How to set up some basic things in centOS, a clone of RedHat
vi /root/.bashrc (add this line for color prompt) PS1='\[\033[0;31m\]\[\033[0;37m\]\[\033[0;35m\]${debian_chroot:+($debian_chroot)}\[\033[0;35m\]\u@\h\[\033[0;37m\]:\[\033[0;36m\]\w >\[\033[0;00m\] ' |
then type su and it will give you a color prompt
Setting up CentOS
yum update (updates system) yum search whateverpackagename (shows what you can install) yum list installed | grep open* (shows installed pkgs that matches "open") yum version httpd (shows what version of apache, for example, is installed) yum whatprovides semanage (shows what package is needed to run semanage command) |
enabling additional repositories (for CentOS 6.x on x86_64)
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm |
Re-starting services (CentOS doesn’t do /etc/init.d/blah restart)
service restart sshd |
CentOS ssh on non-standard port
Assuming you want your RedHat6.x/CentOS6.x box to receive ssh connections on a port other than the default 22, you have to change 3 things:
vi /etc/ssh/sshd_config port 1234 <--by default this is 22, change it to whatever port you want service sshd restart |
Now you have to tell SELinux about it so it will allow it:
yum install policycoreutils-python semanage port -a -t ssh_port_t -p tcp 1234 |
If this worked you should see sshd listening on a new port like:
semanage port -l | grep ssh ssh_port_t tcp 1234, 22 |
If you don’t, stop here and fix it or your ssh won’t work remotely and you may have few clues.
now tell IPTables to allow your new port by changing the –dport value (default 22) to your new port, 1234 in this example.
NOTE: Know what you’re doing with IPTables, or you can uncategorically hoze your machine and LOCK YOURSELF OUT in nasty ways, don’t make mistakes in the below command, or you’ll screw yourself. For example, don’t type port 1234 if your REAL port is 5678, and stuff like that. Beware of IPTables mistakes, everyone makes them and everyone locks themself out at least once 🙂 If you’re using CentOS 7, you have firewalld, not iptables, so do:
firewall-cmd --state running firewall-cmd --get-active-zones public interfaces: eth0 firewall-cmd --zone=public --add-port=5150/tcp --permanent firewall-cmd --reload systemctl disable iptables |
Or if you have IPTables, use this next part
cd /etc/sysconfig vi iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT iptables-restore iptables |
Now BEFORE you logout, try logging in from your remote machine, it should work fine. If it works, it will also now survive a reboot with your IPTables firewall rule intact.
CentOS install iftop
iftop shows your network traffic in real time from the command line, but isn’t available with typical yum install. You can install it by doing:
yum -y install libpcap libpcap-devel ncurses ncurses-devel gcc cd /usr/src/ wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz tar xvfz iftop-0.17.tar.gz cd iftop-0.17 ./configure make make install iftop |