CentOS
CentOS (abbreviated from Community Enterprise Operating System) is a Linux distribution that attempts to provide a free, enterprise class, community-supported computing platform which aims to be 100% binary compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
LAMP on CentOS
The following CLI one-liner will install and configure everything you need for a basic LAMP stack setup (including the firewall):
sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php \ php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml -y; \ service mysqld start && mysql_secure_installation && service mysqld restart \ && service httpd start && chkconfig httpd on && chkconfig mysqld on && \ iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save"
Packages to install
- Install the "Development Tools":
yum groupinstall 'Development Tools' -y
These core development tools are required to compile software and build new rpms and including the following packages:
- autoconf
- bison
- gdb
- flex
- gcc (c/c++ compiler)
- gcc-c++ compiler
- redhat-rpm-config
- strace
- strace64
- rpm-build
- make
- automake
- pkgconfig
- gettext
- libtool
- binutils (and all dependencies)
Iptables vs. firewalld
Starting with RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. As such, you will either need to use `firewall-cmd`
commands or disable firewalld and enable iptables.
If you prefer to use the classic iptables setup, you will first need to stop and mask the firewalld service:
$ systemctl stop firewalld $ systemctl mask firewalld
Then, install the "iptables-services" package (if it is not already installed):
$ yum install iptables-services
Enable the service at boot-time:
$ systemctl enable iptables
You can now either add iptables rules from the CLI (e.g., `iptables -I INPUT ...`
) or create/edit the /etc/sysconfig/iptables
file to look something like the following (very basic with ports 22 and 80 open):
$ cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [214:43782] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT COMMIT
If you are saving your rules in that /etc/sysconfig/iptables
file, you will then need to run one of the following commands:
$ service iptables restart # OR: $ systemctl restart iptables
Next, check that the iptables service is "active" with:
$ systemctl status iptables
Check your iptables rules with:
$ iptables -L
and that your server is listening on those ports you opened (22 and 80 in the above example):
$ netstat -plant
and you can query the systemd journal for a "log" of the changes you made to the iptables service with:
$ journalctl -f -u iptables.service
If you reboot your server after the above, your iptables rules should be saved and loaded again.