Introduction
Please see the article “Build a Linux-based Infrastructure Solution Demonstration Series” (https://blogs.czapski.id.au/2016/10/build-a-linux-based-infrastructure-solution-demonstration-series) for rationale, introduction and links to articles in this series.
In this article I am disabling the Linux firewall and SELinux-based security in the CentOS 6.8 – this is a demo image, run only sporadically, for short periods of time and typically with no connection to any network, and is typically restored to a snapshot before each execution.
Pre-Requisites
This article assumes that
- The work is done in the Virtual Box Machine Image created in accordance with the instructions in the blog article to be found at https://blogs.czapski.id.au/2016/10/configure-virtual-box-virtual-machine-and-install-centos-6-8-base-image.
- The user “demo” has sudo access without a password. If this is not the case use the command “su -” and provide the password instead of saying “sudo -i” in the set of commands below
The instructions should work in other RedHat 6-like OS’ and OS versions.
Disable SELinux Security
Since it is a demo environment disable Firewall and SELinux.
Remember that all this can be done manually but my objective is to create configuration scripts which I can execute and have the demo image configured without having to tediously manipulate various UIs.
mkdir -p /media/sf_distros/scripts cat <<-'EODECK' > /media/sf_distros/scripts/003_disable_firewall_and_selinux.sh # disable firewall and selinux sudo chkconfig iptables off sudo chkconfig ip6tables off sudo service iptables stop sudo service ip6tables stop # change SELINUX=enforcing to SELINUX=disabled sudo cp /etc/selinux/config /etc/selinux/config_orig sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config EODECK chmod ug+x /media/sf_distros/scripts/003_disable_firewall_and_selinux.sh
Execute the commands
/media/sf_distros/scripts/003_disable_firewall_and_selinux.sh
Append “disable firewall and SELinux” script execution commands to the initial bulk configuration script. This script is intended to collect all automated configuration commands and scripts so that they can be all executed in one go on a brand new image if one gets to do this the second and subsequent times.
Don’t actually execute this script while you are building the first image.
cat <<-'EODECK' >> /media/sf_distros/scripts/000_initial_bulk_configuration.sh # disable firewall and selinux /media/sf_distros/scripts/003_disable_firewall_and_selinux.sh EODECK chmod ug+x /media/sf_distros/scripts/000_initial_bulk_configuration.sh
