CentOS VPS Server Setup Tips

Here are some tips I found useful for setting up virtual private servers with CentOS. See more pages in Category:Linux.

Installing Webmin

If you are using the RPM version of Webmin, first download the file from the downloads page, or run the command:

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm

and then run the command:

rpm -U webmin-1.580-1.noarch.rpm

The rest of the install will be done automatically to the directory /usr/libexec/webmin, the administration username set to root and the password to your current root password. You should now be able to login to Webmin at the URL http://localhost:10000/. Or if accessing it remotely, replace localhost with your system's IP address.

Reference: Webmin - Installing the RPM

Webmin Error: Perl module Authen::PAM needed for PAM is not installed

If you guys are getting this error on your Webmin log file /var/webmin/miniserv.error here’s how I solved the problem.

miniserv.pl started
Perl module Authen::PAM needed for PAM is not installed : Can't locate Authen/PAM.pm in @INC (@INC contains: /usr/libexec/webmin /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/local/lib/perl5/site_perl /usr/lib/perl5/site_perl .) at (eval 10) line 1.
BEGIN failed--compilation aborted at (eval 10) line 1.

First off go to http://nik.pelov.name/Authen-PAM/ and download the latest Authen::PAM. At the time of this writing, the lastest one was Authen-PAM-0.16.

Log in as root.

cd /tmp
wget http://www.perl.com/CPAN/authors/id/N/NI/NIKIP/Authen-PAM-0.16.tar.gz

Next step would be extracting the contents of Authen-PAM-0.16.tar.gz.

tar xvzf Authen-PAM-0.16.tar.gz

After that, go to Authen-PAM-0.16 which is the directory that is created once you’ve extracted the contents of Authen-PAM-0.16.tar.gz.

cd Authen-PAM-0.16

We’ll then generate a make file.
Note: You must have gcc and pam-devel installed to generate the make file. --Jeremy (talk) 22:41, 30 June 2012 (EDT)

perl Makefile.PL

If it returned no errors we can then proceed to executing the following commands.

make
make install

After that everything should be fine now. To check whether the module has been loaded or not do the following command.

perl -e 'use Authen::PAM; print "Installation succestul.\n"'

After that restart Webmin.

service webmin restart

If you look at your /var/webmin/miniserv.error this is what you should see if everything worked out fine.

restarting miniserv
Restarting
miniserv.pl started
PAM authentication enabled

Reference: http://rodoabad.joinpgn.com/2008/10/13/webmin-error-perl-module-authenpam-needed-for-pam-is-not-installed/

Set timezone using /etc/localtime configuration file

Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.

Generic procedure to change timezone

Change directory to /etc

# cd /etc

Create a symlink to file localtime:

# ln -sf /usr/share/zoneinfo/EST localtime

OR some distro use /usr/share/zoneinfo/dirname/zonefile format (Red hat and friends)

# ln -sf /usr/share/zoneinfo/EST localtime

OR if you want to set up it to IST (Asia/Calcutta):

# ln -sf /usr/share/zoneinfo/Asia/Calcutta localtime

Please mote that in above example you need to use directory structure i.e. if you want to set the timezone to Calcutta (India) which is located in the Asia directory you will then have to setup using as above.

Use date command to verify that your timezone is changed:

$ date

Output:

Tue Aug 27 14:46:08 EST 2006

Reference: Howto: Linux server change or setup the timezone

Creating a Swap File

1. Determine the size of the new swap file in megabytes and multiply by 1024 to determine the number of blocks. For example, the block size of a 64 MB swap file is 65536.
2. At a shell prompt as root, type the following command with count being equal to the desired block size:
   dd if=/dev/zero of=/swapfile bs=1024 count=65536
3. Setup the swap file with the command:
   mkswap /swapfile
4. To enable the swap file immediately but not automatically at boot time:
   swapon /swapfile
5. To enable it at boot time, edit /etc/fstab to include the following entry:
   /swapfile swap swap defaults 0 0
   The next time the system boots, it enables the new swap file.
6. After adding the new swap file and enabling it, verify it is enabled by viewing the output of the command
   cat /proc/swaps or free.

Reference: Creating a Swap File

iptables Setup

[root@vps1 ~]# iptables -L -n -v

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  842 5263K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   48  2952 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
30301 8344K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    7   364 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 
   13   676 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
 1231 64828 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    9   464 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
    6   240 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:465 
    0     0            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:587 
    0     0            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
   62  3224 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
  502 22432 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 41521 packets, 36M bytes)
 pkts bytes target     prot opt in     out     source               destination      

References:
Bokko.nl » Iptables active and passive FTP in CentOS
25 Most Frequently Used Linux IPTables Rules Examples

restorecon command not found

Problem: Using iptables save results in the error restorecon command not found.
Solution: Install policycoreutils package.

yum install policycoreutils

Reference:
restorecon command not found

Extra Packages for Enterprise Linux (EPEL)

The EPEL repository contains more upgraded packages to compliment the default repository. To add the EL6 EPEL repository to yum, run the following command as root:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Reference: EPEL - FedoraProject

How to install mcrypt for PHP 5.3.3 on CentOS

Add the EPEL repository to yum as shown previously, and then run the following command as root:

yum install php53-mcrypt

Reference: How to install mcrypt for PHP 5.3.3 on CentOS 5.7 64 bit?

Sendmail Configuration

Mail Filtering

• greet_pause
  To enable the feature, you need to make two changes. First, in your sendmail.mc file:
  FEATURE(access_db)dnl
FEATURE(`greet_pause',5000)
  You probably already have access_db defined; it just needs to appear somewhere prior to greet_pause. The number is how many milliseconds to pause; 5000 = five seconds. Then in your access file you should add this:
  GreetPause:localhost 0
  The second change prevents the pause from applying to connections from your local machine, which would otherwise be annoying when you're sending mail. If you're doing this on a server which accepts mail from multiple machines, you'll want to do the same for the whole local network.
• BAD_RCPT_THROTTLE
  To enable it, add the following code to your sendmail.mc file:
  define(`confBAD_RCPT_THROTTLE', `1')dnl
  The number is how many bad recipients is takes to trigger the throttle, so 1 is the strictest setting.
• MAX_RCPTS_PER_MESSAGE
  define(`confMAX_RCPTS_PER_MESSAGE', `10')dnl
• CONNECTION_RATE_THROTTLE
  define(`confCONNECTION_RATE_THROTTLE', `3')dnl
• MAX_DAEMON_CHILDREN
  define(`confMAX_DAEMON_CHILDREN', `10')dnl
• timeouts
  define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `3m')dnl
define(`confTO_HELO', `2m')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `1m')dnl
define(`confTO_DATAFINAL', `1m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl

Reference: Mail Filtering - Sendmail Config

Sendmail SMTP AUTH

Make sure to install cyrus-sasl-plain package:

yum install cyrus-sasl-plain

Installing denyhosts

denyhosts is not available in the repository, so download the latest version from sourceforge.

Reference: linux CentOS 6.2 - installation

VPN via the TUN/TAP device

If you are using an OpenVZ container, you will need to ask your provider to grant your container access to the tun/tap device.

Reference: VPN via the TUN/TAP device