centos 6.3 minimal (intended target are virtual and cloud environments, less = more secure)
use minimal-install.iso (use custom single root partition no swap no lvm) choose UTC please and yay it comes with sshd by default =)
At the boot screen: Install or upgrade... press TAB add "text" to the end of the command line containing ... vmlinuz text
login: root ...
sed 's/ONBOOT="no"/ONBOOT="yes"/g' -i /etc/sysconfig/network-scripts/ifcfg-eth0
userdel ftp userdel games userdel gopher userdel halt userdel operator userdel shutdown userdel uucp
ifup eth0 yum update -y yum install sudo -y
rpm -qa | sort > /root/minimal-installation.txt
yum remove lvm2* # unnecessary hard drive partitioning system yum remove nfs* # nfs (legacy file sharing) yum remove iscsi* # scsi over internet (also removes dracut-network) yum remove fcoe* # fibre channel over ethernet yum remove lldpad* # for fibre channel over ethernet
rpm -qa | sort > /root/minimal-installation.txt chkconfig --list > /root/services.txt
cp -a /etc/grub.conf /etc/grub.conf.original vi /etc/grub.conf comment out the # splashimage line at the end of the kernel /boot/.... rhgb quiet (delete both rhgb and quiet) kernel /boot/.... KEYTABLE=us rd_NO_DM
chkconfig rpcbind --off # rpcbind = server that converts RPC program numbers into universal addresses (make RPC calls on a server on that machine)
for i in $(find /lib/modules/uname -r
/kernel/drivers/net/wireless -name ".ko" -type f) ; do echo blacklist $i >> /etc/modprobe.d/blacklist-wireless.conf ; done
for i in $(find /lib/modules/uname -r
/kernel/drivers/scsi/fcoe -name ".ko" -type f) ; do echo blacklist $i >> /etc/modprobe.d/blacklist-fcoe.conf ; done
sed -i 's/1-6/1/g' /etc/syconfig/init # only a single getty available sed -i 's/1-6/1/g' /etc/init/start-ttys.conf # only a single getty available
chmod 700 /root chmod 700 /var/log/audit
echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf echo "net.ipv6.conf.all.disable_ipv6 = 1 " >> /etc/sysctl.conf echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
useradd -s /bin/bash -m NEWUSERNAME # make a new user with bash shell and default home directory passwd NEWUSERNAME # set the initial password, otherwise the user is locked out
sed 's/#PermitRootLogin yes/PermitRootLogin no/g' -i /etc/ssh/sshd_config sed 's/#MaxAuthTries 6/MaxAuthTries 3/g' -i /etc/ssh/sshd_config echo "AllowUsers NEWUSERNAME" >> /etc/ssh/sshd_config
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
yum repolist
yum install gcc make