 0′. To remove the not needed (but frequently updated) policy files, run ‘yum uninstall selinux-policy selinux-policy-targeted’.
  • Run ‘yum update’ to get newer kernel and many other system updates.
  • Improve power management: open /boot/grub/grub.conf and on the line of the topmost (default) kernel, add these: ‘pcie_asp=force i915.i915_enable_rc6=1 i915.lvds_downclock=1 i915.i915_enable_fbc=1’. This will keep your notebook cooler and will spin down the CPU fan properly.
  • Reboot to get the new kernel and sysem libraries.
  • Install some often used tools: as super-user, ‘yum groupinstall „Development Tools“‘

Go to Part 2

This entry was posted in Нули и единици. Bookmark the permalink.

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *

Този сайт използва Akismet за намаляване на спама. Научете как се обработват данните ви за коментари.