Recently have been burning through CentOS VMs lately, and wanted to setup a CentOS 7 "golden image" to clone for future builds.
** NOTES, IRT Splunk severs, do not install GUI (causes proxy bridge interface weirdness), setup firewall rules).
- Install Centos7 with decent VM specs (two core, 2 gigs ram)
- Install NIC
- Install net-tools (for ifconfig command)
- install GUI (DO NOT INSTALL GNOME, BREAKS ALL THE THINGS)
- yum update
- remove virbr0 interface and libvirtd service as it messes up the Splunk install (TBD if the issue)
- disable SELinux
- disable or create firewall rules
- install A3Sec app on Splunk
- Set timzone
- Trouble shoot why having A3Sec and Snort for Splunk at the same time breaks Splunk's time parsing capability.
Ensure during boot up from CentOS7 ISO in VMWare datastore, select turning on the NIC in the GUI installation process, specify drive (30 gig size from earlier configuration), create root password and user account.
Install networking on headless CentOS7 build
https://lintut.com/how-to-setup-network-after-rhelcentos-7-minimal-installation/
Install ifconfig
https://linuxconfig.org/howto-install-ifconfig-on-centos-7-linux
Install nano: yum install nano
Mount CD for Splunk ISO
https://linuxconfig.org/how-to-mount-cd-dvd-rom-on-centos-rhel-linux
Install GUI ** DO NOT DO !! ***
https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-gnome-gui-on-centos-7-rhel-7.html
And then for good fun, install htop
http://cheapwindowsvps.com/blog/how-to-install-htop-on-centos-7/
neofetch
http://www.vassox.com/linux-general/install-neofetch-on-centos-7-rhel/
LNAV log
https://www.unixmen.com/install-use-lnav-on-centos-7/
- adding epel-release for LNAV makes htop available as well.
virbr0 and libvirtd removal
https://www.thegeekdiary.com/how-to-remove-virbr0-and-lxcbr0-interfaces-on-centos-rhel-5-and-rhel-7/
disable SELinux
https://linuxize.com/post/how-to-disable-selinux-on-centos-7/
disable firewall
https://www.liquidweb.com/kb/how-to-stop-and-disable-firewalld-on-centos-7/
Make firewall rules- add exceptions for 8000, 8089, 9997, 514, 1514
https://blog.christophersmart.com/2014/01/15/add-permanent-rules-to-firewalld/
Install Splunk on CentOS
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchTutorial/InstallSplunk
A3Sec App
https://splunkbase.splunk.com/app/2739/#/details
Set timezone
https://www.cyberciti.biz/faq/centos-linux-6-7-changing-timezone-command-line/
Trouble shoot A3 sec time stamp parsing breaking- update props.conf to parse time
https://answers.splunk.com/answers/626816/pfsense-event-date-time-wrong.html
Change splunk license to free immediately before expatriation of trail.
** NOTES, IRT Splunk severs, do not install GUI (causes proxy bridge interface weirdness), setup firewall rules).
- Install Centos7 with decent VM specs (two core, 2 gigs ram)
- Install NIC
- Install net-tools (for ifconfig command)
- install GUI (DO NOT INSTALL GNOME, BREAKS ALL THE THINGS)
- yum update
- remove virbr0 interface and libvirtd service as it messes up the Splunk install (TBD if the issue)
- disable SELinux
- disable or create firewall rules
- install A3Sec app on Splunk
- Set timzone
- Trouble shoot why having A3Sec and Snort for Splunk at the same time breaks Splunk's time parsing capability.
Ensure during boot up from CentOS7 ISO in VMWare datastore, select turning on the NIC in the GUI installation process, specify drive (30 gig size from earlier configuration), create root password and user account.
Install networking on headless CentOS7 build
https://lintut.com/how-to-setup-network-after-rhelcentos-7-minimal-installation/
Install ifconfig
https://linuxconfig.org/howto-install-ifconfig-on-centos-7-linux
Install nano: yum install nano
Mount CD for Splunk ISO
https://linuxconfig.org/how-to-mount-cd-dvd-rom-on-centos-rhel-linux
Install GUI ** DO NOT DO !! ***
https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-gnome-gui-on-centos-7-rhel-7.html
And then for good fun, install htop
http://cheapwindowsvps.com/blog/how-to-install-htop-on-centos-7/
neofetch
http://www.vassox.com/linux-general/install-neofetch-on-centos-7-rhel/
LNAV log
https://www.unixmen.com/install-use-lnav-on-centos-7/
- adding epel-release for LNAV makes htop available as well.
virbr0 and libvirtd removal
https://www.thegeekdiary.com/how-to-remove-virbr0-and-lxcbr0-interfaces-on-centos-rhel-5-and-rhel-7/
disable SELinux
https://linuxize.com/post/how-to-disable-selinux-on-centos-7/
disable firewall
https://www.liquidweb.com/kb/how-to-stop-and-disable-firewalld-on-centos-7/
Make firewall rules- add exceptions for 8000, 8089, 9997, 514, 1514
https://blog.christophersmart.com/2014/01/15/add-permanent-rules-to-firewalld/
Install Splunk on CentOS
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchTutorial/InstallSplunk
A3Sec App
https://splunkbase.splunk.com/app/2739/#/details
Set timezone
https://www.cyberciti.biz/faq/centos-linux-6-7-changing-timezone-command-line/
Trouble shoot A3 sec time stamp parsing breaking- update props.conf to parse time
https://answers.splunk.com/answers/626816/pfsense-event-date-time-wrong.html
Change splunk license to free immediately before expatriation of trail.
This comment has been removed by the author.
ReplyDeleteSetting up a CentOS 7 golden image is a great idea for streamlining VM builds, especially for Splunk servers. From my experience, disabling SELinux is a crucial step to avoid unexpected issues. Vultr's detailed guide on disabling SELinux on CentOS 7 was incredibly helpful in this process—clear instructions and easy to follow.
ReplyDeleteI also found that creating specific firewall rules for ports like 8000, 8089, and 9997 makes Splunk deployments much smoother. For anyone struggling with managing their CentOS environments, Vultr’s cloud services and documentation make setups like this more efficient and reliable. Highly recommend checking them out
https://docs.vultr.com/disabling-selinux-on-centos-7
disabling SELinux on CentOS 7
Delete