Build your own LAMP Server under CentOS

I was looking for a development server to test builds on and ran across a few pre-made virtual distros that I thought would help. Unfortunately I was not sure of what was installed in some, and most I ran across were Ubuntu, an OS I am not too keen about.

I did a bit of digging and found a base distro for CentOS 6, with a minimal amount of addons.Installation of the OS was fairly straightforward, and there are plenty of tutorials out there if you need help with that. This tutorial will only cover the LAMP install portion, and can be used in any CentOS or RHEL environment.


Getting started

Logon to your OS and drop to a command prompt. I will be doing this install as root, although you may have some security in place and may need to use sudo or escalate to root. This tutorial will be pretty simple, with commands and brief explanations outlined only. The commands can be easily copied and pasted.

As a side note, I use nano for my text editor. You can use vi or joe, it’s up to you. To install nano, type yum install nano at the command line after logon.


SSH Setup

Some virtual machines do not allow copy/paste, so first let’s setup SSH so we can have a faster install using copy/paste for the remaining tutorial.

First install the SSH server and client:

yum -y install openssh-server openssh-clients

Adjust the firewalls settings, but first look at the current tables.

iptables -n -L -v --line-numbers

A sample output for a new server build should look like this:

[root@localhost /]# iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      705 65371 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        2   120 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4       29  5379 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
 
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

As you can see, line 4 states to reject anything not outlined above it. Putting any rules after that line will cause your rule to be invalid using the least-privilege mode common to most security rules. We need to insert our rule at line 4, which will then make line 4 become line 5. Line 4 is specified after the INPUT command.

iptables -I INPUT 4 -m tcp -p tcp --dport 22 -j ACCEPT
service iptables save

Now if you look at your iptables you will see the new rule on line 4, which is also now an active rule.

[root@localhost /]# iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      705 65371 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        2   120 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0    
4        1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22       
5       29  5379 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Now we edit the SSH server configuration to give root direct access. I do not recommend this for production environments, this tutorial is for a local virtual machine install for testing or development! Web facing servers, or those which will be in production environment, should not do this!

nano -w /etc/ssh/sshd_config

To allow root direct logon, find and edit this line and change to yes. Then save the file.

PermitRootLogin yes

Remember this is a development server, running under a virtual environment on a local desktop with no external Internet access. Do not change the above to yes on any Internet facing machine!
Now restart the sshd interface.

service sshd restart
Tagged , , , , , , , , . Bookmark the permalink.

Comments are closed.