User Tools

Site Tools


os:linux:centos7

Centos 7

Install

  1. Disconnect all network cables
  2. Boot from the latest release of the CentOS 7 Minimal disc
  3. If this is a virtual server press Tab and type “ vga=820
  4. Press Enter
  5. Click Continue
  6. Click Date & Time
  7. Select Chicago
  8. Click Done
  9. Click Network & Host Name
  10. Enter the server’s FQDN
  11. Click Apply
  12. Click Done
  13. Click Installation Destination
  14. Select I will configure partitioning
  15. Click Done
  16. Remove any existing partitions/LV’s
  17. Add the Mount Point boot (/boot, 1024 MiB, Standard Partition, xfs, )
  18. Add the Mount Point swap (4096 MiB, LVM, swap, , vg01, swap)
  19. Add the Mount Point home (/home, 10240 MiB, LVM, xfs, , vg01, home)
  20. Add the Mount Point tmp (/tmp, 1024 MiB, LVM, xfs, , vg01, tmp)
  21. Add the Mount Point var (/var, 10240 MiB, LVM, xfs, , vg01, var)
  22. Add the Mount Point root (/, 10240 MiB, LVM, xfs, , vg01, root)
  23. Click Done
  24. Click Accept Changes
  25. Click Begin Installation
  26. Click Root Password
  27. Enter the root password
  28. Click Done
  29. Click Reboot
  30. Login as root
  31. If this is a virtual server set the resolution to 1152×864
    vi /etc/default/grub
    GRUB_CMDLINE_LINUX_DEFAULT="vga=820" after GRUB_CMDLINE_LINUX
  32. Enable boot messages
    vi /etc/default/grub
    delete rhgb quiet from GRUB_CMDLINE_LINUX
    grub2-mkconfig -o /boot/grub2/grub.cfg
  33. Reboot
  34. Login as root
  35. Configure the IP address
    vi /etc/sysconfig/network-scripts/ifcfg-XXXXXX
    BOOTPROTO=none
    ONBOOT=yes
    NM_CONTROLLED=no
    IPADDR=10.118.76.XXX
    NETMASK=255.255.252.0
    GATEWAY=10.118.76.1
    DNS1=10.118.76.101
    DNS2=10.118.76.102
  36. Disable Network Manager
    systemctl stop NetworkManager
    
    systemctl disable NetworkManager
  37. Clear the incorrect DNS/Gateway entries
    > /etc/resolv.conf
    
    > /etc/sysconfig/network
    
    systemctl restart network
  38. Configure the routes for NFD VLAN servers that need access to other VLAN’s
    vi /etc/sysconfig/network-scripts/route-XXXXXX or bond0
    10.118.106.0/24 via 10.118.76.2
    192.168.1.0/24 via 10.118.76.2
    192.168.2.0/24 via 10.118.76.2
    192.168.4.0/24 via 10.118.76.2
    172.16.0.0/22 via 10.118.76.2
  39. Disable the firewall
    systemctl stop firewalld
    
    systemctl disable firewalld
  40. Disable selinux
    vi /etc/selinux/config
    SELINUX=disabled
  41. Disable CTRL-ALT-DEL from rebooting the server
    systemctl mask ctrl-alt-del.target
  42. Connect the network cable(s)
  43. Install the local yum repo file
    cp SITE_CentOS.repo /etc/yum.repos.d
    
    vi /etc/yum.repos.d/CentOS-Base.repo
    On a new line after gpgcheck under [base], [updates], and [extras]
    enabled=0
  44. Install the newest updates
    yum check-update
    
    yum update
  45. If this is a virtual server install open-vm-tools
    yum install open-vm-tools
  46. Install base programs
    yum install iptraf sysstat chrony mailx bc vim rsync
  47. Setup the ntp daemon
    vi /etc/chrony.conf
    #server 0.centos.pool.ntp.org iburst
    #server 1.centos.pool.ntp.org iburst
    #server 2.centos.pool.ntp.org iburst
    #server 3.centos.pool.ntp.org iburst
    server 10.118.76.2
    systemctl start chronyd
    
    systemctl enable chronyd
  48. Configure root’s mail to redirect
    vi /etc/aliases
    root:		adminteam@company.tld
    newaliases
    
    vi /etc/postfix/main.cf
    relayhost = smtp.server.tld
    systemctl restart postfix
  49. Set the email addresses for CRON
    crontab -e
    MAILFROM=serername@company.tld
    MAILTO=adminteam@company.tld
  50. Configure Account Compliancy
    vi /etc/login.defs
    PASS_MAX_DAYS	70
    PASS_MIN_DAYS	1
    PASS_MIN_LEN	8
    PASS_WARN_AGE	7
    vi /etc/default/useradd
    INACTIVE=110
    mkdir /root/scripts
    
    cp account_compliance.sh /root/scripts
    
    chmod 770 /root/scripts/account_compliance.sh
    
    crontab -e
    _ 0 * * 1-5 /root/scripts/account_compliance.sh
  51. Create the admin user accounts(Start with an ID of 1001)
    useradd -u 1XXX admXXXXX
    
    passwd admXXXXX
  52. Add the admin users to the wheel group
    usermod -a -G wheel username
  53. Set SSH to only allow specific users
    vi /etc/ssh/sshd_config
    AllowGroups wheel
os/linux/centos7.txt · Last modified: 2018/09/07 00:40 (external edit)