Setup Linux : CentOS
Initial setup after installing CentOS7.
Update packages
sudo yum -y update
Create admin user
Create unrooted user and configure its password.
useradd XXXXX
passwd XXXXX
passwd XXXXX
Add permission
Execute visudo command in order to add sudo permission to the admin user.
sudo visudo
Add below configuration.
XXXXX ALL=(ALL) ALL
Firewall
Open HTTP and HTTPS port.
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
If necesarry, close port #XXX.
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --remove-port=XXX/tcp
Then, reload updated configuration.
firewall-cmd --reload
Add repository
Add epel repository.
sudo yum -y install epel-release
Setup SSH
Setup SSH configuration.
vim /etc/ssh/sshd_config
Add below configuration to the file in order to restrict secure shell login for root user and enable password login on port #22.
PermitRootLogin no
PasswordAuthentication yes
Port 20
It is secure to disable password authentication. In this case a secret key file is used for login authentication instead of password.
PasswordAuthentication yes
Port 20
Then, restart ssh deamon.
sudo systemctl restart sshd
Setup docker
sudo yum -y install docker
Start docker daemon.
sudo systemctl start docker
sudo systemctl enable docker
Set execution privilege to user.
sudo systemctl enable docker
sudo groupadd docker
sudo gpasswd -a $USER docker
Get latest centos dokcer image.
sudo gpasswd -a $USER docker
docker pull centos:latest
Start docker container with docker run command with privilege and attach to the comtainer.
docker run --privileged -d --name 'conainer name' centos:latest /sbin/init
docker exec -it 'container name' /bin/bash
Save docker container as a image.
docker exec -it 'container name' /bin/bash
docker commit 'conainer id' 'repository name':'tag'
Construct web server (apache witn PHP7.2 + imagick and memcached)
Setup epel and remi repository.
yum -y install epel-release
yum install http://rpms.famillecollet.com/enterprise/remi-reloase-7.rpm
Pre-package installation.yum install http://rpms.famillecollet.com/enterprise/remi-reloase-7.rpm
Note that epel repository has to be set up before package installation.
yum install gcc* make
Install apache.
yum install httpd
Install PHP7.2 from remi repository.
yum install --enablerepo=remi-php72 php php-devel php-pear php-mbstring php-gd
Install PHP package for mysql if needed.
yum install --enablerepo=remi-php72 php-pdo php-mysqlnd
Install Imagick for PHP.Firstly, we need to look for imagemagick package that we want to install.
yum search imagemagick --show-duplicates --enablerepo=remi
Install imagemagick.
yum install ImageMagic7-7.0.8.15-1.el7.remi.x86_64 ImageMagic7-devel-7.0.8.15-1.el7.remi.x86_64 --enablerepo=remi
pecl install imagick
pecl install imagick
echo 'extension=imagick.so' >> /etc/php.ini
Install memchached and tokyotyrant client.
yum -y install libmemcached libmemcached-devel
pecl install memcached
pecl install memcached
echo 'extension=memcached.so' >> /etc/php.ini
Install SSL package.
yum -y install mod_ssl
Generate SSL certificate signed by let's encrypt
Install certbot.
yum -y install certbot python-certbot-apache
Generate cert file.
Note that apache has to be installed and HTTP port must open.
certbot certonly --webroot -w 'web root path' -d 'my domain'
Register auto certificate update with cron.
crontab -u root -encryption
Enter following configuration to run certificate update shell one time in a month.
#mi hr day mo yr commad
00 04 01 * * /home/user/updatecert.sh
In case of disabling certificate for domain.
00 04 01 * * /home/user/updatecert.sh
certbot revoke --cert-path=/etc/letsencrypt/live/'domain'/cert.pem
certbot delete --cert-name 'domain'
certbot delete --cert-name 'domain'
Set up Mysql
Install certbot.
rpm -ivh http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
yum -y install mysql-community-server
check initial password for root after installation.
yum -y install mysql-community-server
cat /var/log/mysqld.log | grep 'password'
Start secure installation using the passwod.
mysql_secure_installation
If you cannot find initial password from log file, you can reset root password.
echo '[mysqld]' >> /etc/my.cnf
echo 'skip-grant-tables' >> /etc/my.cnf
mysql -u root
>>use mysql;
>>update user set authentication_string=password('xxxxx') where user='root';
>>flush privileges;
You can set default encoding to UTF8.
echo 'skip-grant-tables' >> /etc/my.cnf
mysql -u root
>>use mysql;
>>update user set authentication_string=password('xxxxx') where user='root';
>>flush privileges;
echo '[mysqld]' >> /etc/my.cnf
echo 'character-set-server=utf8' >> /etc/my.cnf
echo '[mysql]' >> /etc/my.cnf
echo 'default-character-set=utf8' >> /etc/my.cnf
Create database user account and setup user's authority.
echo 'character-set-server=utf8' >> /etc/my.cnf
echo '[mysql]' >> /etc/my.cnf
echo 'default-character-set=utf8' >> /etc/my.cnf
mysql -u root -p
>>create user 'dbuser' identified by 'password';
>>grant all on *.* to 'dbuser'@localhost identified by 'password';
>>flush privileges
>>select user, host from mysql.user;
>>show grants for 'dbuser';
>>create user 'dbuser' identified by 'password';
>>grant all on *.* to 'dbuser'@localhost identified by 'password';
>>flush privileges
>>select user, host from mysql.user;
>>show grants for 'dbuser';
Memcached
Install memcached.
yum -y install memcached
Profile
I have technical job experience in enbedded software development and server side infrastructure/application engineering.
I'm interested in programming and computer security.
Objective
To write down my technical knowledge in the place where I can access from anywhere.
To share my program source code.
To train my writing skill.
New entries