If you are looking to deploy multiple ESX/ESXi servers then there are plenty of methods and tools out there, some more complex than others. There are vendor specific deployment products available such as HP Rapid Depuployment Pack (RDP) which uses Altiris, or alternatively there are free deployment tools such as ESX Deployment Appliance (EsleeDA) and Ultimate Deployment Appliance (UDA). UDA is my favorite tool for the job as it offers great flexibility such as the use of subtemplates (discussed later), and therefore this will be the basis of this article. It was created by Carl Thijssen and thanks to Mike Laverick of RTFM, it also supports ESX/ESXi deployments, and the latest build supports ESX/ESXi 4.1.

I aim to share the basics of getting the UDA configured for your environment and not delve into anything too complicated here. The best way of learning to perform some of the more complex deployments are to grasp the basics first then experiment with other functionality in your own environment for yourself. Mike Laverick has an excellent guide on deploying and configuring UDA 2.0 beta.

For the purposes of this guide a number of assumptions have been made. You will have already deployed vCenter and at least one ESX/ESXi host running with some storage. If you are going to be testing this in a home lab then bear in mind that we’ll need to configure DHCP options 66 and 67, see the end of this article for details. You can do this with an existing DHCP server or use UDA as a DHCP server. Most deployments will be using an existing DHCP server.

Let’s get started…

Step 1: Download & Deploy the Ultimate Deployment Appliance

1) Download UDA from: http://www.rtfm-ed.co.uk/vmware-content/ultimate-da/ then extract it to your hard disk.
2) Import the appliance using your vSphere client (File > Deploy OVF Template...)
3) Prior to powering on the appliance, add a second disk that we’ll use to store your ISO images. I’d recommend at least a 20GB disk, and use thin to conserve disk space.
4) Power on and proceed to the next step.

Step 2: Installation and Setup

1) Click OK at the welcome screen
2) Enter the hostname (I recommend that you also add the hostname into your DNS server)
3) Enter the IP address configuration
4) Select the services you require (as a minimum I would just leave TFTP, HTTP and SSH selected)
5) Enter the root password.
6) Select Yes to apply the changes.

Once it has finished you will then be able to access your UDA from a web browser. Log in with admin and the password you set during the setup.

Step 3: UDA Configuration

When you first log into the appliance you will be presented with a welcome page. The first thing to configure is the additional disk space we need to store our ISO images. If you haven’t added a second hard disk, then shutdown the UDA (System > Shutdown), then add the additional disk and power on.

UDA has two partitions; systemlv and localv. ISO images are stored on the localv partition, so we’ll extend that.

1) Go to System and click Diskspace.
2) Select localv and then click Extend.
3) Select the device and then click Apply.

It may take a little while depending on how large the new disk is, but once that is complete we’ll load the ISO image for ESXi 4.1 Update 1 on to the UDA.

1) Go to System and click Upload.
2) Click Choose File, select your ISO then click Upload.

It will store the ISO on the localv partition in /local.

Step 4: Add an OS & Deployment Template for ESXi 4.1

Now for the exciting bit. We’ll add our OS (ESXi) and template for deployment which will also create the basics of our Kickstart script which we’ll add to later. The OS section allows us to tie an ISO image to a Flava name, in this case we’ll call it ESXi41. I’d recommend using a better naming convention for your environment though.

1) Go to OS and click New.
2) Enter ESXi41 for the Flava Name.
3) From the dropdown, choose VMware ESXi 4.1 Installable and click Next.
4) Select the ESXi 4.1 ISO you uploaded and then click Finish.

Next, the template which contains our Kickstart script. The template also contains a subtemplate which allows us to define our own variables, such as IP address and hostnames for each ESXi host we are deploying. This is why I like using UDA so much, because it avoids having to create a separate Kickstart script for each ESXi host.

1) Go to Templates and click New.
2) Enter a Template Name. For example: esxi-build and give it a meaninful description.
3) From the Operating System dropdown choose VMware ESXi 4.1 Installable and click Next.
4) From the Flava dropdown choose your OS (Flava), ESXi41 and click Next then Finish.

The next stage is to perform the configuration of our Kickstart script and subtemplate. Go to Templates, select your template (esxi-build) and click Configure. You’ll see three tabs here; General, Subtemplates and Advanced. Click on Advanced. This is where our Kickstart script lives, and you’ll see it contains a basic configuration.

Here is a breakdown with explanations for each line:


# Accept the VMware EULA - The script will fail without this.
accepteula

# Set the root password using MD5 crypt
rootpw secret

# Auto partition the disk
autopart --firstdisk --overwritevmfs

# Location of the install media
install url http://[UDA_IPADDR]/[OS]/[FLAVOR]

# Configure IP address and hostname. --addvmportgroup=0 will disable creation of the VM Network portgroup
network --bootproto=static --ip=192.168.178.200 --gateway=192.168.178.1 --nameserver=192.168.178.1 --netmask=255.255.255.0 --hostname=esx41i --addvmportgroup=0

# Reboot the host when the installation is complete
reboot

The first thing we need to change is the root password which by default is set to secret and is in plain text. We can use a crypted MD5 password here using rootpw --iscrypted followed by the crypt.

1) Log into your UDA with PuTTY (SSH) and log in as root (same password you set during the initial setup).
2) Type grub-md5-crypt
3) Enter your password and it’ll generate an MD5 string for you.
4) Go back to the Advanced view in the web interface and change the rootpw line to (replacing the crypt with the one you generated):

rootpw --iscrypted $1$3vkd233f/wksSo$fhniM3fdcV6hr0

Now we need to change the network configuration to use the appropriate IP address, gateway, subnet mask and hostname. We could just replace the default IP address configuration here, but a better method is to use variables which we can set in subtemplates. Variables are set inside square brackets, such as [IPADDR], [FQDN] and so on. The variable names are up to you. Change the network configuration, replacing the IP address and hostname with variables as follows:

network --bootproto=static --ip=[IPADDR] --gateway=192.168.4.1 --nameserver=192.168.4.1 --netmask=255.255.255.0 --hostname=[FQDN] --addvmportgroup=0

Select Subtemplates and click on Edit. The first line we will create contains the word SUBTEMPLATE then the variable names that we want to use (separated by semi-colons). Subsequent lines contain the values for each host. See my example below:

SUBTEMPLATE;IPADDR;FQDN;VMKIPADDR
ESX01;192.168.4.11;esx01.home.lab;192.168.4.211
ESX02;192.168.4.12;esx02.home.lab;192.168.4.212
ESX03;192.168.4.13;esx03.home.lab;192.168.4.213
ESX04;192.168.4.14;esx04.home.lab;192.168.4.214

You’ll notice in my example I’ve added a VMkernel IP address that in the case of our ESXi deployment we will use for VMotion.

Click on the Advanced tab. After the network configuration line we need to add the following command which allows us to run our esxcfg commands on first boot:

%firstboot --unsupported --interpreter=busybox

Now add the following commands to the Kickstart script (Advanced), which will add a VMotion portgroup and IP address. You can leave the # comments in if you wish:

# Setup VMotion portgroup on vSwitch0
esxcfg-vswitch -A VMotion vSwitch0

# Setup VMotion IP address
esxcfg-vmknic -a VMotion -i [VMKIPADDR] -n 255.255.255.0

# Wait for previous command to finish before enabling VMotion
sleep 10

# Enable VMotion (ESX uses vmware-vim-cmd and ESXi is vim-cmd)
vim-cmd hostsvc/vmotion/vnic_set vmk1
vim-cmd hostsvc/net/refresh


Notice in the vim-cmd command above that it sets VMotion on vmk1. vmk0 will be the management IP address used in the network command at the top of our script. This is fairly straightforward to work out, but if anyone knows of a better method then feel free to comment!

Finally click on Save.

The Deployment

Now we have the UDA configured and ready to roll with our ESXi installation all we have to do now is PXE boot our hosts and providing you have configured DHCP options 66 & 67 (see the end of this article) you should be presented with the UDA menu (see first screenshot).

The rest is easy, just select the host from the menu (we set this in SUBTEMPLATE) and it will install and configure ESXi with no user intervention. Using a scripted installation can be very powerful and a lot more can be configured than I’ve included here. Even if you don’t have mass ESXi deployments, this is a good way of ensuring that your ESXi hosts maintain your standard build. If you have an Enterprise Plus license then you can also use Host Profiles.

Kickstart script:

accepteula
rootpw --iscrypted $1$3vkd233f/wksSo$fhniM3fdcV6hr0
autopart --firstdisk --overwritevmfs
install url http://[UDA_IPADDR]/[OS]/[FLAVOR]
network --bootproto=static --ip=[IPADDR] --gateway=192.168.4.1 --nameserver=192.168.4.30 --netmask=255.255.255.0 --hostname=[FQDN] --addvmportgroup=0
reboot

## THE FOLLOWING IS OUR FIRSTBOOT CONFIGURATION ##

# Configure additional commands at first boot.
%firstboot --unsupported --interpreter=busybox

# Setup VMotion portgroup on vSwitch0
esxcfg-vswitch -A VMotion vSwitch0

# Setup VMotion IP address
esxcfg-vmknic -a VMotion -i [VMKIPADDR] -n 255.255.255.0

# Wait for previous command to finish before enabling VMotion
sleep 10

# Enable VMotion (ESX uses vmware-vim-cmd and ESXi is vim-cmd)
vim-cmd hostsvc/vmotion/vnic_set vmk1
vim-cmd hostsvc/net/refresh

SUBTEMPLATE:

SUBTEMPLATE;IPADDR;FQDN;VMKIPADDR
ESX01;192.168.4.11;esx01.home.lab;192.168.4.211
ESX02;192.168.4.12;esx02.home.lab;192.168.4.212
ESX03;192.168.4.13;esx03.home.lab;192.168.4.213
ESX04;192.168.4.14;esx04.home.lab;192.168.4.214

Configuring DHCP Options

1) Set option 66 to the IP address of your UDA
2) Set option 67 to pxelinux.0

In this article I detail the steps required to configure your vMA as a Syslog server, and configure your ESX/ESXi hosts to send logging information to the vMA. Logging is often overlooked, but when managing multiple hosts it is far easier to send your logs to a Syslog server. I’m studying for the VCAP-DCA exam, and using vicfg-syslog is a requirement of the exam (Section 6.1) and the vMA is also essential to understand (Section 8.1). I hope my notes help you as they have helped me.

Configuring your VMware vMA as a Syslog server is very easy to do, just follow these steps

Log on to your vMA as vi-admin and enter the following commands:

sudo service rsyslog stop
sudo vi /etc/sysconfig/rsyslog
sudo service rsyslog start
sudo iptables -I INPUT -i eth0 -p udp --dport 514 -j ACCEPT
sudo service iptables save (this will save the new firewall rule and ensure it doesn’t disappear after a reboot)

Job done! The vMA server is now ready to accept syslog connections on UDP port 514.

Configuring your ESXi host to send logging information to the Syslog server

You can do this via the vSphere client (Configuration > Advanced > Syslog, syslog.remote.hostname), but for the VCAP-DCA exam it might be useful to know how to do this using vMA.

Using vMA:

First ensure your have your ESXi host set as the fast-pass target, then use vicfg-syslog:

# vifptarget -s <ESXI_HOSTNAME>
# vicfg-syslog -s <VMA_IP_ADDRESS>

Configuring your ESX host to send logging information to Syslog server

You can’t use the vSphere client or vMA to configure Syslog on an ESX host, so we need to edit /etc/syslog.conf and add the following line to the very bottom:

*.* @<SYSLOG_IP_ADDRESS>

In this example, replace <SYSLOG_IP_ADDRESS> with the IP address of the vMA.

Next we need to allow UDP port 514 out from your ESX host. To do this run the following command (make sure you are logged in, or su - as root):

# esxcfg-firewall -o 514,udp,out,syslog

Note: If you log in to your ESX hot then su as root make sure you type (su -) with the hyphen and that will load the environment variables of the root account. Otherwise you may find that you get the error ‘bash: esxcfg-firewall: command not found‘.

Finally, restart the syslog service:

# service syslog restart

Checking the ESX logs on vMA

Now for the fun bit!  Log on to your vMA server as vi-admin, and type:

# sudo tail -f /var/log/messages

This will tail the messages file, and -f will output data as it is added to the file.

To send a test message, log on to the ESX host that you configured for syslog (above) and type:

# logger syslog test message

You should see your test message output on the vMA. Cool huh!

Checking ESXi logs on vMA

The logger command isn’t available with ESXi, so another way of checking that your Syslog is working for an ESXi host is to filter the results to show the IP address of your ESXi host:

# sudo tail -f /var/log/messages | grep <ESXI_IP_ADDRESS>

It shouldn’t take long to see messages from your ESXi host, and filtering on the IP address using grep is a really neat way of finding results for a particular host.

Just in time for the start of the new year I decided to ditch the old RayHeffer.com site and replace it with a brand spanking new WordPress site running on my virtual Linux server in London. I have spent the past few nights up late tweaking the new site and adding content, so please look around and don’t forget to leave me a comment!

It’s snowing outside as I write this here in the south east UK, so what better time to develop your Linux skills and build your own virtual Linux server by following my new LAMP guide based on CentOS 5?

Happy New Year!

Ray

Part 1 | Part 2 | Part 3 | Troubleshooting

Introduction
This is an updated version of my original LAMP (Linux Apache MySQL and Perl/PHP) guide that was based on CentOS 4. Now updated and tweaked for CentOS 5, I will take you through the steps required to build a secure Linux web server (LAMP) on CentOS 5.

I have a background working for an ISP, so I’ve based this build on the same configuration many hosting providers use. It supports virtual hosts (multiple websites), secure FTP access, locked down SSH access, and a sensible directory structure.

If you follow this guide, you will get a web server up and running within a couple of hours depending on whether you follow it step by step, or prefer to experiment first. If you are new to Linux then give it a try and learn something new, you never know you may surprise yourself!

Good luck!

A word on web hosting

Before you get started with your server build, I’d like to talk about where you are going to host this server. There have been a number of developments in the past few years in regards to people hosting websites on their home ISP broadband connection.

Firstly, did you know that many of the major search engines will not crawl your website if it’s hosted on a residential IP address? What I mean by residential is an IP address provided by the likes of an ADSL or broadband provider (e.g. Virgin Media, BT, PlusNet, here in the UK). It will depend on the ISP whether you get a ‘fixed’ IP address or not, and even if you do your site will simply be ignored by the major search engines as they will recognise the IP address in a residential (non ISP) range. Don’t get me wrong, running web servers at home is great fun but I would recommend you avoid it unless it is purely for testing.

So, where is the best place to host your shiny new CentOS web server?

I would highly recommend getting a VPS (Virtual Private Server). There are plenty of hosting companies offering Virtual Private Servers, and VPS hosting is getting cheaper.

I would personally recommend Linode, I have been using them since 2006 and recently they have started hosting virtual servers in the London, UK as well as the USA. They provide a generous amount of bandwidth, starting at around 200GiB per month with 16GB+ of disk space depending on which option you go for. You can choose from a massive list of Linux distro’s, including CentOS 5! They use Xen virtualisation and they have an excellent web interface for accessing your server stats, server controls, DNS, and console access.

Getting Started

CentOS 5 is completely free and developed by a team of core developers at a North American Enterprise Linux vendor. In turn the core developers are supported by an active user community including system administrators, network administrators, enterprise users, managers, core Linux contributors and Linux enthusiasts from around the world.

CentOS has numerous advantages over some of the other clone projects including: an active and growing user community, quickly rebuilt, tested, and QA’ed errata packages, an extensive mirror network, developers who are contactable and responsive, multiple free support avenues including IRC Chat, Mailing Lists, Forums, a dynamic FAQ. Commercial support is offered via a number of vendors.

CentOS 5 is distributed on six CD’s, all of which are available for download from the CentOS website.

Download phpMyAdmin

This is optional, but I would highly recommend this excellent web interface for administering your MySQL databases. I have used this in the past to provide customers with their own phpMyAdmin login username, so they can manage their databases easily.

http://www.phpmyadmin.net

Installing CentOS

NOTE: If you are using a virtual private server (VPS) provided by a hosting company such as Linode, and CentOS is already installed then skip ahead to the next section.

• Insert CD of the CentOS 5 installation CD and boot your server.
• At the installation menu, just press ENTER for the graphical installation wizard.
• When prompted for an installation type select custom installation and de-select all options for bare install.
• Use automatic partitioning for the disks.
• Remove all partitions from system (make sure you are happy to wipe all existing data!!).
• Boot Loader: Leave default settings.
• Network Configuration: Configure this with an internal IP address and DNS name.
• Firewall: Select ‘No firewall’ as this will be installed and configured later.
• SELinux: Set to ‘Disabled’. This is still very experimental so I would leave this switched off unless you really know what you are doing.
• Authentication: Set a secure root password using random characters and numbers (upper an lower case).
• Package Selection: Choose minimal configuration (Other packages can be installed at a later stage according to the server role).

WARNING!! – The server should not be connected to the internet until the configuration is completed and secure!

Updating the System

Now that you have CentOS 5 installed, we need to make sure it’s up to date and then do some basic security configuration with SSH. Unlike CentOS 4, you no longer have to import the RPM key to update and install software. It does this for you.

To check for updates type the following:

# yum check-update

Now perform the update process. Note, the -y is to accept all updates which I recommend as it’s a clean installation.

# yum –y update

Setting the clock
I strongly advise that you setup the timezone and clock correctly. First, you set /etc/localtime to link to the correct timezone, then either set the time manually or configure NTPD to syncronise with an internet time server such as pool.ntp.org.

Example of setting the timezone to GMT:

# ln -sf /usr/share/zoneinfo/GMT /etc/localtime

Setting the hardware clock:

# vi /etc/sysconfig/clock

System Services Configuration

As this is going to be a finely tuned web server, we don’t want uneccessary daemons running! Firstly, lets list all the daemons that have been configured to run at startup.

# chkconfig –list|grep on

You should now get an output similar to the following:

anacron 0:off 1:off 2:off 3:off 4:off 5:off 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
crond 0:off 1:on 2:off 3:on 4:on 5:on 6:off
cups 0:off 1:on 2:off 3:on 4:on 5:on 6:off
haldaemon 0:off 1:on 2:off 3:off 4:on 5:on 6:off
messagebus0:off 1:on 2:off 3:off 4:on 5:on 6:off
network 0:off 1:on 2:off 3:off 4:on 5:on 6:off
syslog 0:off 1:on 2:off 3:off 4:on 5:on 6:off

Your list will probably be a lot longer as this is just an example, but what you can see here is the different run levels and their on/off status. Most daemons start at run level 3. Now lets switch off the daemons that aren’t needed. I’ve listed a few more here that you are likely to find.

# chkconfig cups off
# chkconfig apmd off
# chkconfig netfs off
# chkconfig pcmcia off
# chkconfig smartd off
# chkconfig anacron off
# chkconfig mdmonitor off
# chkconfig isdn off

NOTE: If you are using Linode then you should also switch off Kudzu (hardware detection) as this serves no purpose on a virtual UML system.

Host Access (TCP_WRAPPERS)

There are two host access files (/etc/hosts.allow and /etc/hosts.deny), that are part of the TCP_WRAPPER package. This makes it possible to allow or deny access to certain services based on the IP.

Edit the hosts.allow and hosts.deny files:
# vi /etc/hosts.allow

sshd:<IP ADDRESS>
vsftpd:ALL
sendmail:ALL

# vi /etc/hosts.deny

ALL:ALL

The <IP ADDRESS> above is the internet IP you are connecting from (don’t include < or >). You can enter multiple IP address here (separated by spaces) or to allow SSH from any IP just replace with ALL.

The root account should never be able to login via SSH (without first logging in as a user). You must change this, so edit /etc/ssh/sshd_config and ensure the following is set:

# vi /etc/ssh/sshd_config

Change the following lines as follows:

PermitRootLogin no
Protocol 2

Note: Some of these lines may already exist but will be commented out using #. To enable these commands the # needs to be removed.

Add Default Accounts

Before proceeding with any of the steps below, first create a user account that you will use to log in to this server. This account will be used for SSH connections.

# adduser <username>
# passwd <username>

You should now have access to the server via SSH. Download PuTTY and make sure it works.

When you are ready proceed to part 2.

Part 1 | Part 2 | Part 3 | Troubleshooting

Part 2: Configuring the Server

Configuring CentOS

• Edit /etc/hosts and /etc/sysconfig/network with hostnames
• Install Packages

Example of /etc/hosts:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost
67.34.32.11 www.mydomain.com

Example of /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=www.mydomain.com

Installing Packages

# yum -y install httpd openssl-devel openssl mod_ssl vsftpd rpm-build rpm-devel autoconf automake lynx gcc
# yum -y install mysql mod_auth_mysql mysql-devel mysql-server
# yum -y install mod_python python python-devel
# yum -y install perl mod_perl mod_perl-devel openssl-perl perl-Convert-ASN1 perl-Date-Calc perl-DateManip perl-HTML-Parser perl-libwww-perl perl-CPAN perl-DBD-MySQL perl-XML-Parser
# yum -y install php-devel php php-domxml php-gd php-mbstring php-mysql php-ncurses php-pear
# yum -y install webalizer
# yum -y install sendmail sendmail-cf

Creating Directory Structure

All websites will be held in /home/.sites/. The first site that needs to be created is the _default site, which will be used as this servers default website.

# mkdir /home/.sites
# cd /home/.sites
# mkdir _default
# cd _default
# mkdir logs private cgi-bin web
# cd web
# mkdir stats

Now change the ownership of these directories to adminftp as follows:

# cd /home/.sites
# chown adminftp _default -R

Configure the required system services sto start at boot:

# chkconfig httpd on
# chkconfig mysqld on
# chkconfig vsftpd on
# chkconfig sshd on

Configuring Apache

Apache runs as the httpd service, and it’s configuration file is contained in /etc/httpd/conf. To run in a ‘virtual’ hosting environment, we will now configure the httpd.conf file. But first things first, lets backup the httpd.conf file!

# cd /etc/httpd/conf
# cp httpd.conf httpd.conf.backup

Now edit httpd.conf (vi /etc/httpd/conf/httpd.conf) and make the following changes (substituting mydomain.com for your own domain).

The first section should be inside the httpd.conf file by default, so you just need to search for each line. You can easily do this using Vi by typing a forward slash then the keyword followed by enter (E.g. /ServerAdmin) and this will skip to that section if it is found. A bit like using Find in Windows.

ServerAdmin admin@mydomain.com
ServerName www.mydomain.com:80
NameVirtualHost *:80
DirectoryIndex index.html index.htm index.html.var

Next, skip to the very bottom of the httpd.conf file and you should see something similar to this:

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

Make sure that this section isn’t commented out (with #) on each line, and then change the ServerAdmin, DocumentRoot, ServerName, ErrorLog and CustomLog . See the following example:

<VirtualHost *:80>
ServerAdmin admin@mydomain.com
DocumentRoot /home/.sites/_default/web
ServerName www.mydomain.com
ScriptAlias /cgi-bin/ /home/.sites/_default/cgi-bin/
ErrorLog /home/.sites/_default/logs/error_log
TransferLog /home/.sites/_default/logs/access_log

Options FollowSymLinks
Options +Includes
AllowOverride All
</VirtualHost>

You can host multiple websites by adding further VirtualHost sections, and each website is identified using the ServerName line. If your website has multiple domain names (E.g. www.mydomain.com www.mydomain.net mydomain.biz) then just add each one on a new line after ServerName with ServerAlias.

Save and exit the httpd.conf file and then restart the httpd service.

# /etc/init.d/httpd restart

Configuring VSFTP

VSFTP stands for Very Secure File Transfer Protocol. However using the installation defaults isn’t actually that secure as it allows anonymous access and doesn’t restrict which users can access the servers FTP service. In order to harden the security of VSFTP, several configuration changes must be made. Please note that some of these lines may be commented out by default, with a #, so remember to remove this if required.

# vi /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
xferlog_file=/var/log/vsftpd.log
idle_session_timeout=600
nopriv_user=nobody
ascii_upload_enable=YES
ftpd_banner= **** WARNING - Your actions are being logged ****

pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
chroot_local_user=YES
userlist_deny=NO

Next, we need to configure vsftpd.userlist and specify which users can FTP to the server. This compliments the userlist_deny setting in vsftpd.conf. When set to NO, this makes the vsftpd.userlist file a list of users that ARE allowed to log in.

# vi /etc/vsftpd/user_list

Remove all of the users that are listed in this file by default, and add ONLY the users that require access to the FTP server.

Configuring MySQL

MySQL is configured using /etc/my.cnf, but prior to any configuration this configuration file has only the bare minimum required to start the MySQL daemon. However there are 5 templates that we can base the configuration on; my-huge.cnf, my-innodb-heavy-4G.cnf, my-large.cnf, my-medium.cnf, and my-small.cnf. These are each configured depending on the RAM and the priority that MySQL has on this server.

We will use my-medium.cnf as this has been based on a web server where MySQL is not the primary role of the server but could have frequent use. If you are hosting a few sites with light use then use my-small.cnf.

# cd /usr/share/doc/mysql-server-
# cp my-medium.cnf /etc/my.cnf

Once this has overwritten my.cnf, the mysqld service must be restarted.

# /etc/init.d/mysqld restart

Now the root password for MySQL must be set using the following command. Do NOT use the same root password as the Linux root password.

# mysqladmin -u root password

Setting up phpMyAdmin

Administration of MySQL is carried out using phpMyAdmin which is a free open source software package licensed under the GNU. Nearly all hosting providers use this, and is pretty much the de-facto standard these days.

1) Download phpMyAdmin,
2) Extract the contents to a directory called phpMyAdmin (case sensitive)
3) Transfer the phpMyAdmin directory to /home/.sites/_default/web (Use FTP and login using the user you setup previously, as described in the Configuring FTP using VSFTPD section).

Now we need to configure the confic.inc.php file as follows:

# vi /home/.sites/_default/web/phpMyAdmin/config.inc.php

Look for:

$cfg['Servers'][$i]['auth_type'] = 'config’;

Change ‘config’ to ‘http’ then restart MySQL.

# /etc/init.d/mysqld restart

You should now be able to log into phpMyAdmin by going to http://www.mydomain.com/phpMyAdmin. Log on using ‘root’ and the password you specified for MySQL. You will now be presented with the phpMyAdmin web control panel. By default, MySQL contains a test database which is not required, so as a security measure, this needs to be deleted. To do this, click on ‘Databases’, then tick test. Click ‘Drop’ and then click ‘Yes’ to confirm.

When you are ready proceed to part 3.

Checking kernel & CentOS version

To check which kernel version you are running use uname -r

# uname -r

To find out which CentOS (or RedHat) release is installed have a look at /etc/redhat-release

# cat /etc/redhat-release

Checking Disk Space

To check disk space used / free use the df command and it will display each volume. The -h switch turns the bytes reading into GB to make it more readable.

# df -h

If you want to check the size of a particular directory then use:

# du -sh /

Configuring DNS Settings

To configure which DNS servers your Linux server will use you need to edit /etc/resolv.conf

# vi /etc/resolv.conf

Just add each name server as a new line as in the following example:

nameserver
nameserver

Changing the hostname

You’ll find the hostname of the server in two places: /etc/hosts and /etc/sysconfig/network.

# vi /etc/hosts

and

# vi /etc/sysconfig/network

Show Processor & Memory Usage

This is equivilant to the Windows Task Manager, and will show each process and the consumed CPU and RAM usage. Very useful!

# top

Show Processor Information

This command will display the processor type and speed.

# cat /proc/cpuinfo

Search command history for old commands you have forgotten!

Use the history command with grep to find previously entered commands.

# history | grep command

Compiling sendmail.mc

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Updating virtusertable.db from /etc/mail/virtusertable

# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

Saving IPTABLES to /etc/sysconfig/iptables

# iptables-save > /etc/sysconfig/iptables