This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
documentation:server-install-os [2018/11/02 13:42] mpospisek [CentOS 7 Minimal Install] |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Operating system install ====== | ||
- | |||
- | ===== CentOS 7 Minimal Install ===== | ||
- | |||
- | Please use CentOS 7 Minimal Install DVD image. See e.g. ftp:// | ||
- | |||
- | Set | ||
- | * Hostname | ||
- | * IPv4 address, IPv6 ignore | ||
- | * Timezone | ||
- | * Disk partitioning: | ||
- | |||
- | <codedoc code: | ||
- | [root@AIM-4 ~]# fdisk -l | ||
- | |||
- | Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors | ||
- | Units = sectors of 1 * 512 = 512 bytes | ||
- | Sector size (logical/ | ||
- | I/O size (minimum/ | ||
- | Disk label type: dos | ||
- | Disk identifier: 0x000ac63e | ||
- | |||
- | | ||
- | / | ||
- | / | ||
- | |||
- | Disk / | ||
- | Units = sectors of 1 * 512 = 512 bytes | ||
- | Sector size (logical/ | ||
- | I/O size (minimum/ | ||
- | |||
- | |||
- | Disk / | ||
- | Units = sectors of 1 * 512 = 512 bytes | ||
- | Sector size (logical/ | ||
- | I/O size (minimum/ | ||
- | </ | ||
- | |||
- | |||
- | Base environment | ||
- | |||
- | SSH keys | ||
- | <codedoc code: | ||
- | ssh-keygen -t rsa | ||
- | </ | ||
- | |||
- | yum settings and OS update | ||
- | <codedoc code: | ||
- | vi / | ||
- | |||
- | # proxy=http:// | ||
- | |||
- | # http_proxy=http:// | ||
- | |||
- | # https_proxy=http:// | ||
- | |||
- | yum update | ||
- | </ | ||
- | |||
- | Useful utilities | ||
- | <codedoc code: | ||
- | yum install wget mc net-tools | ||
- | </ | ||
- | |||
- | Time synchronization | ||
- | <codedoc code: | ||
- | yum install ntp | ||
- | # add suitable NTP server | ||
- | vi / | ||
- | |||
- | echo '30 * * * * root / | ||
- | </ | ||
- | |||
- | VMware tools, if needed | ||
- | |||
- | <codedoc code: | ||
- | yum install open-vm-tools | ||
- | systemctl start vmtoolsd.service | ||
- | systemctl enable vmtoolsd.service | ||
- | </ | ||
- | |||
- | Replace firewalld with iptables | ||
- | <codedoc code: | ||
- | yum install iptables-services | ||
- | vi / | ||
- | |||
- | # Firewall configuration written by system-config-firewall | ||
- | # Manual customization of this file is not recommended. | ||
- | %% | ||
- | *filter | ||
- | :INPUT ACCEPT [0:0] | ||
- | :FORWARD ACCEPT [0:0] | ||
- | :OUTPUT ACCEPT [0:0] | ||
- | -A INPUT -m state --state ESTABLISHED, | ||
- | -A INPUT -p icmp -j ACCEPT | ||
- | -A INPUT -i lo -j ACCEPT%% | ||
- | -A INPUT -p tcp %%--%%dport 22 -m state %%--%%state NEW -m recent %%--%%set %%--%%name ssh %%--%%rsource | ||
- | -A INPUT -p tcp %%--%%dport 22 -m state %%--%%state NEW -m recent ! %%--%%rcheck %%--%%seconds 60 %%--%%hitcount 4 %%--%%name ssh %%--%%rsource -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 80 -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 8080 -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 8081 -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 8086 -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 443 -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 61616 -j ACCEPT | ||
- | -A INPUT -p udp %%--%%match multiport %%--%%dports 8000:8999 -j ACCEPT | ||
- | -A INPUT -p tcp -m state %%--%%state NEW -m tcp %%--%%dport 161 -j ACCEPT | ||
- | -A INPUT -p udp -m state %%--%%state NEW -m udp %%--%%dport 161 -j ACCEPT | ||
- | -A INPUT -j REJECT %%--%%reject-with icmp-host-prohibited | ||
- | -A FORWARD -j REJECT %%--%%reject-with icmp-host-prohibited | ||
- | COMMIT | ||
- | |||
- | Next, execute the folowing: | ||
- | systemctl stop firewalld.service | ||
- | systemctl disable firewalld.service | ||
- | systemctl enable iptables.service | ||
- | systemctl start iptables.service | ||
- | </ | ||
- | |||
- | selinux | ||
- | <codedoc code: | ||
- | # TBD | ||
- | # setsebool -P httpd_can_network_connect on | ||
- | |||
- | vi / | ||
- | |||
- | SELINUX=permissive | ||
- | |||
- | init 6 | ||
- | </ | ||