# ------------------------------------------------------
## Network installation Path Centos 7.x
# ------------------------------------------------------
http://mirror.switch.ch/ftp/mirror/centos/7/os/x86_64/

# ------------------------------------------------------
## tools not installed from the beginning Centos 7.x
# ------------------------------------------------------
yum install wget 
yum install net-tools

# ------------------------------------------------------
## Firewall deaktivation Centos 7.x
# ------------------------------------------------------
#Check the Status of Firewalld
systemctl status firewalld
#Stop Firewalld
systemctl stop firewalld
#Disable Firewalld
systemctl disable firewalld

# ------------------------------------------------------
## Disable IPv6 Centos 7.x
# ------------------------------------------------------
# http://wiki.centos.org/FAQ/CentOS6#head-d47139912868bcb9d754441ecb6a8a10d41781df
vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

sysctl -p

systemctl stop  ip6tables.service
chkconfig ip6tables off
chkconfig shorewall on
reboot
---------------------------------------
this procedure causes issues with shorewall and ksplice.
vi /etc/sysconfig/network
# NETWORKING_IPV6=no
vi /etc/modprobe.d/modprobe.conf
# install ipv6 /bin/true
service ip6tables stop
chkconfig ip6tables off

reboot

# ------------------------------------------------------
## SELINUX Centos 7.x
# ------------------------------------------------------
# if you like to disable SeLINUX
# temporär : setenforce 0
# disable permanent on Servers Running in the LAN
vi /etc/sysconfig/selinux
SELINUX=disabled

# ------------------------------------------------------
## Add additional Repo's
# ------------------------------------------------------
# sehr gute erklärung : http://dokuwiki.nausch.org/doku.php/centos:epel6
# http://wiki.centos.org/AdditionalResources/Repositories

# RPMForge - This repository is a collaboration of Dag (who also maintains an individual archive) and other packagers. The archive provides over 10,000 packages for CentOS, including mplayer, xmms-mp3 and other popular media tools. You can read the installation instructions at Installing RPMForge. This repository is considered by many in the community to be stable and safe.
# http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-f0c3ecee3dbb407e4eed79a56ec0ae92d1398e01
# x86_64 http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
cd /tmp
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
# Verify the package you have downloaded
rpm -K rpmforge-release-0.5.3-1.el6.rf.*.rpm
# Install the package
rpm -i rpmforge-release-0.5.3-1.el6.rf.*.rpm



# ------------------------------------------------------
# Enable & Install EPEL Repo CentOS 7.x
# ------------------------------------------------------
yum install epel-release

# ------------------------------------------------------
# Add Basic user Centos 7.x
# ------------------------------------------------------
# add user/group zumbi
groupadd zumbi
useradd -gzumbi -Gzumbi -s/bin/bash -d/home/zumbi -m zumbi
# activate the user zumbi
# password :
passwd zumbi

# ------------------------------------------------------
## ssh configuration
# ------------------------------------------------------
# backup original configuration file
cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_original
# add line in sshd_config
echo "AllowUsers zumbi" >> /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
# Change the default Port
sed -i 's/#Port 22/Port 65535/g' /etc/ssh/sshd_config
service sshd restart
# Install the openssh-client for doing scp to the centos server
yum install openssh-clients

# ------------------------------------------------------
## ssh key auth configuration
# ------------------------------------------------------
#check howtoforge
# http://wiki.centos.org/HowTos/Network/SecuringSSH
mkdir ~/.ssh
chmod 700 ~/.ssh
vi ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
vi /etc/ssh/sshd_config
[...]
Protocol 2
PasswordAuthentication no
UsePAM no
[...]

service sshd restart

# ------------------------------------------------------
## FTP Server configuration Centos 7.x
# ------------------------------------------------------
yum install -y vsftpd

# backup original configuration file
cp -a /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_original
cp -a /etc/vsftpd/user_list /etc/vsftpd/user_list_original
cp -a /etc/vsftpd/chroot_list /etc/vsftpd/chroot_list_original

# remove original configuration files
rm -rf /etc/vsftpd/vsftpd.conf
rm -rf /etc/vsftpd/user_list
rm -rf /etc/vsftpd/chroot_list

# wget the reference files
cd /etc/vsftpd/
wget https://www.dropbox.com/s/nzwkqiwsgqv2rit/chroot_list
wget https://www.dropbox.com/s/etef4jaskcd50wd/user_list
wget https://www.dropbox.com/s/lxl86h46y4tjv5z/vsftpd.conf

## will avoid this Error: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
echo 'allow_writeable_chroot=YES' >> /etc/vsftpd/vsftpd.conf

# make the the FTP Server is starting at boot time
systemctl enable vsftpd.service
systemctl start  vsftpd.service

# ------------------------------------------------------
## ACPID installation Centos 7.x > for VM's important 
# ------------------------------------------------------
yum install acpid
systemctl start  acpid.service
systemctl enable acpid.service

# ------------------------------------------------------
## Webmin installation Centos 7.x
# ------------------------------------------------------
touch /etc/yum.repos.d/webmin.repo
echo "[Webmin]" >> /etc/yum.repos.d/webmin.repo
echo "name=Webmin Distribution Neutral" >> /etc/yum.repos.d/webmin.repo
echo "#baseurl=http://download.webmin.com/download/yum" >> /etc/yum.repos.d/webmin.repo
echo "mirrorlist=http://download.webmin.com/download/yum/mirrorlist" >> /etc/yum.repos.d/webmin.repo
echo "enabled=1" >> /etc/yum.repos.d/webmin.repo
cd /tmp
wget http://www.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc
yum install webmin

# ------------------------------------------------------
## UPTIMED instllation Centos 7.x
# ------------------------------------------------------
# 64bit >> http://rpm.pbone.net/index.php3/stat/4/idpl/29645284/dir/fedora_22/com/uptimed-0.4.0-1.fc22.x86_64.rpm.html
cd /tmp
wget ftp://mirror.switch.ch/pool/4/mirror/fedora/linux/releases/22/Everything/x86_64/os/Packages/u/uptimed-0.4.0-1.fc22.x86_64.rpm
rpm -i uptimed-0.4.0-1.fc22.x86_64.rpm 
uptimed -b
uprecords

# ------------------------------------------------------
## GLANCES installation Centos 7.x
# ------------------------------------------------------
# enable first EPEL Repo
yum -y install glances
#start application with 
glances

# ------------------------------------------------------
## DSTAT installation Centos 7.x
# ------------------------------------------------------
# enable first EPEL Repo
yum -y install dstat
#start application with 
dstat

# ------------------------------------------------------
## SNMP Installation Centos 7.x
# ------------------------------------------------------
# http://www.it-slav.net/blogs/2008/11/11/install-and-configure-snmp-on-rhel-or-centos/
# http://paulsuela.wordpress.com/2010/06/30/snmpd-conf-for-centos/
# http://lifeofageekadmin.com/configure-snmp-for-rhel-6/
# http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch22_:_Monitoring_Server_Performance

yum install –y net-snmp-utils net-snmp net-snmp-libs

cd /etc/snmp/
cp -a /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf_original
rm /etc/snmp/snmpd.conf
wget https://www.dropbox.com/s/yjqze30ibcgxadq/snmpd.conf

systemctl start  snmpd.service
systemctl enable snmpd.service

## Test the snmpd
snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

# ------------------------------------------------------
## Shorewall Installation Centos 7.x
# ------------------------------------------------------
# http://www.howtoforge.com/how-to-set-up-shorewall-firewall-on-centos-5.1
# http://sugizo.wordpress.com/2011/07/08/centos-install-and-configure-shorewall/

# enable first EPEL Repo
yum  install shorewall 

cp /usr/share/doc/shorewall*/Samples/two-interfaces/{interfaces,policy,masq,routestopped,rules,zones} /etc/shorewall/
# definiere die Standardports im rule file
65535
10000
21
80
8080
53 >  DNS/ACCEPT

## modify the basic files
network
zones
rules
interfaces
policy
masq
routestopped

# ------------------------------------------------------
## VM Tuning and Optimization Guide Centos 7.x
# ------------------------------------------------------
# default : tuned is installed on centos 7.x
# http://xtm.badewetter.ch/wp/2015/05/virtualization-tuning-and-optimization-guide/

yum install tuned
systemctl stop  tuned.service
tuned-adm profile virtual-guest

# ------------------------------------------------------
## Mail configuration
# ------------------------------------------------------
# Test mail versand via watchdog script

# ------------------------------------------------------
## Kernel Tuning
# ------------------------------------------------------
# kernel parameter linux tuning
http://people.redhat.com/alikins/system_tuning.html

# ------------------------------------------------------
## phpmyadmin Installation
# ------------------------------------------------------
# http://dokuwiki.nausch.org/doku.php/centos:phpmyadmin_c6

# ------------------------------------------------------
## NFS installation
# ------------------------------------------------------
# http://www.howtoforge.com/setting-up-an-nfs-server-and-client-on-centos-6.3

yum install nfs-utils nfs-utils-lib
chkconfig --levels 235 nfs on
/etc/init.d/nfs start

# Nobody user and group issue
# http://whacked.net/2006/07/26/nfsv4nfs-mapid-nobody-domain/
# You can tweak this setup by editing the: /etc/idmapd.conf
# Domain =  dmd2.local

# ------------------------------------------------------
## SAMBA Installation
# ------------------------------------------------------
# http://rbgeek.wordpress.com/2012/05/25/how-to-install-samba-server-on-centos-6/

# ------------------------------------------------------
## install 3ware 3dm2 website and CLI
# ------------------------------------------------------
#Download software from http://www.lsi.com/channel/support/pages/downloads.aspx?k=*
wget http://www.lsi.com/downloads/Public/SATA/SATA%20Common%20Files/3DM2_CLI-linux_10.2.2.1_9.5.5.1.zip
unzip 3DM2_CLI-linux_10.2.2.1_9.5.5.1.zip
./install.sh -i
# When you are finished with your installation you should see /usr/sbin/3dm2 running 3 times.
# To connect go to https://domainname:888

# ------------------------------------------------------
## MaridaDB installation
# ------------------------------------------------------

#Install mariadb from default centos repo
yum install mariadb-server
systemctl start mariadb.service
/usr/bin/mysql_secure_installation

# install the latest MariaDB Version 10.x
# Enable MariaDB Repo

vi /etc/yum.repos.d/MariaDB.repo
# add
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

yum update -y
# there may  come up some errors
yum remove mariadb-libs*
yum install MariaDB-server MariaDB-client
/etc/init.d/mysql start
chkconfig mysql on

# ------------------------------------------------------
## MySql installation
# ------------------------------------------------------
# https://der-linux-admin.de/2016/02/centos-7-mysql-5-6-mysql-5-7-oder-aktueller-installieren/


yum install http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
vi /etc/yum.repos.d/mysql-community.repo
#Anschliessend können wir in der Datei /etc/yum.repos.d/mysql-community.repo die gewünschte Version von MySQL aktivieren.
yum install mysql-server
systemctl enable mysqld
systemctl start mysqld
#Eine Verbesserung bei den neueren MySQL-Servern ab der Version 5.7 ist, dass ein temporäres Root-Passwort gesetzt wird. Bei älteren Versionen konnte man sich nach dem ersten Start des Servers mit einem leeren Passwort aus User root anmelden. Die temporären Logindaten für den User root ermitteln wir wie folgt:
grep 'temporary password' /var/log/mysqld.log
2016-02-04T21:41:08.717231Z 1 [Note] A temporary password is generated for root@localhost: 8X_ojH!+Wdes

mysql_secure_installation

# Dmd@24sql2016

# ------------------------------------------------------
## Logrotate
# ------------------------------------------------------

Enable compress in the config file
/etc/logrotate.conf
cd /usr/mysql-test ; perl mysql-test-run.pl

# ------------------------------------------------------
## Detail configuration informations
# ------------------------------------------------------

http://xtm.badewetter.ch/wp/2015/05/how-to-do-painless-mysql-server-backups-with-automysqlbackup/