Nicholas Skinner

Freelance website and web application developer

Archive for March, 2010

Setting Up A CentOS 5 Server

Saturday, March 13th, 2010

CentOS LogoContinuing the series of articles covering Setting Up Apache / PHP, and Setting Up Exim this one covers a few of the smaller applications / configuration settings that need changing with a new CentOS 5 based server primarily used for virtual hosting.

iptables

iptables -F

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 1 -i lo -p all -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 40000:40100 -j ACCEPT

iptables -P INPUT DROP

/sbin/service iptables save

iptables (for IPv6)

ip6tables -F

ip6tables -I INPUT 1 -i lo -j ACCEPT

ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT

ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT

ip6tables -P INPUT DROP

/sbin/service ip6tables save

Server Timezone

rm -f /etc/localtime
cp /usr/share/zoneinfo/Europe/London /etc/localtime

NTP

yum install ntp

chkconfig ntpd on
ntpdate pool.ntp.org
/etc/init.d/ntpd start

yum (email notifications)

yum will send an email when there are packages ready to be installed (via “yum update”), it can also automatically install them however I chose not to use this option.

yum install yum-updatesd
chkconfig yum-updatesd on
service yum-updatesd start

File: /etc/yum/yum-updatesd.conf
emit_via = email
email_to=mail@example.com
do_update=no

FTP

yum install vsftpd
chkconfig vsftpd on
service vsftpd start

File: /etc/vsftpd/vsftpd.conf

chroot_local_user=YES

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100

MySQL

yum install mysql-server
chkconfig mysqld on
service mysqld start

/usr/bin/mysqladmin -u root password 'new-password'

PHP

yum install php
yum install php-gd
yum install php-mysql
yum install php-mbstring
yum install php-imap
yum install php-soap
yum install php-xml

chmod 777 /var/lib/php/session/

File: /etc/php.ini
error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = On
upload_max_filesize = 8M

Cron

yum install vixie-cron
chkconfig crond on
service crond start

mkdir /var/log/prelink
chmod 700 /var/log/prelink
touch /var/log/prelink/prelink.log

Logrotate

yum install mlocate

mkdir /etc/logrotate.custom
chmod 700 /etc/logrotate.custom

echo $'\ninclude /etc/logrotate.custom' >> /etc/logrotate.conf

File: /etc/logrotate.custom/www.example.com
(for each website setup in apache)

/var/log/domlogs/useracctname/www.example.com*_log {
monthly
rotate 12
compress
delaycompress
create 640
missingok
notifempty
sharedscripts
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}

Extra IP Address

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

File: /etc/sysconfig/network-scripts/ifcfg-eth0:0

DEVICE=eth0:0
IPADDR=111.222.333.444

ifconfig eth0:0 111.222.333.444 up