RHEL 7 sanitization

From Unix Wiki
Jump to: navigation, search

RHEL7 introduced some arguable and unexplained changes in it's default install, i.e. random network device names, systemd, journald, networkmanager, tuned. These might be good for use on laptops or desktops, but are of no use on servers. Here is a short guide on how to return RHEL7/Centos7/OEL7 back to normal state.

Basic setup

Install tools

Install some usefull tools and utilities

yum install  wget curl net-tools lsof strace sysstat vim-enhanced bind-utils

Disable avahi, who needs it anyway?

# systemctl stop avahi-daemon
# systemctl disable avahi-daemon

Network

Network is supposed to be managed by NetworkManager, which mostly replaces the old network service.

Return old-style ethernet device names

This might be a good idea on physical servers, though I think it is still easier to identify devices by their MAC addresses. But how much physical servers we have nowadays? Less then a number of fingers on ones hand. On all this virtual servers this is of no use. But so far I decide to leave this new feature as is.

Add "net.ifnames=0" and "biosdevname=0" as kernel arguments to grub

Create old-style ifcfg files

First create old style config file for your interface, get the interfaces nsmae for 'ifconfig -a' or 'ip a'

# cat /etc/sysconfig/network-scripts/ifcfg-*
#HWADDR="08:00:27:AA:3B:D3"
DEVICE="enp0s3"
BOOTPROTO=dhcp
NM_CONTROLLED="no"
PERSISTENT_DHCLIENT=1
ONBOOT="yes"
TYPE=Ethernet
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME="enp0s3"

Here is an example of /etc/sysconfig/network, but it looks like it is no longer needed.

# cat /etc/sysconfig/network
# Created by anaconda
#NETWORKING=yes
#HOSTNAME=server.internal
#GATEWAY=192.168.1.1

Disable NetworkManager, enable network

# systemctl disable NetworkManager.service
# systemctl enable network.service
# systemctl restart network
# systemctl stop NetworkManager.service

Remove networkmanager if you don't need it

# yum remove NetworkManager

Old-style iptables

# yum install iptables-services
# systemctl mask firewalld.service
# systemctl stop firewalld.service

Enable iptables if you need it

# systemctl enable iptables.service
# systemctl enable ip6tables.service
# systemctl start iptables.service
# systemctl start ip6tables.service

tuned

Here is the description of tuned from official page

Profiles contains various sysctl/sysfs settings and optionally a script that is run on profile activation/deactivation. 
This is called static tuning. We try to keep the database of tunings up-to-date with the latest kernels. The profiles 
also contain settings for various tuned plugins that tune the system dynamically. Each plugin can connect to various 
sensors. Currently there are plugins for CPU, disk, ethernet and FSB. For example the ethernet plugin change the ethernet
speed according to previous network load.

System profiles are located in /usr/lib/tuned. You can create your own profiles that can also include and override settings 
from system profiles. Your custom profiles can be put into /etc/tuned, they have higher priority in case of conflict. For 
details see man page of tuned.conf. 

Not sure where this crap can become of any use, on laptops may be. Personally I do not need this blackbox on my servers.

systemctl stop tuned.service
systemctl disable tuned.service


Sources

http://www.tecmint.com/configure-network-interface-in-rhel-centos-7-0/ https://access.redhat.com/discussions/644133 https://v-reality.info/2014/07/rhel-centos-oracle-linux-7-tips/