CentOS 6.x on VMware Player: Part 3

Note these documents are subject to update, this one was last edited 05/26/2014

Part 3: Start Configuring the OS

  • Logon and ignore any Updates Available notices when/if they come up.
  • Right click above your desktop and Select Open in Terminal.
  • Notice your shell is using the non-super user prompt $. Type: su – (yes the “-” is important) and your root password. Notice your shell is now using the super user prompt #.
  • Next with tcpwrappers we will throw a quick wrench at all the network scanners and hackers trying to find open ports on your system.
  • Type # vi /etc/hosts.allow – Note: If you do not know how to use vi (a whole subject on its own) use the gedit text editor, just substitute gedit for vi and be sure to start it from the super user prompt #.
  • Type i to enter insert mode and insert the following at the end of the file tailored to your IP numbers:

  • Then :wq to save the file and quit vi.
  • Then # vi /etc/logrotate.d/local.log
  • Type i to enter insert mode and insert the following in the file:

  • Then :wq to save the file and quit vi.
  • Type # vi /etc/sysconfig/selinux
  • Edit SELINUX=enforcing to SELINUX=permissive. We will be changing this back later when we get Selinux configured and for now we want the warning messages. Save and quit vi.
  • Type # setenforce 0 then # getenforce to confirm it is permissive.
  • Stay out of the GUI firewall app and use this to configure your firewall for now on:
  • # cat >> /usr/local/bin/set_iptables

  • Edit the IP addresses to whatever remote systems you would like to able to use ssh, ftp and MySQL Workbench from to this server and then ctrl-d on a blank line to end and save file.
  • # touch /usr/local/bin/set_iptables.ip_block
  • Add whatever IP addresses you want blocked to that file. I wouldn’t necessarily recommend it… there are more elegant solutions for digital annoyance but you could put the entire Eastern Bloc IP ranges in that file or any set of countries (http://www.ipdeny.com/ipblocks) or just a select set of digital abusers would probably be more appropriate.
  • # chmod 700 /usr/local/bin/set_iptables*
  • # set_iptables
  • Seriously test that you can ssh into the server before you uncomment ‘service iptables save’ and ‘service iptables restart’. If successful go ahead uncomment them and execute set_iptables again. If you make a mistake to flush out your changes from a console su – login type: # iptables -F
  • Also for IPv6 type # vi /etc/sysconfig/ip6tables
  • If they exist delete the lines with port 21 and port 22 then save the file.
  • # service ip6tables restart
  • System > Preferences > Screensaver and uncheck Lock screen and Activate screensaver. Change idle to 1 hour and Select Close.
  • Now we will apply updates. Type # yum check-update
  • Now type # yum -y update
  • You have a new kernel now so System > Shutdown… > Restart.
  • Ok we now have what I’ll call basic security with more to do. Logon.
  • System > Administration > Date & Time > Time Zone tab Select your time zone and uncheck System clock uses UTC. Select OK.
  • System > Administration > Users and Groups > Click on your user, Select Properties and from the Groups tab add yourself to the Wheel group and Select OK then Close window.
  • If you wished to make text mode default: # vi /etc/inittab – change the line id:5:initdefault: to id:3:initdefault then :wq to save the file and quit vi. Temporarily you can bring Gnome up and down with # init 3 and # init 5 commands.
  • Now let’s remove some packages and add some we are missing.
  • # vi /etc/yum.conf
  • Insert at end: group_package_types=mandatory,default,optional
  • Save and quit vi, then to see what package groups you have installed and are available: # yum grouplist
  • If you wanted more detail on a group # yum groupinfo “Groupname One” “Groupname Two”
  • To remove group(s) # yum -y groupremove “Groupname One” “Groupname Two”
  • # yum grouplist | grep -i mysql
  • # yum -y groupinstall “MySQL Database client” “MySQL Database server”
  • # yum -y groupinstall “Development tools” “PHP Support” “FTP server” “Console internet tools”
  • # yum -y install php-mbstring
  • # yum info nmap – this is optional but it confirms the packages are there, versions, etc…
  • # yum -y install nmap
  • # mkdir /etc/banners
  • # cat >> /etc/banners/issue.msg

  • ctrl-d on a blank line to end and save file.
  • Configure vsftpd (ftp server).
  • # vi /etc/vsftpd/vsftpd.conf
  • Comment out # anonymous_enable=YES
  • anonymous_enable=NO <- add this because it defaults to YES
  • banner_file=/etc/banners/issue.msg
  • Save & quit vi.
  • # chkconfig –level 2345 vsftpd on
  • # service vsftpd start
  • OK let’s do some configuration for ssh.
  • # cd /root
  • # cat >> .shosts

  • ctrl-d on a blank line to end and save file.
  • # chmod 600 .shosts
  • # vi /etc/ssh/sshd_config and insert following at end of file:

  • # service sshd restart
  • On your desktop right click over the CentOS DVD icon and Select Eject.
  • Top left of VMware window: Player > Manage > Install VMware Tools.
  • Your desktop should look similar to this:

centos6.05

  • Click on the VMwareTools-x.x.x-xxxxxx.tar.gz icon and drag it to your Home Directory Icon on the desktop
  • In a su – terminal session: # cd /home/yourhomedir/
  • # ls – notice VMwareTools-x.x.x-xxxxxx.tar.gz
  • # mv V* /usr/local/; cd /usr/local/
  • # gunzip *.gz
  • # tar xvf *.tar
  • # cd v*
  • Note upper-lower case on the Vs are important. Its a new system, so I know there are no other conflicting files, but if you ever do this at a later point there may be conflicting directories and files, so check the file/directory names with an ls if you need to.
  • To execute vmware-install.pl # ./v*
  • Hit <enter> at the next ~14 defaults, there will be a certain amount of delays and screen messages here and there.
  • # cd .. ; chmod 600 v*; mv V* v*
  • # /usr/bin/vmware-toolbox-cmd help
  • # reboot
  • Now you will be able to enter full screen mode and then Unity mode for multiple monitors if you choose.
  • OK Configuring the OS Part 3 is done. There are still important configurations and setting up MySQL and Apache etc., so please continue to Part 4.

If you have any questions or suggestions don’t hesitate to reach out to me!

Next: Part 4 – Configuring MySQL