Installing the Operating System¶
CentOS 7 Setup¶
We are re going to install a minimal CentOS 7 distribution. You can get a copy of the .iso the image used for the installation here.
Boot up the installation DVD and start the CentOS 7 Installation wizard.
Under Keyboard and choose the keyboard layout
Under Networking configure your network interface according to your infrastructure you can either set it to DHCP to automatically get all the settings from a local DHCP server or configure it by hand.
Under Select Date & Time an set appropriate Date and Time settings. Enable NTP synchronization to periodically get date and time settings from CentOS servers
Under Installation Destination select the hard disk where CentOS will be installed.
You may select “Automatically configure partitioning” or configure the partionts by yourself. You may use the following partitioning scheme if you wish:
Partition Label Partition Type Size Mount Point boot ext3 700 MB /boot root ext4 35 GB / swap swap 4 GB Click on Begin Installation
Now set the password for the
rootuser. Also click on User Creation to create thetooruser (an unprivileged user).Wait for the installation process to finish, then reboot your machine
Network configuration¶
The network configuration should already be set, since it was set during CentOS setup stage.
You may want to review the configuration files
/etc/sysconfig/network-scripts/ifcfg-DEVICE
You may also want to review the file /etc/resolv.conf
to check the nameservers.
Check that the connection is up by pinging an external server:
ping 8.8.8.8
Check that the DNS are properly configuring by pinging a host by its name:
ping google.com
Attention
Please note that in CentOS only ssh incoming connections are allowed; all other incoming connections are disabled by default.
In the paragraph related to the httpd service you can find details about how to enable incoming traffic.
Note that after configuring the network, you may continue installing the system setup using a ssh connection.
User access configuration¶
Login as root user and give the toor user administrative privileges
by adding him to the wheel group:
usermod -aG wheel toor
SSH access¶
Allow SSH connections through the firewall¶
On CentOS 7 the firewall is enabled by default. To allow SSH clients to connect to the machine allow incoming connections on port 22:
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --reload
Disable SSH login for the root user¶
Warning
Before you disable root login make sure you are able to login via SSH with
toor user account and you have the privileges to run sudo su to
switch to the root user account.
Edit file /etc/ssh/sshd_config to disable root login via SSH:
PermitRootLogin no
Public key authentication¶
Public key authentication is generally considered a safer way to authenticate users for SSH access. Let’s set it up and disable password based authentication
First generate a public/private key pair using ssh-keygen:
ssh-keygen
Follow the procedure, you will end up with your newly generated key under ~/.ssh
Now copy your public (by default it is called id_rsa.pub) key over the CentOS
machine in /home/toor/.ssh/authorized_keys. There are several ways to do
it, we are going to use the ssh-copy-id tool:
ssh-copy-id -i ~/.ssh/id_rsa.pub toor@<server-ip-address>
You should now be able to login via SSH as toor without been asked for
the password:
ssh toor@<server-ip-address>
You can now disable password based login over SSH
Warning
Before disabling password authentication make sure you’ ve installed your public key on the server and you are able to login without password
Edit /etc/ssh/sshd_config as follows:
...
RSAAuthentication yes
...
PubkeyAuthentication yes
...
PasswordAuthentication no
...
UsePAM no
...
Installing ntp¶
Install the program for ntp server synchronization:
yum install ntp
Optionally, edit /etc/ntp.conf and add your own ntp servers before the first server directive.
For instance, in Italy you may want to use the institutional time server:
server tempo.ien.it # Galileo Ferraris
Replace tempo.ien.it with your nearest ntp server.
Sync with the server by issuing:
systemctl start ntpd
Set the time synchronization as an autostarting daemon:
systemctl enable ntpd
Installing base packages¶
Install:
yum install man
yum install vim
yum install openssh-clients # also needed for incoming scp connections
yum install mc # mc (along with zip) can be used to navigate inside .war files
yum install zip unzip
yum install wget curl
yum install git