How to see what software packages and security profile where picked at install time.

General support questions
Spork Schivago
Posts: 20
Joined: 2017/08/14 04:21:54

How to see what software packages and security profile where picked at install time.

Postby Spork Schivago » 2018/02/07 23:06:26

Hello,

Assuming I just installed CentOS 7 on a workstation or laptop, is there any way to see what options where picked? For example, I have various options for security profile during install, is there any way to see what security profile was selected? Is there a way to see what software packages where selected to be installed? Would:

Code: Select all

yum groups summary

Do it you think?

Finally, is there a way to create a custom configuration file that selects the various software packages / security profile by default?

I'm running 1708.

Thank you.
Last edited by Spork Schivago on 2018/02/07 23:11:03, edited 1 time in total.

User avatar
TrevorH
Forum Moderator
Posts: 21727
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to see what software packages and security profile where picked at install time.

Postby TrevorH » 2018/02/07 23:10:38

The install places a copy of the kickstart file used in /root/anaconda-ks.cfg
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Spork Schivago
Posts: 20
Joined: 2017/08/14 04:21:54

Re: How to see what software packages and security profile where picked at install time.

Postby Spork Schivago » 2018/02/07 23:57:23

TrevorH wrote:The install places a copy of the kickstart file used in /root/anaconda-ks.cfg

Thank you TrevorH.

I take it there's an anaconda-ks.cfg file somewhere on the DVD that I could modify so the software groups and security profile that we want are selected by default?

Thanks!

hunter86_bg
Posts: 894
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: How to see what software packages and security profile where picked at install time.

Postby hunter86_bg » 2018/02/08 05:27:09

I think that you need a kickstart for that.At least it's easier than editing the DVD.

Spork Schivago
Posts: 20
Joined: 2017/08/14 04:21:54

Re: How to see what software packages and security profile where picked at install time.

Postby Spork Schivago » 2018/02/08 19:38:45

hunter86_bg wrote:I think that you need a kickstart for that.At least it's easier than editing the DVD.

That sounds perfect and exactly what I'm looking for. I'm reading the document on Kickstart ( https://www.centos.org/docs/5/html/Inst ... -file.html )

I'm assuming this is the latest documentation on how to set this up.

I have another thread created under Security that involves iptables rules and the Gnome Firewall GUI program. I guess that ties into this now.

I want to allow remote access to the server, so employees can install CentOS 7 from their houses, connecting to the server, accessing the Kickstart file, but I only want to allow access to the server from employees IP addresses.

Assuming the gateway and switch are properly configured to allow DHCP / BOOTP traffic through the firewall, all I'd need to do on the physical server (after configuring the DHCP server) is to configure iptables to allow certain public IP addresses to that DHCP server, right? Then the employees will pop in the bootable media I created, it should connect automatically to my server, and use the kickstart file (I'll follow the directions in the article to create the kickstart file and media).

Thanks!

hunter86_bg
Posts: 894
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: How to see what software packages and security profile where picked at install time.

Postby hunter86_bg » 2018/02/09 04:59:18

Spork Schivago wrote:
hunter86_bg wrote:I think that you need a kickstart for that.At least it's easier than editing the DVD.

That sounds perfect and exactly what I'm looking for. I'm reading the document on Kickstart ( https://www.centos.org/docs/5/html/Inst ... -file.html )

I'm assuming this is the latest documentation on how to set this up.

I have another thread created under Security that involves iptables rules and the Gnome Firewall GUI program. I guess that ties into this now.

I want to allow remote access to the server, so employees can install CentOS 7 from their houses, connecting to the server, accessing the Kickstart file, but I only want to allow access to the server from employees IP addresses.

Assuming the gateway and switch are properly configured to allow DHCP / BOOTP traffic through the firewall, all I'd need to do on the physical server (after configuring the DHCP server) is to configure iptables to allow certain public IP addresses to that DHCP server, right? Then the employees will pop in the bootable media I created, it should connect automatically to my server, and use the kickstart file (I'll follow the directions in the article to create the kickstart file and media).

Thanks!


The latest documentation should be this one.
Also you can install 'system-config-kickstart' on any CentOS7 ,which has graphical environment, and use that for generation/validation of the KS file.
You will need Dhcp/tftp for providing the installation and a separate server (usually an apache or vsftpd server) to provide the kickstart.The menu on the tftp should provide the KS URL as kernel parameter.
If you setup everything correctly - you shouldn't need to do anything during the installation (you can also tell the KS to restart the server automatically after reboot).

Spork Schivago
Posts: 20
Joined: 2017/08/14 04:21:54

Re: How to see what software packages and security profile where picked at install time.

Postby Spork Schivago » 2018/02/09 21:03:17

hunter86_bg wrote:
Spork Schivago wrote:
hunter86_bg wrote:I think that you need a kickstart for that.At least it's easier than editing the DVD.

That sounds perfect and exactly what I'm looking for. I'm reading the document on Kickstart ( https://www.centos.org/docs/5/html/Inst ... -file.html )

I'm assuming this is the latest documentation on how to set this up.

I have another thread created under Security that involves iptables rules and the Gnome Firewall GUI program. I guess that ties into this now.

I want to allow remote access to the server, so employees can install CentOS 7 from their houses, connecting to the server, accessing the Kickstart file, but I only want to allow access to the server from employees IP addresses.

Assuming the gateway and switch are properly configured to allow DHCP / BOOTP traffic through the firewall, all I'd need to do on the physical server (after configuring the DHCP server) is to configure iptables to allow certain public IP addresses to that DHCP server, right? Then the employees will pop in the bootable media I created, it should connect automatically to my server, and use the kickstart file (I'll follow the directions in the article to create the kickstart file and media).

Thanks!


The latest documentation should be this one.
Also you can install 'system-config-kickstart' on any CentOS7 ,which has graphical environment, and use that for generation/validation of the KS file.
You will need Dhcp/tftp for providing the installation and a separate server (usually an apache or vsftpd server) to provide the kickstart.The menu on the tftp should provide the KS URL as kernel parameter.
If you setup everything correctly - you shouldn't need to do anything during the installation (you can also tell the KS to restart the server automatically after reboot).

The partitioning I'll have to let them do, to some degree, depending on the employee. Some have chosen a dual boot with Windows, which I'm not a big fan of, I think the PCs should be dedicated to work related stuff only, but I'm trying to be sensible. Most of the laptops actually belong to the employees and they do a lot of "work at home". With UEFI BIOSes and dual boot, it seems you have to install Windows first, then Linux. Linux can deal with two EFI system partitions, but Windows has trouble and I don't think the OSes are supposed to share an EFI system partition. So they install Windows first, then CentOS 7.

I have some experience with PXE diskless network boots. I don't think it's going to be that hard. I read about the system-config-kickstart and I think that's wonderful, for validation of my kickstart file.

Thank you for the updated link!

Thanks!