Installation of CentOS 7
This guide covers installing CentOS 7 as a server on a typical PC. It was written using CentOS 7.2, but should be applicable to any CentOS 7.X.
- Download the CentOS installation media from www.centos.org and burn it to a DVD.
- Install CentOS
- Boot the computer from the DVD.
- At the welcome screen, choose Install CentOS 7.
- Choose the appropriate language and keyboard layout.
- Configure the network as necessary and set a hostname.
- Installation destination:
- Select all disks to be modified and check "I will configure partitioning"
- If you need to repartition, wipe out the current partitions and add new ones. If not, simply reformat existing partitions and assign mountpoints.
- Set the location appropriately, and enable Network Time. If you use a specific time server, you may provide it now.
- In Software Selection, choose Server with GUI, with addons: E-mail Server, Development Tools.
- Start the installation. As it works, set a root password and create a user.
- If this installation is to be text-based implementation, you may set it to boot to the command line
- Update CentOS
-
Configure firewalld
Provided here are a few commands to set up a basic firewall that allows ssh and http at your local institution, drops traffic from the rest of the world, and allows all traffic on the internal network:
# firewall-cmd --permanent --zone=internal --add-source=[IP/MASK OF YOUR INSTITUTION]where [IP/MASK OF YOUR INSTITUTION] is the network address and netmask for your school, business, etc. formatted as 123.45.67.0/24, and [EXTERNAL INTERFACE] is the interface connected to the outside world, such as eno1.
# firewall-cmd --permanent --zone=internal --remove-service=dhcpv6-client
# firewall-cmd --permanent --zone=internal --remove-service=ipp-client
# firewall-cmd --permanent --zone=internal --add-service=ssh
# firewall-cmd --permanent --zone=internal --add-service=http
# firewall-cmd --permanent --zone=public --remove-service=ssh
# firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
# firewall-cmd --permanent --zone=public --set-target=DROP
# firewall-cmd --permanent --zone=public --change-interface=[EXTERNAL INTERFACE]
# echo "ZONE=public" >> /etc/sysconfig/network-scripts/ifcfg-[EXTERNAL INTERFACE]
# nmcli con reload
# firewall-cmd --reload
For a more detailed explanation, see our article on Understanding Firewalld. - Since we have a good firewall in place, disable selinux.
- Install logwatch to monitor your system log files
- Optionally, install samba if you want to support Microsoft networking
- Optionally, install torque if you want to support batch queuing instead of using WebMO's internal queue. To use torque on a single machine, follow the Installing Torque 6 on Centos OS 7 instructions, but install mom (without client) to the server. Continue to use the fully qualified domain name as the server name (localhost does not work).
- Configure httpd for WebMO
- Install httpd, perl, and perl-CGI # yum -y install httpd perl perl-CGI
- Enable and start httpd # systemctl enable httpd.service
- Back up and edit /etc/httpd/conf.d/userdir.conf # cd /etc/httpd/conf.d/
- Restart httpd # systemctl restart httpd.service
- Install WebMO
- Install computational chemistry engines
$ sudo systemctl set-default multi-user.target
$ sudo systemctl isolate multi-user.target
$ sudo systemctl isolate multi-user.target
# yum clean all
# yum -y update
# yum -y update
# setenforce 0
# cp -p /etc/selinux/config /etc/selinux/config.000
# vi /etc/selinux/config
Change the line
SELINUX=enforcing
to
SELINUX=permissive
# cp -p /etc/selinux/config /etc/selinux/config.000
# vi /etc/selinux/config
Change the line
SELINUX=enforcing
to
SELINUX=permissive
# yum -y install logwatch
# cd /usr/share/logwatch/default.conf/
# cp -p logwatch.conf logwatch.conf.000
# vi logwatch.conf
Change the line
Output = stdout
to
Output = mail
# vi /root/.forward
Add your email address to this new file.# cd /usr/share/logwatch/default.conf/
# cp -p logwatch.conf logwatch.conf.000
# vi logwatch.conf
Change the line
Output = stdout
to
Output = mail
# vi /root/.forward
# yum -y install samba
# cd /etc/samba/
# mv smb.conf smb.conf.000
# vi smb.conf
add the following:# cd /etc/samba/
# mv smb.conf smb.conf.000
# vi smb.conf
[global]
workgroup = [WORKGROUP]
server string = Samba Server Version %v
unix password sync = yes
pam password change = yes
interfaces = lo [INTERFACES]
security = user
passdb backend = tdbsam
load printers = no
[homes]
comment = Home Directories
browseable = no
writable = yes
csc policy = disable
inherit permissions = yes
where [WORKGROUP] is the workgroup of the windows computers that will connect, and [INTERFACES] includes the interface they will connect over.workgroup = [WORKGROUP]
server string = Samba Server Version %v
unix password sync = yes
pam password change = yes
interfaces = lo [INTERFACES]
security = user
passdb backend = tdbsam
load printers = no
[homes]
comment = Home Directories
browseable = no
writable = yes
csc policy = disable
inherit permissions = yes
# systemctl start httpd.service
# cp -p userdir.conf userdir.conf.000
# vi userdir.conf
Comment out
UserDir disabled
Uncomment
UserDir public_html
Append to the end:
<Directory /home/*/public_html/cgi-bin>
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>