CentOS 8 minimal installation on RPi 3+ πŸ‡¬πŸ‡§

Installation

CentOS tuto for installation on RaspberryPi ΒΉ Β².

Just for memory: Fedora link for arm architecture.

SSH

To know ip on local network:

arp -a

Hosts

On the client machine add the server ip address in /etc/hosts.

Add to known hosts

ssh-keyscan mycentos8 >> ~/.ssh/known_hosts

After, edit the file to keep the ecdsa line.

Repo

Install EPEL Repo

dnf info epel-release
dnf install epel-release

Adduser

Adduser

adduser <username>
passwd <username>

Adding user to group wheel:

gpasswd -a <username> wheel

Manage users and groups.

Change shell for zsh

usermod --shell /bin/zsh <username> 

Oh-my-zsh

Install Oh-my-zsh:

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

Copy theme 'amuse' to the same folder for '01amuse'

vim ~/.zshrc
ZSH_THEME='01amuse'

Add information to the ligne PROMPT= without delete previous options (more tips here):

vim ~/.oh-my-zsh/themes/01amuse.zsh-theme 
PROMPT='[...keep prev...]%{$fg[magenta]%}%n%{$reset_color%} at %{$fg[yellow]%}%m%{$reset_color%}'

Use plugins:

plugins=(git dnf history tmux)

Note : elements in zsh arrays are separated by spaces.
Do not use commas.

Execute sudo without Password

Open a Terminal window and type:

sudo visudo

In the bottom of the file, add the following line:

$USER ALL=(ALL) NOPASSWD: ALL

Where $USER is your username on your system.

Or, in my case, uncomment :

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

SSH keys

First create a ssh rsa key on computer:

ssh-keygen -t rsa

Then :

ssh myuser@server.com mkdir .sshscp ~/.ssh/id_rsa.pub myuser@server.com:.ssh/authorized_keys

GitHub

Use SSH keys

First, check if existing SSH keys are present:

ls -al ~/.ssh

Generate key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Start the SSH agent in background:

eval "$(ssh-agent -s)"

Add the SSH private key to the ssh-agent:

ssh-add ~/.ssh/id_rsa

Copy the public key to the clipboard and paste it in Github.

To test the connection:

ssh -T git@github.com

Personnalize motd

Edit motd file:

vim /etc/motd

For ASCII check this site.

Or, much better, create motd.sh in /etc/profile.d/ with:

#!/bin/sh
#

printf "\n"
printf "    β”Œβ”¬β”β”¬ β”¬β•”β•β•—β”Œβ”€β”β”Œβ”β”Œβ”Œβ”¬β”β•”β•β•—β•”β•β•—\n"
printf "    β”‚β”‚β”‚β””β”¬β”˜β•‘  β”œβ”€ β”‚β”‚β”‚ β”‚ β•‘ β•‘β•šβ•β•—\n"
printf "    β”΄ β”΄ β”΄ β•šβ•β•β””β”€β”˜β”˜β””β”˜ β”΄ β•šβ•β•β•šβ•β•\n"
printf "       β•”β•¦β•—β”¬β”Œβ”€β”β”¬β”Œβ”€β”Œβ”€β”β”Œβ”€β”β”¬\n"
printf "       β•‘β•‘β•‘β”‚β”‚  β”œβ”΄β”β”œβ”€β”€β”œβ”€ β”‚\n"
printf "       β•© β•©β”΄β””β”€β”˜β”΄ β”΄β”΄ β”΄β””β”€β”˜β”΄β”€β”˜\n"

printf "\n"
printf "\t- %s\n\t- Kernel %s\n" "$(cat /etc/redhat-release)" "$(uname -r)"
printf "\n"



date=`date`
load=`cat /proc/loadavg | awk '{print $1}'`
root_usage=`df -h / | awk '/\// {print $(NF-1)}'`
memory_usage=`free -m | awk '/Mem:/ { total=$2 } /buffers\/cache/ { used=$3 } END { printf("%3.1f%%", used/total*100)}'`
swap_usage=`free -m | awk '/Swap/ { printf("%3.1f%%", "exit !$2;$3/$2*100") }'`
users=`users | wc -w`
time=`uptime | grep -ohe 'up .*' | sed 's/,/\ hours/g' | awk '{ printf $2" "$3 }'`
processes=`ps aux | wc -l`
ethup=$(ip -4 ad | grep 'state UP' | awk -F ":" '!/^[0-9]*: ?lo/ {print $2}')
ip=$(ip ad show dev $ethup |grep -v inet6 | grep inet|awk '{print $2}')

echo "System information as of: $date"
echo
printf "System load:\t%s\tIP Address:\t%s\n" $load $ip
printf "Memory usage:\t%s\tSystem uptime:\t%s\n" $memory_usage "$time"
printf "Usage on /:\t%s\tSwap usage:\t%s\n" $root_usage $swap_usage
printf "Local Users:\t%s\tProcesses:\t%s\n" $users $processes
echo

[ -f /etc/motd.tail ] && cat /etc/motd.tail || true

(Idea from here.)

Vim

Config

File .vimrc:

# choose theme color
colo desert

# enable syntax highlighting
syntax on

# set mouse
set mouse=a

# you can show line numbers
set number

# show the editing mode on the last line
set showmode

# tell vim to keep a backup file
set backup

# tell vim where to put its backup files but the file must be created
set backupdir=~/.vim_backup/

# tell vim where to put swap files
# set dir=/private/tmp

# i don't use autoindent, but here's how to configure it:
# set autoindent

# highlight matching search strings
# set hlsearch

# make searches case insensitive
# set ignorecase

Plugins

Vim-powerline

sudo dnf install vim-powerline

Tmux

Installation

Tmux is a Terminal Multiplexer. It enables a number of terminals to be created, accessed and controlled from a single screen.

Install with dnfi tmux -y to get version 1.8, but there isn't plugins available... so, see next!

Build Tmux

Source here.

First, install C compiler:

sudo dnf install -y gcc

Build Libevent

Libevent source releases.

wget https://github.com/libevent/libevent/releases/download/release-2.1.8-stable/libevent-2.1.8-stable.tar.gz
tar zxvf libevent-*.tar.gz
cd libevent-2.1.8-stable
mkdir -p $HOME/.local
./configure --prefix="$HOME/.local"
make -j && make install

Build Ncurses

Ncurses source releases.

wget http://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.1.tar.gz
tar zxvf ncurses-6.1.tar.gz
cd ncurses-6.1
./configure --prefix="$HOME/.local"
make -j && make install

Build Tmux

Tmux source releases.

wget https://github.com/tmux/tmux/releases/download/2.8/tmux-2.8.tar.gz
tar zxvf tmux-2.8.tar.gz
cd tmux-2.8
./configure --prefix=$HOME/.local \
 > CPPFLAGS="-I$HOME/.local/include -I$HOME/.local/include/ncurses" \
 > LDFLAGS="-L$HOME/.local/lib"
make -j && make install
export PATH=$HOME/.local/bin:$PATH
export LD_LIBRARY_PATH=/home/mickael/.local/lib 

To make folders persistent:

echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.zshrc
echo 'export LD_LIBRARY_PATH=$HOME/.local/lib' >> ~/.zshrc

Chech with :

$PATH
env | grep '^LD_LIBRARY_PATH'

Configuration

First param

Edit an other configuration file:

vim ~/.tmux.conf

Here an example of config's file.

And write:

# C-b is not acceptable -- Vim uses it
set-option -g prefix C-a
bind C-a last-window

# windows starts at 1
set -g base-index 1
set -g pane-base-index 1

# display messages for a second
set -g display-time 2500

# List of plugins
#set -g @plugin 'tmux-plugins/tpm'
#set -g @plugin 'tmux-plugins/tmux-sensible'

# Mouse support - set to on if you want to use the mouse
set -g mode-mouse on

# Toggle mouse mode to allow mouse copy/paste
# set mouse on with prefix m
bind m \
set -g mouse on \; \
	display-message "Mouse: ON"
# set mouse off with prefix M
bind M \
set -g mouse off \; \
	display-message "Mouse: OFF"

# bind reload
bind r source-file ~/.tmux.conf

# Use Vi mode
set -g mode-keys vi

# Other examples:
# set -g @plugin 'github_username/plugin_name'
# set -g @plugin 'git@github.com/user/plugin'
# set -g @plugin 'git@bitbucket.com/user/plugin'

# Initialize TMUX plugin manager (keep this line at the very bottom of tmux.conf)
#run -b '~/.tmux/plugins/tpm/tpm'

It gives access to vim keys:

Function vi Function vi
Back to indentation ^ Half page up C-u
Clear selection Escape Next page C-f
Copy selection Enter Next word w
Cursor down j Paste buffer p
Cursor left h Previous page C-b
Cursor right l Previous word b
Cursor to bottom line L Quit mode q
Cursor to middle line M Scroll down C-Down or J
Cursor to top line H Scroll up C-Up or K
Cursor up k Search again n
Delete entire line d Search backward ?
Delete to end of line D Search forward /
End of line $ Start of line 0
Goto line : Start selection Space
Half page down C-d

Second param

Edit the tmux.plugin.zsh.

vim ~/.oh-my-zsh/plugins/tmux/tmux.plugin.zsh

Set autostart:

# Automatically start tmux
: ${ZSH_TMUX_AUTOSTART:=true}

Full:

if ! (( $+commands[tmux] )); then
  print "zsh tmux plugin: tmux not found. Please install tmux before using this plugin." >&2
  return 1
fi

# ALIASES

alias ta='tmux attach -t'
alias tad='tmux attach -d -t'
alias ts='tmux new-session -s'
alias tl='tmux list-sessions'
alias tksv='tmux kill-server'
alias tkss='tmux kill-session -t'

# CONFIGURATION VARIABLES
# Automatically start tmux
: ${ZSH_TMUX_AUTOSTART:=true}
# Only autostart once. If set to false, tmux will attempt to
# autostart every time your zsh configs are reloaded.
: ${ZSH_TMUX_AUTOSTART_ONCE:=true}
# Automatically connect to a previous session if it exists
: ${ZSH_TMUX_AUTOCONNECT:=true}
# Automatically close the terminal when tmux exits
#: ${ZSH_TMUX_AUTOQUIT:=$ZSH_TMUX_AUTOSTART}
: ${ZSH_TMUX_AUTOQUIT:=false}
# Set term to screen or screen-256color based on current terminal support
: ${ZSH_TMUX_FIXTERM:=true}
# Set '-CC' option for iTerm2 tmux integration
: ${ZSH_TMUX_ITERM2:=false}
# The TERM to use for non-256 color terminals.
# Tmux states this should be screen, but you may need to change it on
# systems without the proper terminfo
: ${ZSH_TMUX_FIXTERM_WITHOUT_256COLOR:=screen}
# The TERM to use for 256 color terminals.
# Tmux states this should be screen-256color, but you may need to change it on
# systems without the proper terminfo
: ${ZSH_TMUX_FIXTERM_WITH_256COLOR:=screen-256color}
# Set the configuration path
: ${ZSH_TMUX_CONFIG:=$HOME/.tmux.conf}
# Set -u option to support unicode
: ${ZSH_TMUX_UNICODE:=false}

# Determine if the terminal supports 256 colors
if [[ $terminfo[colors] == 256 ]]; then
  export ZSH_TMUX_TERM=$ZSH_TMUX_FIXTERM_WITH_256COLOR
else
  export ZSH_TMUX_TERM=$ZSH_TMUX_FIXTERM_WITHOUT_256COLOR
fi

# Set the correct local config file to use.
if [[ "$ZSH_TMUX_ITERM2" == "false" && -e "$ZSH_TMUX_CONFIG" ]]; then
  export ZSH_TMUX_CONFIG
  export _ZSH_TMUX_FIXED_CONFIG="${0:h:a}/tmux.extra.conf"
else
  export _ZSH_TMUX_FIXED_CONFIG="${0:h:a}/tmux.only.conf"
fi

# Wrapper function for tmux.
function _zsh_tmux_plugin_run() {
  if [[ -n "$@" ]]; then
    command tmux "$@"
    return $?
  fi

  local -a tmux_cmd
  tmux_cmd=(command tmux)
  [[ "$ZSH_TMUX_ITERM2" == "true" ]] && tmux_cmd+=(-CC)
  [[ "$ZSH_TMUX_UNICODE" == "true" ]] && tmux_cmd+=(-u)

  # Try to connect to an existing session.
  [[ "$ZSH_TMUX_AUTOCONNECT" == "true" ]] && $tmux_cmd attach

  # If failed, just run tmux, fixing the TERM variable if requested.
  if [[ $? -ne 0 ]]; then
    if [[ "$ZSH_TMUX_FIXTERM" == "true" ]]; then
      tmux_cmd+=(-f "$_ZSH_TMUX_FIXED_CONFIG")
    elif [[ -e "$ZSH_TMUX_CONFIG" ]]; then
      tmux_cmd+=(-f "$ZSH_TMUX_CONFIG")
    fi
    $tmux_cmd new-session
  fi

  if [[ "$ZSH_TMUX_AUTOQUIT" == "true" ]]; then
    exit
  fi
}

# Use the completions for tmux for our function
compdef _tmux _zsh_tmux_plugin_run
# Alias tmux to our wrapper function.
alias tmux=_zsh_tmux_plugin_run

# Autostart if not already in tmux and enabled.
if [[ -z "$TMUX" && "$ZSH_TMUX_AUTOSTART" == "true" && -z "$INSIDE_EMACS" && -z "$EMACS" && -z "$VIM" ]]; then
  # Actually don't autostart if we already did and multiple autostarts are disabled.
  if [[ "$ZSH_TMUX_AUTOSTART_ONCE" == "false" || "$ZSH_TMUX_AUTOSTARTED" != "true" ]]; then
    export ZSH_TMUX_AUTOSTARTED=true
    _zsh_tmux_plugin_run
  fi
fi

Plugins

Various app

Security

SSH Key authentication

From Nicolas Kovacs from microlinux.fr.

From host machin (it takes a while):

ssh-keygen -t rsa -b 16384
> Generating public/private rsa key pair.
> Enter file in which to save the key (/Users/mickael/.ssh/id_rsa): 
> Enter passphrase (empty for no passphrase): 
> Enter same passphrase again: 
> Your identification has been saved in /Users/mickael/.ssh/id_rsa.
> Your public key has been saved in /Users/mickael/.ssh/id_rsa.pub.
> The key fingerprint is: [...]

Send public key to the distant server:

ssh-copy-id -i .ssh/id_rsa.pub mycentos               
> /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
> /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
> /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
> <username>@mycentos's password: 

> Number of key(s) added:        1

> Now try logging into the machine, with: "ssh 'mycentos'" and check to make sure that only the key(s) you wanted were added.

Connect and check:

ssh mycentos 
> Last login: Tue Apr 28 14:01:03 2020 from 192.168.1.198

cat ~/.ssh/authorized_keys

GPG Keys

Check gpg keys:

gpg --list-keys

Create:

gpg --gen-key

Re-check.

Echanging key:

# For export
gpg --output <name>.gpg --export <UID>
# For ASCII format
gpg --armor --export <UID>

Edit ~/.zshrc and add:

# Fix gpg passphrase
export GPG_TTY=$(tty)

To test:

echo "test" | gpg2 --clearsign

Packages

Packages search for Linux & Unix.

Nmap

Nmap is one of the most popular tools for network mapping. You can discover active hosts within a network, and a wide range of other detection features. Nmap has functions for host discovery, port scanning, OS detection, app versions, and other scripting interactions.

sudo dnf install -y nmap

Others

Configuration

Check

For check open ports and write it in a file:

mkdir tmp
nmap -p 0-65535 portquiz.net > tmp/nmaptest
grep filtered tmp/nmaptest

Git

Config

Git tools - signing your work

git config --global user.email <user@exemple.com>
git config --global user.name <Username>
git config --global user.signingkey = <UID>
git config --global color.ui = always
git config --global color.branch = always
git config --global color.diff = always
git config --global color.interactive = always
git config --global color.status = always
git config --global push.default = simple
git config --global gpg.program = gpg2
git config --global commit.gpgSign = true

To get in .gitconfig:

[user]
        email = <user@exemple.com>
        name = <Username>
        signingkey = <signingkey>
[color]
        ui = always
        branch = always
        diff = always
        interactive = always
        status = always
[push]
        default = simple
[gpg]
        program = gpg2
[commit]
        gpgSign = true

Tips

Zsh

var="$HOME/.oh-my-zsh" ; find "$var" | while read -r line; do echo "$var/$line"; done >> ~/.gitignore
h >> "~/list-$(date '+%s').txt"
mkdir "<folder>" && cd "$_"
mkcdir ()
{
    mkdir -p -- "$1" &&
	cd -P -- "$1"
}

Dnf

Tmux

Git

Vim

pip

Various

Various

Sources

Go further

Todo


RΓ©vision #7
Créé 13 avril 2021 10:51:18 par Mickaël G.
Mis Γ  jour 22 octobre 2022 06:58:02 par MickaΓ«l G.