Yum update only security-related packages

yum -y install yum-plugin-security

# To display all updates that are security relevant, and get a reutrn code on whether there are security updates enter:
yum --security check-update

# To upgrade packages that have security errata (upgrades to the latest available package) use:
yum --security update

# To upgrade packages that have security errata (upgrades to the last security errata package) use:
yum --security update-minimal

# See yum-security man page for more information:
man 8 yum-security

thanks, cyberciti

CentOS 7 / RHEL firewalld settings

CentOS 7 has adopted firelwalld by default over the previous iptables, which will require some new steps to configure your firewall:

# new CentOS/RHEL 7 Firewall: 
	(see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html )
 
# create a new service e.g. for webmin:
 
$ cat /etc/firewalld/services/webmin.xml 
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Webmin</short>
  <description>Server admin service. Restrict access and do not leave running.</description>
  <port protocol="tcp" port="10000"/>
</service>
 
# add service to zone:
 
nano /etc/firewalld/zones/public.xml 
# OR
$ firewall-cmd --permanent --zone=public --add-service=webmin
 
# reload to add:
 
$ firewall-cmd --reload
 
# check:
$ firewall-cmd --zone=public --list-all
 
 
## apache / httpd:
$ firewall-cmd --permanent --add-service=http
$ firewall-cmd --permanent --add-service=https
$ systemctl restart firewalld

more info info: see:

http://linuxmanpages.net/manpages/fedora20/man5/firewalld.zone.5.html

http://searchdatacenter.techtarget.com/tip/A-few-ways-to-configure-Linux-firewalld?abRg=f

https://www.certdepot.net/rhel7-get-started-firewalld/

Example for setting mysql 3306 and 3307 to LAN (eth1 in this case, using “dmz” zone):

firewall-cmd --zone=public --change-interface=eth0 --permanent
firewall-cmd --zone=dmz --change-interface=eth1 --permanent
 
firewall-cmd --zone=dmz --permanent --add-service=mysql
firewall-cmd --zone=dmz --permanent --add-service=mysql-ro
 
# verify:
firewall-cmd --permanent --zone=public --list-all
firewall-cmd --permanent --zone=dmz --list-all
 
firewall-cmd --reload
 
#if any network settings were updated:
# NOTE: may disrupt network, take care on production machine
systemctl restart network.service
 
# to make sure firewalld settings are updated:
systemctl restart firewalld.service

mysql-ro (port 3307) service: /etc/firewalld/services/mysql-ro.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>MySQL</short>
  <description>MySQL Database Server - secondary port</description>
  <port protocol="tcp" port="3307"/>
</service>

Identify current CentOS version

how to get current CentOS version:

cat /etc/centos-release

and to see kernel info:

uname -a

hardware time on cloud server

In order to set the time correctly (timezone, ntp time sync, etc.) on a cloud server, you need to indicate that the system does not support hardware time. I’m not entirely sure how to do this manually, at least not anymore, but if you are using webmin (which I do often use for expediency but only start it up when needed) – here is what you need to set:

Webmin>Hardware>System Time>Module Config>System Configuration>System supports hardware time

set to: no

For time server sync, I use:

0.pool.ntp.org

and sync when webmin starts and turn the schedule on for once a day (may want to set more often if your apps are time critical and/or are syncing data based on timestamp, e.g., svn server).

CentOS alternate repos

While CentOS is great, sometimes you want more recent versions of programs, particularly LAMP stack. Here are some ways to do that via yum:

epel and remi: (see here)

wget http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
or: http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-VER#(5|6).rpm
rpm -Uvh remi-release-*.rpm epel-release-*.rpm

ius community:

wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-6.ius.el5.noarch.rpm
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/epel-release-1-1.ius.el5.noarch.rpm
or
http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/epel-release-6-5.noarch.rpm
http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/ius-release-1.0-8.ius.el6.noarch.rpm
 
 
sudo rpm -Uvh ius-release*.rpm epel-release*.rpm
sudo yum install yum-plugin-replace

search for existing repos and replace

yum update
yum install [standard utils (gcc, rsync, subversion)]
rpm -qa | grep mysql
yum replace mysql --replace-with mysql55
yum install mysql55-server mysql55-devel

« Previous Entries