Post-installation
< Technique | Systèmes d'exploitation | CentOS | Installer CentOS 7
Sauter à la navigation
Sauter à la recherche
(Page créée avec « Page à l'état de brouillon <pre> yum makecache yum update yum install yum-utils bind-utils yum-cron wget bash-completion # Umask hardening sed -i -e 's/umask 022/umask 0… ») |
|||
| Ligne 31 : | Ligne 31 : | ||
yum makecache | yum makecache | ||
# Ajout de l'option "clean_requirements_on_remove=1" pour supprimer automatiquement les dépendances non-utilisées lors de la désinstallation d'un paquet | # Ajout de l'option "clean_requirements_on_remove=1" pour supprimer automatiquement les dépendances non-utilisées lors de la désinstallation d'un paquet | ||
| − | + | yum-config-manager --setopt=clean_requirements_on_remove=1 --save | |
# Installation de msmtp | # Installation de msmtp | ||
yum install msmtp mailx | yum install msmtp mailx | ||
Version du 20 mars 2021 à 14:04
Page à l'état de brouillon
yum makecache
yum update
yum install yum-utils bind-utils yum-cron wget bash-completion
# Umask hardening
sed -i -e 's/umask 022/umask 027/g' -e 's/umask 002/umask 027/g' /etc/bashrc
sed -i -e 's/umask 022/umask 027/g' -e 's/umask 002/umask 027/g' /etc/csh.cshrc
sed -i -e 's/umask 022/umask 027/g' -e 's/umask 002/umask 027/g' /etc/profile
sed -i -e 's/umask 022/umask 027/g' -e 's/umask 002/umask 027/g' /etc/init.d/functions
# Driver unused
yum remove alsa-* ivtv-* iwl*firmware aic94xx-firmware
# Disable radio
nmcli radio all off
# Disable IPv6
echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network
echo "IPV6INIT=no" >> /etc/sysconfig/network
# Disable SELINUX
setenforce 0
sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# Delete unused users
userdel -r adm
userdel -r ftp
userdel -r games
userdel -r lp
groupdel games
# Augmenter l'historique des commandes de 1000 à 5000 lignes
sed -i 's/HISTSIZE=.*/HISTSIZE=5000/g' /etc/profile
# Ajout du dépôt EPEL
yum -y install epel-release
yum makecache
# Ajout de l'option "clean_requirements_on_remove=1" pour supprimer automatiquement les dépendances non-utilisées lors de la désinstallation d'un paquet
yum-config-manager --setopt=clean_requirements_on_remove=1 --save
# Installation de msmtp
yum install msmtp mailx
vi /etc/msmtprc
# If it exists, it usually defines a default account.
# This allows msmtp to be used like /usr/sbin/sendmail.
account default
# The SMTP smarthost
host smtp.groupegdb.local
# Use TLS on port 465
port 25
tls off
tls_starttls off
# Construct envelope-from addresses of the form "user@oursite.example"
from %U@%H
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
syslog LOG_MAIL
mkdir -p /local/exploit
scp -r 172.18.20.177:/home/tools/bin /local/exploit
echo "export PATH=\$PATH:/local/exploit/bin" >> /etc/profile.d/sh.local
mkdir /local/builds
yum install gcc
glibc-devel
glibc-headers
kernel-headers
libmpc
mpfr
yum install pcre-devel
yum install expat-devel
yum install systemd-devel
groupadd www
mkdir /data/www
chown :www /data/www
mkdir -p /local/httpd/httpd-2.4.43
ln -s httpd-2.4.43 /local/httpd/current
wget https://mirror.ibcp.fr/pub/apache//httpd/httpd-2.4.43.tar.gz
tar -zxf httpd-2.4.43.tar.gz -C /local/builds
wget http://mirrors.standaloneinstaller.com/apache//apr/apr-1.7.0.tar.gz
tar -zxf apr-1.7.0.tar.gz
mv apr-1.7.0 /local/builds/httpd-2.4.43/srclib/apr
wget http://mirrors.standaloneinstaller.com/apache//apr/apr-util-1.6.1.tar.gz
tar -zxf apr-util-1.6.1.tar.gz
mv apr-util-1.6.1 /local/builds/httpd-2.4.43/srclib/apr-util
cd /local/builds/httpd-2.4.43
./configure \
--prefix=/local/httpd/current \
--sysconfdir=/local/httpd/conf \
--enable-proxy \
--enable-proxy-http \
--enable-proxy-wstunnel \
--enable-proxy-fcgi \
--enable-rewrite \
--enable-authz-host \
--enable-mime \
--enable-static-support \
--enable-remoteip \
--enable-status \
--enable-systemd \
--enable-mods-static="proxy rewrite authz-core authz-host log-config alias dir unixd mime remoteip status systemd" \
--disable-so \
--disable-proxy-connect \
--disable-proxy-ftp \
--disable-proxy-scgi \
--disable-proxy-uwsgi \
--disable-proxy-fdpass \
--disable-proxy-ajp \
--disable-proxy-balancer \
--disable-proxy-express \
--disable-proxy-hcheck \
--disable-access-compat \
--disable-auth \
--disable-auth-basic \
--disable-authn-core \
--disable-authn-file \
--disable-authz-groupfile \
--disable-authz-user \
--disable-autoindex \
--disable-env \
--disable-filter \
--disable-reqtimeout \
--disable-setenvif \
--disable-version \
--disable-authn-dbm \
--disable-authn-anon \
--disable-authn-dbd \
--disable-authn-socache \
--disable-authz-dbm \
--disable-authz-owner \
--disable-authz-dbd \
--disable-auth-form \
--disable-auth-digest \
--disable-allowmethods \
--disable-cache \
--disable-file-cache \
--disable-headers \
--disable-cache-disk \
--disable-cache-socache \
--disable-socache-dbm \
--disable-socache-memcache \
--disable-socache-redis \
--disable-socache-shmcb
make -j
make install
cd
useradd -r apache
usermod -aG www apache
chown -R root:apache /local/httpd
echo "export PATH=\$PATH:/local/httpd/current/bin" >> /etc/profile.d/sh.local
vi /usr/lib/systemd/system/http.service
[Unit]
Description=The Apache HTTP Server
After=network.target
[Service]
Type=notify
ExecStart=/local/httpd/current/bin/httpd -D FOREGROUND -k start
ExecReload=/local/httpd/current/bin/httpd -k graceful
KillMode=mixed
TimeoutStopSec=60
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable http
systemctl start http
firewall-cmd --add-service=http
firewall-cmd --add-service=http --permanent
mkdir -p /data/logs/{localhost,vmwcentos7}
chmod o+rx /data
touch /data/logs/localhost/localhost_http_{error,access}.log
touch /data/logs/vmwcentos7/vmwcentos7_http_{error,access}.log
mkdir /local/httpd/conf/vhosts
cd
yum install openssl-devel keyutils-libs-devel krb5-devel libcom_err-devel libkadm5 libselinux-devel libsepol-devel libverto-devel
mkdir /local/cmake
wget https://github.com/Kitware/CMake/releases/download/v3.18.0-rc3/cmake-3.18.0-rc3.tar.gz
tar -zxf cmake-3.18.0-rc3.tar.gz -C /local/builds
cd /local/builds/cmake-3.18.0-rc3
./bootstrap --prefix=/local/cmake/cmake-3.18.0-rc3
make
make install
ln -s cmake-3.18.0-rc3 /local/cmake/current
echo "export PATH=\$PATH:/local/cmake/current/bin" >> /etc/profile.d/sh.local
cd
wget https://libzip.org/download/libzip-1.7.1.tar.gz
tar -zxf libzip-1.7.1.tar.gz -C /local/builds
mkdir /local/builds/libzip-1.7.1/build
cd /local/builds/libzip-1.7.1/build
cmake -DCMAKE_INSTALL_PREFIX=/usr ..
make
make install
yum install zlib-devel
yum install bzip2-devel
yum install libcurl-devel
yum install libpng-devel
yum install libicu-devel libicu
yum install gcc-c++ libstdc++-devel
yum install openldap-devel cyrus-sasl cyrus-sasl-devel
yum install oniguruma-devel oniguruma
yum install libxml2-devel xz-devel
cd
useradd -r php-fpm
usermod -aG www php-fpm
mkdir -p /local/php/php-7.4.7
ln -s php-7.4.7 /local/php/current
echo "export PATH=\$PATH:/local/php/current/bin" >> /etc/profile.d/sh.local
wget https://www.php.net/distributions/php-7.4.7.tar.gz
tar -zxf php-7.4.7.tar.gz -C /local/builds
cd /local/builds/php-7.4.7
./configure \
--prefix=/local/php/php-7.4.7 \
--with-config-file-path=/local/php/php-7.4.7 \
--disable-all \
--enable-static \
--enable-fpm \
--with-fpm-user=php-fpm \
--with-fpm-group=php-fpm \
--with-fpm-systemd \
--disable-ipv6 \
--enable-cli \
--with-zlib \
--with-bz2 \
--enable-calendar \
--enable-ctype \
--with-curl \
--enable-gd \
--enable-intl \
--disable-json \
--with-ldap \
--enable-mbstring \
--enable-pdo \
--with-pdo-mysql \
--enable-shared=pdo-mysql \
--enable-phar \
--with-libxml \
--enable-xml \
--enable-xmlreader \
--enable-xmlwriter \
--enable-opcache \
--with-zip \
--with-pear \
--with-libdir=lib64
make -j
make install
