30 things to be done after minimal RHEL/CentOS 7 installation (3)

30 things to be done after minimal RHEL/CentOS 7 installation (3)
30 things to be done after minimal RHEL/CentOS 7 installation (3) 12. install Apache Tomcat

Tomcat is a servlet container designed by Apache to run Java HTTP web servers. Install tomcat as follows, but note that Java must be installed before tomcat is installed.

1. # yum install tomcat

Install Apache Tomcat

After installing tomcat, start the tomcat service.

1. # systemctl start tomcat

View the tomcat version.

1. # /usr/sbin/tomcat version

View tomcat version

Allow tomcat service and default port (8080) to pass through the firewall and reload the settings.

1. # firewall-cmd –zone=public –add-port=8080/tcp --permanent
2. # firewall-cmd –reload

Now it is time to protect the tomcat server by adding a user and password for access and management. We need to edit the file '/etc/tomcat/tomcat-users.xml '. View the following parts:

1. <tomcat-users>
2. ....
3. </tomcat-users>
4. <rolerolename="manager-gui"/>
5. <rolerolename="manager-script"/>
6. <rolerolename="manager-jmx"/>
7. <rolerolename="manager-status"/>
8. <rolerolename="admin-gui"/>
9. <rolerolename="admin-script"/>
10. <userusername="tecmint"password="tecmint"roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
11. </tomcat-users>

Protect Tomcat

Here, we add the user "tecmint" to the tomcat administrator/Management Group and use "tecmint" as the password. Stop and then start the tomcat service for the change to take effect, and add the tomcat service to start with the system.

1. # systemctl stop tomcat
2. # systemctl start tomcat
3. # systemctl enable tomcat.service

Read: install and configure Apache Tomcat 8.0.9 in RHEL/CentOS 7.0/6.x.

13. Install the Nmap monitoring Open Port

The Nmap network er is used to analyze the network and run it to discover the ing between networks. Nmap is not installed by default. You need to install it from the library.

1. # yum install nmap

Install Nmap Monitoring Tool

List all open ports on the host and the services that use them.

1. # namp 127.0.01

! Monitor open ports] (upload/2015_05/150501203416061.jpg)

Monitor open ports

You can also use firewall-cmd to list all ports, but I found nmap is more useful.

1. # firewall-cmd –list-ports

Check open ports in the firewall

Read 29 useful commands for Nmap monitoring open ports

14. Configure FirewallD

Firewalld is a Firewall Service that dynamically manages servers. In CentOS 7, Firewalld removed the iptables service. Firewalld is installed by default in Red Hat Enterprise Linux and its derivative versions. If iptables exists, all old rules need to be cleared for each change to take effect, and then new rules are created.

However, with firewalld, the change takes effect without clearing and re-creating the new rule.

Check whether Firewalld is running.

1. # systemctl status firewalld
2. Or
3. # firewall-cmd –state

Check Firewalld status

Obtain the list of all regions.

1. # firewall-cmd --get-zones

Check Firewalld Region

Obtain the region details before switching.

1. # firewall-cmd --zone=work --list-all

Check area details

Obtain the default region.

1. # firewall-cmd --get-default-zone

Firewalld default Region

Switch to another region, such as 'work '.

1. # firewall-cmd --set-default-zone=work

Switch the Firewalld Region

Lists all services in a region.

1. # firewall-cmd --list-services

List services in the Firewalld Region

Add a temporary service, such as http, and then reload firewalld.

1. # firewall-cmd --add-service=http
2. # firewall-cmd –reload

Add temporary http service

Add permanent services, such as http, and then reload firewalld.

1. # firewall-cmd --add-service=http --permanent
2. # firewall-cmd --reload

 

Add permanent http service

Delete temporary services, such as http.

1. # firewall-cmd --remove-service=http
2. # firewall-cmd --reload

Delete a temporary Firewalld Service

Delete permanent services, such as http

1. # firewall-cmd --zone=work --remove-service=http --permanent
2. # firewall-cmd --reload

Delete permanent service

Allow a temporary port (such as 331 ).

1. # firewall-cmd --add-port=331/tcp
2. # firewall-cmd --reload

Open temporary Port

A permanent port (such as 331) is allowed ).

1. # firewall-cmd --add-port=331/tcp --permanent
2. # firewall-cmd --reload

Open permanent port

Block/remove a temporary port (such as 331 ).

1. # firewall-cmd --remove-port=331/tcp
2. # firewall-cmd --reload

Remove temporary Port

Block/remove permanent ports (such as 331 ).

1. # firewall-cmd --remove-port=331/tcp --permanent
2. # firewall-cmd --reload

Remove permanent port

Disable firewalld.

1. # systemctl stop firewalld
2. # systemctl disable firewalld
3. # firewall-cmd --state

Disable Firewalld Service

Enable firewalld.

1. # systemctl enable firewalld
2. # systemctl start firewalld
3. # firewall-cmd --state

Enable Firewalld

• How to configure 'firewalld' in RHEL/CentOS 7'
• Useful 'firewalld' rules for configuring and managing Firewalld

15. Install Wget

Wget is a command line tool for obtaining (downloading) content from the web server. It is an important tool you need to use the wget command to obtain web content or download any files.

1. # yum install wget

Install Wget

For more information about how to use the wget command to download files on a terminal, see 10 Wget command examples.

16. Install the Telnet Client

Telnet is a network protocol that allows users to log on to another computer on the same network through TCP/IP. After establishing a connection with a remote computer, it becomes a virtual terminal that allows you to use all the permissions provided to you on your computer to interact with the remote host. Do not install the telnet service or use the telnet client to connect to another telnet service unless you really need it, Because telnet is transmitted in plaintext. However, it is a common operation to use the telnet client to check whether the port of another service works .)

Telnet is also useful for checking the listening ports of remote computers or hosts.

1. # yum install telnet
2. # telnet google.com 80

Telnet port check