Difference between revisions of "CentOS"
(New page: '''CentOS''' (abbreviated from '''Community Enterprise Operating System''') is a Linux distribution that attempts to provide a free, enterprise class, community-supported computing pla...) |
(→LAMP on CentOS) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
'''CentOS''' (abbreviated from '''Community Enterprise Operating System''') is a [[Linux]] distribution that attempts to provide a free, enterprise class, community-supported computing platform which aims to be 100% binary compatible with its upstream source, Red Hat Enterprise Linux (RHEL). | '''CentOS''' (abbreviated from '''Community Enterprise Operating System''') is a [[Linux]] distribution that attempts to provide a free, enterprise class, community-supported computing platform which aims to be 100% binary compatible with its upstream source, Red Hat Enterprise Linux (RHEL). | ||
+ | |||
+ | ==LAMP on CentOS== | ||
+ | * Pre-CentOS 7: | ||
+ | The following CLI one-liner will install and configure everything you need for a basic LAMP stack setup (including the [[iptables|firewall]]): | ||
+ | sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php \ | ||
+ | php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml -y; \ | ||
+ | service mysqld start && mysql_secure_installation && service mysqld restart \ | ||
+ | && service httpd start && chkconfig httpd on && chkconfig mysqld on && \ | ||
+ | iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save" | ||
+ | |||
+ | * CentOS 7: | ||
+ | sudo yum install httpd mariadb-server mariadb php php-mysql php-fpm | ||
+ | sudo systemctl start httpd.service && sudo systemctl enable httpd.service | ||
+ | sudo systemctl start mariadb && sudo systemctl enable mariadb.service | ||
+ | sudo mysql_secure_installation | ||
+ | sudo systemctl restart httpd.service | ||
+ | |||
+ | # Firewall: | ||
+ | sudo firewall-cmd --permanent --zone=public --add-service=http | ||
+ | sudo firewall-cmd --permanent --zone=public --add-service=https | ||
+ | sudo firewall-cmd --reload | ||
+ | |||
+ | # Testing: | ||
+ | sudo vi /var/www/html/info.php # => <?php phpinfo(); ?> | ||
+ | curl -I <your-ip-address>/info.php | ||
+ | sudo rm /var/www/html/info.php | ||
==Packages to install== | ==Packages to install== | ||
Line 24: | Line 50: | ||
:libtool | :libtool | ||
:binutils (and all dependencies) | :binutils (and all dependencies) | ||
+ | |||
+ | ==How to switch from FirewallD to Iptables on CentOS 7== | ||
+ | Starting with RHEL 7 / CentOS 7, [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Migration_Planning_Guide/sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-Security_and_Access_Control.html firewalld was introduced] to manage [[iptables]]. As such, you will either need to use <code>`firewall-cmd`</code> commands or disable firewalld and enable iptables. | ||
+ | |||
+ | If you prefer to use the classic iptables setup, you will first need to stop and mask the firewalld service (see: [[systemd]] for details): | ||
+ | |||
+ | $ systemctl stop firewalld | ||
+ | $ systemctl mask firewalld | ||
+ | |||
+ | Then, install the "iptables-services" package (if it is not already installed): | ||
+ | |||
+ | $ yum install iptables-services | ||
+ | |||
+ | Enable the service at boot-time: | ||
+ | |||
+ | $ systemctl enable iptables | ||
+ | |||
+ | You can now either add iptables rules from the CLI (e.g., <code>`iptables -I INPUT ...`</code>) or create/edit the <code>/etc/sysconfig/iptables</code> file to look something like the following (very basic with ports 22 and 80 open): | ||
+ | |||
+ | $ cat /etc/sysconfig/iptables | ||
+ | *filter | ||
+ | :INPUT ACCEPT [0:0] | ||
+ | :FORWARD ACCEPT [0:0] | ||
+ | :OUTPUT ACCEPT [214:43782] | ||
+ | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
+ | -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | ||
+ | -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | ||
+ | -A INPUT -i lo -j ACCEPT | ||
+ | COMMIT | ||
+ | |||
+ | Save you iptables rules: | ||
+ | |||
+ | $ iptables-save > /etc/sysconfig/iptables | ||
+ | |||
+ | If you are saving your rules in that <code>/etc/sysconfig/iptables</code> file, you will then need to run one of the following commands: | ||
+ | |||
+ | $ service iptables restart # OR: | ||
+ | $ systemctl restart iptables | ||
+ | |||
+ | Next, check that the iptables service is "active" with: | ||
+ | |||
+ | $ systemctl status iptables | ||
+ | |||
+ | Check your iptables rules with: | ||
+ | |||
+ | $ iptables -L | ||
+ | #~OR~ | ||
+ | $ iptables -nvL | ||
+ | |||
+ | If you have any NAT rules, you can view them with: | ||
+ | |||
+ | $ iptables -t nat -vL | ||
+ | |||
+ | and that your server is listening on those ports you opened (22 and 80 in the above example): | ||
+ | |||
+ | $ netstat -plant | ||
+ | |||
+ | and you can query the systemd journal for a "log" of the changes you made to the iptables service with: | ||
+ | |||
+ | $ journalctl -f -u iptables.service | ||
+ | |||
+ | If you reboot your server after the above, your iptables rules should be saved and loaded again. | ||
+ | |||
+ | ==Remove old/unneeded kernels== | ||
+ | |||
+ | It is sometimes necessary to remove old kernels, especially if you have a <code>/boot</code> partition running out of free space. The easiest (and safest) way to manually remove old/unneeded kernels is by using <code>[[yum]]</code>. | ||
+ | |||
+ | You can use <code>`yum list`</code> to find out what kernels are installed: | ||
+ | $ yum list kernel.* | ||
+ | kernel.x86_64 2.6.32-431.29.2.el6 @updates | ||
+ | kernel.x86_64 2.6.32-504.el6 @base | ||
+ | kernel.x86_64 2.6.32-504.8.1.el6 @updates | ||
+ | |||
+ | The above output shows that there are 3 kernels installed. It is a good practice to keep 3 to 5 kernels just in case a kernel update breaks something and you have to revert to an older version. | ||
+ | |||
+ | To remove the oldest version in the above kernel list, execute the following: | ||
+ | $ yum remove kernel-2.6.32-431.29.2.el6 | ||
+ | |||
+ | You can also use a <code>yum</code> plugin to keep a given number of kernels and automatically remove the older ones (e.g., always keep the latest 3 kernels). You can edit the <code>/etc/yum/pluginconf.d/installonlyn.conf</code> file (or create it if it does not exist) and add/change the following lines: | ||
+ | |||
+ | [main] | ||
+ | enabled=1 | ||
+ | # set the number of package versions to keep: | ||
+ | tokeep=3 | ||
+ | |||
+ | The "<code>enabled=1</code>" line enables the <code>yum</code> plugin. The next time you run a <code>`yum update`</code>, <code>yum</code> will automatically remove the older versions and keep the latest 3 (note: This plugin will never remove your current working kernel). If you would prefer to keep any and all previous kernels, simply change that line to "<code>tokeep=0</code>". | ||
==External links== | ==External links== |
Latest revision as of 00:00, 27 August 2016
CentOS (abbreviated from Community Enterprise Operating System) is a Linux distribution that attempts to provide a free, enterprise class, community-supported computing platform which aims to be 100% binary compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
Contents
LAMP on CentOS
- Pre-CentOS 7:
The following CLI one-liner will install and configure everything you need for a basic LAMP stack setup (including the firewall):
sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php \ php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml -y; \ service mysqld start && mysql_secure_installation && service mysqld restart \ && service httpd start && chkconfig httpd on && chkconfig mysqld on && \ iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save"
- CentOS 7:
sudo yum install httpd mariadb-server mariadb php php-mysql php-fpm sudo systemctl start httpd.service && sudo systemctl enable httpd.service sudo systemctl start mariadb && sudo systemctl enable mariadb.service sudo mysql_secure_installation sudo systemctl restart httpd.service # Firewall: sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd --reload # Testing: sudo vi /var/www/html/info.php # => <?php phpinfo(); ?> curl -I <your-ip-address>/info.php sudo rm /var/www/html/info.php
Packages to install
- Install the "Development Tools":
yum groupinstall 'Development Tools' -y
These core development tools are required to compile software and build new rpms and including the following packages:
- autoconf
- bison
- gdb
- flex
- gcc (c/c++ compiler)
- gcc-c++ compiler
- redhat-rpm-config
- strace
- strace64
- rpm-build
- make
- automake
- pkgconfig
- gettext
- libtool
- binutils (and all dependencies)
How to switch from FirewallD to Iptables on CentOS 7
Starting with RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. As such, you will either need to use `firewall-cmd`
commands or disable firewalld and enable iptables.
If you prefer to use the classic iptables setup, you will first need to stop and mask the firewalld service (see: systemd for details):
$ systemctl stop firewalld $ systemctl mask firewalld
Then, install the "iptables-services" package (if it is not already installed):
$ yum install iptables-services
Enable the service at boot-time:
$ systemctl enable iptables
You can now either add iptables rules from the CLI (e.g., `iptables -I INPUT ...`
) or create/edit the /etc/sysconfig/iptables
file to look something like the following (very basic with ports 22 and 80 open):
$ cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [214:43782] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT COMMIT
Save you iptables rules:
$ iptables-save > /etc/sysconfig/iptables
If you are saving your rules in that /etc/sysconfig/iptables
file, you will then need to run one of the following commands:
$ service iptables restart # OR: $ systemctl restart iptables
Next, check that the iptables service is "active" with:
$ systemctl status iptables
Check your iptables rules with:
$ iptables -L #~OR~ $ iptables -nvL
If you have any NAT rules, you can view them with:
$ iptables -t nat -vL
and that your server is listening on those ports you opened (22 and 80 in the above example):
$ netstat -plant
and you can query the systemd journal for a "log" of the changes you made to the iptables service with:
$ journalctl -f -u iptables.service
If you reboot your server after the above, your iptables rules should be saved and loaded again.
Remove old/unneeded kernels
It is sometimes necessary to remove old kernels, especially if you have a /boot
partition running out of free space. The easiest (and safest) way to manually remove old/unneeded kernels is by using yum
.
You can use `yum list`
to find out what kernels are installed:
$ yum list kernel.* kernel.x86_64 2.6.32-431.29.2.el6 @updates kernel.x86_64 2.6.32-504.el6 @base kernel.x86_64 2.6.32-504.8.1.el6 @updates
The above output shows that there are 3 kernels installed. It is a good practice to keep 3 to 5 kernels just in case a kernel update breaks something and you have to revert to an older version.
To remove the oldest version in the above kernel list, execute the following:
$ yum remove kernel-2.6.32-431.29.2.el6
You can also use a yum
plugin to keep a given number of kernels and automatically remove the older ones (e.g., always keep the latest 3 kernels). You can edit the /etc/yum/pluginconf.d/installonlyn.conf
file (or create it if it does not exist) and add/change the following lines:
[main] enabled=1 # set the number of package versions to keep: tokeep=3
The "enabled=1
" line enables the yum
plugin. The next time you run a `yum update`
, yum
will automatically remove the older versions and keep the latest 3 (note: This plugin will never remove your current working kernel). If you would prefer to keep any and all previous kernels, simply change that line to "tokeep=0
".