Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:server-install-os [2018/11/26 12:23]
mpospisek [Operating system install]
— (current)
Line 1: Line 1:
- 
- 
-====== Operating System Installation ====== 
- 
-==== CentOS 7 Minimal Install ==== 
- 
-Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://​ftp.cvut.cz/​centos/​7.5.1804/​isos/​x86_64/​CentOS-7-x86_64-Minimal-1804.iso. 
- 
-Set 
-  * Hostname 
-  * IPv4 address, IPv6 ignore 
-  * Timezone 
-  * Disk partitioning:​ 5 GB for swap (this is needed only in cases of greater utilization) 
- 
-<codedoc code:​bash>​ 
-# fdisk -l 
-  
-Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/​physical):​ 512 bytes / 512 bytes 
-I/O size (minimum/​optimal):​ 512 bytes / 512 bytes 
-Disk label type: dos 
-Disk identifier: 0x000ac63e 
-  
-   ​Device Boot      Start         ​End ​     Blocks ​  ​Id ​ System 
-/​dev/​sda1 ​  ​* ​       2048     ​2099199 ​    ​1048576 ​  ​83 ​ Linux 
-/​dev/​sda2 ​        ​2099200 ​   50298879 ​   24099840 ​  ​8e ​ Linux LVM 
-  
-Disk /​dev/​mapper/​centos-root:​ 19.3 GB, 19327352832 bytes, 37748736 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/​physical):​ 512 bytes / 512 bytes 
-I/O size (minimum/​optimal):​ 512 bytes / 512 bytes 
-  
-Disk /​dev/​mapper/​centos-swap:​ 5343 MB, 5343543296 bytes, 10436608 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/​physical):​ 512 bytes / 512 bytes 
-I/O size (minimum/​optimal):​ 512 bytes / 512 bytes 
-</​codedoc>​ 
- 
-**yum settings and OS update** 
-<codedoc code:​bash>​ 
-vi /​etc/​yum.conf 
-</​codedoc>​ 
- 
-<sxh bash> ​ 
-proxy=http://​yourproxy.domain.com:​3128 
-http_proxy=http://​yourproxy.domain.com:​3128 
-https_proxy=http://​yourproxy.domain.com:​3128 
-</​sxh>​ 
-  
-==== Base environment ==== 
- 
-**SSH keys** 
-<codedoc code:​bash>​ 
-ssh-keygen -t rsa 
-</​codedoc>​ 
-  
-**Useful utilities** 
-<codedoc code:​bash>​ 
-~~codedoc:​clean:​yum install wget mc net-tools unzip dialog epel-release~~ 
-</​codedoc>​ 
- 
-**System time** 
- 
-<codedoc code:​bash>​ 
-yum install ntp 
-# add suitable NTP server ​ 
-vi /​etc/​ntp.conf 
-</​codedoc>​ 
- 
-<sxh bash; first-line:​18 highlight: [20]>  ​ 
-# Use public servers from the pool.ntp.org project. 
-# Please consider joining the pool (http://​www.pool.ntp.org/​join.html). 
-server ntp.globe.cz 
-server 0.centos.pool.ntp.org iburst 
-server 1.centos.pool.ntp.org iburst 
-server 2.centos.pool.ntp.org iburst 
-server 3.centos.pool.ntp.org iburst 
-</​sxh>​ 
-  
-<codedoc code:​bash>​ 
-echo '30 * * * * root /​usr/​sbin/​ntpd -q -u ntp:​ntp'​ > /​etc/​cron.d/​ntpd 
-</​codedoc>​ 
- 
-==== VMware tools ==== 
-... if needed 
-<codedoc code:​bash>​ 
-yum install open-vm-tools 
-systemctl start vmtoolsd.service 
-systemctl enable vmtoolsd.service 
-</​codedoc>​ 
- 
-==== Replace firewalld with iptables ==== 
- 
-<codedoc code:​bash>​ 
-yum install iptables-services 
-vi /​etc/​sysconfig/​iptables 
-</​codedoc>​ 
- 
-<sxh bash> 
-# Firewall configuration written by system-config-firewall 
-# Manual customization of this file is not recommended. 
-*filter 
-:INPUT ACCEPT [0:0] 
-:FORWARD ACCEPT [0:0] 
-:OUTPUT ACCEPT [0:0] 
--A INPUT -m state --state ESTABLISHED,​RELATED -j ACCEPT 
--A INPUT -p icmp -j ACCEPT 
--A INPUT -i lo -j ACCEPT 
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource 
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT 
--A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT 
--A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT 
--A INPUT -j REJECT --reject-with icmp-host-prohibited 
--A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-COMMIT 
-</​sxh>​ 
- 
-Next, execute the folowing: ​ 
-<codedoc code:​bash>​ 
-systemctl stop firewalld.service 
-systemctl disable firewalld.service 
-systemctl enable iptables.service 
-systemctl start iptables.service 
-</​codedoc>​ 
- 
-==== selinux ==== 
- 
-<codedoc code:​bash>​ 
-# TBD 
-# setsebool -P httpd_can_network_connect on 
-  
-vi /​etc/​sysconfig/​selinux 
-</​codedoc>​ 
- 
-<sxh bash; highlight: [6]> 
-# This file controls the state of SELinux on the system. 
-# SELINUX= can take one of these three values: 
-#     ​enforcing - SELinux security policy is enforced. 
-#     ​permissive - SELinux prints warnings instead of enforcing. 
-#     ​disabled - No SELinux policy is loaded. 
-SELINUX=permissive 
-# SELINUXTYPE= can take one of three two values: 
-#     ​targeted - Targeted processes are protected, 
-#     ​minimum - Modification of targeted policy. Only selected processes are protected. 
-#     mls - Multi Level Security protection. 
-SELINUXTYPE=targeted 
-</​sxh>​ 
-  
-==== Restart ==== 
-  
-<codedoc code:​bash>​ 
-init 6 
-</​codedoc>​ 
  
  • documentation/server-install-os.1543234998.txt.gz
  • Last modified: 2018/11/26 12:23
  • by mpospisek