A memorandum when CentOS is installed in VirtualBox and basic settings are made [macOS]

Refer to the following article until CentOS installation.
In this article, I write about things that didn’t go smoothly and what I was wondering about when setting up.

qiita article
I tried installing CentOS 7 using VirtualBox on a Mac
https://qiita.com/nooboolean/items/de4e6bbae5df040177af

environment

MacBook Pro (macOS Catalina version 10.15.6)
VirtualBox 6.1.14
CentOS 8.2

VirtualBox installation

For macOS, select ʻOS x hosts. It seems that the old names of macOS were ʻOS X and Mac OS X.
By the way, the name is OSTEN.

Wikipedia macOS
https://ja.wikipedia.org/wiki/MacOS

Install CentOS image files

In addition to normal CentOS, there is a CentOS stream, but this is for developers, so this time I will install normal CentOS.

Regarding CentOS streams, the following sites were concise and easy to understand.

Think’IT
CentOS Project announces the start of “CentOS Stream”
https://thinkit.co.jp/news/bn/16844

There are three ISOs to download: x86_64, ʻARM64 (aarch64), and ʻIBM Power (ppc64le). Select x86_64 this time.

The above three are a system of instruction words for operating a microprocessor (CPU / MPU).
I don’t know the details, but I decided that there would be no problem for personal use, so I chose the one that I often see.

Select a mirror site that is close to you and install dvd.iso.
The outline of boot.iso and dvd.iso is as follows.

boot.iso
Since it is downloaded from the CDN (*) and installed, it cannot be installed unless it is connected to the Internet. This time I installed a dvd that seems simple.

*CDN Content Delivery Network
A network that enables smooth distribution of content such as files. By arranging cache servers that copy the contents of the origin server all over the world, instead of storing the content to be downloaded only on one original server (origin server), users can use the content from the nearest cache server. Can be downloaded.
As a result, not only the load distribution of the origin server but also the traffic flowing through the entire Internet can be reduced, and the download becomes faster for the user.

Details are below.
Kagoya’s server laboratory
https://www.kagoya.jp/howto/network/cdn/

dvd.iso
It includes all the packages that can be installed from the installer and is commonly used. However, the capacity is large.
minimal.iso
The capacity is small because it contains only the minimum required packages. I will prepare the packages I need later.
~manifest
A document file that only describes the contents of the package.
~torrent
Files available with Torrent client software.
In addition, Torrent is a technology that realizes load distribution by distributing files to multiple servers when downloading one file from the Internet. Many people will be able to download large amounts of data at high speed at the same time. Since the capacity of iso is large, it seems that it is because it can be downloaded at high speed.

Create a virtual machine in VirtualBox

Virtual hard disk capacity

If it was 8GB, it was not enough to install CentOS, so I set it to 20GB.
The capacity required to install CentOS was about 9GB.

optical drive

Controller: Assign dvd.iso to the secondary master of the IDE.

Boot order

When booting after installing the OS, prioritize the hard disk over optics. Or remove the iso assigned to optics. Otherwise, the OS will boot from the optical iso, not from the installed hard disk, and the behavior will be strange.

display

~~ Since it is difficult to use because it is cut off or small, use VBox VGA as the graphics controller. ~~
↑ It’s good halfway, but before and after the installation was completed, the screen glowed colorfully and stopped moving, so I forcibly disconnected. The default VMS VGA is inconvenient because the screen is cut off until the installation is completed, but after the installation is completed, it can be used without being cut off, so there is no need to change the graphics controller. It is not recommended to operate with VBoxVGA because the screen at startup may become colorful (the operation itself was possible as usual).

Settings to enable copy / paste between host ⇄ guest (VirtualBox)

See the site below.
Solve it yourself! If you don’t cry, let’s cry by yourself
Enable copy and paste between host and guest in VirtualBox.
https://onoredekaiketsu.com/copy-and-paste-with-virtualbox/

Changed Settings-> General-> Advanced-> “Clipboard Sharing” and “Drag & Drop” disabled settings. This time it is set in both directions.
In addition, since this setting requires installation of Guest Additions on the CentOS side, refer to” CentOS settings “described later (The above site is Ubuntu, but it is almost the same as the installation on CentOS, and it is easy to understand because it has a photo. .).

Install CentOS on a virtual machine

When restarting after installation, it ends with “VirtualBox VM has terminated for an unexpected reason.” If you select Reopen, a caution statement will be displayed.
In summary, it says, “Specify a machine on the command line and boot.”
Click here for the command in the caution statement.

% VirtualBoxVM --startvm <name | id >

When I followed the instructions, I was able to start.

% VirtualBoxVM --startvm testCentOS

Error display at startup after installing CentOS

ʻERROR Failed to send host log message` is displayed, but it disappears when the graphics controller is set to VBoxVGA.
Instead, as mentioned above, the characters on the screen become colorful and strange. If you want to use VBoxVGA, do it after installing CentOS. It is not recommended to set it to VBoxVGA because it does not matter if an error message is displayed.

CentOS settings

Settings to enable copy and paste between host ⇄ guest (CentOS side)

Click devices → Insert Guest Additions CD Image … on the menu bar and follow the instructions such as entering the password. It will be installed automatically, so when the installation is completed normally, click Activity → File → Guest Additions and select Extract.
When I restarted CentOS at the end, I could copy and paste, but this time it didn’t go smoothly.

The following error occurred during installation.
-There is no kernel header.
Install by referring to here.

Engineer-log
VirtualBox Guest Additions Error Handling (CentOS)
https://engineer-log.net/index.php/2016/06/06/post-281/

root# yum -y update kernel
root# yum -y install kernel-devel kernel-headers 
 gcc gcc-c++

In addition, -y is an option to execute as if all inquiries were answered with Yes. Is this really okay at the time of installation? It means to answer the question on the terminal such as Yes and proceed with the installation.
After installation, shut down CentOS, set Geust Additions to optical in VirtualBox, start it, click Activity → File → Guest Additions, run the software, and say “Install make, perl, gcc.” Error message.

root# yum install make perl gcc
Since there is gcc, I will install other than that.
Install below

After rebooting and running again, the error occurs again.
“Look at the log to see what went wrong.”

Look at /var/log/vboxadd-setup.log to find out what went wrong

Looking at the log, he said, “Please install one of the three.”

/var/log/vboxadd-setup.log

cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y,
please install libelf-dev, libelf-devel or elfutils-libelf-devel

ʻElfutils-libelf-devel` was the only one I could install (there was no other match and I couldn’t install it). When I ran Guest Additions without restarting, the mouse was seamless.
After rebooting, you can copy and paste.

Time setting

You can check the current time zone with the following command.

centos$ timedatectl status

Set in Japan.

centos$ timedatectl set-timezone Asia/Tokyo

Network settings

Reference site.
TaroSky
Summary of what I did when I put CentOS in VirtualBox
https://tarosky.co.jp/tarog/649

VM settings

Settings → Set network adapter 1 to NAT and adapter 2 to host-only adapter. If vboxnet0 is not automatically selected at this time, set the following VirtualBox and then set the adapter 2.
Note that NAT is for connecting to an external NW, and host-only adapter is for connecting to host ⇄ guest (ssh is planned).

VirtualBox settings

Tools → Network
If vboxnet0 has not been created, click Create and vboxnet0 will be created.

CentOS settings

Enter GUI operation with the following command.

centos$ nmtui

-Edit enp0s3 (NAT).
Changed to enable automatic connection to ignore IPv6.
CentOS will be able to connect to the external Internet. NAT treats VirtualBox as a router and allows it to connect to the external Internet.

centos$ ping google.com

Check communication with the outside by such means.

-Edit enp0s8 (host-only adapter)
Set IPv4 manually and set the address. Check the address of vboxnet0 with the ʻifconfig` command on the host OS, and set an address different from that address (in the same segment. You can usually change the last number).
Example) vboxnet0 192.168.56.1/24 Host side IP address
IPv4 address 192.168.56.10/24 Guest side IP address
Also enable automatic connection.
Now you can connect with the guest OS and the host OS.

centos$ ping 192.168.56.1

Check the communication between guest ⇄ guest and host ⇄ guest.

• If the guest → host ping does not work, try pinging after disconnecting the host’s Internet and turning off the host’s firewall.

Creating a general user with root privileges

See below.
qiita article
How to enable general users to execute commands that require root privileges
https://qiita.com/hana_shin/items/fe077d8910dba449b840

Created by user (test1).

root# useradd test1
root# passwd test1
~Set password~

User confirmation.

root# su - test1
test1$ id
~Turns out to be test1~

No password entered.

root# visudo -f /etc/sudoers.d/test
test1 ALL=(ALL) NOPASSWD:ALL

The visudo command is a command to change the sudo authority, and edits the sudoers file that describes the sudo authority setting.
Option -f specifies the sudoers file.

Host name setting

root#nmcli general hostname host name
root# cat /etc/hostname
hostname

Firewall settings

In CentOS8, firewalld and nftables are adopted as firewalls.
A combination of filter conditions called “zone” is created and rules are added.
Here, icmp, ssh, tcp are allowed, and ssh, tcp are allowed only from the host.

RemSystem Techlog
Basics of server construction 12 items to set after installing CentOS Linux 8
https://www.rem-system.com/centos8-first-settings/

First, check the currently set zone.

root# firewall-cmd --get-default-zone
　public
root# firewall-cmd --list-all
  public (active)
  target: default
  icmp-block-inversion: no
  interfaces:Interface name
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Currently, the interface name is unconditionally allowed to connect to the cockpit, dhcpv6-client, and ssh services.
(1) After creating a new zone, (2) change the default public zone setting.

① Create new zone manage
root# firewall-cmd --new-zone=manage --permanent
Give the zone permission to connect
root# firewall-cmd --zone=manage --set-target=ACCEPT --permanent
SSH,Allow FTP
root# firewall-cmd --zone=manage --add-service=ssh --permanent
root# firewall-cmd --zone=manage --add-service=ftp --permanent
Specify the IP address that allows connection
root# firewall-cmd --zone=manage --add-source=IP address of the host/Prefix length--permanent
Reflect the settings
root# firewall-cmd --reload
root# firewall-cmd --get-active-zones
Reflected if there is manage

(2) Delete the ssh connection permission from the public zone (because you can connect from all IP addresses)
root# firewall-cmd --remove-service=ssh --zone=public --permanent
root# firewall-cmd --reload
root# firewall-cmd --list-all

permanent is an option to make it a permanent setting.

Automatic start / stop of unnecessary services

Stopping appropriate services will improve security and reduce the load on CPU and memory.
Stop the service referring to the following site.
When stopping, check the individual service name before doing so.
After the stop setting is completed, restart the server with systemctl reboot to reflect it.

Pico Grill of Pichi Nushi
CentOS 8 service selection
https://w7b.jp/?2020%2Fcent81_services

Sakura’s knowledge
systemd-Do not run unnecessary things on the server-Introduction to Linux security (1)
https://knowledge.sakura.ad.jp/21779/

Red Hat Customer Portal
3.6. SYSTEMD optimization for faster startup time
https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/optimizing-systemd-to-shorten-the-boot-time_managing-services-with-systemd

CentOS room
[Sub-PC home server plan CentOS 7 version] Check services (daemons) and disable unnecessary ones
https://centos.k-labo.work/2016/04/pc_centos7_1/

Stop service
・ Atd.service
A service that automatically runs only once at a specified time. There is no setting by default, and there is no plan to use it, so stop.
-Import-state.service Boot the OS from the network storage. Stop because I won’t.
-Irabalance.service Interrupt processing is performed by multiple CPUs (normally only one CPU performs interrupt processing). Since the VM is set to one CPU, it is stopped.

There may be other services that can be stopped, but I’m not sure because there are many, so I won’t touch them.

Time synchronization

Set the chronyd that automatically adjusts the server time with vi as follows, and restart with systemctl restart chronyd.

/etc/chrony.conf

# pool 2.centos.pool.ntp.org iburst commented
pool ntp.jst.mfeed.ad.jp iburst

iburst is an option to make inquiries to the synchronization destination server four times in a row to accelerate time synchronization.
The above ntp.jst.mfeed.ad.jp server is provided free of charge in the “Internet Multifeed Time Information Service for Public” (https://www.mfeed.ad.jp/ntp/overview. html).
The time zone does not change automatically.

Check if it is reflected.

root# chronyc tracking
If Leap status is Normaln, synchronization is OK.

root# chronyc sources
You can check the synchronization destination candidates.*Is the synchronization destination server.

ssh settings

First, create a general user (this time we have already done this).
Next, change the ssh settings using vi on the CentOS side as follows.
Change PermitRootLogin from yes to no.
This setting prevents ssh login as root, which improves security (since root has a broken user name, you can ssh login if you know the password, and you can connect root with ssh = security is bad. It becomes a state.).

About line 46 PermitRootLogin no

AllowUsers username on the appropriate line Username

After entering edit mode with vi, the line number is added with : set number, so it is easy to find it if you search after setting it.
Also, by adding a user name to ʻAllowUsers, you can log in with ssh by limiting to that user (users not mentioned cannot log in). AllowUsers can specify not only CentOS users who allow ssh, but also the source IP address (to be exact, the host is specified), such as user name @ IP address`.

After that, restart with systemctl restart sshd.service, reflect the settings, and then ssh login from the host. Yes because only the first connection is asked yes / no.
With this setting, password authentication will be performed instead of the public key method.

hogehoge% ssh -l root -b 192.168.56.1(Specify the IP address of vboxnet0 as the source) 192.168.56.10
[[email protected]'s password:
Permission denied, please try again.

-l is the user’s specification and -b is the source address.
You can see that the root that could not log in is now rejected.
If you do not reach the password input screen, it means that ssh has not arrived, so check if you can ping at that time.
If you receive it, the NW settings will be correct, so check the firewall settings and ssh settings again.
If you do not receive the ping, the IP address may be incorrect.

Checklist
-When setting the zone on the firewall, did you specify an appropriate IP address as the source IP address that allows ssh?
When communicating with the host ⇄ guest, communicate with the IP address of vboxnet0 instead of the IP address of the host that is normally used.

-Are the uppercase and lowercase letters of the user name set in the ssh configuration file really correct?
The case of the user name on the CentOS terminal and the user name on the GUI may differ.

This time, when changing the ssh configuration file, I am working without backing up the file, but in reality it is better to copy and back up before working.