User Tools

Site Tools


documentation:server-install-os

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:server-install-os [2018/11/26 12:23]
mpospisek [Operating system install]
— (current)
Line 1: Line 1:
- 
- 
-====== Operating System Installation ====== 
- 
-==== CentOS 7 Minimal Install ==== 
- 
-Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso. 
- 
-Set 
-  * Hostname 
-  * IPv4 address, IPv6 ignore 
-  * Timezone 
-  * Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization) 
- 
-<codedoc code:bash> 
-# fdisk -l 
-  
-Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/physical): 512 bytes / 512 bytes 
-I/O size (minimum/optimal): 512 bytes / 512 bytes 
-Disk label type: dos 
-Disk identifier: 0x000ac63e 
-  
-   Device Boot      Start         End      Blocks   Id  System 
-/dev/sda1          2048     2099199     1048576   83  Linux 
-/dev/sda2         2099200    50298879    24099840   8e  Linux LVM 
-  
-Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/physical): 512 bytes / 512 bytes 
-I/O size (minimum/optimal): 512 bytes / 512 bytes 
-  
-Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/physical): 512 bytes / 512 bytes 
-I/O size (minimum/optimal): 512 bytes / 512 bytes 
-</codedoc> 
- 
-**yum settings and OS update** 
-<codedoc code:bash> 
-vi /etc/yum.conf 
-</codedoc> 
- 
-<sxh bash>  
-proxy=http://yourproxy.domain.com:3128 
-http_proxy=http://yourproxy.domain.com:3128 
-https_proxy=http://yourproxy.domain.com:3128 
-</sxh> 
-  
-==== Base environment ==== 
- 
-**SSH keys** 
-<codedoc code:bash> 
-ssh-keygen -t rsa 
-</codedoc> 
-  
-**Useful utilities** 
-<codedoc code:bash> 
-~~codedoc:clean:yum install wget mc net-tools unzip dialog epel-release~~ 
-</codedoc> 
- 
-**System time** 
- 
-<codedoc code:bash> 
-yum install ntp 
-# add suitable NTP server  
-vi /etc/ntp.conf 
-</codedoc> 
- 
-<sxh bash; first-line:18 highlight: [20]>   
-# Use public servers from the pool.ntp.org project. 
-# Please consider joining the pool (http://www.pool.ntp.org/join.html). 
-server ntp.globe.cz 
-server 0.centos.pool.ntp.org iburst 
-server 1.centos.pool.ntp.org iburst 
-server 2.centos.pool.ntp.org iburst 
-server 3.centos.pool.ntp.org iburst 
-</sxh> 
-  
-<codedoc code:bash> 
-echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd 
-</codedoc> 
- 
-==== VMware tools ==== 
-... if needed 
-<codedoc code:bash> 
-yum install open-vm-tools 
-systemctl start vmtoolsd.service 
-systemctl enable vmtoolsd.service 
-</codedoc> 
- 
-==== Replace firewalld with iptables ==== 
- 
-<codedoc code:bash> 
-yum install iptables-services 
-vi /etc/sysconfig/iptables 
-</codedoc> 
- 
-<sxh bash> 
-# Firewall configuration written by system-config-firewall 
-# Manual customization of this file is not recommended. 
-*filter 
-:INPUT ACCEPT [0:0] 
-:FORWARD ACCEPT [0:0] 
-:OUTPUT ACCEPT [0:0] 
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
--A INPUT -p icmp -j ACCEPT 
--A INPUT -i lo -j ACCEPT 
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource 
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT 
--A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT 
--A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT 
--A INPUT -j REJECT --reject-with icmp-host-prohibited 
--A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-COMMIT 
-</sxh> 
- 
-Next, execute the folowing:  
-<codedoc code:bash> 
-systemctl stop firewalld.service 
-systemctl disable firewalld.service 
-systemctl enable iptables.service 
-systemctl start iptables.service 
-</codedoc> 
- 
-==== selinux ==== 
- 
-<codedoc code:bash> 
-# TBD 
-# setsebool -P httpd_can_network_connect on 
-  
-vi /etc/sysconfig/selinux 
-</codedoc> 
- 
-<sxh bash; highlight: [6]> 
-# This file controls the state of SELinux on the system. 
-# SELINUX= can take one of these three values: 
-#     enforcing - SELinux security policy is enforced. 
-#     permissive - SELinux prints warnings instead of enforcing. 
-#     disabled - No SELinux policy is loaded. 
-SELINUX=permissive 
-# SELINUXTYPE= can take one of three two values: 
-#     targeted - Targeted processes are protected, 
-#     minimum - Modification of targeted policy. Only selected processes are protected. 
-#     mls - Multi Level Security protection. 
-SELINUXTYPE=targeted 
-</sxh> 
-  
-==== Restart ==== 
-  
-<codedoc code:bash> 
-init 6 
-</codedoc> 
  
documentation/server-install-os.1543234998.txt.gz ยท Last modified: 2018/11/26 12:23 by mpospisek