ARTICLES

STANDARD INSTALL FOR A NEW CENTOS 7 SERVER

 

A Checklist of Useful Commands to Setup CentOS Server

1. whilst installing CentOS 6 make sure to configure the NICs BEFORE the end of the setup process

2. Install with minimal setup.

2.1 yum upgrade -y

3. yum install screen telnet wget openssh-clients perl mlocate ntpdate make gcc net-tools open-vm-tools yum-plugin-security -y

3.1 add to crontab - 

@daily /usr/bin/yum --security update -y

NB - open-vm-tools on Centos 7 installs VM Tools without having to do it from the ESXi console in seconds.

4. Install Centrify 

Download it here:

www.centrify.com/express/linux-unix/download/

cd centrify

./install-express.sh

(Follow the defaults)

5. Install OSSEC agent

 

https://ossec.github.io/downloads.html

6. Disable Selinux and Flush firewall: 

iptables -F

vi /etc/selinux/config

change enforcing to disabled

8. Increase Ulimit: 

ulimit -n 65535

and for after reboot:

vi /etc/security/limits.conf 

Add the following two lines with the number you require replacing 65535: (Put this as the last two lines before #End of File)

* soft nofile 65535

* hard nofile 65535

9. Run this command to ensure messages for root go to sysadmin: 

echo "root:           This email address is being protected from spambots. You need JavaScript enabled to view it. " >> /etc/aliases

10. Install the Sun jdk - get it from here:

http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

chmod 755 jdk-8u60-linux-x64.rpm

yum install -y jdk-8u60-linux-x64.rpm

11. Uncomment the following line in /etc/sudoers changing the Group name to Developers:

%developers ALL=(ALL) NOPASSWD: ALL

12. Add the following line to the bottom of /etc/centrifydc/ssh/sshd_config, again substituting hibis for Developers if it is to be a Developer server, leaving nagios to ensure passwordless ssh logon if required.

echo "AllowGroups developers" >> /etc/centrifydc/ssh/sshd_config

13. If the server is a Dell physical server, install Openmanage:

 

Download the repo data:

wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash

Install the Packages:

yum install srvadmin-all -y

Start the Services:

/opt/dell/srvadmin/sbin/srvadmin-services.sh start

Access the server at https://hostname:1311

Login with Root access details.

 

14. Make server reboot after 10 seconds if kernel panic.

echo "kernel.panic = 10" >> /etc/sysctl.conf

 

15. Get rid of firewalld

yum install -y iptables-services


Gimme my iptables back:

systemctl mask firewalld

systemctl enable iptables

 

(and if you need ip6tables, add an extra enable line for it)

Stop firewalld, start iptables

systemctl stop firewalld

systemctl start iptables

(and start ip6tables if you need it)

Do your iptables modification just like before and save with

iptables-save>/etc/sysconfig/iptables