This page provides steps to install CentOS Linux in preparation for installation and setup of an apache web server, mysql database server, tomcat server, or other service. These instructions assume that you use the CDs (or DVD) for CentoOS 5.2 for i386 architectures.
These instructions were developed using the a single ISO image as follows.
CentOS-5.2-i386-bin-1of6.iso
I only needed the first ISO image of the 6 in the distribution for two reasons: (1) I deselected the installation of all optional packages, and (2) the hardware drivers needed for my computer are present on the first image. If you install to a machine that requires a driver that is stored on one of the other images, you will be prompted to inert the disk with that image on it.
These instructions minimize the amount of time you spend at the local console. By working from a remote console with a graphical browser, you can easily access these instructions and other resources during installation.
Obtain the first installation CD for CentOS. Insert the CD in the CD drive, and reboot.
When presented with the prompt boot:, enter linux text for a text-based install.
When you arrive at the screen for package selection, deselect everything. Also, select Customize Software Selection and deselect everything in there as well. (If you leave something selected, you may be prompted for one or more of the other CentOS installation CDs.)
Accept the default partitioning of the disk drive or customize to your liking.
Make sure you enter in the correct network parameters for your network interfaces.
When installation is complete, remove the CD from the drive and reboot.
After the system reboots, login as root, and run the following command:
system-config-securitylevel-tui
In this application, disable SELinux. If you leave SELinux enabled, some services may not function correctly unless you grant them perssions they need under the SELinux system.
Continue installation from a remote machine; this will allow you to copy and paste from these notes as you continue the installation.
If your remote machine is linux, then connect to your server machine using the command version of ssh.
For example, if the host name of your server is jb340.csci.csusb.edu, then you would connect with the following command.
ssh root@jb340.csci.csusb.edu
Set the system time from a government time server, and then write the new time into the hardware clock.
yum install ntp ntpdate time.nist.gov hwclock -w chkconfig --level 345 ntpd on service ntpd start
To install packages over the network, install the centos certificate with the following command. (Note: the following command is insecure, because it retrieves the certificate over the network. The certificate is also available on the CD, so one should figure out how to install the certificate from the installation CD to increase security. If you figure this out, please send me an email at dturner@csusb.edu with the command and I will modify this page accordingly.)
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
Update the kernel and packages installed from CD, and then reboot.
yum -y update shutdown -r now
Install sudo, so you can enable non-root users to become root.
yum install sudo
To allow members of the wheel group to become root without entering a password, run visudo, and uncomment the following line.
%wheel ALL=(ALL) NOPASSWD: ALL
To create user turner who can become root, do the following.
useradd turner -G wheel passwd turner
For extra security, you can disable remote login by root. To do this, add the following line to /etc/ssh/sshd_config.
PermitRootLogin no
Restart sshd to make the change effective.
service sshd restart
To operate remotely as root, you must now login as a user in the wheel group, and then use sudo to become root as follows.
sudo su -
I use cron to run a daily script that performs various updates to the system.
Install and start the cron service as follows.
yum install vixie-cron.i386 service crond start
Create a script that you want to run on a daily basis. The following script synchronizes the server's time with a government time server and updates the database that the locate command uses. Place the following lines in file /root/daily.sh.
#!/bin/bash echo Running daily.sh. echo /usr/bin/locate -u
Make the file executable.
chmod 700 /root/daily.sh
I use cron to run the above script every day at 2:27 AM. To do this, create /root/cronfile with the following contents. (Make sure you have a blank line at the end of the file!)
27 2 * * * /root/daily.sh
Register your cron task with the following command.
crontab /root/cronfile