Tuesday, 30 July 2013

Centos 6/RHEL set new Firewall IPTables rules

The firewall rules in Centos, commonly known as IPTables, are based on the use of IP addresses, protocols and ports and gives you the abilty to manage all connection activity in and out of your server. Rules are based on chains (INPUT, OUTPUT and FORWARD) and you maintain the abilty to ACCEPT, DROP, or REJECT activity based on your criteria. IPTables are the bedrock of the servers security so here we will look at replacing the pre-installed rule set to build your own.

First log in as root and remove all the current rules

# iptables --flush

Now as a temporary measure to ensure that we will have no issues when trying to connect to the server, we then determine that the server can accept all incoming connections

# iptables -P INPUT ACCEPT&&iptables -P FORWARD ACCEPT&&iptables -P OUTPUT ACCEPT

Now save the rules and restart the service

# service iptables save

# service iptables restart

Now we add a simple rule that enables unlimited traffic on the loopback (127.0.0.1) to provide access from the localhost

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Next we can add an optional rule that allows a static IP address if using one

iptables -A INPUT -i lo -s 192.168.0.100 -d 192.168.0.100 -j ACCEPT

Now we enable both ICMP and STATE. ICMP is associated with diagnostics such as ping trace or route and network control and discovery, while STATE enables IPTables to remember the status of any connection in conjunction with the protocols using the source and destination IP address.

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A INPUT -m state --state --state ESTABLISHED, RELATED -j ACCEPT

Having done this, the next task was to open both domain and SSH ports to facilitate DNS queries
and SSH, if youare using a different port for SSH remember to change this here.

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Finally, lock down and deny unwanted any access to the server by rewriting the current chain policy.

iptables -P INPUT DROP && iptables -P FORWARD DROP && iptables -P OUTPUT ACCEPT

Save the new configuration from memory to file and restart the service

# service iptables save

# service iptables restart

Additional Ports

You can open additional ports in order to support features such as HTTPD,FTP, NTP, Mail etc by extending the current rule set providing each feature with a relevant input and output rule.

To allow HTTP on ports 80 and 143 you would use

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT

To allow FTP on ports 20/21 you would use

iptables -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT

To allow SMTP and POP3 on ports 25 and 110 you would use

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT

Finally, to allow NTP on port 123 you would use

iptables -A OUTPUT -p udp --dport 123 -j ACCEPT   

Remember to save the rules

# service iptables save

Allowing an IP Address

If you have a list of IP addresses that represent a series of welcome guests, the root user can add them to the existing firewall rules and whitelist them by typing

iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT

You can add as many addresses as you like but place the entries above any other rule

:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -s 192.168.0.100 -j ACCEPT
-A INPUT -s 192.168.0.101 -j ACCEPT

Save and restart iptables

# service iptables save

# service iptables restart

Banning IP addresses

If you have a list of IP addresses that represent a series of unwanted guests, the root user can add them to existing firewall rules and effectively ban or blacklist them by typing

iptables -A INPUT -s 192.168.0.100 -j DROP

Again as above there is no limit to the number but they must appear above any other rule

:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -s XXX.XXX.XXX.XXX -j DROP
-A INPUT -s XXX.XXX.XXX.XXX -j DROP
-A INPUT -s XXX.XXX.XXX.XXX -j DROP

Save and restart iptables

# service iptables save

# service iptables restart

So using this method you can deny unwanted visitors access to your server through the firewall and limit the size of your logfiles














   

Monday, 29 July 2013

Centos 6/RHEL OpenSSH change port number and limit access by user or group

Changing Port No

Changing the port number used by ssh from the default 22 can help increase the security of the ssh server.

To do this open up the config file

# vi /etc/ssh/sshd_config

Scroll down to the part which reads

#Port 22

Uncomment the line and change the value to your preferred one, making sure that the port number is not already in use.Then restart the server

# service sshd restart 

Limiting SSH access by user or group

All valid users on the system are allowed to log in and enjoy the benefit of SSH but a more secure policy is to allow only a predetermined list of users or groups to log in.

To do this, log in as root and open the SSH configuration file





# vi /etc/ssh/sshd_config



Scroll down and locate the line which starts


AllowUsers

And append to it the users you wish to allow, as example

AllowUsers anton james george

You can also use the same method to allow members of a valid administration group to log in.

AllowGroups

Or you can add admin to the where this is a valid user

AllowUsers admin

When done restart the server with

$ sudo service sshd restart

See also SSH Harden shell and Install OpenSSH

Centos 6/RHEL OpenSSH harden shell environment

The secure shell (SSH) is the basic toolkit that provides remote access to your server to perform maintenance, upgrades, install packages, transfer files, or facilitate whatever action you need to carry out as the administrator in a secure environment.



With a few rudimentary configuration changes you can deny root access, add a welcome banner, and protect your server from unwanted guests. Here we use the OpenSSH version.

Once installed first back up the config file after logging in as root.

# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Open up the sshd configuration file for editing

# sudo vi /etc/ssh/sshd_config

First adjust the time allowed to log in, scroll down to the line

#LoginGraceTime 2m


Change the line to


LoginGraceTime 60

A few lines further down to the line that reads

#PermitRootLogin yes




Change it to


PermitRootLogin no

Next find the following two lines

#X11Forwarding no
X11Forwarding yes






And change them to


X11Forwarding no
#X11Forwarding yes

Uncomment the following lines

PrintMotd yes
PrintLastLog yes





Now save and close the sshd_config file before opening the following to create the welcome banner.

# vi /etc/motd

Add the banner to the file, an example could be

This computer system is for authorized users only. All activity
is logged and regularly checked. Individuals using this system
without authority or in excess of their authority are subject to
having all their services revoked...




Save and close the file and restart the sshd daemon


# service sshd restart

You can open up a new ssh session you make sure everything is running fine before closing the first session with

# exit

You should now find that root access to the shell is denied and you must log in using a standard user account. The next session should open up with the new login banner.





Keep sessions alive


You can set the idle timeout on the server by making adjustments in the config file.





# vi /etc/ssh/sshd_conf


Scroll down and find the lines

ClientAliveInterval 60
ClientAliveCountMax 5



The first line instructs the server to wait 60 seconds after the last input before it sends a packet which requires a response.




The second line sets the number of missed or no response intervals to 5 before it assumes the connection has been dropped.

Set these to your preferred values.

Now find and uncomment the following line

TCPKeepAlive yes


This will tell the SSH server to issue TCPKeepAlive packets to discover if the connection is still valid. Consequently, even if your session times out, this feature will terminate the
current session and prevent it from hanging and becoming a zombie.

Finally restart the server for the settings to take effect


$ sudo service sshd restart

Sunday, 28 July 2013

Centos 6/RHEL create administrative user using root with su

You can create an administrative user and provide them with access to the su or switch user command that enables them to change the ownership of a login session in order to become root or any other user.

Managing a server as the root user is probably not the best way to work as you are leaving yourself open to a whole host of issues that can give rise to a multitude of errors. 

Using of the root user account should be left until it is required, so here we configure a day-to-day administrative user who can switch to using root with the su command.

To start with, log in as root and create your new user, in this case anton

# useradd anton

# passwd anton

Use alphanumeric between 6 - 16 characters long.

Now add the user to the wheel group

# usermod -a -G wheel anton

Now we activate the wheel module in PAM

The PAM or the Pluggable Authentication Module provides a global method of authenticating users across the system as a whole without any individual program being required to know which authentication system will be use.

# vi /etc/pam.d/su

Vi an Vim commands

Scroll down and uncomment the following line

auth required pam_wheel.so use_uid

Save and exit the file.

Now you have activated the su command for the user and it can become root user by issuing the su command

$ su anton 

To end the session use the exit command

$ exit

And the whoami command to determine which user is active 

With the Centos live cd I am currently using to type this

$ whoami
centoslive




See also adding a user to a Centos 6 Fluxbox Desktop







 


Centos 6/RHEL disable the IPv6 module.

IPv6 was introduced to solve the problems of IPv4 but it is often not used and not all hardware supports it. If you find it necessary to disable IPv6 for any reason you may also find that this also speeds up networking and reduces administrative overhead with improved security levels.

IPv6 is a major component found within the Centos operating system and by following this guide you can completely disable IPv6 on the system. For those networks that do not support this feature disabling IPv6 can be a good option in order to tighten system security and increase the overall performance of the system.

It is not advised to use this method if you are intending to use any IPv6 dependent features such as Bonding, Postfix, SELinux and similar packages.

To begin, log in as root and disable IPv6 by typing

# echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf

This ensures that whenever the system needs to load the IPv6 module, it is forced to execute the true command instead of actually loading the module; and as /bin/true does and means nothing, the module will not load.

Now disable the ipv6 tables

# chkconfig ip6tables off

Then we disable any calls to IPv6 in it's various locations. To do this open the network configuration file.

# vi /etc/sysconfig/network

Scroll down and add or amend the following line to read

NETWORKING_ipV6=no

To complete the process we modify the configuration file for each Ethernet device to show the following values as an example

# vi /etc/sysconfig/network-scripts/ifcfg-ethx  (x = 0,1 etc)

# IPv6INIT=no
# IPv6_AUTOCONF=no

Reboot the system to complete.

Centos 6/RHEL Hosts file

The hosts file consists of a list of IP addresses and corresponding hostnames and if your network contains computers whose IP addresses are not listed in an existing DNS record, in order to speed up the network it is recommended that you add them to the hosts file.

To do this on Centos just open up the hosts file and add the following values

$ sudo /etc/hosts

192.168.1.100 www.example1.lan
192.168.1.101 www.example2.lan
192.168.1.102 www.example3.lan
192.168.1.103 www.example4.lan

or you can use an external address such as

74.125.239.44    minimallinux.blogspot.com

This method provides you with the chance to create mappings between domain names and IP addresses without the need to use a DNS and can be applied to any workstation or server.
The list is not restricted by size and and you can even employ this method to block access to certain websites by simply repointing all requests to visit a known website to a different IP address. For example, if the real address of www.website.com is 192.168.1.200 and you want to restrict access to it, then simply make the following changes to the hosts file of the viewing computer

192.168.1.201       www.website.com

This isn't completely failsafe but anyone trying to access www.website.com will automatically be sent to 192.168.1.201 instead of 191.168.1.200








Centos 6/RHEL changing Hostname and resolving Fully Qualified Domain Name

Although the hostname is typically set at installation time, there are occasions when you may need to change it for technical reasons or otherwise.

Here we look at changing the hostname and resolving the fully qualified domain name.

First open up the network script in a text editor

$ sudo /etc/sysconfig/network

Change the hostname value to your preferred name and then save and exit the file, if you want to rename the server to centosbox it will appear as

NETWORKING=yes
HOSTNAME=centosbox

Avoid capitals and irregular characters when naming the host, use only apha-numeric characters under 63 characters in length.

Now confirm the settings for the server in order to complete the Fully Qualified Domain Name or FQDN. An FQDM consists of a hostname and the DNS-based domain name, so in order to do this we will need to open and edit the hosts file

$ sudo vi /etc/hosts

127.0.0.1
localhostlocalhost.localdomain localhost4
localhost4.localdomain4
::1
localhostlocalhost.localdomain localhost6
localhost6.localdomain6

Now confirm the correct order and set the correct values with the intention of making the file look similar to the following.

127.0.0.1
localhost.localdomain localhost
XXX.XXX.XXX.XXX
hostname.domainname.suffix hostname
::1
localhost6.localdomain6 localhost6

Replace the values of the second line with something more appropriate, so if the server is called centosbox with an IP address of 192.168.0.100 and a domain name of centosbox.com then the final file will look like below.

If the server is on a local network, it is advisable to use a non-Internet based address. For example, you could use .local or .lan or .home.
By using these references you will avoid any confusion with the typical .com, .co.uk or .net domain names.

When done, save the file and reboot the server to allow the changes to take effect immediately.

$ reboot

Om rebooting, you can now check your new hostname by typing the following command and waiting for the response

$ hostname

To confirm the hostname type the following command and wait for the response

$ hostname -f

Or, as an alternative to the preceding method, to confirm the Fully Qualified Domain Name (FQDN), you can type the following command and wait for the response

$ hostname -fqdn

So, by changing the values in the two system configuration files /etc/sysconfig/network and /etc/hosts and rebooting the server we can easily change the hostname.

The hosts file is used by Centos to map hostnames to IP addresses and is often found to be incorrect on a new, un-configured or recently installed server. For this reason we first reorganise the references shown in order to support both the relevent IPv4 and IPv6 values as well as the hostname and domain name reference. So we rewrite the file to reflect the newly assigned values.

So to conclude we can say that we have not only renamed the server, but we have also dispelled the myths associated with hostnames as opposed to hostnames.

A server is not only known by the use of the shorter single word base name, it also consists of the three values separated with a period. The domain name remains distinct from the hostname because it is determined by the resolver system, and it is only by putting them both together that the server will give the Fully Qualified Domain Name or FQDN of the system.

Saturday, 27 July 2013

Centos 6/RHEL bond 2 Ethernet devices for increased bandwidth

To increase bandwidth and performance on your Centos 6/RHEL box you can bond 2 Ethernet devices together making a larger input/output possible.

Channel bonding (also known as Ethernet bonding) is
a networking arrangement in which two or more network interfaces on a host computer are combined in order to achieve the above.
This assumes that you already have a Static IP address set up and that you have other available addresses from you router.

First, log in as root and get dependencies

$ sudo yum –y install bind-utils ethtool

Create a new file called bond0 that will become the bonding master. To do this, in the console type

$sudo vi /etc/sysconfig/network-scripts/ifcfg-bond0


Add the following lines by substituting the relevant values marked as
XXX.XXX.XXX.XXX with something more appropriate.

DEVICE="bond0"
NAME="System bond0"
NM_CONTROLLED="no"
USERCTL=no
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=no
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPADDR=XXX.XXX.XXX.XXX
NETMASK=XXX.XXX.XXX.XXX
BROADCAST=XXX.XXX.XXX.XXX

When ready, save and close the file before proceeding to modify your existing
Ethernet configuration files

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0

Make the relevant changes but as a reference, below is an example 

DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT=yes
HWADDR=XX:XX:XX:XX:XX:XX
UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
TYPE=Ethernet
BOOTPROTO=none
NAME="System eth0"
USERCTL=no
MASTER=bond0
SLAVE=yes

Now repeat this step for each Ethernet device by substituting the appropriate values before continuing

When the process of Ethernet device configuration is complete, the next step is to create the bonding module configuration file by typing the following

$ sudo vi /etc/modprobe.d/bonding.conf

Now add the following lines

alias bond0 bonding
options bond0 mode=5 miimon=100

Save and close the file before proceeding to register the bonding module with CentOS as a device. To do this, type:

modprobe bonding

Finally, to complete our configuration you should reboot or type
service network restart

The process of channel bonding is now complete and you can test your new network settings by running the following

$ ifconfig

Friday, 19 July 2013

Centos 6/RHEL create Virtual Static IP Addresses from one ethernet device

If you are using a standard ethernet device with a Static IP on your Cento 6/RHEL box then you can easily create additional Virtual Static IPs using the same device. These can enable you to run multiple servers and websites or create a private lan using a local IP and have the alias hold your Internet IP.

To do this you must first have a Static IP set up on your system, this assumes that you are just using one installed device and that you are familiar with the Static IP range available from your router.

First log in as root and copy your existing ifcfg-eth0 to a new file named ifcfg-eth0:1

# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:1

This copies the original file and renames it to what will become a new virtual device. Open up the file in text editor.

# vi /etc/sysconfig/network-scripts/ifcfg-eth0:1

Vi and Vim commands

Scroll down and change the following two values

Device="eth0:1"
Name="System eth0:1"

Delete the whole of the following lines

HDWADDR=XX:XX:XX:XX:XX:XX
UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

Now all that is left to do is to assign it a Static IP address from your available pool, scroll to the IPADDR section and enter the new address.

IPADDR=XXX.XXX.XXX.XXX

Save the file and restart the network

$ sudo service network restart

Now run ifconfig command to view the new Virtual Static IP

$ sudo ifconfig -a 


Virtual Static IP Centos 6
You can use the new Virtual Static IP address in a variety of ways, in addition you can add extra ones as long as you have the addresses available from your router, just ensure that they are named in succession, ie eth0:2 eth0:3 etc.



Centos 6/RHEL install and use Tzdata time zone utilty

Tzdata is a collection of the worlds time zone information and can be used to set the time for individual users on a Linux system.

To use it first download the tzdata package from the repo.

$ sudo yum -y install tzdata

$ tzselect

Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
 1) Africa
 2) Americas
 3) Antarctica
 4) Arctic Ocean
 5) Asia
 6) Atlantic Ocean
 7) Australia
 8) Europe
 9) Indian Ocean
10) Pacific Ocean
11) none - I want to specify the time zone using the Posix TZ format.
#? 


Select a value and press the return key to proceed.

You will now be asked a country to select from the list provided.

Please select a country.
 1) Aaland Islands        18) Greece                35) Norway
 2) Albania               19) Guernsey              36) Poland
 3) Andorra               20) Hungary               37) Portugal
 4) Austria               21) Ireland               38) Romania
 5) Belarus               22) Isle of Man           39) Russia
 6) Belgium               23) Italy                 40) San Marino
 7) Bosnia & Herzegovina  24) Jersey                41) Serbia
 8) Britain (UK)          25) Latvia                42) Slovakia
 9) Bulgaria              26) Liechtenstein         43) Slovenia
10) Croatia               27) Lithuania             44) Spain
11) Czech Republic        28) Luxembourg            45) Sweden
12) Denmark               29) Macedonia             46) Switzerland
13) Estonia               30) Malta                 47) Turkey
14) Finland               31) Moldova               48) Ukraine
15) France                32) Monaco                49) Vatican City
16) Germany               33) Montenegro
17) Gibraltar             34) Netherlands
 

Select and confirm the selection with 1 for Yes.

This completes the setup but to make it permanent you should add the following  line to your ~/.bashrc file.

TZ='Europe/London'; export TZ

Then log out and back in again. 

The user can now log in and run the date command

$ date 


Fri Jul 19 14:56:53 BST 20

Other commands

Set the date to 19th July 2013

Syntax is date --set="YYYYMMDD"

$ date --set="20130719" 

Fri Jul 19 00:00:00 BST 2013

Set the time to 14.10

Syntax is date +%T -s "HH:MM:SS"

$ date +%T -s "14:10:34"

14:10:34

See also OpenNTPD



































Centos 6/RHEL escalate user to super user

Most users will need to use the sudo command with or without the no password option and this guide runs through setting this up. It allows a user to execute almost any command with root privileges. Centos 6 does not provide sudo access by default so it needs to be set up manually.

You will need the a minimal version of Centos 6 installed with root access and a console text editor.

Vi and Vim commands

To start, log in as root and run the visudo command in the console, which will bring up your editor and the /etc/sudoers file.

# visudo

Scroll down until you find the following line

root     ALL=(ALL)ALL

and add underneath it

user_name   ALL=(ALL)ALL 

or

user_name   ALL=(root)ALL

If you also want to use the sudo command without having to enter the root password all the time then use the NOPASSWD flag ie

user_name   ALL=(root) NOPASSWD:ALL

Now scroll down to the bottom of the file and add the following line.

Defaults syslog=local1

Save the file and remove the .tmp file extension so the file is named /etc/sudoers

Now we individualise the logging for any action performed when using the sudo command, open the following file

# vi /etc/rsyslog.conf

and above the line

# The authpriv file has restricted access.
authpriv.*
           /var/log/secure



add the following to correspond with your entry in sudoers.

local1.*               /var/log/sudo.log

Save and exit the file & restart the syslog service

$ sudo service rsyslog restart

The extra lines in sudoers ensure that the user can use sudo from any host with any command and also alter the default logging behaviour for the sudo function.







 












Thursday, 18 July 2013

Centos 6/RHEL install Nginx Web Server

Nginx, an acronym for 'enginex' is an HTTP and reverse proxy server, as well as a mail proxy server. It is available from the Nginx repo as well as the Epel repo, so here we will use the Nginx repo. The rpm repo pack contains the GPG key needed to authenticate the signed rpms. This guide covers the basic installation on Centos 6 with minimal edits to get up and running, it does not cover more advanced configuration.
I give it priority 40 and disable epel when installing it.

First download the repo pack using wget

$ sudo yum -y install wget

Centos 6 users

$ sudo wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm

RHEL users

$ sudo wget http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm

$ sudo rpm -Uvh nginx-release-rhel-6-0.el6.ngx.noarch.rpm
 

Once its installed we configure it

$ sudo chkconfig nginx on

Edit the config files

$ sudo vi /etc/nginx/nginx.conf

Find your cpu count

$ lscpu | grep CPU

worker_processes 2;   (set to number of cpus)

gzip on;              (uncomment)

$ sudo vi /etc/nginx/conf.d/default.conf

listen        80; 

server_name   localhost

Now start the server

$ sudo service nginx start

Starting nginx:                                      [  OK ] 


Other commands

$ sudo service nginx stop

$ sudo service nginx restart

$ sudo service nginx status

$ sudo service nginx reload

Check it is started and running

$ sudo netstat -tulpn | grep :80
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 192.168.0.100:80            0.0.0.0:*                   LISTEN      -                  
anton.Centos.~>ps aux | grep nginx
anton     2842  0.0  0.1  45604 10232 ?        Ss   18:35   0:01
root      3225  0.0  0.0   7416   828 ?        Ss   19:01   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3226  0.0  0.0   7596  1204 ?        S    19:01   0:00 nginx: worker process                  
nginx     3227  0.0  0.0   7596  1228 ?        S    19:01   0:00 nginx: worker process                  
anton     3234  0.0  0.0   4356   756 pts/2    S+   19:01   0:00 


Now browse to http://localhost as in the image above.

Firewall

The above was done without setting any firewall rules but others may have to set rules in iptables, if so it will probably be something similar to below.

$ sudo vi /etc/sysconfig/iptables

Enter into the file

-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

$ sudo iptables restart 

More repos




 


Centos 6 Linux Server Cookbook



Centos 6 Linux Server Cookbook


The Centos 6 Linux Server Cookbook is a guide to the running of Centos in both Server and Desktop mode aimed at beginners and intermediate users of Linux.

It is written by Jonathon Hobson and made available through Packt Publishing.

The eleven chapters cover the main aspects of running the Centos 6 server including Installation and Configuration, Yum packages, Security, Samba, Bind, Databases, Mail, Apache Web Server and FTP services.
These are described in enough detail for the new or intermediate user to understand without being overwhelmingly complex and the book is more than enough to get even the most trepidatory user up and running with a considerable degree of fluidity.

I was surprised upon reading the first few paragraphs of this book, as the first recipe described the downloading of Centos 6 on to a Windows Desktop and running a MD5sum check. It struck me, however, that many users reading the book will be considering swapping out their archaic old Windows kit for some nice new Centos software magic, so it does in fact make perfect sense.

The book is delivered as a series of bite sized chunks, each focusing on performing a specific task, and given the term recipes.

The opening chapter takes you through a variety of installation methods including a graphical method, a minimal method, a text based method and the adding of the Gnome Desktop to the installation though not my preference, the minimal Fluxbox, Thunar, Rxvt trio. A guide to re-installing the boot loader is also a welcome inclusion at this point, in the event of corrupted boot files occurring.

The following two chapters cover configuration and working with the installation, including guides to Mailx, NTP, Static IPs, Cron, IPv6, SELinux and Mutt amongst others.

The Yum tool and Security aspects are covered next, updating, cleaning, automating yum updates with yum-cron, finding, installing and removing packages & yum priorities are all there.

Security wise we are taken through the use of sudo,
hardening the shell environment, IPTables, SSH & fail2ban, DenyHosts and ClamAV, the latter will be useful to people migrating from a Windows environment and who have become attached to their antivirus programs.

So having set up the nuts and bolts of the Linux system and secured it, we are ready to move on to slightly more advanced topics, which commence with the Samba file share program.

We learn quickly how to configure Samba as a standalone server and enable home directories, hide files & folders, add delete and disable a user, create a custom share folder and provide a network recycle bin.

Then there is Bind, the domain tool, we are taken through building a caching-only nameserver, writing zone files and adding zones, deploying a local server with dnsmasq, logging, wildcards and hardening with chroot.

Next up is the MySql Database, although NoSql is now heavily used there are many applications suited to MySQL and Postgresql and the basics of installing these are covered in this section along with Host Based Authentication for Postgresql.

Mail services with MTA, SMTP, Postfix, Dovecot, SASL is next with variety of setups taken a look at, including building a local POP3/SMTP server and Using Postfix and Dovecot to serve e-mails across virtual domains.

The penultimate chapter is working with Apache (or HTTPD) Web Server and covers
installing the Apache web server with CGI/Perl, PHP, configuring mod_perl, and
preparing httpd for a production environment, adding a secure connection to the Apache web server by creating a self-signed SSL certificate using OpenSSL, Hosting peers by enabling user directories on the Apache web server and troubleshooting suexec. We also learn Configuring Apache name-based virtual hosting, Working with publishing directories, vhosts.d, error documents, directives, and the rewrite rule for virtual hosting.

Finally, we get to working with FTP, Building a basic FTP service by installing and configuring VSFTP, Providing a secure connection to VSFTP with SSL/TLS using 
OpenSSL encryption, Implementing virtual users and directories in standalone mode on VSFTP, Providing an anonymous upload and download or download only FTP server with VSFTP

So a decent selection of tasks to get your teeth into, all described in a highly readable and easily digestible manner. The Centos 6 Linux Server Cookbook delivers quick answers to common problems in anodyne fashion.

So head over to Packt Publishing and grab your copy.