How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6.0 GoGrid Cloud Server

July 19th, 2012 by - 36,164 views

Let me preface this post by saying, I am NOT a Linux guru. In fact, I consider myself to be a newbie when it comes to the intricacies of Linux. I probably know enough to be dangerous, at least dangerous to the server. So, I’m writing this post with the following disclaimer: Don’t ask me for any details on the “why” or how to do what I’m outlining below differently. But since I figured that lots of you are like me, I wanted to share.

Since I’m a Linux newbie, you’ll probably understand why I wanted to write this post though. I’m not a command line junkie—GUIs are much more my thing. But when it comes to running a server that is speedy and high performance with low overhead (e.g., doing away with GUIs), you’re probably looking at various Linux distros. What I wanted to do was set up a basic Linux system running a LAMP (Linux, Apache, MySQL, and PHP) stack that also had a web-interface and some added security controls.

The great thing about doing this type of experimentation in the cloud is that I can create essentially a Dev & Test environment where I can spin up a server in minutes, install software, configure it, and test everything out. Then if it doesn’t work the way I want it to, I can tear it down and start again from scratch. The cloud lets you do this quickly, easily, and inexpensively.

In this tutorial, you can basically have the entire configuration up and running in the GoGrid cloud in less than an hour and only spend about $0.25 to test this out (assumes a 2 GB server running for 1 hour at $0.12/GB RAM/hr.)

Here’s what we’re using:

  • CentOS 6.0 (64-bit) – with 2 GB RAM
  • Webmin – web-based interface for sysadmins for UNIX that lets users set up user accounts, Apache, DNS, file sharing, and a whole lot more
  • ConfigServer Firewall & Security (CFS) – a Stateful Packet Inspection (SPI) firewall, login/intrusion detection, and security application for Linux servers

And here’s what we’ll do:

  1. Deploy a CentOS server on GoGrid
  2. Install a basic LAMP stack
  3. Install Webmin
  4. Install CSF
  5. Enable CSF within Webmin

Do note: I don’t go into how to configure Webmin or ConfigServer. You should read up on the documentation of each item before you start. Also, just doing the install does NOT mean your server is protected. You need to enable the appropriate security and protection to best fit your needs!

Let’s get started.

1) Deploy a CentOS server

Assuming you have a GoGrid account (if you don’t, head over here), you simply log into the GoGrid portal and ADD a Cloud Server. I chose the CentOS 6.0 (64-bit) image with 2 GB RAM.

Add-CentOS6-server

Once the server has been deployed (for that size server, it should take about 3-5 minutes), grab the IP address and the password (from the Support/Passwords section within the GoGrid portal).

password-tab

Then, you need to run some sort of SSH program to log into your server. I use PuTTY on Windows, for example. Put your credentials into the program and connect to your server. Be sure to accept the server’s host key.

Next, ensure your server is up-to-date with the latest versions of the programs on it. To check, run the following command:

yum update

Accept the defaults and your server will be updated.

2) Install a basic LAMP stack

The next step is to install Apache, MySQL, and PHP. There are three parts to this step.

To install Apache, use the following command:

yum install httpd

Then you want to set Apache to run every time your server starts up. Use the following command:

chkconfig –levels 235 httpd on

Lastly, you need to start Apache the first time. Run either the following command:

/etc/init.d/httpd start

OR use this easier-to-remember command:

service httpd start

Test to see if Apache is running by going to http://[YOUR-SERVER-IP-ADDRESS] and look for the Apache2 splash screen.

apache-boot-screen

Now you need to install MySQL. Same quick process (but you do need to remember the MySQL root password you create). First, install MySQL and the MySQL server with this command:

yum install mysql mysql-server

Once MySQL is installed, you’ll want to have it start on the booting of your server. Use the following commands:

chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

Remember, you can also use the following command to start your service:

service mysqld start

Once MySQL is running, you’ll need to set up the passwords for it. By running the next command, you’ll be asked a series of questions, including setting up a root password. (Remember to write it down!)

mysql_secure_installation

There typically isn’t a current root password, so just hit ENTER.

mysql-secure

Here are the questions you’ll be asked (and suggested answers):

  • Set root password –> Y
  • New password –> set a good one (mixture of numbers, letters, different cases, characters, etc.)!
  • Re-enter new password –> get it right!
  • Remove anonymous users –> Y
  • Disallow root login remotely –> Y
  • Remove test databases and access to it –> Y
  • Reload privilege tables now –> Y

Now that your MySQL is set up, move on to installing PHP. First you need to download and install PHP with the following command:

yum install php

Then you need to restart Apache:

service httpd restart

OR

/etc/init.d/httpd restart

With that, your LAMP stack install is complete. Note: This is the BASE installation of these items. There are other security and performance tuning you can do as well. Luckily, for those of us who are a bit command-line weak, the next step of installing Webmin will help with the configurations you need within a web-based GUI.

3) Install Webmin

The next step is installing Webmin which is a web-based graphical interface to let you manage your system on CentOS (or other Linux distros).

First you need to set up the repository to get Webmin. Note: You have to know a bit about Linux editor commands—in this case Vi—if you want to continue down the WYSIWYG route; otherwise, you can use a text editor and an SFTP program. Optionally, you can use the free text editor called Notepad++ which has a plugin called NppFTP that lets you do SFTP and create/edit docs on your server. There are also emacs-style editors that can be installed on the server, like Nano.

(Note: these commands were slightly modified based on Jack’s comments below. Modified on 12/21/12.)

Here are the commands to run:

cd /tmp
wget http://www.webmin.com/jcameron-key.asc
rpm –import jcameron-key.asc
vi /etc/yum.repos.d/webmin.repo

Note: You can omit the last line if you’re going to use a text editor to edit the doc. But the doc you just created/need to create is located at /etc/yum.repos.d/ and is called “webmin.repo”. It needs to be edited with the following lines:

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Once you have that repository set, you can simply run the Webmin install:

yum install webmin

You’re almost finished with this step. Because GoGrid servers have many of the ports disabled as a security measure, you’ll need to punch a hole in your IPTables (firewall) to allow remote access to the web-based administration of Webmin. To do so, issue the following command:

iptables -I INPUT -p tcp –dport 10000 -j ACCEPT ;

Then save this configuration:

/etc/init.d/iptables save

With that, you should now be able to access Webmin using the following URL:
http://[YOUR-SERVER-IP-ADDRESS]:10000 (that’s port 10,000).

webmin-login

Just use “root” and your server password to log in.

webmin-home

Now on to the next step.

4) Install ConfigServer Security & Firewall

We’re almost done with the process. The next item to install is CSF (ConfigServer Security & Firewall). Once properly configured, this application will provide even more protection for your server.

First, be sure that you have the Perl prerequisites installed:

yum install perl-libwww-perl

Note: I needed to install another library (Time-HiRes) for the 64-bit CentOS 6.0 server I was using:

yum install perl-Time-HiRes

Then you need to download and install CSF with the following commands:

cd /tmp
wget -c http://www.configserver.com/free/csf.tgz
tar xzf csf.tgz
cd csf
sh install.sh

The CSF is now installed, but it is only in “testing” mode, meaning there’s NO protection enabled. You’ll need to make some changes to the configuration (.conf) file prior to turning off testing mode. Using your favorite editor (command line or text), do the following to the CSF configuration file (located at: /etc/csf/csf.conf):

Find the TCP_IN variable and change it to:

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,3000:3050,10000″

This step enables default ports used on a webserver and programs like Webmin. Note: you may want to audit exactly which ports you truly need, for example, the minimum would be typically 22, 80, 443 and 10000 (for Webmin).

Then change the UDP_OUT variables to:

UDP_OUT = “20,21,53,113,123,33434:33523″

This step allows for the use of the “Traceroute” command (you need to have the range at the end for traceroute to work).

With those changes, you can then set the “Testing” variable to “0″.

TESTING = “0″

Save the config file!

I highly recommend that you read the README file from CSF for all the details on how to fully configure CSF.

Once you make those configuration changes, restart CSF:

service csf restart

Then you’ll want to ensure CSF starts on reboot:

chkconfig –level 235 csf on

With that, CSF is up and running! To check if CSF is fully operational, run the following command:

perl /etc/csf/csftest.pl

Hopefully, all results pass with an “OK” status.

check-csf

5) Enable CSF within Webmin

The last (and easiest) step to ensure that everything is GUI-enabled is to install CSF as a Webmin module. Open up Webmin in a web-browser (using your server’s IP address and port 10000).

Within Webmin, navigate to: Webmin > Webmin Configuration > Webmin Modules > From Local File

From there, you’ll want to install the CSF script, which is located at: /etc/csf/csfwebmin.tgz

Use the Webmin interface to install the module.

webmin-install-modules

The module will now appear under System > ConfigServer Security & Firewall.

CSF-webmin

From there, you can fully administer ConfigServer Security & Firewall to your liking. I encourage you to read through the CSF documentation to fully understand what you can configure and how to do so.

Summary

If you’ve made it through all these steps, you now have a GoGrid CentOS 6.0 cloud server running a LAMP stack, Webmin, and ConfigServer Security & Firewall. Remember that you’ll probably want to harden your server even more by enabling some of the firewalling and security. But from this point, you can now install other OpenSource applications like WordPress or Drupal or SugarCRM.

The nice thing about building this type of environment in the GoGrid cloud is that the setup time is quick: It takes about 5 minutes to deploy the server. Also, if you configure a server to your liking, you can save it as a MyGSI (a personal GoGrid Server Image) that you can then use to spin up clones of your server whenever you want.

There are some great situations for creating a MyGSI:

  • Self-training – Use the GoGrid cloud and MyGSI functionality to teach yourself more about Linux.
  • Education – If you teach in a classroom, you can give your students access to your GoGrid account and let them go through the process of creating and configuring servers in an easy-to-manage, cost-effective manner. Remember: Running this particular example on GoGrid (2 GB RAM for 1 hour) costs about $0.25!
  • Dev & Test – You can create an instance, play with it, then tear it down and try it again, quickly and easily.
  • Production – Use this particular configuration to get your web applications up and running quickly in the cloud.

Please let me know if you have any questions about this process. And although I probably can’t geek out too much on the command-line or application-specific details, I do encourage the conversation. Good luck and let me know if it worked!

The following two tabs change content below.

Michael Sheehan

Michael Sheehan, formerly the Technology Evangelist for GoGrid, is a recognized technology, social media, and cloud computing pundit and blogger who writes regularly about technology news and trends.

5 Responses to “How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6.0 GoGrid Cloud Server”

  1. ian says:

    great tutorial, thanks

  2. Jack says:

    Good tutorial but some instructions need to be updated:

    [Webmin]
    name=Webmin Distribution Neutral
    #baseurl =http://download.webmin.com/download/yum
    mirrorlist =http://download.webmin.com/download/yum/mirrorlist
    enabled=1 You should also fetch and install my GPG key with which the packages are signed, with the

    commands : wget http://www.webmin.com/jcameron-key.asc
    rpm –import jcameron-key.asc

  3. thanks for the help. was having trouble getting lamp to work properly

  4. Doc. B. says:

    Thank you for posting this tutorial. I am an IT student on my sophomore year and I am in great need of these tutorials. I want to learn more that's why I am doing a lot of practice.

Leave a reply