How to setup a full functional CentOS server

Objective: setup a full functional CentOS server step by step, including installation, configuration, hardware monitoring etc
Environment: CentOS 5.6 64bit, HP Proliant server

Part I: Installation
You can choose the following methods for installation:
a. Remote installation
use HP ILO2, either by physical DVD (put physical DVD in the DVD-ROM in datacenter or ISO virtual image (remotely or on local datacenter LAN, put URL here)

b. local installation
use DVD or CD or boot disk/first disk to boot up, then use local cdrom/http/ftp/NFS/VNC methods to install OS
vnc installation URL blog

During installation, use manually configuration, disable IPv6, disable SELinux, you might use google DNS ( and (
For IP netmask configuration, use for references.

After installation, vi /etc/hosts to something like below
--------------               localhost.localdomain localhost  jephe
::1             localhost6.localdomain6 localhost6
c. import GPG key
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Part II: Configuration
a. enable quota

touch /aquota.user /
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

b. configure mysql server
yum install mysql mysql-devel mysql-server
chkconfig --level 2345 mysqld on
service mysqld start
grep mysql /etc/services
netstat -natp | grep
vi /etc/my.cnf to comment out 'skip-networking'
service mysql restart

c. Sendmail with SMTP authentication and TLS

# cd /etc/pki/tls/certs
# make sendmail.pem
# cd /etc/mail
# cp
# cp
# vi

# check if sendmail is compiled with starttls
 sendmail -bt -d0.8 < /dev/null

Find and comment out the line below by adding a 'dnl' before it, as I have done.

dnl DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl

define(`confAUTH_OPTIONS', `A')dnl

Change it to read:

define(`confAUTH_OPTIONS', `A p y')dnl
Next, we'll define the authentication mechanisms. Remove 'dnl' from the beginning of the following lines:


And finally add these lines to specify the certificate path.

DAEMON_OPTIONS(Port=smtps, Name=TLSMTA, M=s')dnl
define(`CERT_DIR', `/etc/pki/tls/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
dnl define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
dnl define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl

# m4 >
# service sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

# openssl s_client -starttls smtp -crlf -connect

Cyrus SASL

The saslauthd daemon is used as an authentication program.
We need to make sure it runs on bootup; to do this, we'll use the chkconfig utility.
(For now, we'll also start it manually.)

# service saslauthd start
Starting saslauthd:                                        [  OK  ]
# chkconfig saslauthd on

Testing Cyrus SASL

Verifying that the Cyrus SASL daemon is operating is very simple:

# testsaslauthd -u username -p password -s smtp
0: OK "Success."

 # find /etc -name dovecot.pem -execdir mv {} dovecot.pem.orig \;
 vi /etc/pki/dovecot/dovecot-openssl.cnf
 # /usr/share/doc/dovecot-1.0.7/examples/
 # cp /etc/dovecot.conf /etc/dovecot.conf.orig
# vi /etc/dovecot.conf
#protocols = imap imaps pop3 pop3s
protocols = imaps
ssl_disable = no

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
# openssl s_client -connect 


c. chroot dns

d. vsftpd