OS Installation: CentOS 5.8

(1)

OS Install SELinux Firewall Yum Packages Time System Accounts OpenTUSK Software Database

OS Installation: CentOS 5.8

OpenTUSK Training

University of Nairobi

Mike Prentice

[email protected]

Tufts University

Technology for Learning in the Health Sciences

(2)

Outline

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(3)

Resources

• Official website:

http://opentusk.org/

• Wiki documentation:

https://wikis.uit.tufts.edu/confluence/display/

TUSKpub/Home

• Source code:

https://github.com/opentusk/Opentusk

(4)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(5)

CentOS 5.8

• OpenTUSK requires CentOS 5.8

• Web servers on CentOS 5.8 virtual machines

• Database server: MySQL

• Version 5 or higher

• Installation prerequisites:

• Dedicated IP address

• hostname in DNS

• root account password

(6)

OpenTUSK Repository

Configure the OpenTUSK repository for RHEL/CentOS 5.8:

# c u r l - - o u t p u t / etc / yum . r e p o s . d / o p e n t u s k . r e p o

h t t p s :// raw . g i t h u b . com / o p e n t u s k / O p e n t u s k / m a s t e r / i n s t a l l / centos - 5 . 8 / o p e n t u s k . r e p o

(7)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(8)

Disable SELinux

SELinux, or security-enhanced Linux, is on by default in CentOS.

SELinux interferes with the operation of OpenTUSK.

We set SELinux to run in permissive mode:

# sed - i 's/^ SELINUX .*/ SELINUX = permissive /g' / etc / s e l i n u x / c o n f i g

(9)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(10)

Configure the Firewall

Allow connections to http (port 80) and https (port 443):

/etc/sysconfig/iptables

... A RH F i r e w a l l 1 I N P U T m s t a t e s t a t e NEW m tcp p tcp -d p o r t 22 - j A C C E P T A RH F i r e w a l l 1 I N P U T m s t a t e s t a t e NEW m tcp p tcp -d p o r t 80 - j A C C E P T A RH F i r e w a l l 1 I N P U T m s t a t e s t a t e NEW m tcp p tcp -d p o r t 443 - j A C C E P T

A RH F i r e w a l l 1 I N P U T j R E J E C T reject w i t h icmp host -p r o h i b i t e d

C O M M I T

Restart the firewall:

(11)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(12)

Install Packages

Install services and Perl packages needed for OpenTUSK:

# cd / tmp

# c u r l - O

h t t p s :// raw . g i t h u b . com / o p e n t u s k / O p e n t u s k / m a s t e r / i n s t a l l / centos - 5 . 8 / i n s t a l l _ y u m _ p a c k a g e s . b a s h

(13)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(14)

Set the Timezone

Set your local timezone from /usr/share/zoneinfo. For

example, to set Nairobi time:

# rm / etc / l o c a l t i m e

(15)

Update Time

Note: The network time (NTP) steps may not be necessary

depending on your virtual machine setup.

Set the network time using NTP:

(16)

Fix NTP

Edit /etc/ntp.conf to comment out the local clock and add

African NTP servers to the pool:

/etc/ntp.conf

... s e r v e r 0. a f r i c a . p o o l . ntp . org s e r v e r 1. a f r i c a . p o o l . ntp . org s e r v e r 2. a f r i c a . p o o l . ntp . org s e r v e r 3. a f r i c a . p o o l . ntp . org ... # U n d i s c i p l i n e d L o c a l C l o c k . T h i s is a f a k e d r i v e r ... # s e r v e r 1 2 7 . 1 2 7 . 1 . 0 # l o c a l c l o c k # f u d g e 1 2 7 . 1 2 7 . 1 . 0 s t r a t u m 10

(17)

Start NTP

Start/restart the NTP time service:

# / s b i n / s e r v i c e n t p d r e s t a r t

(18)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(19)

tusk

Create tusk user account:

# / usr / s b i n / g r o u p a d d - g 1 1 0 0 t u s k

# / usr / s b i n / u s e r a d d - c 'Tusk ' -u 1100 -g tusk - d / usr / l o c a l / t u s k t u s k

# / usr / s b i n / u s e r m o d - a - G t u s k a p a c h e

(20)

tuskoper

Create a tuskoper account with system privileges:

# / usr / s b i n / u s e r a d d t u s k o p e r

# / usr / s b i n / u s e r m o d - a - G t u s k o p e r wheel , apache , t u s k

# p a s s w d t u s k o p e r

Note: Creating a tusk operator account is optional but

recommended.

(21)

sudo

• Setup sudo for tuskoper and the wheel group with visudo

• Add tuskoper line below root

• Uncomment wheel line

• No spaces, only tabs

/etc/sudoers

...

## A l l o w r o o t to run any c o m m a n d s a n y w h e r e r o o t ALL =( ALL ) ALL

t u s k o p e r ALL =( ALL ) ALL ...

## A l l o w s p e o p l e in g r o u p w h e e l to run all c o m m a n d s % w h e e l ALL =( ALL ) ALL

(22)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(23)

Download OpenTUSK

Download OpenTUSK from Github:

# cd / usr / l o c a l / t u s k

# git c l o n e h t t p s :// g i t h u b . com / o p e n t u s k / O p e n t u s k . git

(24)

Coming Up...

1

OS Install

2

SELinux

3

Firewall

4

Yum Packages

5

Time

6

System Accounts

7

OpenTUSK Software

8

Database

(25)

Start MySQL

Recommended: Secure MySQL root user with the

mysql secure installation command.

Start the MySQL database and add an administrative user:

# / s b i n / c h k c o n f i g m y s q l d on

# / s b i n / s e r v i c e m y s q l d s t a r t

# m y s q l - u r o o t

mysql > g r a n t all on *.* to 'tuskoper '@' localhost ' - > i d e n t i f i e d by '<password >' with grant option ; mysql > f l u s h p r i v i l e g e s ;