Differences

This shows you the differences between two versions of the page.

Link to this comparison view

installation:operation-system [2019/08/01 09:09] (current)
tjotov created
Line 1: Line 1:
 +
 +
 +====== Operating System Installation ======
 +
 +==== CentOS 7 Minimal Install ====
 +
 +Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://​ftp.cvut.cz/​centos/​7.5.1804/​isos/​x86_64/​CentOS-7-x86_64-Minimal-1804.iso.
 +
 +Set
 +  * Hostname
 +  * IPv4 address, IPv6 ignore
 +  * Timezone
 +  * Disk partitioning:​ 5 GB for swap (this is needed only in cases of greater utilization)
 +
 +<codedoc code:​bash>​
 +# fdisk -l
 + 
 +Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors
 +Units = sectors of 1 * 512 = 512 bytes
 +Sector size (logical/​physical):​ 512 bytes / 512 bytes
 +I/O size (minimum/​optimal):​ 512 bytes / 512 bytes
 +Disk label type: dos
 +Disk identifier: 0x000ac63e
 + 
 +   ​Device Boot      Start         ​End ​     Blocks ​  ​Id ​ System
 +/​dev/​sda1 ​  ​* ​       2048     ​2099199 ​    ​1048576 ​  ​83 ​ Linux
 +/​dev/​sda2 ​        ​2099200 ​   50298879 ​   24099840 ​  ​8e ​ Linux LVM
 + 
 +Disk /​dev/​mapper/​centos-root:​ 19.3 GB, 19327352832 bytes, 37748736 sectors
 +Units = sectors of 1 * 512 = 512 bytes
 +Sector size (logical/​physical):​ 512 bytes / 512 bytes
 +I/O size (minimum/​optimal):​ 512 bytes / 512 bytes
 + 
 +Disk /​dev/​mapper/​centos-swap:​ 5343 MB, 5343543296 bytes, 10436608 sectors
 +Units = sectors of 1 * 512 = 512 bytes
 +Sector size (logical/​physical):​ 512 bytes / 512 bytes
 +I/O size (minimum/​optimal):​ 512 bytes / 512 bytes
 +</​codedoc>​
 +
 +**yum settings and OS update**
 +<codedoc code:​bash>​
 +vi /​etc/​yum.conf
 +</​codedoc>​
 +
 +<sxh bash> ​
 +proxy=http://​yourproxy.domain.com:​3128
 +http_proxy=http://​yourproxy.domain.com:​3128
 +https_proxy=http://​yourproxy.domain.com:​3128
 +</​sxh>​
 + 
 +==== Base environment ====
 +
 +**SSH keys**
 +<codedoc code:​bash>​
 +ssh-keygen -t rsa
 +</​codedoc>​
 + 
 +**Useful utilities**
 +<codedoc code:​bash>​
 +~~codedoc:​clean:​yum install wget mc net-tools unzip dialog epel-release~~
 +</​codedoc>​
 +
 +**System time**
 +
 +<codedoc code:​bash>​
 +yum install ntp
 +# add suitable NTP server ​
 +vi /​etc/​ntp.conf
 +</​codedoc>​
 +
 +<sxh bash; first-line:​18 highlight: [20]>  ​
 +# Use public servers from the pool.ntp.org project.
 +# Please consider joining the pool (http://​www.pool.ntp.org/​join.html).
 +server ntp.globe.cz
 +server 0.centos.pool.ntp.org iburst
 +server 1.centos.pool.ntp.org iburst
 +server 2.centos.pool.ntp.org iburst
 +server 3.centos.pool.ntp.org iburst
 +</​sxh>​
 + 
 +<codedoc code:​bash>​
 +echo '30 * * * * root /​usr/​sbin/​ntpd -q -u ntp:​ntp'​ > /​etc/​cron.d/​ntpd
 +</​codedoc>​
 +
 +==== VMware tools ====
 +... if needed
 +<codedoc code:​bash>​
 +yum install open-vm-tools
 +systemctl start vmtoolsd.service
 +systemctl enable vmtoolsd.service
 +</​codedoc>​
 +
 +==== Replace firewalld with iptables ====
 +
 +<codedoc code:​bash>​
 +yum install iptables-services
 +vi /​etc/​sysconfig/​iptables
 +</​codedoc>​
 +
 +<sxh bash>
 +# Firewall configuration written by system-config-firewall
 +# Manual customization of this file is not recommended.
 +*filter
 +:INPUT ACCEPT [0:0]
 +:FORWARD ACCEPT [0:0]
 +:OUTPUT ACCEPT [0:0]
 +-A INPUT -m state --state ESTABLISHED,​RELATED -j ACCEPT
 +-A INPUT -p icmp -j ACCEPT
 +-A INPUT -i lo -j ACCEPT
 +-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
 +-A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT
 +-A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT
 +-A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT
 +-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
 +-A INPUT -j REJECT --reject-with icmp-host-prohibited
 +-A FORWARD -j REJECT --reject-with icmp-host-prohibited
 +COMMIT
 +</​sxh>​
 +
 +Next, execute the folowing: ​
 +<codedoc code:​bash>​
 +systemctl stop firewalld.service
 +systemctl disable firewalld.service
 +systemctl enable iptables.service
 +systemctl start iptables.service
 +</​codedoc>​
 +
 +==== selinux ====
 +
 +<codedoc code:​bash>​
 +# TBD
 +# setsebool -P httpd_can_network_connect on
 + 
 +vi /​etc/​sysconfig/​selinux
 +</​codedoc>​
 +
 +<sxh bash; highlight: [6]>
 +# This file controls the state of SELinux on the system.
 +# SELINUX= can take one of these three values:
 +#     ​enforcing - SELinux security policy is enforced.
 +#     ​permissive - SELinux prints warnings instead of enforcing.
 +#     ​disabled - No SELinux policy is loaded.
 +SELINUX=permissive
 +# SELINUXTYPE= can take one of three two values:
 +#     ​targeted - Targeted processes are protected,
 +#     ​minimum - Modification of targeted policy. Only selected processes are protected.
 +#     mls - Multi Level Security protection.
 +SELINUXTYPE=targeted
 +</​sxh>​
 + 
 +==== Restart ====
 + 
 +<codedoc code:​bash>​
 +init 6
 +</​codedoc>​
  
  • installation/operation-system.txt
  • Last modified: 2019/08/01 09:09
  • by tjotov