Differences

This shows you the differences between two versions of the page.

--- documentation:server-install-os [2018/11/07 23:34]
mpospisek [CentOS 7 Minimal Install]
+++ — (current)
@@ Line 1: / Line 1: @@
-====== Operating system install ======
-===== CentOS 7 Minimal Install =====
-Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.
-Set
-  * Hostname
-  * IPv4 address, IPv6 ignore
-  * Timezone
-  * Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization)
-<codedoc code:bash>
-[root@AIM-4 ~]# fdisk -l
-Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors
-Units = sectors of 1 * 512 = 512 bytes
-Sector size (logical/physical): 512 bytes / 512 bytes
-I/O size (minimum/optimal): 512 bytes / 512 bytes
-Disk label type: dos
-Disk identifier: 0x000ac63e
-   Device Boot      Start         End      Blocks   Id  System
-/dev/sda1   *        2048     2099199     1048576   83  Linux
-/dev/sda2         2099200    50298879    24099840   8e  Linux LVM
-Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors
-Units = sectors of 1 * 512 = 512 bytes
-Sector size (logical/physical): 512 bytes / 512 bytes
-I/O size (minimum/optimal): 512 bytes / 512 bytes
-Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors
-Units = sectors of 1 * 512 = 512 bytes
-Sector size (logical/physical): 512 bytes / 512 bytes
-I/O size (minimum/optimal): 512 bytes / 512 bytes
-</codedoc>
-Base environment
-SSH keys
-<codedoc code:bash>
-ssh-keygen -t rsa
-</codedoc>
- yum settings and OS update
-<codedoc code:bash>
-vi /etc/yum.conf
-# proxy=~~codedoc:clean:http://yourproxy.domain.com:3128~~
-# http_proxy=~~codedoc:clean:http://yourproxy.domain.com:3128~~
-# https_proxy=~~codedoc:clean:http://yourproxy.domain.com:3128~~
-yum update
-</codedoc>
-Useful utilities
-<codedoc code:bash>
-yum install wget mc net-tools
-</codedoc>
-Time synchronization
-<codedoc code:bash>
-yum install ntp
-# add suitable NTP server
-vi /etc/ntp.conf
-echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
-</codedoc>
-VMware tools, if needed
-<codedoc code:bash>
-yum install open-vm-tools
-systemctl start vmtoolsd.service
-systemctl enable vmtoolsd.service
-</codedoc>
-Replace firewalld with iptables
-<shx bash>
-yum install iptables-services
-vi /etc/sysconfig/iptables
-# Firewall configuration written by system-config-firewall
-# Manual customization of this file is not recommended.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT
--A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT
--A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT
--A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT
-</shx>
-Next, execute the folowing:
-<shx bash>
-systemctl stop firewalld.service
-systemctl disable firewalld.service
-systemctl enable iptables.service
-systemctl start iptables.service
-</shx>
-selinux
-<codedoc code:bash>
-# TBD
-# setsebool -P httpd_can_network_connect on
-vi /etc/sysconfig/selinux
-SELINUX=permissive
-init 6
-</codedoc>

ADUCID 4.x

User Tools

Site Tools

Differences

Page Tools