Difference between revisions of "CentOS"
(→LAMP on CentOS) |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
==LAMP on CentOS== | ==LAMP on CentOS== | ||
| + | * Pre-CentOS 7: | ||
The following CLI one-liner will install and configure everything you need for a basic LAMP stack setup (including the [[iptables|firewall]]): | The following CLI one-liner will install and configure everything you need for a basic LAMP stack setup (including the [[iptables|firewall]]): | ||
sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php \ | sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php \ | ||
| Line 8: | Line 9: | ||
&& service httpd start && chkconfig httpd on && chkconfig mysqld on && \ | && service httpd start && chkconfig httpd on && chkconfig mysqld on && \ | ||
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save" | iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save" | ||
| + | |||
| + | * CentOS 7: | ||
| + | sudo yum install httpd mariadb-server mariadb php php-mysql php-fpm | ||
| + | sudo systemctl start httpd.service && sudo systemctl enable httpd.service | ||
| + | sudo systemctl start mariadb && sudo systemctl enable mariadb.service | ||
| + | sudo mysql_secure_installation | ||
| + | sudo systemctl restart httpd.service | ||
| + | |||
| + | # Firewall: | ||
| + | sudo firewall-cmd --permanent --zone=public --add-service=http | ||
| + | sudo firewall-cmd --permanent --zone=public --add-service=https | ||
| + | sudo firewall-cmd --reload | ||
| + | |||
| + | # Testing: | ||
| + | sudo vi /var/www/html/info.php # => <?php phpinfo(); ?> | ||
| + | curl -I <your-ip-address>/info.php | ||
| + | sudo rm /var/www/html/info.php | ||
==Packages to install== | ==Packages to install== | ||
| Line 33: | Line 51: | ||
:binutils (and all dependencies) | :binutils (and all dependencies) | ||
| − | ==Iptables | + | ==How to switch from FirewallD to Iptables on CentOS 7== |
Starting with RHEL 7 / CentOS 7, [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Migration_Planning_Guide/sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-Security_and_Access_Control.html firewalld was introduced] to manage [[iptables]]. As such, you will either need to use <code>`firewall-cmd`</code> commands or disable firewalld and enable iptables. | Starting with RHEL 7 / CentOS 7, [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Migration_Planning_Guide/sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-Security_and_Access_Control.html firewalld was introduced] to manage [[iptables]]. As such, you will either need to use <code>`firewall-cmd`</code> commands or disable firewalld and enable iptables. | ||
| − | If you prefer to use the classic iptables setup, you will first need to stop and mask the firewalld service: | + | If you prefer to use the classic iptables setup, you will first need to stop and mask the firewalld service (see: [[systemd]] for details): |
$ systemctl stop firewalld | $ systemctl stop firewalld | ||
| Line 61: | Line 79: | ||
-A INPUT -i lo -j ACCEPT | -A INPUT -i lo -j ACCEPT | ||
COMMIT | COMMIT | ||
| + | |||
| + | Save you iptables rules: | ||
| + | |||
| + | $ iptables-save > /etc/sysconfig/iptables | ||
If you are saving your rules in that <code>/etc/sysconfig/iptables</code> file, you will then need to run one of the following commands: | If you are saving your rules in that <code>/etc/sysconfig/iptables</code> file, you will then need to run one of the following commands: | ||
| Line 74: | Line 96: | ||
$ iptables -L | $ iptables -L | ||
| + | #~OR~ | ||
| + | $ iptables -nvL | ||
| + | |||
| + | If you have any NAT rules, you can view them with: | ||
| + | |||
| + | $ iptables -t nat -vL | ||
and that your server is listening on those ports you opened (22 and 80 in the above example): | and that your server is listening on those ports you opened (22 and 80 in the above example): | ||
| Line 84: | Line 112: | ||
If you reboot your server after the above, your iptables rules should be saved and loaded again. | If you reboot your server after the above, your iptables rules should be saved and loaded again. | ||
| + | |||
| + | ==Remove old/unneeded kernels== | ||
| + | |||
| + | It is sometimes necessary to remove old kernels, especially if you have a <code>/boot</code> partition running out of free space. The easiest (and safest) way to manually remove old/unneeded kernels is by using <code>[[yum]]</code>. | ||
| + | |||
| + | You can use <code>`yum list`</code> to find out what kernels are installed: | ||
| + | $ yum list kernel.* | ||
| + | kernel.x86_64 2.6.32-431.29.2.el6 @updates | ||
| + | kernel.x86_64 2.6.32-504.el6 @base | ||
| + | kernel.x86_64 2.6.32-504.8.1.el6 @updates | ||
| + | |||
| + | The above output shows that there are 3 kernels installed. It is a good practice to keep 3 to 5 kernels just in case a kernel update breaks something and you have to revert to an older version. | ||
| + | |||
| + | To remove the oldest version in the above kernel list, execute the following: | ||
| + | $ yum remove kernel-2.6.32-431.29.2.el6 | ||
| + | |||
| + | You can also use a <code>yum</code> plugin to keep a given number of kernels and automatically remove the older ones (e.g., always keep the latest 3 kernels). You can edit the <code>/etc/yum/pluginconf.d/installonlyn.conf</code> file (or create it if it does not exist) and add/change the following lines: | ||
| + | |||
| + | [main] | ||
| + | enabled=1 | ||
| + | # set the number of package versions to keep: | ||
| + | tokeep=3 | ||
| + | |||
| + | The "<code>enabled=1</code>" line enables the <code>yum</code> plugin. The next time you run a <code>`yum update`</code>, <code>yum</code> will automatically remove the older versions and keep the latest 3 (note: This plugin will never remove your current working kernel). If you would prefer to keep any and all previous kernels, simply change that line to "<code>tokeep=0</code>". | ||
==External links== | ==External links== | ||
Latest revision as of 00:00, 27 August 2016
CentOS (abbreviated from Community Enterprise Operating System) is a Linux distribution that attempts to provide a free, enterprise class, community-supported computing platform which aims to be 100% binary compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
Contents
LAMP on CentOS
- Pre-CentOS 7:
The following CLI one-liner will install and configure everything you need for a basic LAMP stack setup (including the firewall):
sudo sh -c "yum install httpd httpd-devel mysql mysql-server mysql-devel php \ php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml -y; \ service mysqld start && mysql_secure_installation && service mysqld restart \ && service httpd start && chkconfig httpd on && chkconfig mysqld on && \ iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /etc/init.d/iptables save"
- CentOS 7:
sudo yum install httpd mariadb-server mariadb php php-mysql php-fpm sudo systemctl start httpd.service && sudo systemctl enable httpd.service sudo systemctl start mariadb && sudo systemctl enable mariadb.service sudo mysql_secure_installation sudo systemctl restart httpd.service # Firewall: sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd --reload # Testing: sudo vi /var/www/html/info.php # => <?php phpinfo(); ?> curl -I <your-ip-address>/info.php sudo rm /var/www/html/info.php
Packages to install
- Install the "Development Tools":
yum groupinstall 'Development Tools' -y
These core development tools are required to compile software and build new rpms and including the following packages:
- autoconf
- bison
- gdb
- flex
- gcc (c/c++ compiler)
- gcc-c++ compiler
- redhat-rpm-config
- strace
- strace64
- rpm-build
- make
- automake
- pkgconfig
- gettext
- libtool
- binutils (and all dependencies)
How to switch from FirewallD to Iptables on CentOS 7
Starting with RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. As such, you will either need to use `firewall-cmd` commands or disable firewalld and enable iptables.
If you prefer to use the classic iptables setup, you will first need to stop and mask the firewalld service (see: systemd for details):
$ systemctl stop firewalld $ systemctl mask firewalld
Then, install the "iptables-services" package (if it is not already installed):
$ yum install iptables-services
Enable the service at boot-time:
$ systemctl enable iptables
You can now either add iptables rules from the CLI (e.g., `iptables -I INPUT ...`) or create/edit the /etc/sysconfig/iptables file to look something like the following (very basic with ports 22 and 80 open):
$ cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [214:43782] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT COMMIT
Save you iptables rules:
$ iptables-save > /etc/sysconfig/iptables
If you are saving your rules in that /etc/sysconfig/iptables file, you will then need to run one of the following commands:
$ service iptables restart # OR: $ systemctl restart iptables
Next, check that the iptables service is "active" with:
$ systemctl status iptables
Check your iptables rules with:
$ iptables -L #~OR~ $ iptables -nvL
If you have any NAT rules, you can view them with:
$ iptables -t nat -vL
and that your server is listening on those ports you opened (22 and 80 in the above example):
$ netstat -plant
and you can query the systemd journal for a "log" of the changes you made to the iptables service with:
$ journalctl -f -u iptables.service
If you reboot your server after the above, your iptables rules should be saved and loaded again.
Remove old/unneeded kernels
It is sometimes necessary to remove old kernels, especially if you have a /boot partition running out of free space. The easiest (and safest) way to manually remove old/unneeded kernels is by using yum.
You can use `yum list` to find out what kernels are installed:
$ yum list kernel.* kernel.x86_64 2.6.32-431.29.2.el6 @updates kernel.x86_64 2.6.32-504.el6 @base kernel.x86_64 2.6.32-504.8.1.el6 @updates
The above output shows that there are 3 kernels installed. It is a good practice to keep 3 to 5 kernels just in case a kernel update breaks something and you have to revert to an older version.
To remove the oldest version in the above kernel list, execute the following:
$ yum remove kernel-2.6.32-431.29.2.el6
You can also use a yum plugin to keep a given number of kernels and automatically remove the older ones (e.g., always keep the latest 3 kernels). You can edit the /etc/yum/pluginconf.d/installonlyn.conf file (or create it if it does not exist) and add/change the following lines:
[main] enabled=1 # set the number of package versions to keep: tokeep=3
The "enabled=1" line enables the yum plugin. The next time you run a `yum update`, yum will automatically remove the older versions and keep the latest 3 (note: This plugin will never remove your current working kernel). If you would prefer to keep any and all previous kernels, simply change that line to "tokeep=0".
