System Prep
Step 1: Now we will remove all software groups, to get Centos to a minimum
Step 1.1: Run grouplist to see what software groups that are installed:
yum grouplist
Step 1.2: Remove all groups that are installed EXCEPT “Yum Utilities”
yum groupremove "GroupName"
Step 2: Lets disable unneeded services:
chkconfig anacron off chkconfig atd off chkconfig auditd off chkconfig cpuspeed off chkconfig kudzu off chkconfig netfs off chkconfig ip6tables off chkconfig smartd off chkconfig pcscd off chkconfig cups off chkconfig mcstrans off chkconfig nfslock off chkconfig rpcgssd off chkconfig rpcidmapd off chkconfig portmap off chkconfig nfs off
Step 3.1: Use this command to check what services that are setup to run
chkconfig --list | grep :on
Step 3.2: You should have these services running:
anacron, crond, iptables, irqbalance, kudzu, mcstrans, network, readahead_early, restorecond, sshd, syslog, sysstat, yum-updatesd
Step 4: Lets upgrade Centos to the newest, and install some tools:
yum -y upgrade yum -y install wget bzip2 unzip zip fileutils gcc gcc-c++ ncurses-devel pam-devel libxml2-devel libxslt-devel yum -y install binutils autoconf automake libtool zlib lsof man man-pages mlocate quota yum-utils yum -y install sendmail rsync sysstat vixie-cron bzip2-devel m4 flex byacc wget which mailx
Step 5: Install and syncing NTP time service:
yum -y install ntp chkconfig --levels 235 ntpd on ntpdate 0.pool.ntp.org /etc/init.d/ntpd start
Step 6: Install EPEL Repo, giving access to more software thats not in the Centos base. More info here
(32Bit) rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm (64Bit) rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm
Step 7: Install RPMForge Repo, giving access to more software thats not in the Centos base. More info here
(32Bit) rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm (64Bit) rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
Step 8: This will change minimum password lenght to 8, if you want higher minimum lenght, change the number.
sed -i s/PASS_MIN_LEN.*/PASS_MIN_LEN\ 8/ /etc/login.defs
Step 9.1: Changing server hostname:
nano -w /etc/sysconfig/network
Step 9.2: Find HOSTNAME= and change it to etc srv01.maxisecure.com or something else of your choice:
HOSTNAME=s01.yourdomain.com
Step 9.3: Now a reboot:
shutdown -r now
Great stuff here. But would like to see a summary of what services we are shutting off above. I don’t know what half those things are, and am taking your word on it that I don’t need them!
Great work on the site
Cheers for making this info available.
Some extra info about each step would make it less confusing to a novice linux user.
For example, these look conflicting to me:
Step 2: Disable uneeded services: chkconfig anacron off…
Step 3.2: You should have these services are running: anacron…
Also, chkconfig –list | grep
n lists the runlevels. Its not obvious what to look for here, from your description. Which levels should something be on, or off at?
Thanks for your time in setting up this site and making this info available.
Hello Austin You can check what every package does by rpm -qi `rpm -qf /etc/init.d/portmap`
or
for _P in anacrong atdg auditdg cpuspeedg kudzug netfsg ip6tablesg smartdg pcscdg cupsg mcstransg nfslockg rpcgssdg rpcidmapdg portmapg nfsg; do rpm -qi `rpm -qf /etc/init.d/${_P}`; done
And if You just blind follow instructions found in any website – this site is not for You ;(
With all due respect, if you can’t identify at least 75% of what those things are that are being disabled you shouldn’t be using a quick step guide you should be reading a book
In Step 2 kudzu, mcstrans are disabled, but you list them in Step 3.2
I would add to install nano and then run updatedb
Excellent information, really appreciate the publish. A little detailed explanation about the services would be great.
Step4 – wget is mentioned twice
Chris, pls update the article and erase my posts