SysAdmin.MD

Use YUM to retrieve and install the Apache HTTP server and additional components. After that, start the web-server and put it on startup:

yum install httpd httpd-devel
service httpd start
chkconfig httpd on

Next step is securing Apache. Edit the config /etc/httpd/conf/httpd.conf and set:

ServerSignature Off
ServerTokens Prod
ErrorDocument 500 "Internal error"
ErrorDocument 404 "Not found"

First line tells Apache to not display the server version on generated pages. The second one makes the web-server to return only "Apache" in the header response.

Now you ready to Install the PHP module for Apache. The following lines download and install the common PHP with some modules:

yum install php-common php-gd php-mcrypt php-pear php-pecl-memcache php-mhash \
php-mysql php-xml

Next step is securing PHP. Open PHP config file /etc/php.ini and follow the guide Secure existing PHP installation
Restart webserver to load PHP module:

service httpd restart

At this point Apache is ready to serve. The PHP could be tested. Create a file named /var/www/html/1.php with the following contents:

<?php
phpinfo();
?>

Then point your browser to http://x.x.x.x/1.php and check the output.

Next, install MySQL with required packages, start it and put the database server to startup:

yum install mysql mysql-server mysql-devel
service mysqld start
chkconfig mysqld on

Once MySQL is installed, invoke it:

mysql

And change MySQL root password:

mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('pa$$w0rd') WHERE user='root';

Next, drop test database:

mysql> drop database test;
mysql> DELETE FROM user WHERE user = '';
mysql> FLUSH PRIVILEGES;

For security reasons it's often a good idea to have in section [mysqld] of MySQL config file /etc/my.cnf the values:

bind-address=127.0.0.1
local-infile=0
skip-bdb

The first line make MySQL to listen for TCP/IP connections only locally on the loop-back interface. Next line prevents against unauthorized reading from local files. The last line disables support for BerkeleyDB as its support will cease soon.

It is time to restart MySQL to make changes to work:

service mysqld restart

Once LAMP is functional, phpMyAdmin can be installed:

yum install phpmyadmin

If you get the error "No package phpmyadmin available" enable EPEL repository
Restart the Apache webserver to be able to acces phpMyAdmin:

service httpd restart

To test phpMyAdmin you should point your browser to http://x.x.x.x/phpmyadmin

Note: If you want to add a virtual host www.domain.tld to the Apache – follow the below steps.

First of all create directories and set correct permissions:

mkdir -p /home/domain.tld/{public_html,logs}
chown -R apache:apache /home/domain.tld

Open Apache config /etc/httpd/conf/httpd.conf and alter NameVirtualHost directive:

NameVirtualHost ip.address:80

After that add the following VirtualHost container and paste it at the end of the config file:

<VirtualHost ip.address:80>
        ServerAdmin webmaster@domain.tld
        ServerName www.domain.tld
        ServerAlias domain.tld

        DocumentRoot /home/domain.tld/public_html

        <Directory />
                Options -Indexes FollowSymLinks
                AllowOverride None

                Order allow,deny
                allow from all
        </Directory>

        ErrorLog /home/domain.tld/logs/domain.tld-error_log
        CustomLog /home/domain.tld/logs/domain.tld-access_log common
</VirtualHost>

Test if the config syntax is OK and restart Apache:

httpd -t
httpd -D DUMP_VHOSTS
service httpd restart

Cheatsheets centos lamp security