Tuesday, August 12, 2014

How to Create a Red Hat Enterprise Linux 7.0 VMware Template



References:
Red Hat (VMware Cloning Precautions) - https://access.redhat.com/site/solutions/271643
Linux Tutorials Website (NixCraft): http://www.cyberciti.biz/faq/centos-ssh/
The Lone SysAdmin - http://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
Mfariso1 - https://www.suse.com/communities/conversations/creating-standard-server-template-sles-11-sp1-vmware/
DISA STIG Compliance Tool Viewer: http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx
DISA STIG (Operating Systems): http://iase.disa.mil/stigs/os/Pages/index.aspx
DISA STIG How-To YouTube Video: https://www.youtube.com/watch?v=-h_lj5sWo4A
Force Use of Screen at Login (Red Hat): https://goo.gl/3RU1wU 

1. Upload the ISO to your datastore. Create a Linux virtual machine (Remove the floppy disk and boot into the BIOS and Disable anything you don't need or won't need) with only the packages you actually need and will use.

2. vi /etc/motd (This is the security banner message for your company).

2a. VMware Specific configurations: VMware Tools & Other
http://partnerweb.vmware.com/GOSIG/RHEL_7.html

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014294

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075048

3. Antivirus/Malware Software: (Use Something)

3a. Don't forget visudo if your using Active Directory. This way you don't have to add it later manually
%DOMAIN\\SECURITYGROUP
Note: If your using spaces in your AD security groups. Just change it to a "-" or "_" make life easier with a dash or an underscore.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1027766

4. Clean out your temporary files and log files
/usr/bin/yum clean all
go to /var/log and clean out all of the log files. You don't need anything for a template to remain.
/etc/ssh/sshd_config (configure to your security requirements. DO NOT LOGIN AS ROOT!!!)
/tmp/ (be careful completely blowing away /tmp on VMware for VMware Tools, etc)

5. Blow away the current NIC configurations:
 /bin/sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-ens19 (*whatever ens is)
(ens32 is new and different from eth0. Go Here is you want to know what changed)

6. Remove SSH Keys
/bin/rm –f /etc/ssh/*key*

7. Remove Root's History
/bin/rm -f ~root/.bash_history
unset HISTFILE

8. Clear out all of the junk and anything showing what you did:
cat /dev/null > ~/.bash_history && history -c && init 0

*Only add && init 0 after history -c if you want to immediately shut the box down.

8. Shutdown and convert to template
init 0 
(*VMware/RHEV/OpenStack Convert it to a template)