Installing the Operating System

CentOS Setup

We are re going to install a minimal CentOS 7 distribution. You can get a copy of the .iso the image used for the installation here.

Boot up the installation DVD and start the CentOS 7 Installation wizard.

  • Under Select Date & Time an set appropriate Date and Time settings

  • Under Keyboard and choose the keyboard layout

  • Under Installation Destination select the hard disk where CentOS will be installed.

    Create a custom partitioning scheme as follows:

    Partition Label Partition Type Size Mount Point
    boot ext3 700 MB /boot
    root ext4 35 GB /
    swap swap 4 GB  

  • Under Networking configure your network interface according to your infrastructure you can either set it to DHCP to automatically get all the settings from a local DHCP server or configure it by hand.

  • Enable the network interface, then go back to Select Date & Time and enable NTP synchronization periodically get date and time settings from CentOS servers

  • Click on Begin Installation

  • Now set the password for the root user. Also click on User Creation to create the geo user.

  • Wait for the installation process to finish, then reboot your machine

Network configuration

The network configuration should already be set, since it was set during CentOS setup stage.

You may want to review the configuration files

/etc/sysconfig/network-scripts/ifcfg-DEVICE

You may also want to review the file /etc/resolv.conf to check the name servers.

Check that the connection is up by pinging and external server:

ping 8.8.8.8

Check that the DNS are properly configuring by pinging a host by its name:

ping google.com

Warning

Please note that in CentOS only ssh incoming connections are allowed; all other incoming connections are disabled by default.

In the paragraph related to the httpd service you can find details about how to enable incoming traffic.

Note that after configuring the network, you may continue installing the system setup using a ssh connection.

User access configuration

Login as root'` user and give the ``geo user administrative privileges by adding him to the wheel group:

usermod -aG wheel geo

SSH access

Allow SSH connections through the firewall

On CentOS 7 the firewall is enabled by default. To allow SSH clients to connect to the machine allow incoming connections on port 22:

firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --reload

Disable SSH login for the root user

Warning

Before you disable root login make sure you are able to login via SSH with geo user account and you have the privileges to run sudo su to switch to the root user account.

Edit file /etc/ssh/sshd_config to disable root login via SSH:

PermitRootLogin no

Public key authentication

Public key authentication is generally considered a safer way to authenticate users for SSH access. Let’s set it up and disable password based authentication

First generate a public/private key pair using ssh-keygen:

ssh-keygen

Follow the procedure, you will end up with your newly generated key under ~/.ssh Now copy your public (by default it is called id_rsa.pub) key over the CentOS machine in /home/geo/.ssh/authorized_keys. There are several ways to do it, we are going to use the ssh-copy-id tool:

ssh-copy-id -i ~/.ssh/id_rsa.pub geo@<server-ip-address>

You should now be able to login via SSH as geo without been asked for the password:

ssh geo@<server-ip-address>

You can now disable password based login over SSH

Warning

Before disabling password authentication make sure you’ve installed your public key on the server and you are able to login without password

Edit /etc/ssh/sshd_config as follows:

...
RSAAuthentication yes
...
PubkeyAuthentication yes
...
PasswordAuthentication no
...
UsePAM no
...

Installing ntp

Install the program for NTP server synchronization:

sudo yum install ntp

Edit /etc/ntp.conf and add the following line before the first server directive:

server tempo.ien.it     # Galileo Ferraris

Replace tempo.ien.it with your nearest NTP server.

Sync with the server by issuing:

systemctl start ntpd

Set the time synchronization as an automatically started daemon:

systemctl enable ntpd

Installing base packages

Install common utility packages:

sudo yum install -y man vim openssh-clients zip unzip wget

Update the system with EPEL latest release:

sudo yum install -y epel-release
sudo yum update -y && sudo reboot

Install pip and necessary dependencies:

sudo yum install -y python-devel python-setuptools python-pip python-virtualenv
sudo pip install --upgrade pip