Show Menu
Cheatography
  1. Home >
  2. Software >

CentOS - Systems Administration and Security Cheat Sheet by

This cheatsheet will provide the essentials for any CentOS Systems Administrator

Install Apache / Verify Status

Install HTTPD service
 
yum install httpd
Check httpd status
 
systemctl status httpd.s­ervice

Confir­guring Apache HTTP Server

Inspect Control Script
 
less /etc/s­yst­emd­/sy­ste­m/m­ult­i-u­ser.ta­rge­t.w­ant­s/h­ttp­d.s­ervice
 
displays the contents of the httpd.s­ervice file for the Apache HTTP server in the systemd multi-user target.
Get default start-up state
 
systemctl get-de­fault
 
shows the default target (runlevel) that the system boots into.
Find config file
 
find / -name httpd.conf
Inspect config file
 
nano /etc/h­ttp­d/c­onf­/ht­tpd.conf
 
nano [location of config file found using 
find
]
 
.htaccess & .htpasswd
Note that these are hidden by default, to prevent files being viewed by web clients
 
ErrorLog
Find and take note of where the errorlog is located (usually 
logs/e­rro­r_log
)
 
Docume­ntRoot
The web document location is usually the 
/var/w­ww/html

Invest­igate Processes, Make & Test Apache

List processes and filters for those related to httpd
 
ps -ef ¦ grep httpd
Rules for incoming traffic
 
iptables -L INPUT
Create index.html file
1) Navigate to approp­riate directory
 
e.g.: 
cd /var/w­ww/html
 
2) create and edit file using nano
 
e.g.: 
sudo nano index.html
View access log
 
cat /var/l­og/­htt­pd/­acc­ess_log
Request local page
 
 curl http:/­loc­alhost

MySQL/­MariaDB Instal­lation, Start & Status

MariaDB Instal­lation
 
yum install mariad­b-s­erver
Confirm MySQL/­MariaDB is installed
 
find / -name mysql
Start MariaDB
 
systemctl start mariadb
Check MariaDB Status
 
systemctl status mariadb
Confirm servers are running
 
ps -ef
 
This produces a list of running servers, where you will search for 
mysql
in the far left column(the UID(User ID))
Set new password for mysqladmin root
 
mysqladmin -u root password [INSERT PASSWORD]

MySQL Config file & Data Directory

Find config file (my.cnf) location
 
sudo find / -name my.cnf ¦ less
Navigate to config file directory
 
cd [INSERT DIRECTORY]
 
e.g. in my case, my.cnf was located found to be /etc/m­y.cnf, so 
cd /etc
is used
View contents of config file
 
cat my.cnf
Locate MySQL Daemon
 
find / -name mysqld

Create & Populate Database

Enter MariaDB Server
 
mysql -h localhost -u root -p
 
Then enter password created previo­usly. Note, password will not show any typing.
Create database
`CREATE DATABASE [database name];
 
e.g. 
CREATE DATABASE food;
Change to created database
 
USE [database]
 
e.g. `USE food'
Exit MariaDB
 
quit
Confirm database was created outside of MariaDB
Change to approp­riate directory 
cd /var/l­ib/­mysql
 
Display contents of current directory using 
ls
Create Table
 
CREATE TABLE restaurant (name VARCHA­R(40), type VARCHA­R(40), location VARCHA­R(4));
`
 
VARCHAR(n) defines variable length
Insert values into restaurant table
 
INSERT INTO restaurant (name, type, location) values ("Pi­zza­hut­", "­Ita­lia­n", "­SW1­0");
Show table
 
SHOW TABLES; DESCRIBE restau­rant; SELECT * FROM restau­rant;
Delete value from table
 
DELETE FROM restaurant WHERE name="P­izz­a"&­&l­oca­tio­n="S­W10­";
Create new user
 
GRANT SELECT ON food.r­est­aurant TO bayan@­loc­alhost IDENTIFIED BY "­bay­ans­_pa­ssw­ord­";

Firewalls

Confirm firewalld is running
 
systemctl status firewalld
Check firewall conifi­gur­ation
 
firewa­ll-cmd --list-all
Display firewall rules
`iptables -L'
Servic­es/­ports available for sshd
 
systemctl status sshd
Servic­es/­ports available for httpd
 
systemctl status httpd
Servic­es/­ports available for vsftp
 
systemctl status vsftp
 
if not installed, use yum install. e.g. 
yum install vsftpd
Stop firewalld, then check if running to confirm it is infact stopped**
 
systemctl stop firewalld
Start firewalld
 
systemctl start firewalld
Add http service to firewall config­uration
 
firewa­ll-cmd --add-­service http
Add ftp service to firewall config­uration
 
firewa­ll-cmd --add-­service ftp
iptables rules for accepting traffic for ports 22(SSH), 80(HTTP), and 21 (FTP)
 
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
Add rules to output chain
 
iptables  -A OUTPUT -m state --state ESTABL­ISHED, RELATED -j ACCEPT
Dropping default rules for INPUT and OUTPUT traffic
 
iptables -P INPUT DROP
  
iptables -P OUTPUT DROP

SELinux

Install setrou­ble­shoot and httpd
 
sudo yum install setrou­ble­shoot httpd
Enable httpd
 
systemctl enable httpd
Start httpd
 
systemctl start httpd
Check default directory for HTML files
 
cat /etc/h­ttp­dco­nf/­htt­pd.conf | grep Docume­ntRoot
Check SELinux permis­sions / context
 
ls -lZ index.html
Tempor­arily disable SELinux enforc­ement for troubl­esh­ooting or testing without changing the permanent config­ura­tion.
 
setenforce 0
Re-enable SELinux enforc­ement after it has been disabled, restoring its security policies.
 
setenforce 1
Apply default SELinux to a file:
 
/sbin/­res­torecon -v /var/w­ww/­htm­l/s­ecr­et.html
                   
 

Metadata

  • Languages:
  • Published: 6th August, 2024

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          System Design Cheat Sheet
          Selenium WebDriver Cheat Sheet Cheat Sheet
          ISTQB Test Automation Engineering Cheat Sheet

          More Cheat Sheets by Bayan.A

          Networks - Physical Layer Cheat Sheet
          Java Mastery - Part 2 Cheat Sheet
          Java Mastery - Fundamentals Cheat Sheet