ADUCID 4.x

User Tools

Site Tools

Trace:

Sidebar

ADUCID Topics

documentation:server-install-os

This is an old revision of the document!

Operating system install

CentOS 7 Minimal Install

Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.

Set

  • Hostname
  • IPv4 address, IPv6 ignore
  • Timezone
  • Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization)
[root@AIM-4 ~]# fdisk -l
 
Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ac63e
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     2099199     1048576   83  Linux
/dev/sda2         2099200    50298879    24099840   8e  Linux LVM
 
Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
 
 
Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Base environment

SSH keys 

ssh-keygen -t rsa

yum settings and OS update 

vi /etc/yum.conf
 
# proxy=http://yourproxy.domain.com:3128 
# http_proxy=http://yourproxy.domain.com:3128 
# https_proxy=http://yourproxy.domain.com:3128 
yum update

Useful utilities 

yum install wget mc net-tools

Time synchronization 

yum install ntp
# add suitable NTP server
vi /etc/ntp.conf
 
echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd

VMware tools, if needed 

yum install open-vm-tools
systemctl start vmtoolsd.service
systemctl enable vmtoolsd.service

Replace firewalld with iptables 

yum install iptables-services
vi /etc/sysconfig/iptables
 
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
%%
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT%%
-A INPUT -p tcp %%%%dport 22 -m state %%%%state NEW -m recent %%%%set %%%%name ssh %%%%rsource
-A INPUT -p tcp %%%%dport 22 -m state %%%%state NEW -m recent ! %%%%rcheck %%%%seconds 60 %%%%hitcount 4 %%%%name ssh %%%%rsource -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 80 -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 8080 -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 8081 -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 8086 -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 443 -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 61616 -j ACCEPT
-A INPUT -p udp %%%%match multiport %%%%dports 8000:8999 -j ACCEPT
-A INPUT -p tcp -m state %%%%state NEW -m tcp %%%%dport 161 -j ACCEPT
-A INPUT -p udp -m state %%%%state NEW -m udp %%%%dport 161 -j ACCEPT
-A INPUT -j REJECT %%%%reject-with icmp-host-prohibited
-A FORWARD -j REJECT %%%%reject-with icmp-host-prohibited
COMMIT
 
Next, execute the folowing: 
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service

selinux 

# TBD
# setsebool -P httpd_can_network_connect on
 
vi /etc/sysconfig/selinux
 
SELINUX=permissive
 
init 6
documentation/server-install-os.1541166140.txt.gz · Last modified: 2018/11/02 13:42 by mpospisek

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki