User Tools

Site Tools


os:linux:centos7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

os:linux:centos7 [2018/09/07 00:39]
joew created
os:linux:centos7 [2018/09/07 00:40] (current)
Line 1: Line 1:
 ====== Centos 7 ====== ====== Centos 7 ======
 +====== Install ======
 +  - //​**Disconnect all network cables**//
 +  - Boot from the latest release of the //**CentOS 7 Minimal**// disc
 +  - If this is a virtual server press //**Tab**// and type "//** vga=820**//"​
 +  - Press //​**Enter**//​
 +  - Click //​**Continue**//​
 +  - Click //**Date & Time**//
 +  - Select //​**Chicago**//​
 +  - Click //​**Done**//​
 +  - Click //**Network & Host Name**//
 +  - Enter the server’s FQDN
 +  - Click //​**Apply**//​
 +  - Click //​**Done**//​
 +  - Click //​**Installation Destination**//​
 +  - Select //**I will configure partitioning**//​
 +  - Click //​**Done**//​
 +  - Remove any existing partitions/​LV’s
 +  - Add the Mount Point //​**boot**//​ (/boot, 1024 MiB, Standard Partition, xfs, )
 +  - Add the Mount Point //​**swap**//​ (4096 MiB, LVM, swap, , vg01, swap)
 +  - Add the Mount Point //​**home**//​ (/home, 10240 MiB, LVM, xfs, , vg01, home)
 +  - Add the Mount Point //**tmp**// (/tmp, 1024 MiB, LVM, xfs, , vg01, tmp)
 +  - Add the Mount Point //**var**// (/var, 10240 MiB, LVM, xfs, , vg01, var)
 +  - Add the Mount Point //​**root**//​ (/, 10240 MiB, LVM, xfs, , vg01, root)
 +  - Click //​**Done**//​
 +  - Click //**Accept Changes**//
 +  - Click //**Begin Installation**//​
 +  - Click //**Root Password**//​
 +  - Enter the root password
 +  - Click //​**Done**//​
 +  - Click //​**Reboot**//​
 +  - Login as root
 +  - If this is a virtual server set the resolution to 1152x864<​code>​
 +vi /​etc/​default/​grub
 +</​code><​code ini>
 +GRUB_CMDLINE_LINUX_DEFAULT="​vga=820"​ after GRUB_CMDLINE_LINUX
 +</​code>​
 +  - Enable boot messages<​code>​
 +vi /​etc/​default/​grub
 +</​code><​code ini>
 +delete rhgb quiet from GRUB_CMDLINE_LINUX
 +</​code><​code>​
 +grub2-mkconfig -o /​boot/​grub2/​grub.cfg
 +</​code>​
 +  - Reboot
 +  - Login as root
 +  - Configure the IP address<​code>​
 +vi /​etc/​sysconfig/​network-scripts/​ifcfg-XXXXXX
 +</​code><​code ini>
 +BOOTPROTO=none
 +ONBOOT=yes
 +NM_CONTROLLED=no
 +IPADDR=10.118.76.XXX
 +NETMASK=255.255.252.0
 +GATEWAY=10.118.76.1
 +DNS1=10.118.76.101
 +DNS2=10.118.76.102
 +</​code>​
 +  - Disable Network Manager<​code>​
 +systemctl stop NetworkManager
 +
 +systemctl disable NetworkManager
 +</​code>​
 +  - Clear the incorrect DNS/Gateway entries<​code>​
 +> /​etc/​resolv.conf
 +
 +> /​etc/​sysconfig/​network
 +
 +systemctl restart network
 +</​code>​
 +  - Configure the routes for NFD VLAN servers that need access to other VLAN’s<​code>​
 +vi /​etc/​sysconfig/​network-scripts/​route-XXXXXX or bond0
 +</​code><​code ini>
 +10.118.106.0/​24 via 10.118.76.2
 +192.168.1.0/​24 via 10.118.76.2
 +192.168.2.0/​24 via 10.118.76.2
 +192.168.4.0/​24 via 10.118.76.2
 +172.16.0.0/​22 via 10.118.76.2
 +</​code>​
 +  - Disable the firewall<​code>​
 +systemctl stop firewalld
 +
 +systemctl disable firewalld
 +</​code>​
 +  - Disable selinux<​code>​
 +vi /​etc/​selinux/​config
 +</​code><​code ini>
 +SELINUX=disabled
 +</​code>​
 +  - Disable CTRL-ALT-DEL from rebooting the server<​code>​
 +systemctl mask ctrl-alt-del.target
 +</​code>​
 +  - //**Connect the network cable(s)**//​
 +  - Install the local yum repo file<​code>​
 +cp SITE_CentOS.repo /​etc/​yum.repos.d
 +
 +vi /​etc/​yum.repos.d/​CentOS-Base.repo
 +</​code><​code ini>
 +On a new line after gpgcheck under [base], [updates], and [extras]
 +enabled=0
 +</​code>​
 +  - Install the newest updates<​code>​
 +yum check-update
 +
 +yum update
 +</​code>​
 +  - If this is a virtual server install open-vm-tools<​code>​
 +yum install open-vm-tools
 +</​code>​
 +  - Install base programs<​code>​
 +yum install iptraf sysstat chrony mailx bc vim rsync
 +</​code>​
 +  - Setup the ntp daemon<​code>​
 +vi /​etc/​chrony.conf
 +</​code><​code ini>
 +#server 0.centos.pool.ntp.org iburst
 +#server 1.centos.pool.ntp.org iburst
 +#server 2.centos.pool.ntp.org iburst
 +#server 3.centos.pool.ntp.org iburst
 +server 10.118.76.2
 +</​code><​code>​
 +systemctl start chronyd
 +
 +systemctl enable chronyd
 +</​code>​
 +  - Configure root’s mail to redirect<​code>​
 +vi /​etc/​aliases
 +</​code><​code ini>
 +root:​ adminteam@company.tld
 +</​code><​code>​
 +newaliases
 +
 +vi /​etc/​postfix/​main.cf
 +</​code><​code ini>
 +relayhost = smtp.server.tld
 +</​code><​code>​
 +systemctl restart postfix
 +</​code>​
 +  - Set the email addresses for CRON<​code>​
 +crontab -e
 +</​code><​code ini>
 +MAILFROM=serername@company.tld
 +MAILTO=adminteam@company.tld
 +</​code>​
 +  - Configure Account Compliancy<​code>​
 +vi /​etc/​login.defs
 +</​code><​code ini>
 +PASS_MAX_DAYS 70
 +PASS_MIN_DAYS 1
 +PASS_MIN_LEN 8
 +PASS_WARN_AGE 7
 +</​code><​code>​
 +vi /​etc/​default/​useradd
 +</​code><​code ini>
 +INACTIVE=110
 +</​code><​code>​
 +mkdir /​root/​scripts
 +
 +cp account_compliance.sh /​root/​scripts
 +
 +chmod 770 /​root/​scripts/​account_compliance.sh
 +
 +crontab -e
 +</​code><​code ini>
 +_ 0 * * 1-5 /​root/​scripts/​account_compliance.sh
 +</​code>​
 +  - Create the admin user accounts(Start with an ID of 1001)<​code>​
 +useradd -u 1XXX admXXXXX
 +
 +passwd admXXXXX
 +</​code>​
 +  - Add the admin users to the wheel group<​code>​
 +usermod -a -G wheel username
 +</​code>​
 +  - Set SSH to only allow specific users<​code>​
 +vi /​etc/​ssh/​sshd_config
 +</​code><​code ini>
 +AllowGroups wheel
 +</​code>​
  
os/linux/centos7.1536295164.txt.gz · Last modified: 2018/09/07 00:39 by joew