Oracle Linux/Installing
(3 intermediate revisions by one user not shown) | |||
Line 26: | Line 26: | ||
ip.address fqdn.hostname | ip.address fqdn.hostname | ||
</nowiki> | </nowiki> | ||
+ | |||
====connect on boot==== | ====connect on boot==== | ||
By default the network interface comes turned off on boot. | By default the network interface comes turned off on boot. | ||
Line 41: | Line 42: | ||
Change it so it automatically starts and connects on boot | Change it so it automatically starts and connects on boot | ||
<nowiki>ONBOOT=yes</nowiki> | <nowiki>ONBOOT=yes</nowiki> | ||
+ | ====Oracle linux 7==== | ||
+ | <nowiki>~$ sudo nmtui</nowiki> | ||
+ | Within this you can configure the IPv4/IPv6, set them to automatic and to connect on startup.<br> | ||
+ | You can also set the hostname. | ||
==Setup yum Repo== | ==Setup yum Repo== | ||
Line 50: | Line 55: | ||
==Sudoers Config== | ==Sudoers Config== | ||
− | Personally I prefer to use a group for sudoer management. Specify a unique UID so that it will be the same on all servers (manually dictate). | + | Personally I prefer to use a group for sudoer management. Specify a unique UID so that it will be the same on all servers (manually dictate).<br> |
+ | However, the <code>wheel</code> group is essentially the same thing and is setup by default. | ||
<nowiki># groupadd -g <unique UID> sudo | <nowiki># groupadd -g <unique UID> sudo | ||
ie. #sudo groupadd -g 500 sudo</nowiki> | ie. #sudo groupadd -g 500 sudo</nowiki> | ||
Line 82: | Line 88: | ||
iptables -P FORWARD ACCEPT | iptables -P FORWARD ACCEPT | ||
iptables -P OUTPUT ACCEPT</nowiki> | iptables -P OUTPUT ACCEPT</nowiki> | ||
− | + | Now save this change: | |
+ | <nowiki> | ||
+ | # sudo service iptables save</nowiki> | ||
===Load new rules=== | ===Load new rules=== | ||
Here are some basic rules to allow basic outbound traffic and 22 inbound from internal connections. | Here are some basic rules to allow basic outbound traffic and 22 inbound from internal connections. | ||
Line 89: | Line 97: | ||
# sudo iptables -A INPUT -i lo -j ACCEPT | # sudo iptables -A INPUT -i lo -j ACCEPT | ||
# sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "SSH - Internal" | # sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "SSH - Internal" | ||
+ | # sudo iptables -A INPUT -s 10.0.0.0/8 -p icmp --icmp-type echo-request -j ACCEPT -m comment --comment "ICMP ECHO - Internal" | ||
# sudo iptables -P FORWARD DROP | # sudo iptables -P FORWARD DROP | ||
# sudo iptables -P INPUT DROP </nowiki> | # sudo iptables -P INPUT DROP </nowiki> | ||
+ | Now save this change: | ||
+ | <nowiki> | ||
+ | # sudo service iptables save</nowiki> |
Latest revision as of 03:00, 5 February 2017
Installing
Contents |
[edit] Downloading
Direct Download links are available:
https://wikis.oracle.com/display/oraclelinux/Downloading+Oracle+Linux
I downloaded from the US source:
http://mirrors.wimmekes.net/pub/iso/
[edit] Installation
In VMWare, you'll probably need to add the keyboard value in the VM config due to duplicate keystrokes. Check out the CentOS advise, same applies
[edit] Network Config
If you installed the basic package, most likely the NIC is not configured for DHCP. try:
User ~ $ system-config-network
Once DHCP is configured, the next step is to restart the NIC.
User ~ $ ifdown eth0 User ~ $ ifup eth0 Determining IP information for eth0... done. User ~ $ifconfig eth0
Make sure your hostname is defined in /etc/sysconfig/network
HOSTNAME=server.fqdn.com
Also for the network config, put your FQDN in the hosts file @ /etc/hosts
127.0.0.1 server.fqdn.com ::1 server.fqdn.com OR 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ip.address fqdn.hostname
[edit] connect on boot
By default the network interface comes turned off on boot.
~$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=00:0c:29:4f:09:c8 TYPE=Ethernet UUID=5eed1f7e-74da-4841-b03b-3d4cc0812ade ONBOOT=no NM_CONTROLLED=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes IPV6INIT=no
Change it so it automatically starts and connects on boot
ONBOOT=yes
[edit] Oracle linux 7
~$ sudo nmtui
Within this you can configure the IPv4/IPv6, set them to automatic and to connect on startup.
You can also set the hostname.
[edit] Setup yum Repo
https://blogs.oracle.com/wim/entry/setting_up_oracle_linux_6
# cd /etc/yum.repos.d # wget http://public-yum.oracle.com/public-yum-ol6.repo # yum repolist # yum update
[edit] Sudoers Config
Personally I prefer to use a group for sudoer management. Specify a unique UID so that it will be the same on all servers (manually dictate).
However, the wheel
group is essentially the same thing and is setup by default.
# groupadd -g <unique UID> sudo ie. #sudo groupadd -g 500 sudo
Now we can add the group to the sudoers file
# visudo Add the following under the entry for root ## Allows members of the 'sudo' group to run all commands anywhere %sudo ALL=(ALL) ALL
Add new user(s) and make them a part of the new sudo group
# useradd -G sudo -u <unique UID> user_a ie. # sudo useradd -G sudo -u 1000 user_a
Change the password of the user
# passwd <username>
[edit] SSH Config
With Oracle Linux 6.8, openssh should be installed by default, but if it isnt:
#yum install openssl openssh-server
[edit] iptables
Oracle Linux comes preloaded with some default rules which i've had issues with when attempting to remote ssh. my opinion is to flush them and load up more specific defaults.
[edit] flush
# iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
Now save this change:
# sudo service iptables save
[edit] Load new rules
Here are some basic rules to allow basic outbound traffic and 22 inbound from internal connections.
# sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # sudo iptables -A INPUT -i lo -j ACCEPT # sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "SSH - Internal" # sudo iptables -A INPUT -s 10.0.0.0/8 -p icmp --icmp-type echo-request -j ACCEPT -m comment --comment "ICMP ECHO - Internal" # sudo iptables -P FORWARD DROP # sudo iptables -P INPUT DROP
Now save this change:
# sudo service iptables save