I’m working on a project that is deploying on CentOS 5.1, and I found it not entirely obvious how to install a really stripped down server, as a starting point for a lean and mean, hardened production server. Since I’m doing work on this at home on VMWare, and it’s being deployed on a VPS initially (and probably will remain virtualized for ease of management as it scales up), this guide is specifically aimed at this kind of configuration.
Assumptions:
- this server uses an x86_64 CPU architecture, not i386 (or for an ultra-small disk footprint, consider i386 since it doesn’t need duplicate 64 and 32 bit glibc libraries)
- this is a server VPS (running in VMware or Xen) so it isn’t interested in low-level hardware management
- no need for ACPI (sleep/hibernate)
- no need for laptop CPU power reduction
- no need for SMART disk monitoring (since the VPS disk is virtualized)
- no need for MD (software RAID) since it’s a VPS; any RAID is happening at a lower level (host OS / dom0)
- no need to use LVM2 to mirror a logical volume (again because RAID is handled outside of the VPS)
- no need for bluetooth, hot-plug hardware, or PCMCIA
- this server may have more than one CPU (or may be given additional VCPUs later due to load) so multi-CPU support is desired
- this is a headless server so no GUI features are desirable
- there are no legacy services that need RPC
- NFS will not be used
- SELinux will be left in the default configuration (“Enforcing” the “Targeted” policy).
Basic Installation:
Start with the Centos 5.1 x86_64 install DVD.
Boot the DVD.
Select English language and U.S. English keyboard layout.
Choose to Install the OS (not upgrade).
Choose “Remove linux partitions on selected drives and create default layout.”
Select DHCP network configuration, or the static IP address for this server.
(I choose DHCP, and tell the DHCP server to use a specific IP for this host based on its Ethernet MAC address.)
Choose the time zone the server is in (for me this is America/Los Angeles), and enable the “System clock uses UTC” option.
Pick a complex root password (https://grc.com/passwords can generate one for you) and enter it.
When given a chance to install additional tasks, uncheck everything (no additional tasks) and choose the “Customize now” radio button.
In the next screen, go into every group and uncheck everything. (*Nothing* should be checked when you’re done. Be careful not to miss anything!)
Confirm that you want the installer to begin the installation process. (For me this process took about 6 minutes.)
Confirm that you want to reboot, and make sure that the server will boot from the hard disk instead of the installation media.
When the server boots, log in as root. (You can disconnect from the console and use SSH instead at this point if it’s more convenient.)
More Minimizing:
Run this command to tell yum to go grab the latest package info from out on the internet.
yum grouplist
Run this command to make sure you didn’t install anything other than the bare minimum:
yum -C grouplist
You shouldn’t see a section called “Installed Groups:”. If you do see it, it means you missed something you were supposed to disable in the previous section.
In that case, run this to remove it and all the packages in it:
yum -C groupremove SomeGroupName
You can also run this command to count how many packages have been installed already:
yum -C list installed | wc -l
The resulting count of packages installed should be 154.
Next, run “chkconfig --list | grep 3:on
” to see what services are enabled.
Several of them can safely be disabled (provided that the assumptions at the top of this guide are true), so run this:
for i in haldaemon lvm2-monitor messagebus netfs; do chkconfig $i off; done
These are useful and should stay enabled:
ip6tables
iptables
kudzu
mcstrans
network
restorecond
sshd
syslog
If for some reason there are others that are still enabled that aren’t on that list, you’ll have to decide for yourself.
Run this command to remove a 9.7MB standalone documentation package that you almost certainly won’t be reading from the server:
yum -C remove Deployment_Guide-en-US
If you wish, run this command to update your installed packages to the latest stable version.
yum update
As of 3/27/2008 this installed a new kernel, updated 19 other packages, and required a 54MB download.
Accept the CentOS package-signing GPG key when asked.
If a kernel update is installed, it would be a good idea to reboot soon to make sure it works.
You can also remove your old kernel (use “rpm -qa | grep kern” to find old ones) to save ~75MB.
yum remove kernel-2.6.18-53.el5
NOTE! ONLY do this if you updated your kernel and have 2 installed now.
Useful Things You May Want To Install:
These packages are very useful for administering servers, deploying software and data to them, and performing backups:
yum install bzip2 lsof man man-pages mlocate quota rsync sysstat vixie-cron wget which
If your server has more than 1 CPU you may wish to install irqbalance, to distribute interrupt servicing duty across CPUs:
yum install irqbalance
This package makes the system boot slightly faster using a very simple, safe technique:
yum install readahead
If you aren’t familiar with the vim text editor, you can install nano, which is less powerful but very easy to use:
yum install nano
Have fun! Hope this helps.
In case you needed to do this more than once, it would probably be better to just create a kickstart file to do all this, with a self-removing service to do the bits after the reboot.
So, what is the end result in size of the install? (x MB?)
@Ranger:
Actually I never wrote down the size on disk, since I was aiming for efficiency and security instead of disk footprint. Sorry about that. I feel silly for not doing that, but not silly enough to spend a half hour or more building a new virtual machine just to answer the question.
If anybody uses this guide and remembers to do so, please post it here.
@Ranger: CentOS 5.2 (i386) install – df reports that disk usage is 624MB including the boot partition after removing the original kernel.
Thanks!
Nice howto. Thanks
738M after install, removal of old kernel, and addition of suggested packages. I did not clear any package caches. This is on 5.3
Will you be updating this for CentOS 6 or CentOS 7?
No.