In Place Upgrade CentOS 6.5 to 7.0 using preupg

Great News! CentOS 7.0 is released and every system administrator is excited. Today i tried upgrading my existing CentOS 6.5 to 7.0

 CentOS 7 Major Changes

  • Following are the more notable changes are included in this release are:
  • Updated Kernel to 3.10.0
  • Added support for Linux Containers
  • Open VMware Tools & 3D graphics drivers out of the box
  • OpenJDK-7 as default JDK
  • Upgrade from 6.5 to 7.0 using preupg command
  • LVM-snapshots with ext4 and XFS
  • Switch to grub2, systemd and firewalld
  • Default XFS file system
  • iSCSI and FCoE in kernel space
  • Support for PTPv2
  • Support for 40G Ethernet Cards
  • Supports installations in UEFI (Unified Extensible Firmware Interface) Secure Boot form on compatible hardware

CentOS 7 Release Notes

Before you go for CentOS 7.0 after CentOS 6.x, I suggest you to consider following things, because many of things have been changed in this release.

  • grub is now replaced with grub2
  • init is now replaced with systemd
  • Difficultly in understanding and editing grub.conf (grub2)
  • Difficultly in understanding /etc/init.d
  • No more text log files for system log (journalctl instead)
  • No more ext4 filesystem, added XFS as default filesystem
  • CentOS 6.x will be supported until 2020

* If you’d like to install fresh copy to CentOS 7 follow this guide.

Let upgrade our existing CentOS 6.5 to 7.0 using CentOS Upgrade tools.

The Preupgrade Assistant (preupg) checks for potential problems you might encounter with an upgrade from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7 before making any changes to your system. This helps you assess your chances of successfully upgrading to Red Hat Enterprise Linux 7 before the actual upgrade process begins.
The Preupgrade Assistant assesses the system for possible in-place upgrade limitations, such as package removals, incompatible obsoletes, name changes, deficiencies in some configuration file compatibilities, and so on. It then provides the following:

  • System analysis report with proposed solutions for any detected migration issues.
  • Data that could be used for “cloning” the system, if the in-place upgrade is not suitable.
  • Post-upgrade scripts to finish more complex issues after the in-place upgrade.

Your system remains unchanged except for the information and logs stored by the Preupgrade Assistant.

Make sure you are logged in as root.

Check your existing version. It must be CentOS 6.5

cat /etc/redhat-release
CentOS release 6.5 (Final)

Update everything using yum.

yum -y update

Reboot.

reboot

After reboot, lets install some packages required by the upgrade tool

yum -y install openscap pcre-devel libxml2-devel libxslt-devel m2crypto python-simplejson mod_wsgi

After installing above packages, download and install upgrade tools.

rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-1.0.2-33.el6.x86_64.rpm
rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-contents-0.5.13-1.el6.noarch.rpm
rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-ui-1.0.2-33.el6.x86_64.rpm
rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/python-rhsm-1.9.7-1.el6.x86_64.rpm
rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/redhat-upgrade-tool-0.7.22-1.el6.noarch.rpm

Issue the preupg command to check if the upgrade is possible.

preupg -s RHEL6_7

You should get an output like this.

Preupg tool doesn't do the actual upgrade.
Please ensure you have backed up your system and/or data in the event of a failed upgrade
 that would require a full re-install of the system from installation media.
Do you want to continue? y/n
y
Gathering logs used by preupgrade assistant:
All installed packages : 01/10 ...finished (time 00:00s)
All changed files      : 02/10 ...finished (time 00:34s)
Changed config files   : 03/10 ...finished (time 00:00s)
All users              : 04/10 ...finished (time 00:00s)
All groups             : 05/10 ...finished (time 00:00s)
Service statuses       : 06/10 ...finished (time 00:00s)
All installed files    : 07/10 ...finished (time 00:00s)
All local files        : 08/10 ...finished (time 00:00s)
All executable files   : 09/10 ...finished (time 00:00s)
RedHat signed packages : 10/10 ...finished (time 00:00s)
Assessment of the system, running checks / SCE scripts:
001/100 ...done    (Configuration Files to Review)
002/100 ...done    (File Lists for Manual Migration)
003/100 ...done    (Bacula Backup Software)
004/100 ...done    (MySQL configuration)
005/100 ...done    (Migration of the MySQL data stack)
006/100 ...done    (General changes in default MySQL implementation)
007/100 ...done    (PostgreSQL upgrade content)
008/100 ...done    (GNOME Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release)
009/100 ...done    (KDE Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release)
010/100 ...done    (several graphic drivers not supported in Red Hat Enterprise Linux 7)
011/100 ...done    (several input drivers not supported in Red Hat Enterprise Linux 7)
012/100 ...done    (several kernel networking drivers not available in Red Hat Enterprise Linux 7)
013/100 ...done    (several kernel storage drivers not available in Red Hat Enterprise Linux 7)
014/100 ...done    (Names, Options and Output Format Changes in arptables)
015/100 ...done    (BIND9 running in a chroot environment check.)
016/100 ...done    (BIND9 configuration compatibility check)
017/100 ...done    (Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files)
018/100 ...done    (DNSMASQ configuration compatibility check)
019/100 ...done    (Dovecot configuration compatibility check)
020/100 ...done    (Compatibility Between iptables and ip6tables)
021/100 ...done    (Net-SNMP check)
022/100 ...done    (Squid configuration compatibility check)
023/100 ...done    (Reusable Configuration Files)
024/100 ...done    (VCS repositories)
025/100 ...done    (Added and extended options for BIND9 configuration)
026/100 ...done    (Added options in DNSMASQ configuration)
027/100 ...done    (Packages not signed by Red Hat)
028/100 ...done    (Obsoleted rpms)
029/100 ...done    (w3m not available in Red Hat Enterprise Linux 7)
030/100 ...done    (report incompatibilities between Red Hat Enterprise Linux 6 and 7 in qemu-guest-agent package)
031/100 ...done    (Removed options in coreutils binaries)
032/100 ...done    (Removed options in gawk binaries)
033/100 ...done    (Removed options in netstat binary)
034/100 ...done    (Removed options in quota tools)
035/100 ...done    (Removed rpms)
036/100 ...done    (Replaced rpms)
037/100 ...done    (GMP library incompatibilities)
038/100 ...done    (optional channel problems)
039/100 ...done    (package downgrades)
040/100 ...done    (restore custom selinux configuration)
041/100 ...done    (General)
042/100 ...done    (samba shared directories selinux)
043/100 ...done    (CUPS Browsing/BrowsePoll configuration)
044/100 ...done    (CVS Package Split)
045/100 ...done    (FreeRADIUS Upgrade Verification)
046/100 ...done    (httpd configuration compatibility check)
047/100 ...done    (bind-dyndb-ldap)
048/100 ...done    (Identity Management Server compatibility check)
049/100 ...done    (IPA Server CA Verification)
050/100 ...done    (NTP configuration)
051/100 ...done    (Information on time-sync.target)
052/100 ...done    (OpenLDAP /etc/sysconfig and data compatibility)
053/100 ...done    (OpenSSH sshd_config migration content)
054/100 ...done    (OpenSSH sysconfig migration content)
055/100 ...done    (Configuration for quota_nld service)
056/100 ...done    (Disk quota netlink message daemon moved into quota-nld package)
057/100 ...done    (SSSD compatibility check)
058/100 ...done    (Luks encrypted partition)
059/100 ...done    (Clvmd and cmirrord daemon management.)
060/100 ...done    (State of LVM2 services.)
061/100 ...done    (device-mapper-multipath configuration compatibility check)
062/100 ...done    (Removal of scsi-target-utils)
063/100 ...done    (Configuration for warnquota tool)
064/100 ...done    (Disk quota tool warnquota moved into quota-warnquota package)
065/100 ...done    (Check for Add-On availability)
066/100 ...done    (Architecture Support)
067/100 ...done    (Binary rebuilds)
068/100 ...done    (Debuginfo packages)
069/100 ...done    (Cluster and High Availablility)
070/100 ...done    (fix krb5kdc config file)
071/100 ...done    (File Systems, Partitions and Mounts Configuration Review)
072/100 ...done    (Read Only FHS directories)
073/100 ...done    (Red Hat Enterprise Linux Server variant)
074/100 ...done    (Sonamebumped libs)
075/100 ...done    (SonameKept Reusable Dynamic Libraries)
076/100 ...done    (Removed .so libs)
077/100 ...done    (In-place Upgrade Requirements for the /usr/ Directory)
078/100 ...done    (CA certificate bundles modified)
079/100 ...done    (Developer Tool Set packages)
080/100 ...done    (Hyper-V)
081/100 ...done    (Content for enabling and disabling services based on RHEL 6 system)
082/100 ...done    (Check for ethernet interface naming)
083/100 ...done    (User modification in /etc/rc.local and /etc/rc.d/rc.local)
084/100 ...done    (cgroups configuration compatibility check)
085/100 ...done    (Plugable authentication modules (PAM))
086/100 ...done    (Foreign Perl modules)
087/100 ...done    (Python 2.7.5)
088/100 ...done    (Ruby 2.0.0)
089/100 ...done    (SCL collections)
090/100 ...done    (Red Hat Subscription Manager)
091/100 ...done    (Red Hat Network Classic Unsupported)
092/100 ...done    (System kickstart)
093/100 ...done    (YUM)
094/100 ...done    (Check for usage of dangerous range of UID/GIDs)
095/100 ...done    (Incorrect usage of reserved UID/GIDs)
096/100 ...done    (NIS ypbind config files back-up)
097/100 ...done    (NIS Makefile back-up)
098/100 ...done    (NIS server maps check)
099/100 ...done    (NIS server MAXUID and MAXGID limits check)
100/100 ...done    (NIS server config file back-up)
Assessment finished (time 00:00s)
Result table with checks and their results for main contents:
------------------------------------------------------------------------------------------------------------------------------
|Configuration Files to Review                                                                               |notapplicable  |
|File Lists for Manual Migration                                                                             |notapplicable  |
|Bacula Backup Software                                                                                      |notapplicable  |
|MySQL configuration                                                                                         |notapplicable  |
|Migration of the MySQL data stack                                                                           |notapplicable  |
|General changes in default MySQL implementation                                                             |notapplicable  |
|PostgreSQL upgrade content                                                                                  |notapplicable  |
|GNOME Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release      |notapplicable  |
|KDE Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release        |notapplicable  |
|several graphic drivers not supported in Red Hat Enterprise Linux 7                                         |notapplicable  |
|several input drivers not supported in Red Hat Enterprise Linux 7                                           |notapplicable  |
|several kernel networking drivers not available in Red Hat Enterprise Linux 7                               |notapplicable  |
|several kernel storage drivers not available in Red Hat Enterprise Linux 7                                  |notapplicable  |
|Names, Options and Output Format Changes in arptables                                                       |notapplicable  |
|BIND9 running in a chroot environment check.                                                                |notapplicable  |
|BIND9 configuration compatibility check                                                                     |notapplicable  |
|Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files                                     |notapplicable  |
|DNSMASQ configuration compatibility check                                                                   |notapplicable  |
|Dovecot configuration compatibility check                                                                   |notapplicable  |
|Compatibility Between iptables and ip6tables                                                                |notapplicable  |
|Net-SNMP check                                                                                              |notapplicable  |
|Squid configuration compatibility check                                                                     |notapplicable  |
|Reusable Configuration Files                                                                                |notapplicable  |
|VCS repositories                                                                                            |notapplicable  |
|Added and extended options for BIND9 configuration                                                          |notapplicable  |
|Added options in DNSMASQ configuration                                                                      |notapplicable  |
|Packages not signed by Red Hat                                                                              |notapplicable  |
|Obsoleted rpms                                                                                              |notapplicable  |
|w3m not available in Red Hat Enterprise Linux 7                                                             |notapplicable  |
|report incompatibilities between Red Hat Enterprise Linux 6 and 7 in qemu-guest-agent package               |notapplicable  |
|Removed options in coreutils binaries                                                                       |notapplicable  |
|Removed options in gawk binaries                                                                            |notapplicable  |
|Removed options in netstat binary                                                                           |notapplicable  |
|Removed options in quota tools                                                                              |notapplicable  |
|Removed rpms                                                                                                |notapplicable  |
|Replaced rpms                                                                                               |notapplicable  |
|GMP library incompatibilities                                                                               |notapplicable  |
|optional channel problems                                                                                   |notapplicable  |
|package downgrades                                                                                          |notapplicable  |
|restore custom selinux configuration                                                                        |notapplicable  |
|General                                                                                                     |notapplicable  |
|samba shared directories selinux                                                                            |notapplicable  |
|CUPS Browsing/BrowsePoll configuration                                                                      |notapplicable  |
|CVS Package Split                                                                                           |notapplicable  |
|FreeRADIUS Upgrade Verification                                                                             |notapplicable  |
|httpd configuration compatibility check                                                                     |notapplicable  |
|bind-dyndb-ldap                                                                                             |notapplicable  |
|Identity Management Server compatibility check                                                              |notapplicable  |
|IPA Server CA Verification                                                                                  |notapplicable  |
|NTP configuration                                                                                           |notapplicable  |
|Information on time-sync.target                                                                             |notapplicable  |
|OpenLDAP /etc/sysconfig and data compatibility                                                              |notapplicable  |
|OpenSSH sshd_config migration content                                                                       |notapplicable  |
|OpenSSH sysconfig migration content                                                                         |notapplicable  |
|Configuration for quota_nld service                                                                         |notapplicable  |
|Disk quota netlink message daemon moved into quota-nld package                                              |notapplicable  |
|SSSD compatibility check                                                                                    |notapplicable  |
|Luks encrypted partition                                                                                    |notapplicable  |
|Clvmd and cmirrord daemon management.                                                                       |notapplicable  |
|State of LVM2 services.                                                                                     |notapplicable  |
|device-mapper-multipath configuration compatibility check                                                   |notapplicable  |
|Removal of scsi-target-utils                                                                                |notapplicable  |
|Configuration for warnquota tool                                                                            |notapplicable  |
|Disk quota tool warnquota moved into quota-warnquota package                                                |notapplicable  |
|Check for Add-On availability                                                                               |notapplicable  |
|Architecture Support                                                                                        |notapplicable  |
|Binary rebuilds                                                                                             |notapplicable  |
|Debuginfo packages                                                                                          |notapplicable  |
|Cluster and High Availablility                                                                              |notapplicable  |
|fix krb5kdc config file                                                                                     |notapplicable  |
|File Systems, Partitions and Mounts Configuration Review                                                    |notapplicable  |
|Read Only FHS directories                                                                                   |notapplicable  |
|Red Hat Enterprise Linux Server variant                                                                     |notapplicable  |
|Sonamebumped libs                                                                                           |notapplicable  |
|SonameKept Reusable Dynamic Libraries                                                                       |notapplicable  |
|Removed .so libs                                                                                            |notapplicable  |
|In-place Upgrade Requirements for the /usr/ Directory                                                       |notapplicable  |
|CA certificate bundles modified                                                                             |notapplicable  |
|Developer Tool Set packages                                                                                 |notapplicable  |
|Hyper-V                                                                                                     |notapplicable  |
|Content for enabling and disabling services based on RHEL 6 system                                          |notapplicable  |
|Check for ethernet interface naming                                                                         |notapplicable  |
|User modification in /etc/rc.local and /etc/rc.d/rc.local                                                   |notapplicable  |
|cgroups configuration compatibility check                                                                   |notapplicable  |
|Plugable authentication modules (PAM)                                                                       |notapplicable  |
|Foreign Perl modules                                                                                        |notapplicable  |
|Python 2.7.5                                                                                                |notapplicable  |
|Ruby 2.0.0                                                                                                  |notapplicable  |
|SCL collections                                                                                             |notapplicable  |
|Red Hat Network Classic Unsupported                                                                         |notapplicable  |
|Red Hat Subscription Manager                                                                                |notapplicable  |
|System kickstart                                                                                            |notapplicable  |
|YUM                                                                                                         |notapplicable  |
|Check for usage of dangerous range of UID/GIDs                                                              |notapplicable  |
|Incorrect usage of reserved UID/GIDs                                                                        |notapplicable  |
|NIS ypbind config files back-up                                                                             |notapplicable  |
|NIS Makefile back-up                                                                                        |notapplicable  |
|NIS server maps check                                                                                       |notapplicable  |
|NIS server MAXUID and MAXGID limits check                                                                   |notapplicable  |
|NIS server config file back-up                                                                              |notapplicable  |
------------------------------------------------------------------------------------------------------------------------------
Tarball with results is stored here /root/preupgrade-results/preupg_results-140710214203.tar.gz .
The latest assessment is stored in directory /root/preupgrade .
Upload results to UI by command:
e.g. preupg -u http://127.0.0.1:8099/submit/ -r /root/preupgrade-results/preupg_results-*.tar.gz .

Start the upgrade process. alt+tab and do something, this might take a while.

redhat-upgrade-tool-cli --network 7.0 --instrepo http://mirror.centos.org/centos/7/os/x86_64/

If above command doesnt work, you can force it.

redhat-upgrade-tool-cli --network 7.0 --instrepo http://mirror.centos.org/centos/7/os/x86_64/ --force

After installation is completed. Please reboot your computer.

reboot

After reboot, login and check your current version. Voila! Its 7.0

cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

I hope it worked with your installation.

Coding iOS App with XCode 5

Its been 3 years since I have been planning to learn iOS development, I haven’t been able to start as I was involved with web development and Objective C (cocoa framework) didn’t make any sense to me. I used to be straight forward programmer, never understood Classes, Objects and everything that came with Object Oriented Programming. Not until a year back i started using PHP Web framework (Codeigniter) and it started making sense, everything seemed organized and structured and now I cant code anything without using Objects and Classes.

Few months back i signed up for Apple Developer for $99 a year. Downloaded XCode, and then started looking into Objective C again and this time it made sense.

So I thought there may be many developer like me, who are interested to learn Objective C and iOS App development, thats why i am posting this guide as i am learning.

Prerequisites

  • Mac computer (iMac, Mac Mini or MacBook pro)
  • Mac OS X Mountain Lion or above.
  • XCode 4.6 or above installed.

If you don’t have a Mac there is an easy way to install Mac OS X on VMWare and install XCode (for educational purpose :) ) :: Install Mac on VMware

First Steps

Learn Objective C Programming, this is a must! If you know C, C++ or PHP, this should be very easy.

Objective C Resources

Free E-Books by Apple

Web Resources

There are hundreds of free resource all over internet, just google “Learn Objective C” or “Objective C Tutorial”.

Best Resource for Learning iOS Development online is :: raywenderlich.com

 

[ ...to be continued ]

Kuensel Blocks Google

Kuenselonline, the Bhutan’s largest news website has blocked google from their website. Isn’t google the biggest search engine in the world? looks like they dont want all the free traffic you get from google. LOL

Kuensel Blocks Google

Kuensel Blocks Google

Secure CentOS Linux with iptables

Linux Firewall

Iptables is best linux firewall available. Use this to secure your linux with iptables.

Make sure to save the iptables configuration.

vi /etc/sysconfig/iptables

Secure IPTables Configuration:

*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
 
## Block IPs here
-A INPUT -s xxx.xxx.xxx.xxx -j DROP
 
-A INPUT -i eth0 -f -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
 
## Open all your needed ports here
-A INPUT -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
 
## Allow your IPs here
-A INPUT -p tcp -m state -m tcp -s xxx.xxx.xxx.xxx/255.255.255.0 --dport 10000 --state NEW -j ACCEPT
 
-A INPUT -p tcp -m tcp -m state ! --tcp-flags FIN,SYN,RST,ACK SYN --state NEW -j DROP
-A INPUT -f -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
 
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
 
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

Secure CentOS with sysctl.conf

Secure your CentOS installation with sysctl, Replace your sysctl.conf with the configuration given below, this is the best configuration you can do.

 

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
 
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
 
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
 
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
 
########## IPv6 networking start ##############
# Number of Router Solicitations to send until assuming no routers are present.
# This is host and not router
net.ipv6.conf.default.router_solicitations = 0
 
# Accept Router Preference in RA?
net.ipv6.conf.default.accept_ra_rtr_pref = 0
 
# Learn Prefix Information in Router Advertisement
net.ipv6.conf.default.accept_ra_pinfo = 0
 
# Setting controls whether the system will accept Hop Limit settings from a router advertisement
net.ipv6.conf.default.accept_ra_defrtr = 0
 
#router advertisements can cause the system to assign a global unicast address to an interface
net.ipv6.conf.default.autoconf = 0
 
#how many neighbor solicitations to send out per address?
net.ipv6.conf.default.dad_transmits = 0
 
# How many global unicast IPv6 addresses can be assigned to each interface?
net.ipv6.conf.default.max_addresses = 1
 
########## IPv6 networking ends ##############
 
# Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 1
 
# increase system file descriptor limit
fs.file-max = 65535
 
# Allow for more PIDs
kernel.pid_max = 65536
 
#Increase system IP port limits
net.ipv4.ip_local_port_range = 11000 65000
 
# Reboot after a kernel panic
kernel.panic = 30

CentOS Web server with Latest Apache, PHP and MySQL

Setup perfect CentOS Web server with latest Apache, PHP and MySQL.

CentOS with Apache PHP MYSQL Webmin

Make sure you have installed CentOS with minimal system tools.

I am going to use my home directory as root folder.

cd ~

import RPM-GPG-KEY

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Update Everything using YUM

yum -y update

Reboot your Server.

reboot

Install Some Required Packages

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils

Setup System Time

yum install ntp
chkconfig ntpd on
ntpdate pool.ntp.org
/etc/init.d/ntpd start

Install RPMForge Repo

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -K rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.i386.rpm
 
yum clean all
yum update

Use Remi’s Repo for Latest PHP and MySQL

rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

Enable Remi’s Repo

nano /etc/yum.repos.d/remi.repo
 
[remi]
enabled=1

Install Apache and PHP Server

yum install httpd
chkconfig --levels 235 httpd on
yum install php php-mysql php-gd php-odbc php-pear php-xml php-xmlrpc curl perl-libwww-perl ImageMagick libxml2
 
## Edit Apache Configuration, if you need.
nano /etc/httpd/conf/httpd.conf

Install MySQL Server

yum install mysql mysql-server
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
 
## Change your MySQL Password
mysql_secure_installation
 
## Check if MySQL is running
netstat -tap | grep mysql
 
## Edit MySQL Configuration, if you need.
nano /etc/my.cnf

Install eAccelerator – PHP Caching, Makes your php load faster

yum install php-eaccelerator

Install PhpMyAdmin

yum install phpmyadmin

Start Apache Server

service httpd restart

Check Apache

apachectl -M

Output

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 ...
Syntax OK

Check PHP

php -v

Output

PHP 5.3.6 (cli) (built: May 16 2011 19:18:00)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
    with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Web server with Latest PHP and MySQL is done!

Install Webmin if you want

yum install openssl perl-Net-SSLeay
rpm --import http://www.webmin.com/jcameron-key.asc

Add Webmin Repo

nano /etc/yum.repos.d/webmin.repo

Add This

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Install Webmin

yum install webmin