CentOS 7 Server Deployment Cookbook

CentOS 7 Server Deployment Cookbook

By : Timothy Boronczyk, IRAKLI NADAREISHVILI

Buy this Book

CentOS 7 Server Deployment Cookbook

By: Timothy Boronczyk, IRAKLI NADAREISHVILI

Buy this Book

Overview of this book

CentOS is derived from Red Hat Enterprise Linux (RHEL) sources and is widely used as a Linux server. This book will help you to better configure and manage Linux servers in varying scenarios and business requirements. Starting with installing CentOS, this book will walk you through the networking aspects of CentOS. You will then learn how to manage users and their permissions, software installs, disks, filesystems, and so on. You’ll then see how to secure connection to remotely access a desktop and work with databases. Toward the end, you will find out how to manage DNS, e-mails, web servers, and more. You will also learn to detect threats by monitoring network intrusion. Finally, the book will cover virtualization techniques that will help you make the most of CentOS.

CentOS 7 Server Deployment Cookbook

Credits

About the Author

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Getting Started with CentOS

Introduction

Installing CentOS using Anaconda in graphics mode

Installing CentOS using Anaconda in text mode

Coordinating multiple installations using Kickstart

Running a cloud image with Amazon Web Services' EC2

Installing a container image from the Docker Registry

Installing the GNOME desktop

Installing the KDE Plasma desktop

Networking

Introduction

Setting a static IP address

Binding multiple addresses to a single Ethernet device

Bonding two Ethernet devices

Configuring the network firewall with FirewallD

Configuring the network firewall using iptables

Installing a DHCP server

Configuring an NFS server to share a filesystem

Configuring an NFS client to use a shared filesystem

Serving Windows shares with Samba

User and Permission Management

Introduction

Escalating privileges with sudo

Enforcing password restrictions

Setting default permissions for new files and directories

Running binaries as a different user

Working with SELinux for greater security

Software Installation Management

Introduction

Registering the EPEL and Remi repositories

Prioritizing repositories using the Priorities plugin

Automating software updates with yum-cron

Verifying installed RPM packages

Compiling a program from source

Managing Filesystems and Storage

Introduction

Viewing the size of files and available storage

Setting storage limits for users and groups

Creating a RAM disk

Creating a RAID

Replacing a device in a RAID

Creating a new LVM volume

Removing an existing LVM volume

Adding storage and growing an LVM volume

Working with LVM snapshots

Allowing Remote Access

Introduction

Running commands remotely through SSH

Configuring a more secure SSH login

Securely connecting to SSH without a password

Restricting SSH access by user or group

Protecting SSH with Fail2ban

Confining sessions to a chroot jail

Configuring TigerVNC

Tunneling VNC connections through SSH

Working with Databases

Introduction

Setting up a MySQL database

Backing up and restoring a MySQL database

Configuring MySQL replication

Standing up a MySQL cluster

Setting up a MongoDB database

Backing up and restoring a MongoDB database

Configuring a MongoDB replica set

Setting up an OpenLDAP directory

Backing up and restoring an OpenLDAP database

Managing Domains and DNS

Introduction

Setting up BIND as a resolving DNS server

Configuring BIND as an authoritative DNS server

Writing a reverse lookup zone file

Setting up a slave DNS server

Configuring rndc to control BIND

Managing E-mails

Introduction

Configuring Postfix to provide SMTP services

Adding SASL to Postfix with Dovecot

Configuring Postfix to use TLS

Configuring Dovecot for secure POP3 and IMAP access

Targeting spam with SpamAssassin

Routing messages with Procmail

Managing Web Servers

Introduction

Installing Apache HTTP Server and PHP

Configuring name-based virtual hosting

Configuring Apache to serve pages over HTTPS

Enabling overrides and performing URL rewriting

Installing NGINX as a load balancer

Safeguarding Against Threats

Introduction

Sending messages to Syslog

Rotating log files with logrotate

Using Tripwire to detect modified files

Using ClamAV to fight viruses

Checking for rootkits with chkrootkit

Using Bacula for network backups

Virtualization

Introduction

Creating a new virtual machine

Cloning a virtual machine

Adding storage to a virtual machine

Connecting USB peripherals to a guest system

Configuring a guest's network interface

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Configuring Postfix to use TLS

Implementing authentication for mail relaying is an important step in securing your mail server. But as you learned in the previous recipe, the user's name and password are sent in clear text. Base64-encoding encodes binary data using only ASCII characters, which allows for non-ASCII characters in a user's password for example, but encoding isn't encryption. If traffic between the user's mail client and the server happens over an untrusted network, a malicious user can easily capture the credentials and masquerade as the user. This recipe further secures Postfix by configuring Transport Layer Security (TLS) encryption to protect the communication from eavesdropping.

Getting ready

This recipe requires a CentOS system with Postfix configured as described in previous recipes. Administrative privileges are also required, either by logging in with the root account or through the use of sudo.

How to do it...

Follow these steps to configure Postfix to use TLS:

Generate...

CentOS 7 Server Deployment Cookbook

By : Timothy Boronczyk, IRAKLI NADAREISHVILI

CentOS 7 Server Deployment Cookbook

By: Timothy Boronczyk, IRAKLI NADAREISHVILI

Overview of this book

Related Content you might be interested in

Current Title:

CentOS 7 Server Deployment Cookbook

Configuring Postfix to use TLS

Getting ready

How to do it...