1.6 KiB
Born2beroot - CentOS Stream 9
Installation
Make the following kickstart configuration file available over HTTP:
python3 -m http.server --directory kickstart-install
When in the installation media boot menu, add the following option to boot
parameters: inst.ks=http://YOUR_HOST_ADDRESS/ks.cfg and then boot. The
installation should start and run fully automated now.
See the kickstart file for more informations on the system setup.
Configuration
Password policy
Set password aging settings in /etc/login.defs.
Set password complexity requirements in /etc/security/pwquality.conf.d/99-Born2beroot.conf
Firewall
Disable and stop CentOS default firewall:
systemctl disable firewalld
systemctl stop firewalld
Install Extra Packages for Entreprise Linux 9 extra packages repository which provides ufw and install it:
dnf install epel-release
dnf install ufw
Enable the firewall and configure it:
ufw enable
# SSH
ufw allow in 4242/tcp
Remote access
Disable root SSH login and change listening port adding /etc/ssh/sshd_config.d/99-Born2beroot.conf configuration file.
Mandatory Access Control
Install the required tools provided by package policycoreutils-pythoni-utils
Allow sshd to listen on the non-default TCP port 4242:
semanage port --add -t ssh_port_t -p tcp 4242