30 Things to Do After Minimal RHEL/CentOS 7 Installation

17. Installing Webmin

Webmin is a Web based configuration tool for Linux. It acts as a central system to configure various system configuration like users, disk quota, services and configurations of HTTP server, Apache, MySQL, etc.

# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm
# rpm -ivh webmin-*.rpm
Install Webmin on CentOS 7

Install Webmin

After webmin installation, you will get a message on terminal to login to your host (http://ip-address:10000) using your root password on port number 10000. If running a headless server you can forward the port and access it on a machine/server that is headed.

18. Enable Third Party Repositories

It is not a good idea to add untrusted repositories specially in production and it may be fatal. However just for example here we will be adding a few community approved trusted repositories to install third party tools and packages.

Add Extra Package for Enterprise Linux (EPEL) Repository.

# yum install epel-release

Add Community Enterprise Linux Repository.

# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
Install Epel Repo

Install Epel Repo

Attention! Extra care is needs to be taken while adding Third Party Repository.

19. Install 7-zip Utility

In the CentOS Minimal Install you don’t get utility like unzip or unrar. We have the option to install each utility as required or an utility that servers for all. 7-zip is such an utility which compress and extract files of all known types.

# yum install p7zip
Install 7zip Tool

Install 7zip Tool

Notice: The package is downloaded and installed from Fedora EPEL 7 Repository.

20. Install NTFS-3G Driver

A small yet very useful NTFS driver called NTFS-3G is available for most of the UNIX-like distribution. It is useful to mount and access Windows NTFS file system. Though other alternatives like Tuxera NTFS is available, NTFS-3G is most widely used.

# yum install ntfs-3g
Install NTFS-3G in CentOS

Install NTFS-3G to Mount Windows Partition

After installing ntfs-3g has been installed, you can mount Windows NTFS partitions (where /dev/sda5 is my windows drive) using following command.

# mount -ro ntfs-3g /dev/sda5 /mnt
# cd /mnt
# ls -l

21. Install Vsftpd FTP Server

VSFTPD which stands for Very Secure File Transfer Protocol Daemon is a FTP server for UNIX-like System. It is one of the most efficient and secure FTP Server available today.

# yum install vsftpd
Install Vsftpd in CentOS 7

Install Vsftpd FTP

Edit the configuration file located at ‘/etc/vsftpd/vsftpd.conf‘ to secure vsftpd.

# vi /etc/vsftpd/vsftpd.conf

Edit a few fields and leave other as it is, unless you know what you are doing.

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

You may also change the port number and open vsftpd port through the firewall.

# firewall-cmd --add-port=21/tcp
# firewall-cmd --reload

Next restart vsftpd and enable to start at boot time.

# systemctl restart vsftpd
# systemctl enable vsftpd

22. Install and Configure sudo

sudo which is commonly called as super do as well as suitable user do is a program for UNIX-like operating system to execute a program with the security privileged of another user. Let’s see how to configure sudo…

# visudo

It will open the file /etc/sudoers for editing..

sudoers File

sudoers File

Give all the permission (equal to root) to a user (say tecmint), that has already been created.

tecmint   ALL=(ALL)    ALL

Give all the permission (equal to root) to a user (say tecmint), except the permission to reboot and shutdown the server.

Again open the same file and edit it with the below contents.

cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot

Then add alias with Logical (!) operator.

tecmint   ALL=(ALL)    ALL,!nopermit

Give permission to a group (say debian) to run a few root privilege command say (add user and delete user) .

cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel

And then add the permission to group debian.

debian ALL=(ALL) permit

23. Install and Enable SELinux

SELinux which stands for Security-Enhanced Linux is a security module at kernel level.

# yum install selinux-policy
Install SElinux in CentOS 7

Install SElinux Policy

Check SELinux Mode.

# getenforce
Check SELinux Mode

Check SELinux Mode

The output is enforcing mode which means SELinux policy is in effect.

For debugging, set selinux mode to permissive temporarily. No need to reboot.

# setenforce 0

After debugging set selinux to enforcing again without rebooting.

# setenforce 1

24. Install Rootkit Hunter

Rootkit Hunter abbreviated as Rkhunter is an application that scan rootkits and other potentially harmful exploits in Linux systems.

# yum install rkhunter
Install Rootkit Hunter

Install Rootkit Hunter

Run rkhunter as a scheduled job, from a script file or manually to scan harmful exploits in Linux.

# rkhunter --check
Scan for rootkits

Scan for rootkits

RootKit Scan Results

RootKit Scan Results

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

76 Responses

  1. Paul says:

    I followed this guide. Its really helpful. As you said quite extensively about installing apache, databases and others.

    Can you also provide a guide regarding how to upload a site in CentOS after doing all this?

  2. Ambady Bala says:

    I am wondering why httpd,php is installed after installing virtualbox. Initially it is installed, will it conflict

  3. Samuel Wamala says:

    Resourceful tutorial for Linux enthusiast.

  4. Gary J. Morin says:

    There is a mistake in the SSH section. The config file is NOT ‘ssh-config’. That is meant for the SSH client not the server. The SSH server settings are in ‘sshd-config’. As a noob, it took me a while to figure out why my changes had no effect on the server.

    Otherwise, this has been a great resource for someone like me learning Linux for the first time. Thanks!

    • Ravi Saive says:

      @Gary,

      Thanks for notifying, yes it should sshd_config for configuring SSH Server. We’ve corrected in the article.

  5. Graham Leach says:

    One of the commands didn’t work for me, the one related to opening up the httpd port through firewalld. I got a syntax error

    I got a successful execution with the following command, because I did not choose to assign http a funky port, just the standard one (80)

    # firewall-cmd --permanent --zone=public --add-service=http 
    

    If you want to use a custom port for httpd, use this command, which specifies the port/protocol:

    # firewall-cmd --permanent --zone=public --add-port=2888/tcp 
    

    SOURCE:
    https://stackoverflow.com/questions/24729024/open-firewall-port-on-centos-7

  6. Panos says:

    Thank you for getting this information together, it is very helpful for people not familiar to minimal dekstop-less installations.

Leave a Reply to Samuel Wamala Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.