Full CentOS Server Setup
From FiberWiki
Contents |
Packages Needed
For any system that uses yum, just copy and paste the following lines.
yum -y install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++ mysql mysql-devel mysql-server yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel yum -y install perl-libwww-perl ImageMagick libxml2 libxml2-devel vsftpd
These packages should cover what most users will need.
Setting Services to Start on Bootup
chkconfig --levels 235 mysqld on chkconfig --levels 235 httpd on
Starting Services
/etc/init.d/mysqld start /etc/init.d/httpd start OR services mysqld start services httpd start
Setting Mysqld Root Password
/usr/bin/mysqladmin -u root password 'password'
Installing phpMyAdmin
cd /var/www/html wget http://softlayer.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.3-english.tar.gz tar xvf phpMyAdmin-2.11.3-english.tar.gz mv phpMyAdmin-2.11.3-english phpmyadmin cd phpmyadmin cp config.sample.inc.php config.inc.php
If you don't want to install phpMyAdmin in /var/www but in /usr/share/, you can also do the following:
cd /usr/share/ wget http://softlayer.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.3-english.tar.gz tar xvf phpMyAdmin-2.11.3-english.tar.gz mv phpMyAdmin-2.11.3-english phpmyadmin cd phpmyadmin cp config.sample.inc.php config.inc.php ln -s /usr/share/phpmyadmin /var/www/html
Configuring phpMyAdmin
We will be editing the config.inc.php with nano, but you can use whatever editor you would like.
nano config.inc.php Press Ctrl+w+t then type 29 (You will notice this takes you directly to the line that needs to be changed.)
Change the following line:
$cfg['Servers'][$i]['auth_type'] = 'cookies'; TO $cfg['Servers'][$i]['auth_type'] = 'http';
Accessing phpMyAdmin
You may use any browser you would like.
Visit http://0.0.0.0/phpmyadmin (Please note change 0.0.0.0 to your correct IP address.) Login as root with the password you set as the mysql root password (Command that's three steps above).
Adding Http Users
Everyone has their own way of adding users to the system. The way we have it setup now is that it will add a user with the users directory going to /var/www/$user. The accounts are also setup with nologin as the shell; preventing them from sshing into the server.
This is the adduser bash script for doing what is stated above. Please do the following to add the script to your server:
cd ~ mkdir bash cd bash nano adduser
Then Copy and Paste the following to the nano file (Please make sure your window is full sized).
#!/bin/bash
BOLD="\033[1m"
NORMAL="\033[0;0m"
END="\033[30;47;0m"
BLACK="\033[0;30m"
BLUE="\033[0;34m"
GREEN="\033[0;32m"
CYAN="\033[0;36m"
RED="\033[0;31m"
PURPLE="\033[0;35m"
BROWN="\033[0;33m"
GRAY="\033[0;37m"
DARK_GRAY="\033[1;30m"
LIGHT_BLUE="\033[1;34m"
LIGHT_GREEN="\033[1;32m"
LIGHT_CYAN="\033[1;36m"
LIGHT_RED="\033[1;31m"
LIGHT_PURPLE="\033[1;35m"
YELLOW="\033[1;33m"
WHITE="\033[1;37m"
echo -e "${LIGHT_GREEN} Add User Script by Fiber Hosting"
echo -e "${PURPLE}-------------------------------------------------"
echo ""
echo ""
echo -n "Enter username:"
read user
echo ""
echo -n "Enter Password:"
read webpass
echo ""
echo -e "${WHITE}Adding user"
/usr/sbin/adduser -d /var/www/$user -M -s /sbin/nologin $user
echo ""
echo ""
sleep 3
echo -e "${WHITE}Creating Directory"
mkdir /var/www/$user
echo ""
echo ""
sleep 3
echo -e "${WHITE}Chowning"
chown $user:apache /var/www/$user
echo ""
echo ""
sleep 3
echo -e "${WHITE}Password Time"
echo $webpass | passwd --stdin $user
echo ""
echo ""
sleep 3
echo -e "${CYAN}Username: $user"
echo ""
sleep 2
echo -e "${CYAN}Pass: $webpass"
echo ""
sleep 2
echo ""
echo -e "${END}"
exit
After that has been copied and saved you will need to do the following:
chmod +x adduser
Then you can run it by typing:
./adduser
If we were to run the adduser file creating an account for *Phonehome.com with the user name phonehome it would look like this (The parts in bold are what we typed, the rest is script output):
[root@crazyserver bash]#./adduser Add User Script by Fiber Hosting ------------------------------------------------- Enter username:phonehome Enter Password:t3mpP4ss Adding user Creating Directory Chowning Password Time Changing password for user phonehome. passwd: all authentication tokens updated successfully. Username: phonehome Pass: t3mpP4ss
*Phonehome.com is used below while doing Virtual Host's.
Editing Httpd
We will be using nano again, but you can use whatever you would like.
nano /etc/httpd/conf/httpd.conf Proceed to the very bottom of the configure file (Ctrl+w+t 991 should take you to the last line).
We will need to add in Virtual Host lines for each site you would like to use. This is the default Virtual Host Provided:
<VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /www/docs/dummy-host.example.com ServerName dummy-host.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost>
We clearly need to change this in order for your other sites to work. Below is the same sample, but with explanations on which each line is.
<VirtualHost *:80> <-- *:80 is saying to listen on every ip at port 80 ServerAdmin webmaster@dummy-host.example.com <-- ServerAdmin is the email address of the admin DocumentRoot /www/docs/dummy-host.example.com <-- This is where all of your html files are located ServerName dummy-host.example.com <-- Website domain name ErrorLog logs/dummy-host.example.com-error_log <-- Where your error logs will print out CustomLog logs/dummy-host.example.com-access_log common <-- Same as above but for custom logs </VirtualHost> <-- Don't leave this line out!! This is ending the Virtual Host.
Let's say your website is Phonehome.com, and your files are located in /var/www (Your IP is 192.168.25.5). This is what the correct Virtual Host would look like.
<VirtualHost 192.168.25.5:80> ServerAdmin webmaster@Phonehome.com DocumentRoot /var/www/phonehome ServerName www.Phonehome.com ErrorLog /var/logs/www.Phonehome.com-error_log </VirtualHost>
When added to the last part of the httpd.conf file, this will make the server recognize www.Phonehome.com on the IP address 192.168.25.5 at port 80. It will also make the server read the directory /var/www/phonehome for all of Phonehome.com files.
Locking down SSHD
This is for Window's users, but linux keys how-to can be found on google.
Download http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe Open Program Click SSH-2 RSA Click Generate Move mouse around in the key area Enter in Key passphrase (your password). Don't use a password less key!! (Your users can grab the key from .ssh file) Click Save Private Key
Now we will need to add your RSA key to the server (sign in with root):
cd ~ mkdir .ssh cd .ssh nano authorized_keys Paste the key from PuttyGen that's called Public Key (very top box of PuttyGen). If you closed your PuttyGen then click on the exe again and click load key and select the correct key file. ctrl+x then hit "y" to save
Key should now be correctly loaded. Open putty type in the server IP then click SSH -> Auth -> Select Browse and select correct key. If all that is working then we need to edit sshd config:
nano /etc/ssh/sshd_config Ctrl+w then paste in Port 22 Change Port 22 to a higher port (optional) Ctrl+w then paste PasswordAuthentication Change from "yes" to "no"
Please keep in mind if there is a "#" in front of the line DELETE IT!! That is commenting the line so that the program does not read it.
Locking VSFTPD
We will need to make sure users cannot see outside of their home directory. Follow the guide below to fix the issue:
nano /etc/vsftpd/vsftpd.conf Add chroot_local_user=yes TO line "# (default follows)". You will need to delete the whole line, and add in chroot_local_user=yes.
