How to Create a Red Hat Enterprise Linux 7.0 VMware Template



References:
Red Hat (VMware Cloning Precautions) - https://access.redhat.com/site/solutions/271643
Linux Tutorials Website (NixCraft): http://www.cyberciti.biz/faq/centos-ssh/
The Lone SysAdmin - http://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
Mfariso1 - https://www.suse.com/communities/conversations/creating-standard-server-template-sles-11-sp1-vmware/
DISA STIG Compliance Tool Viewer: http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx
DISA STIG (Operating Systems): http://iase.disa.mil/stigs/os/Pages/index.aspx
DISA STIG How-To YouTube Video: https://www.youtube.com/watch?v=-h_lj5sWo4A
Force Use of Screen at Login (Red Hat): https://goo.gl/3RU1wU 

1. Upload the ISO to your datastore. Create a Linux virtual machine (Remove the floppy disk and boot into the BIOS and Disable anything you don't need or won't need) with only the packages you actually need and will use.

2. vi /etc/motd (This is the security banner message for your company).

2a. VMware Specific configurations: VMware Tools & Other
http://partnerweb.vmware.com/GOSIG/RHEL_7.html

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014294

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075048

3. Antivirus/Malware Software: (Use Something)

3a. Don't forget visudo if your using Active Directory. This way you don't have to add it later manually
%DOMAIN\\SECURITYGROUP
Note: If your using spaces in your AD security groups. Just change it to a "-" or "_" make life easier with a dash or an underscore.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1027766

4. Clean out your temporary files and log files
/usr/bin/yum clean all
go to /var/log and clean out all of the log files. You don't need anything for a template to remain.
/etc/ssh/sshd_config (configure to your security requirements. DO NOT LOGIN AS ROOT!!!)
/tmp/ (be careful completely blowing away /tmp on VMware for VMware Tools, etc)

5. Blow away the current NIC configurations:
 /bin/sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-ens19 (*whatever ens is)
(ens32 is new and different from eth0. Go Here is you want to know what changed)

6. Remove SSH Keys
/bin/rm –f /etc/ssh/*key*

7. Remove Root's History
/bin/rm -f ~root/.bash_history
unset HISTFILE

8. Clear out all of the junk and anything showing what you did:
cat /dev/null > ~/.bash_history && history -c && init 0

*Only add && init 0 after history -c if you want to immediately shut the box down.

8. Shutdown and convert to template
init 0 
(*VMware/RHEV/OpenStack Convert it to a template)

Popular posts from this blog

How to Configure HP ILO 4 for Active Directory Login

How to Configure BGInfo for Windows Server 2012 R2

How to Fix /storage/core filesystem Out of Disk Space Error on VCSA 6.0U1