Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.
Set
# fdisk -l Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000ac63e Device Boot Start End Blocks Id System /dev/sda1 * 2048 2099199 1048576 83 Linux /dev/sda2 2099200 50298879 24099840 8e Linux LVM Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes
yum settings and OS update
vi /etc/yum.conf
proxy=http://yourproxy.domain.com:3128 http_proxy=http://yourproxy.domain.com:3128 https_proxy=http://yourproxy.domain.com:3128
SSH keys
ssh-keygen -t rsa
Useful utilities
yum install wget mc net-tools unzip dialog epel-release
System time
yum install ntp # add suitable NTP server vi /etc/ntp.conf
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server ntp.globe.cz server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst
systemctl start ntpd.service
systemctl -l status ntpd.service
… if needed
yum install open-vm-tools systemctl start vmtoolsd.service systemctl enable vmtoolsd.service systemctl -l status vmtoolsd.service
yum install iptables-services vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT -A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Next, execute the folowing:
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service
# TBD # setsebool -P httpd_can_network_connect on vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted