Posted July 11th, 2018 | 278

n3p_1ce

Connecting to your Server

You will need a SSH-Client like Putty if you are coming from Windows. On Unix-OS like OSX and Linux you can use terminal.

After connecting to the server you will be greeted by the following screen:

If you are logged in as root, it is highly recommended that you create another account and add this account to the wheel group. To achieve this, you have to type the following on the terminal.

adduser <username>

where <username> can be any name you would like to have for the account. For this tutorial, we are going to create the user “corefinity”.

adduser corefinity

After hitting Enter, you need to assign a password to this user, as it won’t be enabled like in Ubuntu without doing so. To achieve this, you need to type

passwd corefinity

and repeat the password twice. You now have created your first user.

Unfortunately, this user doesn’t have any root-permissions yet, but we are going to change this now

As we are still logged in as root, we are now going to add our corefinity-user to the group of wheel.

usermod -aG wheel corefinity

will achieve this. We now have a non-root account, which can install software and updates.

To switch to this user, we need to type

su corefinity

and to exit this user and return to root, we just need to type

exit

and hit enter.

 

Precondition: Setting a hostname

To connect to webmin via URL, you need to set a hostname first and connect your domain-registrar to the machines IP, so that typing in the address of your domain will take you to the machines IP.

To set a hostname type

sudo hostname your-new-name

where your-new-name should reflect your own domain.

 

Install Apache

The first step you will need to do is updating your base image. Under our newly created corefinity-user, we need to type the following:

sudo yum update -y

and run the command by hitting enter. This will update yum’s .

Now it’s time to install apache. This can be done by typing

sudo yum install httpd -y

Yum  will download the apache-package and install it.

We now need to enable apache by typing

sudo systemctl enable httpd

and

sudo systemctl start httpd

and after running these commands, we can see if we were successful by typing

service httpd status

 

Installing MySQL 5.7

Now it’s time to install MySQL 5.7. First we need to install wget to be able to add the MySQL repository

sudo yum install wget -y

Yum  will download the wget-package and install it.

We now need to add the MySQL5.7 repository by typing

sudo wget https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm

and

sudo rpm -ivh mysql57-community-release-el7-9.noarch.rpm

After this is finished, we can install MySQL5.7 with the following command:

sudo yum install mysql-server –y

After confirming the dependencies with ‘y’ and finishing the installation, we need to enable and start the MySQL-server with

sudo systemctl enable mysqld

and

sudo systemctl start mysqld

 

Securing the database

We will now use the implemented secure installer of MySQL 5.7 to harden our installation.

To get started, we have to type in

sudo mysql_secure_installation

As soon as we hit enter, we will be asked for the root-password, which we got beforehand, with the command

sudo grep 'temporary password' /var/log/mysqld.log

After pasting it, we will be asked to create a new root-password. After typing it twice, we will have an output of the estimated strength of the password. If we are confident with the strength, we can skip the step for another new root password with any key except ‘y’.

The next step will be the removal of anonymous users from the database. It is common practice to remove anonymous access, unless absolutely required. To achieve this, confirm with ‘y’.

Afterwards you will be asked if remote access of the root account to the database shall be disabled and connection shall only be permitted from the local machine. As we don’t want someone to guess our root-password, we are going to confirm with ‘y’.

Up next will be the removal of the test database. As we are going to build a productive server, we won’t need it anymore and confirm this step with ‘y’ as well.

The final step of the secure installation is reloading the privilege tables. Maybe we took a break in setting things up, and something happened in the background already. With this step, all of our previous made decisions will be loaded into the database immediately.

 

Installing PHP and Webmin

Now we need to install the necessary php-plugins. We can do so by typing

sudo yum install php php-mysql nano –y

After all dependencies are confirmed and the the installation is finished, we need to edit the file /etc/yum.repos.d/webmin.repo

with the following command

sudo nano /etc/yum.repos.d/webmin.repo

Add the following text to the file via copy and paste:

[Webmin]

name=Webmin Distribution Neutral

#baseurl=http://download.webmin.com/download/yum

mirrorlist=http://download.webmin.com/download/yum/mirrorlist

enabled=1

and save with ctrl-o and ctrl-x afterwards.

Now the Webmin author’s key needs to be added with

sudo wget http://www.webmin.com/jcameron-key.asc

and then be imported into yum with

sudo rpm --import jcameron-key.asc

Now we can finally install webmin with

sudo yum install webmin –y

When the installation is finished, you can connect to webmin via https://your-url:10000/ if you set a hostname. Otherwise you can use https://your-machines-IP:10000 , but have to live with a certificate error.

To log in into webmin, you can only use your root account and it’s password. If you connect via SSH and haven’t set a root-password yet, you can do so by

sudo passwd root

followed by typing in the new root password twice.

 

Congratulations, you can now manage your server via a comfortable web interface!