Index: trunk/server/doc/install-howto.sh
===================================================================
--- trunk/server/doc/install-howto.sh	(revision 2214)
+++ trunk/server/doc/install-howto.sh	(revision 2246)
@@ -77,4 +77,7 @@
 #   XXX We should make Kickstart work for test servers too
 
+# Make sure selinux is disabled
+    selinuxenabled || echo "selinux not enabled"
+
 # Take updates, reboot if there's a kernel update.
     yum update -y
@@ -96,6 +99,12 @@
     \cp -a etc /
     chmod 0440 /etc/sudoers
+    grub2-mkconfig -o /boot/grub2/grub.cfg
 
 # [TEST] You'll need to fix some config now.  See bottom of document.
+
+# Stop /etc/resolv.conf from getting repeatedly overwritten by
+# purging DNS servers from ifcfg-eth0 and ifcfg-eth1
+    vim /etc/sysconfig/network-scripts/ifcfg-eth0
+    vim /etc/sysconfig/network-scripts/ifcfg-eth1
 
 # Make sure network is working.  Kickstart should have
@@ -246,5 +255,5 @@
     gem install $(gem list --no-version | grep -Fxvf - gem.txt)
     # Also, we need to install the old rails version
-    gem install -v=2.3.5 rails
+    gem install -v=2.3.14 rails
 # These are in /usr
 
@@ -340,15 +349,15 @@
     cat install-ldap
 
-# Enable lots of services
+# Enable lots of services (currently in /etc checkout)
     systemctl enable openafs-client.service
-    systemctl enable dirsrv.service
+    systemctl enable dirsrv.target
     systemctl enable nslcd.service
     systemctl enable nscd.service
     systemctl enable postfix.service
-    systemctl enable nrpe.service
+    systemctl enable nrpe.service # chkconfig'd
     systemctl enable httpd.service # not for [WIZARD]
 
     systemctl start openafs-client.service
-    systemctl start dirsrv.service
+    systemctl start dirsrv.target
     systemctl start nslcd.service
     systemctl start nscd.service
@@ -360,6 +369,5 @@
 # among others, 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's
 # not, you probably did a distro upgrade and should update
-# /etc/sysconfig/openafs (XXX this is wrong: figuring out new
-# systemd world order).
+# tokensys (server/common/oursrc/tokensys/scripts-afsagent-startup.in)
     fs sysname
 
@@ -374,4 +382,7 @@
 # (Note: this errors on XeTeX which is ok.)
     fmtutil-sys --all
+
+# Check for unwanted setuid/setgid binaries
+    find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list 
 
 # Fix etc by making sure none of our config files got overwritten