Skip to content

CentOS 6.5 Configuration Tips

 

By far, Linux (Centos) is the most robust server system that any decent IT guy can ask for. It is secure and very flexible. In the server management world, its vast user base can attest to its quality. However, Linux installation and configuration is not without challenges. But all tips and workarounds are on the Internet, so the problem is not a function of difficulty, but time.

There are a great many Linux distributions available for anyone who is interested. And each one has its own quirks. So much so, that it scares-off many would-be Linux user. This is especially true in bare minimum installations where the Graphical User Interface (GUI) is totally disregarded.

However, due to the absence of visual clues in bare minimum installations, even seasoned Linux enthusiasts find it very challenging to remember everything about how to deal with Network Interfaces Devices (NICs), Hard Disk Drives (HDDs), and what-not. So,  it is best to keep configuration tips and workaround at hand because it cuts down on research time. Thus, it lets you focus on more important things – such as Applications development.

This is my Configuration Tips for my favorite Linux Distribution: CentOS.

Network Interface devices

The network is the lifeblood of any Linux server implementation. However, depending on the hardware, some ethernet devices are not detected. To list all NICs in the server, issue this command:

#ifconfig -a

eth0  Link encap:Ethernet  HWaddr 00:E0:81:5A:42:41
inet addr:192.168.0.205  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::2e0:81ff:fe5a:4241/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:51273 errors:0 dropped:0 overruns:0 frame:0
TX packets:8240 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3910824 (3.7 MiB)  TX bytes:1389211 (1.3 MiB)
Interrupt:19

lo     Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:217 errors:0 dropped:0 overruns:0 frame:0
TX packets:217 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27290 (26.6 KiB)  TX bytes:27290 (26.6 KiB)

Take note of “eth0,” it is the available NIC in the system.

Configure the NIC to use Static IP

Servers must be accessed from one address only. In this regard, it is best to configure it to have a manual Internet Protocol (IP) address. Here’s how:

#vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=08:00:27:76:4c:d5
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
USERCTL=no
NM_CONTROLLED=yes
PEERDNS=yes
IPADDR=192.168.1.140
NETMASK=255.255.255.0

Configure Default Gateway

# vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=centos6
GATEWAY=192.168.1.1

Configure DNS Server

Although, you can set your local DNS setting here, it is better to put Google’s public DNS IPs. It ensures quick system downloads and updates. here’s how:

# vi /etc/resolv.conf

nameserver 8.8.8.8 # Replace with your DNS1
nameserver 8.8.4.4 # Replace with your DNS2

Restart Network Interface

After all configurations are set, to make them permanent, the NIC must be restarted. Here’s how:

#/etc/init.d/network restart

[or]

#service network restart

Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                      [  OK  ]
Bringing up loopback interface:                            [  OK  ]

Check if your changes were applied

# ifconfig

eth0 Link encap:Ethernet HWaddr 08:00:27:76:4C:D5
inet addr:192.168.1.140 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe76:4cd5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:366 errors:0 dropped:0 overruns:0 frame:0
TX packets:252 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34247 (33.4 KiB) TX bytes:27082 (26.4 KiB)

 

CentOS 6.5 and HTTPD

Apache issues

CentOS 6.5 comes with Apache preloaded. However, it is OFF by default. Here’s how to start it:

#service httpd start

Starting httpd:                              [  OK  ]

If that’s not bad, CentOS’ Security Function (SE) does not allow any computer to access it. It is quite an oxymoron, but it can be assumed that the developers and maintainers of CentOS focused more on security thatn usability. In this regard, the “iptables,” or the firewall must be flushed. Here’s how:

#iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT

# /etc/init.d/iptables save

Open http port ( 80 ) in iptables on CentOS

UPDATE!

$iptables -I INPUT 2 -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
$service iptables save
$service iptables restart

Activating PHP and MySQL

What good is Apache without the PHP and MySQL modules? Unfortunately, due to the assumptions previously mentioned, CentOS 6.5’s Apache installation does not have these two crucial modules activated. Although, PHP and MySQL can be added to Apache by editing its configuration file, I found it best to install or upgrade Apache with the modules already configured. It saves a lot of time and effort. Here’s how:

Update the Server Applications:

#yum install httpd

#yum install php-mysql

#yum install mysql-server

MySQL

MySQL is by far the most widely accepted Relational Database Management System (RDBMS) in the planet. However, in the GUI-less environment, some find it a bit too difficult to handle, especially in the initial configuration phase. To solve the problem, here’s how to set up the initial MySQL account:

 MySQL initial account

#/usr/bin/mysqladmin -u root -h helios.set password ‘new-password’

Boot on Load

Although server softwares such as Apache and MySQL are the primary services Linux is used for, they are not set to load during the boot process. And at times, it is very frustrating to search for the proper syntax to do so. In this regard, here are the commands for it:

Make sure that everything runs on boot

#chkconfig httpd on

#chkconfig mysqld on

#chkconfig network on

#chkconfig sshd on

Check what services are running

#chkconfig –list

httpd                  0:off    1:off    2:on    3:on    4:on    5:on    6:off
ip6tables           0:off    1:off    2:on    3:on    4:on    5:on    6:off
iptables              0:off    1:off    2:on    3:on    4:on    5:on    6:off
irqbalance         0:off    1:off    2:off    3:on    4:on    5:on    6:off
kdump                0:off    1:off    2:off    3:on    4:on    5:on    6:off
lvm2-monitor   0:off    1:on    2:on    3:on    4:on    5:on    6:off
mdmonitor        0:off    1:off    2:on    3:on    4:on    5:on    6:off
messagebus       0:off    1:off    2:on    3:on    4:on    5:on    6:off
mysqld                0:off    1:off    2:on    3:on    4:on    5:on    6:off
netconsole          0:off    1:off    2:off    3:off    4:off    5:off    6:off
netfs                    0:off    1:off    2:off    3:on    4:on    5:on    6:off

SSH and Password-less Access

SSH is a very powerful and secure remote management tool. More than that it allows Linux administrators to upload files from their local computers to the remote server. However, passwords prompts, especially when there are only a few who manage them, tend to be an irritation when there are essential things to do. In this regard, here’s how to configure the CentOS 6.5 server to accept SSH  passwordless log-ins securely:

#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa): 
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):

# ssh b@B mkdir -p .ssh
b@B's password: 

Finally append a’s new public key to b@B:.ssh/authorized_keys and enter b’s password one last time:

# cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password: 

From now on you can log into B as b from A as a without password:

# ssh b@B

However, there are instances when these procedures do not work. Here's the work around:

#restorecon -R -v /root/.ssh

restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys2 context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/known_hosts context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/id_rsa.pub context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

This manual page describes the restorecon program.

This program is primarily used to reset the security context (type) (extended attributes) on one or more files.

It can be run at any time to correct errors, to add support for new policy, or with the -n option it can just check whether the file contexts are all as you expect.

If a file object does not have a context, restorecon will write the default context to the file object’s extended attributes. If a file object has a context, restorecon will only modify the type portion of the security context. The -F option will force a replacement of the entire context.

 CentOS 6.5 and Hard Disk Drives

Linux when installed with a GUI handles new storage devices quite well. It automatically detects and mounts them. However, this is not the case with bare minimum installations. There are steps that must be followed to safely and quickly make new hard disks useable.

Finding the New Hard Drive in CentOS 6

# ls /dev/sd*

/dev/sda /dev/sda1 /dev/sda2

This shows that the disk drive represented by /dev/sda is itself divided into 2 partitions, represented by /dev/sda1 and /dev/sda2.

The following output is from the same system after a second hard disk drive has been installed:

# ls /dev/sd*
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb

As shown above, the new hard drive has been assigned to the device file /dev/sdb. However, the lack of a numerical suffix indicates that the device does not have any partitions. This makes the drive unusable.

Creating Linux Partitions

The next step is to create one or more Linux partitions on the new disk drive. This is achieved using the fdisk utility which takes as a command-line argument the device to be partitioned.

# fdisk /dev/sdb

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0xd1082b01. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won’t be recoverable. Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) WARNING: DOS-compatible mode is deprecated. It’s strongly recommended to switch off the mode (command ‘c’) and change display units to sectors (command ‘u’). Command (m for help):

As instructed, switch off DOS compatible mode and change the units to sectors by entering the c and u commands:

Command (m for help): c DOS Compatibility flag is not set Command (m for help): u Changing display/entry units to sectors

In order to view the current partitions on the disk enter the p command:

Command (m for help): p

Disk /dev/sdb: 34.4 GB, 34359738368 bytes 255 heads, 63 sectors/track, 4177 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xd1082b01 Device Boot Start End Blocks Id System

As we can see from the above fdisk output, the disk currently has no partitions because it is a previously unused disk. The next step is to create a new partition on the disk, a task which is performed by entering n (for new partition) and p (for primary partition):

Command (m for help): n

Command action e extended p primary partition (1-4) p

Partition number (1-4): 1

First sector (2048-67108863, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-67108863, default 67108863): Using default value 67108863

Now that we have specified the partition we need to write it to the disk using the w command:

Command (m for help): w

The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks.

If we now look at the devices again we will see that the new partition is visible as /dev/sdb1:

# ls /dev/sd*

/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdb1

The next step is to create a file system on our new partition.

Creating a File System on a CentOS 6 Disk Partition

We now have a new disk installed, it is visible to CentOS 6.5 and we have configured a Linux partition on the disk. The next step is to create a Linux file system on the partition so that the operating system can use it to store files and data. The easiest way to create a file system on a partition is to use the mkfs.ext4 utility which takes as arguments the label and the partition device:

# /sbin/mkfs.ext4 -L /backup /dev/sdb1

mke2fs 1.41.12 (17-May-2010) Filesystem label=/backup OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 2097152 inodes, 8388352 blocks 419417 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=4294967296 256 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624 Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 36 mounts or 180 days, whichever comes first.

Use tune2fs -c or -i to override.

Mounting a File System

Now that we have created a new file system on the Linux partition of our new disk drive we need to mount it so that it is accessible. In order to do this we need to create a mount point. A mount point is simply a directory or folder into which the file system will be mounted. For the purposes of this example we will create a /backup directory to match our file system label (although it is not necessary that these values match):

# mkdir /backup

The file system may then be manually mounted using the mount command:

# mount -t ext4 /dev/sdb1 /backup

Configuring CentOS 6 to Automatically Mount a File System

In order to set up the system so that the new file system is automatically mounted at boot time an entry needs to be added to the /etc/fstab file.

The following example shows an fstab file configured to automount our /backup partition:

/dev/mapper/vg_centos6-lv_root / ext4 defaults 1 1 UUID=0d06ebad-ea73-48ad-a50a-1b3b8ef24491

/boot ext4 defaults 1 2 /dev/mapper/vg_centos6-lv_swap swap swap defaults 0 0

tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0

sysfs /sys sysfs defaults 0 0

proc /proc proc defaults 0 0 LABEL=/backup /backup ext4 defaults 1 2

2 Comments

  1. I see you don’t monetize your site, i’v got idea how to earn some additional cash using one simple
    method, just search in g00gle for: ruthiezx’s method

  2. corburterilio corburterilio

    obviously like your web-site but you have to test the spelling on several of your posts. A number of them are rife with spelling problems and I to find it very troublesome to inform the reality then again I will surely come again again.

Leave a Reply

Your email address will not be published. Required fields are marked *