User Tools

Site Tools

Trace:
vps_-_centos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vps_-_centos [2021/04/02 08:38] hc9vps_-_centos [2021/04/02 18:14] (current) – [Software Management] hc9
Line 13: Line 13:
 It is a good habit to create a regular user account for working, using su to obtain root privileges as needed. To create a regular user account: It is a good habit to create a regular user account for working, using su to obtain root privileges as needed. To create a regular user account:
  
-  useradd -Gwheel <username>+  useradd -Gwheel <username>
  
 This user will be able to perform administrative tasks by runing //su// to obtain superuser privileges using the root password. CentOS ships with sudo installed, so adding the new user to wheel group and editing /etc/sudoers with //visudo// to uncoment the following line: This user will be able to perform administrative tasks by runing //su// to obtain superuser privileges using the root password. CentOS ships with sudo installed, so adding the new user to wheel group and editing /etc/sudoers with //visudo// to uncoment the following line:
  
-  ## Allows people in group wheel to run all commands +<file config /etc/sudoers> 
-   %wheel  ALL=(ALL)       ALL+## Allows people in group wheel to run all commands 
 +%wheel  ALL=(ALL)       ALL 
 +</file>
  
 ===== Networking ===== ===== Networking =====
Line 44: Line 46:
 Change the next line in /etc/sysconfig/network: Change the next line in /etc/sysconfig/network:
  
-  HOSTNAME=my.host.name+<file config /etc/sysconfig/network> 
 +HOSTNAME=my.host.name 
 +</file>
  
 Change hostname (FQDN and alias) in /etc/hosts so it reads like this: Change hostname (FQDN and alias) in /etc/hosts so it reads like this:
Line 68: Line 72:
 Edit /etc/ssh/sshd_config and uncomment the line: Edit /etc/ssh/sshd_config and uncomment the line:
  
-  #PermitRootLogin yes+<file config /etc/ssh/sshd_config> 
 +#PermitRootLogin yes 
 +</file>
  
 To: To:
  
-  PermitRootLogin no+<file config /etc/ssh/sshd_config> 
 +PermitRootLogin no 
 +</file>
  
 Also you can raise the security level in OpenSSH a little bit by allowing only to certain users ssh access to your vps (eg. the user you have created before) Also you can raise the security level in OpenSSH a little bit by allowing only to certain users ssh access to your vps (eg. the user you have created before)
Line 78: Line 86:
 Add one line at the end of /etc/ssh/sshd_config like this: Add one line at the end of /etc/ssh/sshd_config like this:
  
-  AllowUsers username anotheruser+<file config /etc/ssh/sshd_config> 
 +AllowUsers username anotheruser 
 +</file>
  
 Now restart sshd by running/typing: Now restart sshd by running/typing:
  
-  /bin/systemctl restart sshd+  /bin/systemctl restart sshd
  
 You can now test ssh by running ssh user@localhost. You can now test ssh by running ssh user@localhost.
Line 88: Line 98:
 ===== Security ===== ===== Security =====
  
-In CentOS SELinux is enabled by default, SDF's CentOS VPS has SELinux configured to run in permissive mode, so it will log any security problem but won't enforce any policy. If you are not familiar with SELinux I suggest you to leave it this way, you can learn more about SLinux in CentOS in the [[#reference|Deployment Guide]]+In CentOS SELinux is enabled by default, SDF's CentOS VPS has SELinux configured to run in permissive mode, so it will log any security problem but won't enforce any policy. If you are not familiar with SELinux I suggest you to leave it this way, you can learn more about SLinux in CentOS in the [[:vps_-_centos#references|Deployment Guide]]
  
 CentOS 7 uses firewalld, you can learn more about configuring firewalld [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7|here]]. CentOS 7 uses firewalld, you can learn more about configuring firewalld [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7|here]].
Line 98: Line 108:
 You can configure this repositoires in /etc/yum.repos.d, by default CentOS Base and CentOS Updates are enabled by default, SDF seems to be running [citation needed] default CentOS kernel, but to play safe I advise you to add the following line in /etc/yum.repos.d/CentOS-Base.repo once under sections //[base]// and //[updates]//: You can configure this repositoires in /etc/yum.repos.d, by default CentOS Base and CentOS Updates are enabled by default, SDF seems to be running [citation needed] default CentOS kernel, but to play safe I advise you to add the following line in /etc/yum.repos.d/CentOS-Base.repo once under sections //[base]// and //[updates]//:
  
-  exclude=kernel-PAE* kernel-debug* kernel-devel* kernel-doc* kernel-xen*+<file config /etc/yum.repos.d/CentOS-Base.repo> 
 +exclude=kernel-PAE* kernel-debug* kernel-devel* kernel-doc* kernel-xen* 
 +</file>
  
 CentOS is aimed to be 100% binary compatible with RHEL, so it is very enterprise oriented and the best advise is to stick with pre-built packages. CentOS is aimed to be 100% binary compatible with RHEL, so it is very enterprise oriented and the best advise is to stick with pre-built packages.
Line 106: Line 118:
 If you wanted to look for GNU Screen, you can search yum database by running: If you wanted to look for GNU Screen, you can search yum database by running:
  
-  yum search screen+  yum search screen
  
 yum will return a list of package names and descriptions matching the word used as parameter for //search//. CentOS has groups of packages available you can know what software groups are available for install as the software groups installed already. yum will return a list of package names and descriptions matching the word used as parameter for //search//. CentOS has groups of packages available you can know what software groups are available for install as the software groups installed already.
  
-  yum grouplist+  yum grouplist
  
 This command will return installed and available for install software groups. This command will return installed and available for install software groups.
Line 136: Line 148:
 If you want to install GNU screen as in the example above, you must run the following: If you want to install GNU screen as in the example above, you must run the following:
  
-  yum install screen+  yum install screen
  
 If you wish to install the development toolchain you can do it by running this command: If you wish to install the development toolchain you can do it by running this command:
  
-  yum groupinstall "Development Tools"+  yum groupinstall "Development Tools"
  
 Be aware that this can be a lot of stuff and you may run out of space in hard drive, so start by removing unused software groups (e.g., yum groupremove "Windows File Server") and then move to install desired/needed software groups or standalone packages. Be aware that this can be a lot of stuff and you may run out of space in hard drive, so start by removing unused software groups (e.g., yum groupremove "Windows File Server") and then move to install desired/needed software groups or standalone packages.
Line 146: Line 158:
 ==== 3rd party repos ==== ==== 3rd party repos ====
  
-Most needs could do it well with repositoires shiped by default CentOS, but there are other options like the CentOS Plus repository, shiped but disabled by default, since this repo contains items that actually upgrade certain base CentOS components. This repo will change CentOS so that it is not exactly like the upstream provider's content. Popular packages from this repository include: postfix with database support, a rebuilt kernel with additional drivers &amp; filesystem support, php5 and mysql5.+Most needs could do it well with repositoires shiped by default CentOS, but there are other options like the CentOS Plus repository, shiped but disabled by default, since this repo contains items that actually upgrade certain base CentOS components. This repo will change CentOS so that it is not exactly like the upstream provider's content. Popular packages from this repository include: postfix with database support, a rebuilt kernel with additional drivers & filesystem support, php5 and mysql5.
  
 contrib is also a disabled default in CentOS. This repository contains packages contributed by CentOS users which do not overlap with any of the core distribution packages. These packages have not been tested by the CentOS developers and may not track the upstream version releases very closely. contrib is also a disabled default in CentOS. This repository contains packages contributed by CentOS users which do not overlap with any of the core distribution packages. These packages have not been tested by the CentOS developers and may not track the upstream version releases very closely.
  
-To enable repositories temporarily, append --enablerepo=reponame before the command for yum, such as:+To enable repositories temporarily, append <nowiki>--</nowiki>enablerepo=reponame before the command for yum, such as:
  
-  yum --enablerepo=centosplus --enablerepo=contrib search postfix+  yum --enablerepo=centosplus --enablerepo=contrib search postfix
  
 Other popular repos are RPMForge, this repository provides over 4000 packages for CentOS. Read the instructions on [[http://wiki.centos.org/AdditionalResources/Repositories/RPMForge|Installing RPMForge]]. This repository is considered by many in the community to be stable and safe. Other popular repos are RPMForge, this repository provides over 4000 packages for CentOS. Read the instructions on [[http://wiki.centos.org/AdditionalResources/Repositories/RPMForge|Installing RPMForge]]. This repository is considered by many in the community to be stable and safe.
Line 170: Line 182:
  
 ---- ----
- $Id: VPS_Centos.html,v 1.10 2017/01/04 17:30:19 kickback Exp $+ $Id: VPS_Centos.html,v 1.10 2017/01/04 17:30:19 kickback Exp $ [[http://sdf.org/?tutorials/VPS_Centos|CentOS on SDF VPS]] - traditional link (using [[wp>Revision_Control_System|RCS]]) 
vps_-_centos.1617352688.txt.gz · Last modified: 2021/04/02 08:38 by hc9