Getting Started with CentOS7
-
I want to make a list of things to do when you first start off with a fresh CentOS7 install.
- Update CentOS7 (yum -y update)
- Create a new user (useradd username)
- Create password for new user (passwd username)
- Add user to the wheel group (gpasswd -a username wheel)
- uncomment the wheel group
- Disable SSH login for root
- Install EPEL (yum -y install epel-release)
- Install htop sysstat fail2ban
- Install sysstat
- Configure Fail2Ban
- Setup SSH Keys
- Configure SSH
- Set Hostname and FQDN
- a host entry to lookup the FQDN in a public DNS server.
What am I missing? What do you install on a fresh system?
Once we get everyone here agreeing on Best Practices, maybe I will write a script
-
@Aaron-Studer said:
- Add user to sudoers
Why wouldn't you just add the user to the wheel group that's already a sudoers. No need to add users individually.
-
@thecreativeone91 Good Suggestion. How do I do that?
-
-
@Aaron-Studer said:
@thecreativeone91 Good Suggestion. How do I do that?
He's correct, you "never" add users to sudoers, admin users go in wheel. Always have in UNIX. Just go into /etc/group, look for wheel and add the username(s) that you want to be admins.
-
Hostname and FQDN also need to be set. as well as possibly a host entry to lookup the FQDN in a public DNS server.
-
@thecreativeone91 Thanks, Will add.
-
Don't you have to uncomment out the wheel group? or No?
-
@Aaron-Studer said:
Don't you have to uncomment out the wheel group? or No?
In sudoers, yes, when on CentOS. I prefer the one that says "NOPASSWD", but you can use either.
-
@scottalanmiller got it. I assuiming this would all be easy to script out?
-
-
If you are going to script it, consider moving to Chef or Puppet.
-
@scottalanmiller doesn't that require more overhead? I wanted something a complete n00b could do.
-
@Aaron-Studer said:
@scottalanmiller doesn't that require more overhead? I wanted something a complete n00b could do.
That doesn't let them learn.. There's no reason to script it all. if they can't manage setting it up that shouldn't be doing it.
-
@thecreativeone91 said:
That doesn't let them learn.. There's no reason to script it all. if they can't manage setting it up that shouldn't be doing it.
Right, but I also want it for my own personal use.
-
@Aaron-Studer said:
@scottalanmiller doesn't that require more overhead? I wanted something a complete n00b could do.
Then scripting wouldn't make sense either. The same arguments against Chef would rule out scripting, right?
-
@Aaron-Studer said:
Right, but I also want it for my own personal use.
What is the goal here? What makes scripting good, manual bad and Chef too much overhead? I'm not aware of your use case so can't tell what factors are playing in.
-
Here is the use case.
Fire up a new VM - CentOS7
wget the script.
Run the script and have everything setup for you.
Then you just need to install whatever packages so need for that server (LAMP, etc)
-
How do you plan on managing RSA Keys or creating passwords for the new account if using a script rather than something like puppet/chef.
-
@Aaron-Studer said:
Here is the use case.
Fire up a new VM - CentOS7
wget the script.
Run the script and have everything setup for you.
Then you just need to install whatever packages so need for that server (LAMP, etc)
That's the solution, but not a goal. What is the goal? So make them learn a little, but not enough to know anything? But not make it completely transparent so that they have to do nothing?
