[This post is now fairly obsolete and has a few problems. I am in the process of re-writing it. It should still lead you to a fully functioning CentOS 6 system, but overlooks some significant parts, so use due diligence and read up on topics as you go along!]
This post is intended as a guide to Linux beginner-enthiasts to the basic setup pitfalls when performing a minimal install of the Community Enterprise OS, and point out some basic command line techniques that every Linux user should know. CentOS minimal, as its name implies, is very minimalistic, and does not ship with a nice graphical interface, but instead drops you in the command line after installation.
Here’s what I’ll cover:
- Download and install
- Create a user and add to sudoers
- A note on SSH
- First basic YUM operations
- GUI installation
- Apache installation and locations
- Opening the Firewall: iptables
- rpm, make and ndiswrapper – driver installation
Download and Install
The CentOS Mirror page lists various sites where you can download the CentOS binary. Once you’ve found a site close to you, hunt the tree for …/6.6/isos/i386/CentOS-6.6-i386-minimal.iso (for 32-bit, or choose the x64 path under isos/)
Also, download VirtualBox from Oracle, or VMWare Player (which since version 3 can create VMs). I won’t cover VM creation in depth here, but it’s pretty straight forward with both programs. For the VirtualBox primer, see my previous tutorial on the topic. Things to keep in mind:
- You can load ISOs straight as discs in a VM, look under the Disks or Storage section of a virtual machine before you start it, you should be offered the option to choose a disk image.
- For the purposes of this post, when setting up network, you can use Bridged to give the machine an IP directly with the network – it shortens network connectivity explanations between host and guest.
Boot the VM with the CentOS ISO in the virtual CD slot – you’ll be given a basic graphical interface for running the install. Click, click, very simple, it’s mostly a matter of clicking “Next” all the way through. If you’re in a new VM (you should be) just opt to erase the virtual drive (default setting). You’ll be asked to set the root password at this point. Remember it – it’s the Master Key to your system.
Once the installation is run, you’ll be prompted to reboot. Do it.
When the system comes back up, you’ll be asked to log in – use the user “root” and enter the root password – use that Master Key I mentioned previously. You are now logged in as the root user of the system.
Create a regular user
If you’ve been lurking around Linux before you’ll have heard the age-old adage: NEVER use the computer as root. This is mostly true for desktop systems with which you use “sudo” to perform administrative tasks. On a server however, you generally don’t do anything directly on the computer except set up new programs and perform administrative tasks, in which case you do want to be root most of the time.
For now, let’s create a regular user. Later we will cover logging in via SSH, and we’ll prefer using this user. Let’s assume your name is Motoko — or however you want to be known on this system. To create a regular user for yourself, execute the commands:
adduser motoko passwd motoko
You’ll be asked to provide a password for this user, and then you’ll be asked to provide it again. Note that even if you get any warnings about unsafe passwords, the system will have nevertheless accepted said unsafe password. Of course, try to prefer a strong password.
We will now edit our machine settings so that root cannot log in via SSH. Type the following command:
You are now about to use a powerful but somewhat complex text editor called vi. One of the two most “popular” (widespread) editor on Linux, the other being Emacs. It has two main modes, Command Mode and Edit mode. You start off in command mode, and can use a number of shortcuts to navigate. Press “i” (for “insert”) or “a” (for “append”) to enter Edit mode, press “Esc” to return to Command mode.
Take a look at this cheat sheet for a fuller reference; I will just walk you through the bare essentials.
- You are in command mode
- use the arrow keys to move down to the line that says “Port 22”. If there is a “#” at the beginning of the line, place the cursor on the “#” then press the letter “d” on your keyboard and the right arrow key.
- Now type the “/” character and then the characters “PermitRootLogin“, then press Enter – this will search for the next occurrence of the text we want.
- Remove any preceding “#” character like before. Then type a “$” character to go to the end of the line. Press “a” to start editing, then press the Backspace key 3 times to delete “yes”, then type “no“. Press “Esc” to return to command mode.
- If you are OK with these changes, type “:wq” to [w]rite and [q]uit (include the initial “:” colon character).
- If you made any mistakes, press “u” to undo (remember to press “Esc” if you need to return to Command mode), or “:q!” (in command mode) to quit without saving.
Finally, you need to restart the SSH daemon:
service sshd restart
Now type ‘exit’ to log out of the root account. You will be back at the initial system prompt. Log in as motoko, and provide the password you created for motoko.
Note that if you try to run any important commands now, you will be unable to. You need to return to being the “root” user. Issue the command
and use the root password again. You are once more using the computer as root.
Why enforce this convoluted way of becoming root instead of logging in as root directly? Because it’s two steps to becoming root on the system – you need to know the name of an account for logging in, its password, and then the root password. In terms of time required to log in, it’s an extra couple of seconds; but for machines that are connected to the Internet, this extra layer of protection is cheap, and effective to an extent.
Before we can do anything meaningful on our system, we need to get online, as that’s how updating and installing applications is done nowadays. By default, networks are disabled in CentOS. You can solve this by editing the network scripts. Type:
If this does not work, type `ip addr show` as a command to see your network interfaces (they are numbered, the name directly follows the number. Then run the command `ls /etc/sysconfig/network-scripts/ifcfg-*` to see what config files you have. You should only have 2, one of which is “lo” (which we leave alone – edit the other one using vi).
Edit the required file in vi. Go to the line that reads “ONBOOT=NO” and press ‘i‘ to start editing, then move the cursor to the end of the line, and change it to “ONBOOT=YES”. Press <Esc> and then the same “:wq“, <enter>.
service network restart
This will display the network interface statuses, bringing them down and then back up. Fantastic. Try running the ‘ping’ command to see if your machine can reach Google.com (or whatever external site you choose):
Use the keyboard interrupt command <ctrl>-c to stop the process. This works for pretty much all processes (but not necessarily all – vi being one that doesn’t react to ctrl-c).
A note on SSH
Note that at this point, you can connect to the machine using SSH (and launch any graphical applications later using X11, after installing the X11 group). For Windows users, install Xming and start it, then download PuTTY; Mac users, X11 should already be installed or you can install it from the App Store. Open Terminal to run the built-in ssh client. Linux users, yum install or apt-get install X11.
Run ifconfig in your CentOS to get the IP address of the machine – for example, 192.168.1.9.
In your host system, if you’re on Windows, open the cmd.exe shell and type:
putty -X firstname.lastname@example.org
or simply run putty and edit the connection details under Connection : SSH : X11 to enable forwarding.
OS X and Linux users can open the terminal and run:
ssh -X email@example.com
In both cases, you will be asked if you want to connect, type ‘yes’, the you’ll be asked for the password, enter the motoko password, and voila, you are now logged in from your host system!
VirtualBox users: when you turn on a VM, if you hold the Shift key when clicking the Start button, it will run in “headless” mode – no window will open for it, and you will need to connect via ssh – mimicking connecting to a server that has no monitor!
VMWare does not offer exactly the same functionality; rather, you need to edit your VMWare preferences.ini file to allow you to close a VM window without suspending it – effectively rendering it headless: this post has more details.
First basic YUM operations
Now we can get down to some serious business. The first thing to do is to update your YUM system binaries if you want them to be up to date. YUM is the package management tool in the RedHat family of distros, which updates its dependency maps at each run. Dependency maps inform YUM whether package A depends on package B version 8 or 9, or if dependencies changed, etc, and resolves and manages dependency hell for applications.
As the command runs, it tells you what it’s doing, and should succeed on all counts. If you come from a Debian (incl Ubuntu) background, you might be tempted to think that that command needs to be run before each installation session. Actually, yum updates its index at every run; “yum update” is in reality equivalent to “apt-get upgrade”.
[placeholder – I’ll write up some notes about adding extra repositories; in the mean time, this article gives you a taster – try installing Midori]
We’ll install a couple of tools needed for building things:
yum install gcc make
GCC is for compiling C code, make is for running the standard install scripts typically provided with C code. Do NOT install these on a system that will be exposed directly to the Internet as a server!
At some point you’ll be asked to confirm that you really do want to install the tools. Type ‘y‘ for yes (or ‘n‘ for no), and hit return. The install will then proceed if you answered ‘y’.
The essential YUM operations have been run. For further reference, the following formulas can give you information about other packages:
yum search <package> # attempts to locate a package yum info <package> # gives you info about the named package yum groupinfo <package group> # info about a package group
The minimal CentOS is bare. Very bare. Important packages such as ‘man’ for manual pages, ‘locate’ for finding files by name on an index, and ‘nslookup’ for resolving domain names, are missing. ‘wget’ for downloading from URLs straight from the command line is useful too, and frequently advised during install instructions. We’ll also install the git version control tool for retrieving some useful scripts. Incant thus:
yum install bind man mlocate updatedb wget git updatedb &
updatedb starts indexing your filesystem for locate to use. The ‘&’ indicates to run the process in the background, so it won’t hog the command prompt whilst it goes about its business.
An aside on background processes: to bring a background process to the fore, type ‘fg‘. You can also send a process in the fore to the background by sending the keyboard interrupt <ctrl>-Z (which stops it at the same time) and then typing ‘bg’ which sets it back in motion, in the background. Eventually you might see a notification that the task has completed (at some point later when you press return – for console I/O buffer reasons).
Installing a Desktop Environment
Now let’s see if we can get a nice mouse-driven interface – a graphical user interface (GUI) as it is known. In our case, it will be the Desktop Environment, which draws a desktop (but sometimes not) and manages various window features and facilitates application switching. See here for a number of different desktop environments. Some have everything in one screen, some allow you to open multiple windows; some come with task bars and others not…. lots of different setups.
Before that, I would just like to point out something: if you’re setting up CentOS as a server, consider not ever installing a GUI environment. It’s a waste of memory, space and good command-line learning opportunities. The present section is however useful for understanding how the GUI environment bolts on to a Linux system, hence why we’ll be doing it. COnsider snapshottting your VM now so that you can roll back to a non-GUI state effortlessly.
To install a standard Gnome 2 desktop, simply run a groupinstall command with the four groups as follows:
yum groupinstall basic-desktop desktop-platform X11 fonts
For a description of each, run “yum groupinfo <package group>”, for example “basic-desktop” or “X11”. For other Desktop Environments, try searching for install instructions for Xfce, Lxde and KDE.
Once the previous command is complete, edit the /etc/inittab file:
Go to the line which reads ‘id:3:initdefault’ and change the ‘3’ to ‘5’ (remember, go to the line, press ‘i‘ to edit it, press <esc> to exit editing mode, then type ‘:wq‘ to write out and quit).
Finally, you need to restart. Incant:
For more info, run the command ‘man shutdown‘
Once the machine is back up, log in again as motoko, or whatever you called yourself. Hey look, you now have a graphical login! And a Desktop environment! (Note: does not work via ssh – use the virtual machine’s virtual screen).
Click in the bottom left where you’d expect a Start button (if you were used to Windows!) and choose the system tool, Terminal, to get a command line back.
For some added fun, edit inittab again and return the value to ‘3’, then restart back into the command line mode, login as motoko. Now run the command
You’re back in the Desktop environment! (does not work via ssh) You can use this method of operation to keep a GUI environment lying around just in case. If you log out of this session you will be returned to the command line, as opposed to a login screen.
If you’re interested in hosting web pages, why not start by installing Apache. Incant:
yum install httpd
Unlike in Debian, which installs a package named “apache2”, yum calls the package “httpd” after its daemon.
Once installed, Apache should start on its own. You are also given a tool to start/stop/restart apache, the command ‘apachectl’.
Run ‘man apachectl’ for more info.
If Apache hasn’t started, run ‘sudo apachectl -k start’
For reference, Apache configuration files are in /etc/httpd/conf, create your own in /etc/httpd/conf.d directory. See files in there for reference. The default location for web pages is /var/www/html and /var/www/cgi-bin for CGI scripts
Point wget at your localhost:
wget -S -O - http://127.0.0.1/
The “-S” options causes HTTP headers to print; “-O -” causes the downloaded content to be dumed to the terminal.
If Apache installed with its default pages, you’ll see that download, otherwise you’ll get a “Error 403 Frobidden” message, which is basically Apache telling you you’re not allowed to list directories. Either way, Apache is running. Point wget at any URL location for it to try downloading from there.
Now run the ‘ifconfig eth0’ command to find your CentOS machine’s IP address – say it’s 192.168.1.9 (for example).
Now open a web browser in your host system, and point it at that IP: http://192.168.1.9/
You can’t connect. But the server is indeed working! What happened?
Opening the firewall – IPTables
CentOS has a firewall system managed by the ‘iptables’ command. For a full explanation of iptables, refer to the CentOS Wiki
The wiki has a very good step-by-step, token-by-token tutorial on how to modify IPTables, but I’ll provide here a script that rebuilds the original IPTables rules – should you ever need it! It also contains a section [6.1] where you can add your own rules. You need to run the iptables command with sudo. Note that in the following code, lines starting with “#” are comments and do not need to be run.
# See http://wiki.centos.org/HowTos/Network/IPTables # for more info #  we have connected from a remote machine - make sure # we maintain connection! # add a live rule iptables -P INPUT ACCEPT #  flush current rules table, which closes all external # connections - hence step 1. iptables -F #  add our first rule on incoming connections: # "-m state" load module state # "--state ESTABLISHED,RELATED" any connections that originated # from us # "-j ACCEPT" jump to setting the target action, which is ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #  Accept any input for protocol ("-p") ICMP iptables -A INPUT -p icmp -j ACCEPT #  Accept anything from localhost -- the distinction is not visible in the above dump iptables -A INPUT -i lo -j ACCEPT #  Accept incoming new ssh (tcp port 22) connections ; existing ones are served by rule  iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT # [6.1] XTRA - allow other connections iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -A INPUT -m state --state NEW -p tcp --dport 3306 -j ACCEPT # port 80 is for Apache; 3306 is for MySQL, for example. #  Reject everything else # iptables -A INPUT -j REJECT # original setup iptables -P INPUT DROP # the more correct step #  Reject all forwards (we are not a router) # iptables -A FORWARD -j REJECT # original setup iptables -P FORWARD DROP # the more correct step #  Accept any outgoing traffic iptables -P OUTPUT ACCEPT #  Save the settings we've just defined so that # they apply when we reboot service iptables save
Save that script somewhere.
Alternatively, you can download the same script from my github repo:
git clone https://github.com/taikedz/handy-scripts.git
You should now have a “handy-scripts” directory. Use `ls handy-scripts` to see the contents of the directory. Use `cd handy-scripts/bin` to go to the “bin” directory inside the “handy-scripts” directory. Use `ls` to list the contents of the current (bin) directory.
Use vi to edit firewall and check its contents, modify at will. Save it and choose to run it by simply typing `./firewall`. If you downloaded from the repo, you can also run `./firewall workstation` or `./firewall server` to choose setups more befitting a desktop workstation or a publicly accessible server.
You should see the following:
iptables: Saving firewall rules to /etc/sysconfig/iptables: [OK]
Try accessing your CentOS from your host browser, it should now work!
rpm, make and ndiswrapper – installing drivers
You can download drivers from the net for various devices. My printer happens to be a brother DCP 7010 printer. Brother provide Linux drivers, so I downloaded them as .rpm packages. These are packages that are not in a repository that yum accesses, so we need to use the ‘rpm’ command:
sudo rpm -ivh mypackage.rpm
Easy! Of course, if you see a link to installation instructions, follow those rather than trying to wing it. The above should generally be sufficient though.
For the history: rpm used to be the standard way of installing packages on RedHat systems, but with internet connectivity, packages got moved to repositories instead of CDs and diskettes, and yum now manages access to common RPM files. Only packages not in the repositories need to be installed with the rpm command directly. Debian equivalent is the dpkg command, for .deb files.
make: installing from source code
There are varying opinions on whether using the [make/make config/make install] sequence is a good idea or not, so treat the following instructions as “quick and dirty” rather than best practice. Oftentimes, installing from source will be for advanced usage only, although software that is not available in a repository does tend to be distributed in this manner. I include them here for completeness, but you should generally not be finding yourself doing this until you are properly acquainted with the system.
Note also that ndiswrapper was designed specifically to deal with wireless drivers, not drivers in general.
If the driver you want to install only exists for Windows, you’ll need to locate a Windows XP version, and use ndiswrapper to install it. ndiswrapper provides the driver with a Windows API wrapper which contains the driver, translating its commands to the Linux operating system on the fly.
ndiswrapper only ships as source code though, so we are going to have to build it ourselves: first download it from Sourceforge.
Unpack the resulting .tar.gz file (replace with the actual name of the file):
tar -zxvf ndiswrapper-x.x.tar.gz
This will create a directory ndiswrapper-x.x ; cd into it.
Inside you should find a README and INSTALL file. First read the README.
Always read the README. Read a text file with the ‘less’ command:
Use ‘z‘ to scroll down, use ‘w‘ to scroll up, use ‘q‘ to quit. For more info, run ‘man less‘. You may notice that ‘man’ actually uses ‘less’ to display the manual pages…
My README pointed me to the INSTALL text file, which indicated that I should perform the steps below to compile ndiswrapper. The blog I was following when I was doing this myself gave a different set of instructions that didn’t work (maybe it was for the older version), but of course, the shipped ones did.
Always read the README.
The steps I needed to perform were:
make uninstall make make install
Make is a tool for running build scripts that ship with source code, and it was installed during our first YUM instructions earlier, when we installed “Development Tools”. The switches are simply arbitrary labels, which for our convenience are meaningfully named.
- The first line instructed make to run with a switch named “uninstall” in the makefile script. I suspect that this is a failsafe to remove previous version of ndiswrapper if you’re updating, but I do not wish to wrongly speculate — just run it.
- The next step runs make with no switch – usually, this compiles the source of the applicatino for your own system.
- Finally, run make install – which moves the built binaries to the correct locations and sets up any extra necessary environment variables.
You now can install a Windows XP wireless driver for use by Linux. These all ship in ZIPs that, when unpacked, tend to contain a whole bunch of files, one or several of which carry the ‘.inf’ extension. Locate the appropriate INF file for your purpose, and run:
ndiswrapper -i <driverfile.inf>
Renaming <driverfile.inf> of course.
Onwards – finding help
Here end thus my beginner notes to get up and running with CentOS 6.* minimal install.
There is of course tons more to learn about Linux, but hopefully you’re now well set to continue on your own. Some tips before I send you on your way:
- If you want to try to do something but you don’t know how or why, search first. Try with different phrasings. Anything you read, pay attention to vocabulary, read up on commands you come across even if they seem only remotely related. You may find what you want that way, and you’ll definitely learn something new.
- If you do not know what a command does, read the man page. It is highly recommended you read up on every command you use. Let it digest in your mind the first time. Every time you come back to it, refresh your memory until it’s familiar to you.
- If you’re looking for help, search first, ask later. Linux forums are much less forgiving than general user forums. If you haven’t done your homework and if you don’t say up front what you’ve tried, you won’t get much sympathy. God helps he who helps himself says the old maxim; so is it too with Linux forums.
My only other piece of advice is: when testing in VMs, take snapshots just before making major changes along the way. You’ll thank yourself if you do. Often.