Skip to content

Instantly share code, notes, and snippets.

@datacustodian

datacustodian/CentOS_Minimal_Post-Installation_Steps.md

Last active May 7, 2019 01:48
Show Gist options
  • Save datacustodian/ae7090a1e12c0a4a065fe57bf49e3889 to your computer and use it in GitHub Desktop.
Save datacustodian/ae7090a1e12c0a4a065fe57bf49e3889 to your computer and use it in GitHub Desktop.
Download ZIP
CentOS Minimal Post-Installation Steps
Raw
CentOS_Minimal_Post-Installation_Steps.md

CentOS Minimal Post-Installation Steps

CentOS Minimal Distro is a good starting point for deploying a bare-bones no-frills server. However, CentOS Minimal lacks some commonly used Linux packages. This guide covers a couple Linux packages that are nice to have in a server deployment.

All steps are optional.

For clarity and ease of use, we execute these commands as the root user.

Become Root User

su -

Edit network settings as needed

However, it is preferable to configure network settings during installation. Restart the server to verify the new network settings.

Update Pacakges

yum update

Commonly Used Packages

Install net-tools (ifconfig and other tools), bind-utils (nslookup and other tools), wget, rsync, yum-cron, epel-release, p7zip, screen.

yum install net-tools
yum install bind-utils
yum install wget
yum install rsync
yum install yum-cron
chkconfig yum-cron on
systemctl start yum-cron.service
yum install epel-release
yum install p7zip p7zip-plugins
yum install fdupes
yum install prename
yum install screen

NOTE: If you wish to work with RAR archives, you will need to compile and install from source. While Ubuntu and other distributions package the "free" archiving algorithms into p7zip-full and the "non-free" RAR archiving algorithm into p7zip-rar, CentOS and Fedora removed source code related RAR from standard repos. For details see:

https://sourceforge.net/p/sevenzip/discussion/45798/thread/dc2d0438/

If you need a Desktop environment (OPTIONAL)

# CentOS 7
yum group install "GNOME Desktop" "Graphical Adminitration Tools"

# RHEL 7 run the following instead
# yum groupinstall "Server with GUI"

ln -sf /lib/systemd/system/runlevel5.target
/etc/systemd/system/default.target
reboot

User Management

https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart

User operations on the username anotheruser:

adduser anotheruser
passwd anotheruser
# Grant sudo (OPTIONAL)
usermod -aG wheel username
# By default, on CentOS, members of the wheel group have sudo privileges.
# Require password change on next successful login
chage -d 0 anotheruser

Firewall

yum install firewalld
chkconfig firewalld on
systemctl start firewalld.service
firewall-cmd --list-all

Limit incoming connections to within a subnet

firewall-cmd --permanent --zone=public --add-source=192.168.0.0/24
firewall-cmd --reload

To remove the rule:

firewall-cmd --permanent --zone=public --remove-source=192.168.0.0/24
firewall-cmd --reload

Allow incoming connections to a specific port/protocol

firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8080/udp
firewall-cmd --reload

To remove the rules:

firewall-cmd --permanent --zone=public --remove-port=8080/tcp
firewall-cmd --permanent --zone=public --remove-port=8080/udp
firewall-cmd --reload

Time Synchronization

https://www.digitalocean.com/community/tutorials/how-to-configure-ntp-for-use-in-the-ntp-pool-project-on-centos-7

yum update
yum install ntp
chkconfig ntpd on
systemctl start ntpd
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload

nginx

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7

yum install nginx
chkconfig nginx on
systemctl start nginx
firewall-cmd --permanent --zone=public --add-service=http 
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
firewall-cmd --list-all

Default server root directory is /usr/share/nginx/html.

MariaDB

MariaDB is the drop-in replacement for MySQL, and it implements the same names for many MySQL command-line utilities.

Visit MariaDB's repository configuration wizard and follow instructions for your CentOS/RHEL version:

https://downloads.mariadb.org/mariadb/repositories/

There should not be a prior installation of MySQL/MariaDB for CentOS Minimal. However, it is important to remove any prior installation:

yum remove mariadb-server mariadb-libs

After the yum repo file is in place, run the follwoing commands:

yum install MariaDB-server MariaDB-client
chkconfig mariadb on
systemctl start mariadb
systemctl status mariadb
mysql_secure_installation
firewall-cmd --permanent --zone=public --add-service=mysql
firewall-cmd --reload
firewall-cmd --list-all

For both MySQL and MariaDB, it is recommended to set Unicode support as default for character set and collation variables. Among the available Unicode options, those with prefix utf8mb4 are recommended for most purposes. When you start a session logged in as an user with appropriate privileges, you can set default Unicode support options:

SET character_set_client = 'utf8mb4';
SET character_set_connection = 'utf8mb4';
SET character_set_database = 'utf8mb4';
SET character_set_results = 'utf8mb4';
SET character_set_server = 'utf8mb4';
SET collation_connection = 'utf8mb4_unicode_ci';
SET collation_database = 'utf8mb4_unicode_ci';
SET collation_server = 'utf8mb4_unicode_ci';

WARNING: Avoid changing values for character_set_filesystem, character_set_system, character_sets_dir variables without a good reason.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment