The Perfect Server - CentOS 6.5 x86_64 (Apache2, MySQL, PHP, PureFTPD, Postfix, Dovecot and ISPConfig 3) - Page 3
4 Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.0.100 server1.example.com server1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 |
5 Configure The Firewall
(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).
Run
system-config-firewall
and disable the firewall.
To check that the firewall has really been disabled, you can run
iptables -L
afterwards. The output should look like this:
[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server1 ~]#
6 Disable SELinux
SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
Edit /etc/selinux/config and set SELINUX=disabled:
vi /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted |
Afterwards we must reboot the system:
reboot
7 Enable Additional Repositories And Install Some Software
First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.4 repositories:
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
cd /tmp
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)
rpm --import https://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum -y install yum-priorities
Edit /etc/yum.repos.d/epel.repo...
vi /etc/yum.repos.d/epel.repo
... and add the line priority=10 to the [epel] section:
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [...] |
Then we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum groupinstall 'Development Tools'
8 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
yum -y install quota
Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):
vi /etc/fstab
# # /etc/fstab # Created by anaconda on Wed Jul 11 17:52:57 2012 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_server1-lv_root / ext4 defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 1 1 UUID=806910a1-dbdf-4746-bd94-cbe73ce81493 /boot ext4 defaults 1 2 /dev/mapper/vg_server1-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 |
Then run
mount -o remount /
quotacheck -avugm
quotaon -avug
to enable quota.
9 Install Apache, MySQL, phpMyAdmin
We can install the needed packages with one single command:
yum -y install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin
10 Install Dovecot
Dovecot can be installed as follows:
yum -y install dovecot dovecot-mysql
Create a empty dovecot-sql.conf file and symlink:
touch /etc/dovecot/dovecot-sql.conf
ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf
Now create the system startup links and start Dovecot:
chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start
11 Install Postfix
Postfix can be installed as follows:
yum -y install postfix
Then turn off Sendmail and start Postfix and MySQL:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix restart
12 Install Getmail
Getmail can be installed as follows:
yum -y install getmail