Create VMWare Teplate CentOS 6.5

In this article, I am going to outline a very basic and quick way to create a VMWare virtual machine template for provisioning CentOS (or RHEL) 6.5 in your VMWare environment. As I mentioned, this is a very basic configuration and does not take into consideration large scale deployments and is really intended as a starting point for a template for large scale production.


1. Perform the installation of CentOS Minimal as you would any Virtual Machine. Set the roo

2. Install perl by issuing the following command:

yum install perl

3. Install vmware tools. Accept all defaults during the VMWare tools installation:

mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
cp VMWare-tools-XXXX.tar.gz ~root
cd ~root
tar zxf VMWare-tool-XXX.tar.gz
cd vmware-tools
cd ..
rm –rf vmware-tools VMWare-tools-XXX.tar.gz

4. After the base install, update the OS by issuing the following commands:

yum update

5. Clean the yum cache by issuing the command:

yum clean all

6. To prevent hardware issues, remove udev persistent rules by issuing the following command:

rm –f /etc/udev/rules.d/70*

7. To prevent networking issues, remove the MAC and UUID of the NIC. New ones will be obtained upon clone:

sed –i ‘/*\(HWADDR\|UUID\)=/d’ /etc/sysconfig/network-scripts/ifcfg-eth0

8. Clearing out the logs on the server is also a good idea. This can be accomplished as follows:

NOTE: Where ‘?’ is usually the date but will depend on your logroatate.conf configuration.

logrotate –f /etc/logrotate.conf
rm-rf /var/log/*-???????? /var/log/*.gz
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp

9. Clear out all Temp directories as follows:

rm –rf /tmp/*
rm –rf /var/tmp/*

10. Now we will remove any SSH host keys for security:

rm-rf /etc/ssh/*keys*

11. For good measure, lets create an administrative user in case we need access later, after the root password has been changed by the user:

adduser admin
passwd admin

12. We want the root password changed upon booting up the server, so:

chage –d 0 root

13. We also do not want the new user to have a copy of what we have just done in the bash history, so lets wipe that out as well:

rm –f ~root/.bash_history

Create a VMWare Template Ubuntu 12.04

In this article, I am going to outline a procedure to create a very basic Ubuntu VMWare virtual machine template for rapid deployment.


1. Perform the installation of Ubuntu as you would any Virtual Machine. Create an initial user called ‘cloud’

2. Install gcc, build essential and the Linux headers for the currently running kernel:

sudo apt-get install gcc build-essential linux-headers-$(uname –r)

3. Install VMWare Tools. Accept all defaults during the installation:

sudo mount /dev/cdrom /media/cdrom

cp /media/cdrom/VMWareTools-XXX.tar.gz ~

cd ~

tar zxf VMWareTools-XXX.tar.gz

cd vmware-tools

sudo ./

cd ..

rm –rf vmware-tools VMWareTools-XXX.tar.gz

4. Fully patch the operating system:

sudo apt-get update

sudo apt-get upgrade

sudo shutdown –r now

5. Clear the apt cache:

sudo apt-get clean

6. To prevent hardware related issues, remove the udev persistent rules as follows:

sudo rm –f /etc/udev/rules.d/70*

7. For the users’ convenience, lets update the locate database:

sudo updatedb

8. For good measure, lets create an administrative user in case we need access later:

sudo adduser admin (Enter details and document)

sudo usermod –G sudo admin

9. Lets make the initial users password expire immediately upon logging in as well:

chage –d 0 cloud

10. Clear out the temp directories:

sudo rm –rf /tmp/*

gesudo rm –rf /var/tmp/*

11. Now we will remove all SSH host keys:

rm –rf /etc/ssh/*keys*

12. Now we will clear the bash history to cover our tracks a bit:

history –c

13. Clearing out the logs is also a good idea. This can be accomplished as follows:

NOTE: Where ‘1’ is usually the first rotation. Check if additional rotations have occurred ‘2’.

sudo logrotate –f /etc/logrotate.conf

sudo cat /dev/null > /var/log/wtmp

sudo rm –rf /var/log/*.1 /var/log/*.gz

Manage Auto Start services on CentOS

Most server admins want their servers to run as lean and secure as possible. For that reason, we usually try to disable as many services that are unneeded at start-up as possible. Here I will briefly explain how you can manage auto start services on your CentOS box and disable/enable any that you may or may not want starting.

The usual stuff. Make sure you backup your system and have a complete understanding of what services you disable/enable and any potential impact this may have on your server(s).


Run this command to list the services that are currently run at start-up.

chkconfig --list|grep "3:on"|awk '{print $1}'|sort

I suggest that you output this list to a file to allow you to compare before and after, as well as have the ability to revert any changes in case they cause issues. this can be done as follows:

chkconfig --list|grep "3:on"|awk '{print $1}'|sort > before

Now that you have an idea of what is run at start-up, you can disable things, such as cups (Common Unix Printing Service).

chkconfig cups off

after disabling the services that you do now want to start on boot, you can create a second output file containing the enabled services and compare the 2.

chkconfig --list|grep "3:on"|awk '{print $1}'|sort > after

To compare before and after:

diff before after


My favorite Distros and Why

Today I thought I would take a break from all of the technical ‘how to’ articles and write something a little more near and dear to my heart – My favorite Linux Distributions and Why. Now, this can be a rather heated topic (even leading do blows among us geeks) but I am not here to persuade anyone that my choices are better than yours, or that any particular distribution is better than any other. I am simply posting my opinion and why. In this article, I have chosen to pick my top 3 distributions and list the reasons why I prefer these distributions. I hope you enjoy this article and if you are offended by my choices, feel free to voice your concerns, though they will likely fall on deaf ears :-).

As you probably already know, there are countless numbers of distributions available today, all have good points and bad and some are specialized for specific purposes. Linux as an operating system is very similar at it’s core across all distributions. All distributions have a Kernel, some sort of package management and follow (some more loosely than others) the File System Hierarchy standard. In many cases, that is where the similarities end.

Read More

Must Have Security Audit Tools

I have always had an interest in network/computer/data security and have for years played around with a number of interesting and useful tools that can be used to audit systems for vulnerabilities as well as exploit them. To that end, I have never put together a list of the security audit and penetration testing applications and tools that I find indispensable when performing these types of scans and audits – this is that list.


This article involves the use of tools and techniques that may be illegal and in most cases are frowned upon to be used in any manner other than research and/or security testing of YOUR OWN infrastructure. Mis-use of these tools or the techniques mentioned in this article can get you in REAL TROUBLE. I take no responsibility for any damage to system that you may cause by using this information or any trouble that you get into by mis-using this information. If you plan to use these tools in a consulting capacity on behalf of a customer wanting a security audit, ensure that you have a well defined scope and signed agreements that release you from liability caused by any damage/outage as a result of your testing.

Read More

Build a Secure FTP Server with CentOS and vsftpd

In this article, I am going to outline the steps that I have taken to create a secure and stable FTP server for general purpose file transfer etc. I am not using FTPS (FTP Secure) in this article though it is possible using vsftpd. I have used a number of techniques in this article to secure the server that can be found here as well as some tweaks to SELinux that I will explain.


I take no responsibility for any damage that may result from following this guide. Ensuring that you take the appropriate measures to secure your server/infrastructure is paramount. I also recommend thoroughly testing this configuration before production use.

Read More

CentOS 6.5 Bind with Chroot

This article describes my experience installing and configuring a BIND DNS server on CentOS 6.5 with bind-chroot as a proof of concept. I am not going to go into great detail (in this article) about first securing the underlying OS but please ensure that if this is going to be Internet facing that you take the time to secure the server. It is also HIGHLY recommended that you have multiple DNS servers for redundancy purposes that allow secure zone transfers between each other if you plan to use this article as a starting point for a production environment. In this article, we are going to setup a single DNS server as a POC (Proof of Concept) so I am not going to detail these (or many other) configurations beyond the very basic installation.


I take no responsibility for any damage that may result from following this guide. Ensuring that you take the appropriate measures to secure your server/infrastructure is paramount. This is also a VERY basic guide. Bind is a complicated animal and explaining all of the configuration options is outside the scope of this document.

Read More