CentOS 4.2/4.3 Setup a custom CentOS 4.3 Setup a 100MB /boot Setup the rest of the drive as / Setup a 2GB /swap No Firewall Disable SELinux (because I'm not familiar with it) Custom Install with these packages: X Windows / Gnome / Editors / Graphical Internet / Text Internet / No Office-Productivity / No Sound-Video / Devel Tools / X Devel Tools / Gnome SW Devel / System Tools Compiled my own 2.6.16-1 kernel Kernel Notes: - start with a good .config. My config for a Dell PowerEdge 6800 or 2800 is included. - didn't have to edit Makefile for /boot - didn't have to clear /boot of vmlinuz and System.map files - make clean && make -j9 && make -j9 modules && make modules_install && make install - clean out /etc/modprobe.conf - initrd is required for udev!!! - didn't have to run mkinitrd or edit grub.conf EXCEPT to comment hidden menu and change default - remove quiet if you like to see all the messages from the box Installed telnetd & enabled with /etc/xinetd/telnetd and killall -HUP xinetd Allowed root login via telnet by editing /etc/securetty and adding pts/1 pts/2 & pts/3 to the list Switched to runlevel 3 (text) by editing /etc/inittab and changing to id:3:initdefault: Configured VNC (for rare times to use it) by editing /etc/sysconfig/vncservers and adding the following lines: VNCSERVERS="1:root" VNCSERVERARGS[1]="-geometry 800x600" Ran vncpasswd to set a root vncpassword Ran /etc/rc.d/init.d/vncserver start and portforwarded 5901 through SSH Connecting VNCviewer on my desktop to 127.0.0.1:1 Changed /root/.vnc/xstartup line with twm & to exec gnome-session & to run gnome. Restarted VNCServer to take effect (/etc/rc.d/init.d/vncserver restart Ran up2date to install CentOS updates Removed OpenSSH RPMs rpm -e openssh-clients openssh-askpass openssh-server openssh openssl-devel openssh-askpass-gnome --nodeps Installed OpenSSL & OpenSSH (new CentOS INSTALL file) Change /etc/sysconfig/i18n to look like: LANG="en_US" SUPPORTED="en_US:en" SYSFONT="lat0-sun16" SYSFONTACM="iso01" Change /etc/profile to reflect a good default path (My profile is included.) Logged out and logged back in. Installed perl 5.8.X per http://www.pccc.com/downloads/apache/current/options/5.8.x-notes Install 3ware 3DM if needed # Install rc.local.snip and configure vnc4dhcp.pl and remote*.pl to run # Change the IP ranges in both # copy to /usr/local/sbin cd /usr/local/sbin wget http://www.peregrinehw.com/downloads/firewall/rh7.3/remote4dhcp.pl wget http://www.peregrinehw.com/downloads/firewall/rh7.3/remoteftp4dhcp.pl wget http://www.peregrinehw.com/downloads/firewall/rh7.3/remotessh4dhcp.pl wget http://www.peregrinehw.com/downloads/firewall/rh7.3/remotetelnet4dhcp.pl wget http://www.peregrinehw.com/downloads/firewall/rh7.3/vnc4dhcp.pl chmod +x remote*dhcp.pl chmod +x vnc4dhcp.pl # install in rc.local cd /etc/rc.d/ wget http://www.peregrinehw.com/downloads/firewall/rh7.3/rc.local.snip Add ntpdate.sh to /etc/cron.hourly Make sure networking and the resolv.conf file are correct Tighten Down the named.conf to local access only See the example named.com Add a dummy reverse zone for the domain See the example reverse file wget http://www.peregrinehw.com/downloads/firewall/rh7.3/named.rev.16.10.10 Change /etc/sysctl.conf to IP Packet Forward Remove unnecessary Programs from Runlevel 3 with chkconfig off. A good example is to only be left with the following out from 'ls -1 /etc/rc.d/rc3.d/S*' /etc/rc.d/rc3.d/S10network /etc/rc.d/rc3.d/S12syslog /etc/rc.d/rc3.d/S13irqbalance /etc/rc.d/rc3.d/S55sshd /etc/rc.d/rc3.d/S56xinetd /etc/rc.d/rc3.d/S85gpm /etc/rc.d/rc3.d/S90crond /etc/rc.d/rc3.d/S95anacron /etc/rc.d/rc3.d/S95atd /etc/rc.d/rc3.d/S99local Disable all unnecessary Xinetd Protocols Setup DHCPD See example dhcpd.conf and place in /etc/ and edit /etc/sysconfig/dhcpd Copy 15isup-mailroot to /etc/cron.daily and make executable cd /etc/cron.daily wget http://www.peregrinehw.com/downloads/firewall/rh7.3/15isup-mailroot chmod +x 15isup-mailroot edit aliases and send root to kmcgrail@pccc.com run newaliases Install Sendmail per Standard PCCC Install Instructions Install Apache (or at least mySQL) per Standard PCCC Install Instructions Install SpamAssassin per Standard PCCC Install Instructions Install MIMEDefang per Standard PCCC Install Instructions PortScan box Test!