(865) 584-3355

Apple Certified Macintosh Experts
Serving East Tennessee since 1994

Server Configuration

Starting from the minimal CentOS 7 distribution, there are a number of things which need to be done different to make the server useful, and not install a lot of things which we aren't using.

Set default editor to nano

I hate vi, as I can't use it without a cheat sheet, so let's set the default editor to nano.

As root: export EDITOR=/bin/nano

To start, let's follow the tecmint recipe

Start with this great article at tecmint: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation which takes you step-by-step through more than everything you will want to do (a good procedural checklist). We are skipping some of these items, so only do the steps indicated below.

2. Configure Network with Static IP Address

3. Set Hostname of Server

4. Update or Upgrade CentOS Minimal Install

6. Install Apache HTTP Server

The firewall instructions do not work. Use these instead:

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

7. Install PHP

If you require PHP7.1 instead of PHP5.4, install as follows:

Add the webtatic repos and PHP 7.1: 

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install mod_php71w php71w-common

If you intend to host Joomla 3.x, also install these PHP packages:

yum install php71w-bcmath php71w-devel php71w-gd php71w-intl php71w-mbstring php71w-mcrypt php71w-mysqlnd php71w-opcache php71w-pdo php71w-xml

Then restart Apache: sudo systemctl restart httpd

8. Install MariaDB Database

Do NOT allow the database service to be accessed through the firewall, unless explicitly required for mission.

Consider if the use of this server *requires* MySQL, as some applications specifically name target version of MySQL. If MySQL is required, follow the instructions at: https://devops.profitbricks.com/tutorials/install-mysql-on-centos-7

13. Install Nmap to Monitor Open Ports

15. Installing Wget

17. Installing Webmin

Use the instructions from the current distribution version web site at: http://www.webmin.com/rpm.html

Open port 10000:

firewall-cmd --permanent --zone=public --add-port=10000/tcp
sudo firewall-cmd --reload

22. Install and Configure sudo

Create non-root user using our "clientadmin" naming pattern for username.

adduser username
passwd username

then give all permissions using visudo per instructions

vi cheatsheet: http://www.lagmonster.org/docs/vi.html

24. Install Rootkit Hunter

After install, initialize the file change database: rkhunter --propupd

Keep in-mind that when updates are applied to the system, rkhunter will see this activity as possibly malicious and will warn you of these file changes. Check for root kits before applying updates. After applying updates, re-init the file database using the above command.

Set a cron job to check for root kits daily
crontab -e

In the editor paste-in: @daily /usr/bin/rkhunter

Then control-x to save and exit.

Set email address to receive reports
nano /etc/rkhunter.conf

Search for line containing: "MAIL-ON-WARNING" and change.

Add more goodies

Add network utilities

yum install bind-utils 

Setup NTP

To install automatic time checking: yum install ntp

Start and enable the service:

systemctl start ntpd.service
systemctl enable ntpd.service

To test: ntpstat

timedatectl status

See also: https://www.cyberciti.biz/faq/linux-unix-bsd-is-ntp-client-working/

Reference: https://www.tecmint.com/install-ntp-server-in-centos/

Install and secure PhpMyAdmin

https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-apache-on-a-centos-7-server

Ignore their instructions for IPs to require/allow. Instead in the first <Directory> block, insert lines after "Require ip 127.0.0.1" for the local and VPN subnets, ie.

       Require ip 192.168.xxx.0/22

Install backupdb

backupdb : A Rotating Backup Shell Script for MySQL and PostgreSQL

Command-line email for delivery of email alerts

yum install mailx

test:

echo blah | mail -s "test" This email address is being protected from spambots. You need JavaScript enabled to view it.

Install SSL certificates

scp {pathto/file} This email address is being protected from spambots. You need JavaScript enabled to view it.:/etc/httpd/ssl.d/.

Install VMware Tools

If you are using VMware, here are the ordinary instructions to install VMware Tools:

https://pubs.vmware.com/workstation-9/index.jsp?topic=%2Fcom.vmware.ws.using.doc%2FGUID-08BB9465-D40A-4E16-9E15-8C016CC8166F.html

HOWEVER, the VMware installer script recommends using Open VM Tools per this article.

Open VMware Tools provides the following:

  • Synchronization of the guest OS clock with the virtualization platform
  • Enables the virtual infrastructure to perform graceful power operations (shut down) and file system quiescing of the virtual machine
  • Provides a heartbeat from guest to the virtualization infrastructure to support vSphere High Availability (HA)
  • Publishes information about the guest OS to the virtualization platform, including resource utilization and networking information
  • It does NOT provide cut-n-paste between host and guest. If you need this and other useful features, see the optional open-vm-tools-desktop package, which depends on X.

Installation is easier than all the cdrom mount hoopla anyways: yum install open-vm-tools

Installing Joomla

Joomla system requirements

Install PostGre Relational Database

Follow the instructions at: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-centos-7

 

Cheat Sheet

The following commands are useful for day-to-day administration:

What IP address is being used?: ifconfig

List all services:

systemctl list-unit-files --type=service

systemctl restart httpd.service

systemctl start mariadb.service

firewall-cmd --zone=public --list-all

nmap 127.0.0.1

webmin: https://[local-ip]:10000

rkhunter -c -sk