Skip to content

Instantly share code, notes, and snippets.

@stevenschobert

stevenschobert/centos_7_setup.md

Last active December 29, 2021 01:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save stevenschobert/04faf2525b9f3064b6ef22ca6331594d to your computer and use it in GitHub Desktop.
Save stevenschobert/04faf2525b9f3064b6ef22ca6331594d to your computer and use it in GitHub Desktop.
Download ZIP
My setup guide for CentOS 7
Raw
centos_7_setup.md

Start

Add non-root user

adduser deploy
passwd deploy

Update system packages

yum update

Timezone

Find preferred timezone

timedatectl list-timezones

Set the timezone

timedatectl set-timezone region/timezone

Confirm settings

timedatectl

Add NTP

Install NTP from yum

yum install ntp

Enable ntpd service

systemctl start ntpd
systemctl enable ntpd

SSH

Add authorized key to non-root user

mkdir .ssh
touch .ssh/authorized_keys

Set ssh directory permissions

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Disable root logins

In /etc/ssh/sshd_config:

PermitRootLogin no

Limit allowed users

In /etc/ssh/sshd_config:

AllowUsers deploy

Require SSH Protocol 2

In /etc/ssh/sshd_config:

Protocol 2

Change port

In /etc/ssh/sshd_config:

Port 2056

Restart service

systemctl restart sshd

Firewall

Start firewall

systemctl start firewalld

Add permanent port for SSH (from above):

firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --add-port=2056/tcp

Reload firewall

firewall-cmd --reload

Permanently enable firewall

systemctl enable firewalld

Docker

Add docker user

As root user:

adduser docker
passwd docker

Create docker group

groupadd docker
usermod -aG docker docker

Install Docker

touch /etc/yum.repos.d/docker.repo

In /etc/yum.repos.d/docker.repo:

[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

As root user:

yum install docker-engine

Start docker service:

systemctl start docker

Permanently enable service:

systemctl enable docker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment