CentOS7 Linux alap konfiguráció

Ahol sok virtuális gépet használunk, célszerű egy jól felkonfigurált template gépet telepíteni, amit másolva csak a specifikus beállításokat kell elvégezni.

CentOS7 esetén az alábbi alap Linux konfigurációt szoktam elvégezni:

Alapcsomagok

yum install epel-release

yum install mc less openssh-server nano telnet net-tools wget curl nload subversion  screen

Kernel konfigurácó

/etc/sysctl.d/kerneltuning.conf

vm.swappiness = 10

net.core.somaxconn = 2048

net.ipv4.tcp_max_syn_backlog = 512

net.ipv4.ip_forward = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_fin_timeout = 30

Tmp mount

/etc/fstab

tmpfs   /tmp tmpfs     defaults,nodev,noexec,nosuid,noatime     0 0

Helyi hálózat

systemctl disable NetworkManager

/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1

BOOTPROTO=none

ONBOOT=yes

TYPE=Ethernet

Ipaddr=192.168.10.251

Prefix=24

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=no

NAME=\"System eth1\"

ZONE=dmz

Gateway=192.168.10.254


/etc/sysconfig/network-scripts/ifcfg-eth2

DEVICE=eth2

BOOTPROTO=none

ONBOOT=yes

TYPE=Ethernet

Ipaddr=192.168.11.251

Prefix=24

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=no

NAME=\"System eth2\"

ZONE=internal

Hostname

/etc/sysconfig/network

Hostname

/etc/hosts

fqdn

Mail

/etc/postfix/main.cf

myhostname

relayhost = mailrelay.local

/etc/aliases

root: admin@organization

newaliases

NTP

yum install ntp ntpdate

systemctl enable ntpd

systemctl disable chronyd

systemctl restart ntpd

Selinux

/etc/sysconfig/selinux

SELINUX=permissive

Yum-cron

yum install yum-cron

/etc/yum/yum-cron.conf

update_cmd = security

apply_updates = yes

systemctl enable yum-cron

Fail2ban

yum install fail2ban

systemctl enable fail2ban

/etc/fail2ban/jail.d/01-ssh.conf

[default]

# Ban hosts for one hour:

bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:

banaction = iptables-multiport

[sshd]

enabled = true

systemctl restart fail2ban

Firewall

systemctl enable firewalld

firewall-cmd --zone=public --change-interface=eth0

firewall-cmd --zone=dmz --change-interface=eth1

firewall-cmd --zone=internal --change-interface=eth2

firewall-cmd --reload

Monitoring

Zabbix agent

rpm -Uvh http://repo.zabbix.com/zabbix/2.4/rhel/7/x86_64/zabbix-release-2.4-1.el7.noarch.rpm

yum install zabbix-agent zabbix-sender

systemctl enable zabbix-agent

Syslog-ng

yum install syslog-ng

systemctl enable syslog-ng

/etc/syslog-ng/syslog-ng.conf

...

destination logserver { tcp(\"logcenter.local\" port(514) ); };
log { source(s_sys); destination(logserver); };

filter f_iptables   { facility(kern) and message(\"IN=\") and message(\"OUT=\"); };
destination firewall { file(\"/var/log/firewall\" suppress(30)); };
log { source(s_sys); filter(f_iptables); destination(firewall); };


Kulcsszavak: Linux, CentOS, Template

Új hozzászólás: