CentOS SugarCRM install

I'm basing this on a CentOS 6.5 install.

Base system only, no additional peripherals.

Network configuration is in /etc/sysconfig/network-scripts/ifcfg-$INTERFACE . Generally you want ONBOOT=yes. Beyond that RTFM.

yum -y install openssh-clients lsof vim screen nmap links lynx sudo curl wget zsh unzip zip net-snmp mlocate traceroute bind-utils man w3m pciutils rsync wireshark ntpdate ntp mailx cpan telnet

/etc/cron.daily/mlocate.cron                         # build the locate database in advance of needing it

adduser $USER && passwd $USER                        # 

vigr                                                 # add $USER to wheel group 

visudo                                               # let %wheel run anything they want.

That will get you a good base system with a non-privileged $USER which you can use for non-admin tasks.

You can set up a basic firewall like this in /etc/sysconfig/iptables:

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A INPUT -m tcp -p tcp -j REJECT --reject-with tcp-reset

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

Essentially keep state on connections, allow ICMP through, allow localhost to do whatever it wants, allow TCP 22/80/443 (SSH/HTTP/HTTPS) through, reject anything else nicely.

yum -y install mysql mysql-server

wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

rpm -ivh epel-release*

yum -y install phpmyadmin openssl mod_ssl

mysql_install_db

mysql_secure_installation

Go to http://localhost/phpmyadmin/setup/ and configure phpmyadmin. Personally I like to set up a phpmadmin database, a pma user, and import the tables in /usr/share/phpMyAdmin/examples/create_tables.sql . It enables some sweet features within phpmyadmin.

Review /usr/share/doc/mysql-server-*/my-*.cnf to see how to configure mysqld at /etc/my.cnf . At minimum, set server-id (e.g. use last octet of IP) and log-bin (for transactional logs).

Within Apache configuration, I like to modify the SSLCipherSuite directive to include "!LOW:!RC2", KeepAlive On, and 

<filesMatch ".(js|css|png|jpeg|jpg|gif|ico|swf|flv|pdf|zip)$">

Header set Cache-Control "max-age=31536000, public"

</filesMatch>

For SugarCRM install:

yum -y install php-imap

Within /etc/php.ini set date.timezone and session.gc_maxlifetime .

Edit /etc/php.ini and set display_errors=0, max_execution_time=120, memory_limit=512M, post_max_size=30M, upload_max_filesize=30M

If you use SugarCRM to send emails then you want to:

semanage boolean -m --on httpd_can_sendmail