A minimal and secure CentOS 5.5 64 bits virtual appliance

6 juin 2010 — Étienne Pouliot

This virtual appliance is ideal of you want to deploy a CentOS server.  It’s only about 600MB compressed as I only included the defaults packages in a CentOS minimal installation.  I also did some basic best practice configuration to make it more secure .  Of course I could have hardened it a lot more, but I wanted to keep it easy to deploy an use.

It’s an ovf file, so you can use it with pretty much any hypervisor, including VMware, Virtual Box, Xenserver and Hyper-V.

To login, use the following credentials :

user : root

password : secure

To download my CentOS 5.5 x64 virtual appliance, use one of the followings links :

CentOS 5.5 64 bits withouts VMware Tools

CentOs 5.5 64 bits with VMware tools

Here are the details of the configuration :

  • Installed only the defaults packages
  • Modified the default partionnning :
    • lv_root / 8GB
    • lv_tmp 1.5 GB /tmp
    • lv_log 1.5 GB /var/log
    • lv_swap 1GB swap
  • Updated the packages (may 19 2010)
  • To increase performance, added divider=10 to the boot parameters
  • Disabled the useless services (note that you will need to enable some of the services if for example you want to run an NFS server) :
  • cups
  • bluetooth
  • sendmail
  • 0213456 nfslock
  • anacron
  • isdn
  • haldaemon
  • messagebus
  • gpm
  • netfs
  • mdmonitor
  • 0126 acpid
  • anacron
  • pcscd
  • hidd
  • portmap
  • rpcidmapd
  • rpcgssd
  • autofs
  • avahi-daemon
  • firstboot
  • cpuspeed
  • smartd
  • yum-updatesd
  • avahi-daemon
  • avahi-dnsconfd
  • conman
  • mdmonitor
  • Disabled ctrl-alt-del reboot in /etc/inittab
  • Added noexec,nodev,nosuid to the mount option of /tmp
  • Modified PS1 so that your prompt will appear in red when you are logged as root
  • Removed port 50,51 and 631 from the default open ports in iptables, leaving only port 22  and ping request open.
  • Share/Bookmark
Posted in Linux, VMware. 17 Comments »

17 Responses to “A minimal and secure CentOS 5.5 64 bits virtual appliance”

  1. Étienne Pouliot Says:
    9 juin 2010 at 18 h 26 min

    Any comments on what to improve in this virtual appliance would be welcome!

  2. Alain Says:
    14 juin 2010 at 8 h 54 min

    Thank you for this virtual machine archive.
    I would appreciate if it were executable with VMware Player (*.wmx configuration file).

  3. Étienne Pouliot Says:
    14 juin 2010 at 21 h 19 min

    Good idea. I will add it this week when I get time.

  4. Alain Says:
    16 juin 2010 at 3 h 32 min

    This is the report of my test.
    My host is Windows XP Pro SP3 4GB 32bits with T9300 64 bit VT enabled processor. I validated the bios setup for hardware virtualization.
    Both VMware-player-3.0.1-227600 and latest VirtualBox fail to run it.
    Its boots with VMware Workstation 7.1 (hardware compatibility version 6.5.7) configuring a new guest with 512MB RAM, NAT, and using the virtual disk to the guest. The boot process asks to override the readonly restriction when it checks the filesystem. Boot stalls a few minutes starting system logger and then continues to login. Network went not up; it seems not having recognized the network virtual device, complaining that the eth0 device MAC address differs than the one expected. Guest operating system deamon went not up.
    Keyboard is querty. I will look for the centos command to customize it.

  5. Étienne Pouliot Says:
    16 juin 2010 at 6 h 54 min

    It defenetively works with VirtualBox and VMware Player, I tested it before posting this.

    Did you import it in VirtualBox or you just tryed to run it ? If you just tryed to run it, good are the chance that it won’t work.

    Yes the keyboard is querty, this is intended.

  6. birger Says:
    16 juin 2010 at 8 h 15 min

    depositfiles really sucks. I started downloading this file, but > 3 hours for a file this small? And I have to pay a hefty fee to get it in 9 minutes? I think 9 minutes is still slow, so there is no way I will spend my money there… Sorry. I’ll rather build the image myself. It will be faster than downloading the file!

  7. Étienne Pouliot Says:
    16 juin 2010 at 13 h 38 min

    Instead of complaining, do you have any recommendation on where to host it ?

  8. Ziv Says:
    17 juin 2010 at 2 h 33 min

    Thanks for the VM.

    You think I can use it for Cassandra testing using the current hardening state?

  9. birger Says:
    17 juin 2010 at 3 h 14 min

    I have never looked at file hosting services as such, as I have my private web site on a hosting service that has enough capacity for me. :-)

    Do you have the time and interest to set up a project around this? Minimal CentOS VM? I guess you could then use SourceForge or something similar to host everything. You could even get collaborators to help maintain it.

    My thought is a minimal VM with a few changes from yours.
    - It should have US keyboard by default, but perhaps a firstboot-style script that asks for keyboard type.
    - Somehow detect (or ask) what kind of VM environment it is running on, and offer to install client tools automagically instead of having VMware tools by default.
    - set up ntp. This is recommended by vmware. I would even comment out the hardware clock as fallback for ntp.

    Make it as standard as possible so people know they get a quite default CentOS, and have it listed at centos.org and vmware.com. :-)

  10. Étienne Pouliot Says:
    17 juin 2010 at 13 h 13 min

    @Ziv I dont’t really know what Cassandra is, so I can’t give an answer to that question.

    @birger I tought about hosting the file myself, but the bandwitdh is expansive and I can’t really afford that.

    I’ll see if I can host it sourceforge or something else.

    I prefer not to add any script in this VA, I want it to have only stuff that come from CentOS.

    As for NTP, I’ill configure it in a future future.

    Thank you!

  11. Feliciano Maduro Says:
    30 juin 2010 at 12 h 41 min

    password secure is not really working here. ESXi

  12. Étienne Pouliot Says:
    30 juin 2010 at 12 h 46 min

    It’s working. Rembember, the keyboard is qwerty.

  13. Feliciano Maduro Says:
    30 juin 2010 at 13 h 41 min

    yes, you’re right. thanks! very good appliance, working good on my ESXi. i will perform some benchmark tests and post the results here later.

  14. Nick Says:
    26 juillet 2010 at 23 h 15 min

    Ill consider hosting the file for you.
    how many downloads a day / month do you get now?

  15. Étienne Pouliot Says:
    2 août 2010 at 20 h 24 min

    Hello Nick,

    I don’t have any specific stats regarding the numbers of downloads. I would not think it’s that much.

    According to my Google Analytics I got 1800 visits in july on this web page.

    Let’s say that 10% people actually download it, so that would means around 180dl/month or 6dl/day.

    Sorry if it took me so long to answer, I was away.

  16. William Says:
    3 août 2010 at 19 h 47 min

    before shutting down the appliance have you tried clearing the unused disk space?
    I.e. dd if=/dev/zero of=delete.me;rm delete.me
    (If you are using a growable virtual disk then limit the block size and
    count so you don’t fully expand: bs=4096 count=10000)

    I suggest that you try using p7zip and see what affect that has (I’m comparing a distro now and it seems to have helped a lot).

    AFAIK you can’t run a 64 bit virtual machine on 32 bit Windows so Alian is out of luck (you might highlight that point).

  17. Étienne Pouliot Says:
    3 août 2010 at 19 h 58 min

    Hello William, thank you for your comment.

    No I didn’t clear anything, It’s not needed since I did not not to delete any file in the appliance.

    Will try with 7zip but I don’t expect it to make much of a difference.

    You can run a 64 bits virtual machine on a 32 bits hosts with Virtual Box. htp://www.virtualbox.org/manual/ch03.html#intro-64bitguests


Leave a Reply

«

»