Install Linux Httpd MariaDB PHP on CentOS 6

Install Httpd, open terminal and type in this command:

#yum install -y httpd
Loaded plugins: fastestmirror
Setting up Install Process
....................................................................
Installed:
httpd.x86_64 0:2.2.15-54.el6.centos

Complete!

Start httpd and set always run on reboot with following command

#service httpd start
Starting httpd: [ OK ]
#chkconfig httpd on

Install MariaDB from a repository using yum, before install make sure CentOS packages is up-to-date

#yum -y update

Then add the MariaDB repository

#vi /etc/yum.repos.d/MariaDB.repo

Insert this custom MariaDB 10.1 Stable YUM repository for CentOS 6 (64 Bit).

# MariaDB 10.1 CentOS repository list - created 2016-07-03 19:01 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

MariaDB 10.1 Stable YUM repository for CentOS 6

# MariaDB 10.1 CentOS repository list - created 2016-12-03 16:57 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-x86
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

For complete custom MariaDB repository with linux system version please visit
https://downloads.mariadb.org/mariadb/repositories/

Install MariaDB

#yum install MariaDB-server MariaDB-client -y

Start MariaDB and set to start on every boot.

#service mysql start
#chkconfig mysql on

Secure MariaDB, secure your MariaDB installation with the following checklist
Set (Change) root password
Remove anonymous users
Disallow root login remotely.
Remove test database and access to it.
Reload privilege tables.
Run the secure installation command.

#mysql_secure_installation

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: ENTER YOUR PASSWORD
Re-enter new password: REPEAT YOUR PASSWORD
Password updated successfully!
Reloading privilege tables..
... Success!

Remove anonymous users? [Y/n] y
... Success!

Disallow root login remotely? [Y/n] y
... Success!

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

Thanks for using MariaDB!

Restart MariaDB.

#service mysql restart

Install PHP by open terminal and type in this command:

#yum install php php-mysql php-gd -y

** Install PHP-GD library if necessary, PHP GD is PHP Modules to support manipulating images like imagejpeg, imagedestroy, etc

#service httpd restart

Install Setup Squid HTTP Web Proxy CentOS 6 Server

Install and Setup Squid as HTTP web proxy, squid caching and forwarding to speeding up a web server by caching repeated requests on CentOS 6 Server.

Install Squid from CentOS repositories, make sure sure CentOS 6 Server system is up-to-date

#yum update
#yum install squid

Check it Squid has been installed successfully

#ls -la /etc/squid
drwxr-xr-x  2 root  root   4096 Sep  4 00:15 .
drwxr-xr-x 53 root  root   4096 Sep  4 00:36 ..
-rw-r--r--  1 root  squid   419 Aug  4 07:56 cachemgr.conf
-rw-r--r--  1 root  root    419 Aug  4 07:56 cachemgr.conf.default
-rw-r--r--  1 root  root   1547 Aug  4 07:56 errorpage.css
-rw-r--r--  1 root  root   1547 Aug  4 07:56 errorpage.css.default
-rw-r--r--  1 root  root  11651 Aug  4 07:56 mime.conf
-rw-r--r--  1 root  root  11651 Aug  4 07:56 mime.conf.default
-rw-r--r--  1 root  root    421 Aug  4 07:56 msntauth.conf
-rw-r--r--  1 root  root    421 Aug  4 07:56 msntauth.conf.default
-rw-r-----  1 root  squid  3948 Sep  4 00:14 squid.conf
-rw-r--r--  1 root  root   2425 Aug  4 07:56 squid.conf.default

Configuring Squid as an HTTP web proxy.
Edit the Squid configuration file /etc/squid/squid.conf
This squid configuration set all IP address may connect or using this as HTTP web proxy

# vi /etc/squid/squid.conf

Add the following lines

http_access allow all

Run Squid http web proxy

#service squid start

Setup Squid for anonymous traffic and mask original local IP address.

Add the following lines to Squid configuration file.

#vi /etc/squid/squid.conf
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Save and exit then restart squid for the squid configuration applied changes

#service squid restart

Crontab job auto restart server on memory low CentOS 6 server

VPS Server with little memory is it very important to set up crontab job to automatically restart VPS Server on low memory based on condition. Check how much memory is left on the VPS Server, if 100M memory left then reboot the VPS Server.

Write bash script to checks how much memory is left and reboot the VPS.

#vim restartmemorylow

Below is script for CentOS, for Debian 7/8 find at bottom of this page

#!/bin/bash
mem=$(free -m | awk '/Mem:/{print $4}')
(( mem <= 100 )) && /sbin/shutdown -r now

We also can Swap memory, if less than 100M then reboot VPS Server

#vim restartswapmemorylow
#!/bin/bash
swapmem=$(free -m | awk '/Swap:/{print $4}')
(( swapmem <= 100 )) && /sbin/shutdown -r now

Make the script executable

#chmod +x restartmemorylow
#chmod +x restartswapmemorylow

Add script to the to crontab (make sure path/to/the/script correct)

crontab -u root -e

Check memory low every week  At 01:00 on Sunday (https://crontab.guru)

0 1 * * 0 /restartmemorylow
0 1 * * 0 /restartswapmemorylow

Error occurred and how to solved

Check error by check current mail with following command

tail -f /var/spool/mail/root

If crontab command not found, Install cron with following command

#crontab -u root -e
-bash: crontab: command not found
#yum install vixie-cron crontabs
#chkconfig crond on
#service crond start
#chkconfig --list | grep crond

Low memory script and install cron on Debian 7 / 8

#vim restartmemorylow
#!/bin/bash
mem=$(cat /proc/meminfo | egrep "^MemFree" |awk '{print $2}')
if (( mem <= 51200 )); then
echo "Memory lower than or 10%, so we kill and restart";
/sbin/shutdown -r now
else
echo "Memory is fine"
fi

Make the script executable

#chmod +x restartmemorylow
#apt-get install cron

For all cron jobs that should be executed under a user’s account, you should use crontab -e. For system jobs, you should add a file under /etc/cron.d, if that exists; under /etc/cron.{hourly|daily|weekly|monthly} (but those must not be named like a package name!), if that fits your purpose; or add a line to /etc/crontab. But be aware that /etc/crontab might be overwritten with a system update.

Insert

#crontab -u root -e
0 1 * * 0 root /restartmemorylow

Enable cron log on Debian

#vim /etc/rsyslog.conf

In the file, you will find the following line: #cron.* -/var/log/cron
Uncomment the line (remove the #) and save the rsyslog.conf file

cron.* -/var/log/cron
#service rsyslog restart

After restarting the rsyslog daemon, crontab log entries will appear in the /var/log/cron.log file.

Install Configure VSFTPD on Ubuntu 14

To avoid any error on VSFTPD instalation please make sure Ubuntu 14 server run “apt-get update” on terminal to downloads the package lists from the repositories and “updates” them to get information on the newest versions of packages and their dependencies.

#apt-get update
#apt-get install vsftpd

The next step is to change any configuration settings for vsftpd. Open the /etc/vsftpd.conf file in your preferred text editor:

#vi /etc/vsftpd.conf

Edit the file so it resembles the following:

# Example config file /etc/vsftpd.conf
# ...
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES

The critical settings seen above are outlined below:
listen=YES tells vsftpd to run as a standalone daemon (the simplest method for getting up and running). anonymous_enable=NO disallows anonymous FTP users, which is generally preferred for security reasons but can be enabled for testing purposes.
local_enable=YES allows any user account defined in the /etc/passwd file access to the FTP server and is generally how most FTP users will connect.
write_enable=YES is commented out by default, but removing the hash (#) allows files to be uploaded to the FTP server. chroot_local_user=YES restricts users to their home directory and is also commented out by default.
To begin your testing and make sure everything is working, start with the following settings for the above parameters:

listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
chroot_local_user=YES
Save the vsftpd.conf file then restart the vsftpd service for the changes to take effect:

#service vsftpd restart
vsftpd stop/waiting
vsftpd start/running, process 18954

Testing Your FTP Server
To quickly determine if your server was installed properly and is up and running, try to connect to the FTP server from your active shell, using the name anonymous and a blank password:

#ftp localhost
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

With both anonymous_enable and local_enable set to “YES” in the configuration, you should be able to successfully login to your local FTP server as seen above!
With that out of the way, simply enter quit at the ftp> prompt to cancel out:

ftp> quit
221 Goodbye.

With the test complete, you may wish to disable anonymous access once again by setting anonymous_enable=NO in the /etc/vsftpd.conf file and restarting the service:

#vi /etc/vsftpd.conf

Edit the file to resemble this:

# Set to NO to disable anonymous access
anonymous_enable=NO
sudo service vsftpd restart
vsftpd stop/waiting
vsftpd start/running, process 18996
Adding an FTP User

If this is a new server it may be advisable to add a specific user for FTP access. Doing so is a fairly simple process but begin by creating a new user:

#adduser foobar
Adding user `foobar' ...
Adding new group `foobar' (1000) ...
Adding new user `foobar' (1000) with group `foobar' ...
Creating home directory `/home/foobar' ...
Copying files from `/etc/skel' ...
$ Enter new UNIX password:
$ Retype new UNIX password:
passwd: password updated successfully
Changing the user information for foobar
$ Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
$ Y

With a new user added you can now connect to your server remotely with an FTP client such as FileZilla, but you will immediately run into an error:

Status: Connecting to 104.131.170.253:21...
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 3.0.2)
Command: USER foobar
Response: 331 Please specify the password.
Command: PASS ****************
Response: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

The “500 OOPS” error vsftpd returns is a security measure designed to prevent writable root access for FTP users by default. To resolve this issue there are two main options available.

Allowing Writable User-root Access

The simplest method is to alter the /etc/vsftpd.conf file once again and enable one particular setting:

#vi /etc/vsftpd.conf

Edit the file so it resembles the following:
# Allow users to write to their root directory

allow_writeable_chroot=YES

With allow_writeable_chroot enabled following a service vsftpd restart, you can now successfully FTP into your server remotely as your newly created user:

Status: Connecting to 104.131.170.253:21...
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 3.0.2)
Command: USER foobar
Response: 331 Please specify the password.
Command: PASS ****************
Response: 230 Login successful.

Using Writeable Subdirectories
The other option to maintain slightly stronger security is not to enable allow_writeable_chroot as outlined above, but instead to create a new subdirectory in the user’s root directory with write access:

#chown root:root /home/foobar
#mkdir /home/foobar/uploads
#chown foobar:foobar /home/foobar/uploads
#service vsftpd restart

Now when you connect remotely to your FTP server as the new user, that user will not have write access to the root directory, but will instead have full write access to upload files into the newly created uploads directory instead.

Securing Your FTP With SSL

While standard unencrypted FTP access as outlined so far is sufficient in many cases, when transferring sensitive information over FTP it is useful to utilize a more secure connection using SSL.

To begin you’ll likely need to generate a new SSL certificate with the following command, following the prompts as appropriate to complete the process:

#openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Now you must ensure that vsftpd is aware of the SSL certificate. Open the /etc/vsftpd.conf file once again:

#vi /etc/vsftpd.conf

Look near the bottom of the file for two rsa_ settings like this, indicating the location of the SSL certificate that was just created:

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

If those lines don’t exist or match the appropriate path to the SSL certificate created, update them accordingly.

Additionally, there are a number of configuration settings to handle SSL connections, particularly forcing use of the TLS protocol which is ideal:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Some of the settings are self-explanatory, but the key components are the overall enabling of SSL, the restriction to use only TLS, and disallowing anonymous access.

With the settings added and the file saved, once again restart the vsftpd service:

#service vsftpd restart

Now your FTP server is ready to accept secure connections using “FTP over TLS” encryption. Using a client such as FileZilla, you will be presented with a certificate popup asking to verify the newly created SSL certification.

Upon accepting you will now be securely connected and transfers will be encrypted via SSL:

Status: Connecting to 104.131.170.253:21...
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 3.0.2)
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER foobar
Status: TLS/SSL connection established.
Response: 331 Please specify the password.
Command: PASS ****************
Response: 230 Login successful.

Create Swap Virtual Memory on Centos 6 openVZ

Swap Virtual Memory help vps server with little amount of memory to add more amount of memory with Swap partition. For example, upgrade amount of RAM in system from 512 MB to 1 GB by create Swap partition 512 MB. Please note that not all vps hosting provider granted an VPS based on openVZ to create Swap Virtual Memory

Check physical memory usage, see physical memory free left only 34 MB, not good, vps server may stop working

#free -m
             total       used       free     shared    buffers     cached
Mem:           490        455         34          0         24         73
-/+ buffers/cache:        358        131
Swap:            0          0          0

Check disk space availability

#df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda1        9256088 1475508   7308836  17% /
tmpfs             250996       0    250996   0% /dev/shm

Add a swap file:
Determine the size of the new swap file in megabytes and multiply by 1024 to determine the number of blocks. For example, the block size of a 512 MB swap file is 524288.
At a shell prompt as root, type the following command with count being equal to the desired block size: dd if=/dev/zero of=/swapfile bs=1024 count=524288

#dd if=/dev/zero of=/swapfile bs=1024 count=524288
524288+0 records in
524288+0 records out
524288824 bytes (512 MB) copied, 10.192 s, 105 MB/s
#mkswap /swapfile
mkswap: /swapfile: warning: don't erase bootbits sectors
        on whole disk. Use -f to force.
Setting up swapspace version 1, size = 524288KiB
no label, UUID=d2592b02-8cb8-4892-8a5a-5af7f9654cc1
#swapon /swapfile
#swapon -s
Filename                                Type            Size    Used    Priority
/swapfile                               file            524288 0       -1
#vi /etc/fstab

# Paste this following line at bottom

/swapfile swap swap defaults 0 0

To prevent the file from being world-readable, you should set up the correct permissions on the swap file:

#chown root:root /swapfile
#chmod 0600 /swapfile

Check the result!

#free -m
             total       used       free     shared    buffers     cached
Mem:           490        483          6          0          4        121
-/+ buffers/cache:        357        132
Swap:          511          0        511

Setting timezone on CentOS 6

Check current time zone of your Server

#date
Tue Jul 26 21:07:48 BST 2016

On on CentOS 6 the list of time zone files located at /usr/share/zoneinfo.

#cd /usr/share/zoneinfo
#ls -la
drwxr-xr-x. 20 root root  4096 Jul 10  2015 .
drwxr-xr-x. 63 root root  4096 Jul 25 23:56 ..
drwxr-xr-x.  2 root root  4096 Jul 10  2015 Africa
drwxr-xr-x.  6 root root  4096 Jul 10  2015 America
........................................................

Find the time zone for your location and note of the appropriate folder and file, for example: America/Chicago.
First, make a backup of the existing localtime file. It’s always good practice to make backups of original config files.

#mv /etc/localtime /etc/localtime.bak

Then create the link:

#ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime

Now check the change

#date
Tue Jul 26 16:03:18 EDT 2016

Additional task is make sure the settings stay applied after on reboot

#vi /etc/sysconfig/clock

change the zone line to:

ZONE="America/Chicago"

Install Configure NTP to Synchronize Clocks of System on CentOS 6

NTP (Network Time Protocol) is an Internet protocol used to synchronize the clocks of computers to some time reference. NTP is an Internet standard protocol originally developed by Professor David L. Mills at the University of Delaware.

Install and configure NTP (Network Time Protocol)
NTP package is provided by default on CentOS /RHEL 7 repositories and can be installed with command below

#yum install ntp

Turn on service as daemon, start automatically on rebooot

#chkconfig ntpd on

Start the NTP server, NTP will continuously adjusts system time from upstream NTP server

#/etc/init.d/ntpd start

Enable gzip compression Apache Nginx for faster web speed

Gzip compression helps to reduce the size of transmitted data on Apache Nginx server

There are 2 ways to Enable gzip compression on Apache, with httpd configuration and htaccess

Enable gzip compression n Apache with httpd configuration

By default mod_deflate.so module has been active but we want to make sure and check if mod_deflate.so module has been installed and activate at httpd configuration.

#cat /etc/httpd/conf/httpd.conf | grep deflate
LoadModule deflate_module modules/mod_deflate.so

** If it is commented (#), please remove it (#) out.

Next part is add code below to httpd.conf, these lines can store at the end of the file:

#Enable gzip compression
<ifModule mod_headers.c>
SetOutputFilter DEFLATE
# You can't compress what is already compressed
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary

#Make proxies work as they should.
<ifModule mod_headers.c>
Header append Vary User-Agent
</ifModule>
</ifModule>

Restart Apache to effect the changes

#service httpd restart

Enable gzip compression on Apache with .htaccess by add configuration line below to .htaccess

#Enable gzip compression
<ifModule mod_headers.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

#Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</ifModule>

Enable gzip compression on Nginx by activate gzip on and add some configuration to etc/nginx/nginx.conf

#vi /etc/nginx/nginx.conf

Add this line below to etc/nginx/nginx.conf

#Enable gzip compression
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/x-javascript text/xml text/css application/xml;

 

Enable Keep Alive for faster web speed Apache and Nginx

There are 2 ways to enable Keep Alive On at Apache server, with .htaccess and httpd.conf

Enable keep-alive On at Apache with httpd.conf

Keep Alive Default configuration is Off, we must change it to On

vi /etc/httpd/conf/httpd.conf

Find KeepAlive sentence and edit Off to On

.....................................
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
# KeepAlive Off
KeepAlive On
......................................

Restart Apache to effect the changes

#vi service httpd restart

Enable keep-alive on Apache server with .htaccess

This is alternative if we do not have access to server. Add code below to .htaccess

<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>

Enable keep-alive On Nginx with nginx.conf

By default NGINX supports keep-alive, add this line below to nginx configuration

#vi etc/nginx/nginx.conf
# Keep Alive
keepalive_timeout 65;
keepalive_requests 100000;
sendfile on;
tcp_nopush on;
tcp_nodelay on;

Install MariaDB Server on CentOS 6

Most people said MariaDB better then old MySQL Server, so i decided to migrate Database Server from old MySQL to new MariaDB Server

For brief info MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. It is notable for being led by the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle.

For CentOS system highly recommended to install MariaDB from a repository using yum.
First step make sure list of available CentOS packages is up-to-date before installing by input following commands.

#yum -y update

Then add the MariaDB repository

#vi /etc/yum.repos.d/MariaDB.repo

Insert this custom MariaDB 10.1 Stable YUM repository for CentOS 6 (64 Bit).

# MariaDB 10.1 CentOS repository list - created 2016-07-03 19:01 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

For complete custom MariaDB repository with linux system version please visit

https://downloads.mariadb.org/mariadb/repositories/

Install MariaDB

#yum install MariaDB-server MariaDB-client -y

Start MariaDB and set to start on every boot.

#service mysql start
#chkconfig mysql on

Secure MariaDB, Secure your MariaDB installation. The following checklist shows the steps that will be performed.
Set (Change) root password.
Remove anonymous users.
Disallow root login remotely.
Remove test database and access to it.
Reload privilege tables.
Run the secure installation command.

#mysql_secure_installation
Example output

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: ENTER YOUR PASSWORD
Re-enter new password: REPEAT YOUR PASSWORD
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Restart MariaDB.

#service mysql restart