Book Image

CentOS 7 Server Deployment Cookbook

By : Timothy Boronczyk, IRAKLI NADAREISHVILI
Book Image

CentOS 7 Server Deployment Cookbook

By: Timothy Boronczyk, IRAKLI NADAREISHVILI

Overview of this book

CentOS is derived from Red Hat Enterprise Linux (RHEL) sources and is widely used as a Linux server. This book will help you to better configure and manage Linux servers in varying scenarios and business requirements. Starting with installing CentOS, this book will walk you through the networking aspects of CentOS. You will then learn how to manage users and their permissions, software installs, disks, filesystems, and so on. You’ll then see how to secure connection to remotely access a desktop and work with databases. Toward the end, you will find out how to manage DNS, e-mails, web servers, and more. You will also learn to detect threats by monitoring network intrusion. Finally, the book will cover virtualization techniques that will help you make the most of CentOS.

Related Content you might be interested in

Current Title:

Small book image
CentOS 7 Server Deployment Cookbook
Timothy Boronczyk | IRAKLI NADAREISHVILI
Oct, 2016 | 406 pages
No titles found
Table of Contents (18 chapters)
CentOS 7 Server Deployment Cookbook
CentOS 7 Server Deployment Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with CentOS
Getting Started with CentOS
Introduction
Installing CentOS using Anaconda in graphics mode
Installing CentOS using Anaconda in text mode
Coordinating multiple installations using Kickstart
Running a cloud image with Amazon Web Services' EC2
Installing a container image from the Docker Registry
Installing the GNOME desktop
Installing the KDE Plasma desktop
2
Networking
Networking
Introduction
Setting a static IP address
Binding multiple addresses to a single Ethernet device
Bonding two Ethernet devices
Configuring the network firewall with FirewallD
Configuring the network firewall using iptables
Installing a DHCP server
Configuring an NFS server to share a filesystem
Configuring an NFS client to use a shared filesystem
Serving Windows shares with Samba
3
User and Permission Management
User and Permission Management
Introduction
Escalating privileges with sudo
Enforcing password restrictions
Setting default permissions for new files and directories
Running binaries as a different user
Working with SELinux for greater security
4
Software Installation Management
Software Installation Management
Introduction
Registering the EPEL and Remi repositories
Prioritizing repositories using the Priorities plugin
Automating software updates with yum-cron
Verifying installed RPM packages
Compiling a program from source
5
Managing Filesystems and Storage
Managing Filesystems and Storage
Introduction
Viewing the size of files and available storage
Setting storage limits for users and groups
Creating a RAM disk
Creating a RAID
Replacing a device in a RAID
Creating a new LVM volume
Removing an existing LVM volume
Adding storage and growing an LVM volume
Working with LVM snapshots
6
Allowing Remote Access
Allowing Remote Access
Introduction
Running commands remotely through SSH
Configuring a more secure SSH login
Securely connecting to SSH without a password
Restricting SSH access by user or group
Protecting SSH with Fail2ban
Confining sessions to a chroot jail
Configuring TigerVNC
Tunneling VNC connections through SSH
7
Working with Databases
Working with Databases
Introduction
Setting up a MySQL database
Backing up and restoring a MySQL database
Configuring MySQL replication
Standing up a MySQL cluster
Setting up a MongoDB database
Backing up and restoring a MongoDB database
Configuring a MongoDB replica set
Setting up an OpenLDAP directory
Backing up and restoring an OpenLDAP database
8
Managing Domains and DNS
Managing Domains and DNS
Introduction
Setting up BIND as a resolving DNS server
Configuring BIND as an authoritative DNS server
Writing a reverse lookup zone file
Setting up a slave DNS server
Configuring rndc to control BIND
9
Managing E-mails
Managing E-mails
Introduction
Configuring Postfix to provide SMTP services
Adding SASL to Postfix with Dovecot
Configuring Postfix to use TLS
Configuring Dovecot for secure POP3 and IMAP access
Targeting spam with SpamAssassin
Routing messages with Procmail
10
Managing Web Servers
Managing Web Servers
Introduction
Installing Apache HTTP Server and PHP
Configuring name-based virtual hosting
Configuring Apache to serve pages over HTTPS
Enabling overrides and performing URL rewriting
Installing NGINX as a load balancer
11
Safeguarding Against Threats
Safeguarding Against Threats
Introduction
Sending messages to Syslog
Rotating log files with logrotate
Using Tripwire to detect modified files
Using ClamAV to fight viruses
Checking for rootkits with chkrootkit
Using Bacula for network backups
12
Virtualization
Virtualization
Introduction
Creating a new virtual machine
Cloning a virtual machine
Adding storage to a virtual machine
Connecting USB peripherals to a guest system
Configuring a guest's network interface

Confining sessions to a chroot jail

This recipe teaches you how to set up a chroot jail. A chroot call changes the user's view of the filesystem hierarchy by setting a particular path as the root; for the user, the path appears as / and they are unable to traverse beyond it. This creates a sandbox or jail, confining the user to a small branch of the real hierarchy. Chroot jails are commonly used for security purposes, for example, user containment and honeypots and also for application testing and in recovery procedures.

Getting ready

This recipe requires a CentOS system running the OpenSSH server. Administrative privileges are also required, either by logging in with the root account or through the use of sudo.

How to do it...

Follow these steps to configure a chroot jail and confine users to it:

  1. Download the cpchroot script needed to copy commands and their dependencies into the chroot environment:

    curl -Lo ~/cpchroot tinyurl.com/zyzozdp

  2. Make the script executable using chmod:

    chmod +x ~/cpchroot...
Previous Section
End of Section 8
Next Section