tbaumi’s tech blog

Some RedHat / CentOS CLI basics. Regular updated.

 
1. Keyboard Layout
2. Date and Time
3. Local Timezone
4. Network Settings
5. Firewall Rules
6. Package Management
X. Installing a GUI

 

1. Change Keyboard Layout

To change the default keyboard layout edit /etc/sysconfig/keyboard:

# nano /etc/sysconfig/keyboard

KEYBOARDTYPE="pc"
KEYTABLE="de"

The value of KEYTABLE is what you want to edit. Like “us” for american layout, “de” for german, “uk” for british and so on.

 

2. Change Date and Time

Use date MMDDhhmmYY to change the time and date:

# date 1209211010

Sets the time to “Dec 9 21:10 2010″. Just date will print the current time and date. Date is actually used in all Linux distributions (far as I know).

 

3. Change Local Timezone

To change the local timezone copy the preset file to the system config file /etc/localtime:

# cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime

 

4. Network Settings

You can configure the network with:

# system-config-network

Which is a GUI/TUI for configuring the network.

 
Or you setup the network with the basic networking files.

 
Setup the interface:

# nano /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
NETWORK=192.168.111.0
NETMASK=255.255.255.0
IPADDR=192.168.111.222
USERCTL=no

The example shows the manual IP configuration.
When you need DHCP use this one:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

 
To set the gateway: (when using manual IP config)

# nano /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=ha01
GATEWAY=192.168.111.1

 
And the DNS server: (when using manual IP config)

# /etc/resolv.conf

nameserver 192.168.111.1

 
And the file for the hostnames:

# nano /etc/hosts

 
When you changed something restart the networking with:

# /etc/init.d/network restart

 

5. Firewall Rules

Some short, basic instructions how to use firewall rules (iptables). First of all, forget the system-config-securitylevel tool.

We are starting by deleting the old default iptables:

# iptables -F

Don’t worry, the original config is stored in /etc/sysconfig/iptables. The rules we create now are only in the RAM, so if we reboot or just reload the firewall service, the original config will be restored. We will save them when we’re done.

First rule, accept incoming traffic when requested from us (like when we ping someone):

# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

In my case I wanted to refuse (better drop) all incoming traffic except ping, ssh, 80, 443. And I needed X11 forwarding so I also accept traffic from the loopback interface:

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
# iptables -A INPUT -p tcp --dport ssh -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# iptables -A INPUT -j DROP

Now list the iptables:

# iptables -L INPUT

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
DROP all -- anywhere anywhere

Now test your firewall settings. If they are ok, save the config permanently:

# service iptables save

Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

 
But you also could edit the config file and then restart the firewall service to activate the changes:

# nano /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [60:5526]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [429:35864]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -j DROP
COMMIT

# service iptables restart

That’s it. Note that in this case we are only dropping incoming traffic! I recommend to read:

http://www.justlinux.com/nhf/Security/IPtables_Basics.html
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-iptables.html

 

6. Package Management

The “Yellowdog Updater Modified” short yum is used for installing, removing and updating rpm packages. Basic commands:

# yum check-update check for updates

# yum update update whole system

# yum search xxx search for packages in the repo

# yum install xxx install a package from the repo

# yum localinstall xxx.rpm install a local rpm package

# yum erase xxx deinstall a package

 

X. Installing a GUI

If you need to install a GUI do it with:

# yum groupinstall "X Window System" "GNOME Desktop Environment"

or

# yum groupinstall "X Window System" "KDE (K Desktop Environment)"

Do an init 5 to change the runlevel and allow the GUI to start. After reboot the server will boot into runlevel 3 in default. So we have to edit the default runlevel in /etc/inittab:

# nano /etc/inittab

Change the line:

id:3:initdefault:

To:

id:5:initdefault:

 

Tags: ACCEPT, centos, cli, date, DROP, firewall, getting started, groupinstall, How to, install, iptables, keyboard layout, keytable, linux, Network, network-scripts, redhat, RHEL, system-config-network, timezone, yum

This entry was posted on Wednesday, December 9th, 2009 by Thomas and is filed under CentOS, How to. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.