Tag Archives: CentOS

Things to do to a blank BlueQuartz install

Computing, Security,

After just rebuilding a BlueQuartz box I thought I would copy my install notes. This is an entirely personal list of things that I do to a vanilla install of CentOS/BlueQuartz.  I thought it may be useful to other people.

Contents

  • Change root passwords
  • Secure SSH
  • Apache Obscurity
  • Install ImageMagick
  • PHP upload settings
  • Add Mime Types
  • yum checker
  • Setup floppy drive
  • Majordomo logfile

Change root password

BQ is initially set with no root MySQL password and the systems root password is set the same as the admin user. These should be changed to something different!

  • Change MySQL password wth `/usr/bin/mysqladmin –user=root password NEW_PASSWORD`
  • Change root password with `passwd`

Secure SSH

SSH is obviously better than telnet but did you know that the SSH protocol v1 has been cracked for quite some time now. I lock all my boxes down to only use protocol v2 and haven’t had any come back on compatability issues.

  • Modify `/etc/ssh/sshd_config` to set `Protocol 2`
  • Run `/etc/rc.d/init.d/sshd reload`

Apache Obscurity

Yes, this is security through obscurity but everything helps. The following will remove the “signature” at the bottom of pages generated by Apache and will also only report the webserver as “Apache” instaed of the full version number and OS

  • Modify (and add if necessary) the following lines in `/etc/httpd/conf/httpd.conf` & `/etc/admserv/conf/httpd.conf`
ServerSignature Off
ServerTokens Prod
  • Run `/etc/rc.d/init.d/httpd reload`
  • Run `/etc/rc.d/init.d/admserv reload`

Install ImageMagick

A must for most hosting nowadays.  Simply run `yum install ImageMagick ImageMagick-perl` as root.

PHP upload settings

In this new broadband age people are uploading pictures and such to their sites so I change the PHP upload defaults.  Change lines in /etc/php.ini (or your own php.ini) and run `/etc/rc.d/init.d/httpd reload`

post_max_size = 20M
upload_max_filesize = 10M

Add Mime Types

There seem to be some common mime types missing from the default install.  Add the following to `/etc/mime.types` and run `/etc/rc.d/init.d/httpd reload`

application/x-ms-wmz wmz
application/x-ms-wmd wmd
audio/x-ms-wax wax
audio/x-ms-wma wma
image/x-icon ico
text/csv csv
video/x-ms-asf asf asx
video/x-ms-wm wm
video/x-ms-wmv wmv
video/x-ms-wmx wmx
video/x-ms-wvx wvx

yum checker

Now I love the Nuonce/Solarspeed automatic yum installer however I like to install patches on systems when I am there, that way if there are any problems I can fix them straight away.  I have this little script that mails me when there are packages to install.

  • touch /etc/cron.daily/yum-check
  • chmod 755 /etc/cron.daily/yum-check
  • vi /etc/cron.daily/yum-check
 #!/bin/sh 
SERVER=`hostname`
OUTPUT=`/usr/bin/yum check-update`
EXITCODE=$?
if [ ${EXITCODE} != 0 ]
then
echo "${OUTPUT}" | /bin/mail -s "${SERVER}: Yum Updater" root
fi

Setup floppy drive

If your system has a floppy disc drive you won’t be able to use it until you run `floppy –createrc > /etc/floppy`

Majordomo logfile

I know it’s silly but I like all my log files to be in one place….

  • cd /var/log/mail
  • ln -s /usr/local/majordomo/log majordomo

I hope this is of use to people