HOWTO CentOS 6.x Base Server Setup

Introduction

All of our servers will start with this install. This base server is based on CentOS 6.x. There have been some changes since my 5.x howtos.

Downloading the ISO

Visit the CentOS website and download the minimum install ISO. The filename is CentOS-6.7-i386-minimal.iso as an example for this howto.

Initial Install

Boot the install DVD.

The graphical install loads and we’re ready to go.

  • Choose your language and keyboard.
  • Choose “Basic Storage Device”. Then click next.
  • The first complaint it will have is about your hard drive. When it asks you about data click “Yes, discard any data”.
  • Enter a host name for the computer.
  • Click the configure network button. Make any changes you may have.
  • When done click next.
  • Choose your time zone.
  • set the root password.
  • Next select “Use All Space”.
  • Click next. Sit back and watch the install go.

First boot

Reboot the machine when the install finishes. The OS will boot. Log in.

Get everything updated.
> yum -y upgrade

Now install the base system.
> yum -y groupinstall core base

Now we need to disable selinux.
Edit /etc/selinux/config and change SELINUX=enforcing to SELINUX=disabled

Edit /boot/grub/grub.conf and add selinux=0 to the kernel line. Here’s an example grub file with the change.

 
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.23.1-42.fc8)
        root (hd0,0)
        kernel /vmlinuz-2.6.23.1-42.fc8 ro root=/dev/VolGroup00/LogVol00 selinux=0
        initrd /initrd-2.6.23.1-42.fc8.img

Now reboot the server.

The Second Boot – Installing Additional Packages

We need quite a few other packages. A change in this howto is that I’m installing RPMs reguardless if they were already installed by another dependency. This guards against RPM changes that could cause a package to not be installed.

We need to add and enable a few repositories first.

Type nano -w /etc/yum.repos.d/CentOS-Base.repo There are 2 lines in the file that say ‘enable=0’. Change the 0 to a 1

Lets add the rpmforge repo.
> cd /root
> wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
> rpm -Uhv rpmforge*

We need to enable the rpmforge extras repo. The section of the file below should have the enabled=0 changed to enabled=1
> nano -w /etc/yum.repos.d/rpmforge.repo

[rpmforge-extras]
name = RHEL $releasever - RPMforge.net - extras
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/extras
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-extras
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-extras
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

We need the webmin repo. Create webmin.repo with the text below.
> nano -w /etc/yum.repos.d/webmin.repo

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

And finally the EPEL repo.
> rpm -Uhv http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

We need to exclude a couple of RPMs that have version problems with the rpmforge repo. So lets edit the CentOS base repo
> nano -w /etc/yum.repos.d/CentOS-Base.repo

Add the following below the ‘base’ and ‘updates’ sections.

exclude=spamassassin*,perl-Compress-Raw-Zlib*,perl-Compress-Raw-Bzip2*

Now bring everything up to date.
> yum -y update

Install the following RPMs.
> yum -y install gcc gcc-c++ wget bison nano make createrepo screen libmcrypt proftpd caching-nameserver

Install mysql.
> yum -y groupinstall ‘MySQL Database client’ ‘MySQL Database server’

Install Apache and PHP.
> yum -y groupinstall ‘Web Server’ ‘PHP Support’
> yum -y install php-gd php-ncurses php-snmp php-mbstring php-mysql php-devel php-imap
> yum -y install php-odbc php-pear php-xml
> yum -y install php-xmlrpc php-dba php-pear-DB php-process php-pear-DB php-mcrypt

Now lets install webmin. We need SSL support in perl. Setup is easier if you get this installed before webmin.
> yum -y install perl-Net-SSLeay
> rpm –import http://www.webmin.com/jcameron-key.asc
> yum -y install webmin
> service webmin start

Now run setup and disable the firewall. I’m assuming that you are setting up the server behind a firewall. When everything is working then the firewall can be configured and turned on.
> setup

Webmin Configuration

Connct to the webmin server. Use the ip assigned to your server. An example URL would be https://192.168.2.2:10000
Now configure your server.

Installing phpMyAdmin

I prefer to phpMyAdmin to manage my MySQL databases.

If you haven’t already done so, start MySQL.
Its time to set the root password.
> /usr/bin/mysqladmin -u root password ‘thepassword’
> /usr/bin/mysqladmin -p -u root -h localhost.localdomain password ‘thepassword’

Now install phpMyAdmin. NOTE: there is a package called phpmyadmin. Don’t install it.
> yum -y install phpMyAdmin

You will need to add access to phpMyAdmin. By default only the local server can access it. Edit /etc/httpd/conf.d/phpmyadmin.conf to look like the following.

#
#  Web application to manage MySQL
#

<Directory "/usr/share/phpmyadmin">
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1
  Allow	from 192.168.
  Allow	from 10.
</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Restart Apache.
> service httpd restart

Now test it out.

Getting root’s and other’s mail

You need to get some local system user’s mail. We’ll use postfix’s virtual file to get the emails to the right place.

Add the following to /etc/postfix/virtual

root       admin@yourdomain.com
postmaster admin@yourdomain.com
abuse      admin@yourdomain.com

Now add the configuration option to main.cf
> postconf -e “virtual_alias_maps = hash:/etc/postfix/virtual”

Just a couple commands to wrap everything up.
> postmap /etc/postfix/virtual
> /etc/init.d/postfix restart

Securing tmp and shm

Unless you customized your partion layout we’ve got some work to do. The /tmp and /var/tmp directories need to be secured. We will do this by mounting a file as a loop device.

First lets start with shm. change the following line in /etc/fstab

tmpfs /dev/shm tmpfs defaults 0 0

to:

tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Remount shm.
> mount -o remount /dev/shm

Now for the tmp directories. We’ll be creating a 2gig sparse disk image.
> dd if=/dev/null of=/var/tmpfs.img bs=1 count=1 seek=2G
> /sbin/mkfs.ext3 /var/tmpfs.img

Now mount the /tmp and set permissions.
> mount -o loop,noexec,nosuid,rw /var/tmpfs.img /tmp
> chmod 1777 /tmp

Edit /etc/fstab and add the following:

/var/tmpfs.img /tmp ext3 loop,nosuid,noexec,rw 0 0

Now test the change.
> mount -o remount /tmp

Lets secure /var/tmp
> mv /var/tmp /var/vartmp
> ln -s /tmp /var/tmp

Reboot the system.

Moving Mysql’s Databases (Optional)

This covers moving Mysql’s database storage to a different location.

First we need to stop mysql if it is running. Type the following:
> service mysqld stop

Next copy the data to the new location and fix the ownership.
> cp -R /var/lib/mysql /home/
> mv /home/mysql /home/databases
> chown -R mysql:mysql /home/databases

Save the old databases directory.
> mv /var/lib/mysql/ /var/lib/mysql_old

Now we need to take care of the needs of some scripts that may not know the data has been moved.
> ln -s /home/databases/ /var/lib/mysql
> chown mysql:mysql /var/lib/mysql

Next edit /etc/my.cnf to look like the folloeing

[mysqld]
#datadir=/var/lib/mysql
#socket=/var/lib/mysql/mysql.sock
datadir=/home/databases
socket=/home/databases/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

Finally we can restart Mysql. Type the follwoing:
> service mysqld start

Notes On Cloning The Server in a Virtual Machine Enviroment

Some misc notes on using the base server.

No more network after cloning

Edit the following files:
/etc/udev/rules.d/70-persistant-net.rules
/etc/sysconfig/network-scripts/ifcfg-eth0

Final Settings

  • You may want to enable the linux firewall.
  • Set your timezone in /etc/php.ini

Conclusion

That’s it for the basic server setup. This is an example of a standard linux server setup. Be sure to use setup or webmin to set which services you want to start at boot time. See the other pages for info on configuring servers for virtual webhosting or virtual email hosting. Remember to configure the firewall on the server.

Leave a Reply

  Subscribe  
Notify of