`setfont t` is the internet’s next rickroll.Posted at 6:33pm on Sun 26 Aug 2012
Just lost a 24-port switch, NIC, and video card to lightning because Time Warner told me twice to stop surge protecting my coax cable.Posted at 4:04pm on Sun 26 Aug 2012
“Contributors are awesome. If you're thinking about contributing, that means you're thinking about being awesome.” (http://t.co/56XCgXZV)Posted at 9:19pm on Sun 19 Aug 2012
Every once in a while I have to set up in rather quick fashion a new, GUI-less CentOS server for hosting services, databases, web sites, what have you. Here’s a quick and dirty (and extremely basic) list of things you’ll want to perform on a clean installation to get it situated. It’s also a great starting point if you’re creating an instance on any virtualized cloud service that allows you to create snapshots, which you can then deploy at a moment’s notice into a new instance. Since CentOS is essentially Red Hat Enterprise Linux, these steps also work wonderfully with RHEL.
Set the time zone by linking the /etc/localtime to the zone file. In my case, most of my servers operate in the US Central time zone, so I’ve picked CST6CDT:
ln -fs /usr/share/zoneinfo/CST6CDT /etc/localtime
Make sure all packages on the server are totally updated, and install some basic packages for time synchronization, socket and route testing, DNS testing, and of course vim (my personal favorite; you no doubt have yours as well) to edit a few configuration files below:
yum update yum install ntp traceroute telnet bind-utils vim-enhanced
Next, for a little bit of security, and so logwatch doesn’t email you a huge list of failed SSH attempts every morning (and someone doesn’t by rare chance gain access to your server), change sshd’s listening port number–I usually pick something obnoxious, far, far away from 22. (Obviously this doesn’t fully prevent someone from finding this port by scanning every possible port, but it helps a little bit.)
vim /etc/ssh/sshd_config Port NEWPORTNUMBER
Then reload sshd’s configuration immediately. This will not disconnect you since your session is already open as an already-running process on the system separate from the master daemon.
service sshd reload
Remember to update your iptables rules with the new port number you chose above. You might want to restrict ssh based on IP address, but below for simplicity sake I simply open the off-the-wall port number.
vim /etc/sysconfig/iptables *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport NEWPORTNUMBER -j ACCEPT COMMIT
Be sure to restart iptables so that the change goes into effect immediately. This will not disconnect you, either, as your connection falls under the ESTABLISHED state–and thus the first ACCEPT rule in the list.
service iptables restart
Next, disable SELINUX and turn it off, if currently active, as it tends to be a major pain in the ass for any server admin who knows how to manage things properly:
vim /etc/selinux/config SELINUX=disabled setenforce 0
Change the machine’s hostname and default search domains for the DNS resolver–especially helpful if you deploy an army of servers with names that fall under the same domain name:
vim /etc/sysconfig/network HOSTNAME=my.full.host.domainname.com vim /etc/resolv.conf search domainname.com domain domainname.com
Reboot to make sure everything comes back up as intended–this is especially important if SELINUX was previously enabled on your server, as it could have funky effects on the availability of running services until a reboot:
Once the server’s back up, make sure the time zone settings stuck by checking the date and time:
It will take the newly installed NTPD a while to figure out how much clock lag you tend to have, so if you’re impatient, use
ntpdate with a reliable time source (I tend to use
ntpdate time.apple.com when in a rush) if you want to synchronize immediately. Just be sure and stop ntpd while you do this, then fire it back up, otherwise
ntpdate will complain.
Everything should be just peachy now, and ready to either create a snapshot for a barebones, baseline image, or begin installing packages specific to the duties of this machine.