Oracle Linux/Installing

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
 
(8 intermediate revisions by one user not shown)
Line 9: Line 9:
 
==Network Config==
 
==Network Config==
 
If you installed the basic package, most likely the NIC is not configured for DHCP. try:<br>
 
If you installed the basic package, most likely the NIC is not configured for DHCP. try:<br>
  User ~ $ system-config-network
+
  <nowiki>User ~ $ system-config-network</nowiki>
 
Once DHCP is configured, the next step is to restart the NIC.<br>
 
Once DHCP is configured, the next step is to restart the NIC.<br>
  User ~ $ ifdown eth0
+
  <nowiki>User ~ $ ifdown eth0
User ~ $ ifup eth0
+
User ~ $ ifup eth0
 
   
 
   
Determining IP information for eth0... done.
+
Determining IP information for eth0... done.
User ~ $ifconfig eth0
+
User ~ $ifconfig eth0</nowiki>
 
Make sure your hostname is defined in /etc/sysconfig/network
 
Make sure your hostname is defined in /etc/sysconfig/network
  HOSTNAME=server.fqdn.com
+
  <nowiki>HOSTNAME=server.fqdn.com</nowiki>
 +
Also for the network config, put your FQDN in the hosts file @ /etc/hosts
 +
<nowiki>127.0.0.1  server.fqdn.com
 +
::1  server.fqdn.com
 +
OR
 +
127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4
 +
::1        localhost localhost.localdomain localhost6 localhost6.localdomain6
 +
ip.address fqdn.hostname
 +
</nowiki>
 +
 
 
====connect on boot====
 
====connect on boot====
 
By default the network interface comes turned off on boot.
 
By default the network interface comes turned off on boot.
  ~$ sudo cat /etc/sysconfig/network-scripts/ifcfg-eth0
+
  <nowiki>~$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
+
DEVICE=eth0
HWADDR=00:0c:29:4f:09:c8
+
HWADDR=00:0c:29:4f:09:c8
TYPE=Ethernet
+
TYPE=Ethernet
UUID=5eed1f7e-74da-4841-b03b-3d4cc0812ade
+
UUID=5eed1f7e-74da-4841-b03b-3d4cc0812ade
ONBOOT=no
+
ONBOOT=no
NM_CONTROLLED=yes
+
NM_CONTROLLED=yes
BOOTPROTO=dhcp
+
BOOTPROTO=dhcp
USERCTL=no
+
USERCTL=no
PEERDNS=yes
+
PEERDNS=yes
IPV6INIT=no
+
IPV6INIT=no</nowiki>
 
Change it so it automatically starts and connects on boot
 
Change it so it automatically starts and connects on boot
  ONBOOT=yes
+
  <nowiki>ONBOOT=yes</nowiki>
 
+
====Oracle linux 7====
 +
<nowiki>~$ sudo nmtui</nowiki>
 +
Within this you can configure the IPv4/IPv6, set them to automatic and to connect on startup.<br>
 +
You can also set the hostname.
  
 
==Setup yum Repo==
 
==Setup yum Repo==
Line 41: Line 53:
 
  # yum repolist
 
  # yum repolist
 
  # yum update
 
  # yum update
 +
 +
==Sudoers Config==
 +
Personally I prefer to use a group for sudoer management.  Specify a unique UID so that it will be the same on all servers (manually dictate).<br>
 +
However, the <code>wheel</code> group is essentially the same thing and is setup by default.
 +
<nowiki># groupadd -g <unique UID> sudo
 +
ie. #sudo groupadd -g 500 sudo</nowiki>
 +
Now we can add the group to the sudoers file
 +
<nowiki># visudo
 +
Add the following under the entry for root
 +
 +
## Allows members of the 'sudo' group to run all commands anywhere
 +
%sudo    ALL=(ALL)          ALL</nowiki>
 +
 +
Add new user(s) and make them a part of the new sudo group
 +
<nowiki># useradd -G sudo -u <unique UID> user_a
 +
ie. # sudo useradd -G sudo -u 1000 user_a</nowiki>
 +
Change the password of the user
 +
<nowiki># passwd <username></nowiki>
 +
 +
==SSH Config==
 +
With Oracle Linux 6.8, openssh should be installed by default, but if it isnt:
 +
<nowiki>#yum install openssl openssh-server</nowiki>
 +
 +
==iptables==
 +
Oracle Linux comes preloaded with some default rules which i've had issues with when attempting to remote ssh.  my opinion is to flush them and load up more specific defaults.
 +
===flush===
 +
<nowiki># iptables -F
 +
iptables -X
 +
iptables -t nat -F
 +
iptables -t nat -X
 +
iptables -t mangle -F
 +
iptables -t mangle -X
 +
iptables -P INPUT ACCEPT
 +
iptables -P FORWARD ACCEPT
 +
iptables -P OUTPUT ACCEPT</nowiki>
 +
Now save this change:
 +
<nowiki>
 +
# sudo service iptables save</nowiki>
 +
===Load new rules===
 +
Here are some basic rules to allow basic outbound traffic and 22 inbound from internal connections.
 +
<nowiki>
 +
# sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 +
# sudo iptables -A INPUT -i lo -j ACCEPT
 +
# sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "SSH - Internal"
 +
# sudo iptables -A INPUT -s 10.0.0.0/8 -p icmp --icmp-type echo-request -j ACCEPT -m comment --comment "ICMP ECHO - Internal"
 +
# sudo iptables -P FORWARD DROP
 +
# sudo iptables -P INPUT DROP </nowiki>
 +
Now save this change:
 +
<nowiki>
 +
# sudo service iptables save</nowiki>

Latest revision as of 03:00, 5 February 2017

Installing

Contents

[edit] Downloading

Direct Download links are available:
https://wikis.oracle.com/display/oraclelinux/Downloading+Oracle+Linux
I downloaded from the US source:
http://mirrors.wimmekes.net/pub/iso/

[edit] Installation

In VMWare, you'll probably need to add the keyboard value in the VM config due to duplicate keystrokes. Check out the CentOS advise, same applies

[edit] Network Config

If you installed the basic package, most likely the NIC is not configured for DHCP. try:

User ~ $ system-config-network

Once DHCP is configured, the next step is to restart the NIC.

User ~ $ ifdown eth0
User ~ $ ifup eth0
 
Determining IP information for eth0... done.
User ~ $ifconfig eth0

Make sure your hostname is defined in /etc/sysconfig/network 

HOSTNAME=server.fqdn.com

Also for the network config, put your FQDN in the hosts file @ /etc/hosts 

127.0.0.1   server.fqdn.com
::1   server.fqdn.com
OR
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
ip.address	fqdn.hostname

[edit] connect on boot

By default the network interface comes turned off on boot. 

~$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0c:29:4f:09:c8
TYPE=Ethernet
UUID=5eed1f7e-74da-4841-b03b-3d4cc0812ade
ONBOOT=no
NM_CONTROLLED=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=yes
IPV6INIT=no

Change it so it automatically starts and connects on boot 

ONBOOT=yes

[edit] Oracle linux 7

~$ sudo nmtui

Within this you can configure the IPv4/IPv6, set them to automatic and to connect on startup.
You can also set the hostname.

[edit] Setup yum Repo

https://blogs.oracle.com/wim/entry/setting_up_oracle_linux_6

# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ol6.repo
# yum repolist
# yum update

[edit] Sudoers Config

Personally I prefer to use a group for sudoer management. Specify a unique UID so that it will be the same on all servers (manually dictate).
However, the wheel group is essentially the same thing and is setup by default. 

# groupadd -g <unique UID> sudo
ie. #sudo groupadd -g 500 sudo

Now we can add the group to the sudoers file 

# visudo
Add the following under the entry for root

## Allows members of the 'sudo' group to run all commands anywhere
%sudo     ALL=(ALL)          ALL

Add new user(s) and make them a part of the new sudo group 

# useradd -G sudo -u <unique UID> user_a
ie. # sudo useradd -G sudo -u 1000 user_a

Change the password of the user 

# passwd <username>

[edit] SSH Config

With Oracle Linux 6.8, openssh should be installed by default, but if it isnt: 

#yum install openssl openssh-server

[edit] iptables

Oracle Linux comes preloaded with some default rules which i've had issues with when attempting to remote ssh. my opinion is to flush them and load up more specific defaults.

[edit] flush

# iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Now save this change: 

# sudo service iptables save

[edit] Load new rules

Here are some basic rules to allow basic outbound traffic and 22 inbound from internal connections. 

# sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# sudo iptables -A INPUT -i lo -j ACCEPT
# sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "SSH - Internal"
# sudo iptables -A INPUT -s 10.0.0.0/8 -p icmp --icmp-type echo-request -j ACCEPT -m comment --comment "ICMP ECHO - Internal"
# sudo iptables -P FORWARD DROP
# sudo iptables -P INPUT DROP

Now save this change: 

# sudo service iptables save
Retrieved from "https://wiki.r00tedvw.com/index.php?title=Oracle_Linux/Installing&oldid=1584"
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox