Wednesday, 2 November 2011

linux CentOS 6.2 - installation

Base system has been installed from: CentOS-6.0-x86_64-minimal.iso

# uname -a
Linux xxx 2.6.32-71.el6.x86_64

sweet, but for some reason I can't use yum, even ping google.com fail...

# ifconfig | grep encap | cut -d" " -f1
lo

what the hell? where's my network!?

# ifup eth0
# dhclient eth0
# ifconfig | egrep "Link encap|inet addr"

eth0  Link encap:Ethernet HWaddr F4:6D:04:AF:AD:2F
      inet addr:192.168.1.66 Bcast:192.168.1.255 Mask:255.255.255.0
lo    Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0

here we go, looks much better. "yum update" done, "mc" and "nano" installed, now it's time to sort out this networking issue, what kind of server (or desktop) it is when network interface can't survive a reboot.

/etc/sysconfig/network
NETWORKING=yes
checked.

/etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=no

ehm... shouldn't default CentOS installation set your primary network interface to "ONBOOT=yes"? Anyway, ONBOOT updated, "BOOTPROTO=dhcp" has been added, let's reboot! Machine rebooted, network interface is up and it has correct IP number (asigned on my router to this MAC address), dhclient is running. Next pretty lame thing is that root login is allowed through SSH by default and there's no sudo installed, so I had to do "yum install sudo", add user account, add record to /etc/sudoers and update /etc/ssh/sshd_config with "PermitRootLogin no", which is set to "yes" and commented out by default.

# yum install denyhosts

Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
 * base: mirror01.th.ifl.net
 * extras: mirror01.th.ifl.net
 * updates: mirror01.th.ifl.net
Setting up Install Process
No package denyhosts available.
Error: Nothing to do

please, be serious... I just put firewall rules on my router to allow ssh... A system which allow root login through SSH by default doesn't even have "denyhosts" in repository? If that would be something new, a new package, but... it is stable and static code since 2008, nobody even bother to touch this code anymore, it's simple and complete package. Anyway, not a problem, sourceforge is your friend...

# wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdenyhosts%2Ffiles%2Fdenyhosts%2F2.6%2F&ts=1320260346&use_mirror=sunet
]# -bash: wget: command not found

heh, "yum install wget" solved the problem, software downloaded, ungzip, untar.

# python setup.py install
# cd /usr/share/denyhosts
# cp daemon-control-dist /etc/init.d/denyhosts
# cp denyhosts.cfg-dist denyhosts.cfg

I have no idea why, but config specify this location as WORK_DIR, but this directory is not created by setup script by default, so...

# mkdir /usr/share/denyhosts/data

this is where you can create file "allowed-hosts" to white-list your trusted IPs, from denyhosts docs: "Since it is quite possible for a user to mistype their password repeatedly it may be desirable to have DenyHosts prevent specific IP addresses from being added to /etc/hosts.deny. To address this issue, create a file named allowed-hosts in the WORK_DIR. Simply add an IP address, one per line. Any IP address that appears in this file will not be blocked."

# chkconfig --add denyhosts

okay, linux CentOS 6.2 system installed, updated, networking can survive a reboot now, ssh open to world (direct root login disabled, user account created and privileges granted for sudo), denyhosts installed. Can't really imagine anyone who allow direct root login through SSH and doesn't even use denyhosts... ehm, to be honest, can't imagine anyone who permit direct root login anyway, it's just stupid. Now, it's time to think, what I can do with my fresh system. Maybe I can move my blog to be hosted from my own "server"? Nah, why would I do it? I will let google / blogger do the job, no pain, no stress, and it's free.

No comments:

Post a Comment