How to setup a full functional CentOS server

Objective: setup a full functional CentOS server step by step, including installation, configuration, hardware monitoring etc
Environment: CentOS 5.6 64bit, HP Proliant server


Part I: Installation
You can choose the following methods for installation:
a. Remote installation
use HP ILO2, either by physical DVD (put physical DVD in the DVD-ROM in datacenter or ISO virtual image (remotely or on local datacenter LAN, put URL here)

b. local installation
use DVD or CD or boot disk/first disk to boot up, then use local cdrom/http/ftp/NFS/VNC methods to install OS
vnc installation URL blog

During installation, use manually configuration, disable IPv6, disable SELinux, you might use google DNS (8.8.8.8) and (8.8.4.4).
For IP netmask configuration, use http://www.subnetmask.info/ for references.

After installation, vi /etc/hosts to something like below
--------------
127.0.0.1               localhost.localdomain localhost
192.168.0.1           jephe.domain.com jephe
::1             localhost6.localdomain6 localhost6
-------------
c. import GPG key
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Part II: Configuration
a. enable quota

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

b. configure mysql server
yum install mysql mysql-devel mysql-server
chkconfig --level 2345 mysqld on
service mysqld start
grep mysql /etc/services
netstat -natp | grep
vi /etc/my.cnf to comment out 'skip-networking'
service mysql restart
mysql_secure_installation

c. Sendmail with SMTP authentication and TLS

# cd /etc/pki/tls/certs
# make sendmail.pem
# cd /etc/mail
# cp sendmail.mc sendmail.mc.orig
# cp sendmail.cf sendmail.cf.orig
# vi sendmail.mc

# check if sendmail is compiled with starttls
 sendmail -bt -d0.8 < /dev/null


Find and comment out the line below by adding a 'dnl' before it, as I have done.

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

define(`confAUTH_OPTIONS', `A')dnl

Change it to read:

define(`confAUTH_OPTIONS', `A p y')dnl
Next, we'll define the authentication mechanisms. Remove 'dnl' from the beginning of the following lines:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

And finally add these lines to specify the certificate path.


DAEMON_OPTIONS(Port=smtps, Name=TLSMTA, M=s')dnl
define(`CERT_DIR', `/etc/pki/tls/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
dnl define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
dnl define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl

# m4 sendmail.mc > sendmail.cf
# service sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

testing:
# openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25

Cyrus SASL

The saslauthd daemon is used as an authentication program.
We need to make sure it runs on bootup; to do this, we'll use the chkconfig utility.
(For now, we'll also start it manually.)

# service saslauthd start
Starting saslauthd:                                        [  OK  ]
# chkconfig saslauthd on


Testing Cyrus SASL

Verifying that the Cyrus SASL daemon is operating is very simple:

# testsaslauthd -u username -p password -s smtp
0: OK "Success."


 Dovecot:
 # find /etc -name dovecot.pem -execdir mv {} dovecot.pem.orig \;
 vi /etc/pki/dovecot/dovecot-openssl.cnf
 # /usr/share/doc/dovecot-1.0.7/examples/mkcert.sh
 # cp /etc/dovecot.conf /etc/dovecot.conf.orig
# vi /etc/dovecot.conf
#protocols = imap imaps pop3 pop3s
protocols = imaps
ssl_disable = no

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
# openssl s_client -connect 127.0.0.1:993 

==> http://linuxgazette.net/158/prestia.html



c. chroot dns

d. vsftpd