12. Install Apache Tomcat
Tomcat is a servlet container designed by Apache to run Java HTTP web server. Install tomcat as below but it is necessary to point out that you must have installed Java prior of installing tomcat.
# yum install tomcat
After tomcat has been installed, star the tomcat service.
# systemctl start tomcat
Check Version of tomcat.
# /usr/sbin/tomcat version
Add service tomcat and default port (8080) through firewall and reload settings.
# firewall-cmd --zone=public --add-port=8080/tcp --permanent # firewall-cmd --reload
Now it’s time to secure tomcat server, create a user and a password to access and manage. We need to edit file ‘/etc/tomcat/tomcat-users.xml‘. See the section which looks like:
<tomcat-users> .... </tomcat-users> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-jmx"/> <role rolename="manager-status"/> <role rolename="admin-gui"/> <role rolename="admin-script"/> <user username="tecmint" password="tecmint" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/> </tomcat-users>
Here we added user “tecmint” to administer/manage tomcat using password “tecmint”. Stop and start the service tomcat so that the changes are taken into effect and enable tomcat service to start at system boot.
# systemctl stop tomcat # systemctl start tomcat # systemctl enable tomcat.service
Read Also: Installing and Configuring Apache Tomcat 8.0.9 in RHEL/CentOS 7.0/6.x
13. Install Nmap to Monitor Open Ports
Nmap for Network Mapper creates a map of the network by discovering host on which it is running as well as by analyzing network. nmap is not included in the default installation and you have to install it from repository.
# yum install nmap
List all open ports and corresponding services using them on host.
# nmap 127.0.01
You may also use firewall-cmd to list all the ports, however I find nmap more useful.
# firewall-cmd --list-ports
Read Also: 29 Useful Nmap Command to Monitor Open Ports
14. FirewallD Configuration
firewalld is a firewall service which manages the server dynamically. Firewalld removed iptables in CentOS 7. Firewalld is installed by default on RedHat Enterprise Linux and its derivatives by default. With iptables every change in order to be taken into effect needs to flush all the old rules and create new rules.
However with firewalld, no flushing and recreating of new rules required and only changes are applied on the fly.
Check if Firewalld is running or not.
# systemctl status firewalld OR # firewall-cmd --state
Get a list of all the zones.
# firewall-cmd --get-zones
To get details on a zone before switching.
# firewall-cmd --zone=work --list-all
To get default zone.
# firewall-cmd --get-default-zone
To switch to a different zone say ‘work‘.
# firewall-cmd --set-default-zone=work
To list all the services in the zone.
# firewall-cmd --list-services
To add a service say http, temporarily and reload firewalld.
# firewall-cmd --add-service=http # firewall-cmd –reload
To add a service say http, permanently and reload firewalld.
# firewall-cmd --add-service=http --permanent # firewall-cmd --reload
To remove a service say http, temporarily.
# firewall-cmd --remove-service=http # firewall-cmd --reload
To remove a service say http, permanently.
# firewall-cmd --zone=work --remove-service=http --permanent # firewall-cmd --reload
To allow a port (say 331), temporarily.
# firewall-cmd --add-port=331/tcp # firewall-cmd --reload
To allow a port (say 331), permanently.
# firewall-cmd --add-port=331/tcp --permanent # firewall-cmd --reload
To block/remove a port (say 331), temporarily.
# firewall-cmd --remove-port=331/tcp # firewall-cmd --reload
To block/remove a port (say 331), permanently.
# firewall-cmd --remove-port=331/tcp --permanent # firewall-cmd --reload
To disable firewalld.
# systemctl stop firewalld # systemctl disable firewalld # firewall-cmd --state
To enable firewalld.
# systemctl enable firewalld # systemctl start firewalld # firewall-cmd --state
- How to Configure ‘FirewallD’ in RHEL/CentOS 7
- Useful ‘FirewallD’ Rules to Configure and Manage Firewall
15. Installing Wget
wget is a Linux command line based utility that retrieves (downloads) content from web servers. It is an important tool you must have to retrieve web contents or download any files using wget command.
# yum install wget
For more usage and practical examples on how to use wget command to download files on the terminal, read 10 Wget Command Examples.
16. Installing Telnet
Telnet is a network protocol that enables a user to login into another computer on the same network over TCP/IP. Once connection etablished to the remote computer it becomes a virtual terminal and allow you to communicate with the remote host within your computer as per whatever privileges provided to you.
Telnet also very useful for checking listening ports on remote computer or host.
# yum install telnet # telnet google.com 80
I followed this guide. Its really helpful. As you said quite extensively about installing apache, databases and others.
Can you also provide a guide regarding how to upload a site in CentOS after doing all this?
You can use WordPress and add the blogs.create new website add the domain to that website apache.
I am wondering why httpd,php is installed after installing virtualbox. Initially it is installed, will it conflict
Resourceful tutorial for Linux enthusiast.
There is a mistake in the SSH section. The config file is NOT ‘ssh-config’. That is meant for the SSH client not the server. The SSH server settings are in ‘sshd-config’. As a noob, it took me a while to figure out why my changes had no effect on the server.
Otherwise, this has been a great resource for someone like me learning Linux for the first time. Thanks!
@Gary,
Thanks for notifying, yes it should sshd_config for configuring SSH Server. We’ve corrected in the article.
One of the commands didn’t work for me, the one related to opening up the httpd port through firewalld. I got a syntax error
I got a successful execution with the following command, because I did not choose to assign http a funky port, just the standard one (80)
If you want to use a custom port for httpd, use this command, which specifies the port/protocol:
SOURCE:
https://stackoverflow.com/questions/24729024/open-firewall-port-on-centos-7
Thank you for getting this information together, it is very helpful for people not familiar to minimal dekstop-less installations.
There’s a syntax error in the article, it should say:
(two dashes instead of one, before every argument)
@IvanZ,
Thanks, I have corrected the command in the article..
Hey, thanks for this list. It was very valuable for me to set up a new CentOS 7 configuration. So far I had only to deal with SLES. Thank you
The articel does only contain nonsense. Why somebody should protect grub when it can be by passed so easy?
A speedtest cronjob? wtf?
the guy that wrote to this… went to some trouble to help. Dont be a douche and leave thoughtless comments.
When i change the Listen directive and restart the httpd following error occurs.
Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.
This happen when i tried to change Listen to 3221, 9090 or :9090 .. anything.
While it works fine for port 80 and 8080
Hi Atul. This could be caused by SELinux. Check if it is enabled by running “sestatus“. If it says enabled, you have to ways:
1. Disable SELinux by running ‘setenforce 0‘;
2. Add SE rules (using ‘semanage‘ command). In this case you will have SELinux enabled (which is recommended);
Hey, thank you for this list. It has been invaluable for me while setting up a new CentOS 7 configuration. I’m technical but this is easily understandable and readable for anyone.
Hi Guys,
Cant open my website with elinks. It is saying that I need to enable my javascript. How to do that on centos7 minimal.
Thanks
@Zack,
Enable JavaScript at browser level, Firefox or chrome.
Use Secure Protocol over the default SSH Protocol and change port number also for extra Security. Edit the SSH configuration file ‘/etc/ssh/ssh_config‘.
why install wget? isn’t curl available by default?
Hi,
The following
# firewall-cmd -permanent -add-port=3221/tcp
should be
# firewall-cmd –permanent –add-port=3221/tcp
4.unable to chown
Hi, is anybody help me I am new to CentOS 7, regarding I am unable to enter into root mode.
After reading point #22, I tried commands, but now i am unable to get into:
why this happened it always says even i tried to attempt…
sudo: >>> /etc/sudoers: syntax error near line 45 <<>> /etc/sudoers: syntax error near line 101 <<<
sudo: parse error in /etc/sudoers near line 45
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
please help me i am new to cent os 7
try su root
Tape
#History
And update ur post please
After installing Webmin you’ll need to allow access on port 10000.
@Zack,
Yes, you right, port should be opened to access from the public network over IP Address or Domain, for example:
Hi, Nice post
would you happen to have solution to install nginx in front of Apache to avoid opening httpd services by apache every time, and saving system resources.
Cheers
@Zack,
You mean both nginx and apache should run on same server without any conflict? if yes, you should run nginx or apache on different ports..
yum install links
should be
yum install elinks
@Smallufo,
Both links and elinks are commandline based web browsers and both are available to install from default repositories, no need to replace…
It was a helpful article sir. In Step 17 “Installing Webmin”, after I install it, I am asked to login http://myipaddress:10000.
When I do that, I get “The owner “abc” has configured their website improperly…..”
@Vaishnavi,
Thanks for finding this article useful, could you share the screenshot of the same? it will help us to understand more better about your problem..
For VirtualBox installation, you might need to copy the repository file http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo to /etc/yum.repos.d/. Otherwise, you could get a “No package VirtualBox-X.X available.” error.
@Radix,
Thanks for the tip, will include in the article as suggested..
thanks million for your good post,
i find 2 small mistakes in spelling of commands that maybe because of them some users face problem in copy and paste the commands from the post.
1. “permanent” spell in below section is not correct:
Add service tomcat and default port (8080) through firewall and reload settings.
# firewall-cmd —zone=public —add-port=8080/tcp —permannet
2.reload in below command has just one dash(-):
To add a service say http, temporarily and reload firewalld.
# firewall-cmd –reload
@Mohammad,
Thanks for pointing out those types, corrected in the article..
I’m not sure who wrote this but it seems clear that he/she never attempted to follow her own instructions.
The first step in setting up the network is to invoke
yum install net-tools
yum install requires a functioning network with accessible repositories if using the minimal CD.
These instructions simply won’t ever work with a minimal installation CD.
Cannot connect to X server — not entirely sure what this means.
For people unfamiliar with CLI text editors (vi, vim, nano), etc.
You can configure static IP and hostname in a GUI environment, just type:
# nmtui
Once there, you can edit what you need.
If ‘nmtui’ command not found, install it:
yum install NetworkManager-tui
Done!
My 2 cents…
@Chris,
Thanks for the tip about configuring and setting hostname and IP address using GUI way, hope it will help Desktop Linux users, from me 10 cents to you…:) keep it up..
Good vibrations.
Thanks to you for the great tutorial :-)
Thank You for collecting all that useful and not so useful in one article. :)
Hmm, interesting, how many copypasters have used your sample passwords unchanged? :)
Typos:
# nmap 127.0.01
# visudo
OMG, sorry. visudo isn’t typo ;)
Thanks for the write up, I’m very new to this and it helps a bit. However, when I got to the firewall-cmd commands in step 6 I ran into some problems. Not sure if I did this correct or not but I had to run “yum install firewalld” then start it with “systemctl start firewalld”. Then I had to add a “-” before the arguments (replaced “firewall-cmd -add-service=http” with “firewall-cmd –add-service=http”.
excellent, you debugged the typos and continued the install
as an experienced computer hobbyist, I was able to use this howto with minimal effort, only found some typo’s and all went well
thank you for providing this information in such a well-written format
Hello
my VPS only provide a centos standard version. How to change it to minimal version. What services will be remove?
thank you before…
@Gladwin,
There isn’t any way to go back to minimal version, but you can find and remove unwanted services as explained in these two articles.
https://www.tecmint.com/remove-unwanted-services-in-centos-7/
https://www.tecmint.com/remove-unwanted-services-from-linux/
Plzz provide rhel 7 download links not from redhat but its alternate
Virtual box?! What about the standard KVM?
@Eduardo,
Thanks for suggesting about KVM, I do agree KVM more feature rich virtualization tool than virtualbox. In fact, we’ve already covered a complete series on KVM here.
https://www.tecmint.com/install-and-configure-kvm-in-linux/
Why don’t use “nmcli” and “hostnamectl”? This is a Red Hat standard.
@Eduardo,
Sure we will include both the tools with examples to this list..
Hi,
Your website was very helpful, thank you .
In the Mariadb install section, think to change the following line :
# firewall-cmd –add-service=mysql
to
# firewall-cmd –-add-service=mysql
Regards
@Belkasmi,
That was a really good catch man, corrected in the writeup and thanks for reading the article..
It mustn’t be the best idea to add MySQL as public available service!
For my point of view, the title of this article should be different, Noobies which install all this on their systems might end up with things, not ideally for everybody. Your site has built a huge reputation over time, and you just cannot recommend installing things like java or a compiler on a system, where it might not be explicitly needed!
BUT: Positive to note: You explained mysql_secure_installation, firewalld, and selinux. There are still too may sites out there who forget, or disable this.
How about NTP? That should also be important at least for logging.
@Andy,
Yes i do agree with your point, forgot to mention in the list, no worries here is the article about NTP.
Install and Configure NTP Server/Client in Debian Linux
Install and Configure NTP Server on RHEL/CentOS 7
Synchronize Linux Time with NTP Server on Linux
the reason you installed a minimal OS is to avoid all those unnecessary services. this article just did the opposite.
well i taught us how to do it : )
You have an mistake at Step 7:
echo -e “” > /var/ww/html/phpinfo.php
has to be
echo -e “” > /var/www/html/phpinfo.php
@Andreas,
Good catch, yes it was typo, corrected in the write up..Thanks..
Thanks!
thanks :-)
If you have yum working, wouldn’t most of these be easier to accomplish by doing “groupinstall” of the varios appropriate groups?
Very helpful for me. Thanks for sharing.
Great article, help me to configure some basic stuff and discover others like rkhunter and speedtest-cli
Question, should the static IP address be the private IP of the machine running the VM??
@yemi,
Static IP address is the public IP which is accessible by world over HTTP..
In the three step, why not use “hostname” directly instead of $HOSTNAME?
Good article overall though. Thanks for all the info!
lot of spelling errors in this article for the commands. nmap for example, “# namp 127.0.01” should be “# nmap 127.0.0.1”. the firewall command right after that part, “# firewall-cmd –list-ports” should be “# firewall-cmd –list-ports” (2 – , not 1).
various other mistakes. the screenshots are good, just not the commands in code blocks.
@Cory,
Thanks for the updating us about those errors, we’ve fixed in the writeup..
Thanks alot for sharing such a nice info for manage server.
Welcome Waheed!
Keep connected for more such posts. The best is yet to come.