Differences

This shows you the differences between two versions of the page.

--- documentation:server-install-os [2018/11/07 23:12]
mpospisek [CentOS 7 Minimal Install]
+++ documentation:server-install-os [2019/08/01 09:09]
tjotov removed
@@ Line 1: / Line 1: @@
-====== Operating system install ======
-===== CentOS 7 Minimal Install =====
+====== Operating System Installation ======
+==== CentOS 7 Minimal Install ====
 Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.
@@ Line 12: / Line 14: @@
 <codedoc code:bash>
-[root@AIM-4 ~]# fdisk -l
+# fdisk -l
 Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors
@@ Line 29: / Line 31: @@
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors
@@ Line 36: / Line 37: @@
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 </codedoc>
-Base environment
-SSH keys
+**yum settings and OS update**
 <codedoc code:bash>
-ssh-keygen -t rsa
+vi /etc/yum.conf
 </codedoc>
- yum settings and OS update
+<sxh bash>
-<codedoc code:bash>
+proxy=http://yourproxy.domain.com:3128
-vi /etc/yum.conf
+http_proxy=http://yourproxy.domain.com:3128
+https_proxy=http://yourproxy.domain.com:3128
+</sxh>
-# proxy=http://yourproxy.domain.com:3128
+==== Base environment ====
-# http_proxy=http://yourproxy.domain.com:3128
-# https_proxy=http://yourproxy.domain.com:3128
-yum update
-</codedoc>
-Useful utilities
+**SSH keys**
+<codedoc code:bash>
+ssh-keygen -t rsa
+</codedoc>
+**Useful utilities**
 <codedoc code:bash>
-yum install wget mc net-tools
+~~codedoc:clean:yum install wget mc net-tools unzip dialog epel-release~~
 </codedoc>
-Time synchronization
+**System time**
 <codedoc code:bash>
 yum install ntp
 # add suitable NTP server
 vi /etc/ntp.conf
+</codedoc>
+<sxh bash; first-line:18 highlight: [20]>
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+server ntp.globe.cz
+server 0.centos.pool.ntp.org iburst
+server 1.centos.pool.ntp.org iburst
+server 2.centos.pool.ntp.org iburst
+server 3.centos.pool.ntp.org iburst
+</sxh>
+<codedoc code:bash>
 echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
 </codedoc>
-VMware tools, if needed
+==== VMware tools ====
+... if needed
 <codedoc code:bash>
 yum install open-vm-tools
@@ Line 78: / Line 91: @@
 </codedoc>
-Replace firewalld with iptables
+==== Replace firewalld with iptables ====
 <codedoc code:bash>
 yum install iptables-services
 vi /etc/sysconfig/iptables
+</codedoc>
+<sxh bash>
 # Firewall configuration written by system-config-firewall
 # Manual customization of this file is not recommended.
@@ Line 96: / Line 111: @@
 -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
--A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 8080 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
--A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 8081 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
--A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 8086 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT
--A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 443 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
--A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 61616 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT
--A INPUT -p udp %%--%%match multiport %%--%%dports 8000:8999 -j ACCEPT
+-A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT
--A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 161 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT
--A INPUT -p udp -m state %%--%%state NEW -m udp %%--%%dport 161 -j ACCEPT
+-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
--A INPUT -j REJECT %%--%%reject-with icmp-host-prohibited
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT %%--%%reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT
+</sxh>
 Next, execute the folowing:
+<codedoc code:bash>
 systemctl stop firewalld.service
 systemctl disable firewalld.service
@@ Line 115: / Line 132: @@
 </codedoc>
-selinux
+==== selinux ====
 <codedoc code:bash>
 # TBD
@@ Line 121: / Line 139: @@
 vi /etc/sysconfig/selinux
+</codedoc>
+<sxh bash; highlight: [6]>
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
 SELINUX=permissive
+# SELINUXTYPE= can take one of three two values:
+#     targeted - Targeted processes are protected,
+#     minimum - Modification of targeted policy. Only selected processes are protected.
+#     mls - Multi Level Security protection.
+SELINUXTYPE=targeted
+</sxh>
+==== Restart ====
+<codedoc code:bash>
 init 6
 </codedoc>

ADUCID 4.x

User Tools

Site Tools

Differences

Page Tools