/ CentOS

Exploring CentOS 8

As something of a CentOS fan I have been wanting to try out CentOS 8 for a little while now and I finally got some time to do so. I am always curious to see what new features are included and what verions of various packages are included.

The current released version is 8.1 1911 - 8.2 is coming but does not have a release date yet, installing 8.1 into VMWare with just one vcpu, one gig of RAM and 16GB of disk went very smoothly. I will likely take the install files and add CentOS 8 to the list of OS'es I can deploy via WDS. I have not yet tried out the CentOS 7 unattended file but I do not see any reason why it would not work.

Once installed 8.1 I did a full yum update which dropped down 89 updates, not too bad considering that 8.1 has been out for a few months. I should point out that CentOS 8 supports yum but DNF should be the go to tool for package installs as DNF is the next interation of yum.

For this initial run through, the things I am most curious to check out are the versions of OpenSSL and Apache as I want to move my hosted machines over to TLS 1.3 which can only be done with a newer version of OpenSSL and I'm pleased to see that included with 8.1 is OpenSSL 1.1.1c, version 1.1.1 supports TLS 1.3 which offers a lot of security features over TLS 1.2 including huge improvements in the implementation of Perfect Forward Secrecy..

Installing Apache gave me version 2.4.37 and I still had to install mod_ssl to get access to the SSL engine. I will admit that I'm a little surprised that Apache does not come withe mod_ssl built in by default.
Once apache was installed I generated a cert in my PFSense CA I was able to get a test web site up and running using HTTPS over TLS 1.3 in just a couple minutes:

1

My first attempt to connect to the website failed because the in built firewall only has three inbound rules allowed, dhcpv6, ssh and cockpit.

CentOS 8 uses FirewallD which which is a fairly easy to use firewall system. I won't go into detail here as this article is an excellent go to source for all things firewalld related. Once I had added HTTP and HTTPS I was able to connect to my website just fine.

Now that the test website was up and running over HTTPS I did take another look at the firewalld permanent services and I was curious what cockpit was and why it was included in the defuly list of permanent services. I had not heard of it before. Well, it appears that cockpit is the linux worlds version of Microsofts Windows Admin Centre - formally honolulu that I covered some time back.

Installation via dnf install cockpit was pretty easy and replacing the default cert with an internally trusted one was easy enough and once done I had full access to cockpit on CentOS.

2

It is a nice addition and it is easy to retrofit to CentOS 7 although some features are missing on CentOS 7. I am told that some features are missing on CentOS 8 as well as when running cockpit on Ubuntu there is a dashboard option that does not appear in CentOS 8. Cockpit is certainly an interesting addition and something I will be looking to understand better and use more in the future.

One thing I was surprised to see was that 8.1 still allows a login as root over SSH. Other distros have blocked this by default and I would like to see CentOS do this. Logging in as root is a security risk because it encourages people to not bother creating accounts with su type rights, other than that minor quibble I will admit to quite liking CentOS 8 and I will be deploying it to replace my CentOS 6 and 7 boxes.

Gary Williams

Gary Williams

IT Person | Veeam Vanguard | VMware vExpert | Windows admin | Docker fan | Spiceworks moderator | keeper of 3 cats | Avid Tea fan

Read More