wip system config
This commit is contained in:
parent
05160ae59d
commit
b70364b4bd
62
README.md
62
README.md
|
@ -1,2 +1,62 @@
|
|||
# 42_Born2beroot-CentOS
|
||||
<!-- vim: et ts=4 sw=4:
|
||||
-->
|
||||
# Born2beroot - CentOS Stream 9
|
||||
|
||||
## Installation
|
||||
|
||||
Make the following [kickstart](kickstart-install/Born2beroot.cfg) configuration
|
||||
file available over HTTP:
|
||||
|
||||
```bash
|
||||
python3 -m http.server --directory kickstart-install
|
||||
```
|
||||
|
||||
When in the installation media boot menu, add the following option to boot
|
||||
parameters: `inst.ks=http://YOUR_HOST_ADDRESS/ks.cfg` and then boot. The
|
||||
installation should start and run fully automated now.
|
||||
|
||||
See the [kickstart](kickstart-install/Born2beroot.cfg) file for more informations on the
|
||||
system setup.
|
||||
|
||||
## Configuration
|
||||
|
||||
### Firewall
|
||||
|
||||
Disable and stop CentOS default firewall:
|
||||
|
||||
```bash
|
||||
systemctl disable firewalld
|
||||
systemctl stop firewalld
|
||||
```
|
||||
|
||||
Install _Extra Packages for Entreprise Linux 9_ extra packages repository which
|
||||
provides ufw and install it:
|
||||
|
||||
```bash
|
||||
dnf install epel-release
|
||||
dnf install ufw
|
||||
```
|
||||
|
||||
Enable the firewall and configure it:
|
||||
|
||||
```bash
|
||||
ufw enable
|
||||
# SSH
|
||||
ufw allow in 4242/tcp
|
||||
```
|
||||
|
||||
### Remote access
|
||||
|
||||
Disable root SSH login and change listening port adding
|
||||
[sshd_confing.d/99-Born2beroot.conf](rootfs/etc/ssh/sshd_config.d/99-Born2beroot.conf)
|
||||
configuration file.
|
||||
|
||||
### Mandatory Access Control
|
||||
|
||||
Install the required tools provided by package `policycoreutils-pythoni-utils`
|
||||
|
||||
Allow sshd to listen on the non-default TCP port 4242:
|
||||
|
||||
```bash
|
||||
semanage port --add -t ssh_port_t -p tcp 4242
|
||||
```
|
||||
|
|
3
rootfs/etc/ssh/sshd_config.d/99-Born2beroot.conf
Normal file
3
rootfs/etc/ssh/sshd_config.d/99-Born2beroot.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
# vim: et ts=4 sw=4:
|
||||
Port 4242
|
||||
PermitRootLogin no
|
Loading…
Reference in a new issue