$WORK is now using CentOS as the primary Linux operating system.

When building a new CentOS box, I find myself searching for the same articles over and over, so I think it’s time to build a singular list of instructions on how I prefer to stand up a CentOS box, whether it be virtual or on bare metal.

Get the ISO and Install

Obiviously we can’t do much without the operating system to begin with. You can find downloads at http://wiki.centos.org/Download.

If you get the minimal ISO, the rest of the instructions below make more sense.

You can burn a CD-ROM or make a boot USB flash drive. Just install as you normal would anything else.

Networking

The minimal install does not come up with networking installed, which is honestly quite silly. Why would you want a Linux box that doesn’t talk on the network?

Firsts things first, let’s enable the default networking adapter:

sed -i 's/ONBOOT=no/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-eth0

Or you can vi /etc/sysconfig/network-scripts/ifcfg-eth0 and change the ONBOOT=yes instead of ONBOOT=no

If you are plugged into the local ethernet, you can service network start or reboot and log back in.

Punch List

IPTables and SSH

I don’t recommend disabling iptables, even in a private network. There are to many external factors that might cause problems with your machine.

Let’s set things up so we can have ssh access to the box.

iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart
service sshd restart
chkconfig sshd on

Now we can log in through ssh instead of having to be on the console.

We can always add rules later on to open up web servers, EPMD, etc.

Bonjour or ZeroConf

My laptop is a Apple MacBook Pro, so I prefer to make things easy for myself by setting up avahi. I had a devil of a time trying to get it to work at first by making things more difficult than they where.

yum -y install avahi  dbus nss-mdns 
chkconfig messagebus on
chkconfig avahi-daemon on

You will then need to edit:

vi /etc/nsswitch.conf

The hosts: line should look something like:

hosts:      files mdns4_minimal dns mdns mdns4

Pretty simple.

Other packages

Yum is your friend when dealing with CentOS. Learn it, use it, embrace it.

Here are some other things I find myself installing all the time.

yum install -y git vim wget
yum groupinstall -y "Development Tools"

Fini

After a reboot, you should have a functional machine that you can ssh into and do pretty much whatever with.



Published

18 December 2013

Category

infrastructure

Tags