What’s all this, then?

Every once in a while I have to set up in rather quick fashion a new, GUI-less CentOS server for hosting services, databases, web sites, what have you. Here’s a quick and dirty (and extremely basic) list of things you’ll want to perform on a clean installation to get it situated. It’s also a great starting point if you’re creating an instance on any virtualized cloud service that allows you to create snapshots, which you can then deploy at a moment’s notice into a new instance. Since CentOS is essentially Red Hat Enterprise Linux, these steps also work wonderfully with RHEL.

Start with the überbasics

Set the time zone by linking the /etc/localtime to the zone file. In my case, most of my servers operate in the US Central time zone, so I’ve picked CST6CDT:

ln -fs /usr/share/zoneinfo/CST6CDT /etc/localtime

Make sure all packages on the server are totally updated, and install some basic packages for time synchronization, socket and route testing, DNS testing, and of course vim (my personal favorite; you no doubt have yours as well) to edit a few configuration files below:

yum update
yum install ntp traceroute telnet bind-utils vim-enhanced

Secure things a tad bit

Next, for a little bit of security, and so logwatch doesn’t email you a huge list of failed SSH attempts every morning (and someone doesn’t by rare chance gain access to your server), change sshd’s listening port number–I usually pick something obnoxious, far, far away from 22. (Obviously this doesn’t fully prevent someone from finding this port by scanning every possible port, but it helps a little bit.)

vim /etc/ssh/sshd_config

    Port NEWPORTNUMBER

Then reload sshd’s configuration immediately. This will not disconnect you since your session is already open as an already-running process on the system separate from the master daemon.

service sshd reload

Remember to update your iptables rules with the new port number you chose above. You might want to restrict ssh based on IP address, but below for simplicity sake I simply open the off-the-wall port number.

vim /etc/sysconfig/iptables

    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT ACCEPT [0:0]

    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    -A INPUT -m state --state NEW -m tcp -p tcp --dport NEWPORTNUMBER -j ACCEPT

    COMMIT

Be sure to restart iptables so that the change goes into effect immediately. This will not disconnect you, either, as your connection falls under the ESTABLISHED state–and thus the first ACCEPT rule in the list.

service iptables restart

Next, disable SELINUX and turn it off, if currently active, as it tends to be a major pain in the ass for any server admin who knows how to manage things properly:

vim /etc/selinux/config
    SELINUX=disabled

setenforce 0

Stave off an identity crisis

Change the machine’s hostname and default search domains for the DNS resolver–especially helpful if you deploy an army of servers with names that fall under the same domain name:

vim /etc/sysconfig/network
    HOSTNAME=my.full.host.domainname.com

vim /etc/resolv.conf
    search domainname.com
    domain domainname.com

Cross your fingers

Reboot to make sure everything comes back up as intended–this is especially important if SELINUX was previously enabled on your server, as it could have funky effects on the availability of running services until a reboot:

reboot

Once the server’s back up, make sure the time zone settings stuck by checking the date and time:

date

It will take the newly installed NTPD a while to figure out how much clock lag you tend to have, so if you’re impatient, use ntpdate with a reliable time source (I tend to use ntpdate time.apple.com when in a rush) if you want to synchronize immediately. Just be sure and stop ntpd while you do this, then fire it back up, otherwise ntpdate will complain.

Voila and so forth

Everything should be just peachy now, and ready to either create a snapshot for a barebones, baseline image, or begin installing packages specific to the duties of this machine.

The Problem

Following a bunch of really funny people on Twitter helps get me through the day sometimes. Other times, tired hashtag memes like #oneletteroffmovies often go on for way too long. The longer it goes on, the less funny it is, yet more people want to get involved. While there’s really nothing wrong with that, it just gets old when all 175 of the folks you follow jump on the bandwagon.

The Solution

The latest version of Tweetie for Mac has a nice, sorta-undocumented feature that causes it to completely omit any tweets that contain specific terms that you specify. This is done on the command line thusly:

defaults write com.atebits.tweetie-mac filterTerms -array-add #hashtagabuse

Occasionally, hashtag memes pop up a few times a day, so typing that for each one that overtakes your tweet stream gets a little tedious. That’s why I wrote a bash script to pull the current trending topics list from Twitter and subsequently tell Tweetie to filter out any hashtags that appear on that list.

Here is that script.

#!/bin/bash
TRENDING_HASHTAGS=`curl -s http://search.twitter.com/trends.json | jsonpretty | sed -e 's/ *"name": "#\([^"]*\)",/#\1/g' | grep '^#'`

for i in $TRENDING_HASHTAGS
do
  LOCAL_MATCHES=`defaults read com.atebits.tweetie-mac filterTerms | grep -ci "\"$i\""`
  if [ "0" == "$LOCAL_MATCHES" ]
  then
    echo Adding filter for $i
    defaults write com.atebits.tweetie-mac filterTerms -array-add \"$i\"
  fi
done

You’ll see output if something is added to the filter list:

brian@moonbus:~/bin$ ./killhashtags
Adding filter for #FamousHoodQuotes
Adding filter for #MusicMonday
Adding filter for #mm
Adding filter for #worldsthinnestbooks
Adding filter for #goodtimes

Bash is quite flexible, so feel free to tweak to your liking in case you want to see #FF / #FollowFriday tweets, or any other hashtags that may trend regularly. If you’re as much of a hashtag abuse crusader as I am, you might put this into a cron job.

The Caveats

There does not appear to be any kind of AppleScript command to tell Tweetie to reload the filter list, so you must restart Tweetie for changes to the filter list to take effect.

Also, I have no idea if jsonpretty comes bundled with every Mac, or if it’s something that gets installed with Xcode. I have Xcode on all of my Macs, so I can’t verify if it comes standard. Worst case scenario is you download and compile it yourself (quite simple), or suggest a better sed/grep manipulation on line 2 so that jsonpretty is not necessary.