How to Add a User and Grant Root Privileges with visudo on CentOS 6.7

Change to root

$ su -
Password: 

adduser mynewuser

Now set the password for the new user:


passwd mynewuser

Step 2: Grant Root Privileges to the User
For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor


visudo

Find the following code:


## Allow root to run any commands anywhere
root ALL=(ALL) ALL

In this case, we’re granting root privileges to the user mynewuser . Add the following below that code:


mynewuser ALL=(ALL) ALL

Adding Secondary IP Addresses CentOS 6.x

To add a secondary IP to CentOSnavigate to your /etc/sysconfig/network-scripts


# cd /etc/sysconfig/network-scripts
# ls -la
-rw-r--r--. 1 root root   203 Dec 30 14:18 ifcfg-eth0
-rw-r--r--. 1 root root   230 Dec 30 14:59 ifcfg-eth1

The system has a public and primary IP.

# nano ifcfg-eth0

DEVICE=eth0
HWADDR=00:0C:29:E7:7D:05
TYPE=Ethernet
UUID=b9cbc9ab-d4a5-4ca8-9e3c-176c62102adc
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=216.55.000.000
GATEWAY=216.55.169.1
NETMASK=255.255.255.0

To add a public IP, create new files with ifcfg-eth0:1, ifcfg-eth0:2, etc

Reset CentOS Root Password

To reset the root password for CentOS 6:

Boot Computer and Interrupt while booting at GRUB stage hitting ‘arrow‘ keys or “space bar“.
Type ‘a‘ to modify kernel argument. Anytime you can cancel typing ‘ESC‘ key.
Append 1 at the end of “rhgb quiet” and press “Enter” key to boot into single user mode.
Type command “runlevel” to know the the runlevel where you are standing. Here “1 S” state that your are in a single user mode.
Type ‘passwd‘ command without username and press ‘Enter‘ key in command prompt. It’ll ask to supply new root password and re-type the same password for confirmation.

Reboot

# shutdown -r now

CentOS 7

At the boot menu, press e to edit the existing kernel (Core)

Next, scroll down to the list until you see the line underlined below ( ro ) . What we need to do is change that ro to rw and start into a bash shell. It should look like this rw init=/sysroot/bin/sh.

Change the ro line to rw and add init=/sysroot/bin/sh

After changing that, press Control + X or Ctrl + X on your keyboard to start into single user mode using the bash shell specified above. In this mode, we’re going to change the root password.

In the single user mode, run the command as shown below


# chroot /sysroot

Finally, run the commands below to change the root password.


# passwd root

You’ll be prompted to create and confirm a new password. After creating the password, run the commands below to update SELinux parameters

touch /.autorelabel

Reboot

Imagemagick on CentOS and Plesk

root@server ~]# yum install ImageMagick
[root@server ~]# yum install ImageMagick-devel

PHP-imagick Installation:
[root@server ~]# yum install gcc
[root@server ~]# yum install make automake
[root@server ~]# yum install php-pear
[root@server ~]# yum install php-devel
[root@server ~]# pecl install imagick

On some servers

yum install php-pecl-imagick.x86_64

Test:

convert image.jpg -resize 64x64 resize_image.jpg

Change Hostname in CentOS

Open the /etc/sysconfig/network file with your favorite text editor. Modify the HOSTNAME= value to match your FQDN host name.

# nano /etc/sysconfig/network
HOSTNAME=myserver.domain.com

Change the host that is associated to your main IP address for your server, this is for internal networking (found at /etc/hosts):

nano /etc/hosts
192.xx.xx.xx myserver.domain.com

Hostname

The ‘hostname’ command will let you change the hostname on the server that the commandline remembers, but it will not actively update all programs that are running under the old hostname.

# hostname myserver.domain.com
# hostname
myserver.domain.com

Restart Networking

At this point all the necessary changes that needed to be made have been made, you will want to restart networking on your server to make sure that changes will be persistent on reboot:


# /etc/init.d/network restart

* Hostname reports nothing

# hostname

Try this


$ stat /bin/hostname
File: `/bin/hostname'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 803h/2051d Inode: 40616045 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-03-13 05:10:01.000000000 -0700
Modify: 2014-12-15 15:33:57.000000000 -0700
Change: 2014-12-15 15:33:57.000000000 -0700

Notice the “empty file”
Reinstall the package – the package it’s included in (net-tools-1.60-110.el6_2.x86_64).

Now Check

# stat /bin/hostname
  File: `/bin/hostname'
  Size: 17848           Blocks: 40         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 269246      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2015-03-13 04:47:35.065993289 -0600
Modify: 2012-05-10 03:17:33.000000000 -0500
Change: 2015-01-30 03:29:41.959201490 -0600

Yum update errors for ghost update

Running yum update on CentOS 6.2 produces errors:

yum update

Error: Package: matahari-host-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-service-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-agent-lib-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-network-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-host-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-sysconfig-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-sysconfig-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-service-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-agent-lib-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-network-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Here is more information on Matahari: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/matahari.html

Solution:

#yum remove matahari*

Then run yum update again

Setting up an SSL for a Vhost in CentOS

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache’s interface to OpenSSL. Use yum to get them if you need them.


# yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from a Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

# Generate private key


#openssl genrsa -out ca.key 2048 

# Generate CSR

 
# openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key


# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations


cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

WARNING: Make sure that you copy the files and do not move them if you use SELinux. Apache will complain about missing certificate files otherwise, as it cannot read them because the certificate files do not have the right SELinux context.
If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.


restorecon -RvF /etc/pki

Then we need to update the Apache SSL configuration file


Nano /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you’ve used the method above it will be


SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:


SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache


/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate.

3. Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this


<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443
and then a VirtualHost record something like this:


NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

Restart Apache again using


# /etc/init.d/httpd restart

4. Configuring the firewall

You should now have a site working over https using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:


iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

Other resources: http://www.rackspace.com/knowledge_center/article/centos-apache-virtual-hosts#NameVirtualHosts

Disabling Recursive DNS in the Plesk Panel and No Panels

To Disable Recursive DNS in the Parallels Plesk Panel

  1. Log in to the Parallels Plesk Panel as administrator.
  2. Click Tools & Settings.
  3. From the General Settings area, click DNS Template Settings.
  4. Click DNS Recursion.Select Localnets, and then click Ok.

For Windows Servers:

  1. Log in to your  Server  through a Remote Desktop Connection.
  2. From the Start menu, click Control Panel, Administrative Tools, then DNS.
  3. In the console tree, right-click the appropriate DNS server, and then click Properties.
  4. Click the Advanced tab.
  5. Under Server options, check Disable recursion, and then click OK.
  6. In the console tree, right-click the appropriate DNS server, and then click Clear Cache.

CentOS


# cd /etc
# nano named.conf

Change this line

# recursion yes;

to

# recursion no;

Restart

# service named restart

Ubuntu


# nano /etc/bind/named.conf.options

Set up like this

// global options apply to external clients
options {
    recursion no;
    additional-from-auth no;
    additional-from-cache no;
};

view "local" in {
    // view options enable recursion only for local clients
    match-clients { 172.16.45.80/23; 192.168.12.0/24; 127.0.0.1/8; ::1; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "." in {
            type hint;
            file "/etc/bind/db.root";
    };

    // put definitions for zones like "localhost" and "127.in-addr.arpa" here
}

// put definitions for real authoritative zones here.