GadElKareem

Archive for the ‘Blog’ Category

• synchronize clock on CentOS server

  Sunday, February 26th, 2012

  Check Installing CentOS 6.2 on VMware post.

  chkconfig --levels 235 ntpd on
  /etc/init.d/ntpd restart
  ntpdate 0.pool.ntp.org

  - using dateconfig

  yum groupinstall 'X Window System'
  dateconfig

• disable root login

  Sunday, February 26th, 2012

  Check Installing CentOS 6.2 on VMware post.

  This should make the server more secure, review creating admin users post

  - this will disable logging in ssh as root

  vi /etc/ssh/sshd_config 
  #add
  PermitRootLogin no
  #restart ssh
  /etc/init.d/sshd restart

• Adding new users and admins to Linux server

  Sunday, February 26th, 2012

  Check Installing CentOS 6.2 on VMware post.

  Using admin user avoids common mistakes done when logging as root, instead use sudo to run root commands.

  mkdir /server
   
  #adding web-server user www
  adduser www -d /server -s /sbin/nologin
   
  #adding admins group to use instead of root
  groupadd admins
  visudo
  #add
  %admins ALL=(ALL)       NOPASSWD: ALL
   
  #add new admin 
  adduser admin -g admins
  #set password
  passwd admin
   
  #add email for user admin
  vi /etc/aliases
  #add
  admin: admin@example.com
  #rebuild data
  newaliases

• Disabling unneeded services on CentOS

  Sunday, February 26th, 2012

  Check Installing CentOS 6.2 on VMware post.

  More information about each service can be found here

  chkconfig setroubleshoot --levels 345 off;service setroubleshoot stop
  chkconfig portmap --levels 345 off;service portmap stop
  chkconfig rpcidmapd --levels 345 off;service rpcidmapd stop
  chkconfig restorecond --levels 345 off;service restorecond stop
  chkconfig pcscd --levels 345 off;service pcscd stop
  chkconfig nfslock --levels 345 off;service nfslock stop
  chkconfig nfs --levels 345 off;service nfs stop
  chkconfig netfs --levels 345 off;service netfs stop
  chkconfig mdmonitor --levels 345 off;service mdmonitor stop
  chkconfig hidd --levels 345 off;service hidd stop
  chkconfig cpuspeed --levels 345 off;service cpuspeed stop
  chkconfig cups --levels 345 off;service cups stop
  chkconfig cpuspeed --levels 345 off;service cpuspeed stop
  chkconfig apmd --levels 345 off;service apmd stop
  chkconfig autofs --levels 345 off;service autofs stop
  chkconfig atd --levels 345 off;service atd stop
  chkconfig apf --levels 345 off;service apf stop
  chkconfig yum-updatesd  --levels 345 off;service yum-updatesd  stop
   
  #disable apache if not needed
  chkconfig httpd  --levels 345 off;service httpd  stop

• increase linux file descriptors

  Saturday, February 25th, 2012

  Check Installing CentOS 6.2 on VMware and mounting partitions with noatime posts.

  This is very important performance tuning for any web server more information here

  #adduser www first http://gadelkareem.com/2012/02/26/adding-new-users-and-admins-to-linux-server/
  ulimit -n unlimited - www
  #check default number of concurrently open file descriptors 
  cat /proc/sys/fs/file-max
  #set the number to high value depending on server config
  echo '1773914' > /proc/sys/fs/file-max
  echo 'fs.file-max=1773914' >> /etc/sysctl.conf
  /sbin/sysctl -w fs.file-max=1773914

  (more…)

• mounting partitions with noatime

  Saturday, February 25th, 2012

  Check Installing CentOS 6.2 on VMware and increase linux file descriptors posts.

  This should help reduce disk IO by telling the system not to update inode access times. more here

  vi /etc/fstab
  #add noatime to the options of the / file system ex:
  /dev/mapper/vg_centos6-lv_root /                       ext4    defaults,noatime         1 1

  - remount file system

  mount -o remount /
  #check
  cat /proc/mounts | grep noatime

• Change ssh port and enable X11 forwarding

  Saturday, February 25th, 2012

  Check Installing CentOS 6.2 on VMware post.

  - configure ssh port

  cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old
  vi /etc/ssh/sshd_config
  #uncomment port 22 and change to
  port 4568

  - enable X11 forwarding

  #install needed libraries
  yum -y install xorg-x11-xauth xorg-x11-fonts-base liberation-fonts
   
  vi /etc/ssh/sshd_config
  #add
  X11Forwarding yes
  X11DisplayOffset 10
  X11UseLocalhost yes

  - restart sshd

   /etc/init.d/sshd restart

  Now you should connect to 192.168.126.128:4568

• Configuring iptables on CentOS

  Saturday, February 25th, 2012

  - disable SELINUX

  vi /etc/selinux/config
  #change
  SELINUX=disabled

  - reboot or run

   setenforce 0

  - add iptables rules (more…)

• Change server hostname

  Saturday, February 25th, 2012

  Check Installing CentOS 6.2 on VMware post.

  Adding Hostname to Linux server

  vi /etc/hosts
  # add
  127.0.0.1  localhost.localdomain localhost
  192.168.126.128 centos6.vmware.local

  vi /etc/sysconfig/network
  #change
  HOSTNAME=centos6.vmware.local

  hostname centos6.vmware.local

• Useful Linux commands

  Saturday, February 25th, 2012

  Check Installing CentOS 6.2 on VMware post.

  - getting full memory info

  more /proc/meminfo

  - display memory usage in MB

  free -m

  (more…)