Page 1 of 1

How to see what software packages and security profile where picked at install time.

Posted: 2018/02/07 23:06:26
by Spork Schivago
Hello,

Assuming I just installed CentOS 7 on a workstation or laptop, is there any way to see what options where picked? For example, I have various options for security profile during install, is there any way to see what security profile was selected? Is there a way to see what software packages where selected to be installed? Would:

Code: Select all

yum groups summary

Do it you think?

Finally, is there a way to create a custom configuration file that selects the various software packages / security profile by default?

I'm running 1708.

Thank you.

Re: How to see what software packages and security profile where picked at install time.

Posted: 2018/02/07 23:10:38
by TrevorH
The install places a copy of the kickstart file used in /root/anaconda-ks.cfg

Re: How to see what software packages and security profile where picked at install time.

Posted: 2018/02/07 23:57:23
by Spork Schivago
TrevorH wrote:The install places a copy of the kickstart file used in /root/anaconda-ks.cfg

Thank you TrevorH.

I take it there's an anaconda-ks.cfg file somewhere on the DVD that I could modify so the software groups and security profile that we want are selected by default?

Thanks!

Re: How to see what software packages and security profile where picked at install time.

Posted: 2018/02/08 05:27:09
by hunter86_bg
I think that you need a kickstart for that.At least it's easier than editing the DVD.

Re: How to see what software packages and security profile where picked at install time.

Posted: 2018/02/08 19:38:45
by Spork Schivago
hunter86_bg wrote:I think that you need a kickstart for that.At least it's easier than editing the DVD.

That sounds perfect and exactly what I'm looking for. I'm reading the document on Kickstart ( https://www.centos.org/docs/5/html/Inst ... -file.html )

I'm assuming this is the latest documentation on how to set this up.

I have another thread created under Security that involves iptables rules and the Gnome Firewall GUI program. I guess that ties into this now.

I want to allow remote access to the server, so employees can install CentOS 7 from their houses, connecting to the server, accessing the Kickstart file, but I only want to allow access to the server from employees IP addresses.

Assuming the gateway and switch are properly configured to allow DHCP / BOOTP traffic through the firewall, all I'd need to do on the physical server (after configuring the DHCP server) is to configure iptables to allow certain public IP addresses to that DHCP server, right? Then the employees will pop in the bootable media I created, it should connect automatically to my server, and use the kickstart file (I'll follow the directions in the article to create the kickstart file and media).

Thanks!

Re: How to see what software packages and security profile where picked at install time.

Posted: 2018/02/09 04:59:18
by hunter86_bg
Spork Schivago wrote:
hunter86_bg wrote:I think that you need a kickstart for that.At least it's easier than editing the DVD.

That sounds perfect and exactly what I'm looking for. I'm reading the document on Kickstart ( https://www.centos.org/docs/5/html/Inst ... -file.html )

I'm assuming this is the latest documentation on how to set this up.

I have another thread created under Security that involves iptables rules and the Gnome Firewall GUI program. I guess that ties into this now.

I want to allow remote access to the server, so employees can install CentOS 7 from their houses, connecting to the server, accessing the Kickstart file, but I only want to allow access to the server from employees IP addresses.

Assuming the gateway and switch are properly configured to allow DHCP / BOOTP traffic through the firewall, all I'd need to do on the physical server (after configuring the DHCP server) is to configure iptables to allow certain public IP addresses to that DHCP server, right? Then the employees will pop in the bootable media I created, it should connect automatically to my server, and use the kickstart file (I'll follow the directions in the article to create the kickstart file and media).

Thanks!


The latest documentation should be this one.
Also you can install 'system-config-kickstart' on any CentOS7 ,which has graphical environment, and use that for generation/validation of the KS file.
You will need Dhcp/tftp for providing the installation and a separate server (usually an apache or vsftpd server) to provide the kickstart.The menu on the tftp should provide the KS URL as kernel parameter.
If you setup everything correctly - you shouldn't need to do anything during the installation (you can also tell the KS to restart the server automatically after reboot).

Re: How to see what software packages and security profile where picked at install time.

Posted: 2018/02/09 21:03:17
by Spork Schivago
hunter86_bg wrote:
Spork Schivago wrote:
hunter86_bg wrote:I think that you need a kickstart for that.At least it's easier than editing the DVD.

That sounds perfect and exactly what I'm looking for. I'm reading the document on Kickstart ( https://www.centos.org/docs/5/html/Inst ... -file.html )

I'm assuming this is the latest documentation on how to set this up.

I have another thread created under Security that involves iptables rules and the Gnome Firewall GUI program. I guess that ties into this now.

I want to allow remote access to the server, so employees can install CentOS 7 from their houses, connecting to the server, accessing the Kickstart file, but I only want to allow access to the server from employees IP addresses.

Assuming the gateway and switch are properly configured to allow DHCP / BOOTP traffic through the firewall, all I'd need to do on the physical server (after configuring the DHCP server) is to configure iptables to allow certain public IP addresses to that DHCP server, right? Then the employees will pop in the bootable media I created, it should connect automatically to my server, and use the kickstart file (I'll follow the directions in the article to create the kickstart file and media).

Thanks!


The latest documentation should be this one.
Also you can install 'system-config-kickstart' on any CentOS7 ,which has graphical environment, and use that for generation/validation of the KS file.
You will need Dhcp/tftp for providing the installation and a separate server (usually an apache or vsftpd server) to provide the kickstart.The menu on the tftp should provide the KS URL as kernel parameter.
If you setup everything correctly - you shouldn't need to do anything during the installation (you can also tell the KS to restart the server automatically after reboot).

The partitioning I'll have to let them do, to some degree, depending on the employee. Some have chosen a dual boot with Windows, which I'm not a big fan of, I think the PCs should be dedicated to work related stuff only, but I'm trying to be sensible. Most of the laptops actually belong to the employees and they do a lot of "work at home". With UEFI BIOSes and dual boot, it seems you have to install Windows first, then Linux. Linux can deal with two EFI system partitions, but Windows has trouble and I don't think the OSes are supposed to share an EFI system partition. So they install Windows first, then CentOS 7.

I have some experience with PXE diskless network boots. I don't think it's going to be that hard. I read about the system-config-kickstart and I think that's wonderful, for validation of my kickstart file.

Thank you for the updated link!

Thanks!