####Preface
These are my own instructions that I have decided to document as I have gone along. I have put them out there in case others may find them useful, but I make no guarantees on their accuracy, or even if any of it is a good idea! I am no linux/rabbitmq/redis/postgres/tomcat/etc expert, hence why I need these instructions. These are setups for what I needed at the time I wrote them, they may not be appropriate for you. If you have suggestions on how to improve any of this, or notice anything wrong, please let me know / fork the guide and make the changes.
When this guide was started Cent 6.3 was the latest version. I have since used the same instructions for 6.4 and 6.5 without issue. Just update any references to 6.3 to the latest version when you use this guide.
Be careful copying and pasting commands. Make sure before you do that none of the filenames or versions have changed since the guide was written. It is common for the filenames you use to be different from the ones stated in the guide.
I am also no markdown expert, so the formatting of this document is very much a work in progress.
##Other Sections in this Guide
- Python: https://gist.github.com/ryanguill/7928775
- Samba: https://gist.github.com/ryanguill/7928824
- RabbitMQ: https://gist.github.com/ryanguill/7928885
- Redis: https://gist.github.com/ryanguill/7928914
- PostgreSQL: https://gist.github.com/ryanguill/7928937
- httpd: https://gist.github.com/ryanguill/7928972
- tomcat: https://gist.github.com/ryanguill/7929048
- Adobe ColdFusion: https://gist.github.com/ryanguill/7929000
- Railo: https://gist.github.com/ryanguill/7929115
- GitBucket: https://gist.github.com/ryanguill/7929153
- Useful Commands: https://gist.github.com/ryanguill/7929177
##Initial installation
File: CentOS-6.3-x86_64-bin-DVD1.iso and CentOS-6.3-x86_64-bin-DVD2.iso
From Torrent: http://mirror.centos.org/centos/6.3/isos/x86_64/CentOS-6.3-x86_64-bin-DVD1to2.torrent
From URL: http://lists.centos.org/pipermail/centos-announce/2012-July/018706.html
general Linux commands to keep in mind here: https://gist.github.com/ryanguill/7929177
http://wiki.centos.org/HowTos/Virtualization/VirtualBox/CentOSguest
##Virtual Box
Name: cent6-tmpl
Type: Linux / Red Hat
1024 MB ram
create new virtual HD
VirtualBox Disk Image (VDI)
Dynamically Allocated
15GB
-before powering on machine, open settings, -system, -check extended feature: Enable IO APIC (because this is a 64 bit machine) -Network - Attached to Bridged adapter - fly out advanced options - Promiscuous Mode: Allow All
- double click to start
- pick DVD1 ISO
Welcome to CentOS 6.3!
- Install or upgrade an existing system
- Test Media: OK - just to ensure the ISO downloaded properly, although if you used a torrent you should be good
- If the test ejects the disk, reselect the disk1 from the icon at the bottom of the window and hit OK to continue
Select default options unless otherwise specified below
-
Hostname: cent6-tmpl
-
Click Configure Network
- Under Wired, click on System etho0
- Check box to connect automatically
- hit ok and get back to main wizard and hit next
-
Timezone: America/Chicago
-
Root Password: Batman - yes I know it is a poor password
-
Which type of installation?
-
Create Custom Layout
- create two partitions and a swap
-
| sda1 | 10240MB | / | ext4 (force to be primary) |
| sda2 | 1024MB | swap | |
| sda3 | 4095MB | /data | ext4 (fill to available space) |
Note: Information on how to resize partitions later on if you need it: http://www.ifusio.com/blog/resize-your-sda1-disk-of-your-vagrant-virtualbox-vm I will probably write these instructions out in this guide eventually.
-
Choose Basic Server as the install type
-
Switch to Customize Now
-
Base System
- Add Networking Tools
-
Development
- Add Additional Development
- Add Development Tools
-
Servers
- Add System administration tools
- Optional packages - install screen
- Add System administration tools
-
Let everything install ( go get coffee, this will take some time)
-
hit restart
-
Log in as root/batman
see if you have an IP address
# ifconfig
Ensure that the network is set up properly by running:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
The things to check are
BOOTPROTO="dhcp"
ONBOOT=yes
TYPE="Ethernet"
IPV6INIT=no
If any of those settings are not right, use vi to update and save, and then recycle the network adapter and make sure you get an IP address
# service network restart
If you want, take that IP address and add a DHCP reservation in your router. Add that IP address to your hosts file to the name cent6-tmpl.
now we can SSH from a terminal window/putty
# ssh root@cent6-tmpl
say yes to connect
first, update the locate database
# updatedb
this may take a few minutes the first time!
we need to add a normal user account to access the system with instead of root:
# useradd user
# passwd user
when prompted, enter batman as the password and confirm - yes I know it is a bad password
test the new account
# su user
you should now be user@cent6-tmpl
# su root
enter password and be back as root@cent6-tmpl
add the user to sudoers
# visudo
page down till you see
root ALL=(ALL) ALL
If you want user to have to put their password in when they use sudo, add a new line underneath (hit i to start inserting)
user ALL=(ALL) ALL
if you dont want to put a password in when using sudo as user, add this line
user ALL=NOPASSWD: ALL
hit escape to stop editing :x [enter] to save (lower-case x is important! make sure you aren't in caps lock)
test to make sure sudo works
# su user
# updatedb
you should receive an error
# sudo updatedb
depending on how you set up the sudo access above you may be prompted for a password, and probably a lecture too enter the password for user (batman) and the command should run
If everything works properly, we should log out of SSH as root, and log back in as user
# exit
now you should be back as root
# exit
now you should be back to terminal, or your putty session should close
# ssh user@cent6-tmpl
Now we should make sure that cent is up to date
# su -c 'yum update'
enter the root password to continue say y to any prompts (this may take some time! especially if you get a bad mirror! be patient!)
once finished, reboot the system
# sudo reboot
Clean-up installer cache
# yum clean all
To check your version of CentOS:
# cat /etc/redhat-release
##Add a script to show IP address without login
# sudo vi /etc/rc.local
Add this section before the touch /var/lock/subsys/local line:
sed -i_bak -e '/Addres/d' /etc/issue
IPADD=`/sbin/ifconfig | sed '/Bcast/!d' | awk '{print $2}'| awk '{print $2}' FS=":"`
then run the following:
echo "The IP Addres is: $IPADD" >> /etc/issue
echo "Today is \d \t @ \n" >> /etc/issue
##Send Notification of IP address when the server is up
Prowler is a service you can sign up for and with a $3 app you can use its api to send notifications to your phone. If you want, you can use this script to send a notification when your vm is up with the ip address that was configured.
Script for reference: https://gist.github.com/ryanguill/615924c496d23d9bf924/
You can use this script to send other messages as well if you want, the defaults are just set up to send the hostname and the ipaddress.
When you sign up with prowler, you can generate api keys, as many as you need. Generate one and replace XXXXX in the command below with your API Key:
# sudo curl -s https://gist.github.com/ryanguill/615924c496d23d9bf924/raw/ | sed 's/api_key_to_replace/XXXXX/g' >> ~/prowler-ip-address.sh && sudo mv ~/prowler-ip-address.sh /usr/bin/prowler-ip-address.sh && sudo chmod +x /usr/bin/prowler-ip-address.sh
Now you should be able to call that script and it will send a notification to your phone with the ip address and hostname of the server
# /usr/bin/prowler-ip-address.sh
To run that script at startup, edit your rc.local file:
# sudo vi /etc/rc.d/rc.local
Right before the last line that says touch /var/lock/subsys/local add the following line, save and exit
/usr/bin/prowler-ip-address.sh
Now if you reboot you should get a notification when the server comes up.
For lots of reasons, its a good idea if this is going to be a server you are going to have running all the time, or especially if it is going to be connected to the internet at large, to lock down SSH and take a few precautions.
These instructions are taken largely from here: http://wiki.centos.org/HowTos/Network/SecuringSSH
Disable root login through SSH
# vi /etc/ssh/sshd_config
Edit to make sure you have the following entries:
PermitRootLogin no
LoginGraceTime 30 #only allow 30 seconds to log in
MaxAuthTries 3 #only allow 3 tries to get the password right.
Make sure Protocol 1 is disabled (it should already be):
Protocol 2
Change the SSH port: (you can use any port you want over 1024. If you don't use 2333, make sure you use the same one everywhere 2333 is used in this document.)
Port 2333
Note: we have a few other steps to do to change this port and have it work completely.
Only allow certain users to login through SSH. Add the following line to the bottom of the file:
AllowUsers user
If you want to allow multiple users, separate them with a space.
Save and exit vi.
If you are still running selinux, we need to download a package that helps us manage it, and then change a setting to allow the new port through.
# yum -y install policycoreutils-python
Once thats complete you should now have semanage. Run the following to open up the new port. This may take a second.
# semanage port -a -t ssh_port_t -p tcp 2333
Add firewall holes
# vi /etc/sysconfig/iptables
Change the line that probably looks like this:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
to
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2333 -j ACCEPT
then restart the service
# service iptables restart
Note: if possible, you may also want to restrict only certain IP addresses or ranges to being able to connect over SSH. Refer to the guide at the top of this section for instructions on how to do this. You can also configure the iptables firewall to reject multiple attempts.
exit and re-login. remember that you can no longer log in as root, and you must change your client to use the new 2333 port.
Note: If you are trying to configure a production or otherwise important machine, also consider setting up public/private keys for SSH authentication. Its nice because it will save you a step on login (you don't need to enter a password any more) plus it is considerably more secure. Refer to the guide at the top of this section for more information.
##Samba
See this guide to set up samba: https://gist.github.com/ryanguill/7928824
##snapshot
Now is a good time to take a snapshot. You might want to clone from this machine to any other, more specific machine you may want to create.
right click on the server in virtualbox, clone
give the new server a name
check the box "Reinitialize the MAC address of all network cards"
Choose Full Clone
Choose Everything
It may take some time to make the clone, be patient.
Once you clone the server, there are a few things you will need to set up / change
Change the hostname
# su -
# vi /etc/sysconfig/network
update the mac addresses:
# vi /etc/udev/rules.d/70-persistent-net.rules
make the mac address of eth1 the mac of eth0 and remove eth1
copy that mac address to /etc/sysconfig/network-scripts/ifcfg-eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
Change / add the server name to the hosts file
# vi /etc/hosts
Add this line
127.0.0.1 cent6-<whatever> cent6-<whatever>.local
reboot to finish and save
# reboot
the ethernet should come up properly.
SSH to be sure.
Now we should make sure that cent is up to date
# su -c 'yum update'