Skip to content

Instantly share code, notes, and snippets.

@blakerohde

blakerohde/CENTOS-SETUP-GUIDE.rst

Last active December 25, 2015 22:29
Show Gist options
  • Save blakerohde/7050009 to your computer and use it in GitHub Desktop.
Save blakerohde/7050009 to your computer and use it in GitHub Desktop.
Download ZIP
CentOS Server Setup
Raw
CENTOS-SETUP-GUIDE.rst

CentOS Server Setup

Initial Setup

  1. Change the default root password using # passwd.

  2. Copy firewall shell script and modify it accordingly. Run it.

  3. Setup SSH by editing /etc/ssh/sshd_config and adding/editing the following lines. Note each allowed SSH user must replace USERNAME1, USERNAME2, etc. below.

    Port SSH_PORT
PermitRootLogin no
UseDNS no
AllowUsers USERNAME1 USERNAME2

  4. Now restart the SSH service: # systemctl restart sshd.service and note any change in SSH ports for when you reconnect.

  5. Add desired users using # adduser USERNAME and set a default password # passwd USERNAME.

  6. Remove the default "Fedora cloud user" account using # userdel fedora -r.

  7. Allow users sudo permission by running # visudo and adding a USERNAME ALL=(ALL) ALL entry for each allowed USERNAME.

  8. Update the system: # yum update and # yum upgrade.

  9. Install some important packages: # yum group install "Development Tools", # yum install libxslt-devel libxml2-devel..

SSH Key Setup

On your local PC:

  1. Create a key:

    $ cd ~/.ssh
$ ssh-keygen -t rsa -f USERNAME_rsa
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/USERNAME_rsa

  2. Copy the public key to the server, eg. $ scp -P 7331 ~/.ssh/USERNAME_rsa.pub USERNAME@SERVER_ADDRESS:/home/USERNAME/.

  3. Ensure the correct SELinux contexts are set: $ restorecon -Rv ~/.ssh.

On the CentOS server:

  1. Append the public key to the profile's authorized_keys SSH file and set file permissions:

    $ cat USERNAME_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

  2. Ensure the correct SELinux contexts are set: $ restorecon -Rv ~/.ssh.

Rename Server Host

  1. Open /etc/sysconfig/network file and modify the HOSTNAME= value to match your FQDN host name: $ sudo vi /etc/sysconfig/network.
  2. Open /etc/hosts file and modify any line referencing the old HOSTNAME to point to the new HOSTNAME.
  3. Run the hostname command to see the current/old HOSTNAME and then run again with the first argument to set the new HOSTNAME: $ sudo hostname and $ sudo hostname NEW_HOSTNAME.
  4. Restart the networking service: $ sudo /etc/init.d/network restart.

Setup Apache HTTPD

  1. Install httpd: # yum install httpd httpd-itk mod_wsgi mod_ssl openssl.
  2. Start the service: # systemctl start httpd.service.
  3. Check the status: # systemctl status httpd.service -l.
  4. Open a web browser and point it to server's IP address.
  5. Enable automatic start of httpd at boot: # systemctl enable httpd.service.
  6. Copy vhosts.conf httpd config file to /etc/httpd/conf.d/ and restart httpd: # systemctl restart httpd.service.

Auto-mounting External Drive

  1. Find the device by its mount point: # fstab -l.
  2. Get the devices associated UUID: $ ls -l /dev/disk/by-uuid (this will allow you to plugin the device into any other port on the computer).
  3. Create the mount directory: # mkdir /mnt/rb1tb.
  4. Edit the fstab file: # vi /etc/fstab.
  5. Add the following line to the file: UUID=43d65df3-ad4e-447e-ac97-a992c1dbe427 /mnt/rb1tb ext4 defaults 1 1.

Configuration of Python

  1. Install easy_install: # yum install python-setuptools.
  2. Install pip: # easy_install pip.

Adding a Script to Cron

  1. Set your script to be executable: $ chmod 755 script.py.
  2. Create a symbolic link to the file in cron: $ ln -s /PATH/TO/script.py /etc/cron.hourly/.

Installing Git-Annex

NOTE 1: If you are using the steps below for your client computer with Fedora/CentOS/RHEL, it is recommended to replace the references to /usr/local/bin with $HOME/bin. Note also that if you do this, you do not need to run the associated command with sudo.

NOTE 2: If installing on a client computer with Fedora/CentOS/RHEL: skip step 5 and make sure $HOME/bin is in your PATH environment variable. If it isn't add export PATH=$PATH:$HOME/bin to ~/.bashrc and run $ source ~/.bashrc.

  1. Install dependencies via YUM: $ sudo yum install haskell-platform gnutls-devel libgsasl-devel libxml2-devel zlib-devel ghc-zlib-devel libidn-devel.
  2. Update cabal: $ cabal update.
  3. If needed, upgrade cabal: $ cabal install cabal-install.
  4. Install c2hs: $ sudo cabal install c2hs --bindir=/usr/local/bin/.
  5. Create symbolic link for c2hs within /usr/sbin so you can run it as sudo or root: $ sudo ln -s /usr/local/bin/c2hs /usr/sbin/.
  6. Finally, install git-annex: $ sudo cabal install git-annex --bindir=/usr/local/bin/.
  7. If you encounter any errors with the installation, with regards to the Glasgow Haskell Compiler (ghc) see below.

Error with ghc While Installing Git-Annex

You will have to compile the newest version by going to the website http://justhub.org/download (as recommended on http://www.haskell.org/platform/linux.html).

  1. Download the rpm for CentOS 6: $ wget http://sherkin.justhub.org/el6/RPMS/x86_64/justhub-release-2.0-4.0.el6.x86_64.rpm.
  2. Add the rpm to Yum: $ sudo -ivh justhub-release-2.0-4.0.el6.x86_64.rpm.
  3. Now install Haskell: $ sudo yum install haskell.
  4. You might have received an error about the existing compiler, remove it using: $ sudo yum remove [package(s)].

Setup Crontab

Users can be allowed to create cron jobs when their username is specified using the following:

  1. Move or delete the .deny file:

    $ sudo mv /etc/cron.deny /etc/cron.deny.NOT_USED

  2. Add usernames (one per line) to the .allow file to give users access to create cron jobs:

    $ sudo vi /etc/cron.allow
(add username, save, and exit the file)

  3. Specified users can now use the $ crontab -e command to specify their own cron jobs.

Allow User Boot Scripts

To allow users to run scripts when the server boots up, follow these steps:

  1. Give each user an executable boot.sh shell file in their home directory. The user can edit this file to add commands to be ran when the system boots.

  2. Open /etc/rc.local and add the following line for each user that has a boot.sh file. Replace USERNAME with their username.

    (su -c /home/USERNAME/boot.sh USERNAME) &

  3. The next time the server restarts each of the specified boot.sh scripts in rc.local will be run as the respective user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment