{"id":6982,"date":"2017-09-12T14:47:24","date_gmt":"2017-09-12T06:47:24","guid":{"rendered":"http:\/\/rmohan.com\/?p=6982"},"modified":"2017-09-12T14:52:31","modified_gmt":"2017-09-12T06:52:31","slug":"lamp-on-centos7","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6982","title":{"rendered":"LAMP on CentOS7"},"content":{"rendered":"

Many open source p[projects require LAMP with database and database user ready to go. Here we will look at basic commands on CentOS7 to get it up and running quickly.<\/p>\n

After CentOS7 installed update all packages
\nyum update -y
\nInstall apache web server
\nyum install httpd
\nStart service and enable it to start on boot
\nsystemctl start httpd.service
\nsystemctl enable httpd.service
\nInstall MariaDB database server
\nyum install mariadb-server mariadb
\nStart mysql services
\nsystemctl start mariadb
\nSecure mysql installation
\nmysql_secure_installation
\nEnable MariaDB to start on boot
\nsystemctl enable mariadb.service
\nInstall PHP with mysql support
\nyum install php php-mysql
\nRestart apache web server
\nsystemctl restart httpd.service
\nOpen necessary firewall ports for example http
\nfirewall-cmd –zone=public –permanent –add-service=http
\nfirewall-cmd –reload
\nAnd finally create database and user. See example below.
\ncreate database mydb;
\ngrant usage on *.* to mydbuser@localhost identified by ‘mypassword’;
\ngrant all privileges on mydb.* to user@localhost ;
\nFLUSH PRIVILEGES;<\/p>\n

Open vSwitch installation on CentOS 7.2
\nOpen vSwitch (OVS) is a production quality, multilayer virtual switch software available for various platforms. The server platforms include x86 based latest Linux distributions e.g. Debian 16 LTS or CentOS 7.2. Popular SDN switch operating system development company Pica8 also bundles the OVS in a custom Ubuntu version for Pronto, Dell, and many other switches.<\/p>\n

Below is an effort to provide easy installation instructions for OVS on CentOS 7.2 and also to integrate OVS with the OpenDaylight. Note this blog is updated to use OVS version 2.5.1 (bug fix release for OVS 2.5.0).<\/p>\n

Install the requisite packages.
\n#yum -y install make gcc openssl-devel autoconf automake rpm-build redhat-rpm-config python-devel openssl-devel kernel-devel kernel-debug-devel libtool wget
\nNecessary steps for building RPM
\n#mkdir -p ~\/rpmbuild\/SOURCES
\n#wget http:\/\/openvswitch.org\/releases\/openvswitch-2.8.0.tar.gz
\n#cp openvswitch-2.8.0.tar.gz ~\/rpmbuild\/SOURCES\/
\n#tar xfz openvswitch-2.8.0.tar.gz
\n#sed ‘s\/openvswitch-kmod, \/\/g’ openvswitch-2.8.0\/rhel\/openvswitch.spec > openvswitch-2.8.0\/rhel\/openvswitch_no_kmod.spec
\nBuild the RPM
\n#rpmbuild -bb –nocheck ~\/openvswitch-2.8.0\/rhel\/openvswitch_no_kmod.spec
\nInstall the RPM
\n#ls -l ~\/rpmbuild\/RPMS\/x86_64\/
\n#yum localinstall ~\/rpmbuild\/RPMS\/x86_64\/openvswitch-2.8.0-1.x86_64.rpm
\nStart the OVS service and enable it for the next boot
\n#systemctl start openvswitch.service
\n#chkconfig openvswitch on
\nThis process will install the OVS on the server and start the process. Firewall should be open to accept the incoming TCP connection at port 6633.<\/p>\n

Test the OVS Version
\n#ovs-vsctl -V<\/p>\n

Useful OVS commands
\n#ovs-vsctl show
\n#ovs-ofctl show br0<\/p>\n

Create a new OVS Bridge, add physical ports, connect OVS with ODL controller
\n#ovs-vsctl add-br ovsbr0
\n#ovs-vsctl set bridge ovsbr0 protocols=OpenFlow13
\n#ovs-vsctl list controller
\n#ovs-vsctl add-port ovsbr0 eth4
\n#ovs-vsctl add-port ovsbr0 eth8
\n#ovs-vsctl set-controller ovsbr0 tcp:192.168.1.57:6633
\n#ovs-vsctl show<\/p>\n

First step we will install LAMP
\nyum -y install mariadb-server mariadb
\nsystemctl start mariadb.service
\nsystemctl enable mariadb.service
\nSecure MariaDB installation
\nmysql_secure_installation
\nInstall Apache server
\nyum -y install httpd
\nsystemctl start httpd.service
\nsystemctl enable httpd.service
\nInstall php with all modules
\nyum -y install php
\nyum -y install php-mysql
\nyum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel
\nRestart apache
\nsystemctl restart httpd.service
\nNow lets install phpMyAdmin
\nLets add epel repository
\nrpm -iUvh http:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm
\nInstall phpMyAdmin
\nyum install phpMyAdmin
\nMake sure we allow access to the software
\nvi \/etc\/httpd\/conf.d\/phpMyAdmin.conf
\nChange authentication
\nvi \/etc\/phpMyAdmin\/config.inc.php<\/p>\n

[…]
\n$cfg[‘Servers’][$i][‘auth_type’] = ‘http’; \/\/ Authentication method (config, http or cookie based)?
\n[…]<\/p>\n

Restart Apache
\nsystemctl restart httpd.service
\nNow we setup virtual hosts<\/p>\n

mkdir -p \/var\/www\/html\/site1.com\/public_html
\nmkdir -p \/var\/www\/html\/site2.com\/public_html<\/p>\n

useradd webadmin
\npasswd webadmin<\/p>\n

chown -R webadmin:webadmin \/var\/www\/html\/site1\/public_html
\nchown -R webadmin:webadmin \/var\/www\/html\/site2\/public_html<\/p>\n

chmod -R 755 \/var\/www\/html<\/p>\n

vi \/etc\/httpd\/conf\/httpd.conf
\nIncludeOptional sites-enabled\/*.conf<\/p>\n

mkdir \/etc\/httpd\/sites-enabled
\nmkdir \/etc\/httpd\/sites-available<\/p>\n

cd sites-available
\nvi site1.com.conf<\/p>\n

ServerName www.site1.com
\n DocumentRoot \/var\/www\/html\/site1\/public_html
\n ServerAlias site1.com
\n ErrorLog \/var\/www\/html\/site1\/error.log
\n CustomLog \/var\/www\/html\/site1\/requests.log combined<\/p>\n

vi site2.com.conf<\/p>\n

ServerName www.site2.com
\n DocumentRoot \/var\/www\/html\/site2\/public_html
\n ServerAlias site2.com
\n ErrorLog \/var\/www\/html\/site2\/error.log
\n CustomLog \/var\/www\/html\/site2\/requests.log combined<\/p>\n

ln -s \/etc\/httpd\/sites-available\/site1.com.conf \/etc\/httpd\/sites-enabled\/site1.com.conf
\nln -s \/etc\/httpd\/sites-available\/site2.com.conf \/etc\/httpd\/sites-enabled\/site2.com.conf<\/p>\n

Make sure proper firewall accept ions are added<\/p>\n

firewall-cmd –permanent –zone=public –add-service=http
\nfirewall-cmd –permanent –zone=public –add-service=https
\nfirewall-cmd –reload<\/p>\n

Install OSSEC Host Intrusion Detection Software
\nyum install mysql-devel postgresql-devel gcc
\nwget -U ossec https:\/\/bintray.com\/artifact\/download\/ossec\/ossec-hids\/ossec-hids-2.8.3.tar.gz
\ntar -zxvf ossec-hids-2.8.3.tar.gz
\ncd ossec-hids-2.8.3 cd ossec-hids-2.8.3
\n.\/install.sh
\nChoose local install, provide email and SMTP server for alerts<\/p>\n

Install Fail2Ban
\nyum install fail2ban fail2ban-systemd
\ncp -pf \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local
\nExamine configuration file to make sure settings are as you want them
\nvi \/etc\/fail2ban\/jail.local
\nAdd ssh jail file
\nvi \/etc\/fail2ban\/jail.d\/sshd.local
\n[sshd]
\nenabled = true
\nport = ssh
\n#action = firewallcmd-ipset
\nlogpath = %(sshd_log)s
\nmaxretry = 5
\nbantime = 86400
\nWith firewalld enabled and running
\nsystemctl enable fail2ban
\nsystemctl start fail2ban
\nTracking logon attempts
\ncat \/var\/log\/secure | grep ‘Failed password’
\nCheck banned IP address
\niptables -L -n
\nCheck fail2ban status
\nfail2ban-client status
\nRemove ban from IP
\nfail2ban-client set sshd unbanip IPADDRESS<\/p>\n

Install nagios to monitor server or vm
\ncd ~
\ncurl -L -O http:\/\/nagios-plugins.org\/download\/nagios-plugins-2.1.1.tar.gz
\ntar xvf nagios-plugins-*.tar.gz
\ncd nagios-plugins-*
\n.\/configure –with-nagios-user=nagios –with-nagios-group=nagios –with-openssl
\nmake
\nmake install
\nhtpasswd -c \/usr\/local\/nagios\/etc\/htpasswd.users nagiosadmin
\nsystemctl start nagios.service
\nsystemctl restart httpd.service
\nchkconfig nagios on<\/p>\n

If you like to restrict access to Nagios web portion by IP
\nvi \/etc\/httpd\/conf.d\/nagios.conf
\nFind and comment the following two lines by adding # symbols in front of them:
\nOrder allow,deny
\nAllow from all
\nThen uncomment the following lines, by deleting the # symbols, and add the IP addresses or ranges (space delimited) that you want to allow to in the
\nAllow from line:<\/p>\n

# Order deny,allow
\n# Deny from all
\n# Allow from 127.0.0.1
\nInstall Clamv virus scanner
\nyum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd<\/p>\n

cp \/usr\/share\/clamav\/template\/clamd.conf \/etc\/clamd.d\/clamd.conf
\nsed -i \u2018\/^Example\/d\u2019 \/etc\/clamd.d\/clamd.conf<\/p>\n

freshclam<\/p>\n

cp \/etc\/freshclam.conf \/etc\/freshclam.conf.bak
\nsed -i \u2018\/^Example\/d\u2019 \/etc\/freshclam.conf<\/p>\n

vi \/usr\/lib\/systemd\/system\/clam-freshclam.service
\n# Run the freshclam as daemon
\n[Unit]
\nDescription = freshclam scanner
\nAfter = network.target<\/p>\n

[Service]
\nType = forking
\nExecStart = \/usr\/bin\/freshclam -d -c 4
\nRestart = on-failure
\nPrivateTmp = true<\/p>\n

[Install]
\nWantedBy=multi-user.target<\/p>\n

systemctl enable clam-freshclam.service
\nsystemctl start clam-freshclam.service
\nAdd ssl website
\nInstall mod_ssl
\nyum install mod_ssl
\nCreate certioficate CSR \u2013 Certificate Signing Request
\nopenssl req -new -newkey rsa:2048 -nodes -keyout rmohan.key -out rmohan.csr
\nedit \/etc\/httpd\/sites-available and add below.<\/p>\n

SSLEngine On
\n SSLCertificateFile \/etc\/pki\/tls\/certs\/rmohan.crt
\n SSLCertificateKeyFile \/etc\/pki\/tls\/private\/rmohan.key
\n SSLCACertificateFile \/etc\/pki\/tls\/certs\/root-certificate.crt #root certificate provided by ca-certificates, omit this line<\/p>\n

ServerAdmin info@rmohan.com
\n ServerName www.rmohan.com
\n DocumentRoot \/var\/www\/html\/rmohan.com\/public_html\/
\n ErrorLog \/var\/www\/html\/rmohan.com\/logs\/error.log
\n CustomLog \/var\/www\/html\/rmohan.com\/logs\/access.log combined<\/p>\n

Finish configuration and setup correct permittions
\nmkdir \/var\/www\/html\/rmohan.com\/public_html
\nchown -R webadmin:webadmin \/var\/www\/html\/rmohan.com\/public_html
\nln -s \/etc\/httpd\/sites-available\/rmohan.com.conf \/ \/etc\/httpd\/sites-enabled\/rmohan.com.conf<\/p>\n","protected":false},"excerpt":{"rendered":"

Many open source p[projects require LAMP with database and database user ready to go. Here we will look at basic commands on CentOS7 to get it up and running quickly.<\/p>\n

After CentOS7 installed update all packages yum update -y Install apache web server yum install httpd Start service and enable it to start on boot […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6982"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6982"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6982\/revisions"}],"predecessor-version":[{"id":6989,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6982\/revisions\/6989"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}