Skip to content

LocalServer Ek Adımlar

Jump to bottom Edit New page
Tuna edited this page Feb 27, 2015 · 2 revisions

Fish Kurulumu: http://fishshell.com/
cd /tmp
cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/shells:fish:release:2/CentOS_7/shells:fish:release:2.repo
cd ..
yum install fish

Shell Command olarak fish default gelmiyor. Komut ile aktif edilmesi lazım.

chsh -s /usr/bin/fish (fish nereye kuruldu ise onun klasörüne git)
chsh -s /bin/bash (eskiye dönüş)

KOmutlar:
free : ram miktarını hızlı bir şekilde gösterir.
option m displays the values in MB
option t displays the “Total” line, which is sum of physical and swap memory values
option o is to hide the buffers/cache line from the above example.

netstat -a | more
netstat -ap | grep ssh

clear : ekranı temizler.
ntop : network trafik
w : şu an kimler sisteme bağlı
uptime : bilgisi

Task: Register my system with RHN

To register your system with RHN type the following command and just follow on screen instructions (CentOS user skip to next step):

  1. rhn_register

Warning examples only works with RHEL / CentOS Linux version 5.x or aboveWARNING! These examples only works with RHEL / CentOS Linux version 5.x or above. For RHEL 4.x and older version use up2date command.
Task: Display list of updated software (security fix)

Type the following command at shell prompt:

  1. yum list updates

Task: Patch up system by applying all updates

To download and install all updates type the following command:

  1. yum update

Task: List all installed packages

List all installed packages, enter:

  1. rpm -qa
  2. yum list installed

Find out if httpd package installed or not, enter:

  1. rpm -qa | grep httpd*
  2. yum list installed httpd

Task: Check for and update specified packages

  1. yum update {package-name-1}

To check for and update httpd package, enter:

  1. yum update httpd

Task: Search for packages by name

Search httpd and all matching perl packages, enter:

  1. yum list {package-name}
  2. yum list {regex}
  3. yum list httpd
  4. yum list perl*

Sample output:

Loading “installonlyn” plugin
Loading “security” plugin
Setting up repositories
Reading repository metadata in from local files
Installed Packages
perl.i386 4:5.8.8-10.el5_0.2 installed
perl-Archive-Tar.noarch 1.30-1.fc6 installed
perl-BSD-Resource.i386 1.28-1.fc6.1 installed
perl-Compress-Zlib.i386 1.42-1.fc6 installed
perl-DBD-MySQL.i386 3.0007-1.fc6 installed
perl-DBI.i386 1.52-1.fc6 installed
perl-Digest-HMAC.noarch 1.01-15 installed
perl-Digest-SHA1.i386 2.11-1.2.1 installed
perl-HTML-Parser.i386 3.55-1.fc6 installed
…..
…….
..
perl-libxml-perl.noarch 0.08-1.2.1 base
perl-suidperl.i386 4:5.8.8-10.el5_0.2 updates
Task: Install the specified packages [ RPM ]

Install package called httpd:

  1. yum install {package-name-1} {package-name-2}
  2. yum install httpd

Task: Remove / Uninstall the specified packages [ RPM ]

Remove package called httpd, enter:

  1. yum remove {package-name-1} {package-name-2}
  2. yum remove httpd

Task: Display the list of available packages

  1. yum list all

Task: Display list of group software

Type the following command:

  1. yum grouplist

Output:

Installed Groups:
Engineering and Scientific
MySQL Database
Editors
System Tools
Text-based Internet
Legacy Network Server
DNS Name Server
Dialup Networking Support
FTP Server
Network Servers
Legacy Software Development
Legacy Software Support
Development Libraries
Graphics
Web Server
Ruby
Printing Support
Mail Server
Server Configuration Tools
PostgreSQL Database
Available Groups:
Office/Productivity
Administration Tools
Beagle
Development Tools
GNOME Software Development
X Software Development
Virtualization
GNOME Desktop Environment
Authoring and Publishing
Mono
Games and Entertainment
XFCE-4.4
Tomboy
Java
Java Development
Emacs
X Window System
Windows File Server
KDE Software Development
KDE (K Desktop Environment)
Horde
Sound and Video
FreeNX and NX
News Server
Yum Utilities
Graphical Internet
Done
Task: Install all the default packages by group

Install all ‘Development Tools’ group packages, enter:

  1. yum groupinstall “Development Tools”

Task: Update all the default packages by group

Update all ‘Development Tools’ group packages, enter:

  1. yum groupupdate “Development Tools”

Task: Remove all packages in a group

Remove all ‘Development Tools’ group packages, enter:

  1. yum groupremove “Development Tools”

Task: Install particular architecture package

If you are using 64 bit RHEL version it is possible to install 32 packages:

  1. yum install {package-name}.{architecture}
  2. yum install mysql.i386

Task: Display packages not installed via official RHN subscribed repos

Show all packages not available via subscribed channels or repositories i.e show packages installed via other repos:

  1. yum list extras

Sample output:

Loading “installonlyn” plugin
Loading “security” plugin
Setting up repositories
Reading repository metadata in from local files
Extra Packages
DenyHosts.noarch 2.6-python2.4 installed
VMwareTools.i386 6532-44356 installed
john.i386 1.7.0.2-3.el5.rf installed
kernel.i686 2.6.18-8.1.15.el5 installed
kernel-devel.i686 2.6.18-8.1.15.el5 installed
lighttpd.i386 1.4.18-1.el5.rf installed
lighttpd-fastcgi.i386 1.4.18-1.el5.rf installed
psad.i386 2.1-1 installed
rssh.i386 2.3.2-1.2.el5.rf installed
Task: Display what package provides the file

You can easily find out what RPM package provides the file. For example find out what provides the /etc/passwd file:

  1. yum whatprovides /etc/passwd

Sample output:

Loading “installonlyn” plugin
Loading “security” plugin
Setting up repositories
Reading repository metadata in from local files
setup.noarch 2.5.58-1.el5 base
Matched from:
/etc/passwd
setup.noarch 2.5.58-1.el5 installed
Matched from:
/etc/passwd
You can use same command to list packages that satisfy dependencies:

  1. yum whatprovides {dependency-1} {dependency-2}

Refer yum command man page for more information:

  1. man yum

Configuring a Basic Firewall
Firewalls provide a basic level of security for your server. These applications are responsible for denying traffic to every port on your server with exceptions for ports/services you have approved. CentOS ships with a firewall called firewalld. A tool called firewall-cmd can be used to configure your firewall policies. Our basic strategy will be to lock down everything that we do not have a good reason to keep open.

The firewalld service has the ability to make modifications without dropping current connections, so we can turn it on before creating our exceptions:

sudo systemctl start firewalld
Now that the service is up and running, we can use the firewall-cmd utility to get and set policy information for the firewall. The firewalld application uses the concept of “zones” to label the trustworthiness of the other hosts on a network. This labelling gives us the ability to assign different rules depending on how much we trust a network.

In this guide, we will only be adjusting the policies for the default zone. When we reload our firewall, this will be the zone applied to our interfaces. We should start by adding exceptions to our firewall for approved services. The most essential of these is SSH, since we need to retain remote administrative access to the server.

If you have not modified the port that the SSH daemon is running on, you can enable the service by name by typing:

sudo firewall-cmd —permanent —add-service=ssh
If you have changed the SSH port for your server, you will have to specify the new port explicitly. You will also need to include the protocol that the service utilizes. Only type the following if your SSH server has already been restarted to use the new port:

sudo firewall-cmd —permanent —remove-service=ssh
sudo firewall-cmd —permanent —add-port=4444/tcp
This is the bare minimum needed to retain administrative access to the server. If you plan on running additional services, you need to open the firewall for those as well.

If you plan on running a conventional HTTP web server, you will need to enable the http service:

sudo firewall-cmd —permanent —add-service=http
If you plan to run a web server with SSL/TLS enabled, you should allow traffic for https as well:

sudo firewall-cmd —permanent —add-service=https
If you need SMTP email enabled, you can type:

sudo firewall-cmd —permanent —add-service=smtp
To see any additional services that you can enable by name, type:

sudo firewall-cmd —get-services
When you are finished, you can see the list of the exceptions that will be implemented by typing:

sudo firewall-cmd —permanent —list-all
When you are ready to implement the changes, reload the firewall:

sudo firewall-cmd —reload
If, after testing, everything works as expected, you should make sure the firewall will be started at boot:

sudo systemctl enable firewalld
Remember that you will have to explicitly open the firewall (with services or ports) for any additional services that you may configure later.

Configure Timezones and Network Time Protocol Synchronization
The next step is to adjust the localization settings for your server and configure the Network Time Protocol (NTP) synchronization.

The first step will ensure that your server is operating under the correct time zone. The second step will configure your system to synchronize its system clock to the standard time maintained by a global network of NTP servers. This will help prevent some inconsistent behavior that can arise from out-of-sync clocks.

Configure Timezones
Our first step is to set our server’s timezone. This is a very simple procedure that can be accomplished using the timedatectl command:

First, take a look at the available timezones by typing:

sudo timedatectl list-timezones
This will give you a list of the timezones available for your server. When you find the region/timezone setting that is correct for your server, set it by typing:

sudo timedatectl set-timezone region/timezone
For instance, to set it to United States eastern time, you can type:

sudo timedatectl set-timezone America/New_York
Your system will be updated to use the selected timezone. You can confirm this by typing:

sudo timedatectl
Configure NTP Synchronization
Now that you have your timezone set, we should configure NTP. This will allow your computer to stay in sync with other servers, leading to more predictability in operations that rely on having the correct time.

For NTP synchronization, we will use a service called ntp, which we can install from CentOS’s default repositories:

sudo yum install ntp
Next, you need to start the service for this session. We will also enable the service so that it is automatically started each time the server boots:

sudo systemctl start ntpd
sudo systemctl enable ntpd
Your server will now automatically correct its system clock to align with the global servers.

Create a Swap File
Adding “swap” to a Linux server allows the system to move the less frequently accessed information of a running program from RAM to a location on disk. Accessing data stored on disk is much slower than accessing RAM, but having swap available can often be the difference between your application staying alive and crashing. This is especially useful if you plan to host any databases on your system.

Advice about the best size for a swap space varies significantly depending on the source consulted. Generally, an amount equal to or double the amount of RAM on your system is a good starting point.

Allocate the space you want to use for your swap file using the fallocate utility. For example, if we need a 4 Gigabyte file, we can create a swap file located at /swapfile by typing:

sudo fallocate -l 4G /swapfile
After creating the file, we need to restrict access to the file so that other users or processes cannot see what is written there:

sudo chmod 600 /swapfile
We now have a file with the correct permissions. To tell our system to format the file for swap, we can type:

sudo mkswap /swapfile
Now, tell the system it can use the swap file by typing:

sudo swapon /swapfile
Our system is using the swap file for this session, but we need to modify a system file so that our server will do this automatically at boot. You can do this by typing:

sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’
With this addition, your system should use your swap file automatically at each boot.

Where To Go from Here?
You now have a very decent beginning setup for your Linux server. From here, there are quite a few places you can go. First, you may wish to snapshot your server in its current configuration.

Take a Snapshot of your Current Configuration
If you are happy with your configuration and wish to use this as a base for future installations, you can take a snapshot of your server through the DigitalOcean control panel.

To do so, shutdown your server from the command line by typing:

sudo poweroff
Now, in the DigitalOcean control panel, you can take a snapshot by visiting the “Snapshots” tab of your server:

Add a custom footer
Add a custom sidebar
Clone this wiki locally