Centos 7 Base Build

Here are some basic build notes for Centos 7

Get Latest Updates

yum update

Timezone

timedatectl set-timezone Europe/London

NTP

sudo yum install ntp

Next, you need to start the service for this session. We will also enable the service so that it is automatically started each time the server boots:

sudo systemctl start ntpd
sudo systemctl enable ntpd

Swapfile

dd if=/dev/zero of=/mnt/swapfile bs=1M count=1024
mkswap /mnt/swapfile
chmod 600 /mnt/swapfile
sh -c 'echo "/mnt/swapfile none swap sw 0 0" >> /etc/fstab'

swapon /mnt/swapfile

free -m

Essentials

yum install epel-release
yum install wget htop sysstat net-tools zip unzip mailx

SSH

/etc/ssh/sshd_config
Add / Change SSH Port 2222
#Check Firewall port is added – Firewall maybe running by default
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --reload

Add SElinux check

semanage port -a -t ssh_port_t -p tcp 2222
service sshd restart

Enable SElinux

yum install policycoreutils-python
vi /etc/selinux/config

Create user (with sudo)

adduser user
usermod -aG wheel user
passwd user

Enable SysStat

systemctl enable sysstat
systemctl start sysstat

Using SSH Public Keys

vi /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
systemctl restart sshd
su - user
mkdir .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys
chmod 600 authorized_keys

You may also like...