What powers a file serving environment? In this tutorial, we'll begin to learn the skills required to install an enterprise grade operating system and discover the power and simplicity that makes CentOS the robust and reliable solution trusted by professional throughout the world. No previous experience of this operating system is assumed and during this presentation we will build on the process of a 'basic server installation' in order to get you up and running in no time at all.
Before We Begin ...
...Some basic requirements and a few assumptions will be made.
- This tutorial is intended to be an introduction to CentOS during which we will build a typical server installation without a GUI. No prior knowledge or experience of this operating system is assumed but a basic familiarity with the console environment, downloading and burning a CD/DVD image are assumed.
- In this instance we will be concentrating on the 32bit version using IPv4 but unless otherwise stated you may assume the 64 bit version is similar with very little modification required (you may need to remove some 32bit applications). IPv6 will not be discussed.
- All administration tasks will be achieved directly via the console (or a secure shell environment) and you will be shown how to configure the operating system, partition your hard disks, install a file-sharing environment, manage users and maintain a firewall. Additional options (including Apache, PHP/Perl, Virtual Hosts, MySQL, BIND etc ... ) will be discussed in a future tutorial.
- CentOS will run on almost any hardware but for the purpose of this tutorial we will be using the computer system described below. Screenshots have been provided (where possible) to support the main body of text together with reasoning and related notes; and as I am from the UK you should be aware that my writing and examples will carry a harmless 'anglophile' bias.
- Throughout this tutorial I have used the text editor 'nano' due to its simplicity for new users but do change this to your preferred editor as and when required.
- This tutorial is considered to be a guide and there is no guarantee that a replication of the following instruction will work for you without making the necessary changes to suit your needs (i.e. computer name, user names, ip addresses etc ...) whilst performing additional steps (based on your network topology) that are beyond the scope of this document.
I hope that this tutorial proves to be useful. So let's get started!
The Example System
CentOS will work with virtually all common hardware and as you can see, the computer system I will be using throughout this tutorial is quite straightforward. :
- AMD 64bit Processor.
- Standard motherboard with a single network interface.
- 3GB RAM.
- 3 SATA Hard Disks (see below).
- Standard Router.
- Generic Mouse (only used during the installation process).
- Keyboard.
- Generic Display/Monitor.
As stated above, I will be using the 3 hard disks in the following manner.
Where the first two drives listed are integral to our general server configuration, drive 3 is considered to be optional and will not form part of the original installation. We will return to 'Drive 3' at a later time in this tutorial in order to illustrate one of the many ways you could expand your system at a later date and for this reason it should remain disconnected from the motherboard until required.
- Drive 1: 1 x 80GB
disk will be used for the system files (active, connect to the motherboard at start-up). - Drive 2: 1 x 500GB disk for the user files (active, connect to the motherboard at start-up).
- Drive 3: 1 x 500GB disk for backup (inactive, disconnect this drive until required).
Don't worry if your hard disks are different sizes or whether you are using old or new hardware or at this stage but if you wish to manage your CentOS installation remotely (or from your current desktop computer via a secure shell environment) then you may need to download and install Putty or similar software for use on your Windows-based desktop.
Download CentOS
First of all we want to download a copy of the CentOS 5 operating system.
So simply point your browser at http://isoredirect.centos.org/centos/5/isos/i386/, and download either:
- The single DVD package called
'CentOS-5.6-i386-bin-DVD.iso' or - The seven CD based packages called CentOS-5.6-i386-bin-1of7.iso, CentOS-5.6-i386-bin-2of7.iso, CentOS-5.6-i386-bin-3of7.iso, CentOS-5.6-i386-bin-4of7.iso, CentOS-5.6-i386-bin-5of7.iso, CentOS-5.6-i386-bin-6of7.iso, CentOS-5.6-i386-bin-7of7.iso
Do not mix and match the chosen installation media.
For the purpose of this tutorial I have downloaded a single DVD-Rom version called 'CentOS-5.6-i386-bin-DVD.iso'.
When you have finished downloading your chosen installation media simply burn the iso(s) to the relevant disc type (700MB CD or 4GB DVD), place the disk in your intended server and boot from the CD/DVD drive.
Go to Stage 1 to continue ...
Stage 1: Installation
A) Booting from the installation media.
We will install CentOS in graphical mode so press <ENTER> when you see the following screen:
The next screen will ask if you want to test the integrity of your installation media.
By using the (left and right) arrow keys to make your selection:
- Should you wish to test the integrity of your installation media, choose <OK>.
- If you do not wish to test the integrity of your installation media, choose <SKIP>.
- When ready, hit the <ENTER> key to proceed.
When writing this tutorial it was decided not to test the integrity of the installation media as this can take a substantial amount of time.
The welcome screen will now appear.
Using your mouse, choose <Next> to proceed:
Choose your language. Simply highlight your preference and choose <Next> to proceed:
On the next screen, as shown below use the same process to choose the appropriate keyboard settings for your system:
The next screen may vary so if neither of the following are applicable to your circumstances then simply jump to the next step. However,
- If you installing CentOS 5.6 on a fresh system (new hard disks), you may be asked to 'initialize the relevant drive(s)' so reply with a <Yes> when you are asked this question - "Would you like to initialize this drive, erasing ALL DATA?"
- If the installer detects an existing copy of CentOS then you will see the following screen. If you do, choose <Install CentOS> to proceed.
B) Partitioning your hard disks.
"A discussion about the benefits of LVM is beyond the scope of this tutorial but in simple terms, it is a technology that allows the administrator of any system to re-size, move and add new hard disks during the operational lifetime of a given computer system. There are many advantages to this approach, particularly in a larger networking environment as this gives you much more flexibility in allocating storage to applications and users without changing the entire system or build new. So the best thing to remember is, any decisions made now can be modified further down the road."
CentOS uses Logical Volume Management (LVM) by default. You can of course use more or less hard disks and vary this part of the tutorial substantially but for the purpose of this tutorial and based on the specification of the Example System (described above) my intention is to use two SATA-based hard disks in the following way: the installer has detected an 80GB primary SATA drive (sda) and a 500GB secondary SATA drive (sdb) and where the former will hold the 'root files, the latter will be used to store all 'home' files.
With this in mind I will now show you how to use Disk Druid to partition your disks.
Based on the screenshot below and given that CentOS is the only operating system on this computer, your choices are:
If you have multiple hard disks:
- In the first drop down list, select 'Remove linux partitions on selected drives and create default layout'.
- Make sure the boxes next to your hard disk(s) are checked (i.e sda & sdb).
- Check the box marked 'Review and modify partitioning layout'.
- Choose <Next> to proceed.
If you have a single hard disk only:
- Select 'Remove linux partitions on selected drives and create default layout' in the first drop down list.
- Make sure the boxes next to your hard disk(s) are checked (i.e sda & sdb)
- Do not mark the check box marked 'Review and modify partitioning layout' unless you want to override the default settings and customise your partitions.
- Choose <Next> to proceed and skip to the next section.
- If you have chosen not to 'Review and modify partitioning layout', then go to Section C (below).
- If you have chosen to 'Review and modify partitioning layout' and thus customise your partitions, then keep reading :-)
If your hard disks contain data you may see the following notice "Warning, You have chosen to remove all partitions (ALL DATA) on the following drives":
- If you do and you are happy to proceed , choose <YES> then click <NEXT> to proceed.
- If you do but you are not happy to proceed, choose <NO> and return to the previous step to make the necessary changes.
The next screen will now enable you to create your partitions, but don't worry, we will do this together, step by step. On the other hand, if you are confident that you know how to do this, then simply make your changes and jump to the next (section C).
As previously mentioned, CentOS uses LVM by default and my Example System is using two SATA based hard disks - an 80GB primary SATA drive and a 500GB secondary SATA drive. Identified by the device name as SDA and SDB respectively, where the former will be used to contain our system, the latter will be used to store all user based data.
With this in mind, from the following screenshot you will notice that the installer has already created the Logical Volume Group:
We will now rename this group to something more 'user friendly'.
Naturally, you may want to use different names than those suggested by this tutorial so please experiment as required (but stick to lower case alpha numerics and do not use spaces).
So as you can see from the following screenshot, (using your mouse) highlight the row labelled 'VolGroup00' and choose <EDIT> to proceed:
As the next screenshot illustrates, you will now be presented with a pop-up window called 'Edit LVM Volume Group: VolGroup00'.
So let's begin ...
- In the field titled 'Volume Group Name' - change this to 'MainGroup00' or something you prefer - i.e. vg_computername.
- Leave 'Physical Extent' alone. This value is automatically chosen by the installer and is usually a good estimate of your systems capabilities.
- As we want to use both hard disks make sure that both physical volumes are selected with a tick in the box next to the relevant device name.
"The values 'Used Space' and 'Total Space' simply shows a total of the 'Physical Volumes to Use' in MB whereas the use of '00' in our naming policy is only a numeric reference just in case you ever wanted to add a new LVM group at another time in the future. So you could always create a new LVM called MainGroup01 etc.. etc..."
Let's turn our attention to building the swap space.
"Swap space is used by the computer to assist RAM based operations. Linux divides your computers RAM into chucks of memory called pages. The action of 'swapping' describes a process in which a page of memory is freed from the physical RAM by copying it to a space on the hard disk called 'swap'. Based on this you will now realise that the combined sizes of both, the physical memory and the swap space is the amount of virtual memory available to your system. Technically speaking, you don't need to know how to calculate the value as CentOS will do that for you but for those who want to know (bearing in mind that there is no definitive rule) it is best to work on an estimate of your computers total (physical) RAM and multiplying it by a value between 1.7 and 2. Consequently a machine with 3GB RAM will have a swap space of between 5-6GB space, whereas a machine with 2GB RAM may require between 3-4GB space etc... etc..."
As shown in the following screenshot, we will customise our 'swap space' by selecting the row labelled 'LogVol01' and choose <EDIT> to proceed.
In response to this you will be presented with a new pop-up window called 'Edit Logical Volume: LogVol01' like so:
In the new pop-up window called 'Edit Logical Volume: LogVol01' simply:
- Modify the field titled 'Logical Volume Name' and change this to 'swap'.
- You can use the field titled 'Size (MB)' to adjust the size of the swap partition but the installer should have already picked the optimal size.
- Choose <OK> when complete.
Remember if you think you have made a mistake at any time, choose <Cancel> and repeat the previously described steps above.
Having finalised the above step you will notice that the Logical Volume Name 'swap' now appears in the window called 'Edit LVM Volume Group: VolGroup00' thereby giving us the chance to turn our attention to the other partitions and to complete our partitions
So let's recap:
- The Example System has two SATA hard disks with a total disk space of 553120MB - 1 x 80GB (identified as device name SDA) and 1 x 500GB (identified as device name SDB).
- It is intended that we want to place all the system files (including the swap space) on disk SDA (76192MB) whilst allowing the users to put their data on SDB (476928MB).
- The system files will be installed on my 'root partition'.
- We have just completed the steps required to create a 'swap' partition totalling 5056MB thereby leaving me with a system disk (SDA) size of 71136MB.
Calculated as 76192MB - 5056MB = 71136MB. - We now need to create the 'root' partition that will utilise the remaining space (71136MB) on device name SDA.
"If your hard disks are of a different size or order, simply vary the calculations I have made to create your own partitions"
To create the 'root' partition, simply:
- Select the row 'LogVol00' and choose <EDIT> to proceed.
You will now see a pop-up window called 'Edit Logical Volume: LogVol00':
From the screenshot below you will see the resulting pop-up window called 'Edit Logical Volume: LogVol00'.
Based on our calculations simply:
- Modify the field titled 'Logical Volume Name' and change this to 'root'.
- Change the field called 'Size (MB)' to a value representative of the remaining space on device name SDA. For the Example System we have previously calculated this as 71136MB (Total size of disk SDA - Swap Space = 71136MB).
- Choose <OK> when complete.
This will close the window called 'Edit Logical Volume: LogVol00'
On our return to the window called 'Edit LVM Volume Group: VolGroup00', you will notice we have
- A partition called 'swap' on device name SDA.
- A partition called 'root' on device name SDA.
- And 476928MB of space free for user data. For the Example System, this is the total disk space available for device name SDB.
Our user data will be installed on this free space, so let's finalise our partition scheme.
- From the logical volumes list, where you will find three buttons <ADD>, <EDIT>, <DELETE>.
- Choose <ADD>.
- As shown below you will be presented with a new window called 'Make Logical Volume'.
Fill in the details as shown below:
- For Mount Point, choose '/home' from the drop-down menu.
- For 'File System Type', choose 'ext3' from the drop-down menu.
- For the field 'Logical Volume Name', type 'home'.
- For the field 'Size (MB)', use a value equal to the remaining free space available. Based on our previous calculations this was 476928MB.
- Choose <OK> when complete.
Well done. We have now finalised our partition scheme and you should see something similar to the following screenshot. Remember, your values may be different depending on your disk size and preferred approach to naming your volumes etc ... etc ...
"As we know, over-sized log files can crash your server and the easiest solution to to avoid this scenario would be based on creating a a separate partition for VAR. 'Var' is where your log files are kept and depending on on the needs of your server (for additional security and performance) it could be worth considering the need to reduce the potential risk associated with malicious attacks that attempt to exploit the size of your log files. All you need to do is modify your calculations for your 'root' partition and create a new logical volume called VAR . As you have seen, it isn't a very complicated to use Disk Druid, so simply reserve some space from your 'root' partition (or use another hard disk) and vary the instruction given to create an isolated partition for VAR."
When you are ready, choose <NEXT> to proceed.
Nearly done ...
To finalise our partitioning you will now be asked where we should install the 'GRUB' boot loader; and looking at the screenshot below the installer would have already set the correct values automatically.
Choose <NEXT> to proceed.
C) Network Settings
The partitions are set and you will be asked to confirm your networking choices.
Remember, if you are intending to the system as a server, then you should not use DHCP.
So simply choose the <EDIT> button to proceed.
As you can see from the following screenshot. Simply complete the pop-up window titled 'Edit Interface' with your required values but remember to deselect 'Enable IPv6 support' if it is not required:
"You can populate the 'Manual Configuration' by simply checking the 'Dynamic IP configuration (DHCP)', un-checking 'Enable IPv6 support', and by giving your network card a static IP address. As an example, a typical IP address would be 192.168.1.100 and the required subnet mask for this value would be 255.255.255.0"
Choose <OK> when complete:
Returning to our previous screen you will now need to supply the following information but because CentOS can be used as both, a server or desktop we will re-visit them later on this tutorial to ensure that everything is correct. So any decisions made now can be modified later-on:
- Hostname - i.e servername.serverdomain.lan or server1.server.com etc ...
- Gateway - the IP address of your router.
- Primary DNS - typically this could be the IP address of your primary DNS server.
- Secondary DNS - typically this could be the IP address of your secondary DNS server.
"Remember, the actual values you choose are dependant on your networking conditions and purpose. If you are on the world-wide web a hosting provider should supply this information, but for a local 'home or office server' that does not run independent DNS servers you could use those values shown below by completing it with a secondary DNS equal to your routers IP address. For those who want a local server (home or office) to be accessible to the world-wide web, you will need a static IP address or a dynamic DNS hosting service with appropriate access to the relevant ports."
Choose <NEXT> to finalise this process:
D) Time Zone/Location & Setting Your Root Password
Select your time zone/location using the interactive map or drop-down list; but as stated above, because CentOS can be used as both, a server or desktop we will re-visit them later on this tutorial to ensure that everything is correct. So any decisions made now can be modified later-on:
Choose <NEXT> to proceed:
And finally, elect an appropriate password for the root user and choose <NEXT> to proceed:
F) Package Selection & Install
As the Example System is to concentrate purely on a server based role, in this tutorial we will not be installing a desktop GUI. For this reason our initial software choices are going to be minimal.
- As shown in the screenshot below, clear all the check boxes in the software selection area.
- Then check 'Customize now', and click on <Next> to proceed.
Having chosen to customise our installation we will be able to pick what packages we need.
From the following screenshot you will notice that a list of categories can be seen in the left-hand column with a subsequent list of related package groups (particular to each category) in the right-hand column.
As shown in the screenshot below choose the DEVELOPMENT category and mark the individual check boxes for both:
- Development Libraries.
- Development Tools.
Now choose the BASE SYSTEM category and unless you need it, clear the individual check box for
- Dialup Networking Support.
And finally, if necessary, choose the LANGUAGES category and mark the individual check box for your preferred language.
This will complete our package selection.
So when you are ready, choose <NEXT> to continue:
As you can see from the following screenshot the installer will now want to qualify our dependencies for the desired packages.
On completion of this process the installer will confirm that it is ready to go.
Choose <NEXT> to proceed.
During the following few minutes the installer will begin to:
- Format the hard drives and then
- Install the system and selected software packages.
"If you are using a CD as your installation media of choice you may need to change discs when prompted."
Finally, when the installation is complete you will be asked to remove your installation media from the computer and reboot.
When you are ready, choose <REBOOT> to proceed.
Step 2: Configuration
First Boot
If the installation has gone well, after a brief re-start you will be presented with the'Setup Agent' and from this point onwards you will be working in console mode. Your opportunity to use a secure shell environment will be apparent shortly but for purpose of this tutorial we will refer to this initial phase as the 'first boot'.
From the screenshot found below it is noticeable that the'Setup Agent' allows us to access and configure many elements of the operating system. We will return to these features later but as this stage we are only concerned with the process of activating the systems Firewall.
To do this we will:
- Use the (up/down) arrow keys to choose 'Firewall configuration'.
- Use the TAB key to activate the red buttons, choose 'Run Tool' with the (left/right) arrow keys and hit the <RETURN> key to proceed.
By using the arrow keys and as shown in the screenshot below we will now disable SELinux and enable our Firewall.
To do this we will:
- Make sure the 'Security Level' is set to 'Enabled' by toggling a star symbol with the <SPACE BAR>.
- TAB down to 'SELinux' and use the arrow keys to select 'DISABLED'.
- TAB down to the red buttons and use the arrow keys to choose 'Customize'.
- Hit the <RETURN> key to proceed.
"SELinux or Security Enhanced Linux was originally developed by the NSA to provide hardened security policies that can even affect the administrator of the system. As a result, SELinux is not only considered to be a very big subject, but for the same reason it is generally accepted that most administrators will disable it (particularly if you intend to install other applications). So don't worry, we are only following convention and if you intend to master and use SELinux at a later date you can always access this screen at any time by typing 'setup' at the command prompt."
Our intention is to open a select number of firewall ports, and so, by using the arrow keys, simply highlight the relevant ports and mark them as active by using the <SPACE BAR> to toggle a star symbol in the following areas:
- SSH
- Telnet (if required)
- Samba
Please use the following screen shot as a guide and feel free to open any additional ports you may require.
For example, in 'Other Ports' you could type 'mysql:tcp domain:udp' to open MySQL and BIND on ports 3306 and 53 respectively.
When complete, use the TAB key to highlight <OK> and hit the <RETURN> key to confirm and exit this screen.
And as the screenshot found below indicates, by using the TAB key to highlight the <Exit> button you may leave the 'Setup Agent'.
When selected, hit the <RETURN> key to proceed.
As the following screenshot now indicates, the 'Setup Agent' will now close and you will be given access to the console.
At the command prompt, login as 'root' to proceed:
Some basic commands
Before we reboot our computer to activate the security features we have just applied let's take this opportunity to make a few tweaks to some basic functions.
To read any file, use the following command at any time throughout this tutorial:
# cat /etc/redhat-release
To make a back-up of any file, use the following command at any time throughout this tutorial:
# cp /path/to/file/filename /path/to/file/filename.bak
To read any file, use the following command at any time throughout this tutorial:
# cat /etc/redhat-release
To edit any file in the text editor , use the following command (choosing Nano or VI) at any time throughout this tutorial:
# nano /path/to/file/filename # vi /path/to/file/filename
To see how much RAM is being used, use the following command at any time throughout this tutorial:
# free -m
For the Example System, this command responds with:
total used free shared buffers cached
Mem: 3042 179 2862 0 13 125
-/+ buffers/cache: 40 3001
Swap: 5055 0 5055
The above simply tells us that the computer is running 3042MB physical RAM and is currently wanting to use a maximum value of 179MB RAM. Otherwise, to see how much disk space is being used, use the following command at any time throughout this tutorial:
# df -h
For the Example System, this command responds with:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/MainGroup00-root
68G 1.6G 63G 3% /
/dev/sda1 99M 12M 82M 13% /boot
/dev/mapper/MainGroup00-home
452G 199M 428G 1% /home
tmpfs 1.5G 0 1.5G 0% /dev/shm
To review your LVM setup, use the following command at any time throughout this tutorial:
# display lvm
For the Example System, this command responds with:
--- Logical volume --- LV Name /dev/MainGroup00/root VG Name MainGroup00 LV UUID aJU9Sn-so0H-7jf9-isgn-vB7s-7UQX-AE9YUZ LV Write Access read/write LV Status available # open 1 LV Size 69.47 GB Current LE 2223 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0 --- Logical volume --- LV Name /dev/MainGroup00/home VG Name MainGroup00 LV UUID U09DT7-ugDl-6l1b-FfYt-Ycux-SOvQ-y3S8AT LV Write Access read/write LV Status available # open 1 LV Size 465.75 GB Current LE 14904 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:1 --- Logical volume --- LV Name /dev/MainGroup00/swap VG Name MainGroup00 LV UUID aQhQS0-yGEi-ZxAY-DgQu-TXeo-U1oe-2SxQ1d LV Write Access read/write LV Status available # open 1 LV Size 4.94 GB Current LE 158 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:2
Manage your Firewall
To check your Firewall, otherwise referred to as IPTables, use the following command at any time throughout this tutorial:
iptables -L
For the Example System, this command responds with:
Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
"IPTables run in a sequence, so when editing your IPTable rules make sure that the important stuff is near the top of the page."
To edit your Firewall (IPTables) at the command prompt type:
# nano /etc/sysconfig/iptables
Example 1: To reduce the ferocity of SSH attacks with iptables, add the following to your rules:
-A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
This will force a visitor or bot to wait 60 seconds before they are allowed to try again after having failed 4 login attempts.
Example 2: To allow only a specific IP addresses to connect to SSH (where XXX.XXX.XXX.XXX is the IP address concerned), add the following to your rules:
-A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT
Example 3: To block a specific IP addresses (where XXX.XXX.XXX.XXX is the IP address concerned), add the following to your rules:
-A INPUT -s XXX.XXX.XXX.XXX -j DROP
Remember, if you have made any changes to your IPTables, always save/close the file and then restart the service by typing:
# /sbin/service iptables restart
Set LVM Filters (optional)
In many respects this is entirely optional and only needs to be referred to if you would like to remove your CD-Rom from the LVM boot routine. Should you wish to do this you will need to complete the following tasks.
At the command prompt type:
# nano /etc/lvm/lvm.conf
Find and comment the following lines like so:
# By default we accept every block device: # filter = [ "a/.*/" ]
And add the following line instead:
filter = [ "a/.*/", "r|/dev/cdrom|" ]
So it looks like:
# By default we accept every block device: # filter = [ "a/.*/" ] filter = [ "a/.*/", "r|/dev/cdrom|" ]
Then close and save the file. And now type:
# nano /etc/lvm/cache/.cache
And delete any reference to the device named 'hda'. Then close and save the file.
Log File Configuration (optional)
For most people the standard log file rotation scheme will be enough, but let's say you want your logs to rotate on a daily basis for 30 days (compressing the old logs). To do this, simply open up the following file and make the necessary changes:
# rotate log files weekly daily # keep 4 weeks worth of backlogs rotate 30 # uncomment this if you want your log files compressed compress
Background Services
CentOS, like all operating systems runs background services. Some of them are important whereas many others are obviously not necessary and simply waste resources. So with this in mind lets take a few moments to switch on or off the following services, by doing this we will stop these services from starting-up at the next reboot..
To proceed simply copy/paste or type the following command into your console - one line at a new time.
# chkconfig bluetooth off
You should have typed "chkconfig bluetooth off", and as a result you will see something similar to the following in your console window:
# chkconfig bluetooth off [root@yourcomputer ~]#
Congratulations, and as a consequence of this you have now switched off the blue tooth service which will save a lot of resources.
Now, let's complete this routine and make sure the following services are turned off. Like before we will simply copy/paste or type the following commands into your console - one line at a new time. In this example I will be switching off IP6TABLES (IPv6 Firewall) as the system we are building will not be using them.
To proceed, type these commands one line at a time:
# chkconfig hidd off # chkconfig apmd off # chkconfig ip6tables off # chkconfig firstboot off # chkconfig apmd off # chkconfig cpuspeed off # chkconfig netfs off # chkconfig nfslock off # chkconfig portmap off # chkconfig rpcgssd off # chkconfig rpcidmapd off # chkconfig mdmonitor off
And now, let's make sure the following services are turned on:
# chkconfig saslauthd on # chkconfig iptables on
And finally, to check which services are running, use the following command at any time throughout this tutorial:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort
So, let's reboot the computer so that changes to can be applied.
# reboot
Networking - Part 1
The networking capabilities of your server are essential, and even though we configured these during the installation process we need to make a final visit to make sure that they are running perfectly and that we remove any excess resources they do not need.
RHEL based servers generally keep all the networking files in '/etc/sysconfig/' where you will find subsequent folders such as '/etc/sysconfig/network-scripts/' and '/etc/sysconfig/networking/'. We will restrict our attention to the first two, but before we begin and just to be on the safe side it is always a good idea to make a 'backup' of these files. So, as described above, we shall use the copy command to replicate these files in an easy to remember backup format (notice the .bak extension).
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.bak
Consequently, if you ever make a mistake can simply call the following command to restore your original file.
# cp /etc/sysconfig/network-scripts/ifcfg-eth0.bak /etc/sysconfig/network-scripts/ifcfg-eth0
So let's begin ...
The example server for this tutorial features a single ethernet connection known as 'ifcfg-eth0'. So let's open that file in our favourite text editor like so:
# nano /etc/sysconfig/network-scripts/ifcfg-eth0
And if your server is using the suggested 192.168.1 addressing schema you will want to finalise the settings so they look similar to the following but remembering to change the network values in order to match your own settings:
# The name of your ethernet device may be stated here ... DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.1.255 HWADDR=00:17:31:B2:80:99 #(do not change this value from your original) IPADDR=192.168.1.100 NETMASK=255.255.255.0 NETWORK=192.168.1.0 ONBOOT=yes
For example, the IPADDR and HWADDR lines should reflect the chosen IP address you wish to use for this server whereas the latter should show the same MAC address as was originally found. Should you ever make a mistake and lose your network card's MAC address, simply type the following in to the console (ignoring the hash):
# /sbin/ifconfig | grep -i hwaddr
Which should respond with something as follows:
eth0 Link encap:Ethernet HWaddr 00:17:31:B2:80:99
The sequence of hexadecimal digits that appears to the right of eth0 HWAddr (i.e. 00:17:31:B2:80:99) is your network card's MAC Address.
Add a second IP address to eth0 (optional)
This section is optional and need only be used by those who need more than one IP address on a single interface. If you only need a single IP address then simply skip this section and go to Networking - Part 2.
As described above, if we assume our primary network interface is configured correctly we will need to copy these settings to a new, virtual network interface called 'eth0:0' like so:
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
And if your original IP address is 192.168.1.100 you will want to finalise the settings in our virtual interface so it looks similar to the following:
# The name of your ethernet device may be stated here ... DEVICE=eth0:0 BOOTPROTO=static BROADCAST=192.168.1.255 IPADDR=192.168.1.101 NETMASK=255.255.255.0 NETWORK=192.168.1.0 ONBOOT=yes
As you can see, we have removed the HWADDR line as this will be a replica of that on the main interface. We have used a new IP address (192.168.1.101) and simply renamed the DEVICE handler (to eth0:0).
On completion we have to restart the network like so:
# /sbin/service network restart
This will respond with something similar to the following:
Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ]
And we can confirm our settings like so:
# ifconfig
Again, this will respond with something similar to the following:
eth0 Link encap:Ethernet HWaddr 00:17:31:BD:B6:98
inet addr:192.168.1.137 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5659 errors:0 dropped:0 overruns:0 frame:0
TX packets:1286 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:389948 (380.8 KiB) TX bytes:179134 (174.9 KiB)
Interrupt:217 Base address:0x2000
eth0:0 Link encap:Ethernet HWaddr 00:17:31:BD:B6:98
inet addr:192.168.1.138 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:217 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:174 errors:0 dropped:0 overruns:0 frame:0
TX packets:174 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13530 (13.2 KiB) TX bytes:13530 (13.2 KiB)
Networking - Part 2
Now we want to edit our hosts file. So let's open it up in our favourite text editor like so:
# nano /etc/sysconfig/network
And make it look like so, remembering to customise the settings to match your needs:
NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=server.servername.lan DOMAINNAME=servername.lan GATEWAYDEV=eth0 GATEWAY=192.168.1.254
Now we want to edit our hosts file. So let's open it up in our favourite text editor like so:
# nano /etc/hosts
Simply change the contents of '/etc/hosts' to look as follows but remembering to customise the settings to match your needs:
As you will remember from our installation procedures the example computer called 'servername.serverdomain.lan' is not using IPv6. If you have configured multiple IP addresses then remember to use your primary address in this file.
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.1.100 servername.serverdomain.lan servername ::1 localhost6.localdomain6 localhost6
Now we want to edit our resolve.conf file. So let's open it up in our favourite text editor like so:
# nano /etc/resolve.conf
Simply change the contents of '/etc/resolve.conf' to look as follows but remembering to customise the settings to match your needs:
search serverdomain.lan nameserver 127.0.0.1 nameserver 192.168.1.100 nameserver 192.168.1.254
To confirm the above 'hosts' and 'resolve.conf' settings we do this:
# /sbin/service network restart # hostname # hostname -f # nslookup www.google.com
Both 'hostname' and 'hostname -f' should respond with your full computer name (i.e 'servername.serverdomain.lan') whilst the result from 'nslookup' would look as follows:
Server:127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: www.google.comcanonical name = www.l.google.com. Name:www.l.google.com Address: 209.85.227.104 Name:www.l.google.com Address: 209.85.227.105 Name:www.l.google.com Address: 209.85.227.106 Name:www.l.google.com Address: 209.85.227.147 Name:www.l.google.com Address: 209.85.227.99 Name:www.l.google.com Address: 209.85.227.103
If everything responds correctly, and in order to optimise our system resources to finish off we will remove the Network Manager (which is a feature generally associated with desktop-based installations that may use DHCP). At the command prompt type:
# yum remove NetworkManager
Confirm the request to remove Network Manager and then, having completed the following steps it is always simpler to reboot the entire system:
# reboot
Post Network configuration checks
Having re-started your machine and returned as the 'root user' we want to make sure that our networking started correctly.
To do this we simply re-visit some of our previous steps like so:
# hostname # nslookup www.google.com
As before, if everything reports without any issues then we can proceed to the next step ...
Time, Language and Location
First of all, we will want to confirm that the language file is using the correct settings. By using the following command we will open up the language file in our favourite text editor:
# nano /etc/sysconfig/i18n
Most systems will automatically default to the US language but if you remember from the original installation the example machine is UK based so it should look similar to the following ...
LANG="en_GB.UTF-8" SYSFONT="latarcyrheb-sun16"
We simply replaced 'en_US.UTF-8' with 'en_GB.UTF-8'. Now save the file and enter the following command to confirm our localisation settings:
# tzselect
If entered correctly it should respond with something similar to the following:
Please identify a location so that time zone rules can be set correctly. Please select a continent or ocean. 1) Africa 2) Americas 3) Antarctica 4) Arctic Ocean 5) Asia 6) Atlantic Ocean 7) Australia 8) Europe 9) Indian Ocean 10) Pacific Ocean 11) none - I want to specify the time zone using the Posix TZ format. #? 8
At the prompt simply type in a number that refers to your location::
Please select a country. 1) Aaland Islands 18) Greece 35) Norway 2) Albania 19) Guernsey 36) Poland 3) Andorra 20) Hungary 37) Portugal 4) Austria 21) Ireland 38) Romania 5) Belarus 22) Isle of Man 39) Russia 6) Belgium 23) Italy 40) San Marino 7) Bosnia & Herzegovina 24) Jersey 41) Serbia 8) Britain (UK) 25) Latvia 42) Slovakia 9) Bulgaria 26) Liechtenstein 43) Slovenia 10) Croatia 27) Lithuania 44) Spain 11) Czech Republic 28) Luxembourg 45) Sweden 12) Denmark 29) Macedonia 46) Switzerland 13) Estonia 30) Malta 47) Turkey 14) Finland 31) Moldova 48) Ukraine 15) France 32) Monaco 49) Vatican City 16) Germany 33) Montenegro 17) Gibraltar 34) Netherlands #? 8
As you can see, I have selected number '8' for 'Britain (UK)' and the console responds as follows:
The following information has been given:
Britain (UK)
Therefore TZ='Europe/London' will be used.
Local time is now: Mon Sep 12 00:59:36 BST 2011.
Universal Time is now: Sun Sep 11 23:59:36 UTC 2011.
Is the above information OK?
1) Yes
2) No
#? 1
Choose '1' to confirm these settings or '2' to cancel and choose another location.
If you have confirmed the current settings the console will respond in the appropriate manner detailing your location information like so:
You can make this change permanent for yourself by appending the line
TZ='Europe/London'; export TZ
to the file '.profile' in your home directory; then log out and log in again.
Here is that TZ value again, this time on standard output so that you
can use the /usr/bin/tzselect command in shell scripts:
Europe/London
If you want to have the system clock synchronized with an external NTP server simply install the NTP software and switch the service on at boot:
# yum install ntp # chkconfig ntpd on
To confirm our NTP software simply type the following:
# date
Which should respond with the correct date and time like so:
Mon Sep 12 15:09:29 BST 2011
Yum Updates
Let's update the system ...
# yum clean all # yum update
Accept any updates that are made available to you and reboot to complete this stage.
# reboot
Step 3: Additional Hard Disks, Directories, Printing & Backups
Based on the original specification of the Example Server described at the beginning of this tutorial we will now turn towards the task of adding an additional hard disk. This section is entirely optional so if you have no additional hard disks to add to your computer, simply jump to Stage 4 below.
First of all we will need to switch off our computer and attach our additional hard disk.
So login is as the 'root user' and type:
# halt
Let's recap on what we said at the outset of this tutorial:
- In the original specification I have an additional drive called 'Drive 3'
- The purpose of this hard disk to act as a back-up to the activity of file sharing.
- We will not be adding this to the LVM for one very good reason. If the LVM fails it is quite an ordeal to rebuild it, so for simplicity (as we all like simplicity) the third drive will be mounted as an EXT3 formatted drive in a suitable location on our system (i.e. /backup). This will ensure that the data on this hard disk is not affected by any failure of the main system. An LVM failure is not expected, but 'never say never ... and always be prepared' as LVM failures are arguably hardware related.
Connect your third hard drive following the instructions on your motherboard's user manual and switch your computer back on - when you are able to do so, login as the root user and let's change our identity to the 'super user' with the following command:
# su -
And use the following command to display all hard disks with their relevant device names:
# fdisk -l
The response could look similar to the following:
Disk /dev/sda: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 9729 78043770 8e Linux LVM Disk /dev/sdb: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 * 1 60801 488384001 8e Linux LVM Disk /dev/sdc: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System
From the consoles response you will notice a number of disks listed, each with a relevant device name (as listed on the left-hand side of above read-out). Where both '/dev/sda' and '/dev/sdb' are used by LVM to form the base system the disk we have just added should be listed as '/dev/sdc'.
By taking a closer look we can see that device name '/dev/sdc' is currently un-formatted and thus the console reports the following information:
Disk /dev/sdc: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System
Format your new hard disk
By referencing the correct device name type (replacing 'sdc' with the correct value) use the following command:
# fdisk /dev/sdc
The response will look similar to this:
The number of cylinders for this disk is set to 60801. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Command (m for help):
As it states on the console, simply type 'm' for help but these are the main commands you will need to know/use:
m - help p - print the partition table n - create a new partition d - delete a partition q - quit without saving changes w - write the new partition table and exit
If your disk is like mine, un-formatted, then jump to the section titled 'create a new partition on your hard disk'.
Otherwise, if your is pre-formatted with existing data, read on ...
Delete/Blank all existing data on your hard disk
If you need to delete any data on your hard disk, use the following routine (typing one line at a time):
# d # w
In the above example we initially used 'd' to delete the partition and then 'w' to replace the partition table on the disk.
When finished, you will exit from the fdisk feature, therefore you will need to re-open your disk with:
# fdisk /dev/sdc
And confirm the disk is blank by typing:
# p
The 'p' command will print the current hard disk partition table and you should see a blank partition table. To quit fdisk type:
# q
Having created a partition table on your hard disk you should now read-on and learn how to 'create a new partition on your hard disk'.
Create a new partition on your hard disk
To make the disk useful to us, first of all we need to create a partition - i.e. sdc1. This is very simple to do but be very careful not to target the wrong disk, this action cannot be undone - like all actions described in this Step 3.
So by replacing 'sdc' with the correct value follow this routine (one line at a time):
# fdisk /dev/sdc
Type 'n' like so:
Command (m for help): n
The response will look similar to this:
Command action e extended p primary partition (1-4)
Choose 'p' and then elect number '1' when asked for a partition number like so:
Command action e extended p primary partition (1-4) p Partition number (1-4): 1
During the next step, simply accept the default values as shown and hit the <RETURN> key:
First cylinder (1-6081, default 1):
And again, when asked simply accept the default values as shown and hit the <RETURN> key::
First cylinder (1-6081, default 1): 1 Last cylinder or +size or +sizeM or +sizeK (1-6081, default 6081):
Confirm your instruction by typing:
# p
The 'p' command will print-out your intended plan to create a new partition table (i.e depending on the device name you will see a partition table called sda1 or sdb1 or sdc1 etc .. etc ...) like so:
Disk /dev/sdc: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdc1 1 60801 488384001 83 Linux
If you have made a mistake at this stage simply type 'q' and start again, but if you are happy to proceed then type:
# w
The computer will now write the partition table to the disk and when complete the console will respond with a similar message to that as follows:
Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks.
Format your hard disk
To format your hard disk using the EXT3 format, simply type the following (replacing 'sdc1' with the correct value):
# mkfs.ext3 /dev/sdc1
The subsequent operation will look similar to this:
mke2fs 1.39 (29-May-2006) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 61063168 inodes, 122096000 blocks 6104800 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=0 3727 block groups 32768 blocks per group, 32768 fragments per group 16384 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 102400000 Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 27 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.
When complete the console will respond appropriately and you can re-check your work with:
# fdisk -l
The above command should show all your hard disks (including the new disk) with a valid partition and file format or you may use the following 'human-friendly' command:
# df -h
Mount your hard disk
We now need to mount your new hard disk.
Mount points are like directories or folders and that are very simple to create and should always be created as the 'root user' like so:
# mkdir /newdisk
or
# mkdir /home/newdisk
So, for the Example System, let's create a mount point in the root of our drive called 'backup' like so:
# mkdir /backup
And that's it, now we must modify 'fstab' in order that we can automatically mount our drive at start-up.
However, because 'fstab' is a very important file, before we begin, let's back it up:
# cp /etc/fstab /etc/fstab.bak
So if your computer fails to boot, all you need to do is jump into rescue mode and replace the recently edited file with the back-up file like so:
# cp /etc/fstab.bak /etc/fstab
Now, let's open /etc/fstab file, with:
# nano /etc/fstab
It could look something like this:
/dev/MainGroup00/root / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 /dev/MainGroup00/home /home ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/MainGroup00/swap swap swap defaults 0 0
And append like so:
/dev/sdc1 /backup ext3 defaults 1 2
Use the <TAB> key to create the relevant spaces, then save and close the file.
And finally, to complete this stage, simply reboot your computer and if all goes well you can now decide to create some working folders or jump to Step 4 below ..
How to create working folders
Creating working folders on CentOS is exactly the same as any other Linux based distribution. So, let's assume we want to add some working directories to our new partitioned and formatted backup drive located at /backup. Simply create a folder like so:
# mkdir /backup/my-new-folder
Having created our folder as a the 'root user' it is always good practice to change the permissions for accessibility by other accounts. So decide what permissions you would like to grant to this folder (based on its purpose) and simply run the following command:
# chmod 0755 /backup/my-new-folder
In the above command we simply changed the permission of 'my-new-folder' to 0755.
Rsync
Based on the format of this tutorial you will discover that RSYNC is installed by default. You can confirm this by typing:
# yum install rsync
YUM Priorities & Rsnapshot (optional)
RSNAPSHOT is not available through the standard YUM repositories so we will need to install the EPEL repository and YUM priorities.
To install the EPEL repository we need to type the following command:
# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Following this, we need to install YUM priorities with the following command:
# yum install yum-priorities
We should now confirm YUM priorities is installed correctly with the following command:
# cat /etc/yum/pluginconf.d/priorities.conf
The console should respond as follows:
[main] enabled = 1
Now you need to review all your repositories and give them a priority number from 1-99 the repositories with the lowest number get the highest priority, so it would be advisable to set all the CentOS repositories to 1.
Open the CentOS-Base.repo file like so:
# nano /etc/yum.repos.d/CentOS-Base.repo
It will look similar to this but I have already made the relevant changes (compare them to see if you can see what I have done):
[base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 priority=1 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 priority=1 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 priority=1 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 priority=1 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 priority=2
Did you notice the additional statement 'priority=X' under every 'gpgkey' location regardless of whether the source was enabled or not?
So simply make the relevant changes and save/close this file.
We now need to make a similar change to the EPEL file but by giving it a higher number like so:
# nano /etc/yum.repos.d/epel.repo
And make it resemble the following:
[epel] name=Extra Packages for Enterprise Linux 5 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL priority=20 [epel-debuginfo] name=Extra Packages for Enterprise Linux 5 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL gpgcheck=1 priority=20 [epel-source] name=Extra Packages for Enterprise Linux 5 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL gpgcheck=1 priority=20
To finish off installing YUM priorities you should also give all other references a priority number of 2 or more with the exception of 'epel-testing.repo' which should share the same value used by the 'epel.repo' above.
So open each of the following files in order and make the necessary changes:
# nano /etc/yum.repos.d/CentOS-Debuginfo.repo # nano /etc/yum.repos.d/CentOS-Media.repo # nano /etc/yum.repos.d/CentOS-Vault.repo # nano /etc/yum.repos.d/epel-testing.repo
When complete, to proceed we can install Rsnapshot like so:
# yum install rsnapshot
Now open the following file, to begin making the relevant changes you need to customise your RSNAPSHOT settings:
# nano /etc/rsnapshot.conf
When complete, simply save and close the file. You have now installed rsnapshot.
Create an SSL certificate (optional)
Use the following instruction to create a typical SSL Certificate. However, if you are intending to use an SSL certificate for business purposes then you should purchase an SSL certificate from a suitable provider.
# cd /etc/pki/tls/certs
And then type (filling in the required details when asked):
# make server.key
Now type, filling in the required details when asked:
# openssl rsa -in server.key -out server.key
Now type (filling in the required details when asked):
# openssl rsa -in server.key -out server.key
Now type (filling in the required details when asked):
# make server.csr
Followed by:
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
And finally:
# chmod 400 server.*
Print Support with CUPS (optional)
At the beginning of this tutorial we originally disabled CUPS. However, if you would like to re-instate the CUPS printing service then read on. We will not be discussing drivers for individual printers or web access, but the following instruction will give you a starting point on which to build your very own print server..
Install CUPS like so:
# yum install cups*
And in order to begin making the necessary changes, simply edit the following file as required:
# nano /etc/cups/cupsd.conf
This should get you started:
# Only listen for connections from the local machine. Listen 631 # Restrict access to the server... <Location /> Order allow,deny Allow localhost Allow 192.168.1.0/24 </Location> # Restrict access to configuration files... <Location /admin/conf> AuthType Basic Require user @SYSTEM Order allow,deny </Location> # as an addition, add at the bottom of this file ServerCertificate /etc/pki/tls/certs/server.crt ServerKey /etc/pki/tls/certs/server.key
Now edit the following file:
# nano /etc/cups/mime.convs
And un-comment:
application/octet-stream application/vnd.cups-raw 0 -
Now run:
# /sbin/service cups start
The console should respond as follows:
Starting cups: [ OK ]
And finally switch the service back on at boot:
# chkconfig cups on
Step 4: User Management & Samba
Well done ... We now have a fully functioning base system so let's turn CentOS into a standalone file server and add some users.
At the following screen, login as the root user:
Samba Server
Update YUM:
# yum update
Accept any available updates then install Samba with:
# yum install samba samba-client samba-common
Now we will need to modify our smb.conf file, but before we do - let's back it up:
# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
And then begin editing like so:
# nano /etc/samba/smb.conf
Make following basic changes, customising the relevant values to suit your needs and using any other features as required:
[global] # ----------------------- Network Related Options ------------------------- workgroup = WORKGROUP server string = Samba Server Version %v netbios name = YOURSERVERNAME # --------------------------- Logging Options ----------------------------- # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate max log size = 50 # ----------------------- Standalone Server Options ------------------------ security = user passdb backend = tdbsam # --------------------------- Printing Options ----------------------------- load printers = yes cups options = raw printcap name = /etc/printcap #obtain list of printers automatically on SystemV printcap name = lpstat printing = cups # --------------------------- Directories ----------------------------- [homes] comment = Home Directories browseable = no writable = yes valid users = %S valid users = MYDOMAIN\%S create mask =0755 directory mask =0755 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes
Now start the Samba Server like so:
# /sbin/service smb start
Activate the Samba Server at start-up like so:
# chkconfig smb on
Users
In order to finalise our installation we need to add some users, create relevant folders for them and give them the required permissions to work in a file-sharing environment..
Do this like so, remembering to customise the 'username' as required and to provide a password when requested:
# useradd -d /home/username -s /bin/bash -c "username" username # chown centos /home/username && passwd username # chmod 755 /home/username
Repeat the above steps for each user on your network.
When complete, we now need to add these users to our Samba server like so, providing a password when requested:
# smbpasswd -a username
Repeat the above steps for each user on your network.
When complete, just complete a final reboot ...
# reboot
And that's it ... well done :-)
Supplementary: Gnome Desktop & Updates
And just before anyone asks, (if you really want one) in order to install a desktop interface simply complete the following step:
# yum update # yum groupinstall "X Window System" "GNOME Desktop Environment"
When the installation is complete, type:
# reboot
Login as root in the usual way and type:
# startx
To install an easy to use graphical package manager (also known as Yum Extender):
# yum install yumex
Should you wish to remove the Gnome Desktop environment at any time, use:
# yum groupremove "X Window System" "GNOME Desktop Environment" # reboot
To keep your server up to date use:
# yum update
To shutdown your server use:
# halt
And that's it ... well done :-)
In the next tutorial, we will look at CentOS as a comprehensive web server, supporting Apache Virtual Hosts, Bind, MySQL, PHP5.3, Webmin, Third Party Repositories and much, much more.
Comments