Operating System Installation

CentOS 7 Minimal Install

Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.

Set

  • Hostname
  • IPv4 address, IPv6 ignore
  • Timezone
  • Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization)
# fdisk -l
 
Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ac63e
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     2099199     1048576   83  Linux
/dev/sda2         2099200    50298879    24099840   8e  Linux LVM
 
Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
 
Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

yum settings and OS update

vi /etc/yum.conf

 
proxy=http://yourproxy.domain.com:3128
http_proxy=http://yourproxy.domain.com:3128
https_proxy=http://yourproxy.domain.com:3128

Base environment

SSH keys

ssh-keygen -t rsa

Useful utilities

 yum install wget mc net-tools unzip dialog epel-release 

System time

yum install ntp
# add suitable NTP server 
vi /etc/ntp.conf

  
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp.globe.cz
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd

VMware tools

… if needed

yum install open-vm-tools
systemctl start vmtoolsd.service
systemctl enable vmtoolsd.service

Replace firewalld with iptables

yum install iptables-services
vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT
-A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Next, execute the folowing:

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service

selinux

# TBD
# setsebool -P httpd_can_network_connect on
 
vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Restart

init 6
  • installation/operation-system.txt
  • Last modified: 2019/08/01 09:09
  • by tjotov