Born2beroot - CentOS Stream 9

Installation

Make the following kickstart configuration file available over HTTP:

python3 -m http.server --directory kickstart-install

When in the installation media boot menu, add the following option to boot parameters: inst.ks=http://YOUR_HOST_ADDRESS/ks.cfg and then boot. The installation should start and run fully automated now.

See the kickstart file for more informations on the system setup.

Configuration

Firewall

Disable and stop CentOS default firewall:

systemctl disable firewalld
systemctl stop firewalld

Install Extra Packages for Entreprise Linux 9 extra packages repository which provides ufw and install it:

dnf install epel-release
dnf install ufw

Enable the firewall and configure it:

ufw enable
# SSH
ufw allow in 4242/tcp

Remote access

Disable root SSH login and change listening port adding sshd_confing.d/99-Born2beroot.conf configuration file.

Mandatory Access Control

Install the required tools provided by package policycoreutils-pythoni-utils

Allow sshd to listen on the non-default TCP port 4242:

semanage port --add -t ssh_port_t -p tcp 4242