Wednesday, January 16, 2013

Oracle Linux Post Install Steps

Once the OS is installed and the system updated using yum, it is likely that you will want to set up some other basic system configurations.

In your newly created software directory we will create some scripts to standardize all your Linux bases. This scripts will create your base user accounts, configure firewall, set ntp servers and any other standard operations that you will perform on all servers. If you create your software mount as an nfs mount on another server you will always be able to access this from a new server and just run your post standardize scripts. If you create it on a logical volume in virtual machine like I have you can mount this virtual drive onto any Linux machine and kick of the scripts and access the software. Since this is a home instance I’ll be demonstrating using the attach virtual drive method, but an nfs mount or ocfs2 mount would be much easier.  

These are basically the default tasks for all scripts. I’ll post the scripts for the software directory once we completely go through them.

Download scripts and unpack in /software directory
Post Install Scripts.
cd /software/scripts/osinstall/oel6up3_postinstall.sh

Or hand build scripts from below.

mkdir /software/scripts/libs/osinstall/1.0 –p
cd /software/scripts/
ln –s /software/scripts/libs/osinstall/1.0 osinstall
cd /software/scripts/osinstall

vi install_os_updates.sh
# Script Name: install_os_updates.sh
# Purpose: Verifies OS updates and standard packages are installed
echo "Installing OS Updates";
yum list updates
yum install sendmail -y
yum install tigervnc tigervnc-server-module tigervnc-server -y
yum install nmap -y
yum install vsftpd -y
yum install net-snmp -y
yum install net-snmp-utils -y
yum install lsscsi -y
yum install device-mapper-multipath -y
yum update –y
# End Script

vi check_root_user.sh
# Script Name: check_root_user.sh
# Purpose: Verifies the script is being run as root
USER=`whoami`
# Check to make sure the account is root
if [ $USER != root ]; then
  echo "Must be root to run this script, please login as root and re-try"
  exit
fi
# End Script

vi check_hostname.sh
# Script Name: check_hostname.sh
# Purpose: Verifies the hostname is correct and updates if not
HOSTNAME=`hostname`
echo "Verify Hostname"
echo "When using dhcp the dhcp server may assign an invalid hostname verify the correct hostname is set."
echo "Hostname: "$HOSTNAME
echo "Is "$HOSTNAME" the correct hostname? (y/n)"
read response
if [ $response != "y" ]; then
  echo "Please enter the correct hostname"
  read response
  hostname $response
  HOSTNAME=`hostname`
  echo "Replacing hostname in /etc/sysconfig/network file."
  old_hostname=`cat /etc/sysconfig/network | grep HOSTNAME`
  echo "Old Hostname setting: "$old_hostname
  if [ "$old_hostname" == "" ]; then
    echo "HOSTNAME=$HOSTNAME" >> /etc/sysconfig/network
  else
    sed -ie "s/$old_hostname/HOSTNAME=$HOSTNAME/g" /etc/sysconfig/network
  fi
  new_hostname=`cat /etc/sysconfig/network | grep HOSTNAME`
  echo "New Hostname setting: "$new_hostname
fi
# End Script

Firewall rules:
At first we are going to want to shut off firewall rules and disable selinux.
We can later change the firewall rules to allow just the traffic we need to operate.
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5910 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT

chkconfig iptables off
chkconfig ip6tables off
service iptables stop
service ip6tables stop

vi /etc/selinux/config
change SELinux=enforcing to SELinux=disabled

reboot