RHEL Manjor differences (v2)
~~~~~~~~~~~~~~~~~~~~~~~
RHEL6:
Kernel: 2.6
System-V (als init daemon)
iptables (firewall, backend)
iptables (firewall front end tool)
RHEL7:
Kernel 3.10
SystemD (als init daemon)
iptables (firewall, backend)
firewalld (firewall daemon to manage the rules; command line interface is firewall-cmd)
RHEL8:
Kernel 4.18
SystemD (als init daemon)
nftables (firewall, backend)
firewalld (firewall daemon to manage the rules; command line interface is firewall-cmd)
Package Manager
~~~~~~~~~~~~~~~~~~~~~~~
yum in RHEL6,7,(8) as package manager
Check and disable firewall
~~~~~~~~~~~~~~~~~~~~~~~
# the vm is protected by an amazon firewall, so we dont need on on our local maschine one
# dont forget to change your security group (inbound connection) to your current inet ip address
yum -y install firewalld
systemctl disable firewalld.service
systemctl status firewalld.service
iptables -v -n -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
ip6tables -v -n -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# if rules apply or the default of a chain is not ACCEPT:
iptables --flush
ip6tables --flush
Disable SELINUX
~~~~~~~~~~~~~~~~~~~~~~~
#sestatus to check if its enabled
sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
# disable selinux to avoid an extra layer of confguration and setup problems
grep 'SELINUX=' /etc/selinux/config
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep 'SELINUX=' /etc/selinux/config
Disable THP (Transparent Huge Pages)(Optional)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vi /etc/systemd/system/disable-thp.service
[Unit]
Description=Disable Transparent Huge Pages (THP)
[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl start disable-thp
sudo systemctl enable disable-thp
Update VM Swappiness
~~~~~~~~~~~~~~~~~~~~
sysctl vm.swappiness
sysctl -w vm.swappiness=1
echo "vm.swappiness=1" >> /etc/sysctl.d/99-sysctl.conf
#cat /proc/sys/vm/swappiness
#/etc/sysctl.conf add line vm.swappiness=1
#echo "vm.swappiness = 1" >> /etc/sysctl.conf
#cat /proc/sys/vm/swappiness
Expand EBS Volume OR HVM RESIZE - CENTOS 7 with HVM doesnt need resize
~~~~~~~~~~~~~~~~~
df -h
sudo resize2fs /dev/xvde
sudo resize2fs /dev/xvda1
Install Other Packages
~~~~~~~~~~~~~~~~~~~~~~
# useful tools
yum -y install wget
yum -y install yum-utils
yum -y install unzip
# update os
yum -y update
Network Time Protocol
~~~~~~~~~~~~~~~~~~~~~
# use chronyd not ntpd
# its the default and its a modern implementation for network time exchange
systemctl status chronyd.service
Image our Choice
~~~~~~~~~~~~~~~~~~~~~
# our Image
CentOS 7 (x86_64) - with Updates HVM Image
https://aws.amazon.com/marketplace/pp/B00O7WM7QW
ami-0affd4508a5d2481b