In Centos 6
Be sure that you can ping vault.centos.org.
Then edit /etc/yum.repos.d/CentOS-Base.repo
Comment out mirrorlist and uncomment baseurl
Change all
baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
to
baseurl=http://vault.centos.org/$releasever/centosplus/$basearch/Before we install the LAMP stack, it’s a good idea to run the following command to update repository and software packages.
yum update
Enter the following command to install Apache Web server. The httpd-tools package will install some useful utilities like Apache HTTP server benchmarking tool (ab).
yum install httpd httpd-tools
After it’s installed, we can start Apache with this command:
systemctl start httpd
Enable Apache to auto start at system boot time by running the following command.
systemctl enable httpd
Now check its status.
systemctl status httpd
Check Apache version.
httpd -v ************************************************************** By default, CentOS 8/RHEL 8 forbids public access to port 80. To allow other computers to access the web page, we need to open port 80 in firewalld, the dynamic firewall manager on RHEL/CentOS. Run the following command to open port 80.
firewall-cmd --permanent --zone=public --add-service=http
If you want to enable HTTPS on Apache later, then you also need to open port 443.
firewall-cmd --permanent --zone=public --add-service=https
The --permanent option will make this firewall rule persistent across system reboots. Next, reload the firewall daemon for the change to take effect.
systemctl reload firewalld
Now the Apache web page is accessible publicly.
Finally, we need to make user apache as the owner of web directory. By default it’s owned by the root user.
chown apache:apache /var/www/html -R
**************************************************************
MariaDB is a drop-in replacement for MySQL. It is developed by former members of MySQL team who are concerned that Oracle might turn MySQL into a closed-source product. Enter the following command to install MariaDB on CentOS 8/RHEL 8.
yum install mariadb-server mariadb -y
After it’s installed, we need to start it.
systemctl start mariadb
Enable auto start at system boot time.
systemctl enable mariadb
Check status:
systemctl status mariadb
Now we need to run the security script.
mysql_secure_installation
When it asks you to enter MariaDB root password, press Enter key as the root password isn’t set yet. Then enter y to set the root password for MariaDB server.
How to Install LAMP Stack on CentOS 8/RHEL 8 – LinuxBabe
Next, you can press Enter to answer all remaining questions, which will remove anonymous user, disable remote root login and remove test database. This step is a basic requirement for MariaDB database security. (Note that the letter Y is capitalized, which means it’s the default answer.)
How to Install LAMP Stack on CentOS 8/RHEL 8 – LinuxBabe
Now you can run the following command and enter MariaDB root password to log into MariaDB shell.
mysql -u root -p **************************************************************
Install PHP and some common modules using the following command.
yum install php php-fpm php-mysqlnd php-opcache php-gd php-xml php-mbstring -y
Apache web server on CentOS 7 by default uses PHP-FPM instead of mod_php to run PHP code, so in the above command we also installed php-fpm. After it’s installed, we need to start it.
systemctl start php-fpm
Enable auto start at system boot time.
systemctl enable php-fpm
Check status:
systemctl status php-fpm
“Enabled” indicates that auto start at boot time is enabled and we can see that PHP-FPM is running. The php-fpm package installs a php.conf file in /etc/httpd/conf.d/ directory, so we need to restart Apache web server, in order to run PHP code.
systemctl restart httpd
We also need to run the following command to tell SELinux to allow Apache to execute PHP code via PHP-FPM.
setsebool -P httpd_execmem 1 Now upgrade to PHP 7 PHP 7.3 is available for CentOS 7 and Fedora distributions from the Remi repository. Add it to your system by running
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm sudo yum -y install epel-release yum-utils
By default, the enabled repository is for PHP 5.4. Disable this repo and enable on for PHP 7.3
sudo yum-config-manager --disable remi-php54 sudo yum-config-manager --enable remi-php73
Once the repo has been enabled, install php 7.3 on CentOS 7 or Fedora using the command
sudo yum -y install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json
Check version installed
$ php -v
************************************************************** Install and setup VSFTP Install vsftpd Then install vsftpd and any required packages: yum -y install vsftpd Configure vsftpd Now let’s edit the configuration file for vsftpd. Open the file with the following command: vim /etc/vsftpd/vsftpd.conf Disallow anonymous logins; this allows unidentified users to access files via FTP. Ensure that the anonymous_enable setting to NO: anonymous_enable=NO Enable local users to login, this will allow your regular user accounts to function as FTP accounts. Change the local_enable setting to YES: local_enable=YES write_enable=YES chroot_local_user=YES Exit and save the file with the command `:wq`, or with `:x`. Restart and Enable the vsftpd service: systemctl restart vsftpd Then set the vsftpd service to start at boot: systemctl enable vsftpd Allow vsftpd Through the Firewall firewall-cmd --permanent --add-port=21/tcp And reload the firewall: firewall-cmd --reload Change permissions on the users home folder: chmod a-w /home/.sites/
# CentOS 6 regenerate initramfs for Hyper-V
mkinitrd -f -v --with=hid-base-hv --with=hid-hyperv --with=hv_utils --with=hv_vmbus --with=hv_storvsc --with=hv_netvsc /boot/initramfs-$(uname -r).img $(uname -r)Use system-config-network-tui and set up the card. If you perform a failover, you must connect the card in Hyper-V and then configure the card again.
If it does not come up, look in /etc/udev/rules.d/70-persistant-net.rules and see which “ethX” interface has the correct mac address. Either rename your ifcfg-ethx file in /etc/sysconfig/network-scripts or use system-config-network-tui to setup the correct “ethX” interface and restart the network.
You can add the route command at the end of the /etc/rc.d/rc.local file. The route will be added every time IPCop is rebooted but not everytime the interface is restarted. Good for a box with minimal changes.
root@ipcop: # echo “route add -net 10.10.0.0 gw 10.1.0.1 netmask 255.255.0.0” >> /etc/rc.d/rc.local
su – temp
scp /home/.sites/temp/html/* temp@lamp4.ncol.net:/home/.sites/temp/html/
Edit the /etc/rc.d/rc.firewall.local file and add our new SMTP blocking rules. Open the file with vi or nano, then look for the line “## add your ‘start’ rules here” and put your new rules under it.
# allow smtp from some allowed ips
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s 10.1.0.6 –dport 25 -j ACCEPT
# log stuff that is not the mail server
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j LOG –log-prefix “SMTP”
# block all other outgoing SMTP traffic
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j REJECT
The following lines allow SMTP and HTTP traffic through an IPTABLES firewall. But this information is not automatically saved and reloaded if the service restarts.
iptables -I INPUT -p tcp –dport 25 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables-save
Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.
The output can be redirected to a file.
# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.
# iptables-restore < /root/firewall-rules
By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.
Save Your Firewall and Load on Restart
You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD=”yes”
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP=”yes”
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART=”yes”
Always backup the original key first (just in case)!
# cp www.key www.key.orig
Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:
# openssl rsa -in www.key -out new.key
Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.