1. I want a security-hardened kickstart file for RHEL 7.5 using the following SSG specifications:
[login to view URL]
2. Take necessary input from the administrator to populate ens file
/etc/sysconfig/network-scripts/ENSxxx
Interactive prompts for those that cannot be static, such as:
IPV4ADDR=""
NETMASK=""
GATEWAY=""
HOSTNAME=""
3. Start network service
systemctl start [login to view URL]
4. Configure ntp: add [login to view URL] as a server in [login to view URL]
systemctl enable [login to view URL]
ntpdate [login to view URL]
ntpdate -u [login to view URL]
5. Find SRV records
dig -t SRV [login to view URL]
dig [login to view URL]
dig [login to view URL]
6. Join domain:
realm discover -v [login to view URL]
realm join –U username –v [login to view URL]
7. Verify domain is connected, if connected
a. Disable remote root login
10. Create sudoers file
# vi /etc/sudoers.d/ADMIN
%als\\Trusted_EAA_System_Admin_NonProd ALL=NOPASSWD: ALL
# chmod 600 /etc/sudoers.d/ADMIN
8. Create PV/VG/LV
pvcreate /dev/sdb
vgcreate vg01 /dev/sdb
lvcreate -L 40G vg01
lvcreate -L 40G vg01
mke2fs -j /dev/vg01/lvol0
mke2fs -j /dev/vg01/lvol1
mkdir /opt/brookdale
mkdir /var/brookdale
echo "/dev/mapper/vg01-lvol0 /opt/brookdale ext4 defaults 1 2" >> /etc/fstab
echo "/dev/mapper/vg01-lvol1 /var/brookdale ext4 defaults 1 2" >> /etc/fstab
mount -a