1. Register and Enable Red Hat Subscription
# yum install subscription-manager register
# subscription-manager register --username your_username --password your_password
# subscription-manager unregister --> untuk unregister
# subscription-manager list -available --> melihat daftar
# subscription-manager subscribe --pool=Pool ID number --> aktivasi
# subscription-manager list –consumed --> melihat status
# subscription-manager list --> cek enable
# subscription-manager remove --all --> menhapus keaktifan
# subscription-manager unsubscribe --serial=Serial number --> menhapus keaktifan
# subscription-manager service-level --list
# subscription-manager service-level --set=self-support
# subscription-manager repos --list --> enable repolist
2. Configure Network with Static IP Address
# yum install net-tools [Provides ifconfig utility]
# ip addr show
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
UUID=a487343f-625a-4408-97ad-ac6745726316
DEVICE=eth0
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=192.168.20.61
PREFIX=24
GATEWAY=192.168.20.2
DNS1=192.168.20.1
# service network restart.1
# ip addr show
# ping -c4 google.com
CREATE VHOST CentOS 7
# cd /etc/httpd/
# mkdir sites-available sites-enabled
# vi conf/httpd.conf --> tambahkan IncludeOptional sites-enabled/*.conf
# vi /etc/httpd/sites-available/rheltest.lan.conf --> isikan sperti dibawah ini :
<VirtualHost *:80>
ServerName rheltest.lan
DocumentRoot "/var/www/rheltest.lan"
<Directory "/var/www/rheltest.lan">
Options Indexes FollowSymLinks MultiViews
# AllowOverride controls what directives may be placed in .htaccess files.
AllowOverride All
# Controls who can get stuff from this server file
Order allow,deny
Allow from all
</Directory>
<IfModule mpm_peruser_module>
ServerEnvironment apache apache
</IfModule>
ErrorLog /var/log/httpd/rheltest.lan-error.log
CustomLog /var/log/httpd/rheltest.lan-access.log combined
</VirtualHost>
# mkdir -p /var/www/rheltest.lan
# nano /usr/local/bin/a2ensite --> isikan :
#!/bin/bash
if test -d /etc/httpd/sites-available && test -d /etc/httpd/sites-enabled ; then
echo "-----------------------------------------------"
else
mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled
fi
avail=/etc/httpd/sites-available/$1.conf
enabled=/etc/httpd/sites-enabled/
site=`ls /etc/httpd/sites-available/`
if [ "$#" != "1" ]; then
echo "Use script: a2ensite virtual_site"
echo -e "\nAvailable virtual hosts:\n$site"
exit 0
else
if test -e $avail; then
sudo ln -s $avail $enabled
else
echo -e "$avail virtual host does not exist! Please create one!\n$site"
exit 0
fi
if test -e $enabled/$1.conf; then
echo "Success!! Now restart Apache server: sudo systemctl restart httpd"
else
echo -e "Virtual host $avail does not exist!\nPlease see available virtual hosts:\n$site"
exit 0
fi
fi
# nano /usr/local/bin/a2dissite --> isikan :
#!/bin/bash
avail=/etc/httpd/sites-enabled/$1.conf
enabled=/etc/httpd/sites-enabled
site=`ls /etc/httpd/sites-enabled/`
if [ "$#" != "1" ]; then
echo "Use script: a2dissite virtual_site"
echo -e "\nAvailable virtual hosts: \n$site"
exit 0
else
if test -e $avail; then
sudo rm $avail
else
echo -e "$avail virtual host does not exist! Exiting!"
exit 0
fi
if test -e $enabled/$1.conf; then
echo "Error!! Could not remove $avail virtual host!"
else
echo -e "Success! $avail has been removed!\nPlease restart Apache: sudo systemctl restart httpd"
exit 0
fi
fi
# chmod +x /usr/local/bin/a2*
# a2ensite vhost_name
# a2disite vhost_name
# a2ensite rheltest.lan
# systemctl restart httpd
# buka browser test rheltest.lan
3. Set Hostname of Server
# echo $HOSTNAME
# vi /etc/hostname
4. Update or Upgrade CentOS Minimal Install
# yum update && yum upgrade
5. Install Command Line Web Browser
# yum install links --> install commandline browser
6. Install Apache HTTP Server
INSTALL WebServer
# yum install httpd
# /etc/httpd/conf/httpd.conf --> mengganti port 80 ke port lain ==> LISTEN 331
# firewall-cmd --add-service=http --> aktifkan fw
# firewall-cmd -permanent -add-port=331/tcp
# firewall-cmd --reload
# systemctl restart httpd.service
# systemctl start httpd.service --> automatis on ketika boot
# systemctl enable httpd.service --> automatis on ketika boot
# links 127.0.0.1 --> verifikasi apache
7. Install PHP
INSTALL PHP
# yum install php
# systemctl restart httpd.service
# echo -e "<?php\nphpinfo();\n?>" > /var/www/html/phpinfo.php --> verifikasi PHP
# links http://127.0.0.1/phpinfo.php --> view PHP
8. Install MariaDB Database
INSTALL DATABASE
# yum install mariadb-server mariadb
# systemctl start mariadb.service --> automatis on ketika boot
# systemctl enable mariadb.service --> automatis on ketika boot
# firewall-cmd --add-service=mysql
# /usr/bin/mysql_secure_installation
9. Install and Configure SSH Server
INSTALL SSH
# SSH -V
# vi /etc/ssh/ssh_config -->
Protocol 2,1 (Original)
Protocol 2 (Now)
PermitRootLogin yes (Original)
PermitRootLogin no (Now)
# systemctl restart sshd.service
10. Install GCC (GNU Compiler Collection)
INSTALL GCC
# yum install gcc
# gcc --version
11. Install Java
# yum install java
# java -version
12. Install Apache Tomcat
# yum install tomcat
# systemctl start tomcat
# /usr/sbin/tomcat version
# firewall-cmd --zone=public --add-port=8080/tcp --permanent
# firewall-cmd --reload
# vi /etc/tomcat/tomcat-users.xml --> kustome
<tomcat-users>
....
</tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="tri" password="tri" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
# systemctl stop tomcat
# systemctl start tomcat
# systemctl enable tomcat.service
13. Install Nmap to Monitor Open Ports
INSTALL NMAP & MONIT PORT
# yum install nmap
# nmap 127.0.01
# firewall-cmd --list-ports
14. FirewallD Configuration
FIREWALLD KONFIGURASI
# systemctl status firewalld
# firewall-cmd --get-zones
# firewall-cmd --zone=work --list-all
# firewall-cmd --get-default-zone
# firewall-cmd --set-default-zone=work
# firewall-cmd --list-services
# firewall-cmd --add-service=http
# firewall-cmd –reload
# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
# firewall-cmd --remove-service=http --> keaddan meremove
# firewall-cmd --reload
# firewall-cmd --zone=work --remove-service=http --permanent --> keaddan meremove
# firewall-cmd --reload
# firewall-cmd --add-port=331/tcp --> ALLOW PORT 331
# firewall-cmd --reload
# firewall-cmd --add-port=331/tcp --permanent --> ALLOW PORT 331 PERMANENT
# firewall-cmd --reload
# firewall-cmd --remove-port=331/tcp --> BLOCK PORT 331
# firewall-cmd --reload
# firewall-cmd --remove-port=331/tcp --permanent --> BLOCK PORT 331 PERMANENT
# firewall-cmd --reload
# systemctl stop firewalld --> DISABLED FIREWALLD
# systemctl disable firewalld --> DISABLED FIREWALLD
# firewall-cmd --state --> DISABLED FIREWALLD
# systemctl enable firewalld --> ENABLED FIREWALLD
# systemctl start firewalld --> ENABLED FIREWALLD
# firewall-cmd --state --> ENABLED FIREWALLD
15. Installing Wget
INSTALL WGET
# yum install wget
16. Installing Telnet
INTSALL TELNET
# yum install telnet
# telnet google.com 80
17. Installing Webmin
Optional
18. Enable Third Party Repositories EPEL
INSTALL EPEL REPO
# yum install epel-release
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm --> ADD KOMUNITAS EPEL
19. Install 7-zip Utility
INSTALL KOMPRES
# yum install p7zip
20. Install NTFS-3G Driver
none
21. Install Vsftpd FTP Server
INSTALL FTP SERVER
# yum install vsftpd
# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
# firewall-cmd --add-port=21/tcp
# firewall-cmd --reload
# systemctl restart vsftpd
# systemctl enable vsftpd
22. Install and Configure sudo
INSTALL & KONFIG SUDO
# visudo
tri ALL=(ALL) ALL --> memberikan akses pebuh untuk tri
cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot
tri ALL=(ALL) ALL,!nopermit
cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel --> Give permission to a group (say debian) to run a few root privilege command say (add user and delete user) .
debian ALL=(ALL) permit --> after add the permission to group debian.
23. Install and Enable SELinux
INSTALL SELINUX
# yum install selinux-policy
# getenforce
# setenforce 0 --> untuk permissive
# setenforce 1 --> untuk enforcing
24. Install Rootkit Hunter
INSTALL ROOTKIT HUNTER
# yum install rkhunter
# rkhunter --check
25. Install Linux Malware Detect (LMD)
Install Linux Malware Detect
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xvf maldetect-current.tar.gz
# ls -l | grep maldetect
# ./install.sh
# vi /usr/local/maldetect/conf.maldet
email_alert=1
email_addr=gacanepa@localhost
email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
quar_hits=1
quar_clean=1
quar_susp=1
clam_av=1
# vi /etc/yum.repos.d/dag.repo:
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
enabled=1
# yum update && yum install clamd
# maldet --scan-all /var/www/
# maldet --scan-all /var/www/*.zip
# maldet --report 021015-1051.3559
# maldet --clean SCANID
26. Server Bandwidth Testing with Speedtest-cli
$ sudo apt-get install python-pip
$ sudo pip install speedtest-cli
$ sudo pip install speedtest-cli --upgrade
$ wget https://github.com/sivel/speedtest-cli/archive/master.zip
$ unzip master.zip
$ cd speedtest-cli-master/
$ chmod 755 speedtest_cli.py
$ sudo mv speedtest_cli.py /usr/bin/
$ speedtest_cli.py
$ speedtest_cli.py --bytes --> hasilnya by bits
$ speedtest_cli.py --simple -->info praktis
# speedtest_cli.py --share --> download image
27. Password Protect GRUB
# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.old
# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.old
# vi /etc/grub.d/10_linux
cat <<EOF
set superusers=”tri”
Password tri@123
EOF
# grub2-mkconfig --output=/boot/grub2/grub.cfg
# /etc/grub.d/10_linux --> enkripsi password
cat <<EOF
set superusers=”tri”
Password_pbkdf2 tri
grub.pbkdf2.sha512**************************************************
EOF
