Scribd Logo
Upload

Welcome to Scribd!

  • CentOS 7 & 8 Self Study

    Uploaded by

    Lukki Arjuna
    114 views8 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    114 views8 pages

    CentOS 7 & 8 Self Study

    Uploaded by

    Lukki Arjuna

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    General

    Install Apps Pendukung


    #yum install epel-release -y
    #yum update -y
    #yum -y install vim nmap traceroute net-utils bind-utils

    Management User
    Tambah User Baru
    #useradd gokei

    Memberi/menganti Password Suatu User


    #passwd gokei

    Menghapus user beserta home direktorinya


    #usermod -aG wheel username

    SELinux
    Check SELinux
    #sestatus
    #semanage
    #yum provides /usr/sbin/semanage
    #yum install -y policycoreutils-python-2.5-33.el7.x86_64

    Disable SELinux (not recommended)


    Temporary
    #setenforce 0 | 1
    or
    #setenforce permissive
    or
    #echo 0 > /selinux/enforcing

    Permanent
    #vim /etc/selinux/config

    Ganti selinux mode menjadi disabled.


    SELINUX=disabled

    Check errors of selinux


    #yum/dnf install -y setroubleshoot

    Sudo cat /var/log/audit/audit.log | grep nginx | grep denied

    List of selinux Boolean for httpd


    #getsebool -a | grep httpd

    #getsebool -a | less (httpd)

    #getsebool -a | grep httpd

    0  1 or on -> off

    -P for permanent

    TO allow apache to connect to remote database through SELinux


    #setsebool -P httpd_can_network_connect_db on
    or
    #setsebool -P httpd_can_network_connect 1
    #setsebool -P httpd_read_user_content 1

    Disabled selinux / configure


    Semanage .......

    Disable firewalld / configure


    Systemctl status|restart|stop frewalld

    Firewall-cmd –list-all

    Firewall-cmd –get-active-zones

    Firewall-cmd –zone=[zone] –permanent –add-port=2233/tcp

    Firewall-cmd –add-service=http –permanent

    Firewall-cmd –add-service=https --permanent

    Firewall-cmd --reload

    SSH
    Merubah Port SSH
    #vim /etc/ssh/sshd_config

    Cari baris port dan permit root login, hapus tanda pagar, dan ganti seperti di bawah:
    Port 2233
    Permit root login No.
    AllowUsers alice bob
    # Protocol 2,1
    Protocol 2

    Allow Port on SElinux


    #semanage port -a -t ssh_port_t -p tcp 2233

    Conf Firewall
    #firewall-cmd --permanent --zone=public --add-port=2233/tcp
    #firewall-cmd --reload
    #ss -tnlp|grep ssh

    SSH Passwordless
    #ssh-keygen

    or
    #ssh-keygen -t rsa

    Multiple Gateway
    Option 1
    Local:

    1. Ip
    2. Network
    3. Routing
    4. No default routing

    Public:
    1. Ip
    2. Network
    3. Gateway
    4. Dns
    5. Default route

    Option 2
    Local:

    1. Nmtui
    2. IP : 10.250.10.3/24
    3. Delete gateway and dns on local ip
    4. Add static route (10.250.0.0/16 via 10.250.10.1 | )
    5. Disable auto use default gateway

    Public:

    Full

    Option 3
    1. Remove gateway on interface that is not default gateway
    2. Add the syntax on /etc/sysconfig/network
    # Created by anaconda
    >NETWORKING=yes
    >HOSTNAME=dns1
    >GATEWAY=103.3.79.169
    >GATEWAYDEV=eth3
    3. Add the syntax on /etc/rc.local
    #!/bin/bash
    # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
    #
    # It is highly advisable to create own systemd services or udev rules
    # to run scripts during boot instead of using this file.
    #
    # In contrast to previous versions due to parallel execution during boot
    # this script will NOT be run after all other services.
    #
    # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
    # that this script will be executed during boot.

    touch /var/lock/subsys/local
    route add -net 10.250.0.0 netmask 255.255.0.0 gw 10.250.10.1 eth2
    Option 4
    Isi semua fill yang dibutuhkan pada setiap network interface

    CentOS 7

    CentOS 8
    Install php 5.6
    dnf install -y https://dl.fedoraproject.org/pub/epel/epel-
    release-latest-8.noarch.rpm
    # dnf install -y https://rpms.remirepo.net/enterprise/remi-
    release-8.rpm
    # dnf module install -y php:remi-7.3
    # php --version

    Install apache httpd


    CentOS - 8
    #dnf -y install httpd

    CentOS – 7
    #yum -y install httpd

    #firewall-cmd --permanent --add-port=80/tcp


    #firewall-cmd --permanent --add-port=443/tcp
    #firewall-cmd –reload
    Allowoverride all
    1. Sestatus
    2. Semanage port -l

    # setsebool -P httpd_unified 1

    MariaDB
    Firewall-cmd –add-service=mysql –permanent

    Firewall-cmd –add-port=3306/tcp

    Firewall-cmd –add-port=3306/tcp –permanent

    Firewall-cmd --reload

    grant all privileges on *.* to 'root'@'%' identified by 'K4mpret123' with grant option;

    Linux Configuration

    1. IP

    /etc/sysconfig/network-script/
    static
    IPADDR
    NETMASK
    GATEWAY
    ON BOOT yes

    #/etc/init.d/network restart
    or
    #service network restart

    2. HOSTNAME
    #vi /etc/hostname

    #vi /etc/hosts

    #vi /etc/sysconfig/network

    5. INSTALL MARIADB

    #yum install mariadb-server

    6. SUDOERS USER NON ROOT

    add user
    #adduser [username]
    #passwd [username]

    Use the usermod command to add the user to the wheel group.
    #usermod -aG wheel [username]

    or

    #gpasswd -a [username] wheel

    Test sudo access on new user account


    #su - [username]

    [username]$ sudo yum update

    managing user with sudo privileges


    $sudo lid -g wheel

    Deleting Users

    If you have a user account that you no longer need, it's best to delete the old
    account.
    You have a couple of methods to do so, though the choice of which method to use
    depends on your own situation.

    If you want to delete the user without deleting any of their files, type this
    command as root:

    #userdel [username]

    If you want to delete the user's home directory along with the user account itself,
    type this command as root:

    #userdel -r [username]

    Note: Remember to add sudo ahead of the command if you are signed in as a non-
    root user with sudo privileges.
    With either command, the user will automatically be removed from any groups
    that they were added to,
    including the wheel group if they were given sudo privileges. If you later add
    another user with the same name,
    they will have to be added to the wheel group again to gain sudo access.

    CentOS 8
    install postgresql
    1. https://www.postgresql.org/download/linux/redhat/
    2. dnf install
    https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-
    x86_64/pgdg-redhat-repo-latest.noarch.rpm
    3. dnf install postgresql10-server postgresql10-contrib
    4. /usr/pgsql-10/bin/postgresql-10-setup initdb
    systemctl enable postgresql-10
    systemctl start postgresql-10

    hostnamectl set-hostname reverse1.gokei.id


    hostnamectl set-hostname “Reverse1-Nginx” –pretty
    systemctl restart system-hostnamed

    Restart Network
    -nmcli networking off && nmcli networking on

    -systemctl restart NetworkManager.services


    1. nmcli networking off; nmcli networking on
    2. nmcli con down ens32 && nmcli con up ens32
    3. Activate-deactivate on nmtui
    4. systemctl enable --now cockpit.socket

    https://[IP ADDRESS]:9090

    INSTALL PHP 7 ON CENTOS 7


    1. sudo yum install epel-release yum-utils
    2. sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
    3. sudo yum-config-manager --enable remi-php73
    4. sudo yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-
    mysqlnd
    5. php -v
    6. systemctl restart httpd

    INSTALL SSL LET’S ENCRYPT


    1. yum install epel-release mod_ssl
    2. yum install python-certbot-apache
    3. certbot --apache -d websitecontoh.com

    4. Jika Anda ingin meng-generate SSL gratis untuk banyak domain atau
    subdomain, silakan jalankan perintah ini:

    5. certbot --apache -d websitecontoh.com -d www.websitecontoh.com


    6. PENTING! Domain pertama harus berupa domain dasar Anda, tanpa
    www. Dalam hal ini adalah websitecontoh.com
    7. Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP acces.
    ----------------------------------------
    1: No redirect - Make no further changes to the webserver configuration.
    2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if
    you're confident your site works on HTTPS. You can undo this change by editing your web
    server's configuration.
    ----------------------------------------
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
    Redirecting vhost in /etc/httpd/conf.d/lpsereport.conf to ssl vhost in
    /etc/httpd/conf.d/lpsereport-le-ssl.conf
    8. certbot renew
    9. crontab -e
    10. 0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log

    Install postgresql

    rpm -Uvh https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-


    x86_64/pgdg-centos10-10-2.noarch.rpm
    yum install postgresql10 postgresql10-server postgresql10-contrib postgresql10-
    libs
    #/usr/pgsql-10/bin/postgresql-10-setup initdb

    Mariadb

    mysql_secure_installation

    Mysql centos
    -mysql_secure_intallation

    -give password to root user

    -only allow root login on localhost/127.0.0.1/::1

    -create another user general


    -create user per application

    -grant access that user just for its database(s)

    Grant permissions to access and use the MySQL server


    Only allow access from localhost (this is the most secure and common configuration you will user for a
    web application).

    Mysql> grant usage on *.* to ‘myuser’@localhost identified by ‘mypassword’;

    To allow access to MySQL server from any other computer on the network

    Mysql>grant usage on *.* to ‘myuser’@’%’ identified by ‘mypassword’;

    Create another super user


    Mysql>grant all privileges on *.* to ‘myuser’@’%’;

    Grant all privileges to a user on a specific database


    Mysql>grant all privileges on ‘mydb’.* to ‘myuser’@localhost;

    As in the previous command, if you want the user to work with the database from any location you will
    have to replace localhost with ‘%’.

    You might also like