Secure and stable server setup with CentOS : TechGuides : Open Source : ZDNet Asia

Posted by Neo at 2:29 AM . Tuesday, May 26, 2009
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks

Secure and stable server setup with CentOS

By Vincent Danen, Special to ZDNet Asia
Monday, May 25, 2009 11:15 AM
CentOS is an operating system that is completely compatible with Red Hat Enterprise Linux. Here's how to optimize CentOS setup with RPMForge and Utter Ramblings repositories.

CentOS is a great server operating system that is completely compatible with Red Hat Enterprise Linux. As a result, nearly all of the packages available for Red Hat Enterprise Linux will work with CentOS.

The current release of CentOS is 5.3. One of the nice things about CentOS is that it has a focus on security and stability. The downfall, of course, is that it comes at the expense of newer versions of software.

One example is PHP, which in CentOS is a security-patched copy of 5.1.6, whereas the current upstream version of PHP is 5.2.8. Using third-party repositories, you can have the stable base of CentOS with more up-to-date packages (of course, it goes without saying that you sacrifice some of the stability that makes CentOS so good by doing so).

There are two third-party repositories that come into play here. The first is the RPMForge repository which will provide a number of useful updates, and the second is the Utter Ramblings repository which will provide new versions of PHP, Apache, and MySQL.

To set up RPMForge, you need to download the rpmforge-release file. This can be done by executing:

# rpm -ivh http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/  rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Make note of the architecture in both the URL and the filename itself; if you are running on x86_64, change the “i386″ as appropriate. Once this is downloaded and installed, RPMForge is set up. Setting up the Utter Ramblings repository is slightly different. On the CentOS server, execute the following to install the signing key for the repository:

# rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

Next, create the file /etc/yum.repos.d/utterramblings.repo with the following contents:

[utterramblings]
name=Jason's Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

This will set up the Utter Ramblings repository.

At this point, both repositories are set up. Execute yum update to update the metadata for the repositories; it will also install any new packages it finds (from RPMForge there are quite a few).

If you do opt to allow yum to update packages, note that the xdelta package will conflict on an x86_64 system. To remove this blocking package, execute:

# rpm -e xdelta-1.1.3-20.i386

This is only a problem on x86_64, however, as both the 32-bit and 64-bit xdelta packages are installed by default.

You may also wish to disable the repositories and call them only when you need to install certain packages, or add the yum priorities plugin to prevent third-party repositories from overriding the main repositories. This is really useful if you want to keep as close to the CentOS release as possible, but still want to use certain other packages from the third-party repositories.

To use priorities, install the yum plugin:

# yum install yum-priorities

Then, navigate to /etc/yum.repos.d/ and edit the various .repo files contained in the directory. In each section you can add a priority=X line that defines the priority for the repository. For the main repositories, the priority should be 1, and for third-party repositories this number should be higher (1 is the highest priority, 99 is the lowest).

To find the packages provided by a given repository, use yum list and grep the output for the repository name:

# yum list | grep utter

This will show all of the packages available in the utterramblings repository. This repository essentially only provides the latest Apache, PHP, and MySQL.

Third-party repositories are great ways of getting extra functionality out of your CentOS system that is not provided by the rather conservative base package list. With it, on my own CentOS server, I managed to easily upgrade my AMP stack to the latest versions, get the latest Subversion, and the latest Nagios, without compiling a thing.

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years.

via zdnetasia.com

from geektechs

0 comments:

Subscribe to: Post Comments (Atom)
Post a Comment