CentOS 7 Server Deployment Cookbook

CentOS 7 Server Deployment Cookbook

By : Timothy Boronczyk, IRAKLI NADAREISHVILI

Buy this Book

CentOS 7 Server Deployment Cookbook

By: Timothy Boronczyk, IRAKLI NADAREISHVILI

Buy this Book

Overview of this book

CentOS is derived from Red Hat Enterprise Linux (RHEL) sources and is widely used as a Linux server. This book will help you to better configure and manage Linux servers in varying scenarios and business requirements. Starting with installing CentOS, this book will walk you through the networking aspects of CentOS. You will then learn how to manage users and their permissions, software installs, disks, filesystems, and so on. You’ll then see how to secure connection to remotely access a desktop and work with databases. Toward the end, you will find out how to manage DNS, e-mails, web servers, and more. You will also learn to detect threats by monitoring network intrusion. Finally, the book will cover virtualization techniques that will help you make the most of CentOS.

CentOS 7 Server Deployment Cookbook

Credits

About the Author

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Getting Started with CentOS

Introduction

Installing CentOS using Anaconda in graphics mode

Installing CentOS using Anaconda in text mode

Coordinating multiple installations using Kickstart

Running a cloud image with Amazon Web Services' EC2

Installing a container image from the Docker Registry

Installing the GNOME desktop

Installing the KDE Plasma desktop

Networking

Introduction

Setting a static IP address

Binding multiple addresses to a single Ethernet device

Bonding two Ethernet devices

Configuring the network firewall with FirewallD

Configuring the network firewall using iptables

Installing a DHCP server

Configuring an NFS server to share a filesystem

Configuring an NFS client to use a shared filesystem

Serving Windows shares with Samba

User and Permission Management

Introduction

Escalating privileges with sudo

Enforcing password restrictions

Setting default permissions for new files and directories

Running binaries as a different user

Working with SELinux for greater security

Software Installation Management

Introduction

Registering the EPEL and Remi repositories

Prioritizing repositories using the Priorities plugin

Automating software updates with yum-cron

Verifying installed RPM packages

Compiling a program from source

Managing Filesystems and Storage

Introduction

Viewing the size of files and available storage

Setting storage limits for users and groups

Creating a RAM disk

Creating a RAID

Replacing a device in a RAID

Creating a new LVM volume

Removing an existing LVM volume

Adding storage and growing an LVM volume

Working with LVM snapshots

Allowing Remote Access

Introduction

Running commands remotely through SSH

Configuring a more secure SSH login

Securely connecting to SSH without a password

Restricting SSH access by user or group

Protecting SSH with Fail2ban

Confining sessions to a chroot jail

Configuring TigerVNC

Tunneling VNC connections through SSH

Working with Databases

Introduction

Setting up a MySQL database

Backing up and restoring a MySQL database

Configuring MySQL replication

Standing up a MySQL cluster

Setting up a MongoDB database

Backing up and restoring a MongoDB database

Configuring a MongoDB replica set

Setting up an OpenLDAP directory

Backing up and restoring an OpenLDAP database

Managing Domains and DNS

Introduction

Setting up BIND as a resolving DNS server

Configuring BIND as an authoritative DNS server

Writing a reverse lookup zone file

Setting up a slave DNS server

Configuring rndc to control BIND

Managing E-mails

Introduction

Configuring Postfix to provide SMTP services

Adding SASL to Postfix with Dovecot

Configuring Postfix to use TLS

Configuring Dovecot for secure POP3 and IMAP access

Targeting spam with SpamAssassin

Routing messages with Procmail

Managing Web Servers

Introduction

Installing Apache HTTP Server and PHP

Configuring name-based virtual hosting

Configuring Apache to serve pages over HTTPS

Enabling overrides and performing URL rewriting

Installing NGINX as a load balancer

Safeguarding Against Threats

Introduction

Sending messages to Syslog

Rotating log files with logrotate

Using Tripwire to detect modified files

Using ClamAV to fight viruses

Checking for rootkits with chkrootkit

Using Bacula for network backups

Virtualization

Introduction

Creating a new virtual machine

Cloning a virtual machine

Adding storage to a virtual machine

Connecting USB peripherals to a guest system

Configuring a guest's network interface

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Enforcing password restrictions

A weak password can be one of the weakest security points of any system. Simple passwords are susceptible to brute-force attacks and long-lived passwords, if they are compromised, provide a wide window of opportunity for malicious activity. Because of this, it's important to ensure that your users choose sufficiently complex passwords and change them regularly. This recipe shows you how to strengthen your system's security by enforcing various restrictions on users' passwords. You'll learn how to specify the minimum complexity requirements for a password, how long before a password must be changed, and how to lock down an account after a number of failed login attempts.

Getting ready

This recipe requires a CentOS system and administrative access, either provided by logging in with the root account or by using sudo.

How to do it...

Follow these steps to enforce password restrictions that will increase the security of your CentOS system:

The parameters governing...

CentOS 7 Server Deployment Cookbook

By : Timothy Boronczyk, IRAKLI NADAREISHVILI

CentOS 7 Server Deployment Cookbook

By: Timothy Boronczyk, IRAKLI NADAREISHVILI

Overview of this book

Related Content you might be interested in

Current Title:

CentOS 7 Server Deployment Cookbook

Enforcing password restrictions

Getting ready

How to do it...