I was looking for a development server to test builds on and ran across a few pre-made virtual distros that I thought would help. Unfortunately I was not sure of what was installed in some, and most I ran across were Ubuntu, an OS I am not too keen about.
I did a bit of digging and found a base distro for CentOS 6, with a minimal amount of addons.Installation of the OS was fairly straightforward, and there are plenty of tutorials out there if you need help with that. This tutorial will only cover the LAMP install portion, and can be used in any CentOS or RHEL environment.
Logon to your OS and drop to a command prompt. I will be doing this install as root, although you may have some security in place and may need to use sudo or escalate to root. This tutorial will be pretty simple, with commands and brief explanations outlined only. The commands can be easily copied and pasted.
As a side note, I use nano for my text editor. You can use vi or joe, it’s up to you. To install nano, type yum install nano at the command line after logon.
Some virtual machines do not allow copy/paste, so first let’s setup SSH so we can have a faster install using copy/paste for the remaining tutorial.
First install the SSH server and client:
yum -y install openssh-server openssh-clients
Adjust the firewalls settings, but first look at the current tables.
iptables -n -L -v --line-numbers
A sample output for a new server build should look like this:
[root@localhost /]# iptables -n -L -v --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 705 65371 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 2 120 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 29 5379 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
As you can see, line 4 states to reject anything not outlined above it. Putting any rules after that line will cause your rule to be invalid using the least-privilege mode common to most security rules. We need to insert our rule at line 4, which will then make line 4 become line 5. Line 4 is specified after the INPUT command.
iptables -I INPUT 4 -m tcp -p tcp --dport 22 -j ACCEPT service iptables save
Now if you look at your iptables you will see the new rule on line 4, which is also now an active rule.
[root@localhost /]# iptables -n -L -v --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 705 65371 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 2 120 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 29 5379 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Now we edit the SSH server configuration to give root direct access. I do not recommend this for production environments, this tutorial is for a local virtual machine install for testing or development! Web facing servers, or those which will be in production environment, should not do this!
nano -w /etc/ssh/sshd_config
To allow root direct logon, find and edit this line and change to yes. Then save the file.
Remember this is a development server, running under a virtual environment on a local desktop with no external Internet access. Do not change the above to yes on any Internet facing machine!
Now restart the sshd interface.
service sshd restart