Sunday, May 15, 2016

Server configuration, day one

Thanks to the kind folks at Gigenet, I now have a server for experimentation.


I wanted a place to document some of the configuration choices (magic) that I perform on servers when I admin them, and this blog will do that among other things.

First things first, I run an update to ensure all packages are up to date: yum update -y && reboot


Next, I setup NTP to ensure that time is accurate. Usually, in a multi-server environment, I would configure a proper NTP infrastructure, but with a single machine, using an NTP pool is just fine: yum install ntp -y && chkconfig ntp on

Set the hostname so I don't get confused: echo "digital-warlock.com" > /etc/hostname

I setup SSH in a number of unique ways, but I'll save that for a separate post.

I want to stay up to date on packages for security at all times, so I install yum cron: yum install yum-cron -y

The defaults that redhat installs are perfectly fine (They download updates and notify when they are available rather than installing automatically).

Doing anything as root is terrible (security, auditing, etc), thus I setup my user account: useradd iamsure && passwd iamsure

Then I add my user to the wheel group so I can do root-like-stuff when I need to do so: usermod -a -G wheel iamsure

Behind the scenes, the default sudoers settings (/etc/sudoers) gives members of the wheel group the permissions to execute commands as root after entering their personal sudo password. Perfect.

I'll want to run a webserver (of course I will), so I grab a few packages: yum install apache mariadb postgresql php -y && chkconfig httpd on

Reboot, and that covers the initial configuration other than SSH.

Cheat sheet / Crib notes / Copy Pasta:

yum update -y
yum install ntp -y
yum install yum-cron -y
yum install apache mariadb postgresql php -y
echo "digital-warlock.com" > /etc/hostname
useradd iamsure
usermod -a -G wheel iamsure
passwd iamsure
reboot