Education Series Part 06 – Installing PHP and MySQL in CentOS 7

Note, MySQL is actually called Maria-DB which apparently is a fork of MySQL.  I should also note that my experience with MySQL is very minimal, while I have been able to make my way through it in the past, it was almost always thanks to Google.  This way I can hopefully gain some experience with it.

First we need to install the packages:

# yum -y install mariadb-server mariadb

Next create system start up links so that it starts at boot and begins running now:

# systemctl start mariadb.service
# systemctl enable mariadb.service

Set passwords for MySQL:

# mysql_secure_installation

After this you will be taken through a few steps.  Note that the root password is NOT the root password for the root user of CentOS instead it is for root of MySQL.  Also note that my answers are placed in BOLD RED TEXT.

Enter current password for root (enter for none): ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorization.
Set root password? [Y/n]  Y
New password:
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] Y
... Success!
Disallow root login remotely? [Y/n] Y
... Success!
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...

Now it is time to install PHP 5.  

# yum -y install php

Create a simple info.php file in order to view and ensure it’s working/installed correctly

# vi phpinfo.php
<?php
phpinfo() ;
?>

Restart apache service

# systemctl restart httpd.service

Success!!

There is currently no support in my PHP for MySQL so I will need to connect this.

# yum search php

The results are quite large, and since I am not sure exactly what I will be using this for, I am going to attempt to install the most common ones.

# yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel php-mysql

Restart Apache again:

# systemctl restart httpd.service

Recheck your phpinfo.php page…

URL:  http://sample.com/phpinfo.php

I want to install phpMyAdmin however it does not appear to be in any of the Cent OS 7 repos.  Therefore after quickly checking out Google I have to install a new repo.

# rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
# yum -y update 
# yum -y install phpmyadmin

Before phpMyAdmin will work we will have to edit the phpMyAdmin.conf file:

# vi /etc/httpd/conf.d/phpMyAdmin.conf

I commented out the deny commands.  It worked just fine for me.  

<Directory /usr/share/phpMyAdmin/>
 <IfModule mod_authz_core.c>
 # Apache 2.4
 <RequireAny>
 Require ip 127.0.0.1
 Require ip ::1
 </RequireAny>
 </IfModule>
 <IfModule !mod_authz_core.c>
 # Apache 2.2
 Order Deny,Allow
# Deny from All
 Allow from 127.0.0.1
 Allow from ::1
 </IfModule>
</Directory>

Next we change the authentication over from cookie to http://

# vi /etc/phpMyAdmin/config.inc.php

Find the following line:

$cfg['Servers'][$i]['auth_type']      ='cookie';  // Authentication method (config, http, or cookie based)?

Change the line to this:

$cfg['Servers'][$i]['auth_type']      ='http';  // Authentication method (config, http, or cookie based)?

And again I need to restart the apache service:

# systemctl restart httpd.service

Now open up your web browser and access phpMyAdmin

URL:  http://sample.com/phpMyAdmin

To log in use the account:  root and the password you choose when you install MySQL/Maria-DB

Education Series Part 05 – Setup and Configure Apache Web Server (CentOS 7)

Install Apache (httpd)

# yum -y install httpd

Enable the apache service so it starts when CentOS boots.

# systemctl enable httpd.service

Create the directory structure – I am going to configure this for virtual hosts from the get-go since that is the most common.

# mkdir -p /var/www/sample.com/public_html
# mkdir -p /var/www/sample2.com/public_html

Change permission so a regular user can modify the files:

# chown -R $USER:$USER /var/www/sample.com/public_html
# chown -R $USER:$USER /var/www/sample2.com/public_html

Modify permissions so that it has full read access:

# chmod -R 755 /var/www/

Add a quick demo page for each site:

# vi /var/www/sample.com/public_html/index.html
# cp /var/www/sample.com/public_html/index.html /var/www/sample2.com/public_html

Create two directories firsts sites-available which will hold all the virtual files, and then a sites-enabled to hold all of the symbolic links.

# mkdir /etc/httpd/sites-available
# mkdir /etc/httpd/sites-enabled

 Now to tell Apache to look for the sites-enabled by editing the httpd.conf

# vi /etc/httpd/conf/httpd.conf

Scroll to the end of the file (page down) and at the very end of the file add the following:

IncludeOptional sites-enabled/*.conf

Create the virtual hosts file.

# vi /etc/httpd/sites-available/sample.com.conf

Inside of the file fill it out appropriately:

<VirtualHost *:80>
ServerName www.sample.com
ServerAlias sample.com
DocumentRoot /var/www/sample.com/public_html
ErrorLog /var/www/sample.com/error.log
CustomLog /var/www/sample.com/requests.log combined
</VirtualHost>

Copy the file to the other domains.

# cp /etc/httpd/sites-available/sample.com.conf /etc/httpd/sites-available/sample2.com.conf

Modify the sample2.com.conf file to reflect the second domain.

# vi /etc/httpd/sites-available/sample2.com.conf

<VirtualHost *:80>
ServerName www.sample2.com
ServerAlias sample2.com
DocumentRoot /var/www/sample2.com/public_html
ErrorLog /var/www/sample2.com/error.log
CustomLog /var/www/sample2.com/requests.log combined
</VirtualHost>

Create symbolic links for the virtual hosts:

# ln -s /etc/httpd/sites-available/sample.com.conf /etc/httpd/sites-enabled/sample.com.conf
# ln -s /etc/httpd/sites-available/sample2.com.conf /etc/httpd/sites-enabled/sample2.com.conf

Since it’s a test on a local machine I modified my hosts file in order to test the site out:

#  vi /etc/hosts

10.0.0.15    sample.com
10.0.0.15    sample2.com

After this restart apache:

# systemctl restart httpd.service

Of course it failed.  I added the firewall rules.

# firewall-cmd --add-service=http 
# firewall-cmd --state
# firewall-cmd --list-all
# firewall-cmd --list-interfaces
# firewall-cmd --get-service
# firewall-cmd --query-service service_name
# firewall-cmd --add-port=8080/tcp
# systemctl restart firewalld

Still errored out ran apache config.

#  apachectl configtest

There was a problem with copying the sample2.com.conf file, I typoed it.  Changed the name, still failed.

Added exception to selinux:

# chcon --reference /var/log/httpd/error_log /var/www/sample.com/error.log
# chcon --reference /var/log/httpd/error_log /var/www/sample2.com/error.log
# chcon --reference /var/log/httpd/access_log /var/www/sample.com/request.log
# chcon --reference /var/log/httpd/access_log /var/www/sample2.com/request.log

Once again restart httpd.service

# systemctl restart httpd.service

This time it loaded up without any errors.  I opened up Firefox and went to sample.com and voila it worked.

Always and I mean always triple-check selinux!

Education Series Part 04 – CentOS 7 File and Directory Management

Redirect output with cat:

# cat > lovely.txt

Insert what you want to input into the file.
On each of these lines.
When you are done.
Press ctrl+d to exit cat.

View the file:

# cat lovely.txt

Merge the files together now:

#cat meow.txt lovely.txt > lovely_meow.txt

Note:  The text from the first file listed will be first.  Followed by the second, third, etc…

Append information from one file to the other without overwriting the contents.

# cat thug.txt >> meow.txt

Compare to files together:

# cat example.txt; cat example2.txt

View contents one screen at a time:

# ls -al /etc/ | less

View the first 10 lines of a file

# head boot.log

Change the number of lines to view at a time in a file:

# head -20 boot.log

View the last ten lines of a file:

# tail boot.log

Watch a log actively:

# tail -f /var/log/messages

Education Series Part 03 – Compressing and Uncompressing Files

First I needed files so I created several.

# mkdir test0
# cd test0/
# touch file01.ogg file02.ogg file03.ogg file04.ogg file05.ogg
# ls
file01.ogg file02.ogg file03.ogg file04.ogg file05.ogg

Create a tar file out of the directory

# tar -czvf test0.tgz test0/
test0/
test0/file01.ogg
test0/file02.ogg
test0/file03.ogg
test0/file04.ogg
test0/file05.ogg

#ls
test0.tgz

Create a .tar.gz file (most common)

# tar -zcvf test0.tar.gz test0/
test0/
test0/file01.ogg
test0/file02.ogg
test0/file03.ogg
test0/file04.ogg
test0/file05.ogg

Untar the file:

# tar zxvf test0.tar.gz
test0/
test0/file01.ogg
test0/file02.ogg
test0/file03.ogg
test0/file04.ogg
test0/file05.ogg

Zip an entire directory

# zip -r test5.zip test0/

Unzip the directory:

# unzip test5.zip

Education Part 02 – CentOS 7 Users & Groups

A big part of Linux is managing users and groups.  Eventually I will setup and configure LDAP, but until then I am just doing this on the local machine.

I made myself root so that I did not have to constantly type sudo.

#  su -

Create three users in CentOS:

# useradd david
# useradd christine
# useradd ccf

Create a user that is not permitted to log in to the system.  (Like when setting up Samba).

# useradd -s /usr/sbin/nologin no_login_test

Set passwords for the users:

# passwd david
# passwd ccf
# passwd christine

Set an expiration date for a user:

# usermod --expiredate=2015-03-29 ccf

Verify the expiration date:

# chage -l ccf

 Creating Groups:

# groupadd test1
# groupadd test2
# groupadd developers

Add a user to a group or groups:

# usermod -G developers -a david
# usermod -G test1 - a david

Verify which groups the user is now in:

# groups david
david : david test 1 developers

Lock a user account (stops them from being able to login):

# usermod -L ccf

Unlock a user account (permits them to log back into the system):

# usermod -U ccf

Deleting a group:

# groupdel test2

Deleting a user – the -r switch deletes all traces of the user including their home directory.

# userdel -r ccf

Give a user root access

# gpasswd -a david wheel

This adds the user to the wheel group, and gives them sudo access to the system.  I suppose no more visudo?

Log In as that user and test it out:

# sudo -l david
# sudo yum search chrome

Change a users home directory.

Create/locate the directory you want to use for my experiment I created a new directory:

# mkdir /mnt/fake_home
# usermod -d /mnt/fake_home christine

Verify that it worked:

# grep -E --color '/mnt/fake_home' /etc/passwd
christine:x:1002:1002::/mnt/fake_home:/bin/bash

Changing a user’s primary group.

First verify the users current group

# id christine
uid=1002(christine) gid=1002(christine) groups=1002(christine),1006(developer)

Now we will set the primary group to test1

# usermod -g test1 christine

Verify the change

# id christine
# uid=1002(christine) gid=1002(christine) groups=1004(test1),1006(developer)

Set an un-encrypted password for a user

# usermod -p password plinko

View the password:

# cat /etc/shadow | grep plinko
plinko:password:16522:0:99999:7:::

QUESTION:  Why would anyone want to create an account with an unencrypted password?

Education Series Part 01: Cent OS 7 – Initial Install and VM Configuration

Oracle VM Virtual Box, I’ve set aside 1 GB of ram, 2 processors, and 15 GB of hard drive space (I have a small internal hard drive).  I also found that attempting to create the virtual disk (.vdi) file on a USB drive proved to be a bad idea.  Making it exceptionally slow, and actually locking up the install and creation of the virtual machine itself.

The operating system as stated is CentOS 7 – 64-bit.

I am doing the Gnome desktop install, and adding the development tools while I am at it.  Other than that, nothing else is getting installed – at least as far as services, and servers.

I am opting to configure all of that stuff manually as I go along.

I allowed it to do automatic partitioning, I will learn to re-size it as I go along, I also did not create a user account.  While I know the risks of running as root, this is only temporary, so that I can manually add myself as  user, and give myself the correct permissions.  I believe that the RHCSA exam will have users and groups on there, therefore I need a refreshing on creating and managing them.

One thing I am pleasantly surprised about is how nice looking the install is.  The last time I had done this was probably through a terminal years and years ago, with the ugly (yet nostalgic) blue, white, red, and black.

CentOS 7 Install

The install took just under 30 minutes to complete.

After the first reboot it asked me again to create a user, I politely declined, and then had me accept the shortest terms and conditions I think I’ve ever seen in my life.  It was maybe two sentences long, sadly I forgot to screen cap it, though I’m sure you do not care.

It then asked if I wanted to use kdump for system crashes.  A lot of the time with error reporting in Linux distros I will turn on or manually submit them (if it occurs more than once) but this time I opted not too, for my own personal learning.

Let’s face it the people at CentOS do not want to read about how badly I screwed up their operating system.

Dammit!  I spoke too soon, after the reboot from turning off kdump, Gnome forced me to create a user account, not letting me just log in as root.  Which means now I will have to tweak GDM to permit me to login as root.  Just because I can…

With CentOS installed, and loaded up, it’s time to dive into the fun stuff!

CentOS 7 – Virtual Box Fresh Install for Education

In order to study, practice, and pass my RHCSA eventually I need to work in a Red Hat environment, and to do this I am going to do it in Cent OS 7, using the ISO labelled as “everything“.

Since I only have one computer at the moment, I am going to set it up as a Virtual Machine using Virtual Box. I’ve used Virtual Box before, and am most familiar with it, besides maybe VMWare, which there is no way I can afford at the moment.

Cent OS aims to be an exact replica of Red Hat Enterprise Linux, the only difference is the graphics, since Red Hat’s graphics are all trademarked. I am not going into all of the details here but if you feel the urge to read them you can check out the CentOS wiki, and dig through the information.

For the next few posts I will be focusing on different aspects of the install and the setup of the CentOS virtual server.  I will install it with a GUI (Gnome) because apparently that is what Red Hat has you utilize.  Though for most of it (I imagine) I will be doing every thing from the CLI.

I am not 100% sure of what is on the RHCSA exam, and I cannot afford even the idea of taking classroom or any other type of training, so my goal is to attempt to over-prepare for the exam. Therefore I am sure that I will be configuring (read breaking) things that are above my level.  I plan on setting up and configuring various servers/services over and over again in an attempt to keep it in memory, and also post every thing I do on this blog.  Writing helps you to remember and learn what you’re doing and in this way I hope others may learn a few things as well.

More updates coming once the image finishes downloading and I do the install.

Random Tools to Install

There are a lot of tools that I tend to use on a regular basis.  Below is a list that I compiled that I had to manually install.

whois

sudo apt-get install whois

traceroute

sudo apt-get install traceroute

sl 

sudo apt-get install sl

Okay granted sl isn't needed but I do typo ls a fair amount and its kind of fun to be presented with a train.

wget

sudo apt-get install wget

unrar

sudo apt-get install unrar

Block A Range of IP Addresses via iptables (CentOS/RedHat)

I was asked the other day by a friend if he would be able to use iptables to block a range of IP addresses.  Of course!  For years any servers I ran I would disable selinux and just use iptables, setting up simple rules, and letting it go.  It worked well and I never had any issues with it.

Below is a cleaned up version of the message I sent to him.

1.  Find the range
If you don’t know the range you’ll need to get that.  I’ve always done this by a whois search on the ip address.

john@john-mint ~ $ whois 192.0.78.17

NetRange: 192.0.64.0 - 192.0.127.255
CIDR: 192.0.64.0/18

2.  Run the following command as root.

iptables -A INPUT --source 192.0.64.0/18 -j DROP

3.  Save it!

/usr/sbin/iptables save

4.  You can restart the service.

/usr/sbin/iptables restart

5.  Verify that the rule was saved.

iptables -L

Linux Mint 17 – Cinnamon – exFat Won’t Work

A fresh install wouldn’t be fresh without some type of issue.  I have an external hard drive that stores all of my information, this includes video, pictures, music, and important documents.  I have it formatted as exFat because of having to use it across multiple platforms.  Out of the box Linux mint does not permit me to access it instead throwing me this nasty message:

Unable to Mount Media

Error mounting /dev/sdb1 at /media/john/Media: Command-line `mount -t "exfat" -o "uhelper=udisks2,nodev,nosuid,uid=1000,gid=1000,iocharset=utf8,namecase=0,errors=remount-ro,umask=0077" "/dev/sdb1" "/media/john/Media"' exited with non-zero exit status 32: mount: unknown filesystem type 'exfat'

I have run into this problem before and as luck would have it, after staring at the error message for a bit I remembered how to fix this bad boy.  I busted out the Terminal.

john@john-mint ~ $ sudo apt-get install exfat-fuse exfat-utils

Voila and like magic my hard drive loaded, I did not even have to shut it off and back on, or attempt to manually mount it.

It just worked.

Isn’t that what we all want from our computers?  No hassle, no B.S.  Zip, zilch, nada.  We just want it to work.