On Thu, Oct 04, 2012 at 11:16:59AM +0200, Tru Huynh wrote: > I would disable ssh password login completely too. %packages @base lftp sudo screen wget nfs-utils epel-release cloud-init # disable kdump -kexec-tools ntp nano acpid openssh-clients # firmware-- # ... %end %post # sudoers ** don't forget to have sudo in the package list echo 'ec2-user ALL = NOPASSWD: ALL' >> /etc/sudoers # sshd sed -i -e 's/^#PermitRootLogin yes.*/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i -e 's/^PasswordAuthentication yes.*/PasswordAuthentication no/g' /etc/ssh/sshd_config # # ec2-users configuration useradd -G wheel ec2-user # fix network cat <<ETH0 > /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=yes IPV6INIT=no ETH0 /bin/rm -f "/etc/udev/rules.d/*persistent*" # fix selinux permissions /sbin/restorecon -rv /home /etc /boot # turn off fsck *** FIX the device *** tune2fs -c 0 -i 0 /dev/sda1 # cleanup # you will get error messages from anaconda trying to chmod the missing files # if you are reading the console output, these messages are harmless, afaik! /bin/rm -f \ /tmp/ks* \ /tmp/yum* \ /var/log/anaconda* \ /var/log/dracut.log \ /root/install* \ /root/anaconda* %end -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
Attachment:
pgphE18dlt0Yt.pgp
Description: PGP signature
_______________________________________________ CentOS-virt mailing list CentOS-virt@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos-virt
