Login
      Contents x
      RIG CentOS Linux Installation
      • 06 Jun 2022
      • 5 Minutes to read
      • Contributors
      • Print
      • Dark
        Light
      • PDF
      Contents

      RIG CentOS Linux Installation

      • Updated on 06 Jun 2022
      • 5 Minutes to read
      • Contributors
      • Print
      • Dark
        Light
      • PDF
      Article Summary

      Overview

      This document describes how to load CentOS as the operating system for a Nectar RIG.

      • CentOS Download and Install
      • Server Configuration

      Audience

      This guide assumes the following:

      • You are proficient with UCMP and have had UCMP Operator training.
      • You are familiar with the Linux Operating System and the vi text editor.

      Supported Software Versions

      • Nectar v8.7
      • CentOS 6 and 7.x

      CentOS Download and Install

      This chapter explains how to download and install CentOS. The sections in this chapter include:

      • Download CentOS
      • Install CentOS

      Download CentOS

      The instructions in Install CentOS, states to download DVD-1. However, if a GUI front-end is required, then download DVD-2.

      To begin:

      1. Download the operating system from: http://www.centos.org.
      2. Once the .iso file has downloaded, then burn it to a DVD.

      Install CentOS

      To install CentOS:

      1. Mount the DVD in the server.
      2. When prompted, select Install or upgrade an existing system, which will perform a clean install.

      Figure 2-1Install or Upgrade an Existing System

      Note

      There is no need to test the media. This is an old requirement from the days of floppy disks.

      1. Select the correct language for the server and keyboard.
      2. Select Yes, discard any data to perform a clean install.

      Figure 2-2Yes, Discard Any Data

      1. Assign a host name. In our example we will use rig.mycompany.com.
      2. Select your time zone.
      3. Enter a password for the root user. Use your corporate best practices for passwords.
        • This should be a secure password of at least eight characters, a combination of upper and lower case letters, including numbers and symbols.
        • Avoid using dictionary words.
      4. When prompted, click the radio button for Use All Space.

      Figure 2-3Use All Space

      1. When prompted, write the changes to disk.
      2. When prompted, select Minimal as the installation type.

      Figure 2-4Select Minimal

      1. Reboot and move to the next section.

      Server Configuration

      This chapter explains how to download and install CentOS. The sections in this chapter include:

      Network Interface
      OS Updates
      Firewall
      SNMP
      NTP
      clientops Login
      clientops Privileges
      Disable SSH Root Access
      Linux Updates
      Conclusion

      Network Interface

      Note

      The command line prompt shown below is #. The commands you enter will be bold.

      1. Log into the Linux server as root using the password created during the installation process.
      2. Edit the interface configuration file. This example configures Ethernet 0 (eth0). If your primary network interface is not eth0, replace eth0 with your primary network interface.

      # vi /etc/sysconfig/network-scripts/ifcfg-eth0


        1. The Hardware Address should have automatically populated.
        2. Change ONBOOT to yes to activate the card when the server is booted.
        3. Change BOOTPROTO from dhcp to static.

      DEVICE=eth0 HWADDR=08:00:27:46:C9:2E

      TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.0

      1. Edit the network configuration file.

      # vi /etc/sysconfig/network


        1. Add the GATEWAY line, which should point to your default gateway. In our example we are using 192.168.1.1 as the default gateway. The file should look like the example below when completed.

      NETWORKING=yes

      HOSTNAME=rig.mycompany.com GATEWAY=192.168.1.1

      1. We will now configure the DNS servers.

      # vi /etc/resolv.conf


        1. Set the search field to your local domain name and add a nameserver entry for each DNS server. The file should look like the example below when complete.

      search mycompany.com nameserver 192.168.1.254

      nameserver 8.8.8.8

      nameserver 202.54.2.5

      1. Restart the network service to apply the changes.

      # service network restart

      1. To verify the settings have been applied correctly, issue the following commands and confirm the results.
        1. ip addr will display the interface configuration and should reflect your earlier changes.
        2. The ip route command will verify your default gateway address.
        3. The 192.168.1.1 ping will verify that you can reach your default gateway.
        4. The google.com ping will verify that DNS is working.

      # ip addr eth0

      # ip route or ip r # ping 192.168.1.1

      # ping google.com

      OS Updates

      Perform system updates to ensure the latest updates are on the system.

      # yum update

      Firewall

      The built in iptables firewall must either be configured or disabled. Configuring it is beyond the scope of this document. See the Protocols and Ports Guide for a list of ports used by the RIG.

      For our purposes here, the firewall will be disabled.

      1. The chkconfig command will prevent the firewall from being loaded on subsequent boots.
      2. The service command shuts the firewall down immediately.

      # chkconfig --del iptables # service iptables stop

      1. Disabling SELinux (Security Enhanced Linux) is also important to ensure the proper functioning

      of Nectar’s software. To do this, edit the SELinux config file. Change SELinux from enforcing to disabled.

      # vi /etc/selinux/config

      1. For the changes to be applied, the server must be rebooted. This reboot can be performed any time before the Nectar UCMP software is installed.

      SNMP

      This section explains how to install and configure the SNMP Daemon.

      1. Run the following command:

      # yum install net-snmp

      1. By default, the SNMP community read-only string is set to public. We recommend changing this, and to do so, edit the configuration file:

      # vi /etc/snmp/snmpd.conf

      1. Edit the line below in the configuration file and change public to the new community string.
        1. Nectar CMP has default RIG monitoring (the LocalRIG Agent in Nectar CMP) that expects the community string l0calm0n. If there is no corporate standard, this is recommended.
        2. If corporate standards dictate a different community string, please update the LocalRIG Agent when deploying the Nectar software:

      com2sec notConfigUser default public

      1. Configure SNMP to start when the server starts and start the service immediately.

      # chkconfig snmpd on # service snmpd start

      NTP

      We will install the NTP Daemon (Time Server) for the RIG as a synchronized clock.

      # yum install ntp

      clientops Login

      It is a best practice not to use the root user on a Linux server unless absolutely necessary. We will create a clientops user for use by the Managed Services Partner.

      The following steps are performed while logged in as root unless otherwise stated.

      1. Create a new user (you may want to create more than one user).

      # useradd clientops

      1. Set the password for the new user; be sure to use this exact password.

      # passwd clientops

      Changing password for user nectar-user. New password: clientops12

      Retype new password: clientops12

      passwd: all authentication tokens updated successfully.

      clientops Privileges

      By default, this login will have limited privileges and cannot make any changes. We will now configure sudo in order to grant root access when this user invokes the sudo command. As a Linux best practice, when the user needs to make changes, the sudo command will prompt again for the clientops password.

      1. Before editing the vi /etc/sudoers file, add the clientops user account to the sudoers

      group via the following command:

      usermod -aG wheel clientops

      1. Allow the new user to get temporary root privileges, which will be logged, by editing the sudoers file:

      # vi /etc/sudoers

      1. Find the line below and remove the comment mark # in red.

      # %wheel ALL=(ALL) ALL

      Disable SSH Root Access

      Security best practice dictates that we disable direct root access via SSH. The su command will be used to gain root access after logging into the server.

      1. Edit the sshd_config file as follows:

      # vi /etc/ssh/sshd_config

      1. Remove the comment mark #, and change the setting from yes to no for the line below.

      # PermitRootLogin yes

      1. After editing the PermitRootLogin line in the sshd_config file, you must restart the sshd service in order for it to take effect, use the following command:

      service sshd restart

      1. From this point forward, the new user, clientops, should be used to log in to the server. If root functionality is needed, the sudo command should be used. (A password prompt will appear after the first use; this is the clientops user password, not the root password.) The following is an example of a command with sudo.

      # sudo ls -la /root

      1. This will prompt again for a password. Use the clientops password to gain root access.

      Linux Updates

      Going forward one may perform updates as part of the standard server maintenance windows as follows:

      # yum update

      Conclusion

      The RIG should now be prepared with CentOS and ready for deployment of Nectar software.

      Was this article helpful?
      What's Next
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout
      ESC

      Eddy, a super-smart generative AI, opening up ways to have tailored queries and responses