Tuesday, January 8, 2019

CentOS Basic Configuration and Services/Software Installation (Docker, Vsftp, Samba, etc)

The CentOS (Community Enterprise Operating System) Project is a community-driven free software effort focused on delivering a robust open source ecosystem. For users, CentOS offers a consistent manageable platform that suits a wide variety of deployments. For open source communities, CentOS offers a solid, predictable base to build upon, along with extensive resources to build, test, release, and maintain their code.

CentOS uses the Red Hat source code base to create a product similar to RHEL. So CentOS is very close to being RHEL without the branding and support. In particular, the library versions are the same, so binaries that work on one will work on the other. The administration tools are the same and configured in similar ways. However, there are a few differences, as the two distributions sometimes apply different minor patches.

Differences between Ubuntu and CentOS:
  • The biggest difference between the two Linux distributions is that Ubuntu is based on the Debian architecture while CentOS is forked from Red Hat Enterprise Linux.
  • In Ubuntu, you can download DEB packages using the apt-get package manager. Meanwhile, in CentOS, you have to use the yum command to download and install RPM packages from the central repository.
  • CentOS is considered to be a more stable distribution compared to Ubuntu. Mainly because package updates are less frequent. This can also prove to be a disadvantage of CentOS. If you want the latest version of a certain application or software, you will have to install them manually.
CentOS vs Ubuntu – Comparison Table
UbuntuCentOS
Based on DebianBased on RHEL
Updated frequentlyUpdated scarcely
No cPanel support (has alternatives)Supports cPanel/WHM
Larger user and developer communitySmaller user and developer community
Greater amount of help available in the form of tutorials and free guidesLesser amount of help available
Easier to learn for beginners that have used Ubuntu desktop in the pastHarder to learn for beginners as there are not many famous desktop distros released by RHEL
.deb packages installed using the apt-getpackage manager.rpm packages installed using the yum package manager
1. Install CentOS in VMWare Workstation

This installation is using VMWare Workstation Easy Install method to complete the installation.
  • Reboot CentOS: init 6 , reboot, shutdown -r now
  • ShutdownCentOS: init 0, poweroff 
  • Sync time: ntpdate time.windows.com
  • change to root: sudo -i 

2. Network Interface Configuration

change to root: sudo -i 

DHCP or Static:
Step 1 » Check the network interface name by typing below command
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 9a:4a:27:66:a4:4c brd ff:ff:ff:ff:ff:ff
    inet 10.9.1.26/24 brd 10.91.128.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::984a:27ff:fe66:a44c/64 scope link 
       valid_lft forever preferred_lft forever
Here “lo” is the loopback interface and “eth0” is the network interface that you need to configure .

Step 2 » you can see the file named ifcfg-eth0 ( Interface name ) in the location “/etc/sysconfig/network-scripts/” , open the file and you can see the lines as below, which is static ip 10.9.1.26 assigned to interface eth0
Just modify the lines like this
DEVICE="eth0"
HWADDR="00:22:19:09:4D:3C"
NM_CONTROLLED="yes"
ONBOOT="yes"    # Interface enabled

BOOTPROTO="dhcp"  #Assigning IP from DHCP
Step 3 » Start the network service and you can see the status as below .
[[email protected]~]# service network start
Bringing up loopback interface:                [  OK  ]
Bringing up interface p4p1:
Determining IP information for p4p1... done.   [  OK  ]

Some other similar commands:
  • service network restart
  • systemctl restart network.service
Change CentOS host name command:
  • hostnamectl set-hostname CentOS-test1

3. System Update and Package Mgmt Commands
  • sudo -i 
  • yum check-update
  • yum update
  • yum list | less
  • yum info firefox
  • yum search vsftpd
  • yum list openssh
  • yum update mysql
  • yum -y remove firefox
  • yum clean all

[[email protected] /]$ rpm -qa |less
plymouth-0.8.9-0.24.20140113.el7.centos.x86_64
libsoup-2.48.1-3.el7.x86_64
libaio-0.3.109-13.el7.x86_64
dmidecode-2.12-9.el7.x86_64
passwd-0.79-4.el7.x86_64
bind-libs-lite-9.9.4-29.el7_2.2.x86_64
sed-4.2.2-5.el7.x86_64
grub2-2.02-0.34.el7.centos.x86_64
libcom_err-1.42.9-7.el7.x86_64
rsyslog-7.4.7-12.el7.x86_64
biosdevname-0.6.2-1.el7.x86_64
dracut-config-rescue-033-360.el7_2.x86_64
libacl-2.2.51-12.el7.x86_64
openssh-clients-6.6.1p1-23.el7_2.x86_64
xe-guest-utilities-6.5.0-1432.x86_64
libgcrypt-1.5.3-12.el7_1.1.x86_64
libpcap-1.5.3-8.el7.x86_64
cronie-1.4.11-14.el7.x86_64
iwl6050-firmware-41.28.5.1-43.el7.noarch
iwl4965-firmware-228.61.2.24-43.el7.noarch
iwl3160-firmware-22.0.7.0-43.el7.noarch
libunistring-0.9.3-9.el7.x86_64
iwl100-firmware-39.31.5.1-43.el7.noarch
perl-parent-0.225-244.el7.noarch
newt-0.52.15-4.el7.x86_64
perl-Pod-Escapes-1.04-286.el7.noarch
gdbm-1.10-8.el7.x86_64
perl-libs-5.16.3-286.el7.x86_64

.......

[[email protected] /]$ rpm -qa |grep syslog

rsyslog-7.4.7-12.el7.x86_64



4.  System Performance and Monitoring Commands
  • uptime
  • top
  • iostat
  • vmstat
  • ps and pstree
  • sar
  • crontab
  • free
  • pmap

5. Disable IPv6
  • change to root: sudo -i 
There are three different ways to do it. 
5.1 Edit Sysctl.conf file
vi /etc/sysctl.conf
Add following two lines:
net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.default.disable_ipv6 =1
if only want to disable IPv6 for specific network card, such as  enp0s3, add following line instead:
net.ipv6.conf.enp0s3.disable_ipv6 =1
Save and exit VI. 
Run following command to make the change effect:
sysctl -p
5.2 
echo 1>/proc/sys/net/ipv6/conf/all/disable_ipv6echo 1>/proc/sys/net/ipv6/conf/default/disable_ipv6
5.3 
sysctl -w net.ipv6.conf.all.disable_ipv6=1sysctl -w net.ipv6.conf.default.disable_ipv6=1
Note: Some caveats to be aware from How to disable IPv6 on Linux.

6.Firewall 
6.1 Iptables (CentOS 7 not installed it by default)
Here are some commands to install it to replace default firewall :
  • yum install policycoreutils iptables-services -y
  • systemctl stop firewalld.service
  • systemctl disable firewalld.service
  • service iptables restart
6.2 Firewalld Commands (CentOS 7)
  • systemctl stop firewalld  //Turn off the firewall
  • systemctl start firewalld  //Turn on the firewall
  • systemctl status firewalld //Check firewall status
  • systemctl stop firewalld.service #停止firewall
  • systemctl disable firewalld.service #禁止firewall开机启动
  • firewall-cmd --state  #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
Netfilter

7. Install Some Useful Tools
  • Vim
  • lrzsz
  • bind-utils / net-tools
  • Git
  • Ansible
  • Docker
    • sudo -i
    • sudo yum update
    • sudo yum install docker
    • sudo systemctl enable docker.service # Enable the service
    • sudo systemctl start docker                 # Start the Docker daemon.
    • sudo docker images                             # Show local images
    • sudo docker pull tutum/wordpress                    # pull the image
    • sudo docker run -d -p 80:80 tutum/wordpress   #  Run container
    • sudo curl http://localhost/                         # Test container
    • sudo docker stop                                    # Stop container
    • sudo docker ps -a                                 # Show container list
    • sudo docker export 633748a43e01 > blog.tar                          # Export container
    • cat blog.tar | sudo docker import - tutum/wordpress blog.tar        # Import container
    • docker pull ubuntu
    • docker exec -it ubuntu /bin/bash
    • docker cp /home/msg/name.tar 5ed1587b3923:/home/software   #Copy file from host to container folder
    • docker exec -ti 5ed1587b3923 /bin/bash     # run command in the container
    • docker run -dt -p 7000-8000:7000-8000 -v /usr/local/home:/usr/local/container/home centos/java8 /bin/bash   #map port range and mount local folder to container
  • vsftp
    • yum install -y vsftpd
    • vi /etc/vsftpd/vsftpd.conf
      • anonymous_enable=YES  #allow anonymous to visit
      • anon_upload_enable=YES 
      • anon_mkdir_write_enable=YES
    • systemctl enable vsftpd # enablevsftpd service when system started
    • systemctl disable vsftpd 
    • systemctl start vsftpd
    • systemctl status vsftpd
    • Create user
      • useradd ftpadmin //create user ftpadmin
      • passwd ftpadmin //create password
    • mkdir -p /home/app/ftpdir
    • usermod -d /home/app/ftpdir ftpadmin  // change user ftpadmin's home folder to that new created folder
  • Samba
    • rpm -qa | grep 'samba'  // Check Samba service if installed already
    • yum -y install samba samba-common samba-client
      • samba-3.6.9-151.el6.x86_64   //服务器端软件,主要提供samba服务器的守护程序,共享文档,日志的轮替
      • samba-common-3.6.9-151.el6.x86_64   //主要提供samba服务器的设置文件与设置文件语法检验程序testparm
      • samba-client-3.6.9-151.el6.x86_64   //客户端软件,主要提供linux主机作为客户端时,所需要的工具指令集
    • service smb status //查看samba服务状态 
    • service smb start //启动samba服务 
    • service smb restart //重启samba服务
    • vi /etc/samba/smb.conf   //add following sharing information
[share]
        path = /home/sambauser1/share
        comment = sambauser1_share
        public = yes
        writable = yes
        browseable = yes
        guest ok = yes
        valid users = sambauser1,root
        available = yes
    • smbpasswd -a sambauser1 //为sambauser1 用户增加共享用户,并设定samba密码
  • pure-ftpd
    • yum install -y pure-ftpd
      • cd /etc/yum.repos.d
      • yum install -y epel-release
    • vim /etc/pure-ftpd/pure-ftpd.conf
      • remove # sign at the head of line pureftpd.pdb
      • systemctl start pure-ftpd // You will need to stop vsftpd to avoid port conflict 
    • mkdir /data/ftp
    • useradd -u 1010 pure-ftp1
    • chown -R pure-ftp1:pure-ftp1 /data/ftp      // give permission to the folder
    • pure-pw useradd ftp_usera -u pure-ftp1 -d /data/ftp
      • 用pure-pw创建用户,用-u指定系统用户是谁。-d,指定虚拟用户的家目录,设置密码
    • touch /data/ftp/1.txt
    • pure-pw mkdb
    • lftp [email protected]
    • chown pure-ftp1:pure-ftp1 /data/ftp/1.txt

Notes: 
For those services or software, if there is any problem to access from remotely, it might be SELinux issue. SELinux is Security Enhanced Linux. We can use following two commands to check status and make a temporary setting change.
  • getenforce  //Check SELinux status, either enforcing, permissive or disabled
  • setenforce [Enforcing | Permissive | 1 | 0]

To change SELinux permanently, we will need to edit /etc/sysconfig/selinux.

vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.12 SELINUXTYPE=targeted


Youtube Video:




References:





No comments:

Post a Comment