Table of Contents

CentOS on SDF VPS

Contents

Basics

Upon logging in to your VPS for the first time, one of the first things you will want to do is change the default root password by typing passwd at the prompt. Don't forget this password as there is currently no way to recover it.

It is a good habit to create a regular user account for working, using su to obtain root privileges as needed. To create a regular user account: 

	useradd -Gwheel <username>

This user will be able to perform administrative tasks by runing su to obtain superuser privileges using the root password. CentOS ships with sudo installed, so adding the new user to wheel group and editing /etc/sudoers with visudo to uncoment the following line: 

	## Allows people in group wheel to run all commands
	%wheel  ALL=(ALL)       ALL

Networking

In your control panel at vps.sdf.org, note YOUR_IP (e.g. 192.94.73.255) on the top line, and YOUR_HOSTNAME (e.g. my).

Start your server, and log in via the console. (default= root:root)

Open /etc/sysconfig/network-scripts/ifcfg-eth0 in an editor and add the following, replacing the text YOUR_IP with your own actual IP number, add: 

	DEVICE=eth0
	BOOTPROTO=none
	IPADDR=YOUR_IP
	NETMASK=255.255.255.0
	GATEWAY=192.94.73.1
	ONBOOT=yes

Your MAC address could be in the eth0 script, but if you only have one network interface with only one IP assigned to it, this should be enough.

Change the next line in /etc/sysconfig/network: 

	HOSTNAME=my.host.name

Change hostname (FQDN and alias) in /etc/hosts so it reads like this: 

	127.0.0.1       localhost.localdomain localhost
	::1             localhost6.localdomain6 localhost6
	YOUR_IP   	my.host.name   my

You may need run the following commands in order the changes to take effect and to syslog starts logging events with the new hostname, also you should logout and login again after this: 

	/bin/hostname
	/sbin/service syslog restart
	/sbin/service network restart

Setting up SSH

You may wish to add ssh access to your VPS. It is highly recommended that you disable root login via ssh and use a normal user account to login. In CentOS the OpenSSH service is installed and enabled by default.

Disable root Login

Edit /etc/ssh/sshd_config and uncomment the line: 

	#PermitRootLogin yes

To: 

	PermitRootLogin no

Also you can raise the security level in OpenSSH a little bit by allowing only to certain users ssh access to your vps (eg. the user you have created before)

Add one line at the end of /etc/ssh/sshd_config like this: 

	AllowUsers username anotheruser

Now restart sshd by running/typing: 

	/sbin/service sshd restart

You can now test ssh by running ssh user@localhost.

Security

In CentOS SELinux is enabled by default, SDF's CentOS VPS has SELinux configured to run in permissive mode, so it will log any security problem but won't enforce any policy. If you are not familiar with SELinux I suggest you to leave it this way, you can learn more about SLinux in CentOS in the Deployment Guide

Besides TCP port 22, everything else is closed, so if you plan to run some service listening in a privileged port you will need to allow it. CentOS comes with configuration tool to manage iptables rules, run: 

	system-config-security

Using TAB key, navigate to Customize and press Enter then you can select some pre-configured rules for some popular services, you also can type in manually “Other ports” in the form of “service:protocol” as in the following example: 

                        [*] SSH                [ ] Telnet [ ] FTP
    Allow incoming:     [*] WWW (HTTP)         [ ] Samba  [ ] Mail (SMTP)
                        [ ] Secure WWW (HTTPS) [ ] NFS4
                        Other ports imap:tcp,465:tcp_________________

In the example, we have allowed ports 80, 143 and 465 to be able to reach from network.

Software Management

Yellow Dog Updater Modified (yum) is the default package manager used in CentOS ( all versions ). It is used to install and update packages from CentOS (and 3rd party) Repositories.

You can configure this repositoires in /etc/yum.repos.d, by default CentOS Base and CentOS Updates are enabled by default, SDF seems to be running [citation needed] default CentOS kernel, but to play safe I advise you to add the following line in /etc/yum.repos.d/CentOS-Base.repo once under sections [base] and [updates]: 

	exclude=kernel-PAE* kernel-debug* kernel-devel* kernel-doc* kernel-xen*

CentOS is aimed to be 100% binary compatible with RHEL, so it is very enterprise oriented and the best advise is to stick with pre-built packages.

Searching software

If you wanted to look for GNU Screen, you can search yum database by running: 

	yum search screen

yum will return a list of package names and descriptions matching the word used as parameter for search. CentOS has groups of packages available you can know what software groups are available for install as the software groups installed already. 

	yum grouplist

This command will return installed and available for install software groups.

Installed Groups in SDF VPS CentOS image:

  • DNS Name Server
  • Dialup Networking Support
  • Editors
  • FTP Server
  • Legacy Network Server
  • Mail Server
  • MySQL Database
  • Network Servers
  • News Server
  • Server Configuration Tools
  • System Tools
  • Text-based Internet
  • Web Server
  • Windows File Server
  • Yum Utilities

Installing software

If you want to install GNU screen as in the example above, you must run the following: 

	yum install screen

If you wish to install the development toolchain you can do it by running this command: 

	yum groupinstall "Development Tools"

Be aware that this can be a lot of stuff and you may run out of space in hard drive, so start by removing unused software groups (e.g., yum groupremove “Windows File Server”) and then move to install desired/needed software groups or standalone packages.

3rd party repos

Most needs could do it well with repositoires shiped by default CentOS, but there are other options like the CentOS Plus repository, shiped but disabled by default, since this repo contains items that actually upgrade certain base CentOS components. This repo will change CentOS so that it is not exactly like the upstream provider's content. Popular packages from this repository include: postfix with database support, a rebuilt kernel with additional drivers &amp; filesystem support, php5 and mysql5.

contrib is also a disabled default in CentOS. This repository contains packages contributed by CentOS users which do not overlap with any of the core distribution packages. These packages have not been tested by the CentOS developers and may not track the upstream version releases very closely.

To enable repositories temporarily, append –enablerepo=reponame before the command for yum, such as: 

	yum --enablerepo=centosplus --enablerepo=contrib search postfix

Other popular repos are RPMForge, this repository provides over 4000 packages for CentOS. Read the instructions on Installing RPMForge. This repository is considered by many in the community to be stable and safe.

EPEL, this repository (See http://fedoraproject.org/wiki/EPEL) provides rebuilds of Fedora packages for RedHat Enterprise Linux.

References