Latest Posts

CentOS (RedHat) Basic Configuration and Software Installation (Docker, Vsftp, Samba, etc)

The CentOS (Community Enterprise Operating System) Project is a community-driven free software effort focused on delivering a robust open source ecosystem. For users, CentOS offers a consistent manageable platform that suits a wide variety of deployments. For open source communities, CentOS offers a solid, predictable base to build upon, along with extensive resources to build, test, release, and maintain their code.

CentOS uses the Red Hat source code base to create a product similar to RHEL. So CentOS is very close to being RHEL without the branding and support. In particular, the library versions are the same, so binaries that work on one will work on the other. The administration tools are the same and configured in similar ways. However, there are a few differences, as the two distributions sometimes apply different minor patches.



RedHat Subscription


1  If you signed up to the no-cost developer license or have an actual license with Redhat, then you need to subscribe the server to RHN, using the subscription-manager command.
Use this command to register, using the credentials you use to access access.redhat.com.

subscription-manager register --username <username> --password <password> --auto-attach
Without subscription, RedHat will not be able to install or update any software since there is no anyrepository available. 


[root@html5 ~]# yum -y update && yum -y upgrade
Loaded plugins: product-id, search-disabled-repos, subscription-manager

This system is not registered with an entitlement server. You can use subscription-manager to register.

There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 To enable Red Hat Subscription Management repositories:
     subscription-manager repos --enable <repo>
 To enable custom repositories:
     yum-config-manager --enable <repo>
[root@html5 ~]# yum repolist all
Loaded plugins: product-id, search-disabled-repos, subscription-manager

This system is not registered with an entitlement server. You can use subscription-manager to register.

repolist: 0

[root@html5 tmp]# subscription-manager register --username jyan@51sec.org --password p@ssworD1 --auto-attach
Registering to: subscription.rhsm.redhat.com:443/subscription
The system has been registered with ID: 11e911ab-a948-413b-b294-22fd25ef2721
The registered system name is: html5.51sectest.dev
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

After you register your RedHat with your  development account, now all software becomes available now. 



[root@html5 tmp]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
rhel-7-server-rpms                                                                                                                                         | 3.5 kB  00:00:00
(1/3): rhel-7-server-rpms/7Server/x86_64/group                                                                                                             | 631 kB  00:00:00
(2/3): rhel-7-server-rpms/7Server/x86_64/updateinfo                                                                                                        | 3.7 MB  00:00:01
(3/3): rhel-7-server-rpms/7Server/x86_64/primary_db                                                                                                        |  71 MB  00:00:10
repo id                                                                           repo name                                                                                 status
rhel-7-server-rpms/7Server/x86_64                                                 Red Hat Enterprise Linux 7 Server (RPMs)                                                  29,218
repolist: 29,218
[root@html5 tmp]# yum -y update && yum -y upgrade
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.noarch 0:2019.2.32-76.el7_7 will be updated
---> Package ca-certificates.noarch 0:2020.2.41-70.0.el7_8 will be an update
---> Package iprutils.x86_64 0:2.4.17.1-3.el7 will be updated
---> Package iprutils.x86_64 0:2.4.17.1-3.el7_7 will be an update
---> Package libgudev1.x86_64 0:219-73.el7_8.5 will be updated
---> Package libgudev1.x86_64 0:219-73.el7_8.8 will be an update
---> Package systemd.x86_64 0:219-73.el7_8.5 will be updated
....


Differences between Ubuntu and CentOS:


  • The biggest difference between the two Linux distributions is that Ubuntu is based on the Debian architecture while CentOS is forked from Red Hat Enterprise Linux.
  • In Ubuntu, you can download DEB packages using the apt-get package manager. Meanwhile, in CentOS, you have to use the yum command to download and install RPM packages from the central repository.
  • CentOS is considered to be a more stable distribution compared to Ubuntu. Mainly because package updates are less frequent. This can also prove to be a disadvantage of CentOS. If you want the latest version of a certain application or software, you will have to install them manually.
CentOS vs Ubuntu – Comparison Table
UbuntuCentOS
Based on DebianBased on RHEL
Updated frequentlyUpdated scarcely
No cPanel support (has alternatives)Supports cPanel/WHM
Larger user and developer communitySmaller user and developer community
Greater amount of help available in the form of tutorials and free guidesLesser amount of help available
Easier to learn for beginners that have used Ubuntu desktop in the pastHarder to learn for beginners as there are not many famous desktop distros released by RHEL
.deb packages installed using the apt-getpackage manager.rpm packages installed using the yum package manager


1. Install CentOS in VMWare Workstation



Installation steps are pretty easy to follow. 
YouTube Video : VMWare Workstation Easy Install CentOS 7


This installation is using VMWare Workstation Easy Install method to complete the installation.
  • Reboot CentOS: init 6 , reboot, shutdown -r now
  • ShutdownCentOS: init 0, poweroff 
  • Sync time: ntpdate time.windows.com
  • change to root: sudo -i 
Note: After minimal installation, you may not able to connect network because Ethernet interface is not enabled by default minimal installation. A couple of commands to enable network:

  • “nmcli d” command in your terminal for quick list ethernet card installed on your machine:
  • “nmtui” command in your terminal to open Network manager.
    • IPv4 configuration <Automatic>
    • [x] Automatically connect
    • service network restart
    • ip a


2. Network Interface Configuration

Check Network Interface Commands (CentOS):
  • ip a
  • ip l
  • nmcli d
  • nmtui

change to root: sudo -i 

DHCP or Static:
Step 1 » Check the network interface name by typing below command
[root@linux1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 9a:4a:27:66:a4:4c brd ff:ff:ff:ff:ff:ff
    inet 10.9.1.26/24 brd 10.91.128.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::984a:27ff:fe66:a44c/64 scope link 
       valid_lft forever preferred_lft forever
Here “lo” is the loopback interface and “eth0” is the network interface that you need to configure .

Step 2 » you can see the file named ifcfg-eth0 ( Interface name ) in the location “/etc/sysconfig/network-scripts/” , open the file and you can see the lines as below, which is static ip 10.9.1.26 assigned to interface eth0
Just modify the lines like this
DEVICE="eth0"
HWADDR="00:22:19:09:4D:3C"
NM_CONTROLLED="yes"
ONBOOT="yes"    # Interface enabled

BOOTPROTO="dhcp"  #Assigning IP from DHCP
Step 3 » Start the network service and you can see the status as below .
[root@linux1~]# service network start
Bringing up loopback interface:                [  OK  ]
Bringing up interface p4p1:
Determining IP information for p4p1... done.   [  OK  ]

Some other similar commands:
  • service network restart
  • systemctl restart network.service
Change CentOS host name command:
  • hostnamectl set-hostname CentOS-test1


3. System Update and Package Mgmt Commands

  • sudo -i 
  • yum check-update
  • yum update
  • yum list | less
  • yum info firefox
  • yum search vsftpd
  • yum list openssh
  • yum update mysql
  • yum -y remove firefox
  • yum clean all
Sometimes, you will need to enable the EPEL repository and then install the software you need.
  • yum install epel-release
[john@linux1 /]$ rpm -qa |less
plymouth-0.8.9-0.24.20140113.el7.centos.x86_64
libsoup-2.48.1-3.el7.x86_64
libaio-0.3.109-13.el7.x86_64
dmidecode-2.12-9.el7.x86_64
passwd-0.79-4.el7.x86_64
bind-libs-lite-9.9.4-29.el7_2.2.x86_64
sed-4.2.2-5.el7.x86_64
grub2-2.02-0.34.el7.centos.x86_64
libcom_err-1.42.9-7.el7.x86_64
rsyslog-7.4.7-12.el7.x86_64
biosdevname-0.6.2-1.el7.x86_64
dracut-config-rescue-033-360.el7_2.x86_64
libacl-2.2.51-12.el7.x86_64
openssh-clients-6.6.1p1-23.el7_2.x86_64
xe-guest-utilities-6.5.0-1432.x86_64
libgcrypt-1.5.3-12.el7_1.1.x86_64
libpcap-1.5.3-8.el7.x86_64
cronie-1.4.11-14.el7.x86_64
iwl6050-firmware-41.28.5.1-43.el7.noarch
iwl4965-firmware-228.61.2.24-43.el7.noarch
iwl3160-firmware-22.0.7.0-43.el7.noarch
libunistring-0.9.3-9.el7.x86_64
iwl100-firmware-39.31.5.1-43.el7.noarch
perl-parent-0.225-244.el7.noarch
newt-0.52.15-4.el7.x86_64
perl-Pod-Escapes-1.04-286.el7.noarch
gdbm-1.10-8.el7.x86_64
perl-libs-5.16.3-286.el7.x86_64

.......

[john@linux1 /]$ rpm -qa |grep syslog

rsyslog-7.4.7-12.el7.x86_64





    4.  System Performance and Monitoring Commands

    • uptime
    • top
    • iostat
    • vmstat
    • ps and pstree
    • sar
    • crontab
    • free
    • pmap



      5. Disable IPv6

      change to root: sudo -i 
      There are three different ways to do it. 
      5.1 Edit Sysctl.conf file
      vi /etc/sysctl.conf
      Add following two lines:
      net.ipv6.conf.all.disable_ipv6 =1
      net.ipv6.conf.default.disable_ipv6 =1
      if only want to disable IPv6 for specific network card, such as  enp0s3, add following line instead:
      net.ipv6.conf.enp0s3.disable_ipv6 =1
      Save and exit VI. 
      Run following command to make the change effect:
      sysctl -p
      5.2 
      echo 1>/proc/sys/net/ipv6/conf/all/disable_ipv6echo 1>/proc/sys/net/ipv6/conf/default/disable_ipv6
      5.3 
      sysctl -w net.ipv6.conf.all.disable_ipv6=1sysctl -w net.ipv6.conf.default.disable_ipv6=1
      Note: Some caveats to be aware from How to disable IPv6 on Linux.

      6.Firewall

      6.1 Iptables (CentOS 7 not installed it by default)
      Here are some commands to install it to replace default firewall :
      • yum install policycoreutils iptables-services -y
      • systemctl stop firewalld.service
      • systemctl disable firewalld.service
      • service iptables restart
      6.2 Firewalld Commands (CentOS 7)
      • systemctl stop firewalld  //Turn off the firewall
      • systemctl start firewalld  //Turn on the firewall
      • systemctl status firewalld //Check firewall status
      • systemctl stop firewalld.service #停止firewall
      • systemctl disable firewalld.service #禁止firewall开机启动
      • firewall-cmd --state  #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
      Mask the FirewallD service which will prevent the firewall from being started by other services:
      sudo systemctl mask --now firewalld

      Netfilter

      7. Install Some Useful Tools

      • Vim
      • lrzsz
      • bind-utils / net-tools
      • Git
      • Ansible
      • Docker
        • sudo -i
        • sudo yum update
        • sudo yum install docker
        • sudo systemctl enable docker.service # Enable the service
        • sudo systemctl start docker                 # Start the Docker daemon.
        • sudo docker images                             # Show local images
        • sudo docker pull tutum/wordpress                    # pull the image
        • sudo docker run -d -p 80:80 tutum/wordpress   #  Run container
        • sudo curl http://localhost/                         # Test container
        • sudo docker stop                                    # Stop container
        • sudo docker ps -a                                 # Show container list
        • sudo docker export 633748a43e01 > blog.tar                          # Export container
        • cat blog.tar | sudo docker import - tutum/wordpress blog.tar        # Import container
        • docker pull ubuntu
        • docker exec -it ubuntu /bin/bash
        • docker cp /home/msg/name.tar 5ed1587b3923:/home/software   #Copy file from host to container folder
        • docker exec -ti 5ed1587b3923 /bin/bash     # run command in the container
        • docker run -dt -p 7000-8000:7000-8000 -v /usr/local/home:/usr/local/container/home centos/java8 /bin/bash   #map port range and mount local folder to container
      • vsftp
        • yum install -y vsftpd
        • vi /etc/vsftpd/vsftpd.conf
          • anonymous_enable=YES  #allow anonymous to visit
          • anon_upload_enable=YES 
          • anon_mkdir_write_enable=YES
        • systemctl enable vsftpd # enablevsftpd service when system started
        • systemctl disable vsftpd 
        • systemctl start vsftpd
        • systemctl status vsftpd
        • Create user
          • useradd ftpadmin //create user ftpadmin
          • passwd ftpadmin //create password
        • mkdir -p /home/app/ftpdir
        • usermod -d /home/app/ftpdir ftpadmin  // change user ftpadmin's home folder to that new created folder
      • Samba
        • rpm -qa | grep 'samba'  // Check Samba service if installed already
        • yum -y install samba samba-common samba-client
          • samba-3.6.9-151.el6.x86_64   //服务器端软件,主要提供samba服务器的守护程序,共享文档,日志的轮替
          • samba-common-3.6.9-151.el6.x86_64   //主要提供samba服务器的设置文件与设置文件语法检验程序testparm
          • samba-client-3.6.9-151.el6.x86_64   //客户端软件,主要提供linux主机作为客户端时,所需要的工具指令集
        • service smb status //查看samba服务状态 
        • service smb start //启动samba服务 
        • service smb restart //重启samba服务
        • vi /etc/samba/smb.conf   //add following sharing information
      [share]
              path = /home/sambauser1/share
              comment = sambauser1_share
              public = yes
              writable = yes
              browseable = yes
              guest ok = yes
              valid users = sambauser1,root
              available = yes
        • smbpasswd -a sambauser1 //为sambauser1 用户增加共享用户,并设定samba密码
      • pure-ftpd
        • yum install -y pure-ftpd
          • cd /etc/yum.repos.d
          • yum install -y epel-release
        • vim /etc/pure-ftpd/pure-ftpd.conf
          • remove # sign at the head of line pureftpd.pdb
          • systemctl start pure-ftpd // You will need to stop vsftpd to avoid port conflict 
        • mkdir /data/ftp
        • useradd -u 1010 pure-ftp1
        • chown -R pure-ftp1:pure-ftp1 /data/ftp      // give permission to the folder
        • pure-pw useradd ftp_usera -u pure-ftp1 -d /data/ftp
          • 用pure-pw创建用户,用-u指定系统用户是谁。-d,指定虚拟用户的家目录,设置密码
        • touch /data/ftp/1.txt
        • pure-pw mkdb
        • lftp ftp_usera@127.0.0.1
        • chown pure-ftp1:pure-ftp1 /data/ftp/1.txt

      Notes: 
      For those services or software, if there is any problem to access from remotely, it might be SELinux issue. SELinux is Security Enhanced Linux. We can use following two commands to check status and make a temporary setting change.
      • getenforce  //Check SELinux status, either enforcing, permissive or disabled
      • setenforce [Enforcing | Permissive | 1 | 0]

      SELinux

      To change SELinux permanently, we will need to edit /etc/sysconfig/selinux.

      vi /etc/sysconfig/selinux
      # This file controls the state of SELinux on the system.
      # SELINUX= can take one of these three values:
      #     enforcing - SELinux security policy is enforced.
      #     permissive - SELinux prints warnings instead of enforcing.
      #     disabled - No SELinux policy is loaded.
      SELINUX=disabled
      # SELINUXTYPE= can take one of three values:
      #     targeted - Targeted processes are protected,
      #     minimum - Modification of targeted policy. Only selected processes are protected.
      #     mls - Multi Level Security protection.12 SELINUXTYPE=targeted




      Docker 

      For RedHat:
      1. Type the following command to install Docker via yum provided by Red Hat:
        sudo yum install docker
      2. Type the following command to install the latest version of Docker CE (community edition):
        sudo yum remove docker docker-common docker-selinux docker-engine
        sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
        sudo yum install docker-ce
      For CentOS 7:
      curl -sSL https://get.docker.com/ | sh 
      systemctl start docker 
      systemctl enable docker

      Youtube Video:




      References:





      No comments