STANDARD INSTALL FOR A NEW CENTOS 7 SERVER
A Checklist of Useful Commands to Setup CentOS Server
1. whilst installing CentOS 6 make sure to configure the NICs BEFORE the end of the setup process
2. Install with minimal setup.
2.1 yum upgrade -y
3. yum install screen telnet wget openssh-clients perl mlocate ntpdate make gcc net-tools open-vm-tools yum-plugin-security -y
3.1 add to crontab –
@daily /usr/bin/yum –security update -y
NB – open-vm-tools on Centos 7 installs VM Tools without having to do it from the ESXi console in seconds.
4. Install Centrify
Download it here:
www.centrify.com/express/linux-unix/download/
cd centrify
./install-express.sh
(Follow the defaults)
5. Install OSSEC agent
6. Disable Selinux and Flush firewall:
iptables -F
vi /etc/selinux/config
change enforcing to disabled
8. Increase Ulimit:
ulimit -n 65535
and for after reboot:
vi /etc/security/limits.conf
Add the following two lines with the number you require replacing 65535: (Put this as the last two lines before #End of File)
* soft nofile 65535
* hard nofile 65535
9. Run this command to ensure messages for root go to sysadmin:
echo “root: youremail@address.com” >> /etc/aliases
10. Install the Sun jdk – get it from here:
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
chmod 755 jdk-8u60-linux-x64.rpm
yum install -y jdk-8u60-linux-x64.rpm
11. Uncomment the following line in /etc/sudoers changing the Group name to Developers:
%developers ALL=(ALL) NOPASSWD: ALL
12. Add the following line to the bottom of /etc/centrifydc/ssh/sshd_config, again substituting hibis for Developers if it is to be a Developer server, leaving nagios to ensure passwordless ssh logon if required.
echo “AllowGroups developers” >> /etc/centrifydc/ssh/sshd_config
13. If the server is a Dell physical server, install Openmanage:
Download the repo data:
wget -q -O – http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash
Install the Packages:
yum install srvadmin-all -y
Start the Services:
/opt/dell/srvadmin/sbin/srvadmin-services.sh start
Access the server at https://hostname:1311
Login with Root access details.
14. Make server reboot after 10 seconds if kernel panic.
echo “kernel.panic = 10” >> /etc/sysctl.conf
15. Get rid of firewalld
yum install -y iptables-services
Gimme my iptables back:
systemctl mask firewalld
systemctl enable iptables
(and if you need ip6tables, add an extra enable line for it)
Stop firewalld, start iptables
systemctl stop firewalld
systemctl start iptables
(and start ip6tables if you need it)
Do your iptables modification just like before and save with
iptables-save>/etc/sysconfig/iptables