Difference between revisions of "CentOS VPS Server Setup Tips"
m |
|||
(19 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | Here are some tips I found useful for setting up virtual private servers with CentOS. | |
− | + | See more pages in [[:Category:Linux]]. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Installing Webmin == | == Installing Webmin == | ||
Line 68: | Line 62: | ||
Tue Aug 27 14:46:08 EST 2006 | Tue Aug 27 14:46:08 EST 2006 | ||
Reference: [http://www.cyberciti.biz/faq/howto-linux-unix-change-setup-timezone-tz-variable/ Howto: Linux server change or setup the timezone] | Reference: [http://www.cyberciti.biz/faq/howto-linux-unix-change-setup-timezone-tz-variable/ Howto: Linux server change or setup the timezone] | ||
+ | |||
+ | |||
+ | == Creating a Swap File == | ||
+ | # Determine the size of the new swap file in megabytes and multiply by 1024 to determine the number of blocks. For example, the block size of a 64 MB swap file is 65536. | ||
+ | # At a shell prompt as root, type the following command with count being equal to the desired block size:<br><code>dd if=/dev/zero of=/swapfile bs=1024 count=65536</code> | ||
+ | # Setup the swap file with the command:<br><code>mkswap /swapfile</code> | ||
+ | # To enable the swap file immediately but not automatically at boot time:<br><code>swapon /swapfile</code> | ||
+ | # To enable it at boot time, edit /etc/fstab to include the following entry:<br><code>/swapfile swap swap defaults 0 0</code><br>The next time the system boots, it enables the new swap file. | ||
+ | # After adding the new swap file and enabling it, verify it is enabled by viewing the output of the command<br><code>cat /proc/swaps</code> or <code>free</code>. | ||
+ | Reference: [http://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-swap-creating-file.html Creating a Swap File] | ||
== iptables Setup == | == iptables Setup == | ||
[root@vps1 ~]# iptables -L -n -v | [root@vps1 ~]# iptables -L -n -v | ||
− | + | ||
Chain INPUT (policy DROP 0 packets, 0 bytes) | Chain INPUT (policy DROP 0 packets, 0 bytes) | ||
pkts bytes target prot opt in out source destination | pkts bytes target prot opt in out source destination | ||
Line 77: | Line 81: | ||
48 2952 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 | 48 2952 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 | ||
30301 8344K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | 30301 8344K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | ||
− | 7 364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt: | + | 7 364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 |
− | |||
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 | 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 | ||
13 676 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 | 13 676 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 | ||
Line 90: | Line 93: | ||
62 3224 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 | 62 3224 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 | ||
502 22432 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited | 502 22432 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited | ||
− | + | ||
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
pkts bytes target prot opt in out source destination | pkts bytes target prot opt in out source destination | ||
− | + | ||
Chain OUTPUT (policy ACCEPT 41521 packets, 36M bytes) | Chain OUTPUT (policy ACCEPT 41521 packets, 36M bytes) | ||
pkts bytes target prot opt in out source destination | pkts bytes target prot opt in out source destination | ||
− | + | References:<br> | |
+ | [http://www.bokko.nl/iptables-active-and-passive-ftp-in-centos/ Bokko.nl » Iptables active and passive FTP in CentOS]<br> | ||
+ | [http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ 25 Most Frequently Used Linux IPTables Rules Examples] | ||
+ | |||
+ | === restorecon command not found === | ||
+ | Problem: Using ''iptables save'' results in the error ''restorecon command not found''.<br> | ||
+ | Solution: Install policycoreutils package. | ||
+ | yum install policycoreutils | ||
+ | Reference:<br> | ||
+ | [http://www.linuxquestions.org/questions/linux-software-2/restorecon-command-not-found-922667/ restorecon command not found] | ||
+ | |||
+ | == Extra Packages for Enterprise Linux (EPEL) == | ||
+ | The EPEL repository contains more upgraded packages to compliment the default repository. To add the EL6 EPEL repository to ''yum'', run the following command as root: | ||
+ | rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm | ||
+ | Reference: [http://fedoraproject.org/wiki/EPEL EPEL - FedoraProject] | ||
== How to install mcrypt for PHP 5.3.3 on CentOS == | == How to install mcrypt for PHP 5.3.3 on CentOS == | ||
− | + | Add the EPEL repository to ''yum'' as shown previously, and then run the following command as root: | |
− | |||
yum install php53-mcrypt | yum install php53-mcrypt | ||
− | |||
− | |||
Reference: [http://serverfault.com/questions/354871/how-to-install-mcrypt-for-php-5-3-3-on-centos-5-7-64-bit How to install mcrypt for PHP 5.3.3 on CentOS 5.7 64 bit?] | Reference: [http://serverfault.com/questions/354871/how-to-install-mcrypt-for-php-5-3-3-on-centos-5-7-64-bit How to install mcrypt for PHP 5.3.3 on CentOS 5.7 64 bit?] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== [http://www.sendmail.com/sm/open_source/docs/m4/readme.html Sendmail Configuration] == | == [http://www.sendmail.com/sm/open_source/docs/m4/readme.html Sendmail Configuration] == | ||
Line 275: | Line 135: | ||
yum install cyrus-sasl-plain | yum install cyrus-sasl-plain | ||
− | [[Category: | + | == Installing denyhosts == |
+ | denyhosts is not available in the repository, so download the latest version from [http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz sourceforge]. | ||
+ | |||
+ | Reference: [http://linux-one.blogspot.ca/2011/11/linux-centos-62-installation.html linux CentOS 6.2 - installation] | ||
+ | |||
+ | == VPN via the TUN/TAP device == | ||
+ | |||
+ | If you are using an OpenVZ container, you will need to ask your provider to grant your container access to the tun/tap device. | ||
+ | |||
+ | Reference: [http://wiki.openvz.org/VPN_via_the_TUN/TAP_device VPN via the TUN/TAP device] | ||
+ | |||
+ | [[Category:Linux]] | ||
[[Category:Internet]] | [[Category:Internet]] | ||
− |
Latest revision as of 11:22, 19 July 2015
Here are some tips I found useful for setting up virtual private servers with CentOS. See more pages in Category:Linux.
Installing Webmin
If you are using the RPM version of Webmin, first download the file from the downloads page, or run the command:
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm
and then run the command:
rpm -U webmin-1.580-1.noarch.rpm
The rest of the install will be done automatically to the directory /usr/libexec/webmin
, the administration username set to root
and the password to your current root password. You should now be able to login to Webmin at the URL http://localhost:10000/. Or if accessing it remotely, replace localhost with your system's IP address.
Reference: Webmin - Installing the RPM
Webmin Error: Perl module Authen::PAM needed for PAM is not installed
If you guys are getting this error on your Webmin log file /var/webmin/miniserv.error here’s how I solved the problem.
miniserv.pl started Perl module Authen::PAM needed for PAM is not installed : Can't locate Authen/PAM.pm in @INC (@INC contains: /usr/libexec/webmin /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/local/lib/perl5/site_perl /usr/lib/perl5/site_perl .) at (eval 10) line 1. BEGIN failed--compilation aborted at (eval 10) line 1.
First off go to http://nik.pelov.name/Authen-PAM/ and download the latest Authen::PAM. At the time of this writing, the lastest one was Authen-PAM-0.16.
Log in as root.
cd /tmp wget http://www.perl.com/CPAN/authors/id/N/NI/NIKIP/Authen-PAM-0.16.tar.gz
Next step would be extracting the contents of Authen-PAM-0.16.tar.gz.
tar xvzf Authen-PAM-0.16.tar.gz
After that, go to Authen-PAM-0.16 which is the directory that is created once you’ve extracted the contents of Authen-PAM-0.16.tar.gz.
cd Authen-PAM-0.16
We’ll then generate a make file.
Note: You must have gcc and pam-devel installed to generate the make file. --Jeremy (talk) 22:41, 30 June 2012 (EDT)
perl Makefile.PL
If it returned no errors we can then proceed to executing the following commands.
make make install
After that everything should be fine now. To check whether the module has been loaded or not do the following command.
perl -e 'use Authen::PAM; print "Installation succestul.\n"'
After that restart Webmin.
service webmin restart
If you look at your /var/webmin/miniserv.error this is what you should see if everything worked out fine.
restarting miniserv Restarting miniserv.pl started PAM authentication enabled
Set timezone using /etc/localtime configuration file
Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.
Generic procedure to change timezone
Change directory to /etc
# cd /etc
Create a symlink to file localtime:
# ln -sf /usr/share/zoneinfo/EST localtime
OR some distro use /usr/share/zoneinfo/dirname/zonefile format (Red hat and friends)
# ln -sf /usr/share/zoneinfo/EST localtime
OR if you want to set up it to IST (Asia/Calcutta):
# ln -sf /usr/share/zoneinfo/Asia/Calcutta localtime
Please mote that in above example you need to use directory structure i.e. if you want to set the timezone to Calcutta (India) which is located in the Asia directory you will then have to setup using as above.
Use date command to verify that your timezone is changed:
$ date
Output:
Tue Aug 27 14:46:08 EST 2006
Reference: Howto: Linux server change or setup the timezone
Creating a Swap File
- Determine the size of the new swap file in megabytes and multiply by 1024 to determine the number of blocks. For example, the block size of a 64 MB swap file is 65536.
- At a shell prompt as root, type the following command with count being equal to the desired block size:
dd if=/dev/zero of=/swapfile bs=1024 count=65536
- Setup the swap file with the command:
mkswap /swapfile
- To enable the swap file immediately but not automatically at boot time:
swapon /swapfile
- To enable it at boot time, edit /etc/fstab to include the following entry:
/swapfile swap swap defaults 0 0
The next time the system boots, it enables the new swap file. - After adding the new swap file and enabling it, verify it is enabled by viewing the output of the command
cat /proc/swaps
orfree
.
Reference: Creating a Swap File
iptables Setup
[root@vps1 ~]# iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 842 5263K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 48 2952 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 30301 8344K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 7 364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 13 676 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 1231 64828 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 9 464 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 6 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 0 0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 62 3224 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 502 22432 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 41521 packets, 36M bytes) pkts bytes target prot opt in out source destination
References:
Bokko.nl » Iptables active and passive FTP in CentOS
25 Most Frequently Used Linux IPTables Rules Examples
restorecon command not found
Problem: Using iptables save results in the error restorecon command not found.
Solution: Install policycoreutils package.
yum install policycoreutils
Reference:
restorecon command not found
Extra Packages for Enterprise Linux (EPEL)
The EPEL repository contains more upgraded packages to compliment the default repository. To add the EL6 EPEL repository to yum, run the following command as root:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Reference: EPEL - FedoraProject
How to install mcrypt for PHP 5.3.3 on CentOS
Add the EPEL repository to yum as shown previously, and then run the following command as root:
yum install php53-mcrypt
Reference: How to install mcrypt for PHP 5.3.3 on CentOS 5.7 64 bit?
Sendmail Configuration
Mail Filtering
- greet_pause
To enable the feature, you need to make two changes. First, in your sendmail.mc file:FEATURE(access_db)dnl
FEATURE(`greet_pause',5000)
You probably already have access_db defined; it just needs to appear somewhere prior to greet_pause. The number is how many milliseconds to pause; 5000 = five seconds. Then in your access file you should add this:GreetPause:localhost 0
The second change prevents the pause from applying to connections from your local machine, which would otherwise be annoying when you're sending mail. If you're doing this on a server which accepts mail from multiple machines, you'll want to do the same for the whole local network. - BAD_RCPT_THROTTLE
To enable it, add the following code to your sendmail.mc file:define(`confBAD_RCPT_THROTTLE', `1')dnl
The number is how many bad recipients is takes to trigger the throttle, so 1 is the strictest setting. - MAX_RCPTS_PER_MESSAGE
define(`confMAX_RCPTS_PER_MESSAGE', `10')dnl
- CONNECTION_RATE_THROTTLE
define(`confCONNECTION_RATE_THROTTLE', `3')dnl
- MAX_DAEMON_CHILDREN
define(`confMAX_DAEMON_CHILDREN', `10')dnl
- timeouts
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `3m')dnl
define(`confTO_HELO', `2m')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `1m')dnl
define(`confTO_DATAFINAL', `1m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl
Reference: Mail Filtering - Sendmail Config
Sendmail SMTP AUTH
Make sure to install cyrus-sasl-plain package:
yum install cyrus-sasl-plain
Installing denyhosts
denyhosts is not available in the repository, so download the latest version from sourceforge.
Reference: linux CentOS 6.2 - installation
VPN via the TUN/TAP device
If you are using an OpenVZ container, you will need to ask your provider to grant your container access to the tun/tap device.
Reference: VPN via the TUN/TAP device