Professional Documents
Culture Documents
ONE OF MY MAIN OBJECTIVES HERE IS TO ENSURE THAT THE SERVER INSTALLATION AND CONFIGURATIONS IS SO WELL EFFICIENT THAT MONITORING THE SERVER SHOULD BECOME AN EASY TASK IN TERMS OF THE SYSTEM. VARIOUS TECHNOLOGIES AND THIRD PARTY TOOLS ARE USED TO CONFIGURE A SUCCESSFUL LINUX SERVER, SO YOU HAVE TO MAKE SURE THAT THE SERVER IS CONNECTED TO THE INTERNET. ALSO, MAKE SURE TO INPUT YOUR APPROPRIATE CONSTRAINTS INSTEAD OF BLINDLY COPYING ALL THE CONSTRAINTS THAT I USE. BEFORE I GO FURTHUR WITH MY SERVER SETUP ID LIKE TO GIVE YOU A BRIEF OF MY HARDWARE SPECIFICATIONS. RAM 7.7 GiB (8 GiB) Processor Intel Xeon CPU 3.00 GhZ (0 1 2 3) Hard Disk 1727.0 GiB (2 TB) Ethernet ( dual NIC) each 1000Mb/s Operating System CEntOS (Community Enterprise Linux.) Version 6.3 Release Final Kernel 2.6.32-279.el6.x86_64 Gnome 2.28.2
GOOD ENOUGH FOR VIRTUALIZATION AND LOAD BALANCING ALSO GOOD FOR SCSI SERVER AND RESILENT STORAGE. I WOULD RECOMMEND YOU TO GET A MACHINE WITH THESE CONFIGURATIONS IF YOU NEED TO SETUP A SUCCESSFUL SERVER.
15-16
5.
58-61
11.
1.1
Installation
Let us begin with installation in the proper basic way. You can either use a centos DVD or boot from the USB. Now for the USB Method you will need :o UNetBootin o A Pen Drive of about 8 GB o At least one USB port or HUB working properly and free to use. Make the USB Drive bootable to CEntOS 6.3 if you have the CEntOS iso file. Or Insert the CEntOS 6.3 DVD1 on the DVD Drive. Insert Install media and restart Computer. After booting, following screen is shown, then Push Enter key. This is the section to check a media, Skip it if you don't need it. Click "Next" button to proceed. Select the language you'd like to use during the installation. Select the keyboard type you using. Select the type of storage. If you install CEntOS 6.3 to local HD, o Select 'Basic Storage Devices'. If you install to HD that is connected in storage network area or mainframe o Select the bottom. If your HD is new one and not formatted, following warning is shown, Click "Reinitialize all" if it's OK. Set a Hostname of your computer, Ive used (shriyaishost.com). Also modify the network settings. (IP-> 192.168.1.92). Set your time zone. (India +5:30 GMT). Set root user's password. Select installation type as follows, In My Case, select o "Use All Space" and check a box. o "Review and modify partitioning layout" to configure partitions manually. This is the section for changing partition layouts. I configure LVM partition layouts. o Set /boot, o /, o Swap, o /home. First, select "/" and Click "Edit" button. Reduce the volume size for "/" to make free areas. "Create" button, then following screen is shown, Select "LVM Logical Volume" and Click "Create".
1.2
Create an administrator user. [root@shriyaishost /]#useradd administrator [root@shriyaishost /]#passwd administrator. New UNIX password: ******** Retype new UNIX password: ******** Passwd: all authentication tokens updated successfully. Try to Login through the newly created user. [user1@shriyaishost Desktop]$su administrator password: [administrator@shriyaishost Desktop]$ Switch back to root. [administrator@shriyaishost /]$ su Password: [root@shriyaishost /]# Make a user (it's 'administrator' in my case) be only a user who can switch to root as an administration user. [root@shriyaishost /]#vim /etc/group #line 11: add user name Wheel: x: 10: root, administrator. [Esc] ->: wq! -> [Enter] [root@shriyaishost /]#vim /etc/pam.d/su #Uncomment the following line. Auth required pam_wheel.so use_uid. Configure that forwarding emails for root to administration user you set above. [root@shriyaishost /]#vim /etc/aliases # last line: uncomment and change to a user root: administrator [root@shriyaishost /]#newaliases If some firewalls are running in your LAN and iptables in the server is unnecessary, stop it. [root@shriyaishost /]#/etc/rc.d/init.d/iptables stop Iptables: Flushing firewall rules: [OK] Iptables: Setting chains to policy ACCEPT: filter [OK]
Hari Iyer (Red hat Certified System Administrator.)
# How to write destination host= (owner) command # makes sure with user 'administrator' [administrator@shriyaishost]$/sbin/shutdown -r now Shutdown: Need to be root
Hari Iyer (Red hat Certified System Administrator.)
[root@shriyaishost /]#/etc/rc.d/init.d/rsyslog restart Shutting down system logger: [OK] Starting system logger: [OK] The regular jobs are controlled by anacron by default on RHEL6 (Scientific Linux 6 or CEntOS 6 are the same). But anacron runs randomly in a day (at 3-22), so if you'd like to use cron and control jobs at a time, change like follows. But consider changing it if your server is virtualization environment. In virtual server, some virtual machines are running and if they execute regular jobs at a time all, the server will have many loading at a time. So it's necessary to change time on each machine by hand, or Keep anacron setting. [root@shriyaishost /]#yum -y install cronie-noanacron * There is a time setting of Cron in /etc/cron.d/dailyjobs. Remove anacron settings package, if you installed cron's setting. [root@shriyaishost /]#yum -y remove cronie-anacron
2.1
NTP Configuration.
Configure NTP server for time adjustment. [root@shriyaishost /]#yum y install ntp. [root@shriyaishost /]#vim /etc/ntp.conf # change servers for synchronization #server 0.rhel.pool.ntp.org #server 1.rhel.pool.ntp.org #server 2.rhel.pool.ntp.org server 2.in.pool.ntp.org server 0.asia.pool.ntp.org server 2.asia.pool.ntp.org [root@shriyaishost /]#/etc/rc.d/init.d/ntpd restart [root@shriyaishost /]#chkconfig ntpd on [root@shriyaishost /]#ntpq p
2.2
SSH Server.
10
Configure SSH Server. Before configuration, it's necessary to set config on routers that tcp packets to port 22 can pass through. [root@shriyaishost ~]#vi /etc/ssh/sshd_config #line 42: uncomment and change 'no' PermitRootLogin no #line 65: uncomment PermitEmptyPasswords no PasswordAuthentication yes [root@shriyaishost ~]# /etc/rc.d/init.d/sshd restart Stopping sshd: [OK] Starting sshd: [OK]
12
13
@ @
IN IN
; Network Hosts dns IN A 192.168.1.92 [root@shriyaishost ~]#vim sislinux.com.rev $TTL 1D $ORIGIN 1.168.192.in-addr.arpa. $TTL 84600 @ IN SOA dns.sislinux.com. root@sislinux.com. ( 123312 ; serial 1h ; refresh 2h ; retry 1w ; expire 1h) ; min cache NS dns.sislinux.com. A 192.168.1.92
@ @
IN IN
; Network Hosts 30 IN PTR dns.sislinux.com. [root@shriyaishost ~]#system-config-network search sislinux.com nameserver 192.168.1.92 nameserver 192.168.1.1 [root@shriyaishost ~]#/etc/rc.d/init.d/network restart [root@shriyaishost ~]#chgrp named sislinux.com.* [root@shriyaishost ~]#/etc/rc.d/init.d/named restart [root@shriyaishost ~]#chkconfig named on
15
install and configure DHCP [root@shriyaishost ~]# yum -y install dhcp [root@shriyaishost ~]# vi /etc/dhcp/dhcpd.conf # create new # specify domain name Option domain-name "sislinux.com"; # specify DNS's hostname or IP address option domain-name-servers shriyaishost.sislinux.com; # default lease time default-lease-time 600; # max lease time max-lease-time 7200; # this DHCP server to be declared valid authoritative; # specify network address and subnet mask subnet 10.0.0.0 netmask 255.255.255.0 { # specify the range of lease IP address range dynamic-bootp 10.0.0.200 10.0.0.254; # specify broadcast address option broadcast-address 10.0.0.255; # specify default gateway option routers 10.0.0.1; } [root@shriyaishost ~]# /etc/rc.d/init.d/dhcpd start Starting dhcpd: [OK] [root@shriyaishost ~]# chkconfig dhcpd on Configure on client. This example is on Windows 7 Click on start. In Search Programs and Files type in ncpa.cpl Right click on Local Area Connections. Click on properties. Select TCP/IP v4 and again click on properties. Change the IP Address, Subnet mask, Default Gateway, Primary DNS and
Secondary DNS.
16
17
18
ldapi:///
-f
username:
ldapi:///
-f
username:
ldapi:///
-f
username:
ldapi:///
-f
username:
21
IN MY CASE I HAVENT ADDED THE SCRIPT WHICH ADDS EXISTING USERS SO THE LDAP SERVER IS SIMPLY CREATED.
23
25
[root@shriyaishost]# vim /etc/httpd/conf.d/phpldapadmin.conf Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> Order Deny,Allow Deny from all Allow from 127.0.0.1 192.168.1.0/24 # IP address you allow Allow from: 1 </Directory> [root@shriyaishost]# /etc/rc.d/init.d/httpd restart Stopping httpd: [OK] Starting httpd: [OK]
6. Virtualization (KVM)
Installing KVM / QEMU [root@shriyaishost]# yum -y install qemu-kvm libvirt python-virtinst bridgeutils [root@shriyaishost ~]# modprobe kvm [root@shriyaishost ~]# modprobe kvm_intel # if AMD, "kvm_amd" [root@shriyaishost ~]# lsmod | grep kvm kvm_intel46589 0 kvm 292815 1 kvm_intel [root@shriyaishost ~]# /etc/rc.d/init.d/libvirtd start Starting libvirtd daemon: [OK] [root@shriyaishost ~]# chkconfig libvirtd on Configure Bridge networking for KVM virtual machine. Not performed by me personally. Yet it is preferred to be set up. Please do not ignore it. I am sorting down the Steps to do it. [root@shriyaishost ~]# cd /etc/sysconfig/network-scripts [root@shriyaishost network-scripts]# cp ifcfg-eth0 ifcfg-br0 [root@shriyaishost network-scripts]# vi ifcfg-br0 DEVICE=br0# change HWADDR=00:22:68:3D:82:88 ONBOOT=yes BOOTPROTO=none IPADDR=10.0.0.30 NETMASK=255.255.255.0 TYPE=Bridge# change GATEWAY=10.0.0.1 DNS1=10.0.0.30 IPV6INIT=no USERCTL=no [root@shriyaishost network-scripts]# vi ifcfg-eth0 DEVICE=eth0 HWADDR=00:22:68:3D:82:88 ONBOOT=yes BOOTPROTO=none IPADDR=10.0.0.30 NETMASK=255.255.255.0 TYPE=Ethernet GATEWAY=10.0.0.1
Hari Iyer (Red hat Certified System Administrator.)
26
27
I WILL ELABORATE THE COMMAND MODE OF KVM IN MY LAST PART OF THE BOOK. PLEASE KEEP A TRACK OF IT.
31
32
35
36
37
38
configure PERL [root@shriyaishost /]# vim /var/www/html/index.cgi #!/usr/local/bin/perl print "Content-type: text/html\n\n"; print "<html>\n<body>\n"; print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n"; print "CGI Test Page"; print "\n</div>\n"; print "</body>\n</html>\n"; [root@shriyaishost /]# chmod 705 /var/www/html/index.cgi
Install and configure PHP [root@shriyaishost /]# yum -y install php php-mbstring php-pear [root@shriyaishost /]# /etc/rc.d/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [root@shriyaishost /]# vi /var/www/html/index.php
Hari Iyer (Red hat Certified System Administrator.)
39
font-size: 40px; font-weight: bold; text-
Install and configure RUBY [root@shriyaishost /]# yum -y install ruby [root@shriyaishost /]#vim /etc/httpd/conf/httpd.conf # line 796: add extension for ruby script AddHandler cgi-script .cgi .pl .rb [root@shriyaishost /]# /etc/rc.d/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [root@shriyaishost /]# vi /var/www/html/index.rb #!/usr/bin/ruby print "Content-type: text/html\n\n" print "<html>\n<body>\n" print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n" print "Ruby Test Page<br />" print Time.now.strftime('%Y/%m/%d') print "\n</div>\n" print "</body>\n</html>\n" [root@shriyaishost /]# chmod 705 /var/www/html/index.rb
40
41
[hari.iyer@ /www ~]$mkdir public_html [hari.iyer@ /www ~]$chmod 711 /home/cent [hari.iyer@ /www ~]$chmod 755 /home/hari.iyer/public_html [hari.iyer@ /www ~]$cd public_html [hari.iyer@ /www public_html]$vi index.cgi #!/usr/local/bin/perl print "Content-type: text/html\n\n"; print "<html>\n<body>\n"; print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n"; print "Test Page ( /home/hari.iyer/public_html )"; print "\n</div>\n"; print "</body>\n</html>\n"; [hari.iyer@ /www public_html]$chmod 705 index.cgi
Configure virtual hostings. Following example is done as domain name [sislinux.com (root directory [/var/www/html])], virtual domain name [virtual.host (root directory [/home/hari.iyer/public_html])]. Before doing it, it's necessary to add new domain name in your DNS first. Configure httpd for Virtual Hostings. [root@shriyaishost ~]#vi /etc/httpd/conf/httpd.conf # Line 990: uncomment NameVirtualHost *:80 # At the last lines: (for original domain) <VirtualHost *:80> DocumentRoot /var/www/html
Hari Iyer (Red hat Certified System Administrator.)
42
Access to the test page that is for virtual domain, it's OK if possible. [hari.iyer@www ~]$vim ./public_html/index.cgi #!/usr/local/bin/perl print "Content-type: text/html\n\n"; print "<html>\n<body>\n"; print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n"; print "Virtual Host Test Page"; print "\n</div>\n"; print "</body>\n</html>\n"; [hari.iyer@www ~]$chmod 705 ./public_html/index.cgi\ SCREENSHOT NEXT PAGE --------------------------------------------
Configure WebDAV. [root@shriyaishost ~]#mkdir /home/security [root@shriyaishost ~]#chown apache. /home/security [root@shriyaishost ~]#chmod 770 /home/security [root@shriyaishost ~]#vim /etc/httpd/conf.d/webdav.conf Alias /share /home/security <Location /share> DAV On SSLRequireSSL Options None AuthType Basic AuthName WebDAV AuthUserFile /etc/httpd/conf/.htpasswd <LimitExcept GET OPTIONS> Order allow,deny Allow from 10.0.0. # IP address you allow Require valid-user </LimitExcept> </Location> [root@shriyaishost ~]#htpasswd -c /etc/httpd/conf/.htpasswd cent New password: # set password Re-type new password: # confirm Adding password for user cent [root@shriyaishost ~]#/etc/rc.d/init.d/httpd restart
Hari Iyer (Red hat Certified System Administrator.)
--prefix
47
>
SCREENSHOT 1
SCREENSHOT 2
SCREENSHOT 3
SCREENSHOT 4
<
53
54
Install ProFTPD [root@shriyaishost ~]#yum --enablerepo=epel -y install proftpd # install from EPEL [root@shriyaishost ~]#vim /etc/proftpd.conf # line 8: change to your hostname ServerName "www.sislinux.com" # line 10: change to your email address ServerAdmin xxx@sislinux.com # add near line 48 # get access log ExtendedLog /var/log/proftpd/access.log WRITE,READ default # get auth log ExtendedLog /var/log/proftpd/auth.log AUTH auth [root@shriyaishost ~]#vim /etc/ftpusers # add users you prohibit to FTP access
Hari Iyer (Red hat Certified System Administrator.)
58
Install PureFTPD [root@shriyaishost ~]#yum --enablerepo=epel -y install pure-ftpd # install from EPEL [root@shriyaishost ~]#vim /etc/pure-ftpd/pure-ftpd.conf # line 77: change (no Anonymous) NoAnonymous yes # line 143: uncomment UnixAuthentication yes [root@shriyaishost ~]#/etc/rc.d/init.d/pure-ftpd start Starting proftpd: [OK] [root@shriyaishost ~]#chkconfig pure-ftpd on
60
Install MySQL [root@shriyaishost ~]#yum -y install mysql-server [root@shriyaishost ~]#/etc/rc.d/init.d/mysqld start Initializing MySQL database: Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h www.sislinux.com password 'newpassword' Alternatively you can run: /usr/bin/mysql_secure_installation
61
63
64