System Prep



Step 1: Now we will remove all software groups, to get Centos to a minimum
Step 1.1: Run grouplist to see what software groups that are installed:

yum grouplist



Step 1.2: Remove all groups that are installed EXCEPT “Yum Utilities”

yum groupremove "GroupName"



Step 2: Lets disable unneeded services:

chkconfig anacron off
chkconfig atd off
chkconfig auditd off
chkconfig cpuspeed off
chkconfig kudzu off
chkconfig netfs off
chkconfig ip6tables off
chkconfig smartd off
chkconfig pcscd off
chkconfig cups off
chkconfig mcstrans off
chkconfig nfslock off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig portmap off
chkconfig nfs off



Step 3.1: Use this command to check what services that are setup to run

chkconfig --list | grep :on



Step 3.2: You should have these services running:
anacron, crond, iptables, irqbalance, kudzu, mcstrans, network, readahead_early, restorecond, sshd, syslog, sysstat, yum-updatesd


Step 4: Lets upgrade Centos to the newest, and install some tools:

yum -y upgrade
yum -y install wget bzip2 unzip zip fileutils gcc gcc-c++ ncurses-devel pam-devel libxml2-devel libxslt-devel
yum -y install binutils autoconf automake libtool zlib lsof man man-pages mlocate quota yum-utils
yum -y install sendmail rsync sysstat vixie-cron bzip2-devel m4 flex byacc wget which


Step 5: Install and syncing NTP time service:

yum -y install ntp
chkconfig --levels 235 ntpd on
ntpdate 0.pool.ntp.org
/etc/init.d/ntpd start



Step 6: Install EPEL Repo, giving access to more software thats not in the Centos base. More info here

(32Bit) rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
(64Bit) rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm



Step 7: Install RPMForge Repo, giving access to more software thats not in the Centos base. More info here

(32Bit) rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
(64Bit) rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm



Step 8: This will change minimum password lenght to 8, if you want higher minimum lenght, change the number.

sed -i s/PASS_MIN_LEN.*/PASS_MIN_LEN\ 8/ /etc/login.defs



Step 9.1: Changing server hostname:

nano -w /etc/sysconfig/network

Step 9.2: Find HOSTNAME= and change it to etc srv01.maxisecure.com or something else of your choice:

HOSTNAME=s01.yourdomain.com



Step 9.3: Now a reboot:

shutdown -r now
Comment (RSS)  |  Trackback

One Comment

  1. Austin says:
    2009/10/08 at 17:23

    Great stuff here. But would like to see a summary of what services we are shutting off above. I don’t know what half those things are, and am taking your word on it that I don’t need them!

    Great work on the site

Leave a Reply