Centos Essentials

Introduction

CentOS is a Linux distribution that originates from the source code of Red Hat Enterprise Linux (RHEL). It provides a free, community-supported platform that is binary compatible with RHEL, enabling users to run enterprise‑grade applications without a commercial subscription. The name CentOS is an acronym for Community ENTerprise Operating System. CentOS has traditionally focused on server deployments, but it also supports desktop environments and is used in educational and research settings.

History and Background

CentOS was first released in 2004 as a community project that extracted the sources from RHEL and rebuilt them for public use. The goal was to create a stable operating system that could be used in production environments while remaining free. The project was led by Gregory Kurtzer, who later founded CentOS Linux LLC to formalize the organization. In 2014, CentOS was acquired by Red Hat, which allowed tighter integration with RHEL’s upstream development cycle. The distribution maintained a regular release schedule aligned with RHEL’s major releases, providing users with security updates and bug fixes. In 2020, Red Hat announced a transition to CentOS Stream, a rolling-release model positioned between Fedora and RHEL, marking a significant shift in the distribution’s lifecycle and community focus.

Key Concepts and Terminology

Distribution Philosophy

CentOS embraces the principle of delivering an enterprise‑grade operating system without the cost of a commercial license. The distribution relies on open‑source contributions and community involvement to maintain its codebase. Unlike some other distros that focus on cutting‑edge features, CentOS prioritizes stability, long‑term support, and backward compatibility with RHEL.

Red Hat Enterprise Linux Compatibility

CentOS binaries are built from the same source code as RHEL, resulting in functional equivalence for most applications. This compatibility extends to package naming conventions, library versions, and kernel releases. Users can install software that is certified for RHEL on CentOS without modification, making the distribution attractive for enterprises that require proven reliability.

Repository Structure

The distribution’s package repositories are divided into three primary tiers: Base, Updates, and Extras. The Base repository contains core packages for the initial installation; Updates provide security patches and bug fixes; Extras host additional packages that complement the core system. Advanced users may enable additional repositories such as PowerTools, EPEL, or vendor‑specific channels for extended functionality.

Installation Essentials

System Requirements

Minimum hardware requirements for a standard installation include a 1 GHz processor, 1 GB of RAM, and 20 GB of free disk space. Modern deployments often use virtual machines with multiple vCPUs and increased memory. The installer supports both 64‑bit x86_64 and ARM architectures, though the latter is less commonly used for production servers.

Installation Media

CentOS offers several installation media types: a minimal text installer, a full graphical installer, and ISO images for bootable USB or DVD. The minimal installer provides a command‑line interface suitable for headless servers, while the graphical installer is user‑friendly for desktops or servers accessed through a monitor.

Booting and Installation Process

The installation process begins with booting from the chosen media. Users are presented with language and keyboard options, followed by network configuration. Partitioning can be handled automatically or manually; the default layout includes separate partitions for /boot, /, /home, and swap. The installer installs the kernel, system utilities, and a minimal set of packages necessary for booting.

Post‑Installation Configuration

After the installation, administrators should perform initial configuration steps: setting a root password, creating user accounts, configuring the network, and enabling the firewall. Updating the system with the latest patches via the package manager is recommended before installing additional software. Documentation recommends reviewing the release notes for any critical changes that may affect configuration.

Package Management and Software Lifecycle

YUM/DNF Overview

CentOS uses the DNF package manager, which replaced YUM in later releases. DNF handles package installation, removal, and dependency resolution, leveraging metadata from repositories. Users interact with DNF through command‑line tools, and the system supports transaction logging and rollback.

Repository Management

Repository definitions are stored in /etc/yum.repos.d/. Each repository file contains URLs to metadata and package files. Users can enable or disable repositories by editing these files or by passing options to DNF. The system’s configuration allows caching of metadata to reduce network usage.

Dependency Resolution and Conflict Handling

DNF analyzes dependency graphs to determine the correct set of packages required for installation. It can resolve conflicts by selecting compatible versions or by prompting the user. Users may employ the --skip-broken flag to ignore problematic dependencies or the --best flag to select the most recent compatible packages.

Upgrades and Patching

Regular system updates are performed with the command “dnf update” or “dnf upgrade”. The distribution follows a support model that provides five years of maintenance for each major release. Security updates are prioritized and applied promptly. For critical infrastructure, administrators may schedule updates during maintenance windows to avoid service disruptions.

System Administration Essentials

User and Group Management

CentOS uses standard POSIX utilities for user management. The useradd, usermod, and userdel commands modify the /etc/passwd and /etc/shadow files. Group membership is managed through the groupadd, groupmod, and groupdel commands. Permissions are enforced using file ownership and mode bits, following the traditional read, write, and execute attributes.

File System Hierarchy

The distribution follows the Filesystem Hierarchy Standard (FHS). Core directories include /bin, /sbin, /usr, /var, /etc, and /opt. System files reside in /etc, while user data typically resides in /home. The /var/log directory holds system logs, and /var/run contains runtime information.

Service Management (systemd)

CentOS 7 and later use systemd as the init system. Services are defined by unit files located in /usr/lib/systemd/system/ or /etc/systemd/system/. The systemctl command starts, stops, restarts, and enables services. Dependencies between services are expressed in unit files using directives such as After= and Wants=.

Logging and Monitoring

The system logs are collected by the rsyslog daemon and stored in /var/log. Syslog facilities include kernel, mail, daemon, and user. Administrators may employ monitoring tools such as collectd, nagios, or Prometheus to track system metrics. Log rotation is managed by logrotate, configured through /etc/logrotate.d.

Security Hardening Practices

SELinux Configuration

Security‑Enhanced Linux (SELinux) is enabled by default and operates in enforcing mode. The policy governs access controls for processes, files, and network sockets. Administrators can check status with “sestatus” and modify policies using the semanage command. Custom policy modules are created with audit2allow and loaded via semodule.

Firewall Setup

CentOS uses firewalld as the default firewall manager. Zones define network interfaces and traffic profiles. The firewall is configured through the firewall-cmd command or by editing /etc/firewalld/zones/*.xml files. Rules include port allowances, service definitions, and masquerading for NAT.

SSH Hardening

The OpenSSH daemon is configured in /etc/ssh/sshd_config. Common hardening steps include disabling root login, enforcing key‑based authentication, and restricting port numbers. The service is restarted with “systemctl restart sshd” after configuration changes.

Patch Management

Automated patching can be enabled using tools like yum-cron or dnf-automatic. Administrators should review update proposals, apply critical patches promptly, and maintain a backup of the system prior to large upgrades.

Networking Essentials

Network Interface Configuration

Network interfaces are defined in /etc/sysconfig/network-scripts/ifcfg-*. The configuration file includes IPADDR, NETMASK, GATEWAY, and DNS settings. The network service can be restarted with “systemctl restart network” to apply changes.

DHCP and Static IP

DHCP clients obtain configuration automatically, while static IPs are configured by setting the IPADDR parameter. For dual‑stack environments, IPv6 parameters such as IPV6INIT=on and IPV6ADDR are specified.

Routing and Forwarding

Routing tables are managed through the ip command or by editing /etc/iproute2/rt_tables. Packet forwarding is enabled by setting the kernel parameter net.ipv4.ip_forward=1 in /etc/sysctl.conf. Changes are applied with “sysctl -p”.

Network Services

CentOS supports a range of services: DNS via bind, DHCP via dhcpd, file sharing via NFS, and web serving via Apache or Nginx. Configuration files reside in /etc/named, /etc/dhcpd, /etc/exports, and /etc/httpd or /etc/nginx, respectively.

Storage Management

Disk Partitioning and Filesystems

Common filesystems include ext4, XFS, and Btrfs. Disk partitioning is performed with fdisk, gdisk, or cgdisk. The /etc/fstab file defines mount points and filesystem options. Systemd‑based units such as dev‑sda1.mount can be used for dynamic mounting.

LVM and Logical Volume Management

Logical Volume Manager (LVM) allows dynamic resizing of logical volumes. Physical volumes (PVs) are created with pvcreate, grouped into volume groups (VGs) using vgcreate, and logical volumes (LVs) are managed with lvcreate, lvextend, or lvreduce.

RAID and Redundancy

Software RAID is implemented with mdadm. Arrays can be created for mirroring (RAID 1), striping (RAID 0), or parity (RAID 5/6). Configuration files are stored in /etc/mdadm.conf, and the system can assemble arrays automatically at boot.

Mount Points and /etc/fstab

The /etc/fstab file contains entries for all filesystems to be mounted during boot. Each line includes the device, mount point, filesystem type, options, and dump/fstyp values. The mount command can be used to mount or unmount filesystems on demand.

Virtualization and Containerization

KVM and Libvirt

CentOS includes the Kernel Virtual Machine (KVM) module for full virtualization. Libvirt provides an API to manage virtual machines, stored in /etc/libvirt/qemu/ and accessed with virsh. Images can be created using qemu-img and defined in XML domain files.

Docker and Podman

Docker is traditionally installed via the Docker CE repository, but CentOS recommends using Podman, a daemonless container engine. Podman shares the same command syntax as Docker, providing image build, run, and push capabilities. Containers are isolated using namespaces and cgroups.

Other Container Platforms

CentOS supports OpenShift, a Kubernetes‑based platform, by installing the Red Hat OpenShift Origin (ROSA) stack. Kubernetes components such as kubelet, kubeadm, and kubectl are available through the official repositories. The system can host multiple container runtimes concurrently.

Backup Strategies

System Snapshotting

Tools such as rsnapshot or Btrfs snapshots can capture the state of the filesystem. Snapshots are created using the snapshot command (for Btrfs) or by cloning logical volumes (for LVM). Restoration involves rolling back the snapshot or recreating the logical volume from a backup.

Database Backup

Database engines like MySQL, MariaDB, or PostgreSQL use logical backup utilities: mysqldump, mariadb‑dump, or pg_dump. Physical backups involve copying data directories or using filesystem‑level snapshots. Incremental backups are scheduled during low traffic periods.

Off‑site Replication

rsync can synchronize data between primary and secondary servers over SSH. The command “rsync -avz” preserves permissions, timestamps, and compresses data. Cron jobs or systemd timers can automate replication tasks.

Software Licensing Considerations

License Types

CentOS is a free, community‑driven distribution derived from the source of Red Hat Enterprise Linux (RHEL). The distribution provides open‑source software under licenses such as GPL v3, LGPL, or MIT. Vendors may provide proprietary packages under separate licenses.

License Compliance

Compliance involves ensuring that all installed packages and code modules respect their license terms. Tools like rpm‑verify can detect modifications to installed files. The system’s documentation includes a section on license compliance, advising administrators to maintain a manifest of installed software.

Dual‑licensing Models

Some vendors offer dual‑licensing for commercial and open‑source releases. For example, certain enterprise software may be available under a GPL v3 license for community use and a commercial license for enterprise support. Administrators must adhere to the terms of each license when deploying such software.

Open Source vs. Proprietary

Open‑source components are freely available and community‑maintained, while proprietary components require a vendor license. The vendor’s documentation details the installation and activation process, often involving registration or license key entry. The system’s update process for proprietary packages remains governed by the vendor’s repository configuration.

Network File System (NFS) Setup

Server Configuration

To expose directories via NFS, create an exports file entry: “/srv/nfs *(rw,sync,no_subtree_check)”. The NFS server is started with “systemctl enable --now nfs-server”. After restarting the export daemon with “exportfs -ra”, clients can mount the exported path.

Client Configuration

Clients mount the NFS share with the command “mount -t nfs4 server:/srv/nfs /mnt/nfs”. The mount point can be persisted in /etc/fstab for automatic mounting at boot. The nfs-common package provides client utilities such as rpcinfo and showmount.

Performance Considerations

Using the -o rsize=1048576 and wsize=1048576 options increases read/write buffer sizes. Setting tcp_nodelay in the options may reduce latency for small transactions. Clients can specify the port via port=2049 to match server configuration.

Security Measures

Mounting over TCP requires secure transport. Administrators may configure Kerberos authentication or restrict access to specific IP addresses in /etc/exports. The NFS server’s firewall rules should allow the NFS port (2049) and any required ports for mounting.

Software and Hardware Licensing

Enterprise Support Licenses

Red Hat Enterprise Linux (RHEL) offers support contracts that cover bug fixes, security patches, and access to the vendor’s support portal. The subscription can be managed via Red Hat Subscription Manager and accessed through the RHN portal.

Open Source Licensing

All core packages are distributed under open‑source licenses. Users may freely distribute and modify the code within the bounds of the license. Documentation recommends consulting the SPEC files for each package to verify licensing terms.

Vendor Licensing

Third‑party software may be distributed under a proprietary license requiring activation. Installation typically involves adding the vendor repository, importing GPG keys, and installing the license manager. Documentation includes step‑by‑step instructions for each vendor.

Conclusion

CentOS 9 Stream provides a robust, stable environment for modern enterprise deployments. The distribution’s emphasis on long‑term support, comprehensive package management, and security hardening ensures that administrators can maintain a reliable platform. The documentation offers extensive guidance on installation, configuration, and advanced features, making it suitable for a wide range of use cases from simple servers to complex virtualized environments.

Search

Table of Contents