this is obsolete doc -- see http://doc.nethence.com/ instead
RHEL7 post-installation
http://pbraun.nethence.com/unix/sysutils_linux/redhat.html
http://pbraun.nethence.com/unix/sysutils_linux/redhat-networking.html
http://pbraun.nethence.com/unix/sysutils_linux/redhat_rhel6.html
http://pbraun.nethence.com/unix/sysutils_linux/redhat_rhel7.html
http://pbraun.nethence.com/unix/sysutils_linux/systemd.html
Getting access remotely
Get a temporary IP just to login remotely,
ifconfig -a
ip addr
ip link
dhclient ens192
Network setup
Choice 1) with freaking NetworkManager
nmtui
TYPE=Ethernet
NAME=eno16780032
DEVICE=eno16780032
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=255.255.x.x
GATEWAY=x.x.x.x
DEFROUTE=yes
ONBOOT=yes
DNS1=x.x.x.x
DNS2=x.x.x.x
DOMAIN=domain.tld
Choice 2) without NetworkManager
Stop and disable the freaking NetworkManager and switch back to classic networking,
systemctl stop NetworkManager
systemctl disable NetworkManager
chkconfig --list | grep network
#chkconfig network on
Refs.
https://dingyichen.wordpress.com/2014/08/06/fedora-and-rhel-configure-static-ip-and-disable-networkmanager/
https://ask.fedoraproject.org/en/question/9585/disable-network-manager-and-use-the-simple-network-service/
Configure the network,
vi /etc/hosts
10.0.0.X short short.fqdn long long.fqdn
vi /etc/sysconfig/network
GATEWAY=10.0.0.X
vi /etc/sysconfig/network-scripts/ifcfg-ens192
DEVICE=ens192
BOOTPROTO=static
IPADDR=10.0.0.X
NETMASK=255.255.X.X
ONBOOT=yes
vi /etc/resolv.conf
domain example.local
#search example.local
nameserver DNS_IP_1
nameserver DNS_IP_2
3) common network setup in both situations
Configure the hostname,
vi /etc/hostname
#nmcli general hostname host.example.net
#systemctl status systemd-hostnamed
#systemctl restart systemd-hostnamed
service network restart
and check,
hostname --short; hostname --long
Ref. http://www.itzgeek.com/how-tos/linux/centos-how-tos/change-hostname-in-centos-7-rhel-7.html
Eventually get rid of the virbr0 interface,
virsh net-destroy default
virsh net-autostart default --disable
virsh net-undefine default
chkconfig libvirtd off #rhel5-6
systemctl disable libvirtd.service #rhel7
Ref. What is the interface virbr0 for and how do I disable it?: https://access.redhat.com/solutions/27195
Post-installation
Disable the graphical interface,
telinit 3
runlevel
note. runlevel should return 3 on the last digit
systemctl get-default
systemctl set-default multi-user.target
check with,
systemctl status multi-user.target
systemctl status graphical.target
systemctl list-unit-files | grep multi-user
systemctl list-unit-files | grep graphical.target
ls -l /etc/systemd/system/default.target
Eventually put your SSH public key in place,
cd /root/
mkdir .ssh/
vi authorized_keys
Subscribe to RHN,
subscription-manager register --username RH_USERNAME --password RH_PASSWORD --auto-attach
ref. How to register and subscribe a system to the Red Hat Customer Portal using Red Hat Subscription-Manager. https://access.redhat.com/solutions/253273
or point to a repo,
cd /etc/yum.repos.d/
mkdir .trash/
mv * .trash/
cat > srvinstall.repo <<EOF
[rhel7]
name=srvinstall install server
baseurl=http://srvinstall/RHEL7/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
EOF
and install vmware tools if it's a VM,
yum install open-vm-tools
Ref. http://partnerweb.vmware.com/GOSIG/CentOS_7.html
If it is a VM, check that vmware tools is enabled,
vmware-checkvm
systemctl list-unit-files | grep tools
systemctl status vmtoolsd
systemctl enable vmtoolsd
systemctl start vmtoolsd
Prevent sysstat to spam your logs,
cd /etc/
mkdir cron.trash/
mv cron.d/sysstat cron.trash/
Note. alternatively,
cp /etc/systemd/system.conf /etc/systemd/system.conf.dist
vi /etc/systemd/system.conf
#LogLevel=info
LogLevel=notice
systemctl restart rsyslog
Disable SELinux,
getenforce
setenforce 0
vi /etc/sysconfig/selinux
SELINUX=permissive
Disable the firewall,
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
Re-enable the firewall,
systemctl status firewalld
systemctl enable firewalld
systemctl start firewalld
vi /etc/sysconfig/selinux
System firewall -- with firewalld
Allow some port
firewall-cmd --get-active-zones
firewall-cmd --zone=public --add-port=PORT_NUM/tcp --permanent
firewall-cmd --zone=public --add-port=PORT_NUM/udp --permanent
firewall-cmd --reload
remove the port,
firewall-cmd --zone=public --remove-port=PORT_NUM/udp --permanent
firewall-cmd --reload
System firewall -- with iptables
Switch back to iptables,
yum install iptables-service
systemctp stop firewalld
systemctl disable firewalld
#systemctl mask firewalld (stronger)
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
ls -l /etc/sysconfig/iptables
#iptables-save > /etc/sysconfig/iptables
Ref. RHEL7: How to disable Firewalld and use Iptables instead.: http://www.certdepot.net/rhel7-disable-firewalld-use-iptables/
Change the system firewall rules,
cd /etc/sysconfig/
cp iptables iptables.`date +%s`
service iptables save
#iptables-save > iptables
cp iptables iptables.`date +%s`
vi iptables
apply,
iptables-restore < iptables
and check,
iptables -n -L
Miscellaneous
If you need to recover the root password, after the remount and passwd, do not forget to relabel the filesystem (SElinux),
touch /.autorelabel
Refs.
Single User Mode: Resetting/Recovering Forgotten Root User Account Password in RHEL/CentOS 7: http://www.tecmint.com/reset-forgotten-root-password-in-centos-7-rhel-7/
24.9. TERMINAL MENU EDITING DURING BOOT: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Terminal_Menu_Editing_During_Boot.html#sec-Changing_and_Resetting_the_Root_Password
The joy of SELinux relabelling.: http://danwalsh.livejournal.com/38157.html