How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6

How to Install LAMP, Webmin & ConfigServer

Security & Firewall on a CentOS 6.0 GoGrid Cloud

Server

July 19th, 2012 by Michael Sheehan - 25,114 views

Let me preface this post by saying, I am NOT a Linux guru. In fact, I consider myself to be a newbie when it

comes to the intricacies of Linux. I probably know enough to be dangerous, at least dangerous to the server.

So, I’m writing this post with the following disclaimer: Don’t ask me for any details on the “why” or how to do

what I’m outlining below differently. But since I figured that lots of you are like me, I wanted to share.

Since I’m a Linux newbie, you’ll probably understand why I wanted to write this post though. I’m not a

command line junkie—GUIs are much more my thing. But when it comes to running a server that is speedy and

high performance with low overhead (e.g., doing away with GUIs), you’re probably looking at various Linux

distros. What I wanted to do was set up a basic Linux system running a LAMP (Linux, Apache, MySQL, and

PHP) stack that also had a web-interface and some added security controls.

The great thing about doing this type of experimentation in the cloud is that I can create essentially a Dev &

Test environment where I can spin up a server in minutes, install software, configure it, and test everything out.

Then if it doesn’t work the way I want it to, I can tear it down and start again from scratch. The cloud lets you do

this quickly, easily, and inexpensively.

In this tutorial, you can basically have the entire configuration up and running in the GoGrid cloud in less than

an hour and only spend about $0.25 to test this out (assumes a 2 GB server running for 1 hour at $0.12/GB

RAM/hr.)

Here’s what we’re using:

CentOS 6.0 (64-bit) – with 2 GB RAMWebmin – web-based interface for sysadmins for UNIX that lets users set up user accounts, Apache, DNS, filesharing, and a whole lot moreConfigServer Firewall & Security (CFS) – a Stateful Packet Inspection (SPI) firewall, login/intrusion detection,and security application for Linux servers

And here’s what we’ll do:

Deploy a CentOS server on GoGrid1.Install a basic LAMP stack2.Install Webmin3.Install CSF4.Enable CSF within Webmin5.

Do note: I don’t go into how to configure Webmin or ConfigServer. You should read up on the documentation

of each item before you start. Also, just doing the install does NOT mean your server is protected. You need to

enable the appropriate security and protection to best fit your needs!

Let’s get started.

1) Deploy a CentOS server

Assuming you have a GoGrid account (if you don’t, head over here), you simply log into the GoGrid portal and

ADD a Cloud Server. I chose the CentOS 6.0 (64-bit) image with 2 GB RAM.

Search GoGrid Blog

Search for:

Categories

Recent Articles

Practical Big Data Use in MarketingDelivers Big ReturnsSpeed, Accuracy More Important thanVolume for Big DataBig Data = Big Confusion? Hint: The Keyis Open Data ServicesBig Data Speed May Be More ImportantThan SizeHow To Successfully Implement a BigData Project in 8 Steps

Blog Archives

Tags

API Big Data CentOS

cloud hosting Cloudinfrastructure Cloud

Platform Cloud Server Cloud Storage

Customer Data Center event expo

Features GoGrid

Exchange Hosting How To Hybrid

Hosting IaaS Images

infrastructure infrastructure as aservice Interview John Keagy Linux LoadBalancer Meetup Microsoft News

partner Partner GSI PresentationPress Press Release Private CloudPublic Cloud SaaS SecurityServePath Update Video WebinarWindows

Subscribe via Email

GoGrid FaceBookFan Page

Big Data Solutions Cloud Platform Support Sign up

Chat with Us Get a Call Login Back to GoGrid.com

How to Install LAMP, Webmin & ConfigServer Security & Firewall on ... http://blog.gogrid.com/2012/07/19/how-to-install-lamp-webmin-configse...

1 of 9 m/18/2013 7:43 PM

Once the server has been deployed (for that size server, it should take about 3-5 minutes), grab the IP address

and the password (from the Support/Passwords section within the GoGrid portal).

Then, you need to run some sort of SSH program to log into your server. I use PuTTY on Windows, for

example. Put your credentials into the program and connect to your server. Be sure to accept the server’s host

key.

Next, ensure your server is up-to-date with the latest versions of the programs on it. To check, run the following

command:

yum update

Accept the defaults and your server will be updated.

2) Install a basic LAMP stack

The next step is to install Apache, MySQL, and PHP. There are three parts to this step.

To install Apache, use the following command:

yum install httpd

Then you want to set Apache to run every time your server starts up. Use the following command:

chkconfig –levels 235 httpd on

Lastly, you need to start Apache the first time. Run either the following command:

/etc/init.d/httpd start

OR use this easier-to-remember command:

service httpd start

Test to see if Apache is running by going to http://[YOUR-SERVER-IP-ADDRESS] and look for the

Apache2 splash screen.

Plugin social Facebook

Big Datamade simplewith this60-secondguide:http://ow.ly/i/3JY32

Cloud Blog Watch

Cloud Computing news

On-Premise or Cloud ERP -Which Is Right for YourBusiness?cloudcomputing.sys-con.com

Virtualizationvirtualization.net

The next big thing – DigitalAdvertisingblog.esds.co.in

Dell: Foglight forVirtualization Free EditionVideo Podcast with MattiasSundling – Episode 45virtualization.net

Spreadsheet vs Cloudapplicationprocessmate.net

GoGrid on Twitter

Follow GoGrid on Twitter!Get GoGrid Status Updates via Twitter!

Pages

Blog HomeCloud Computing PyramidGoGrid DemoAbout

Site Authors

Andy NesterBarbara JurinBobby BrownBryta SchulzChris LynchDr. GoGridJames StrayerJeff SamuelsJeryn CarliseJohn KeagyKole HicksMario DuarteMichael SheehanOren FalkowitzRupert Tagnipes




2 of 9 m/18/2013 7:43 PM

Now you need to install MySQL. Same quick process (but you do need to remember the MySQL root

password you create). First, install MySQL and the MySQL server with this command:

yum install mysql mysql-server

Once MySQL is installed, you’ll want to have it start on the booting of your server. Use the following

commands:

chkconfig –levels 235 mysqld on

/etc/init.d/mysqld start

Remember, you can also use the following command to start your service:

service mysqld start

Once MySQL is running, you’ll need to set up the passwords for it. By running the next command, you’ll be

asked a series of questions, including setting up a root password. (Remember to write it down!)

mysql_secure_installation

There typically isn’t a current root password, so just hit ENTER.

Here are the questions you’ll be asked (and suggested answers):

Set root password –> YNew password –> set a good one (mixture of numbers, letters, different cases, characters, etc.)!Re-enter new password –> get it right!Remove anonymous users –> YDisallow root login remotely –> YRemove test databases and access to it –> YReload privilege tables now –> Y

Now that your MySQL is set up, move on to installing PHP. First you need to download and install PHP with

the following command:

yum install php

CentOS 6.0 GoGrid Cloud ServerHow to Monitor Your Windows 2008Server on GoGrid with Cacti 0.8.7gSet Up a Cacti Monitoring Server inMinutes with this GoGrid CommunityServer ImageHow Software Defined NetworkingDelivers Next-Generation SuccessSpeed, Accuracy More Important thanVolume for Big Data




3 of 9 m/18/2013 7:43 PM

/etc/init.d/httpd restart

With that, your LAMP stack install is complete. Note: This is the BASE installation of these items. There are

other security and performance tuning you can do as well. Luckily, for those of us who are a bit command-line

weak, the next step of installing Webmin will help with the configurations you need within a web-based GUI.

3) Install Webmin

The next step is installing Webmin which is a web-based graphical interface to let you manage your system on

CentOS (or other Linux distros).

First you need to set up the repository to get Webmin. Note: You have to know a bit about Linux editor

commands—in this case Vi—if you want to continue down the WYSIWYG route; otherwise, you can use a text

editor and an SFTP program. Optionally, you can use the free text editor called Notepad++ which has a plugin

called NppFTP that lets you do SFTP and create/edit docs on your server. There are also emacs-style editors

that can be installed on the server, like Nano.

(Note: these commands were slightly modified based on Jack’s comments below. Modified on 12/21/12.)

Here are the commands to run:

cd /tmp

wget http://www.webmin.com/jcameron-key.asc

rpm –import jcameron-key.asc

vi /etc/yum.repos.d/webmin.repo

Note: You can omit the last line if you’re going to use a text editor to edit the doc. But the doc you just

created/need to create is located at /etc/yum.repos.d/ and is called “webmin.repo”. It needs to be edited

with the following lines:

[Webmin]

name=Webmin Distribution Neutral

#baseurl=http://download.webmin.com/download/yum

mirrorlist=http://download.webmin.com/download/yum/mirrorlist

enabled=1

Once you have that repository set, you can simply run the Webmin install:

yum install webmin

You’re almost finished with this step. Because GoGrid servers have many of the ports disabled as a security

measure, you’ll need to punch a hole in your IPTables (firewall) to allow remote access to the web-based

administration of Webmin. To do so, issue the following command:

iptables -I INPUT -p tcp –dport 10000 -j ACCEPT ;

Then save this configuration:

/etc/init.d/iptables save

With that, you should now be able to access Webmin using the following URL:

http://[YOUR-SERVER-IP-ADDRESS]:10000 (that’s port 10,000).




4 of 9 m/18/2013 7:43 PM

Just use “root” and your server password to log in.

Now on to the next step.

4) Install ConfigServer Security & Firewall

We’re almost done with the process. The next item to install is CSF (ConfigServer Security & Firewall). Once

properly configured, this application will provide even more protection for your server.

First, be sure that you have the Perl prerequisites installed:

yum install perl-libwww-perl

Note: I needed to install another library (Time-HiRes) for the 64-bit CentOS 6.0 server I was using:

yum install perl-Time-HiRes

Then you need to download and install CSF with the following commands:

cd /tmp

wget -c http://www.configserver.com/free/csf.tgz

tar xzf csf.tgz

cd csf

sh install.sh

The CSF is now installed, but it is only in “testing” mode, meaning there’s NO protection enabled. You’ll need to

make some changes to the configuration (.conf) file prior to turning off testing mode. Using your favorite editor

(command line or text), do the following to the CSF configuration file (located at: /etc/csf/csf.conf):

Find the TCP_IN variable and change it to:

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,3000:3050,10000″

This step enables default ports used on a webserver and programs like Webmin. Note: you may want to audit

exactly which ports you truly need, for example, the minimum would be typically 22, 80, 443 and 10000 (for

Webmin).

Then change the UDP_OUT variables to:

UDP_OUT = “20,21,53,113,123,33434:33523″

This step allows for the use of the “Traceroute” command (you need to have the range at the end for traceroute




5 of 9 m/18/2013 7:43 PM

Save the config file!

I highly recommend that you read the README file from CSF for all the details on how to fully configure

CSF.

Once you make those configuration changes, restart CSF:

service csf restart

Then you’ll want to ensure CSF starts on reboot:

chkconfig –level 235 csf on

With that, CSF is up and running! To check if CSF is fully operational, run the following command:

perl /etc/csf/csftest.pl

Hopefully, all results pass with an “OK” status.

5) Enable CSF within Webmin

The last (and easiest) step to ensure that everything is GUI-enabled is to install CSF as a Webmin module.

Open up Webmin in a web-browser (using your server’s IP address and port 10000).

Within Webmin, navigate to: Webmin > Webmin Configuration > Webmin Modules > From Local File

From there, you’ll want to install the CSF script, which is located at: /etc/csf/csfwebmin.tgz

Use the Webmin interface to install the module.




6 of 9 m/18/2013 7:43 PM

Bio Latest Posts

From there, you can fully administer ConfigServer Security & Firewall to your liking. I encourage you to read

through the CSF documentation to fully understand what you can configure and how to do so.

Summary

If you’ve made it through all these steps, you now have a GoGrid CentOS 6.0 cloud server running a LAMP

stack, Webmin, and ConfigServer Security & Firewall. Remember that you’ll probably want to harden your

server even more by enabling some of the firewalling and security. But from this point, you can now install other

OpenSource applications like WordPress or Drupal or SugarCRM.

The nice thing about building this type of environment in the GoGrid cloud is that the setup time is quick: It

takes about 5 minutes to deploy the server. Also, if you configure a server to your liking, you can save it as a

MyGSI (a personal GoGrid Server Image) that you can then use to spin up clones of your server whenever you

want.

There are some great situations for creating a MyGSI:

Self-training – Use the GoGrid cloud and MyGSI functionality to teach yourself more about Linux.Education – If you teach in a classroom, you can give your students access to your GoGrid account and let themgo through the process of creating and configuring servers in an easy-to-manage, cost-effective manner.Remember: Running this particular example on GoGrid (2 GB RAM for 1 hour) costs about $0.25!Dev & Test – You can create an instance, play with it, then tear it down and try it again, quickly and easily.Production – Use this particular configuration to get your web applications up and running quickly in the cloud.

Please let me know if you have any questions about this process. And although I probably can’t geek out too

much on the command-line or application-specific details, I do encourage the conversation. Good luck and let

me know if it worked!

Michael SheehanTechnology Evangelist at GoGrid

Michael Sheehan is the Technology Evangelist for GoGrid & "Social Media Strategist" as

well. He handles digital media marketing, online audience development, PR, media

relations, content creation and editing as well as a variety of other tasks. He is also an

avid social media pundit and technology blogger.

Related posts:

How to Install phpBB on a GoGrid Cloud Server in less than 10 Minutes1.How to Install Drupal on a GoGrid Cloud Server in Less than 15 Minutes2.How to: Install WordPress on a GoGrid Server in less than 10 minutes3.New & Updated CentOS, Debian, RHEL and Windows Base Cloud Server Images Released on GoGrid4.Secure & Protect Your GoGrid Cloud with the New Fortinet Hardware Firewall Solution5.

Like 5




7 of 9 m/18/2013 7:43 PM

Login

0ian

Reply

0Jack

Reply

0Michael Sheehan 38p

Reply

0CPA Boca Raton

Reply

0Doc. B.

Reply

Enter text right here!

Comment as a Guest, or login:

Name Email Website (optional)

Displayed next to your comments. Not displayed publicly. If you have a website, link to it here.

Submit Comment

Comments (5)Sort by: Date Rating Last Activity

· 57 weeks ago

great tutorial, thanks

· 47 weeks ago

Good tutorial but some instructions need to be updated:

[Webmin]name=Webmin Distribution Neutral#baseurl =http://download.webmin.com/download/yummirrorlist =http://download.webmin.com/download/yum/mirrorlistenabled=1 You should also fetch and install my GPG key with which the packages are signed, with the

commands : wget http://www.webmin.com/jcameron-key.ascrpm --import jcameron-key.asc

1 reply · active 47 weeks ago

· 47 weeks ago

Thanks Jack for the update. I appreciate the feedback!

· 45 weeks ago

thanks for the help. was having trouble getting lamp to work properly

· 27 weeks ago

Thank you for posting this tutorial. I am an IT student on my sophomore year and I am in great need of thesetutorials. I want to learn more that's why I am doing a lot of practice.

Post a new comment

Subscribe to

« Create a Basho Riak Cluster on GoGrid

Maximize your Business Potential with GoGrid & IBM DB2 Database & Cloud Solutions – Webinar »

Chat with Us Get a Call 1 (877) 946-4743 (US & Canada) #1 (415) 869-7444 (Worldwide) SIGN UPSIGN UP




8 of 9 m/18/2013 7:43 PM

Private Cloud

Dedicated Hosting

Cloud Management

Pricing

Infrastructure Components

High Availability

Scalability

eCommerce

Development & Test

High-Performance Compute

System Status

Resources

LEGAL

Terms of Service

Service Level Agreement

Privacy Policy

Intellectual Property Policy

EU Safe Harbor Policy

Acceptable Use Policy

ABOUT US

Our Story

Our History

Our People

Careers

News & Events

Media Center

Contact Us

Follow Us on Twitter

Like Us on Facebook

Join us on LinkedIn

Read Our blog




9 of 9 m/18/2013 7:43 PM

How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6

Documents

Transcript of How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6