All of the commands specified in this document shall be executed via remote ssh (for example putty) unless specifically noted, NOT based on a GUI session. The goal is to remove the need to access the vm directly (through vsphere, vnc or the like).
Install the Linux distribution with defaults to the greatest extent possible.
Install all software with defaults to the greatest extent possible.
All resulting management expectations are aligned with vendor supplied documentation or readily accepted industry standards and approaches.
All Linux applications and utilities that are available in public official yum repositories.
Mount partitions in fstab
others?
Login as the user you created during installation.
Change user to root.
su -
Uncomment the line that allows people in the wheel group to run all commands.
visudo
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
At this point, users shall never login as root. Nor shall users su. All administrative control shall be accomplished through sudo.
Create the user as with wheel group membership and set the password.
sudo /usr/sbin/useradd -c "theUserName" -G wheel theUserId
sudo passwd theUserId
Verify that the added user is present in the passwd file
cat /etc/passwd | grep theUserId
Verify that the added user is a member of the wheel group and a new private user group is present in the group file
cat /etc/group | grep theUserId
Modify users that are to have administrator access to be included in the wheel group as necessary.
sudo /usr/sbin/usermod -G wheel theUserId
TODO
Uncomment the line that permits root login (PermitRootLogin no).
sudoedit /etc/ssh/sshd_config
Restart the sshd service to make the changes take affect.
sudo /sbin/service sshd restart
sudoedit /etc/pam.d/system-auth
Add the pam_tty_audit module to the pam stack (at the end of the file).
session required pam_tty_audit.so disable=* enable=root
Review the command audit trail for all future root sessions by executing the aureport command.
sudo /sbin/aureport --tty -ts today
Normal sudo logging is available at /var/log/secure.
sudo cat /var/log/secure
TODO
Edit the issue file:
sudoedit /etc/issue
Add or replace anything you want to show to users on login attempt.
Edit the ssh configuration file.
sudoedit /etc/ssh/sshd_config
Add the following line to the end of the file:
Banner /etc/issue
Restart the sshd service to make the changes take affect.
sudo /sbin/service sshd restart
Select the VM/Install VMWare tools menu.
Create the mount directory if it does not exist.
sudo mkdir /media/cdrom
Un-mount any previously mounted device if necessary.
sudo umount /media/cdrom
The netops staff has to make sure that the VMWare tolls ISO is mounted in VSphere
Mount the device with the vmware tools.
sudo mount /dev/cdrom /media/cdrom
Extract the install archive.
tar -zxvf /media/cdrom/VMwareTools-*.tar.gz -C ~
Unmount the device.
sudo umount /media/cdrom
Execute the install.
cd ~/vmware-tools-distrib/
sudo ./vmware-install.pl
Accept the defaults for all prompts. except for the screen resolution (1024x768 seems lika a good choice).
Clean up after yourself. Remove the archive and the extracted directory.
rm -rf ~/vmware-tools-distrib
rm ~/VMwareTools-*.tar*
On your local machine download and install Xming using default settings.
Launch XLaunch.
“Multiple windows”, Next >
“Start a program”, Next >
Start program: xterm,
“Using PuTTY”
Conntect to computer: hostname
Login as user: username
Password: password
Next >
Next >
How do I setup a yum or up2date repository to use a locally mounted DVD with Red Hat Enterprise Linux 4, 5 and 6? From the Redhat customer portal.
sudoedit /etc/yum/pluginconf.d/rhnplugin.conf
Create the repo file.
sudoedit /etc/yum.repos.d/rhel-media.repoe
With the following content.
[rhel5.5-media]
name=rhel-$releasever - Media
baseurl=file:///media/cdrom/Server/
gpgcheck=0
enabled=1
(make sure that the ISO is connected in the VM).
#create the mount directory if it does not exist
sudo mkdir /media/cdrom
#umount if it already existed
sudo umount /media/cdrom
sudo mount /dev/cdrom /media/cdrom
TODO
sudo yum update
TODO rhn-register?
TODO
TODO
At the GRUB splash screen at boot time, press any key to enter the GRUB interactive menu.
Select Red Hat Enterprise Linux with the version of the kernel that you wish to boot and type a to append the line.
Go to the end of the line and type single as a separate word (press the Spacebar and then type single). Press Enter to exit edit mode.
Also see Booting into Single-User Mode
Update the SELinux configuration to permissive mode instead of the default enforcing mode (see Enabling or Disabling Enforcement)
Check the current SELinux configuration.
sudo /usr/sbin/getenforce or sudo /usr/sbin/sestatus
If needed, update the SELinux configuration file.
sudoedit /etc/selinux/config
Change SELINUX=enforcing to SELINUX=permissive.
The configuration file is only used at boot time. Activate the the change in the running system. Note that the system-config-securitylevel-tui script takes care of doing both of these steps for you.
sudo /usr/sbin/setenforce Permissive
The system-config-securitylevel-tui script uses lokkit underneath.
sudo /usr/sbin/lokkit -q --selinux='permissive'
Open configuration file, enter:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
Append hostname, enter:
DHCP_HOSTNAME=host name to register in dns
Save and close the file. Restart network service:
sudo service network restart
Please refer to dhclient.conf man page for more information, enter:
man dhclient.conf
Ripped off from here: http://www.cyberciti.biz/faq/howto-get-linux-static-dhcp-address/