Monday, 28 January 2013

CentOS Installation



CentOS 5 Minimal Install Document 

Insert the CD labeled CentOS 5.0 i386 DISK1 into the CD-ROM Drive.
After booting from Linux CDROM
            At the boot prompt: [ Press <Enter>]
At the “CD Found” screen, choose "Skip" to skip the media test
     
Choose a Language Selection:
                        Select “English” [Click Next OR Press <Enter>]
            Keyboard Configuration:
                        Select “us” [Click Next OR Press <Enter>]
                       
            Disk Partitioning Setup:
            Choose “Custom  Partition” [Click Next]

            Choose the appropriate disk

* [Click new] it will open menu, inside that select boot partition and make it 500MB [click ok]

*Select rest of the space [click new],it will open menu ,inside that select lvm and make it all the remaining  space as  LVM [click ok]

* [click LVM] create a partition as given below

Disk Setup:
            Assuming a 40 GB partition called /dev/sda (this parameter will vary)
                        /dev/sda1 ==> /boot (500 MB)
                        /dev/sda2 ==> VolGroup00 (Rest of the Disk)
            VolGroup00
                        LogVol00 ==> / (Rest of the VolGroup00)
                        LogVol01 ==> swap (2GB or 2*RAM whatever is applicable)
                             LogVol02 ==> /tmp ( 5GB )
            [Click Next]

Networking Device:
Select Appropriate interface (mostly eth0) [Click Next OR Press <Enter>]
Disable ipv6 and dhcp
Enter  IP: <Given ip> and  Netmask: <Given Mask>  [click next]

Gateway: <Given ip>
Primary Dns server: <Given ip>
Secondary Dns server: <Given ip> [Click Next OR Press <Enter>]

Time Zone Selection:
            Click you mouse on “Asia/Calcutta” in the MAP [Click Next]


Set Root Password:
            Enter root password twice: Refer "Extra requirements document"
            [Click Next]

Package Group Selection: Select only the following packages:
Choose “Custom Now” [Click Next]

            Desktops:
X Window System -- Deselect All
GNOME Desktop -- Deselect All
KDE (K Desktop Environment) -- Deselect All
            Applications:
                        Editors -- Select vim-enhanced
                        Engineering and Scientific -- Deselect All
                        Graphical Internet -- Deselect All
                        Text-based Internet -- Select elinks
                        Office/Productivity -- Deselect All
                        Sound and Video -- Deselect All
                        Authoring & Publishing -- Deselect All
                        Graphics -- Deselect All
                        Games and Entertainment -- Deselect All
Development:
Development Libraries -- openssl-devel, perl-LDAP
Development Tools -- Select automake14, automake15, automake16, automake17, byacc, diffstat, elfutils, expect, ltrace, oprofile, patchutils, pfman
                        GNOME Software Development -- Deselect All
                        Java -- Deselect All
                        KDE Software Development -- Deselect All

                        Legacy Software Development -- Select All

                        X-Software Development -- Select libpng10-devel

                        Ruby – Deselect All

                       
            Servers: (select appropriate server packages based on final functionality)
DNS Name Server -- Select All
FTP Server -- Select All
Legacy Network Server – xinetd
Mail Server -- Select sendmail-cf, sendmail
MySQL Database -- Select  libdbi-dbd-mysql, mod-auth-mysql, mysql-server, php-mysql and perl-DBD-MySQL
Network Server – Dhcp
News Server -- Deselect All
PostgreSQL Database -- Deselect All
Printing Support -- Deselect All
Server Configuration Tools – system-config-services, system-config-bind
Web Server -- mod_perl, mod_python, mod_ssl, mod-auth-mysql, php, php-ldap, php-mysql, distache
                        Windows File Server -- Deselect All             
            Base Systems:
Administration Tools – Deselect All
Base—network manager, acpid, amtu, anacron, apmd, autofs,cpuspeed, dmraid, dos2unix,dump,eject, effect, ftp, gnupg, iptstate, irqbalance, krb5-workstation, jwhois, lftp ,libalo, logwatch, man pages, mdam, microcode_ctl, mlocate, mtr, mgetty, nc, netconfig, nfs-utils, nss-db, nss-ldap, numcatl, oddjab, pam_krb5, pam-ccreds, pam-passwdqc, pax, pinfo,pkinit-nss, pm-utils, rdate, rdist, readahead, redhat-isb, rng-utils, rsync, sendmail, setuptool, sos, spescpo, sudo, symlinks, sysreport, system-config-n/w-tul, tcp-wrappers, tcpdump, telnet, time, tree, wget, which, yum-updated,zip
Dialup N/W – Deselect All
Java – Deselect All
Legacy software support – compact-libgcc-296, compact-libstdc++-296, compact-libstdc++-33, compact-openldap
System Tools --- Select hwbrowser, mc, net-snmp-libs, net-snmp-utils,  openldap-clients, screen, sysstat

                        Xwindows systems --- Deselect All

                        Virtualization --  Deselect All

                        Clustering -- Deselect All

                        Cluster storage -- Deselect All

                        Language -- Deselect All

[click next]


            Once Installation is done [Click Reboot]
            Remove the CD from the CD-ROM Drive



Post-Installation:



Create a trusted user using the following commands

# useradd -g wheel username #(Replace 'username' with your username, any username except netmagic is fine)

# passwd username



The system will prompt you to enter the password (Make sure you have a mix of Uppercase, Lowercase, Numbers and Special Characters)

Enter the [password string]

Re-enter the [password string]

Note: Remember the password that you've set

Change the Locale from en_US.UTF-8 to en_US

# vi /etc/sysconfig/i18n

Change the first line to read

LANG="en_US"

It should now read like this

# cat /etc/sysconfig/i18n

    LANG="en_US"

    SUPPORTED="en_US.UTF-8:en_US:en"

    SYSFONT="latarcyrheb-sun16"



Logout and login again for the change to take effect
Update the OS for any updates that might have been released

Type this at the bash prompt

# yum check-update

# yum update

You can also use 'yum -y update' to automatically answer yes to all questions

Shutdown unnecessary services

Use the ntsysv command for doing this. We only need the following services to be on.

# ntsysv

anacron

arptables_jf

cpuspeed

crond

haldaemon

httpd

iptables

irqbalance

lm_sensors

messagebus

network

readahead_early

sshd

syslog

sysstat

yum

You can cross check the same using this command.

# chkconfig --list | grep 3:on | sort

Secure the SSH Server

Edit /etc/ssh/sshd_config to use Protocol 2 only and disable direct root access using the 'PermitRootLogin no' directive.

# vi /etc/ssh/sshd_config

A simple grep / egrep of the sshd_config file should look like this

# egrep '^Protocol|^PermitRootLogin' /etc/ssh/sshd_config

    PermitRootLogin no


Make /tmp noexec :



1) Create a executable test file in /tmp :

    Edit /tmp/test.sh

    #!/bin/bash

    echo "Still working"

    chmod 755 /tmp/test.sh



2)   Execute it :

    /tmp/test.sh

     Output:

     Still working

   

3) Now Modify fstab to change the defaults  permissions for /tmp to read nosuid,noexec instead.

   Eg.

   Old:

   tmpfs                   /dev/shm                tmpfs   defaults        0 0



    New :

   tmpfs                   /dev/shm                tmpfs   nodev,nosuid,noexec        0 0



4) Reload fstab using below :

   mount -o remount,noexec,nodev,nosuid /tmp



5) Now verify if its working desirably - Execute /tmp/test.sh

   Output:

   -bash: /tmp/test.sh: /bin/bash: bad interpreter: Permission denied


Disable  Selinux
Disable selinux in /etc/selinux/config file by changing enforcing to disable.
#SELINUX=disabled

Reboot the server

# reboot

OR

# shutdown -nr now
Once the server reboots successfully, login again.
 
RPMs to install –
yum remove aspell aspell-en atk authconfig autofs avahi avahi-compat-libdns_sd \
bitstream-vera-fonts bluez-gnome bluez-libs bluez-utils cairo ccid coolkey \
cpuspeed crash cups cups-libs desktop-file-utils dhcpv6-client dnsmasq \
dos2unix dosfstools ecryptfs-utilsed eject fbset finger firstboot-tui \
fontconfig freetype GConf2 gpm gtk2 hicolor-icon-theme htmlview ifd-egate \
iptables-ipv6 irda-utils irqbalance jwhois krb5-workstation ksh libdrm \
libICE libjpeg libnotify libpng libSM libtiff libwnck libX11 libXaulibXcursor \
libXdmcp libXext libXfixes libXft libXi libXinerama libXrandr libXrender \
libXres libXt libXxf86vm mailcap man man-pages mdadm mesa-libGL microcode_ctl \
mkbootdisk mtools nano NetworkManager NetworkManager-glib newt \
notification-daemon ntsysv numactl ORBit2 pam_ccreds pam_krb5 pam_pkcs11 \
pam_smb pango paps pcmciautils pcsc-lite pcsc-lite-libs pinfo procmail rdate \
redhat-lsb redhat-menus rhpl rp-pppoe rsh sendmail setuptool slang sos \
specspo startup-notification syslinux system-config-network-tui \
system-config-securitylevel-tui tcpdump trousers unix2dos vconfig \
wireless-tools words wpa_supplicant xorg-x11-filesystem ypbind \
yp-tools yum-updatesd

Gnome Desktop configuration

# yum groupinstall "X Window System" "GNOME Desktop Environment"



                                           Or
# yum -y install xorg-X11 system-config-display gdm xterm gnome-desktop gnome-session
Run `system-config-display` to generate the "xorg.conf" file which will be saved to "/etc/X11/xorg.conf".
Set the runlevel to 5 in "/etc/inittab" and reboot.

                                                             Or
. Just mount your CentOS CD/DVD on /media/cdrom.
# mkdir /media/cdrom
# mount /dev/cdrom /media/cdrom/
The following will give you a fully functional GNOME core desktop:
# yum --disablerepo=\* --enablerepo=c5-media install \
gnome-session system-config-display xorg-x11-xinit gdm \
dbus-x11 gnome-applets
The following will add few basic GNOME utilities / tools:
# yum --disablerepo=\* --enablerepo=c5-media install \
gnome-terminal nautilus gedit firefox.x86_64
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)