Advertisement

CentOS 5: File Server Essentials

by

This Cyber Monday Tuts+ courses will be reduced to just $3 (usually $15). Don't miss out.

What powers a file serving environment? In this tutorial, we'll begin to learn the skills required to install an enterprise grade operating system and discover the power and simplicity that makes CentOS the robust and reliable solution trusted by professional throughout the world. No previous experience of this operating system is assumed and during this presentation we will build on the process of a 'basic server installation' in order to get you up and running in no time at all.


Before We Begin ...

...Some basic requirements and a few assumptions will be made.

  • This tutorial is intended to be an introduction to CentOS during which we will build a typical server installation without a GUI. No prior knowledge or experience of this operating system is assumed but a basic familiarity with the console environment, downloading and burning a CD/DVD image are assumed.
  • In this instance we will be concentrating on the 32bit version using IPv4 but unless otherwise stated you may assume the 64 bit version is similar with very little modification required (you may need to remove some 32bit applications). IPv6 will not be discussed.
  • All administration tasks will be achieved directly via the console (or a secure shell environment) and you will be shown how to configure the operating system, partition your hard disks, install a file-sharing environment, manage users and maintain a firewall. Additional options (including Apache, PHP/Perl, Virtual Hosts, MySQL, BIND etc ... ) will be discussed in a future tutorial.
  • CentOS will run on almost any hardware but for the purpose of this tutorial we will be using the computer system described below. Screenshots have been provided (where possible) to support the main body of text together with reasoning and related notes; and as I am from the UK you should be aware that my writing and examples will carry a harmless 'anglophile' bias.
  • Throughout this tutorial I have used the text editor 'nano' due to its simplicity for new users but do change this to your preferred editor as and when required.
  • This tutorial is considered to be a guide and there is no guarantee that a replication of the following instruction will work for you without making the necessary changes to suit your needs (i.e. computer name, user names, ip addresses etc ...) whilst performing additional steps (based on your network topology) that are beyond the scope of this document.

I hope that this tutorial proves to be useful. So let's get started!


The Example System

CentOS will work with virtually all common hardware and as you can see, the computer system I will be using throughout this tutorial is quite straightforward. :

  • AMD 64bit Processor.
  • Standard motherboard with a single network interface.
  • 3GB RAM.
  • 3 SATA Hard Disks (see below).
  • Standard Router.
  • Generic Mouse (only used during the installation process).
  • Keyboard.
  • Generic Display/Monitor.

As stated above, I will be using the 3 hard disks in the following manner.
Where the first two drives listed are integral to our general server configuration, drive 3 is considered to be optional and will not form part of the original installation. We will return to 'Drive 3' at a later time in this tutorial in order to illustrate one of the many ways you could expand your system at a later date and for this reason it should remain disconnected from the motherboard until required.

  • Drive 1: 1 x 80GB
    disk will be used for the system files (active, connect to the motherboard at start-up).
  • Drive 2: 1 x 500GB disk for the user files (active, connect to the motherboard at start-up).
  • Drive 3: 1 x 500GB disk for backup (inactive, disconnect this drive until required).

Don't worry if your hard disks are different sizes or whether you are using old or new hardware or at this stage but if you wish to manage your CentOS installation remotely (or from your current desktop computer via a secure shell environment) then you may need to download and install Putty or similar software for use on your Windows-based desktop.


Download CentOS

First of all we want to download a copy of the CentOS 5 operating system.

So simply point your browser at http://isoredirect.centos.org/centos/5/isos/i386/, and download either:

  • The single DVD package called
    'CentOS-5.6-i386-bin-DVD.iso' or
  • The seven CD based packages called CentOS-5.6-i386-bin-1of7.iso, CentOS-5.6-i386-bin-2of7.iso, CentOS-5.6-i386-bin-3of7.iso, CentOS-5.6-i386-bin-4of7.iso, CentOS-5.6-i386-bin-5of7.iso, CentOS-5.6-i386-bin-6of7.iso, CentOS-5.6-i386-bin-7of7.iso

Do not mix and match the chosen installation media.

For the purpose of this tutorial I have downloaded a single DVD-Rom version called 'CentOS-5.6-i386-bin-DVD.iso'.

When you have finished downloading your chosen installation media simply burn the iso(s) to the relevant disc type (700MB CD or 4GB DVD), place the disk in your intended server and boot from the CD/DVD drive.

Go to Stage 1 to continue ...


Stage 1: Installation

A) Booting from the installation media.

We will install CentOS in graphical mode so press <ENTER> when you see the following screen:


The next screen will ask if you want to test the integrity of your installation media.

By using the (left and right) arrow keys to make your selection:

  • Should you wish to test the integrity of your installation media, choose <OK>.
  • If you do not wish to test the integrity of your installation media, choose <SKIP>.
  • When ready, hit the <ENTER> key to proceed.

When writing this tutorial it was decided not to test the integrity of the installation media as this can take a substantial amount of time.


The welcome screen will now appear.
Using your mouse, choose <Next> to proceed:


Choose your language. Simply highlight your preference and choose <Next> to proceed:


On the next screen, as shown below use the same process to choose the appropriate keyboard settings for your system:


The next screen may vary so if neither of the following are applicable to your circumstances then simply jump to the next step. However,

  • If you installing CentOS 5.6 on a fresh system (new hard disks), you may be asked to 'initialize the relevant drive(s)' so reply with a <Yes> when you are asked this question - "Would you like to initialize this drive, erasing ALL DATA?"
  • If the installer detects an existing copy of CentOS then you will see the following screen. If you do, choose <Install CentOS> to proceed.

B) Partitioning your hard disks.

"A discussion about the benefits of LVM is beyond the scope of this tutorial but in simple terms, it is a technology that allows the administrator of any system to re-size, move and add new hard disks during the operational lifetime of a given computer system. There are many advantages to this approach, particularly in a larger networking environment as this gives you much more flexibility in allocating storage to applications and users without changing the entire system or build new. So the best thing to remember is, any decisions made now can be modified further down the road."

CentOS uses Logical Volume Management (LVM) by default. You can of course use more or less hard disks and vary this part of the tutorial substantially but for the purpose of this tutorial and based on the specification of the Example System (described above) my intention is to use two SATA-based hard disks in the following way: the installer has detected an 80GB primary SATA drive (sda) and a 500GB secondary SATA drive (sdb) and where the former will hold the 'root files, the latter will be used to store all 'home' files.

With this in mind I will now show you how to use Disk Druid to partition your disks.

Based on the screenshot below and given that CentOS is the only operating system on this computer, your choices are:

If you have multiple hard disks:

  • In the first drop down list, select 'Remove linux partitions on selected drives and create default layout'.
  • Make sure the boxes next to your hard disk(s) are checked (i.e sda & sdb).
  • Check the box marked 'Review and modify partitioning layout'.
  • Choose <Next> to proceed.

If you have a single hard disk only:

  • Select 'Remove linux partitions on selected drives and create default layout' in the first drop down list.
  • Make sure the boxes next to your hard disk(s) are checked (i.e sda & sdb)
  • Do not mark the check box marked 'Review and modify partitioning layout' unless you want to override the default settings and customise your partitions.
  • Choose <Next> to proceed and skip to the next section.
  • If you have chosen not to 'Review and modify partitioning layout', then go to Section C (below).
  • If you have chosen to 'Review and modify partitioning layout' and thus customise your partitions, then keep reading :-)

If your hard disks contain data you may see the following notice "Warning, You have chosen to remove all partitions (ALL DATA) on the following drives":

  • If you do and you are happy to proceed , choose <YES> then click <NEXT> to proceed.
  • If you do but you are not happy to proceed, choose <NO> and return to the previous step to make the necessary changes.

The next screen will now enable you to create your partitions, but don't worry, we will do this together, step by step. On the other hand, if you are confident that you know how to do this, then simply make your changes and jump to the next (section C).

As previously mentioned, CentOS uses LVM by default and my Example System is using two SATA based hard disks - an 80GB primary SATA drive and a 500GB secondary SATA drive. Identified by the device name as SDA and SDB respectively, where the former will be used to contain our system, the latter will be used to store all user based data.

With this in mind, from the following screenshot you will notice that the installer has already created the Logical Volume Group:


We will now rename this group to something more 'user friendly'.

Naturally, you may want to use different names than those suggested by this tutorial so please experiment as required (but stick to lower case alpha numerics and do not use spaces).

So as you can see from the following screenshot, (using your mouse) highlight the row labelled 'VolGroup00' and choose <EDIT> to proceed:


As the next screenshot illustrates, you will now be presented with a pop-up window called 'Edit LVM Volume Group: VolGroup00'.

So let's begin ...

  • In the field titled 'Volume Group Name' - change this to 'MainGroup00' or something you prefer - i.e. vg_computername.
  • Leave 'Physical Extent' alone. This value is automatically chosen by the installer and is usually a good estimate of your systems capabilities.
  • As we want to use both hard disks make sure that both physical volumes are selected with a tick in the box next to the relevant device name.

"The values 'Used Space' and 'Total Space' simply shows a total of the 'Physical Volumes to Use' in MB whereas the use of '00' in our naming policy is only a numeric reference just in case you ever wanted to add a new LVM group at another time in the future. So you could always create a new LVM called MainGroup01 etc.. etc..."


Let's turn our attention to building the swap space.

"Swap space is used by the computer to assist RAM based operations. Linux divides your computers RAM into chucks of memory called pages. The action of 'swapping' describes a process in which a page of memory is freed from the physical RAM by copying it to a space on the hard disk called 'swap'. Based on this you will now realise that the combined sizes of both, the physical memory and the swap space is the amount of virtual memory available to your system. Technically speaking, you don't need to know how to calculate the value as CentOS will do that for you but for those who want to know (bearing in mind that there is no definitive rule) it is best to work on an estimate of your computers total (physical) RAM and multiplying it by a value between 1.7 and 2. Consequently a machine with 3GB RAM will have a swap space of between 5-6GB space, whereas a machine with 2GB RAM may require between 3-4GB space etc... etc..."

As shown in the following screenshot, we will customise our 'swap space' by selecting the row labelled 'LogVol01' and choose <EDIT> to proceed.


In response to this you will be presented with a new pop-up window called 'Edit Logical Volume: LogVol01' like so:


In the new pop-up window called 'Edit Logical Volume: LogVol01' simply:

  • Modify the field titled 'Logical Volume Name' and change this to 'swap'.
  • You can use the field titled 'Size (MB)' to adjust the size of the swap partition but the installer should have already picked the optimal size.
  • Choose <OK> when complete.

Remember if you think you have made a mistake at any time, choose <Cancel> and repeat the previously described steps above.


Having finalised the above step you will notice that the Logical Volume Name 'swap' now appears in the window called 'Edit LVM Volume Group: VolGroup00' thereby giving us the chance to turn our attention to the other partitions and to complete our partitions

So let's recap:

  • The Example System has two SATA hard disks with a total disk space of 553120MB - 1 x 80GB (identified as device name SDA) and 1 x 500GB (identified as device name SDB).
  • It is intended that we want to place all the system files (including the swap space) on disk SDA (76192MB) whilst allowing the users to put their data on SDB (476928MB).
  • The system files will be installed on my 'root partition'.
  • We have just completed the steps required to create a 'swap' partition totalling 5056MB thereby leaving me with a system disk (SDA) size of 71136MB.
    Calculated as 76192MB - 5056MB = 71136MB.
  • We now need to create the 'root' partition that will utilise the remaining space (71136MB) on device name SDA.

"If your hard disks are of a different size or order, simply vary the calculations I have made to create your own partitions"

To create the 'root' partition, simply:

  • Select the row 'LogVol00' and choose <EDIT> to proceed.

You will now see a pop-up window called 'Edit Logical Volume: LogVol00':


From the screenshot below you will see the resulting pop-up window called 'Edit Logical Volume: LogVol00'.

Based on our calculations simply:

  • Modify the field titled 'Logical Volume Name' and change this to 'root'.
  • Change the field called 'Size (MB)' to a value representative of the remaining space on device name SDA. For the Example System we have previously calculated this as 71136MB (Total size of disk SDA - Swap Space = 71136MB).
  • Choose <OK> when complete.

This will close the window called 'Edit Logical Volume: LogVol00'


On our return to the window called 'Edit LVM Volume Group: VolGroup00', you will notice we have

  • A partition called 'swap' on device name SDA.
  • A partition called 'root' on device name SDA.
  • And 476928MB of space free for user data. For the Example System, this is the total disk space available for device name SDB.

Our user data will be installed on this free space, so let's finalise our partition scheme.

  • From the logical volumes list, where you will find three buttons <ADD>, <EDIT>, <DELETE>.
  • Choose <ADD>.
  • As shown below you will be presented with a new window called 'Make Logical Volume'.

Fill in the details as shown below:

  • For Mount Point, choose '/home' from the drop-down menu.
  • For 'File System Type', choose 'ext3' from the drop-down menu.
  • For the field 'Logical Volume Name', type 'home'.
  • For the field 'Size (MB)', use a value equal to the remaining free space available. Based on our previous calculations this was 476928MB.
  • Choose <OK> when complete.

Well done. We have now finalised our partition scheme and you should see something similar to the following screenshot. Remember, your values may be different depending on your disk size and preferred approach to naming your volumes etc ... etc ...

"As we know, over-sized log files can crash your server and the easiest solution to to avoid this scenario would be based on creating a a separate partition for VAR. 'Var' is where your log files are kept and depending on on the needs of your server (for additional security and performance) it could be worth considering the need to reduce the potential risk associated with malicious attacks that attempt to exploit the size of your log files. All you need to do is modify your calculations for your 'root' partition and create a new logical volume called VAR . As you have seen, it isn't a very complicated to use Disk Druid, so simply reserve some space from your 'root' partition (or use another hard disk) and vary the instruction given to create an isolated partition for VAR."

When you are ready, choose <NEXT> to proceed.


Nearly done ...

To finalise our partitioning you will now be asked where we should install the 'GRUB' boot loader; and looking at the screenshot below the installer would have already set the correct values automatically.

Choose <NEXT> to proceed.


C) Network Settings

The partitions are set and you will be asked to confirm your networking choices.

Remember, if you are intending to the system as a server, then you should not use DHCP.

So simply choose the <EDIT> button to proceed.


As you can see from the following screenshot. Simply complete the pop-up window titled 'Edit Interface' with your required values but remember to deselect 'Enable IPv6 support' if it is not required:

"You can populate the 'Manual Configuration' by simply checking the 'Dynamic IP configuration (DHCP)', un-checking 'Enable IPv6 support', and by giving your network card a static IP address. As an example, a typical IP address would be 192.168.1.100 and the required subnet mask for this value would be 255.255.255.0"

Choose <OK> when complete:


Returning to our previous screen you will now need to supply the following information but because CentOS can be used as both, a server or desktop we will re-visit them later on this tutorial to ensure that everything is correct. So any decisions made now can be modified later-on:

  • Hostname - i.e servername.serverdomain.lan or server1.server.com etc ...
  • Gateway - the IP address of your router.
  • Primary DNS - typically this could be the IP address of your primary DNS server.
  • Secondary DNS - typically this could be the IP address of your secondary DNS server.

"Remember, the actual values you choose are dependant on your networking conditions and purpose. If you are on the world-wide web a hosting provider should supply this information, but for a local 'home or office server' that does not run independent DNS servers you could use those values shown below by completing it with a secondary DNS equal to your routers IP address. For those who want a local server (home or office) to be accessible to the world-wide web, you will need a static IP address or a dynamic DNS hosting service with appropriate access to the relevant ports."

Choose <NEXT> to finalise this process:


D) Time Zone/Location & Setting Your Root Password

Select your time zone/location using the interactive map or drop-down list; but as stated above, because CentOS can be used as both, a server or desktop we will re-visit them later on this tutorial to ensure that everything is correct. So any decisions made now can be modified later-on:

Choose <NEXT> to proceed:


And finally, elect an appropriate password for the root user and choose <NEXT> to proceed:


F) Package Selection & Install

As the Example System is to concentrate purely on a server based role, in this tutorial we will not be installing a desktop GUI. For this reason our initial software choices are going to be minimal.

  • As shown in the screenshot below, clear all the check boxes in the software selection area.
  • Then check 'Customize now', and click on <Next> to proceed.

Having chosen to customise our installation we will be able to pick what packages we need.

From the following screenshot you will notice that a list of categories can be seen in the left-hand column with a subsequent list of related package groups (particular to each category) in the right-hand column.


As shown in the screenshot below choose the DEVELOPMENT category and mark the individual check boxes for both:

  • Development Libraries.
  • Development Tools.

Now choose the BASE SYSTEM category and unless you need it, clear the individual check box for

  • Dialup Networking Support.

And finally, if necessary, choose the LANGUAGES category and mark the individual check box for your preferred language.

This will complete our package selection.

So when you are ready, choose <NEXT> to continue:


As you can see from the following screenshot the installer will now want to qualify our dependencies for the desired packages.


On completion of this process the installer will confirm that it is ready to go.

Choose <NEXT> to proceed.


During the following few minutes the installer will begin to:

  • Format the hard drives and then
  • Install the system and selected software packages.

"If you are using a CD as your installation media of choice you may need to change discs when prompted."


Finally, when the installation is complete you will be asked to remove your installation media from the computer and reboot.

When you are ready, choose <REBOOT> to proceed.



Step 2: Configuration

First Boot

If the installation has gone well, after a brief re-start you will be presented with the'Setup Agent' and from this point onwards you will be working in console mode. Your opportunity to use a secure shell environment will be apparent shortly but for purpose of this tutorial we will refer to this initial phase as the 'first boot'.

From the screenshot found below it is noticeable that the'Setup Agent' allows us to access and configure many elements of the operating system. We will return to these features later but as this stage we are only concerned with the process of activating the systems Firewall.

To do this we will:

  • Use the (up/down) arrow keys to choose 'Firewall configuration'.
  • Use the TAB key to activate the red buttons, choose 'Run Tool' with the (left/right) arrow keys and hit the <RETURN> key to proceed.

By using the arrow keys and as shown in the screenshot below we will now disable SELinux and enable our Firewall.

To do this we will:

  • Make sure the 'Security Level' is set to 'Enabled' by toggling a star symbol with the <SPACE BAR>.
  • TAB down to 'SELinux' and use the arrow keys to select 'DISABLED'.
  • TAB down to the red buttons and use the arrow keys to choose 'Customize'.
  • Hit the <RETURN> key to proceed.

"SELinux or Security Enhanced Linux was originally developed by the NSA to provide hardened security policies that can even affect the administrator of the system. As a result, SELinux is not only considered to be a very big subject, but for the same reason it is generally accepted that most administrators will disable it (particularly if you intend to install other applications). So don't worry, we are only following convention and if you intend to master and use SELinux at a later date you can always access this screen at any time by typing 'setup' at the command prompt."


Our intention is to open a select number of firewall ports, and so, by using the arrow keys, simply highlight the relevant ports and mark them as active by using the <SPACE BAR> to toggle a star symbol in the following areas:

  • SSH
  • Telnet (if required)
  • Samba

Please use the following screen shot as a guide and feel free to open any additional ports you may require.
For example, in 'Other Ports' you could type 'mysql:tcp domain:udp' to open MySQL and BIND on ports 3306 and 53 respectively.

When complete, use the TAB key to highlight <OK> and hit the <RETURN> key to confirm and exit this screen.


And as the screenshot found below indicates, by using the TAB key to highlight the <Exit> button you may leave the 'Setup Agent'.

When selected, hit the <RETURN> key to proceed.


As the following screenshot now indicates, the 'Setup Agent' will now close and you will be given access to the console.

At the command prompt, login as 'root' to proceed:


Some basic commands

Before we reboot our computer to activate the security features we have just applied let's take this opportunity to make a few tweaks to some basic functions.

To read any file, use the following command at any time throughout this tutorial:

 
# cat /etc/redhat-release

To make a back-up of any file, use the following command at any time throughout this tutorial:

 
# cp /path/to/file/filename /path/to/file/filename.bak

To read any file, use the following command at any time throughout this tutorial:

 
# cat /etc/redhat-release

To edit any file in the text editor , use the following command (choosing Nano or VI) at any time throughout this tutorial:

 
# nano /path/to/file/filename 
# vi /path/to/file/filename

To see how much RAM is being used, use the following command at any time throughout this tutorial:

 
# free -m

For the Example System, this command responds with:

 
             total       used       free     shared    buffers     cached 
Mem:          3042        179       2862          0         13        125 
-/+ buffers/cache:         40       3001 
Swap:         5055          0       5055

The above simply tells us that the computer is running 3042MB physical RAM and is currently wanting to use a maximum value of 179MB RAM. Otherwise, to see how much disk space is being used, use the following command at any time throughout this tutorial:

 
# df -h

For the Example System, this command responds with:

 
Filesystem            Size  Used Avail Use% Mounted on 
/dev/mapper/MainGroup00-root 
                       68G  1.6G   63G   3% / 
/dev/sda1              99M   12M   82M  13% /boot 
/dev/mapper/MainGroup00-home 
                      452G  199M  428G   1% /home 
tmpfs                 1.5G     0  1.5G   0% /dev/shm

To review your LVM setup, use the following command at any time throughout this tutorial:

 
# display lvm

For the Example System, this command responds with:

 
  --- Logical volume --- 
  LV Name                /dev/MainGroup00/root 
  VG Name                MainGroup00 
  LV UUID                aJU9Sn-so0H-7jf9-isgn-vB7s-7UQX-AE9YUZ 
  LV Write Access        read/write 
  LV Status              available 
  # open                 1 
  LV Size                69.47 GB 
  Current LE             2223 
  Segments               1 
  Allocation             inherit 
  Read ahead sectors     auto 
  - currently set to     256 
  Block device           253:0 
 
  --- Logical volume --- 
  LV Name                /dev/MainGroup00/home 
  VG Name                MainGroup00 
  LV UUID                U09DT7-ugDl-6l1b-FfYt-Ycux-SOvQ-y3S8AT 
  LV Write Access        read/write 
  LV Status              available 
  # open                 1 
  LV Size                465.75 GB 
  Current LE             14904 
  Segments               1 
  Allocation             inherit 
  Read ahead sectors     auto 
  - currently set to     256 
  Block device           253:1 
 
  --- Logical volume --- 
  LV Name                /dev/MainGroup00/swap 
  VG Name                MainGroup00 
  LV UUID                aQhQS0-yGEi-ZxAY-DgQu-TXeo-U1oe-2SxQ1d 
  LV Write Access        read/write 
  LV Status              available 
  # open                 1 
  LV Size                4.94 GB 
  Current LE             158 
  Segments               1 
  Allocation             inherit 
  Read ahead sectors     auto 
  - currently set to     256 
  Block device           253:2

Manage your Firewall

To check your Firewall, otherwise referred to as IPTables, use the following command at any time throughout this tutorial:

iptables -L

For the Example System, this command responds with:

 
Chain INPUT (policy ACCEPT) 
target     prot opt source               destination 
RH-Firewall-1-INPUT  all  --  anywhere             anywhere 
 
Chain FORWARD (policy ACCEPT) 
target     prot opt source               destination 
RH-Firewall-1-INPUT  all  --  anywhere             anywhere 
 
Chain OUTPUT (policy ACCEPT) 
target     prot opt source               destination 
 
Chain RH-Firewall-1-INPUT (2 references) 
target     prot opt source               destination 
ACCEPT     all  --  anywhere             anywhere 
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere 
ACCEPT     ah   --  anywhere             anywhere 
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-ns 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-dgm 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:netbios-ssn 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:microsoft-ds 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

"IPTables run in a sequence, so when editing your IPTable rules make sure that the important stuff is near the top of the page."

To edit your Firewall (IPTables) at the command prompt type:

# nano /etc/sysconfig/iptables

Example 1: To reduce the ferocity of SSH attacks with iptables, add the following to your rules:

 
-A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource 
-A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

This will force a visitor or bot to wait 60 seconds before they are allowed to try again after having failed 4 login attempts.

Example 2: To allow only a specific IP addresses to connect to SSH (where XXX.XXX.XXX.XXX is the IP address concerned), add the following to your rules:

 
-A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 22 -j ACCEPT

Example 3: To block a specific IP addresses (where XXX.XXX.XXX.XXX is the IP address concerned), add the following to your rules:

 
-A INPUT -s XXX.XXX.XXX.XXX -j DROP

Remember, if you have made any changes to your IPTables, always save/close the file and then restart the service by typing:

# /sbin/service iptables restart

Set LVM Filters (optional)

In many respects this is entirely optional and only needs to be referred to if you would like to remove your CD-Rom from the LVM boot routine. Should you wish to do this you will need to complete the following tasks.

At the command prompt type:

# nano /etc/lvm/lvm.conf

Find and comment the following lines like so:

 
# By default we accept every block device: 
# filter = [ "a/.*/" ]

And add the following line instead:

 
filter = [ "a/.*/", "r|/dev/cdrom|" ]

So it looks like:

 
# By default we accept every block device: 
# filter = [ "a/.*/" ] 
filter = [ "a/.*/", "r|/dev/cdrom|" ]

Then close and save the file. And now type:

# nano /etc/lvm/cache/.cache

And delete any reference to the device named 'hda'. Then close and save the file.

Log File Configuration (optional)

For most people the standard log file rotation scheme will be enough, but let's say you want your logs to rotate on a daily basis for 30 days (compressing the old logs). To do this, simply open up the following file and make the necessary changes:

 
# rotate log files weekly 
daily 
 
# keep 4 weeks worth of backlogs 
rotate 30 
 
# uncomment this if you want your log files compressed 
compress

Background Services

CentOS, like all operating systems runs background services. Some of them are important whereas many others are obviously not necessary and simply waste resources. So with this in mind lets take a few moments to switch on or off the following services, by doing this we will stop these services from starting-up at the next reboot..

To proceed simply copy/paste or type the following command into your console - one line at a new time.

 
# chkconfig bluetooth off

You should have typed "chkconfig bluetooth off", and as a result you will see something similar to the following in your console window:

 
# chkconfig bluetooth off 
[root@yourcomputer ~]#

Congratulations, and as a consequence of this you have now switched off the blue tooth service which will save a lot of resources.

Now, let's complete this routine and make sure the following services are turned off. Like before we will simply copy/paste or type the following commands into your console - one line at a new time. In this example I will be switching off IP6TABLES (IPv6 Firewall) as the system we are building will not be using them.

To proceed, type these commands one line at a time:

 
# chkconfig hidd off 
# chkconfig apmd off 
# chkconfig ip6tables off 
# chkconfig firstboot off 
# chkconfig apmd off 
# chkconfig cpuspeed off 
# chkconfig netfs off 
# chkconfig nfslock off 
# chkconfig portmap off 
# chkconfig rpcgssd off 
# chkconfig rpcidmapd off 
# chkconfig mdmonitor off

And now, let's make sure the following services are turned on:

 
# chkconfig saslauthd on 
# chkconfig iptables on

And finally, to check which services are running, use the following command at any time throughout this tutorial:

 
chkconfig --list |grep "3:on" |awk '{print $1}' |sort

So, let's reboot the computer so that changes to can be applied.

# reboot

Networking - Part 1

The networking capabilities of your server are essential, and even though we configured these during the installation process we need to make a final visit to make sure that they are running perfectly and that we remove any excess resources they do not need.

RHEL based servers generally keep all the networking files in '/etc/sysconfig/' where you will find subsequent folders such as '/etc/sysconfig/network-scripts/' and '/etc/sysconfig/networking/'. We will restrict our attention to the first two, but before we begin and just to be on the safe side it is always a good idea to make a 'backup' of these files. So, as described above, we shall use the copy command to replicate these files in an easy to remember backup format (notice the .bak extension).

 
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.bak

Consequently, if you ever make a mistake can simply call the following command to restore your original file.

 
# cp /etc/sysconfig/network-scripts/ifcfg-eth0.bak /etc/sysconfig/network-scripts/ifcfg-eth0

So let's begin ...

The example server for this tutorial features a single ethernet connection known as 'ifcfg-eth0'. So let's open that file in our favourite text editor like so:

 
# nano /etc/sysconfig/network-scripts/ifcfg-eth0

And if your server is using the suggested 192.168.1 addressing schema you will want to finalise the settings so they look similar to the following but remembering to change the network values in order to match your own settings:

 
# The name of your ethernet device may be stated here ... 
DEVICE=eth0 
BOOTPROTO=static 
BROADCAST=192.168.1.255 
HWADDR=00:17:31:B2:80:99 #(do not change this value from your original) 
IPADDR=192.168.1.100 
NETMASK=255.255.255.0 
NETWORK=192.168.1.0 
ONBOOT=yes

For example, the IPADDR and HWADDR lines should reflect the chosen IP address you wish to use for this server whereas the latter should show the same MAC address as was originally found. Should you ever make a mistake and lose your network card's MAC address, simply type the following in to the console (ignoring the hash):

# /sbin/ifconfig | grep -i hwaddr

Which should respond with something as follows:

 
eth0      Link encap:Ethernet  HWaddr 00:17:31:B2:80:99

The sequence of hexadecimal digits that appears to the right of eth0 HWAddr (i.e. 00:17:31:B2:80:99) is your network card's MAC Address.

Add a second IP address to eth0 (optional)

This section is optional and need only be used by those who need more than one IP address on a single interface. If you only need a single IP address then simply skip this section and go to Networking - Part 2.

As described above, if we assume our primary network interface is configured correctly we will need to copy these settings to a new, virtual network interface called 'eth0:0' like so:

 
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

And if your original IP address is 192.168.1.100 you will want to finalise the settings in our virtual interface so it looks similar to the following:

 
# The name of your ethernet device may be stated here ... 
DEVICE=eth0:0 
BOOTPROTO=static 
BROADCAST=192.168.1.255 
IPADDR=192.168.1.101 
NETMASK=255.255.255.0 
NETWORK=192.168.1.0 
ONBOOT=yes

As you can see, we have removed the HWADDR line as this will be a replica of that on the main interface. We have used a new IP address (192.168.1.101) and simply renamed the DEVICE handler (to eth0:0).

On completion we have to restart the network like so:

 
# /sbin/service network restart

This will respond with something similar to the following:

 
Shutting down interface eth0:  [  OK  ] 
Shutting down loopback interface:  [  OK  ] 
Bringing up loopback interface:  [  OK  ] 
Bringing up interface eth0:  [  OK  ]

And we can confirm our settings like so:

 
# ifconfig

Again, this will respond with something similar to the following:

 
eth0      Link encap:Ethernet  HWaddr 00:17:31:BD:B6:98 
          inet addr:192.168.1.137  Bcast:192.168.1.255  Mask:255.255.255.0 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
          RX packets:5659 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:1286 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:389948 (380.8 KiB)  TX bytes:179134 (174.9 KiB) 
          Interrupt:217 Base address:0x2000 
 
eth0:0    Link encap:Ethernet  HWaddr 00:17:31:BD:B6:98 
          inet addr:192.168.1.138  Bcast:192.168.1.255  Mask:255.255.255.0 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
          Interrupt:217 Base address:0x2000 
 
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0 
          UP LOOPBACK RUNNING  MTU:16436  Metric:1 
          RX packets:174 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:174 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:0 
          RX bytes:13530 (13.2 KiB)  TX bytes:13530 (13.2 KiB)

Networking - Part 2

Now we want to edit our hosts file. So let's open it up in our favourite text editor like so:

 
# nano /etc/sysconfig/network

And make it look like so, remembering to customise the settings to match your needs:

 
NETWORKING=yes 
NETWORKING_IPV6=no 
HOSTNAME=server.servername.lan 
DOMAINNAME=servername.lan 
GATEWAYDEV=eth0 
GATEWAY=192.168.1.254

Now we want to edit our hosts file. So let's open it up in our favourite text editor like so:

 
# nano /etc/hosts

Simply change the contents of '/etc/hosts' to look as follows but remembering to customise the settings to match your needs:

As you will remember from our installation procedures the example computer called 'servername.serverdomain.lan' is not using IPv6. If you have configured multiple IP addresses then remember to use your primary address in this file.

 
# Do not remove the following line, or various programs 
# that require network functionality will fail. 
127.0.0.1   localhost.localdomain localhost 
192.168.1.100 servername.serverdomain.lan servername 
 
::1   localhost6.localdomain6 localhost6

Now we want to edit our resolve.conf file. So let's open it up in our favourite text editor like so:

 
# nano /etc/resolve.conf

Simply change the contents of '/etc/resolve.conf' to look as follows but remembering to customise the settings to match your needs:

 
search serverdomain.lan 
nameserver 127.0.0.1 
nameserver 192.168.1.100 
nameserver 192.168.1.254

To confirm the above 'hosts' and 'resolve.conf' settings we do this:

 
# /sbin/service network restart 
# hostname 
# hostname -f 
# nslookup www.google.com

Both 'hostname' and 'hostname -f' should respond with your full computer name (i.e 'servername.serverdomain.lan') whilst the result from 'nslookup' would look as follows:

 
Server:127.0.0.1 
Address:127.0.0.1#53 
 
Non-authoritative answer: 
www.google.comcanonical name = www.l.google.com. 
Name:www.l.google.com 
Address: 209.85.227.104 
Name:www.l.google.com 
Address: 209.85.227.105 
Name:www.l.google.com 
Address: 209.85.227.106 
Name:www.l.google.com 
Address: 209.85.227.147 
Name:www.l.google.com 
Address: 209.85.227.99 
Name:www.l.google.com 
Address: 209.85.227.103

If everything responds correctly, and in order to optimise our system resources to finish off we will remove the Network Manager (which is a feature generally associated with desktop-based installations that may use DHCP). At the command prompt type:

 
# yum remove NetworkManager

Confirm the request to remove Network Manager and then, having completed the following steps it is always simpler to reboot the entire system:

 
# reboot

Post Network configuration checks

Having re-started your machine and returned as the 'root user' we want to make sure that our networking started correctly.

To do this we simply re-visit some of our previous steps like so:

 
# hostname 
# nslookup www.google.com

As before, if everything reports without any issues then we can proceed to the next step ...

Time, Language and Location

First of all, we will want to confirm that the language file is using the correct settings. By using the following command we will open up the language file in our favourite text editor:

 
# nano /etc/sysconfig/i18n

Most systems will automatically default to the US language but if you remember from the original installation the example machine is UK based so it should look similar to the following ...

 
LANG="en_GB.UTF-8" 
SYSFONT="latarcyrheb-sun16"

We simply replaced 'en_US.UTF-8' with 'en_GB.UTF-8'. Now save the file and enter the following command to confirm our localisation settings:

# tzselect

If entered correctly it should respond with something similar to the following:

 
Please identify a location so that time zone rules can be set correctly. 
Please select a continent or ocean. 
 1) Africa 
 2) Americas 
 3) Antarctica 
 4) Arctic Ocean 
 5) Asia 
 6) Atlantic Ocean 
 7) Australia 
 8) Europe 
 9) Indian Ocean 
10) Pacific Ocean 
11) none - I want to specify the time zone using the Posix TZ format. 
#? 8

At the prompt simply type in a number that refers to your location::

 
 Please select a country. 
 1) Aaland Islands        18) Greece                35) Norway 
 2) Albania               19) Guernsey              36) Poland 
 3) Andorra               20) Hungary               37) Portugal 
 4) Austria               21) Ireland               38) Romania 
 5) Belarus               22) Isle of Man           39) Russia 
 6) Belgium               23) Italy                 40) San Marino 
 7) Bosnia & Herzegovina  24) Jersey                41) Serbia 
 8) Britain (UK)          25) Latvia                42) Slovakia 
 9) Bulgaria              26) Liechtenstein         43) Slovenia 
10) Croatia               27) Lithuania             44) Spain 
11) Czech Republic        28) Luxembourg            45) Sweden 
12) Denmark               29) Macedonia             46) Switzerland 
13) Estonia               30) Malta                 47) Turkey 
14) Finland               31) Moldova               48) Ukraine 
15) France                32) Monaco                49) Vatican City 
16) Germany               33) Montenegro 
17) Gibraltar             34) Netherlands 
#? 8

As you can see, I have selected number '8' for 'Britain (UK)' and the console responds as follows:

 
The following information has been given: 
 
        Britain (UK) 
 
Therefore TZ='Europe/London' will be used. 
Local time is now:      Mon Sep 12 00:59:36 BST 2011. 
Universal Time is now:  Sun Sep 11 23:59:36 UTC 2011. 
Is the above information OK? 
1) Yes 
2) No 
#? 1

Choose '1' to confirm these settings or '2' to cancel and choose another location.

If you have confirmed the current settings the console will respond in the appropriate manner detailing your location information like so:

 
You can make this change permanent for yourself by appending the line 
        TZ='Europe/London'; export TZ 
to the file '.profile' in your home directory; then log out and log in again. 
 
Here is that TZ value again, this time on standard output so that you 
can use the /usr/bin/tzselect command in shell scripts: 
Europe/London

If you want to have the system clock synchronized with an external NTP server simply install the NTP software and switch the service on at boot:

 
# yum install ntp 
# chkconfig ntpd on

To confirm our NTP software simply type the following:

 
# date

Which should respond with the correct date and time like so:

 
Mon Sep 12 15:09:29 BST 2011

Yum Updates

Let's update the system ...

 
# yum clean all 
# yum update

Accept any updates that are made available to you and reboot to complete this stage.

 
# reboot

Step 3: Additional Hard Disks, Directories, Printing & Backups

Based on the original specification of the Example Server described at the beginning of this tutorial we will now turn towards the task of adding an additional hard disk. This section is entirely optional so if you have no additional hard disks to add to your computer, simply jump to Stage 4 below.

First of all we will need to switch off our computer and attach our additional hard disk.

So login is as the 'root user' and type:

 
# halt

Let's recap on what we said at the outset of this tutorial:

  • In the original specification I have an additional drive called 'Drive 3'
  • The purpose of this hard disk to act as a back-up to the activity of file sharing.
  • We will not be adding this to the LVM for one very good reason. If the LVM fails it is quite an ordeal to rebuild it, so for simplicity (as we all like simplicity) the third drive will be mounted as an EXT3 formatted drive in a suitable location on our system (i.e. /backup). This will ensure that the data on this hard disk is not affected by any failure of the main system. An LVM failure is not expected, but 'never say never ... and always be prepared' as LVM failures are arguably hardware related.

Connect your third hard drive following the instructions on your motherboard's user manual and switch your computer back on - when you are able to do so, login as the root user and let's change our identity to the 'super user' with the following command:

 
# su -

And use the following command to display all hard disks with their relevant device names:

 
# fdisk -l

The response could look similar to the following:

 
Disk /dev/sda: 80.0 GB, 80026361856 bytes 
255 heads, 63 sectors/track, 9729 cylinders 
Units = cylinders of 16065 * 512 = 8225280 bytes 
 
   Device Boot      Start         End      Blocks   Id  System 
/dev/sda1   *           1          13      104391   83  Linux 
/dev/sda2              14        9729    78043770   8e  Linux LVM 
 
Disk /dev/sdb: 500.1 GB, 500107862016 bytes 
255 heads, 63 sectors/track, 60801 cylinders 
Units = cylinders of 16065 * 512 = 8225280 bytes 
 
   Device Boot      Start         End      Blocks   Id  System 
/dev/sdb1   *           1       60801   488384001   8e  Linux LVM 
 
Disk /dev/sdc: 500.1 GB, 500107862016 bytes 
255 heads, 63 sectors/track, 60801 cylinders 
Units = cylinders of 16065 * 512 = 8225280 bytes 
 
   Device Boot      Start         End      Blocks   Id  System

From the consoles response you will notice a number of disks listed, each with a relevant device name (as listed on the left-hand side of above read-out). Where both '/dev/sda' and '/dev/sdb' are used by LVM to form the base system the disk we have just added should be listed as '/dev/sdc'.

By taking a closer look we can see that device name '/dev/sdc' is currently un-formatted and thus the console reports the following information:

 
Disk /dev/sdc: 500.1 GB, 500107862016 bytes 
255 heads, 63 sectors/track, 60801 cylinders 
Units = cylinders of 16065 * 512 = 8225280 bytes 
 
   Device Boot      Start         End      Blocks   Id  System

Format your new hard disk

By referencing the correct device name type (replacing 'sdc' with the correct value) use the following command:

 
# fdisk /dev/sdc

The response will look similar to this:

 
The number of cylinders for this disk is set to 60801. 
There is nothing wrong with that, but this is larger than 1024, 
and could in certain setups cause problems with: 
1) software that runs at boot time (e.g., old versions of LILO) 
2) booting and partitioning software from other OSs 
   (e.g., DOS FDISK, OS/2 FDISK) 
 
Command (m for help):

As it states on the console, simply type 'm' for help but these are the main commands you will need to know/use:

 
m - help 
p - print the partition table 
n - create a new partition 
d - delete a partition 
q - quit without saving changes 
w - write the new partition table and exit

If your disk is like mine, un-formatted, then jump to the section titled 'create a new partition on your hard disk'.
Otherwise, if your is pre-formatted with existing data, read on ...

Delete/Blank all existing data on your hard disk

If you need to delete any data on your hard disk, use the following routine (typing one line at a time):

 
# d 
# w

In the above example we initially used 'd' to delete the partition and then 'w' to replace the partition table on the disk.
When finished, you will exit from the fdisk feature, therefore you will need to re-open your disk with:

 
# fdisk /dev/sdc

And confirm the disk is blank by typing:

 
# p

The 'p' command will print the current hard disk partition table and you should see a blank partition table. To quit fdisk type:

 
# q

Having created a partition table on your hard disk you should now read-on and learn how to 'create a new partition on your hard disk'.

Create a new partition on your hard disk

To make the disk useful to us, first of all we need to create a partition - i.e. sdc1. This is very simple to do but be very careful not to target the wrong disk, this action cannot be undone - like all actions described in this Step 3.

So by replacing 'sdc' with the correct value follow this routine (one line at a time):

 
# fdisk /dev/sdc

Type 'n' like so:

 
Command (m for help): n

The response will look similar to this:

 
Command action 
   e   extended 
   p   primary partition (1-4)

Choose 'p' and then elect number '1' when asked for a partition number like so:

 
Command action 
   e   extended 
   p   primary partition (1-4) 
p 
Partition number (1-4): 1

During the next step, simply accept the default values as shown and hit the <RETURN> key:

 
First cylinder (1-6081, default 1):

And again, when asked simply accept the default values as shown and hit the <RETURN> key::

 
First cylinder (1-6081, default 1): 1 
Last cylinder or +size or +sizeM or +sizeK (1-6081, default 6081):

Confirm your instruction by typing:

 
# p

The 'p' command will print-out your intended plan to create a new partition table (i.e depending on the device name you will see a partition table called sda1 or sdb1 or sdc1 etc .. etc ...) like so:

 
Disk /dev/sdc: 500.1 GB, 500107862016 bytes 
255 heads, 63 sectors/track, 60801 cylinders 
Units = cylinders of 16065 * 512 = 8225280 bytes 
 
   Device Boot      Start         End      Blocks   Id  System 
/dev/sdc1               1       60801   488384001   83  Linux

If you have made a mistake at this stage simply type 'q' and start again, but if you are happy to proceed then type:

 
# w

The computer will now write the partition table to the disk and when complete the console will respond with a similar message to that as follows:

 
Command (m for help): w 
The partition table has been altered! 
 
Calling ioctl() to re-read partition table. 
Syncing disks.

Format your hard disk

To format your hard disk using the EXT3 format, simply type the following (replacing 'sdc1' with the correct value):

 
# mkfs.ext3 /dev/sdc1

The subsequent operation will look similar to this:

 
mke2fs 1.39 (29-May-2006) 
Filesystem label= 
OS type: Linux 
Block size=4096 (log=2) 
Fragment size=4096 (log=2) 
61063168 inodes, 122096000 blocks 
6104800 blocks (5.00%) reserved for the super user 
First data block=0 
Maximum filesystem blocks=0 
3727 block groups 
32768 blocks per group, 32768 fragments per group 
16384 inodes per group 
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
102400000 
 
Writing inode tables: done 
Creating journal (32768 blocks): done 
Writing superblocks and filesystem accounting information: done 
 
This filesystem will be automatically checked every 27 mounts or 
180 days, whichever comes first.  Use tune2fs -c or -i to override.

When complete the console will respond appropriately and you can re-check your work with:

 
# fdisk -l

The above command should show all your hard disks (including the new disk) with a valid partition and file format or you may use the following 'human-friendly' command:

# df -h

Mount your hard disk

We now need to mount your new hard disk.

Mount points are like directories or folders and that are very simple to create and should always be created as the 'root user' like so:

 
# mkdir /newdisk

or

 
# mkdir /home/newdisk

So, for the Example System, let's create a mount point in the root of our drive called 'backup' like so:

 
# mkdir /backup

And that's it, now we must modify 'fstab' in order that we can automatically mount our drive at start-up.

However, because 'fstab' is a very important file, before we begin, let's back it up:

 
# cp /etc/fstab /etc/fstab.bak

So if your computer fails to boot, all you need to do is jump into rescue mode and replace the recently edited file with the back-up file like so:

 
# cp /etc/fstab.bak /etc/fstab

Now, let's open /etc/fstab file, with:

 
# nano /etc/fstab

It could look something like this:

 
/dev/MainGroup00/root   /                       ext3    defaults        1 1 
LABEL=/boot             /boot                   ext3    defaults        1 2 
/dev/MainGroup00/home   /home                   ext3    defaults        1 2 
tmpfs                   /dev/shm                tmpfs   defaults        0 0 
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0 
sysfs                   /sys                    sysfs   defaults        0 0 
proc                    /proc                   proc    defaults        0 0 
/dev/MainGroup00/swap   swap                    swap    defaults        0 0

And append like so:

 
/dev/sdc1               /backup                 ext3    defaults        1 2

Use the <TAB> key to create the relevant spaces, then save and close the file.
And finally, to complete this stage, simply reboot your computer and if all goes well you can now decide to create some working folders or jump to Step 4 below ..

How to create working folders

Creating working folders on CentOS is exactly the same as any other Linux based distribution. So, let's assume we want to add some working directories to our new partitioned and formatted backup drive located at /backup. Simply create a folder like so:

 
# mkdir /backup/my-new-folder

Having created our folder as a the 'root user' it is always good practice to change the permissions for accessibility by other accounts. So decide what permissions you would like to grant to this folder (based on its purpose) and simply run the following command:

 
# chmod 0755 /backup/my-new-folder

In the above command we simply changed the permission of 'my-new-folder' to 0755.

Rsync

Based on the format of this tutorial you will discover that RSYNC is installed by default. You can confirm this by typing:

 
# yum install rsync

YUM Priorities & Rsnapshot (optional)

RSNAPSHOT is not available through the standard YUM repositories so we will need to install the EPEL repository and YUM priorities.

To install the EPEL repository we need to type the following command:

 
# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Following this, we need to install YUM priorities with the following command:

# yum install yum-priorities

We should now confirm YUM priorities is installed correctly with the following command:

# cat /etc/yum/pluginconf.d/priorities.conf

The console should respond as follows:

 
[main] 
enabled = 1

Now you need to review all your repositories and give them a priority number from 1-99 the repositories with the lowest number get the highest priority, so it would be advisable to set all the CentOS repositories to 1.

Open the CentOS-Base.repo file like so:

 
# nano /etc/yum.repos.d/CentOS-Base.repo

It will look similar to this but I have already made the relevant changes (compare them to see if you can see what I have done):

 
[base] 
name=CentOS-$releasever - Base 
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os 
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ 
gpgcheck=1 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 
priority=1 
#released updates  
[updates] 
name=CentOS-$releasever - Updates 
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates 
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ 
gpgcheck=1 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 
priority=1 
#additional packages that may be useful 
[extras] 
name=CentOS-$releasever - Extras 
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras 
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ 
gpgcheck=1 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 
priority=1 
#additional packages that extend functionality of existing packages 
[centosplus] 
name=CentOS-$releasever - Plus 
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus 
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ 
gpgcheck=1 
enabled=0 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 
priority=1 
#contrib - packages by Centos Users 
[contrib] 
name=CentOS-$releasever - Contrib 
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib 
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ 
gpgcheck=1 
enabled=0 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 
priority=2

Did you notice the additional statement 'priority=X' under every 'gpgkey' location regardless of whether the source was enabled or not?
So simply make the relevant changes and save/close this file.

We now need to make a similar change to the EPEL file but by giving it a higher number like so:

 
# nano /etc/yum.repos.d/epel.repo

And make it resemble the following:

 
[epel] 
name=Extra Packages for Enterprise Linux 5 - $basearch 
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch 
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch 
failovermethod=priority 
enabled=1 
gpgcheck=1 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL 
priority=20 
[epel-debuginfo] 
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug 
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug 
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch 
failovermethod=priority 
enabled=0 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL 
gpgcheck=1 
priority=20 
[epel-source] 
name=Extra Packages for Enterprise Linux 5 - $basearch - Source 
#baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS 
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch 
failovermethod=priority 
enabled=0 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL 
gpgcheck=1 
priority=20

To finish off installing YUM priorities you should also give all other references a priority number of 2 or more with the exception of 'epel-testing.repo' which should share the same value used by the 'epel.repo' above.

So open each of the following files in order and make the necessary changes:

 
# nano /etc/yum.repos.d/CentOS-Debuginfo.repo 
# nano /etc/yum.repos.d/CentOS-Media.repo 
# nano /etc/yum.repos.d/CentOS-Vault.repo 
# nano /etc/yum.repos.d/epel-testing.repo

When complete, to proceed we can install Rsnapshot like so:

 
# yum install rsnapshot

Now open the following file, to begin making the relevant changes you need to customise your RSNAPSHOT settings:

 
# nano /etc/rsnapshot.conf

When complete, simply save and close the file. You have now installed rsnapshot.

Create an SSL certificate (optional)

Use the following instruction to create a typical SSL Certificate. However, if you are intending to use an SSL certificate for business purposes then you should purchase an SSL certificate from a suitable provider.

 
# cd /etc/pki/tls/certs

And then type (filling in the required details when asked):

 
# make server.key

Now type, filling in the required details when asked:

 
# openssl rsa -in server.key -out server.key

Now type (filling in the required details when asked):

 
# openssl rsa -in server.key -out server.key

Now type (filling in the required details when asked):

 
# make server.csr

Followed by:

 
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

And finally:

 
# chmod 400 server.*

Print Support with CUPS (optional)

At the beginning of this tutorial we originally disabled CUPS. However, if you would like to re-instate the CUPS printing service then read on. We will not be discussing drivers for individual printers or web access, but the following instruction will give you a starting point on which to build your very own print server..

Install CUPS like so:

 
# yum install cups*

And in order to begin making the necessary changes, simply edit the following file as required:

 
# nano /etc/cups/cupsd.conf

This should get you started:

 
# Only listen for connections from the local machine. 
Listen 631 
 
# Restrict access to the server... 
&lt;Location /&gt; 
  Order allow,deny 
  Allow localhost 
  Allow 192.168.1.0/24 
&lt;/Location&gt; 
 
# Restrict access to configuration files... 
&lt;Location /admin/conf&gt; 
  AuthType Basic 
  Require user @SYSTEM 
  Order allow,deny 
&lt;/Location&gt; 
 
# as an addition, add at the bottom of this file 
ServerCertificate /etc/pki/tls/certs/server.crt 
ServerKey /etc/pki/tls/certs/server.key

Now edit the following file:

 
# nano /etc/cups/mime.convs

And un-comment:

 
application/octet-stream    application/vnd.cups-raw    0    -

Now run:

 
# /sbin/service cups start

The console should respond as follows:

 
Starting cups: [  OK  ]

And finally switch the service back on at boot:

 
# chkconfig cups on

Step 4: User Management & Samba

Well done ... We now have a fully functioning base system so let's turn CentOS into a standalone file server and add some users.
At the following screen, login as the root user:

Samba Server

Update YUM:

 
# yum update

Accept any available updates then install Samba with:

 
# yum install samba samba-client samba-common

Now we will need to modify our smb.conf file, but before we do - let's back it up:

 
# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

And then begin editing like so:

 
# nano /etc/samba/smb.conf

Make following basic changes, customising the relevant values to suit your needs and using any other features as required:

 
  [global] 
 
# ----------------------- Network Related Options ------------------------- 
  workgroup = WORKGROUP 
  server string = Samba Server Version %v 
  netbios name = YOURSERVERNAME 
 
# --------------------------- Logging Options ----------------------------- 
  # logs split per machine 
  log file = /var/log/samba/%m.log 
  # max 50KB per log file, then rotate 
  max log size = 50 
 
# ----------------------- Standalone Server Options ------------------------ 
  security = user 
  passdb backend = tdbsam 
 
# --------------------------- Printing Options ----------------------------- 
  load printers = yes 
  cups options = raw 
 
  printcap name = /etc/printcap 
  #obtain list of printers automatically on SystemV 
  printcap name = lpstat 
  printing = cups 
 
# --------------------------- Directories ----------------------------- 
[homes] 
  comment = Home Directories 
  browseable = no 
  writable = yes 
  valid users = %S 
  valid users = MYDOMAIN\%S 
   create mask =0755 
  directory mask =0755 
 
[printers] 
  comment = All Printers 
  path = /var/spool/samba 
  browseable = no 
  guest ok = no 
  writable = no 
  printable = yes

Now start the Samba Server like so:

# /sbin/service smb start

Activate the Samba Server at start-up like so:

# chkconfig smb on

Users

In order to finalise our installation we need to add some users, create relevant folders for them and give them the required permissions to work in a file-sharing environment..

Do this like so, remembering to customise the 'username' as required and to provide a password when requested:

 
# useradd -d /home/username -s /bin/bash -c "username" username 
# chown centos /home/username && passwd username 
# chmod 755 /home/username

Repeat the above steps for each user on your network.

When complete, we now need to add these users to our Samba server like so, providing a password when requested:

# smbpasswd -a username

Repeat the above steps for each user on your network.

When complete, just complete a final reboot ...

# reboot

And that's it ... well done :-)


Supplementary: Gnome Desktop & Updates

And just before anyone asks, (if you really want one) in order to install a desktop interface simply complete the following step:

 
# yum update 
# yum groupinstall "X Window System&quot; &quot;GNOME Desktop Environment"

When the installation is complete, type:

# reboot

Login as root in the usual way and type:

# startx

To install an easy to use graphical package manager (also known as Yum Extender):

# yum install yumex

Should you wish to remove the Gnome Desktop environment at any time, use:

 
# yum groupremove "X Window System" "GNOME Desktop Environment" 
# reboot

To keep your server up to date use:

# yum update

To shutdown your server use:

# halt

And that's it ... well done :-)

In the next tutorial, we will look at CentOS as a comprehensive web server, supporting Apache Virtual Hosts, Bind, MySQL, PHP5.3, Webmin, Third Party Repositories and much, much more.

Advertisement