Linux

Install LAMP on CentOS 7

Before we install the LAMP stack, it’s a good idea to run the following command to update repository and software packages.

yum update

Enter the following command to install Apache Web server. The httpd-tools package will install some useful utilities like Apache HTTP server benchmarking tool (ab).

yum install httpd httpd-tools

After it’s installed, we can start Apache with this command:

systemctl start httpd

Enable Apache to auto start at system boot time by running the following command.

systemctl enable httpd

Now check its status.

systemctl status httpd

Check Apache version.

httpd -v
**************************************************************
By default, CentOS 8/RHEL 8 forbids public access to port 80. To allow other computers to access the web page, we need to open port 80 in firewalld, the dynamic firewall manager on RHEL/CentOS. Run the following command to open port 80.
firewall-cmd --permanent --zone=public --add-service=http

If you want to enable HTTPS on Apache later, then you also need to open port 443.

firewall-cmd --permanent --zone=public --add-service=https

The --permanent option will make this firewall rule persistent across system reboots. Next, reload the firewall daemon for the change to take effect.

systemctl reload firewalld

Now the Apache web page is accessible publicly.

Finally, we need to make user apache as the owner of web directory. By default it’s owned by the root user.

chown apache:apache /var/www/html -R
**************************************************************

MariaDB is a drop-in replacement for MySQL. It is developed by former members of MySQL team who are concerned that Oracle might turn MySQL into a closed-source product. Enter the following command to install MariaDB on CentOS 8/RHEL 8.

yum install mariadb-server mariadb -y

After it’s installed, we need to start it.

systemctl start mariadb

Enable auto start at system boot time.

systemctl enable mariadb

Check status:

systemctl status mariadb
Now we need to run the security script.
mysql_secure_installation

When it asks you to enter MariaDB root password, press Enter key as the root password isn’t set yet. Then enter y to set the root password for MariaDB server.

How to Install LAMP Stack on CentOS 8/RHEL 8 – LinuxBabe

Next, you can press Enter to answer all remaining questions, which will remove anonymous user, disable remote root login and remove test database. This step is a basic requirement for MariaDB database security. (Note that the letter Y is capitalized, which means it’s the default answer.)

How to Install LAMP Stack on CentOS 8/RHEL 8 – LinuxBabe

Now you can run the following command and enter MariaDB root password to log into MariaDB shell.

mysql -u root -p
**************************************************************

Install PHP and some common modules using the following command.

yum install php php-fpm php-mysqlnd php-opcache php-gd php-xml php-mbstring -y

Apache web server on CentOS 7 by default uses PHP-FPM instead of mod_php to run PHP code, so in the above command we also installed php-fpm. After it’s installed, we need to start it.

systemctl start php-fpm

Enable auto start at system boot time.

systemctl enable php-fpm

Check status:

systemctl status php-fpm

Enabled” indicates that auto start at boot time is enabled and we can see that PHP-FPM is running. The php-fpm package installs a php.conf file in /etc/httpd/conf.d/ directory, so we need to restart Apache web server, in order to run PHP code.

systemctl restart httpd

We also need to run the following command to tell SELinux to allow Apache to execute PHP code via PHP-FPM.

setsebool -P httpd_execmem 1

Now upgrade to PHP 7

PHP 7.3 is available for CentOS 7 and Fedora distributions from the Remi repository. Add it to your system by running
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm 
sudo yum -y install epel-release yum-utils

By default, the enabled repository is for PHP 5.4. Disable this repo and enable on for PHP 7.3

sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php73

Once the repo has been enabled, install php 7.3 on CentOS 7 or Fedora using the command

sudo yum -y install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json

Check version installed

$ php -v
**************************************************************

Install and setup VSFTP
    Install vsftpd
        Then install vsftpd and any required packages:
        yum -y install vsftpd
    Configure vsftpd

        Now let’s edit the configuration file for vsftpd. Open the file with the following command:
        vim /etc/vsftpd/vsftpd.conf

Disallow anonymous logins; this allows unidentified users to access files via FTP. Ensure that the anonymous_enable setting to NO:
        anonymous_enable=NO
Enable local users to login, this will allow your regular user accounts to function as FTP accounts. Change the local_enable setting to YES:
        local_enable=YES
        write_enable=YES
        chroot_local_user=YES
        Exit and save the file with the command `:wq`, or with `:x`.
Restart and Enable the vsftpd service:
        systemctl restart vsftpd
        Then set the vsftpd service to start at boot:
        systemctl enable vsftpd
Allow vsftpd Through the Firewall
        firewall-cmd --permanent --add-port=21/tcp
        And reload the firewall:
        firewall-cmd --reload
Change permissions on the users home folder:
    chmod a-w /home/.sites/

Convert CentOS from VMWare to Hyper-V

# CentOS 6 regenerate initramfs for Hyper-V
mkinitrd -f -v --with=hid-base-hv --with=hid-hyperv --with=hv_utils --with=hv_vmbus --with=hv_storvsc --with=hv_netvsc /boot/initramfs-$(uname -r).img $(uname -r)

Setup network on Hyper-V virtual CentOS 6

Use system-config-network-tui and set up the card. If you perform a failover, you must connect the card in Hyper-V and then configure the card again.

If it does not come up, look in /etc/udev/rules.d/70-persistant-net.rules and see which “ethX” interface has the correct mac address. Either rename your ifcfg-ethx file in /etc/sysconfig/network-scripts or use system-config-network-tui to setup the correct “ethX” interface and restart the network.

How to add a route to IPCop

You can add the route command at the end of the /etc/rc.d/rc.local file. The route will be added every time IPCop is rebooted but not everytime the interface is restarted. Good for a box with minimal changes.

root@ipcop: # echo “route add -net 10.10.0.0 gw 10.1.0.1 netmask 255.255.0.0” >> /etc/rc.d/rc.local

SCP files from one linux host to another

su – temp

scp /home/.sites/temp/html/* temp@lamp4.ncol.net:/home/.sites/temp/html/

How to block outgoing SMTP with IPCOP

Edit the /etc/rc.d/rc.firewall.local file and add our new SMTP blocking rules. Open the file with vi or nano, then look for the line “## add your ‘start’ rules here” and put your new rules under it.

 

# allow smtp from some allowed ips
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s 10.1.0.6 –dport 25 -j ACCEPT
# log stuff that is not the mail server
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j LOG –log-prefix “SMTP”
# block all other outgoing SMTP traffic
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j REJECT

How to save IPTABLES rules

The following lines allow SMTP and HTTP traffic through an IPTABLES firewall. But this information is not automatically saved and reloaded if the service restarts.

iptables -I INPUT -p tcp –dport 25 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables-save

Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.

The output can be redirected to a file.

# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.

# iptables-restore < /root/firewall-rules

By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.

Save Your Firewall and Load on Restart

You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD=”yes”

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP=”yes”

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART=”yes”

How to remove password from SSL key

Always backup the original key first (just in case)!

 # cp www.key www.key.orig

Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:

 # openssl rsa -in www.key -out new.key

Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.