Part 1: Bootstrap a linux box

1) I prefer RHEL (redhat, fedora, centos).

2) Perform a system update:

yum -y update

3) Install and configure ntpd, the dns client, the network interfaces, EPEL, etc.

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
echo "nameserver [dns server's ip]" > /etc/resolv.conf
yum -y install ntp
echo "server 0.us.pool.ntp.org" >> /etc/ntp.conf
echo "server 1.us.pool.ntp.org" >> /etc/ntp.conf
echo "server 2.us.pool.ntp.org" >> /etc/ntp.conf
echo "server 3.us.pool.ntp.org" >> /etc/ntp.conf
ntpdate us.pool.ntp.org
chkconfig ntpd on
service ntpd start
vim /etc/hosts
#add the following to the first line:
## www.domainy.com

4) Disable ipv6:

vi /etc/grub.conf
# edit the kernel lines to include:
ipv6.disable=1

5) reboot, as you will boot to the updated kernel.

6) Install some additional packages that you might want:

yum -y install lsof bind-utils vim wget make gcc glibc gcc-c++ pcre pcre-devel libxml2-devel glibc glibc-common openssl-devel openssl net-snmp net-snmp-devel net-snmp-utils

7) Deal with SElinux:
Setting SElinux to permissive should only be done on a temporary basis, but adjusting the SElinux policy will harden the server:

setenforce permissive && sed s/"SELINUX=enforcing"/"SELINUX=permissive"/ -i /etc/sysconfig/selinux

8) create a cronjob that checks for updates for packages daily and sends you an email:

curl -k https://gist.github.com/mbrownnycnyc/8ce67070b17144803f4f/raw/95b781dc38bc257ed70b0396ba9c0835b26a167e/check-yum-updates.sh -o /etc/cron.daily/check-yum-updates.sh
chmod 755 /etc/cron.daily/check-yum-updates.sh
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: