30 Things to Do After Minimal RHEL/CentOS 7 Installation

12. Install Apache Tomcat

Tomcat is a servlet container designed by Apache to run Java HTTP web server. Install tomcat as below but it is necessary to point out that you must have installed Java prior of installing tomcat.

# yum install tomcat
Install Apache Tomcat

Install Apache Tomcat

After tomcat has been installed, star the tomcat service.

# systemctl start tomcat

Check Version of tomcat.

# /usr/sbin/tomcat version
Check Tomcat Version

Check Tomcat Version

Add service tomcat and default port (8080) through firewall and reload settings.

# firewall-cmd --zone=public --add-port=8080/tcp --permanent
# firewall-cmd --reload

Now it’s time to secure tomcat server, create a user and a password to access and manage. We need to edit file ‘/etc/tomcat/tomcat-users.xml‘. See the section which looks like:

<tomcat-users>
....
</tomcat-users>


<role rolename="manager-gui"/>
 <role rolename="manager-script"/>
 <role rolename="manager-jmx"/>
 <role rolename="manager-status"/>
 <role rolename="admin-gui"/>
 <role rolename="admin-script"/>
 <user username="tecmint" password="tecmint" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
Secure Tomcat

Secure Tomcat

Here we added user “tecmint” to administer/manage tomcat using password “tecmint”. Stop and start the service tomcat so that the changes are taken into effect and enable tomcat service to start at system boot.

# systemctl stop tomcat
# systemctl start tomcat
# systemctl enable tomcat.service

Read Also: Installing and Configuring Apache Tomcat 8.0.9 in RHEL/CentOS 7.0/6.x

13. Install Nmap to Monitor Open Ports

Nmap for Network Mapper creates a map of the network by discovering host on which it is running as well as by analyzing network. nmap is not included in the default installation and you have to install it from repository.

# yum install nmap
Install Nmap Monitoring Tool

Install Nmap Monitoring Tool

List all open ports and corresponding services using them on host.

# nmap 127.0.01
Monitor Open Ports

Monitor Open Ports

You may also use firewall-cmd to list all the ports, however I find nmap more useful.

# firewall-cmd --list-ports
Check Open Ports in Firewall

Check Open Ports in Firewall

Read Also: 29 Useful Nmap Command to Monitor Open Ports

14. FirewallD Configuration

firewalld is a firewall service which manages the server dynamically. Firewalld removed iptables in CentOS 7. Firewalld is installed by default on RedHat Enterprise Linux and its derivatives by default. With iptables every change in order to be taken into effect needs to flush all the old rules and create new rules.

However with firewalld, no flushing and recreating of new rules required and only changes are applied on the fly.

Check if Firewalld is running or not.

# systemctl status firewalld
OR
# firewall-cmd --state
Check Firewalld Status

Check Firewalld Status

Get a list of all the zones.

# firewall-cmd --get-zones
Check Firewalld Zones

Check Firewalld Zones

To get details on a zone before switching.

# firewall-cmd --zone=work --list-all
Check Zone Details

Check Zone Details

To get default zone.

# firewall-cmd --get-default-zone
Firewalld Default Zone

Firewalld Default Zone

To switch to a different zone say ‘work‘.

# firewall-cmd --set-default-zone=work
Swich Firewalld Zones

Swich Firewalld Zones

To list all the services in the zone.

# firewall-cmd --list-services
List Firewalld Zone Services

List Firewalld Zone Services

To add a service say http, temporarily and reload firewalld.

# firewall-cmd  --add-service=http
# firewall-cmd –reload
Add http Service Temporarily

Add http Service Temporarily

To add a service say http, permanently and reload firewalld.

# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
Add http Service Permanent

Add http Service Permanent

To remove a service say http, temporarily.

# firewall-cmd  --remove-service=http
# firewall-cmd --reload
Remove Firewalld Service Temporarily

Remove Firewalld Service Temporarily

To remove a service say http, permanently.

# firewall-cmd --zone=work --remove-service=http --permanent
# firewall-cmd --reload
Remove Service Permanently

Remove Service Permanently

To allow a port (say 331), temporarily.

# firewall-cmd --add-port=331/tcp
# firewall-cmd --reload
Open Firewalld Port Temporarily

Open Port Temporarily

To allow a port (say 331), permanently.

# firewall-cmd --add-port=331/tcp --permanent
# firewall-cmd --reload
Open Port in Firewalld Permanent

Open Port Permanently

To block/remove a port (say 331), temporarily.

# firewall-cmd --remove-port=331/tcp
# firewall-cmd --reload
Remove Port Temporarily in Firewalld

Remove Port Temporarily

To block/remove a port (say 331), permanently.

# firewall-cmd --remove-port=331/tcp --permanent
# firewall-cmd --reload
Remove Port Permanently in Firewalld

Remove Port Permanently

To disable firewalld.

# systemctl stop firewalld
# systemctl disable firewalld
# firewall-cmd --state
Disable Firewalld in CentOS 7

Disable Firewalld Service

To enable firewalld.

# systemctl enable firewalld
# systemctl start firewalld
# firewall-cmd --state
Enable Firewalld in CentOS 7

Enable Firewalld

  1. How to Configure ‘FirewallD’ in RHEL/CentOS 7
  2. Useful ‘FirewallD’ Rules to Configure and Manage Firewall

15. Installing Wget

wget is a Linux command line based utility that retrieves (downloads) content from web servers. It is an important tool you must have to retrieve web contents or download any files using wget command.

# yum install wget
Install Wget Tool

Install Wget Tool

For more usage and practical examples on how to use wget command to download files on the terminal, read 10 Wget Command Examples.

16. Installing Telnet

Telnet is a network protocol that enables a user to login into another computer on the same network over TCP/IP. Once connection etablished to the remote computer it becomes a virtual terminal and allow you to communicate with the remote host within your computer as per whatever privileges provided to you.

Telnet also very useful for checking listening ports on remote computer or host.

# yum install telnet
# telnet google.com 80
Telnet Port Checking

Telnet Port Checking

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

76 Responses

  1. Paul says:

    I followed this guide. Its really helpful. As you said quite extensively about installing apache, databases and others.

    Can you also provide a guide regarding how to upload a site in CentOS after doing all this?

  2. Ambady Bala says:

    I am wondering why httpd,php is installed after installing virtualbox. Initially it is installed, will it conflict

  3. Samuel Wamala says:

    Resourceful tutorial for Linux enthusiast.

  4. Gary J. Morin says:

    There is a mistake in the SSH section. The config file is NOT ‘ssh-config’. That is meant for the SSH client not the server. The SSH server settings are in ‘sshd-config’. As a noob, it took me a while to figure out why my changes had no effect on the server.

    Otherwise, this has been a great resource for someone like me learning Linux for the first time. Thanks!

    • Ravi Saive says:

      @Gary,

      Thanks for notifying, yes it should sshd_config for configuring SSH Server. We’ve corrected in the article.

  5. Graham Leach says:

    One of the commands didn’t work for me, the one related to opening up the httpd port through firewalld. I got a syntax error

    I got a successful execution with the following command, because I did not choose to assign http a funky port, just the standard one (80)

    # firewall-cmd --permanent --zone=public --add-service=http 
    

    If you want to use a custom port for httpd, use this command, which specifies the port/protocol:

    # firewall-cmd --permanent --zone=public --add-port=2888/tcp 
    

    SOURCE:
    https://stackoverflow.com/questions/24729024/open-firewall-port-on-centos-7

  6. Panos says:

    Thank you for getting this information together, it is very helpful for people not familiar to minimal dekstop-less installations.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.