Upgrade PHP for CentOS 6 Using Additional Repositories

PHP 5.3 to 5.6 Upgrade for CentOS Using External Repos

CentOS Linux is often an option when configuring a Virtual Private Server (VPS). CentOS is designed for stability, being based upon Red Hat Enterprise Linux (RHEL). This means that although it has a long shelf life it may not have the latest features available to the Linux community. To help overcome this other repositories can be used to update the CentOS installation. Here is a list of some alternative repos for CentOS that provided various updated packages:

CentOS PHP UpgradeOne package that may require updating is PHP. CentOS 6 will be supported until 2020 but comes with PHP 5.3, a few point releases behind the current PHP version. In this article the PHP available in CentOS 6 is updated to a later version. This tutorial is based upon a VPS running a minimal installation of the latest version of CentOS 6, the 64 bit version. The tutorial was tested on a Virtual Machine (VM) duplicate of the VPS on a local machine to ensure that the configuration steps correctly worked before applying the upgrade to live environment. Always have a backup of live data and always test upgrades on a duplicate test system. This minimises the risk to a live system.

It is assumed that the VPS is accessed via a Secure Shell (SSH). This method of access can be duplicated on a local test environment to replicate the real world set up. To upgrade PHP log in to the VPS and install an alternative repo, then use yum to install the later PHP version. Here repositories from Les RPM de Remi is used. Continue reading

Unzip File on VPS? How to Extract a Zip File on a Linux VPS

Tutorial to Upload and Extract a Zip File from Windows to a CentOS VPS

On Linux files are normally compressed individually to create a .gzip version using the gzip utility. Or several files are collected into a Tape Archive, .tar, which is an uncompressed collection of files created using the tar utility. A .tar is then compressed to a .gzip to create a .tar.gz. In Windows files are normally zipped, which is a format that collects and compresses several files into a single .zip file in a single operation.

When managing a Linux based Virtual Private Server (VPS) or other remote Linux machine, such as a web server, there can be occasions when a zip file created on Windows needs to be extracted and managed on the remote Linux machine. This can be done with the Linux zip (to compress) and unzip (to extract) utilities.

Install Zip and Unzip onto CentOS

Upload and unzip file on VPS (CentOS)A VPS may not run a full blown Linux, for example a CentOS VPS may run the minimal CentOS installation for efficiency. In which case the zip and unzip utilities may not be installed. These utilities can be installed on CentOS using yum:

Continue reading

CentOS 6 to CentOS 7 Upgrade Using Red Hat Upgrade Tool

CentOS 7 Supports In-Place Upgrading from CentOS 6.x for 64-bit Versions

This article covers upgrading a minimal CentOS 6.x system to CentOS 7. CentOS is a popular GNU/Linux OS for servers (including web servers) and workstations. Popular because it is a community based version of RHEL. CentOS is often an OS option when purchasing and setting up a VPS. The current major version of CentOS is version 7. CentOS 7 can be installed via an in-place upgrade over CentOS 6. However, CentOS 7 is only a 64-bit OS and therefore the system being upgraded has to be running 64-bit CentOS 6. To check if CentOS is 64-bit or 32-bit use the uname command with the -p option (p for processor):

[root@servername ~]# uname -p
x86_64

The 64-bit CentOS will display x86_64 and 32-bit will display i686.

CentOS 6 to CentOS 7 UpgradeWords of caution. If your system has been highly customised then performing an in-place upgrade from CentOS 6 to 7 may not be successful. In this case, as for upgrading a 32-bit system, a data backup, new CentOS 7 installation and data restore will be required. Do you need CentOS 7 now? There is also no need to rush to upgrade to CentOS 7. CentOS 6 will be receiving updates until the end of 2020. This article is for informational and test purposes only. You are responsible for you own actions and an in-place upgrade from CentOS 6 to CentOS 7 is probably more trouble than doing a fresh CentOS 7 install and data restore. For example upgrading a minimal CentOS 6.6. to CentOS 7 may not work according to this bug report.

The other consideration is whether the new CentOS 7 features will hinder operation of your system. The new features may require changes to the normal workflow or they may be incompatible with software that is being used on the system. Whilst the CentOS 7 Release Notes list some major changes the RHEL 7 Release Notes has a detailed discussion. Continue reading

Webmin CentOS Install for Easier VPS Management

Manage a CentOS VPS Using Webmin for System Administration

A Virtual Private Server (VPS) is a cost effective way to host web and cloud based solutions or high volume web sites. A VPS provides more resources (memory, processing power and disk space) than shared hosting without the cost of leasing dedicated hardware (although a VPS will not be as powerful as a dedicated machine). Some VPS packages only provide a minimal Linux system. Access to that minimal system is usually via a secure shell (SSH). Managing a Linux system remotely over SSH can be cumbersome. To make the system administration easier a web based management tool is useful. A commercial tool such as cPanel is often provided at extra cost. Open source alternatives like ZPanel and Webmin are available. In this tutorial article the Webmin system administration tool will be installed on a CentOS based VPS. CentOS, based on a Red Hat Linux distribution, is commonly available for VPS packages. This article assumes that the minimal installation of CentOS is used for the VPS operating system. The minimal CentOS does not have the desktop environment installed. The steps for the Webmin CentOS install are:

  1. Update CentOS using yum update.
  2. Add Webmin to the CentOS yum repositories.
  3. Add the Webmin package PGP key to the RPM keyring.
  4. Allow Webmin through the CentOS iptables firewall.
  5. Install Webmin using yum install webmin.
  6. Start Webmin and start using it.

Webmin Install Running on CentOS Continue reading

Change SSH Port from Default for CentOS Security Improvement

Help Harden a CentOS Server, Change SSH Port from Default Port Number 22

Edit the SSH configuration file to modify SSH port number. The configuration file is sshd_config. Adding Port XXXX where XXXX is the required port number. Then update SELinux and iptables. This is done to help harden CentOS against the less skilled hackers. The Secure Shell (SSH) is used to access a CentOS Server from another computer. For example when accessing a Virtual Private Server (VPS) to perform configuration changes. CentOS is a common option for a VPS operating system. This tutorial provides details on changing the SSH default port number for a CentOS server.

Steps to Change the CentOS SSH Port Number

The following steps are performed to change default SSH port number on CentOS:

  1. Login to the CentOS server.
  2. Back up then edit the /etc/ssh/sshd_config file.
  3. Add the line Port XXXX to the file, where XXXX is the new port number.
  4. Update the SELinux policy for the new SSH port.
  5. Update the iptables firewall rule for the new SSH port.
  6. Restart the services or the server.
  7. Check the changes worked by connecting on the new port.

Practice and Keep A Back Up

CentOS Logo

It is recommended to practice the instructions that follow on a local test environment before doing it on a live machine. This ensures familiarity with the process and reduces the risk of making mistakes on a live server. CentOS can be configured on a local Virtual Machine (VM) to practice these changes (see the Further Information section at the end of the article). For a remote VPS if you make a mistake reconfiguring the SSH port you may not be able to connect to it. It will require resetting via your service provider’s control panel. Always ensure you have a backup of any data that needs to be kept in the event the VPS needs to be reset. If SSH is the only option for configuration of a remote VPS consider other hardening options first, for example adding a sudo user for SSH login and removing the root user login over SSH. This article uses the shell (command line terminal) to change the CentOS configuration, based on a minimal CentOS install.

Edit the File sshd_config

To change the SSH port number edit the /etc/ssh/sshd_config file. Start by taking a copy in case anything goes wrong. For all commands in this article only enter the text after the # or $ prompt character, as seen on the terminal screen. Here’s the command to copy sshd_config to sshd_cfg_old:

# cp /etc/ssh/sshd_config /etc/ssh/sshd_cfg_old

Editing is done with vi or nano. On a minimal CentOS install, typical for a VPS, nano will not be installed by default. To edit sshd_config using vi:

# vi /etc/ssh/sshd_config

Or if logged in as a user with sudo ability:

$ sudo vi /etc/ssh/sshd_config

Add the Required Port Number

Select a new port number above 1024, one that is meaningful to you so it is remembered, or pick a random one. See List of TCP and UDP Port Numbers on Wikipedia. Some admins just double up port numbers, e.g. 22 becomes 2222, but that is familiar to hackers so pick something else, e.g. pick a memorable year and double it. For example 2×1066 is 2132, so port 2132 can be remembered as “Twice Battle of Hastings“.

The Port line should be in the first page of the file, as either Port 22 or commented out as #Port 22. Go to the line. Press Insert to enter edit mode. Remove the # if present and change the port number to the required value. Press the Esc key to return to command mode and enter :wq to write out the file and quit vi.

ssh_port_config

Update SELinux with the New Port Number

If the Security Enhanced Linux module (SELinux) is running then update selinux with the new port number. Failure to update SELinux for the new port will result in a Permission denied showing in the SELinux log.  To check that selinux is enabled run sestatus:

# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted

Use semanage to add the new port number to SELinux, see the article RHEL 6: semanage SELinux Command Not Found on how to install the command if not present (e.g. if using the CentOS minimal install). For this article this command was used to check the package for semanage:

# yum provides /usr/sbin/semange

And this command to install it:

# yum -y install policycoreutils-python

The port numbers for SELinux can be displayed using a semanage command (pipe to less to page through the list):

# semanage port -l | less

In the list of ports will be found ssh_port tcp 22. Use semanage to add the new port number:

# semanage port -a -t ssh_port_t -p tcp 2132

Update Firewall Rules for the New Port Number

The iptables firewall rules are listed using:

#iptables -L

There will be a rule showing that SSH is only allowed on port 22. This needs changing to the new port number. Use vi to open /etc/sysconfig/iptables:

# vi /etc/sysconfig/iptables

Go to this line:

-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT

Change 22 after –dport to the new port number, e.g. 2132 (press Insert to enter edit mode in vi):

-A INPUT -p tcp -m state –state NEW -m tcp –dport 2132 -j ACCEPT

Save and exit (Esc key then :wq). Restart iptables:

# service iptables restart

Restart SSH

With the SSH config file changed, SELinux updated and iptables rules updated SSH can be restarted:

# /etc/init.d/sshd restart

Restarting CentOS

As an alternative to restarting iptables and ssh restart the the CentOS server:

# reboot

or

# shutdown -r now

Login to CentOS Using SSH to Test The New Port

On a Windows system a program such as PuTTY can be used to access a CentOS server using SSH. In this example the port number is 2132. To connect with the new port number enter it in the Port box.

PuTTY to SSH into different port

With the host name or IP address also entered select Open. The terminal prompt should appear allowing for a normal login.

(Note: If accessing a CentOS VPS on a VirtualBox virtual machine on the local computer you will need to change the Network Address Translation port from 22 to the new number, see the third article listed below.)

Further Information

CentOS Version Command and Update CentOS to New Version

View the CentOS Version and Update with Shell Commands

CentOS is a popular Linux Operating System for enterprise computing, web servers and Virtual Private Servers.

In this article:

  • View CentOS version
  • Check if CentOS is 64-bit or 32-bit
  • View the Centos server Name
  • View CentOS kernel version
  • View list of available CentOS updates
  • Updating CentOS
  • Rebooting CentOS
  • Listing CentOS installed packages

In these examples root is the logged in user, in practice a different superuser will normally be used when maintaining a server. These commands are executed in the shell.

View CentOS Version

When CentOS boots the version is briefly displayed on a boot screen and may be configured to show on the shell login but will probably show the kernel version:

Centos 
Kernel 2.6.32-431.el6.i686 on an i686

servername login:

Once logged in at the CentOS shell prompt find the CentOS version using:

[root@servername ~]# cat /etc/*release
CentOS release 6.5 (Final)

or

[root@servername ~]# cat /etc/issue
CentOS release 6.5 (Final)

or

[root@servername ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

Check if CentOS is 64-bit or 32-bit

To check if CentOS is 64-bit or 32-bit use the uname command with the -p option (p for processor):

[root@servername ~]# uname -p
x86_64

The 64-bit CentOS will display x86_64 and 32-bit will display i686.

Display the CentOS Server Name (Host Name)

Use hostname to display the systems name:

[root@servername ~]# hostname
servername.server

Display the CentOS Kernel Version

Use uname to see the kernel version:

[root@servername ~]# uname -r -v
2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013

List Available CentOS Updates

List available updates using yum, here piped (using |) to less to view one screen at a time using the space bar. Use q to quit the listing:

[root@servername ~]# yum list updates | less

Update CentOS

Update CentOS using yum, package downloads may need to be confirmed:

[root@servername ~]# yum update

(Note: After confirming the update packages will download, extract and install. If this fails you may see messages such as “Trying other mirrors”“Error Downloading Packages” and “[Errno 256]”. Use the command “yum clean metadata”  and try “yum update” again. If it still reports errors use the command “yum clean all” and try again.)

Rebooting CentOS

Restart CentOS:

[root@servername ~]# reboot

or

[root@servername ~]# shutdown -r now

One logged back in use the commands above to check the updated versions:

[root@servername ~]# uname -r -v
2.6.32-504.3.3.el6.i686 #1 SMP Tue Dec 16 22:55:44 UTC 2014

[root@servername ~]# cat /etc/issue
CentOS release 6.6 (Final)

List CentOS Installed Packages

List installed packages using yum, piped to less to view a page at a time (to quit):

[root@servername ~]# yum list installed|less

Further Information

For more information on CentOS see their Wiki and the CentOS web site at centos.org.

See also:

New User for CentOS VPS Created Using SSH

Create a New User CentOS Account on a VPS

A tutorial to add a user using SSH to access a CentOS VPS (the method applies to other Linux versions). In summary the steps are:

  1. Use useradd to add the new user.
  2. Use passwd to create the user’s password.
  3. Use visudo to make the user a sudoer.
  4. Login as the new user to test the sudo ability.

What’s Required for This Tutorial

The use of a Virtual Private Server (VPS) to run systems in the Cloud is a core aspect of modern computing (see What is a VPS?). Being able to access a VPS via a secure shell (SSH) is an essential skill. This tutorial shows how to add a new user to a VPS via SSH. It assumes that a VPS is installed and running and that a SSH client is available. It is recommended that a test system is used to become familiar with the process. This example uses a virtual machine (VM) running a minimal install of CentOS. The PuTTY program is used to access the CentOS VM.

To replicate this set up on a Windows machine follow these articles:

It is assumed that the live VPS system has a default operating system (OS) install. If a hosting company is providing the VPS they should have helpful documentation providing an overview of what is installed and how to access, configure and stop and start the VPS. Hopefully the default root superuser login has been given a strong password which was provided when the VPS account was obtained.

Security is a Top Priority

Once a VPS is up and running adding a new user account is one of the first tasks to do. For management purposes the default root user is not used for day-to-day (general administration) operations. This reduces the risk of inadvertent changes. A new user can be set up to do common administration tasks. The new user can temporarily elevate their privileges to perform the admin task. Note that not all users are given this ability. Only those who are trusted and need it for their work role.

Choosing Good User Names and Passwords

Do not use simple user names that are easily guessed, such as useradminguestdemotest etc. A combination of letters and numbers is better. For example someone called John Doe could have JDoe478 where the number part is the employee number, or John478DOE. The user name needs to be both easy to remember (for the user) but not immediately obvious (to help security). Notice the use of mix case to aid with the security.

A good password is a long string of random looking numbers, letters and punctuation. Words that can be found in dictionaries and common passwords such as password, 123456, letmein etc. are very poor. One way to generate a good password is to visualise a phrase that is personal and take the letter of each word of the phrase. For example: My mother lives at number 27 she likes squirrels’ fluffy tails. This produces Mmlan27slsft, which has mixed case and numbers and is of a reasonable length.

 Log in as root to Create the New User CentOS Account

Run a SSH client, here PuTTY is used on a Windows machine. Enter the appropriate IP address and port number for the VPS (on the test configuration it is localhost and 2222, on a live system it will be a valid IP address and likely port 22 for SSH).

If connecting for the first time an alert confirmation message will need to be accepted, select Yes to accept the message. Log in as root. Enter the root password and the prompt will be displayed.

Using PuTTY for SSH New User CentOS

Issue the useradd command with the required user name (the command adduser is a synonym for useradd). Note in this article a hash sigh, #, is used to indicate the end of the prompt line on the terminal. Type everything after the #.

# useradd JDoe478

Create the new users password with the passwd command, typing it twice.

# passwd JDoe478
Changing password for user JDoe478.
New password:
Retype new password:
passwd: all authentication tokens updated successfully

A warning is displayed if the password is considered weak. Run passwd again if required.

(To list users use cat /etc/passwd which shows the user names and other information, such as user id and group. Use cat /etc/passwd | cut -d “:” -f1 to list just the names. System defined users will be in the list.)

Add the New User CentOS Account to the Root Privileges

For the new user to be able to run admin commands, just like root, the sudoers configuration file must be update with the new user’s log in name. This is done with the visudo command.

# visudo

Move the cursor down to MACHINE=COMMANDS section. How the section is commented may vary between operating systems. For the CentOS 6.5 minimal version, used in this example, place the cursor just after:

## Allow root to run any commands anywhere
root    ALL=(ALL)    ALL

Press the a key to enter add (insert) mode. Duplicate the root line for the new user:

JDoe478    ALL=(ALL)    ALL

Thus the MACHINE=COMMANDS section will now have:

## Allow root to run any commands anywhere
root             ALL=(ALL)    ALL
JDoe478    ALL=(ALL)    ALL

Press the Escape key then enter the write and quit command with :wq (colon w q). The new user is now able to perform system administration commands.

Run a new PuTTY session to test the new user. The last character of the command line will be a $ to indicate a standard user.

Super User Do – sudo

Once logged in under the new account use the sudo command to run a privilege command. For example the visudo command was used by root to edit the sudoers configuration. Trying to run visudo under the new user will fail with Permission denied.

$ visudo
visudo: /etc/sudoers: Permission denied

As the new user, with root privileges, run visudo with sudo short for super user do:

$ sudo visudo

The password for the new user (not the root user) is requested. This is used to confirm the action to execute a root level command (and also log the action).

$ sudo visudo
[sudo] password for JDoe478

If you see:

visudo: /etc/sudoers: Permission denied

The password may be entered incorrectly. If a message starting with the user name and continuing with “is not allowed to run sudo on srv” is displayed. Check the above steps to ensure the user and sudoers configuration are set correctly. Sometimes the word ALL in the MACHINE=COMMANDS section is spelt incorrectly with lowercase l instead of uppercase L.

Another sudo example is the shutdown command. Run a restart command without sudo:

$ shutdown -r now
shutdown: Need to be root

And with sudo:

$ sudo shutdown -r now
[sudo] password for JDoe478:

Broadcast message from JDoe478@test.server
The system is going down for reboot NOW!

Remember that executing a root command using sudo requires the user to re-enter their password, ensuring confirmation of the command (and logging it in the system). To finish SSH sessions use logout or exit.

Summary on Configuring a New User in CentOS Via SSH

  • Use a SSH terminal client program to access the VPS.
  • Login as a user with root privileges.
  • Use useradd (or adduser) to add the new user (e.g. useradd JDoe478).
  • Use passwd to set the users password (e.g. passwd JDoe478).
  • Add the new user to the MACHINE=COMMAND section in the sudoers configuration file (e.g. JDoe478    ALL=(ALL)    ALL) with visudo.
  • When logged in under the new user use the sudo command to run root commands (e.g. sudo shutdown -r now).