Baseline Server Image

  • OS: CentOS 7 Minimal
    • Obtain ISO from https://www.centos.org/download/
    • Create Bootable USB
      • On a CentOS 6.5, Ubuntu 16, or newer OS: run dd if=/path/to/OS/CentOS-7-x86_64-Minimal-1804 of=/dev/sdb (assuming /dev/sdb is path to USB thumb drive)
      • On Windows: download dd for Windows > rename downloaded executable to dd.exe > move dd.exe to PATH (such as C:\Windows\System32) by running MOVE C:\Users\USERNAME\Desktop\dd.exe C:\Windows\System32 > Use diskpart as shown in the notes in the Miscellaneous section > run dd if=/path/to/ISO/CentOS-7-x86_64-Minimal-1804.iso of=\\.\d: (given that D:\ is the correct USB removable volume for the bootable image)
  • Apps & Dependencies:
# Sudo baseline:
yum update -y && yum install -y gcc gcc-c++ wget kernel-devel curl vim ntp ntpdate cvs rsync
  • Network Time Service:
yum install -y ntp ntpdate
systemctl start ntpd
systemctl enable ntpd
ntpdate -u -s 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org 3.north-america.pool.ntp.org
systemctl restart ntpd
hwclock -w
timedatectl set-timezone America/Los_Angeles
timedatectl
  • Service Accounts:
# Default account for running services
adduser webadmin
groupadd webadmin
usermod -a -G webadmin webadmin
 
# backup user account
adduser backup
groupadd backup
usermod -a -G backup backup
  • Add users
# Change user1 to actual username when running these lines
adduser user1
groupadd user1
usermod -a -G user1 user1
 
# Allow user1 to change into webadmin
vim /etc/sudoers
# Add this line
user1 ALL=(webadmin)NOPASSWD:ALL
  • SSH:
# Create a group named permitssh and add users into it
groupadd permitssh
gpasswd -M user1,user2 permitssh
 
# Configure ssh
vim /etc/ssh/sshd_config
 
# Ensure that these entries exist
#Port xxxxx
#AllowGroups permitssh
 
# Configure SELinux for ssh non-standard port
sudo yum -y install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp xxxxx
 
# Configure firewall to open port xxxxx
sudo firewall-cmd –permanent –zone=public –add-port=xxxxx/tcp
sudo firewall-cmd –reload
sudo systemctl restart sshd.service
 
# Check ssh service port
ss -tnlp | grep ssh
 

Import Package Source: LAMP Stack
 
# Pull pkgsrc from NAS while login to target machine
cd /home/webadmin/
sftp -oStrictHostKeyChecking=no webadmin@x.x.x.x:/mnt/array1/operations/BackUps/pkgsrc_baseline
get pkgsrc_baseline.gz
exit
 
# Alternative method: login to a PKGSRC host as webadmin to make the source files as a tarball
#tar -C /home/webadmin -cvzf /tmp/pkgsrc.gz pkg usr
#chmod 777 /tmp/pkgsrc.gz
 
# Pull the tarball from origin while login to target machine as webadmin
#rsync -chavP -e ‘ssh -p 10039’ webadmin@x.x.x.x:/tmp/spkgsrc.gz /home/webadmin
 
# Untar at destination
tar xvzf pkgsrc_baseline.gz

 
 
Posted on Categories Linux

Leave a Reply

Your email address will not be published. Required fields are marked *