CentOS 7 Raspberry Pi Initial Configuration
I've recently gotten a Raspberry Pi 3 and I've installed the ARM build of CentOS v7 on it so that I can have a small server to play around with some web stuff. My experience in IT has been largely Windows Server focused (AD, Exchange, System Center, etc.), storage, virtualization, backups, etc. Not much Linux or development exposure. I'd like to learn more about that area of IT, so I picked up a Pi and am creating an environment at home to learn more about Linux, Apache, PHP, MySQL and Git. In this post, I'm going to talk about the initial configuration of CentOS after you've installed it on your Pi.
I don't want to leave the default password for the root account. If I did then anybody wanting access to my server would know both the username and the password. To change this, I'm going to use the passwd command. As root, simply type in passwd and follow the prompts as shown below:
In my case, this is a non internet-facing server in my own home so I'm not worried about the short password.
This post is assuming you've already installed CentOS on your Pi. If you haven't, I've written my process for doing it in another post. I'm assuming that you're either connected locally to the Pi or you're connected to it remotely via SSH. I'm also assuming that you're using your CentOS server in a non-production environment, such as a home server for learning purposes. Now that you've got CentOS installed, let's run through the following tasks;
- Setting the root password
- Configuring a new administrative user
- Setting up the networking (IP Address and Hostname)
- Basic SSH configuration
- Basic firewall configuration
- Configuring NTP Time Synchronization
- Upgrading the OS packages
Resetting the root password
I don't want to leave the default password for the root account. If I did then anybody wanting access to my server would know both the username and the password. To change this, I'm going to use the passwd command. As root, simply type in passwd and follow the prompts as shown below:
In my case, this is a non internet-facing server in my own home so I'm not worried about the short password.
Configuring a new administrative user account
I'm doing a few things here. Firstly, I'm creating a new user called ahale using the adduser command. Second, I'm setting the password for the ahale user account using the passwd command. Third, I'm giving the ahale account root access using the gpasswd command by adding the account to the sudoers wheel. Lastly, I'm switching users from root to ahale with the su command.
Configuring the IP Address
There are 3 ways to do this but I'm going to discuss the command-line method. Let's start by using the vi editor to open /etc/sysconfig/network-scripts/ifcfg-eth0
vi/etc/sysconfig/network-scripts/ifcfg-eth0
Your configuration file for eth0 should look like the one below if you want a static IP of 192.168.1.200.
vi/etc/sysconfig/network-scripts/ifcfg-eth0
Your configuration file for eth0 should look like the one below if you want a static IP of 192.168.1.200.
If you'd rather configure it for DHCP, then edit the file, remove the IPADDR, NETMASK, GATEWAY and DNS1 fields, and change the following line:
BOOTPROTO="DHCP"
(WARNING: Make sure you've got the changes correct. If you're connected directly to your computer then it's not a huge issue: Just make the change again. If you're connected to this computer through a remote connection such as PuTTY, then you'll likely have to connect directly to it, which can be annoying.)
Once that's done, use the following command to restart the networking:
systemctl restart network
Configuring the Hostname
Setting the hostname is pretty simple. First, let's look at what the default hostname is. In your SSH window or BASH prompt, type
hostnamectl
You should see output like the following:
The field we're looking to change is the Static Hostname. I've already changed mine to rpi1. You can change your hostname to whatever you'd like.
There are other hostname types like Static, Pretty, and Transient/Dynamic, but we won't dive into that right now. For now, all you really need to worry about is setting the Static Hostname. To do that, run the following command.
hostnamectl set-hostname "your-hostname-here"
Run the hostnamectl command again to see make sure the command worked. If you didn't see any errors then you're probably fine but it's still good to make sure.
For this, SSH is configured out of the box, but we're just going to make a couple tweaks. (If you aren't familiar with the Vi text editor, I wrote a bit of info for getting started with it.) If this is an internet-facing server then you my consider changing the SSH connection port to something other than TCP port 22, which is the default. If you decide that isn't necessary for your situation then go ahead and proceed. What I did was use the command below to edit the SSH daemon configuration file and set the PermitRootLogin parameter to no to disable connecting to this server via SSH using the root account. Afterwards, I used the systemctl command to restart the SSH service on my Pi.
First, we need to start the firewall service. We'll do that by typing
sudo systemctl start firewalld
Next we'll use the commands below to add the services we want allowed through the firewall. In my instance, my Pi will be a web server so I want to allow HTTP and HTTPS traffic through. (If you look closely you'll see where I missed a letter in the second command for this and it error'd out. I included that as a reminder to make sure you're typing these commands correctly. The best and worst part about computers is that they do exactly what you tell them to do.)
If you're curious to see what services are allowed through your firewall, type
sudo firewall-cmd --list-all
You should see output like below.
First, we need to install NTP using YUM. To do that simply type
sudo yum install ntp
You should see output like below.
(Speaking of YUM, which is the package manager on Red Hat-based distributions, it'll go out and grab the package from pre-configured repositories, along with any dependencies, download and install them usually without any fuss.)
Once the install has completed, we'll need to start and enable the NTP daemon on our server. To do that use the following systemctl commands:
sudo systemctl start ntpd
sudo systemctl enable ntpd
Lastly, let's verify that our server's time is synced to an NTP server.
ntpstat
The output should look like the image below.
There are other hostname types like Static, Pretty, and Transient/Dynamic, but we won't dive into that right now. For now, all you really need to worry about is setting the Static Hostname. To do that, run the following command.
hostnamectl set-hostname "your-hostname-here"
Run the hostnamectl command again to see make sure the command worked. If you didn't see any errors then you're probably fine but it's still good to make sure.
Basic SSH Configuration
For this, SSH is configured out of the box, but we're just going to make a couple tweaks. (If you aren't familiar with the Vi text editor, I wrote a bit of info for getting started with it.) If this is an internet-facing server then you my consider changing the SSH connection port to something other than TCP port 22, which is the default. If you decide that isn't necessary for your situation then go ahead and proceed. What I did was use the command below to edit the SSH daemon configuration file and set the PermitRootLogin parameter to no to disable connecting to this server via SSH using the root account. Afterwards, I used the systemctl command to restart the SSH service on my Pi.
Basic Firewall Configuration
First, we need to start the firewall service. We'll do that by typing
sudo systemctl start firewalld
Next we'll use the commands below to add the services we want allowed through the firewall. In my instance, my Pi will be a web server so I want to allow HTTP and HTTPS traffic through. (If you look closely you'll see where I missed a letter in the second command for this and it error'd out. I included that as a reminder to make sure you're typing these commands correctly. The best and worst part about computers is that they do exactly what you tell them to do.)
If you're curious to see what services are allowed through your firewall, type
sudo firewall-cmd --list-all
You should see output like below.
Configuring NTP Time Synchronization
First, we need to install NTP using YUM. To do that simply type
sudo yum install ntp
You should see output like below.
(Speaking of YUM, which is the package manager on Red Hat-based distributions, it'll go out and grab the package from pre-configured repositories, along with any dependencies, download and install them usually without any fuss.)
Once the install has completed, we'll need to start and enable the NTP daemon on our server. To do that use the following systemctl commands:
sudo systemctl start ntpd
sudo systemctl enable ntpd
Lastly, let's verify that our server's time is synced to an NTP server.
ntpstat
The output should look like the image below.
Updating and Upgrading packages with YUM
As mentioned above, YUM is the package manager on Red Hat-based distributions of Linux. (Red Hat, Fedora, SuSE, etc.) Updating YUM packages are as simple as running:
yum upgrade
or
yum update
They both have the same results but they do it differently. Upgrade will simply upgrade all installed packages to the latest versions in the configured repositories (which in our case, are the default ones), and delete the old packages. Meanwhile, Update will upgrade installed packages to the latest version but it will also keep the older versions of packages. We can talk more about YUM package management in a future post.
Some of these tasks aren't absolutely necessary in a home-lab environment. However, they're still good ideas. Furthermore, if you want to have professional experience with a Linux server, basic administration skills will be required so it's good practice, even if something like SSH keys aren't necessary for your needs.
yum upgrade
or
yum update
They both have the same results but they do it differently. Upgrade will simply upgrade all installed packages to the latest versions in the configured repositories (which in our case, are the default ones), and delete the old packages. Meanwhile, Update will upgrade installed packages to the latest version but it will also keep the older versions of packages. We can talk more about YUM package management in a future post.
Some of these tasks aren't absolutely necessary in a home-lab environment. However, they're still good ideas. Furthermore, if you want to have professional experience with a Linux server, basic administration skills will be required so it's good practice, even if something like SSH keys aren't necessary for your needs.
Comments
Post a Comment