CentOS/Fedora/REL Setup - Cloud Servers
This CentOS article will take you from a 'barebones' CentOS Server to a secured and up to date Server ready for your software (or whatever you use the Server for).
If you are logging into your server from Windows you can use a terminal application called PuTTY. Simply do a Google search for it and you will find where to download it.
Mac / Linux Clients
Simply type in the command below from a Terminal window to login:
# ssh firstname.lastname@example.org
If this is a reinstall you may have to delete your ~/.ssh/known_hosts file. Please refer to your Operating Systems documentation on how to resolve this.
Now we're logged in to the VPS, immediately change your root password
Add an admin user (I've used the name demo here but any name will do).
# adduser demo
You will need to specifically set the password for your new user:
# passwd demo
As you know we never log in as the root user (this initial setup is the only time you would need to log in as root). As such, the main administration user (demo) needs to have sudo (Super User) privileges so he can, with a password, complete administrative tasks.
To do this we're going to add the main user to the 'wheel' group. Once that is done, we need to edit the 'sudoers' file, using visudo, and ensure the 'wheel' group has the correct privileges.
So firstly, add the user to the wheel group:
# usermod -a -G wheel demo
Next, give the 'visudo' command:
The visudo command runs a default editor and will check the configuration for any syntax errors before saving it.
We'll usually refer you to 'nano' for editing text files. It's a pretty easy-to-use text editor with nice features like an on-screen tip telling you how to bring up a helpfile. For security reasons, however, visudo on CentOS, Fedora, and RHEL will only use 'vi'.
If you're new to Linux, or have never used the 'vi' editor before, then this part will be a little weird. While vi is a powerful editor once you've learned it, 'user friendly' is definitely not on its list of features. We'll just describe the keystrokes you'll use to make one change here, and talk a little more about vi after.
So with all that said, use the arrow keys to move the cursor down near the bottom of the file. Look for this entry:
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL
Now we'll uncomment that second line. Do that by removing the "#" before "%wheel" by moving the cursor to it and typing "x". Now the line should look like this:
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
Type ":wq" and "enter", and members of the 'wheel' group will have full sudo privileges.
A little more (optional) vi
If you want to make more changes to this file later you'll want to use more vi than just what we did above. It can be handy to look for an introduction to vi through a web search - there are a good number of them out there. Since vi (or vim) is installed on just about any Unix system anywhere it can be a useful editor to learn.
To get you started, some basic vi commands are:
- Use the arrow keys to move around
- Hit "i" to start typing inside a line
- Hit "a" when your cursor is at the end of a line to add to it
- Hit "escape" to get out of edit mode
- Hit "x" to delete the character under the cursor
- Hit "dd" to delete the line of text under the cursor
- Type ":wq" then "enter" to save your changes and quit
- Type ":q!" then "enter" to quit without saving any changes
- When you just can't figure out what it's doing, hit "escape" a couple times, then type ":q!" and "enter" so you can quit and then start over fresh.
Now let's get back to setting up your server.
One effective way of securing SSH access to your server is to use a public/private key, which means that a public key is placed on the server and the private key is on your local computer. This makes it impossible for someone to log in using just a password; they must have the private key. For information about setting up public and private SSH keys on Linus or Mac OS X, read Configuring basic security. For Windows, read Generating RSA keys with SSH - PuTTYgen.
The CentOS Server comes with a basic set of repositories that are defined in /etc/yum.repos.d.
Have a look at the enabled repositories, using that more friendly editor, nano:
# nano /etc/yum.repos.d/CentOS-Base.repo
As you scroll through the file you will see each repository has a set of definitions including which mirror to use and what GPG key to use (and actually whether to check the package signature at all).
You can, of course, add more repositories whenever you want to but I would just give a word of caution: Some of the available repositories are not officially supported and may not receive any security updates should a flaw be discovered.
Keep in mind it is a server we are building and not a desktop.
Need a key install?
You may be asked to install a key for the repository. To do this, run the following command:
sudo rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
Now we can update the package list that yum uses.
The command will also offer to install any updated packages. As with all installs have a careful look at the list and, once happy, press 'y' to continue:
# yum update
That's really the basics done for the Server.
Carry on the conversation in the Rackspace Community.
© 2015 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER