June 20, 2021

centOS Howto’s

How to set up some basic things in centOS, a clone of RedHat

vi /root/.bashrc (add this line for color prompt)
  PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >\[\033[0;00m\] '

then type su and it will give you a color prompt

Setting up CentOS

yum update (updates system)
yum search whateverpackagename (shows what you can install)
yum list installed | grep open* (shows installed pkgs that matches "open")
yum version httpd (shows what version of apache, for example, is installed)
yum whatprovides semanage (shows what package is needed to run semanage command)

enabling additional repositories (for CentOS 6.x on x86_64)

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm
  rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm

Re-starting services (CentOS doesn’t do /etc/init.d/blah restart)

service restart sshd

CentOS ssh on non-standard port

Assuming you want your RedHat6.x/CentOS6.x box to receive ssh connections on a port other than the default 22, you have to change 3 things:

vi /etc/ssh/sshd_config
  port 1234 <--by default this is 22, change it to whatever port you want
service sshd restart

Now you have to tell SELinux about it so it will allow it:

yum install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 1234

If this worked you should see sshd listening on a new port like:

semanage port -l | grep ssh
  ssh_port_t                     tcp      1234, 22

If you don’t, stop here and fix it or your ssh won’t work remotely and you may have few clues.

now tell IPTables to allow your new port by changing the –dport value (default 22) to your new port, 1234 in this example.

NOTE: Know what you’re doing with IPTables, or you can uncategorically hoze your machine and LOCK YOURSELF OUT in nasty ways, don’t make mistakes in the below command, or you’ll screw yourself. For example, don’t type port 1234 if your REAL port is 5678, and stuff like that. Beware of IPTables mistakes, everyone makes them and everyone locks themself out at least once 🙂 If you’re using CentOS 7, you have firewalld, not iptables, so do:

firewall-cmd --state
  running
firewall-cmd --get-active-zones
  public
    interfaces: eth0
firewall-cmd --zone=public --add-port=5150/tcp --permanent
firewall-cmd --reload
systemctl disable iptables

Or if you have IPTables, use this next part

cd /etc/sysconfig
vi iptables
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT
iptables-restore iptables

Now BEFORE you logout, try logging in from your remote machine, it should work fine. If it works, it will also now survive a reboot with your IPTables firewall rule intact.

CentOS install iftop

iftop shows your network traffic in real time from the command line, but isn’t available with typical yum install. You can install it by doing:

yum -y install libpcap libpcap-devel ncurses ncurses-devel gcc
cd /usr/src/
wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
tar xvfz iftop-0.17.tar.gz 
cd iftop-0.17
./configure
make
make install
iftop