Installing CentOS on a Raspberry Pi.
Install CentOS 7 (CentOS 8 gives issues on Raspberry Pi)!!
yum install dosfstools bsdtar
ALWAYS THINK OF SELINUX: firewall-cmd, getenforce/setenforce, ls -liaZ, ps -efZ, semanage, seinfo, chcon, getsebool/setsebool, restorecon, etc....
AND check /var/log/audit/audit.log !!!
=====================================================================================================================================================
https://wiki.centos.org/SpecialInterestGroup/AltArch/armhfp
CentOS/RHEL7: http://isoredirect.centos.org/altarch/7/isos/armhfp
CentOS/RHEL8: http://isoredirect.centos.org/altarch/8/isos/armhfp
==================================================================================================================
===================================
Username: root
Password: centos (initial password)
===================================
groupadd -g 1000 pi
useradd -u 1000 -g pi -G adm,wheel,users -c "Default pi user" -d /home/pi -m pi
passwd pi
Update: /etc/sudoers
Disable direct root login (not with keys):
passwd root
/usr/bin/rootfs-expand
## CentOS 8 will give Network-problems after yum update: Try: yum update kernel / <specific-packages>
##CentOS 8: yum update --exclude=kernel*
yum update
systemctl get-default
systemctl set-default multi-user.target
shutdown -r now
hostnamectl set-hostname redberry
ssh-keygen
cd .ssh
vi authorized_keys
chmod 400 authorized_keys
(Connect via ssh from remote system)
cat unix4life:/root/.ssh/id_rsa.pub > redberry:/root/.ssh/authorized_keys
vi /root/.bashrc
#alias rm='rm -i'
#alias cp='cp -i'
#alias mv='mv -i'
nmtui
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-Wired_connection_1
HWADDR=B8:27:EB:E0:E2:48
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.178.##
PREFIX=24
GATEWAY=192.168.178.1
DNS1=208.67.222.222
DNS2=208.67.220.220
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME="Wired connection 1"
UUID=<####>
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
##systemctl restart network
vi /etc/hosts (disable all ip6 lines)
127.0.0.1 localhost
.......
.....
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#127.0.1.1 raspberrypi
timedatectl set-timezone Europe/Amsterdam
==================================================================================================================
vi /etc/sysctl.conf
vm.swappiness=1
vm.min_free_kbytes=16384
sysctl -p
sysctl -a (lists all settings)
CentOS 7:
chmod +x /etc/rc.d/rc.local
vi /etc/rc.d/rc.local
sleep 10
touch /forcefsck
#echo 100 > /sys/devices/system/cpu/cpufreq/conservative/sampling_down_factor
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
#echo "0" > /sys/bus/w1/devices/w1_bus_master1/w1_master_search
sleep 5
#mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
sleep 5
#/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
#sleep 10
sync;sync; echo 1 > /proc/sys/vm/drop_caches
==================================================================================================================
shutdown -r now
yum list installed / rpm -qa
CentOs 7:
yum install -y openssl gcc glibc glibc-common make gettext automake autoconf wget openssl-devel net-snmp net-snmp-utils
yum install -y net-snmp-perl
yum install -y git bc bind-utils zip unzip lsof dstat telnet ethtool nmap traceroute mutt screen expect mailx
yum install -y policycoreutils-python setools-console
==================================================================================================================
vi /etc/yum.repos.d/epel.repo
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0
vi /etc/ssh/sshd_config
PermitRootLogin prohibit-password
ChallengeResponseAuthentication no
UsePAM yes
VersionAddendum none
Banner none
systemctl restart sshd
==================================================================================================================
yum install -y epel-release iperf libmcrypt libmcrypt-devel mcrypt nmon msmtp
(niet geinstalleerd: libtomcrypt libtomcrypt-devel)
=========================================================================================================
NRPE/NSCA client:
groupadd -g 5666 nagios
useradd -u 5666 -g nagios -c "Nagios user for monitoring" -d /usr/local/nagios -m nagios
mkdir /usr/local/nagios
mkdir /usr/local/nagios/etc
mkdir /usr/local/nagios/etc/inputs
mkdir /usr/local/nagios/tmp
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/libexec
mkdir /usr/local/nagios/libexec/ak72
mkdir /usr/local/nagios/var
mkdir /usr/local/nagios/var/tmp
chown -R nagios:nagios /usr/local/nagios
Nagios plugins:
tar zxvf nagios-plugins-2.3.3.tar.gz
cd ../nagios-plugins-2.#.#
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
cp -p /usr/local/nagios/libexec/check_http /usr/local/nagios/libexec/check_https
NRPE Client:
tar zxvf nrpe-4.#.#.tar.gz
./configure
make all
make install
make install-config
make install-init
(/lib/systemd/system/nrpe.service)
systemctl enable nrpe
systemctl start nrpe
##CentOS 8: iptables -I INPUT -p tcp -m tcp --destination-port 5666 -j ACCEPT
iptables -I IN_public_allow -p tcp -m tcp --destination-port 5666 -j ACCEPT
#firewall-cmd --zone=public --add-port=http/tcp
#firewall-cmd --zone=public --add-port=http/tcp --permanent
firewall-cmd --zone=public --add-port=5666/tcp
firewall-cmd --zone=public --add-port=5666/tcp --permanent
NSCA Client:
tar zxvf nsca-2.#.#.tar.gz
./configure
make all
#cp -p src/nsca /usr/local/nagios/bin/
#chown nagios:nagios /usr/local/nagios/bin/nsca
cp -p src/send_nsca /usr/local/nagios/libexec/
chown nagios:nagios /usr/local/nagios/libexec/send_nsca
#cp -p sample-config/nsca.cfg /usr/local/nagios/etc/
#chown nagios:nagios /usr/local/nagios/etc/nsca.cfg
#chmod 600 /usr/local/nagios/etc/nsca.cfg
scp -p unix4life:/usr/local/nagios/libexec/send_nsca.cfg <remotehost>:/usr/local/nagios/libexec/send_nsca.cfg
scp -p unix4life:/usr/local/nagios/etc/nrpe.cfg redberry:/usr/local/nagios/etc/
scp -p -r unix4life:/usr/local/nagios/libexec/eventhandlers redberry:/usr/local/nagios/libexec/
scp -p -r unix4life:/usr/local/nagios/libexec/ak72 redberry:/usr/local/nagios/libexec/
chown -R nagios:nagios /usr/local/nagios
==================================================================================================================
Rsyslog config
vi /etc/rsyslog.conf => is now done via /etc/systemd/journald.conf
vi /etc/systemd/journald.conf
#Storage=none
MaxLevelStore=warning
MaxLevelSyslog=warning
MaxLevelKMsg=warning
MaxLevelConsole=warning
vi /etc/audit/auditd.conf
#write_logs = yes
write_logs = no
log_file = /var/log/audit/audit.log
service auditd reload
scp -p unix4life:/root/Check_cache_memory.ksh redberry:
Crontab:
crontab crontab_redberry
crontab -l
#Speedtest:
#download: ookla-speedtest-1.0.0-armhf-linux.tgz
#tar zxvf ookla-speedtest-1.0.0-armhf-linux.tgz
#mv speedtest /usr/bin/
==================================================================================================================
sysstat
http://pagesperso-orange.fr/sebastien.godard/
tar xf sysstat.....xz
cd sysstat...
./configure --prefix=/usr
make
make install
mkdir /var/log/sysstat
ln -s /usr/lib/sa /usr/lib/sysstat
scp -p unix4life:/etc/cron.d/sysstat redberry:/etc/cron.d/
scp -p unix4life:/etc/cron.daily/sysstat redberry:/etc/cron.daily/
scp -p unix4life:/etc/sysstat/sysstat redberry:/etc/sysconfig/
(in /etc/rc.d/rc.local enable the mount command)
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
sleep 1
restorecon /var/log/sysstat => Important SELinux!!!
==================================================================================================================
Configure mail:
touch /etc/msmtprc
chmod 640 /etc/msmtprc
vi /etc/msmtprc
# Gmail specifics
# Accounts will inherit settings from this section
defaults
auth on
tls on
tls_certcheck off
# tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
aliases /etc/aliases
# Gmail specifics
account gmail
host smtp.gmail.com
port 587
from <info@FQDN>
user <Username>@gmail.com
password <Password>
# Default
account default : gmail
=============================================================================================================================
yum groupinstall mariadb mariadb-client
yum install httpd mod_ssl mod_wsgi mod_php php-mysql
yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl
=============================================================================================================================
MariaDB (mysql):
yum groupinstall mariadb mariadb-client
systemctl enable/start mariadb
#firewall-cmd --permanent --add-service mysql
vi /etc/my.cnf
mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
mysql -u root -h localhost -p
Apache HTTPD:
yum install httpd mod_ssl mod_wsgi mod_php php-mysql
systemctl enable/start httpd
firewall-cmd --zone=public --permanent --add-service http
firewall-cmd --zone=public --permanent --add-service https
#firewall-cmd --zone=public --add-port=http/tcp --permanent
iptables -I IN_public_allow -p tcp -m tcp --destination-port 80 -j ACCEPT
iptables -I IN_public_allow -p tcp -m tcp --destination-port 443 -j ACCEPT
#semanage fcontext –a –t httpd_sys_content_t ‘/dir/subdir(/.*)?’
#restorecon –Rv /dir
#cd /etc/pki/tls/certs (example-ca.crt & webapp5.crt)
#cd /etc/pki/tls/private (webapp5.key ;chmod 400)
#Andere poort: semanage port –a –t http_port_t –p tcp 444 firewall-cmd --permanent --add-port 444/tcp
##On X86 systems use the following:
#yum install -y epel-release yum-utils
#yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
#yum-config-manager --enable remi-php73 / php74??
## Yum cleanup shit
#yum clean all
#yum makecache
# On Raspberry Pi's with ARM V7 cpu's:
# Check the available PHP version on https://armv7.dev.centos.org/repodir/ community-php??-release
vi /etc/yum.repos.d/php72-testing.repo
[php72-testing]
name=Remi php73 rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/community-php72-testing/
enabled=1
gpgcheck=0
yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl
vi /var/www/phpinfo.php
<?php
// Show all information, defaults to INFO_ALL
phpinfo();
// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);
?>
=====================================================================================================================================
makewhatis &
blkid
nmcli dev status | show
lsmod
yum clean all => clear the cache
yum list <package>*
yum grouplist
yum install < package
yum groupinstall
yum search <name>
nmtui
/etc/modprobe.conf alias eth0 3c59x
ethtool (speed and duplex) (ETHTOOL_OPTS in ifcfg-eth#)
/etc/resolv.conf
/etc/nsswitch.conf
getenforce; setenforce; getsebool; setsebool; semanage; setroubleshootd; sealert –b
sealert –a => meldingen van SElinux of in de audit logging
getenforce
setenforce=0 => permissive
setenforce=1 => enforcing
mkfs.xfs
xfs-growfs (of lvextend –r)
fdisk -l
partprobe !!!
pvcreate; vgcreate; lvcreate; mkfs.ext3
lvextend; resize2fs (groei)
umount;e2fsck; resize2fs; lvreduce (krimp)
pvmove <leegtemakenpv> ; vgreduce <leegpv>
cd /
git clone git://git.drogon.net/wiringPi
cd wiringPi
git pull origin
./build
echo -e "dtparam=i2c1=on\ndtparam=i2c_arm=on" >> /boot/config.txt
echo -e "i2c-bcm2708\ni2c-dev" >> /etc/modules-load.d/i2c.conf
yum install -y i2c-tools
systemctl reboot