1.1 Using Other Virtualization SoftwareIndex

You can use any virtualization software you like to create and run this server-style CentOS virtual machine, e.g. VirtualBox, Parallels, etc., but faculty only fully support questions about VMware (and maybe a little bit of VirtualBox). It’s what we know.

It isn’t the virtualization software that’s important; it’s the running CentOS virtual machine.

I don’t recommend running CentOS directly on your hardware; you lose all the snapshot and backup features available in a Virtual Machine. Don’t do it.

2.1 Download Method 1 (best): From the on-campus CSTECH Downloads FolderIndex

This method only works on the Algonquin campus, using the private IP address of the CSTECH web site. Use a wired connection to download big files such as ISO images; don’t use wireless!

1. On your laptop use a browser to go to the Web site at the private IP address http://cstech on campus. (This only works ON CAMPUS!)
2. Choose any room from the left side-bar (e.g. T108). Go to Drivers and Downloads, Linux, CentOS, CentOS-6.6-i386-minimal
3. Choose and download exactly this 355467264-byte (339MB) ISO file: CentOS-6.6-i386-minimal.iso
4. Also download the CentOS-6.6-i386-minimal-MD5sum.txt file containing the md5sum file checksum hash.

2.2 Download Method 2 (best): From the on-campus Course Linux ServerIndex

This method only works on the Algonquin campus, using the private IP address of the Course Linux Server. Use a wired connection to download big files such as ISO images; don’t use wireless!

1. On your laptop use a browser to go to the Web site at the private IP address http://cst8207-alg.idallen.ca/distributions/ on campus. (This only works ON CAMPUS!)
2. Choose and download exactly this 355467264-byte (339MB) ISO file: CentOS-6.6-i386-minimal.iso
3. Also download the text file md5sum.txt file containing the md5sum file checksum hash.

2.3 Download Method 999 (worst): From the Internet (slow)Index

This is much slower than the above on-campus methods. Use this Internet method only if you have to (i.e. you are off-campus):

1. Don’t use this method on campus – it’s much slower than the on-campus methods, above.
2. On your laptop use a browser to go to the Web site http://www.centos.org/.
3. On the bottom of the page, select the Older Versions button http://wiki.centos.org/Download.
4. On the Download CentOS ISO images page, select the CentOS-6 i386 button http://isoredirect.centos.org/centos/6/isos/i386/.
5. Pick a nearby HTTP mirror from the list of /i386/ mirrors.
6. In the Index of /centos/6.6/isos/i386 find the ISO named CentOS-6.6-i386-minimal.iso to download:
7. Choose and download exactly this 355467264-byte (339MB) ISO file: CentOS-6.6-i386-minimal.iso
8. Also download the md5sum.txt file containing the md5sum file checksum hashes.

5.1 Verify Correct CentOS InstallationIndex

1. Log in on the black text console as the user root with the password that you remembered from the above installation.
   • If the login doesn’t work, go back and read all the words in the previous sentence, especially the words starting with the letter r.

Run the following installation verification commands. Your CentOS installation must pass all of the following verification steps:

2. Run: hostname and verify that it prints your eight-character Blackboard userid as the machine name.

3. In text file /etc/sysconfig/network verify that the NETWORKING variable is set to yes and the HOSTNAME variable is set to your Blackboard userid.

4. Run: fdisk -clu and verify that your Disk /dev/sda is 2147 MB and that the disk partitions /dev/sda1 and /dev/sda2 have 1,536,000 and 560,128 blocks (a block is 1024 bytes). It should look almost exactly like the following, except your machine name and Disk identifier number will differ:

   [root@abcd0001 ~]# fdisk -clu
   
   Disk /dev/sda: 2147 MB, 2147483648 bytes
   255 heads, 63 sectors/track, 261 cylinders, total 4194304 sectors
   Units = sectors of 1 * 512 = 512 bytes
   Sector size (logical/physical): 512 bytes / 512 bytes
   I/O size (minimum/optimal): 512 bytes / 512 bytes
   Disk identifier: 0x00000000
   
      Device Boot    Start       End    Blocks   Id  System
   /dev/sda1   *      2048   3074047   1536000   83  Linux
   /dev/sda2       3074048   4194303    560128   82  Linux swap / Solaris

5. Run: rpm -q -a | wc -l and verify that you have exactly 204 packages installed.

6. Run: df -h and verify that your /dev/sda1 virtual disk partition mounted on / (the ROOT) has a Size of 1.5G (ignore the other sizes – they may differ slightly):

   [root@abcd0001 ~]# df -h
   Filesystem            Size  Used Avail Use% Mounted on
   /dev/sda1             1.5G  578M  793M  43% /
   tmpfs                 504M     0  504M   0% /dev/shm

7. Run: swapon -s and verify that partition /dev/sda2 is listed as an active swap partition:

   [root@abcd0001 ~]# swapon -s
   Filename              Type            Size    Used    Priority
   /dev/sda2             partition       560124  0       -1

8. In text file /etc/sysconfig/clock verify that the ZONE is set to local time zone America/Toronto
   • If this is not true, see Appendix: Configure the local time zone

You may need to delete this virtual machine and re-install if any of the above numbers or verification steps are wrong. Redo your installation or consult with your instructor if any of the above verification commands don’t give the expected output.

Networking is not enabled on this server yet. It is a good idea to configure your system a bit before enabling networking, so we will enable networking later, after doing some configuration.

8.1 Boot the Fresh Minimal Installation snapshotIndex

1. Boot (power on) your Fresh Minimal Installation snapshot from the previous section. Make the configuration changes below to your Fresh Minimal Installation virtual machine.

2. Log in as the root user on the black text console, as you did before.

3. Review the above points A., B., and C. so that you know what back up, edit, and comment out mean.

4. Create your alias for cp to preserve modify times so that you don’t forget: alias cp='cp -i -p'

8.2 Enable CentOS networkingIndex

Networking is not yet enabled on boot. We will enable it now, so that you can connect to your CentOS system using a proper SSH connection instead of using the limited VMware system console:

1. Run: ifconfig eth0 and make sure it displays about 5 or more lines of IP and packet information about network interface eth0. (There is a zero on the end of the interface name.)
   • If it says bash: ipconfig: command not found then fix your spelling of the Linux command name. This is not Windows.
   • If it says eth0: error fetching interface information: Device not found, see Appendix: Renaming network interfaces on how to rename the interfaces to get eth0 back.
2. Back up the file /etc/sysconfig/network-scripts/ifcfg-eth0 then edit the original file and change the ONBOOT variable setting from ONBOOT=no to ONBOOT=yes
   • Always edit the original file, not the back-up file!
   • When you are done, display the original file and make sure ONBOOT=yes
   • Use the diff command to compare the back-up file with the edited original file and make sure only one line has changed:
     cd /etc/sysconfig/network-scripts ; diff ifcfg-eth0.bak ifcfg-eth0
3. Run: service network restart
   to enable the new networking settings.
   • See the example commands and output given below.
   • You should now see several lines including two lines for eth0:
     Bringing up interface eth0: and
     Determining IP information for eth0... done. [OK]
   • If you don’t see done, you have network connection problems: Your machine may be unable to get a DHCP IP address. See Network Diagnostics.
4. Confirm that you have a working IP address on eth0 (see the example commands and output given below):
   1. Run: ifconfig eth0 | fgrep 'inet addr'
      and see one line of output containing your system local IP address (your inet addr).
   2. Write down this local IP address; you will need it shortly.
   3. Run: ip route | fgrep 'default'
      and see one line of output containing your default gateway IP address.
   4. Run: ping -c 1X.X.X.X
      where X.X.X.X is your default gateway IP address.
   5. Look for 0% packet loss. (This may not work if you are using Bridged networking on-campus at Algonquin College because the ITS department blocks ping.)
   6. If you don’t see 0% packet loss, you have network connection problems. See Network Diagnostics.

Sample output for the above commands is given below – your hostname and CentOS local IP addresses (write it down) will differ:

[root@abcd0001 ~]# fgrep 'ONBOOT' /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes

[root@abcd0001 ~]# service network restart
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0... done.               [  OK  ]

[root@abcd0001 ~]# ifconfig eth0 | fgrep 'inet addr'
     inet addr:192.168.9.141  Bcast:192.168.9.255  Mask:255.255.255.0

[root@abcd0001 ~]# ip route | fgrep 'default'
default via 192.168.9.254 dev eth0

[root@abcd0001 ~]# ping -c 1 192.168.9.254
PING 192.168.9.254 (192.168.9.254) 56(84) bytes of data.
64 bytes from 192.168.9.254: icmp_seq=1 ttl=64 time=1.78 ms
--- 192.168.9.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 1.780/1.780/1.780/0.000 ms

Make sure the ping shows 0% packet loss (unless you are at Algonquin College, using Bridged networking, and ping is being blocked by ITS, sorry).

Did you write down your CentOS local IP address (not your default gateway address)? You will need it later.

If your virtual machine is using bridged networking instead of the recommended NAT networking, then the IP address of your CentOS virtual machine may change depending on the network of your host O/S. If you use bridged networking, you will need to use service network restart and ifconfig to restart your network every time you resume your VM or the network of your host O/S changes. Using NAT networking, the CentOS local IP address should be stable and this restart and reconfiguration shouldn’t be necessary.

8.3 Setting the SSH login bannerIndex

You will remember that when you log in to the CLS using the SSH protocol, you first see a banner announcing COURSE LINUX SERVER. We will enable a similar banner for our CentOS virtual system, so that we know to which machine we are connecting:

1. Back up the file /etc/ssh/sshd_config then edit the original file:
   • Find the line containing #Banner (It’s around line 129 in the file.)
   • This line is commented out with # at the start; it does nothing.
   • Un-comment this line: remove the comment # from the line.
   • Change the file name from Banner none to: Banner /etc/issue.net
   • Use the diff command to compare the back-up file with the edited original file and make sure only one line has changed:
     diff /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
   • Make sure the line does not start with the comment character.

2. Restart your CentOS SSH service to use the new banner: service sshd restart

3. Using the commands below, verify that an SSH connection shows the new banner by using the ssh command in CentOS to connect to the loopback localhost address of your CentOS VM:
   • You may be asked to accept the new connection: say yes
   • Verify that you see the SSH banner: CentOS release 6.6 (Final)
   • You don’t need to log in, so just use ^C to interrupt the root password prompt:

[root@abcd0001 ~]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 1d:1c:b2:7e:fe:b9:87:e8:89:71:bf:dd:ca:31:49:3b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
CentOS release 6.6 (Final)
Kernel \r on an \m
root@localhost's password: ^C

[root@abcd0001 ~]# ssh localhost
CentOS release 6.6 (Final)
Kernel \r on an \m
root@localhost's password: ^C

Whenever you attempt to connect to your CentOS virtual machine using SSH, make sure you see the above banner text. If you don’t see the banner, you are not connecting to the right IP address!

Feel free to edit the file /etc/issue.net to contain any text that you would like to see as a banner. You might delete the Kernel line and replace it with something of your own, e.g. Hello Linux People!

8.4 Use an SSH connection instead of the consoleIndex

These SSH instructions below are for VMware users. If you are using VirtualBox virtulalization software, see the section “Using SSH to connect to your VirtualBox VM” in VirtualBox CentOS Installation Guide HTML.

The VMware console that we have been using has very limited functionality. You can’t resize it, change the console colour, or font size, or copy and paste text into it easily from your host machine. Instead of using this console to work on the machine, we will do what most system administrators do and connect to the machine using a terminal program of our choice and the standard SSH protocol. CentOS already has the SSH programs installed and running that enable us to do this; we verified that in the previous section where we set the login banner.

To connect to your CentOS virtual machine using the SSH protocol, users with a Windows host O/S might choose to run the PuTTY terminal program (as you do when connecting to the CLS); users with a Linux or MacOSX host O/S will use a standard terminal and the ssh command.

Sometimes the networking set-up on your host operating system does not permit you to connect to the network addresses of your virtual machines. You may have a firewall setting that blocks access. If that is true, the following won’t work and you’ll have to consult the manual for your host operating system on how to enable network access to the IP addresses of your virtual machines.

1. In your host operating system (not in the CentOS guest OS), run a terminal program that will let your create an SSH remote connection:
   • Run the PuTTY program from a Windows host machine, or use a terminal and the ssh program from a MacOSX or Linux host O/S.
   • Review the instructions on how to do a Remote Login to the Course Linux Server, but do not use the CLS IP information.
   • Create and save a new SSH connection using the CentOS local IP address that you wrote down in the previous step.
   • Do not use your CLS IP address! Use your CentOS IP address!
   • When you start your session, make sure you are connecting to your CentOS local IP address, not to the CLS.
   • You must see the CentOS release 6.6 (Final) banner text before you enter your login userid.
   • If you see the COURSE LINUX SERVER banner, stop! Do not try to log in as root to the CLS; you will be locked out!
   • Use your terminal program to log in to your CentOS IP address (not the CLS) as root using your root password.
   • Make sure you see the CentOS release 6.6 (Final) banner before you log in with your root userid!
   • If you use PuTTY, save your new settings for your CentOS connection. Do not overwrite your CLS settings.
   • If you are using bridged instead of the recommended NAT networking, you will have to keep changing the saved CentOS IP address to match the address shown by ifconfig in CentOS. If you use NAT networking, this shouldn’t be a problem.

2. Once you are logged in to your own CentOS machine, type who and see that root is logged in once on a VMware system console (tty1) and once remotely via an SSH pseudo-terminal (pts/0).

   [root@abcd0001 ~]# who
   root     tty1         Nov  2 08:26
   root     pts/0        Nov  2 08:33 (192.168.244.1)
   [root@abcd0001 ~]# tty
   /dev/pts/0

I recommend using the SSH connection for all sysadmin work (including the rest of this document). Do not use the crappy VMware console. Note that, unlike using the system console, SSH network connections do not survive across a VM Pause or Suspend. All SSH sessions active when you pause or suspend your VM will be disconnected. Save and exit your editors that are running over SSH before you suspend.

8.5 Install the man commandIndex

This system has manual pages, but no man command to view them:

[root@abcd0001 ~]# which man
/usr/bin/which: no man in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
[root@abcd0001 ~]# whereis man
man: /usr/share/man

Use the yum install command to fetch information about the man package, and then we will install it:

1. As root run: yum info man
   • The first time you do this, yum will download some package lists before it answers the info query.
   • If yum cannot connect to the Internet, see Network Diagnostics.
   • If yum seems to hang for a long time, see Appendix: What to do if yum doesn’t work.

2. Confirm that yum shows Name : man under Available Packages.
   • If you see man under Installed Packages, you have already installed it.

3. Run: yum install man and when it asks Is this ok [y/N]: answer with y (yes) and Enter.
   • The first time you do this, yum will also ask you to import a GPG CentOS 6 Official Signing Key. Answer with y (yes).
   • Some dependency packages and updates will also be selected for download along with man.
   • The installation will print Complete! when it finishes.

4. Make sure which man and whereis man and man man now work:

   [root@abcd0001 ~]# which man
   /usr/bin/man
   [root@abcd0001 ~]# whereis man
   man: /usr/bin/man /etc/man.config /usr/share/man /usr/share/man/man1/man.1.gz
   [root@abcd0001 ~]# man man
   ...etc...

8.6 Install the mail commandIndex

Servers often need to email status messages to humans. We need to use the yum install command to fetch and install an email client program package named mailx:

1. As root run: yum info mailx
   • The first time you do this, yum will download some package lists before it answers the info query.
   • If yum cannot connect to the Internet, see Network Diagnostics.
   • If yum seems to hang for a long time, see Appendix: What to do if yum doesn’t work.

2. Confirm that yum shows Name : mailx under Available Packages.
   • If you see mailx under Installed Packages, you have already installed it.

3. Run: yum install mailx and when it asks Is this ok [y/N]: answer with y (yes) and Enter.
   • The first time you do this, yum will also ask you to import a GPG CentOS 6 Official Signing Key. Answer with y (yes).
   • The installation will print Complete! when it finishes.

4. After installation, make sure that mail -V (upper case!) prints a version number (the number may differ, depending on which version of CentOS is installed):

   [root@abcd0001 ~]# mail -V
   12.4 7/29/08

The mailx package installs some symbolic links so that the command mail actually runs the mailx program:

[root@abcd0001 ~]# ls -l /bin/mail*
lrwxrwxrwx. 1 root root     22 Mar  9 22:16 /bin/mail -> /etc/alternatives/mail
-rwxr-xr-x. 1 root root 369440 Aug  1  2013 /bin/mailx
[root@abcd0001 ~]# ls -l /etc/alternatives/mail
lrwxrwxrwx. 1 root root 10 Mar  9 22:16 /etc/alternatives/mail -> /bin/mailx

Also man mail gives you the same man page as man mailx (again using more symlinks):

[root@abcd0001 ~]# whereis mail mailx
mailx: /bin/mail /etc/mail.rc /usr/share/man/man1/mail.1.gz
mailx: /bin/mailx /usr/share/man/man1/mailx.1.gz
[root@abcd0001 ~]# ls -l /usr/share/man/man1/mail.1.gz
lrwxrwxrwx. 1 root root 31 Mar  9 22:16 /usr/share/man/man1/mail.1.gz -> /etc/alternatives/mail-mail-man
[root@abcd0001 ~]# ls -l /etc/alternatives/mail-mail-man
lrwxrwxrwx. 1 root root 30 Mar  9 22:16 /etc/alternatives/mail-mail-man -> /usr/share/man/man1/mailx.1.gz

8.7 Install the full version of the vim editorIndex

Your CentOS Minimal Installation comes with a minimal (they call it Small) version of the vim text editor named vi that is missing many features and help files:

[root@abcd0001 ~]# vi --version | fgrep 'version'
Small version without GUI.  Features included (+) or not (-):
[root@abcd0001 ~]# vimtutor
-bash: vimtutor: command not found

We want the full version, with help files and tutorials. As root, download and install the full (they call it Huge) version of vim as follows:

1. As root run: yum info vim-enhanced
   • The first time you do this, yum will download some package lists before it answers the info query.
   • If yum cannot connect to the Internet, see Network Diagnostics.
   • If yum seems to hang for a long time, see Appendix: What to do if yum doesn’t work.

2. Confirm that yum shows Name : vim-enhanced under Available Packages.
   • If you see vim-enhanced under Installed Packages, you have already installed it.

3. Run: yum install vim-enhanced and when it asks Is this ok [y/N]: answer with y (yes) and Enter.
   • The first time you do this, yum will also ask you to import a GPG CentOS 6 Official Signing Key. Answer with y (yes).
   • You will note under Installing for dependencies a list of other packages on which the full version of VIM depends. All this software also has to be downloaded and installed with VIM, including the Perl interpreter and some libraries.
   • Downloading all the software will take a minute or two.
   • The installation will print Complete! when it finishes.

4. After successful download and installation, start the newly-installed full version of VIM by typing vim (not vi) and note that this is the Huge version:

   [root@abcd0001 ~]# vi --version | fgrep 'version'
   Small version without GUI.  Features included (+) or not (-):
   
   [root@abcd0001 ~]# vim --version | fgrep 'version'
   Huge version without GUI.  Features included (+) or not (-):
   
   [root@abcd0001 ~]# which vimtutor
   /usr/bin/vimtutor

5. The programs vi and vim are different in CentOS!
   • You may find some accounts come with an alias: alias vi=vim
   • In which system directory is the minimal (Small) vi program found?
   • In which system directory is full (Huge) enhanced vim program found?
   • What system command makes it easy to answer the above two questions?

8.8 Remove confusing and dangerous root aliasesIndex

CentOS has provided the root account with some personal shell aliases that change the behaviour of some important commands and this is a bad idea. Type alias and you will see some aliases similar to these:

[root@abcd0001 ~]# alias
alias cp='cp -i'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'

The aliases for ls and which are harmless, but the options added in the aliases for cp, mv, and rm change the behaviour of these commands significantly. (What do those options do? RTFM for each command.)

On real servers, the root account is often shared among several sysadmin, and so you must be very careful what aliases you define in the root account. Commands must work exactly as expected, not the way aliases might change them to work. We will remove these dangerous aliases from our root account:

Note that the HOME directory for the root account is under /root, not under /home with all the other accounts.

1. Back up the file /root/.bashrc (preserve the modify time) then edit the original file:
   1. Remove or comment out the alias for rm.
   2. Remove or comment out the alias for cp.
   3. Remove or comment out the alias for mv.
   4. Insert this line at the top (beginning) of the file:
      [ -z "${PS1-}" ] && return # exit if not interactive
2. In addition to making the above essential changes, you might also optionally add unalias -a to the end of the file to make sure that no misleading aliases are defined for the root account.
   • Add this unalias line at the bottom (end) of the .bashrc, after all the existing lines in the file.
3. You might add alias cp='cp -i -p' to the bottom of the file, since we use it so often, especially as root.
   • This is a useful and common alias, safe even for a root account.

4. Use the diff command to compare the back-up file with the new file and make sure only a few lines have changed.

5. Run a loopback SSH network test of true, a command that doesn’t generate any output, to make sure the new .bashrc doesn’t generate any output or errors:

   [root@abcd0001 ~]# ssh localhost true
   CentOS release 6.6 (Final)
   Kernel \r on an \m
   root@localhost's password: 
   [root@abcd0001 ~]#

   Make sure there is no output after you type your root password.

   (If you don’t see the CentOS release 6.6 (Final) login banner, you missed Setting the SSH login banner, above.)

Keep your own personal aliases in your own account and source them when you need them as root. Do NOT put many of your personal aliases into the root account itself.

Log out of your VM and then log back in. Type alias and make sure all the dangerous aliases are gone. Keep the aliases in the root account to the bare minimum.

8.9 Enable shell HistoryIndex

Shell command line history for is important to a sysadmin. It’s one way of knowing what commands were typed and remembering how to do things without having to look them up again.

Although the shell is saving its history upon exit, the history from different shells is not being merged, so history can be lost if you run more than one shell, e.g. multiple windows or multiple logins. Also, history is not being saved until a shell exits, which means you can also lose history if a shell is killed prematurely.

We could fix these history issues just for the root user, using the root .bashrc start-up file, but then we would also have to fix it for our own sysadmin account (that we will create later), and for any other accounts we might create. Instead we are going to make changes to the system-wide bash shell initialization so that all users on the system receive these benefits, not just root.

The comments at the start of /etc/profile suggest that we should create a custom.sh file and install it in the /etc/profile.d directory:

1. Put these lines into the new file /etc/profile.d/custom.sh on your CentOS machine:

   # keep a lot of shell history in memory and in the history file
   export HISTSIZE=9000
   export HISTFILESIZE=99000
   # keep time stamps on each entry
   export HISTTIMEFORMAT=
   # update history file after every command (not just on exit)
   export PROMPT_COMMAND='history -a'
   # useful history-related bash options: use one-line and append
   shopt -s cmdhist
   shopt -s histappend

   This new file will be sourced by every user when they log in.

2. Run source /etc/profile.d/custom.sh to source the new file to set up the history in the current shell. Make sure you see no output and no errors!

3. After sourcing the file, print the changed history variables to confirm:

   [root@abcd0001 ~]# source /etc/profile.d/custom.sh
   [root@abcd0001 ~]# printenv | fgrep 'HIST'
   HISTSIZE=9000
   HISTFILESIZE=99000
   HISTCONTROL=ignoredups
   HISTTIMEFORMAT=
   [root@abcd0001 ~]# echo "$PROMPT_COMMAND"
   history -a

4. Check that the verification commands you just typed into the shell, above, are appearing at the bottom (end) of the root BASH history file, .bash_history, in the HOME directory of the root account.
   • Use a command that shows you the last few lines of a text file.
   • Recall, as mentioned earlier, that the HOME directory of the root account is not under the usual /home directory.

5. Log out. Log back in. Verify that the same history variables have been changed, and that your history file is being updated after every command you type.

8.10 Enable loopback address for your machine nameIndex

The file /etc/hosts usually contains a local copy of the name of the current machine, paired with the loopback IP address. CentOS is missing this, which means you can’t ping your own host name:

[root@abcd0001 ~]# echo "$HOSTNAME"
abcd0001
[root@abcd0001 ~]# ping "$HOSTNAME"
ping: unknown host abcd0001

1. Back up the file /etc/hosts then edit the original file and add your machine’s host name by adding the line 127.0.0.2 abcd0001 where abcd0001 is replaced by your machine’s host name (which must be the same name as your Blackboard userid):

   [root@abcd0001 ~]# cat /etc/hosts
   127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
   127.0.0.2   abcd0001
   ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

   Use the diff command to compare the back-up file with the new file and make sure only the intended lines have changed.

2. Confirm that you can now ping your own machine name with zero packet loss:

   [root@abcd0001 ~]# echo "$HOSTNAME"
   abcd0001
   [root@abcd0001 ~]# ping -c 1 "$HOSTNAME"
   PING abcd0001 (127.0.0.2) 56(84) bytes of data.
   64 bytes from abcd0001 (127.0.0.2): icmp_seq=1 ttl=64 time=0.072 ms
   --- abcd0001 ping statistics ---
   1 packets transmitted, 1 received, 0% packet loss, time 0ms
   rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms

The name abcd0001 above must be your machine’s name, not abcd0001. Your machine name must be the same name as your Blackboard userid.

8.11 Enable Internet Time using NTP and ntpdIndex

The system time is not being synchronized with the Internet. We need to use the yum install command to fetch and install the Network Time Protocol (NTP) package named ntp with its time daemon named ntpd:

1. As root run: yum info ntp
   • The NTP package is named ntp; the NTP daemon is named ntpd.
   • The first time you do this, yum will download some package lists before it answers the info query.
   • If yum cannot connect to the Internet, see Network Diagnostics.
   • If yum seems to hang for a long time, see Appendix: What to do if yum doesn’t work.

2. Confirm that yum shows Name : ntp under Available Packages.
   • If you see ntp under Installed Packages, you have already installed it.

3. Run: yum install ntp and when it asks Is this ok [y/N]: answer with y (yes) and Enter.
   • The first time you do this, yum will also ask you to import a GPG CentOS 6 Official Signing Key. Answer with y (yes).
   • The installation will print Complete! when it finishes.

4. Back up the file /etc/ntp.conf then edit the original file to add the line tinker panic 0 on its own line just above the driftfile line.
   • Use the diff command to compare the back-up file with the new file and make sure only the one line changed.
   • This line tells the ntpd program that it can always change the clock value, no matter how far off it is. Normally the ntpd daemon refuses to change a clock value that is more than 1,000 seconds wrong.
   • This doesn’t always work, and sometimes NTP can’t synchronize your clock inside some versions of VMware or under some host operating systems. Sometimes, installing the VMware Tools package can mitigate this problem; more on that later.

5. Run: chkconfig --list ntpd (and note the spelling of the service name ntpd). You will see one line indicating that the ntpd time daemon is turned off in every Run Level.

6. Run: chkconfig ntpd on (again note the spelling of ntpd).

7. Run: chkconfig --list ntpd (again note the spelling of ntpd). You will see one line indicating that the ntpd time daemon is now turned on in Run Levels 2 through 5:

   [root@abcd0001 ~]# chkconfig --list ntpd
   ntpd      0:off   1:off   2:on    3:on    4:on    5:on    6:off

8. Run: service ntpd start and you should see one line saying Starting ntpd: [OK]. (If you already started ntpd, you won’t see the [OK].)

9. Run: tail /var/log/messages or fgrep 'ntpd' /var/log/messages and confirm that there are several log entries for ntpd saying Listen normally. If you see errors, fix them and run service ntpd restart to restart ntpd.

10. If all goes well, ntpd starting up will have reset your system clock to the correct time. (Run the date command and see.) The log file might say something like clock_step +14398.864481s indicating a time change of (for example) 14398 seconds. If nothing happened, try waiting 5–10 minutes and see if the time updates. You can perform the other edits below while you wait for this to happen. Continue reading:

11. Installing NTP doesn’t always work to keep your system time updated, and sometimes NTP can’t synchronize your clock inside some versions of VMware or under some host operating systems. Sometimes, installing the VMware Tools package can mitigate this problem; more on that later.

Even with ntpd running, the system may take 5-10 minutes to re-synchronize its time after a VM Pause, Suspend, or reboot. (Earlier versions of CentOS were faster at time synchronization.) Servers in the real world are not paused, suspended, or rebooted as often as at school.

Installing VMware Tools will often help with getting the time right after a VM pause or suspend. VMware Tools will be installed in a separate document, later.

8.12 Disable SELinuxIndex

Security Enabled Linux is turned on, which can cause many problems for novice Linux users. On a real server, we would leave it enabled. You will learn SELinux configuration in later Linux courses.

1. Back up the file /etc/sysconfig/selinux then edit the original file and change the SELINUX variable setting from SELINUX=enforcing to SELINUX=disabled.
   • Use the diff command to compare the back-up file with the new file and make sure only the one line changed.
2. We won’t check to see that this works until after the next reboot.

8.13 Disable GRUB Pretty BootIndex

The system boot messages are being hidden by a pretty but unhelpful CentOS graphics “splash” screen. The screen covers up many useful system messages at boot time. As a sysadmin, you want to see all the boot messages.

1. Make a temporary snapshot of your VM now, in case you make a mistake in the following edit. If you damage lines in this GRUB configuration file, your machine may not boot at all. You’ll have to restore from the snapshot and reconfigure.

2. Back up the file /boot/grub/grub.conf then edit the original file:
   1. Change the value of the timeout from 5 to 30.
   2. Comment out the hiddenmenu line to make the GRUB menu visible on boot. (Insert a single # comment character in front of hiddenmenu so that it looks like #hiddenmenu and will be ignored.)
   3. Remove the two words rhgb quiet from the far right end of the very long kernel line to get rid of the silly CentOS animated graphics screen. (Make sure you don’t accidentally break this line into pieces. Keep it one long line.)

   4. The resulting file should be two words smaller than the back-up file:

      [root@abcd0001 ~]# wc -lw /boot/grub/grub.conf*
        17   82 /boot/grub/grub.conf
        17   84 /boot/grub/grub.conf.bak

   5. Use the diff command to compare the back-up file with the new file and make sure only the intended lines have changed.

3. You will know if your edits are accurate at the next reboot, coming up in the next section. If the reboot fails, restore back to your temporary snapshot and try the edit again.

4. If everything is working, you may delete the temporary snapshot you made.

8.14 Verify Correct CentOS ConfigurationIndex

Having made all the above configuration changes, your CentOS configuration must pass all of the following verification steps after you reboot it:

1. Safely shut down and reboot the system using: shutdown -r now
   • If you are using a remote SSH connection, you will be disconnected.
   • You will see some Linux kernel messages on the VMware console before the machine restarts.
   • NEVER reboot a Linux machine using the VMware Power button!
   • ALWAYS reboot a Linux machine using shutdown!
   • As the machine reboots, open up the VMware system console and verify that you now see the full GRUB boot menu (image below).
2. Verify the new GNU GRUB boot menu (image below):
   1. The GNU GRUB menu should now be visible (not hidden) – see the image below.
   2. In 30 seconds the menu will time out and boot the highlighted kernel menu entry (usually the first one), or you can push the Enter key to boot it immediately. If you don’t see the GRUB menu, you forgot to edit the GRUB configuration file above (or your edits were wrong). Try again.

CentOS 6 GRUB Menu

3. After the boot, when the machine is up and running, log in on the console again (or, better, use an ssh or PuTTY connection to the CentOS local IP address) and log in as the user root so you can run some verification commands.

4. Run alias and make sure the root account has no dangerous aliases.

5. Check that the commands you just typed, above, are appearing at the bottom (end) of the root BASH history file and that the history environment variables set in the root .bashrc are all set in the current shell.

6. Run: free and verify that you have a total Memory of about 256MB, e.g. approximately 248836KB.
   • If you have more than about 256MB, you forgot to change the VMware Memory settings for this VM. Shut CentOS down safely with shutdown and fix the VM Hardware Memory settings and reboot.

7. Run the selinuxenabled command followed by echo "$?" to display the command exit status variable contents. The status must be 1 (indicating failure – SELinux should not be enabled). If you see zero, you forgot to disable SELINUX above. Try again.

   [root@abcd0001 ~]# selinuxenabled ; echo $?
   1

8. In file /etc/sysconfig/clock verify that the ZONE variable is set to a local Ontario city time zone (not New York).

9. Run: pgrep -l ntpd and verify that the output is one line (a process number and the word ntpd). If you don’t see anything, you forgot to enable NTP above. Try again.

10. Look at the first ten lines of /etc/ntp.conf and verify that you find the tinker panic 0 line you added.

11. Search for the word ONBOOT in file /etc/sysconfig/network-scripts/ifcfg-eth0 and verify that its value is set to yes.

12. Run: ifconfig eth0 and verify that its inet addr: has an IP address listed.
    • If you logged in successfully using an SSH connection, you already know networking is working!

13. Run: ip route and verify that you have a default via route listed for dev eth0. (This default is your gateway IP address.)

14. Examine file /etc/resolv.conf and verify that there is at least onenameserver line in the file. (It will probably be the same IP as the gateway IP.)

15. Confirm that you can ping your own machine name with zero packet loss and that your host name resolves to the IP loopback address 127.0.0.2:

    [root@abcd0001 ~]# ping -c 1 "$HOSTNAME"
    PING abcd0001 (127.0.0.2) 56(84) bytes of data.
    64 bytes from abcd0001 (127.0.0.2): icmp_seq=1 ttl=64 time=0.072 ms
    --- abcd0001 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms

16. Make sure the man command works: man --version

17. Make sure the mail command is installed: mail -V

18. Make sure the full Huge version of VIM is installed: vim --version

19. Run: rpm -q -a | wc -l and verify that you have exactly 220 packages installed.
    • Do not install in this CentoS virtual machine any packages other than those specified in these instructions and your assignments.
    • Servers have very strict control over which packages are permitted to be installed. Fewer packages means fewer problems.

Consult with your instructor if any of the above verification steps fail. Sometimes you can recover a missed configuration step without starting over from scratch.

8.15 Install VMware ToolsIndex

These Tools instructions below are for VMware users. If you are using VirtualBox virtulalization software, see the section “Install VirtualBox Guest Additions” in VirtualBox CentOS Installation Guide HTML.

1. Make a temporary snapshot of your VM now, in case you make a mistake in the following installation. If you mis-install the VMware tools, un-installing it may be difficult. You’ll have to restore from the snapshot and reconfigure.

2. Follow this link to Install VMware Tools and confirm that the installation worked. If you have problems or make mistakes, restore back to the temporary snapshot and try again.

3. If everything is working, you may delete the temporary snapshot you made.

With the addition of the library needed by VMware Tools, your CentOS VM should have exactly 221 packages installed:

$ rpm -q -a | wc -l
221

8.16 Creating a System Administrator AccountIndex

In this section you will create your own system administration account on your CentOS VM. This personal account can be customized for you, including your own aliases and shell options (things you should not set in the root account). All work is done on your CentOS Virtual Machine.

Do not add extensive customization to the root account on a system, since such customization may not suit all root users of the system and may break automated programs that need to become the root user.

8.17 Enable sudo and the wheel groupIndex

Logging in to a machine as root is not recommended. Many servers actually disable direct login by the root user; you have to log in as the sysadmin user and then use su or sudo to run root commands.

You can already use the su account to become the root user, using the root password. We will now enable our sysadmin account to use the sudo command by enabling the wheel group and adding our account to that group.

1. Make a temporary snapshot of your VM now, in case you make a mistake in the following installation.

2. If necessary, login to your CentOS Virtual Machine as the root user. (We recommend using an SSH connection to your VM rather than working on the VMware console.)

3. Enable sudo to use the existing wheel group, as follows:
   1. Use a command to search for all lines containing the word wheel in the file /etc/sudoers and redirect those lines into the new file /etc/sudoers.d/wheel
   2. The new wheel file should contain 3 lines, 19 words, 108 characters. Display the file: all three lines are commented out.
   3. Edit the new wheel file and remove the comment and the space that follows it from the second line in the file. The second line should now be: %wheel ALL=(ALL) ALL
   4. Save the file and exit the editor when the second line is correct.
   5. The edited wheel file should contain 3 lines, 18 words, 106 characters: exactly one word less and two characters less than the unedited file.
4. Enable your new sysadmin account to be a member of the wheel group, as follows:
   1. Run this command (as root): gpasswd -a abcd0001 wheel where abcd0001 is replaced by your sysadmin account userid.
   2. If it works, you will see: Adding user abcd0001 to group wheel
   3. Search for the group wheel line in the system group file /etc/group and confirm that your userid is on that line.
5. Test that your sysadmin accound can use sudo now:
   1. As you did earlier to test your sysadmin account, use the same su command line and options to start a login subshell running as your sysadmin (non-root) account.
   2. Your prompt in this unprivileged subshell will change from # to $.
   3. Confirm that id shows your sysadmin uid and gid and that you now have a wheel group listed as one of your groups.
   4. In this subshell, as your sysadmin account (not root), type: sudo id
      • You will be prompted for your own password (not the root password).
      • Enter your own password (not the root password).
      • The id command should be run as the root user and show zeroes for the uid and gid.
   5. Immediately re-run the same sudo id command line, and note that you don’t have to type the password this time. The sudo command remembers your password for a few minutes so that you don’t have to keep typing it for multiple sudo commands.

6. Exit your account subshell and return to the root shell.

7. If everything is working, you may delete the temporary snapshot you made.

This concludes the enabling of sudo for your own personal sysadmin account.

Your sysadmin account can now run any privileged commands as the root user using sudo. To enhance the security of the system, we could now safely disable the root account password so that no direct root logins would be possible, but we won’t do that just yet since students often forget their sysadmin account passwords and need to use the root account to reset them.

8.18 Update all system packagesIndex

The system has been installed mostly from the original distribution CD, so it needs to have updates downloaded and installed from the Internet.

We don’t recommend trying to download large software images over wireless. Find a network jack and plug in.

1. Run: yum check-update
   • It will show a list of packages that need updating.
2. Run (avoid wireless): yum update
   • Say yes.
   • Many packages will be downloaded and updated.

If the list of updates installed includes the linux kernel package, you should safely shut down and reboot the system using: shutdown -r now to install the new kernel. This is only necessary if you updated the linux kernel package. After reboot, you will need to re-install VMware Tools for the new kernel.

The system updates may mean that you now have a few more than the original 221 installed packages.

10.1 PausingIndex

The VMware Pause button simply stops the virtual machine from using much CPU. It doesn’t save any state or allow you to close VMware; the virtual machine is still fully loaded into host O/S memory.

All network and SSH connections will be disconnected when you Pause the machine. Save your work before you Pause.

10.2 SuspendingIndex

VMware Suspend is the fastest way to save your machine state so that you can close VMware or reboot your host O/S. The current state of the machine, including all the system memory, is saved to disk and then the VM is stopped. Most times you will want to suspend your Virtual Machine so that you can resume it quickly where you left off:

1. Save any work you are doing over a remote SSH connection.
   • All network and SSH connections will be disconnected during a Suspend.
2. Go to VM and Power and choose Suspend
3. Wait until VMware fully saves the state of the machine to disk.
4. You may now safely close VMware and then shut down or reboot your host O/S, as needed.
5. You can’t change most VMware settings on a suspended machine, since the machine is still considered “active”.

10.3 ResumingIndex

When you resume your Virtual Machine after a Suspend, if you use bridged networking, you may need to refresh the network settings for your new network location by running (as root or with sudo): service network restart and your CentOS local IP address may change as a result.

10.4 Safely Shutting Down (Power Off)Index

If you need to reconfigure most parts of the VMware Virtual Machine that is running your Linux server, you need to fully shut down the running virtual machine before VMware will let you change the VMware settings. (Suspending won’t work, since the machine is still active.) Here’s how to safely shut down any running Linux system, virtual or not:

1. Log in as root (or login in as a user and then become root or use sudo, if you have disabled root logins)
2. Save any work you are doing in the virtual machine.
3. As root run: shutdown -h now
   • You can also schedule a shutdown at a later time; see the man page.
4. Wait until the Virtual Machine fully shuts down and stops.
5. You may now change VMware settings or safely close VMware, and then shut down or reboot your host O/S, as needed.

10.5 Safely Rebooting a running systemIndex

Again, don’t use the VMware power buttons to reboot a system. Use the Linux commands:

1. Log in as root (or login in as a user and then become root or use sudo, if you have disabled root logins)
2. Save any work you are doing in the virtual machine.
3. As root run: shutdown -r now
   • You can also schedule a reboot at a later time; see the man page.
4. The system will shut down and then reboot itself.

15.1 Possible SolutionsIndex

Students with hardware or software that don’t meet CST program requirements are responsible for fixing their own problems. The correct solution to avoid these bugs is to run the required CST program Intel hardware and Windows 7 or 8 base O/S. Failing that, these fixes below have worked for some students:

• Install the free Oracle VirtualBox and use that to install Linux.
  • CST student Joshua Caseley has written a VirtualBox CentOS Installation Guide HTML.
  • Joshua tested this on seven different systems using both Intel and AMD processes and all of them work.
  • Remember to set up SSH port forwarding to allow SSH in.
• Downgrade VMware and use an earlier version of VMware than version 10.
  • One student using AMD said only Workstation 8 would work, not 9 or 10.
  • Note that earlier versions of VMware will not open VMware 10 virtual machines created with VMware 10 machine formats (the default for VMware Workstation 10).
• Try using VMware Workstation version 11.
• Try running VMware, perhaps an older version, inside an existing Windows VM and then running CentOS inside that.
  • Yes, you would be running Windows running VMware running Windows running VMware running CentOS.
• Use the workstations on the second floor of T building to do your CentOS assignments. Keep your CentOS virtual machines on a portable external disk drive.