This is an old revision of the document!
Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.
Set
[root@AIM-4 ~]# fdisk -l Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000ac63e Device Boot Start End Blocks Id System /dev/sda1 * 2048 2099199 1048576 83 Linux /dev/sda2 2099200 50298879 24099840 8e Linux LVM Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes
Base environment
SSH keys
ssh-keygen -t rsa
yum settings and OS update
vi /etc/yum.conf # proxy=http://yourproxy.domain.com:3128 # http_proxy=http://yourproxy.domain.com:3128 # https_proxy=http://yourproxy.domain.com:3128 yum update
Useful utilities
yum install wget mc net-tools
Time synchronization
yum install ntp # add suitable NTP server vi /etc/ntp.conf echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
VMware tools, if needed
yum install open-vm-tools systemctl start vmtoolsd.service systemctl enable vmtoolsd.service
Replace firewalld with iptables
yum install iptables-services vi /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. %% *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT%% -A INPUT -p tcp %%–%%dport 22 -m state %%–%%state NEW -m recent %%–%%set %%–%%name ssh %%–%%rsource -A INPUT -p tcp %%–%%dport 22 -m state %%–%%state NEW -m recent ! %%–%%rcheck %%–%%seconds 60 %%–%%hitcount 4 %%–%%name ssh %%–%%rsource -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 80 -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 8080 -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 8081 -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 8086 -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 443 -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 61616 -j ACCEPT -A INPUT -p udp %%–%%match multiport %%–%%dports 8000:8999 -j ACCEPT -A INPUT -p tcp -m state %%–%%state NEW -m tcp %%–%%dport 161 -j ACCEPT -A INPUT -p udp -m state %%–%%state NEW -m udp %%–%%dport 161 -j ACCEPT -A INPUT -j REJECT %%–%%reject-with icmp-host-prohibited -A FORWARD -j REJECT %%–%%reject-with icmp-host-prohibited COMMIT Next, execute the folowing: systemctl stop firewalld.service systemctl disable firewalld.service systemctl enable iptables.service systemctl start iptables.service
selinux
# TBD # setsebool -P httpd_can_network_connect on vi /etc/sysconfig/selinux SELINUX=permissive init 6