RHEL6.1 Kickstart file

RHEL6.1 Kickstart file

The following file is the kickstart file for installing RHEL6.1

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use NFS installation media
nfs --server=192.168.0.254 --dir=/var/ftp/pub/rhel6.1
# Root password
rootpw --iscrypted $1$x7Z15vjx$hG7xzuDLfLbCqgvxiazDx.
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --enforcing
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone --isUtc Asia/Kolkata
# System bootloader configuration
bootloader --location=mbr --md5pass="$1$phl5jhIB$vIl45UqkSrUgZnUxdyySw."
# Partition clearing information
clearpart --all  
# Disk partitioning information
part / --fstype="ext4" --size=10000
part /home --fstype="ext4" --size=1024
part swap --fstype="swap" --size=1024

%packages
@additional-devel
@backup-client
@backup-server
@base
@cifs-file-server
@client-mgmt-tools
@compat-libraries
@console-internet
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@dial-up
@directory-client
@directory-server
@mail-server
@eclipse
@emacs
@identity-server
@ftp-server
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@hardware-monitoring
@ha
@ha-management
@infiniband
@input-methods
@internet-browser
@java-platform
@kde-desktop
@large-systems
@legacy-unix
@legacy-x
@load-balancer
@mainframe-access
@system-management-messaging-client
@mysql-client
@mysql
@nfs-file-server
@network-server
@storage-server
@network-file-system-client
@network-tools
@php
@performance
@perl-runtime
@postgresql-client
@postgresql
@print-server
@print-client
@remote-desktop-clients
@resilient-storage
@system-management-snmp
@scientific
@security-tools
@server-platform
@server-platform-devel
@server-policy
@storage-client-multipath
@system-management
@system-admin-tools
@system-management-messaging-server
@tex
@technical-writing
@turbogears
@virtualization-client
@virtualization-platform
@web-server
@web-servlet
@system-management-wbem
@x11
@storage-client-iscsi
libXinerama-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libgcrypt-devel
popt-devel
libdrm-devel
libXrandr-devel
libxslt-devel
libglade2-devel
gnutls-devel
mtools
pax
python-dmidecode
oddjob
sgpio
genisoimage
wodim
abrt-gui
qt-mysql
desktop-file-utils
ant
rpmdevtools
jpackage-utils
rpmlint
krb5-pkinit-openssl
certmonger
openldap-clients
pam_krb5
krb5-workstation
ldapjdk
samba
krb5-server-ldap
krb5-server
slapi-nis
netpbm-progs
ImageMagick
telnet
tcp_wrappers
xterm
xorg-x11-xdm
libXmu
perl-DBD-MySQL
dnsmasq
radvd
sg3_utils
perl-DBD-SQLite
perl-Mozilla-LDAP
rdesktop
atlas
numpy
hmaccalc
ipmitool
pexpect
crypto-utils
libvirt-java
mod_auth_kerb
mod_nss
certmonger
perl-CGI
mod_revocator
tog-pegasus
%end

PXE Server in RHEL 6 ?

How to configure PXE Server in RHEL 6 ?

Server IP settings.

IP 192.168.0.70
SUBNET 255.255.255.0
nmcontrolled no
onboot yes
DNS1=192.168.0.1

Yum install system-config-kickstart
# Install the kickstart package.

system-config-kickstart
# run the kickstart utility.

In the second last option you can remove text mode installation option and opt For a graphical one. 

Select the http installation method 

Use the defaults. 

In the disk label option choose the first option (Initialize the disk label).
The partitions that I have created are like this.

Mount Point            type         size
/boot         ext4         500
 swap         swap         2048
  /                     ext4         18000

Make sure that SELinux option is disabled and Security level is set to Disable firewall.

Save the ks.cfg file to the filesystem.

Yum install –y syslinux xinetd tftp-server dhcp httpd
# Install all the required packages through yum

mkdir /var/lib/tftpboot/pxelinux.cfg
cp  /usr/share/syslinux/pxelinux.0  /var/lib/tftpboot/

vi /etc/xinetd.d/tftp
# Open the xinetd settings to enable tftp server.
# at line 14 set the parameter to no from yes.
Disable=no 

service xinetd restart
# Restart the service to apply the settings made.

chkconfig xinetd on
# set the service to start with each subsequent system reboots.


vi /etc/dhcp/dhcpd.conf
# Open the file and configure the DHCP Server.


# Global Options
Allow booting;
Allow bootp;
authoritative;

# Subnet definition
subnet 192.168.0.0 netmask 255.255.255.0 {
# Parameters for the local subnet
option routers               192.168.0.1;
option subnet-mask           255.255.255.0;
option domain-name           “example.com”;
option domain-name-servers   192.168.0.1;
default-lease-time           21600;
max-lease-time               43200;
# Client IP range
range dynamic-bootp 192.168.0.100 192.168.0.200;
filename  “pxelinux.0”;
next-server  192.168.0.70;
}

# Here the next–sever parameter is the address of the kickstart server.

service dhcpd restart
Chkconfig dhcpd on

# restart the service and make it permanent.

mkdir –p /var/pxe/rhel6
mkdir /var/lib/tftpboot/rhel6
# make some required directories.

Insert your RHEL 6 dvd

mount  /dev/cdrom   /mnt
# Mount it to /mnt

ls –l /mnt
# Check the contents to see if it is properly mounted.

cp –ivr /mnt/*  /var/pxe/rhel6
# copy all the contents to the /var/pxe/rhel6 directory.

umount /mnt
eject
# after the file copy operation unmount and eject the dvd.

cp  /var/pxe/rhel6/images/pxeboot/vmlinuz   /var/lib/tftpboot/rhel6
cp  /var/pxe/rhel6/images/pxeboot/initrd.img   /var/lib/tftpboot/rhel6
# copy the vmlinuz and initrd.img files to the tftpboot directory.

cp /usr/share/syslinux/menu.c32  /var/lib/tftpboot/
# copy the menu file.

vi /var/lib/tftpboot/pxelinux.cfg/default

timeout 100
default menu.c32

menu title $$$$$$Boot Menu$$$$$$
label 1
  menu label ^ 1) RHEL6
  kernel rhel6/vmlinuz
  append initrd=rhel6/initrd.img  ks=http://192.168.0.70/ks/ks.cfg  ksdevice=eth0

# Prepare the boot menu. 

chkconfig httpd on

vi  /etc/httpd/conf.d/pxeboot.conf

# create new entry

Alias /rhel6 /var/pxe/rhel6

   Options Indexes FollowSymLinks
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1  192.168.0.0/24
# Ip address you allow



service httpd restart
(ignore the domain name error if it occurs.)

# Prepare the httpd server


mkdir /var/www/html/ks

cp /ks.cfg   /var/www/html/ks/ks.cfg
chmod 644 /var/www/html/ks/ks.cfg

# make the directory and copy the kickstart file to it.
# and make the kickstart file globally read only.

The pxe server is ready.

Plug a computer into the network and boot it through LAN using pxe.

The client pc should  have a display as below.
 

VNC Server in RHEL6

How to configure VNC Server in RHEL6 ?

Disable nm controlled network management.

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT="no"
HWADDR=00:0C:29:AA:10:3D
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.1.30
PREFIX=24
GATEWAY=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no


Disable firewall using

system-config-firewall-tui

Disable selinux

[root@canada ~]# getenforce

Enforcing


vi /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 


Restart System

init 6



ifup eth0

Network Configuration
vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

192.168.1.30  canada canada

ifdown eth0
ifup eth0


Install vncserver

yum install *vnc*

Configure it.

Uncomment the highlighted section & also provide a valid username.

vi /etc/sysconfig/vncservers

# The VNCSERVERS variable is a list of display:user pairs.
#
# Uncomment the lines below to start a VNC server on display :2
# as my 'myusername' (adjust this to your own).  You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.  
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, see this URL:
# http://kbase.redhat.com/faq/docs/DOC-7028

# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.

# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.

 VNCSERVERS="2:root"
 VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"

Provide password for vncserver.

[root@canada Desktop]# vncpasswd
Password:
Verify:


Restart vncserver.
[root@canada Desktop]# service vncserver restart
Shutting down VNC server:                                  [  OK  ]
Starting VNC server: 2:root xauth:  creating new authority file /root/.Xauthority

New 'canada:2 (root)' desktop is canada:2

Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/canada:2.log

                                                           [  OK  ]



[root@canada Desktop]# vncserver -kill :2
[root@canada Desktop]# chkconfig vncserver on
[root@canada Desktop]# chkconfig vncserver --list
vncserver       0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@canada Desktop]# vncserver :99

New 'canada:99 (root)' desktop is canada:99

Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/canada:99.log


Now connect through vncviewer

192.168.1.30:99

and for password use what you had give for passwd command.

Passwordless SSH Authentication on Linux | Red Hat | RHEL | RHEL 6.0 | RHEL5 Read more: Passwordless SSH Authentication on Linux | Red Hat | RHEL | RHEL 6.0 | RHEL5

configure passwordless authentication.
Password-less Authentication between server to server or client to server is very risky. I have posted this how to for SSH Password-less Login but make sure you require this at any how.
Consider many times before you configure this. This can be the biggest security issue, So if you are knowing risks and you know what are the advantages and disadvantages then only implement this, Simple DO IT AT YOUR OWN RISK.
Follow this method to configure passwordless SSH Authentication:-
1. Execute Following Command :-
[tejas-barot@linux-tejas-barot-ahmedabad~] $ su – root

[root@linux-tejas-barot-ahmedabad ~] # ssh-keygen -t rsa

2.After executing below command it will start generating ssh key.
3. Now that will ask you where you want to save key i prefer that you store save that key on /root/.ssh/ if you dont want to change ssh key saving directory then just press Enter.
4.In Passphare dont give password just press Enter
5. Now it will generate ssh key and save it @ home directory
6.Now execute following command to copy your .pub file into remote server
[root@linux-tejas-barot-ahmedabad ~] # scp /root/.ssh/id_rsa.pub root@192.168.0.3:/root/.ssh/id_rsa.pub.server
The authenticity of host ’192.168.0.3 (192.168.0.3)’ can’t be established.RSA key fingerprint is 1d:48:aa:5c:34:ac:05:5f:10:0d:df:b6:4f:d0:09:90.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.0.3′s password: ******** # Don’t expect Start (***)

Once Copy will done completely.Then Logon to Remote Machine
7. Log in to Remote Server by executing following command:
[root@linux-tejas-barot-ahmedabad ~] # ssh 192.168.0.3 root@192.168.0.3′s password: ******** # Don’t expect Star (***)

Your Remote Prompt Like below:-
[root@linux1-tejas-barot-ahmedabad ~]#cat /root/.ssh/id_rsa.pub.server >> /root/.ssh/authorized_keys
Now you are done Exit from Remote Machine.
8. From Your Local Computer Try to Connect remote pc which you had done above procedure.
[root@linux-tejas-barot-ahmedabad ~] # ssh 192.168.0.3
It will directly login to your remote PC without Asking Password
Remote Prompt:-
[root@linux1-tejas-barot-ahmedabad ~]#

Redhat Enterprise Linux 6 Security Guide Free Download

Because of the increased reliance on powerful, networked computers to help run businesses and
keep track of our personal information, entire industries have been formed around the practice of
network and computer security. Enterprises have solicited the knowledge and skills of security experts
to properly audit systems and tailor solutions to fit the operating requirements of their organization.
Because most organizations are increasingly dynamic in nature, their workers are accessing critical
company IT resources locally and remotely, hence the need for secure computing environments has
become more pronounced.
Unfortunately, many organizations (as well as individual users) regard security as more of an
afterthought, a process that is overlooked in favor of increased power, productivity, convenience, ease
of use, and budgetary concerns. Proper security implementation is often enacted postmortem — after
an unauthorized intrusion has already occurred. Taking the correct measures prior to connecting a
site to an untrusted network, such as the Internet, is an effective means of thwarting many attempts at
intrusion.
Note
This document makes several references to files in the /lib directory. When using 64-bit
Click To Download