Installing CentOS 8

Please note: This instruction was created for my personal use. Feel free to follow it, but I am not responsible for any problems or data loss!

Download the boot install CD, which can be found at: http://ftp.tudelft.nl/centos.org/8/isos/x86_64/CentOS-8-x86_64-1905-boot.iso. Check the SHA256 sum by running sha256sum on CentOS-8-x86_64-1905-boot.iso and compare the result to the SHA256 sums at: http://ftp.tudelft.nl/centos.org/8/isos/x86_64/CHECKSUM.

Boot from the install CD. Make sure you have at least 1024MB of memory available, or you will not be able to create a custom harddisk layout.

Select Install CentOS Linux 8.0.1905 at the CD boot screen. Set the installation language to English; Keyboard: English (United States).

• Under SYSTEM:
  • Click Installation Destination
  • Make sure only 1 disk is selected
  • Set Storage Configuration to: Custom
  • Enable Encrypt my data, if desired
  • Click Done
  • Use the following partitioning scheme: Standard Partition
  • Click on: Click here to create them automatically
  • Change all non-swap partitions to use Ext4 instead of XFS
  • Click Done
  • Click Accept Changes (note: this will destroy all data on this disk)
  • Disable KDUMP
  • Click Network & Host Name
  • Fill in the desired host name
  • Configure each network interface (Enable automatically connect to this network, set Link Negotioation to Automatic, set IPv6 method to: Ignore, when not using IPv6)
  • Click Done
• Under LOCALIZATION:
  • Leave keyboard set to English (US)
  • Leave Language Support set to: English (United States)
  • Click Time & Date
  • Select the correct Region and City
  • Make sure Network Time is enabled (Change the settings, when needed)
  • Click Done
• Under SOFTWARE:
  • Click the Installation Source setting, select http:// and set the URL to: http://ftp.tudelft.nl/centos.org/8/BaseOS/x86_64/os/
  • Go to Software Selection and select Minimal Install
• Click on Begin Installation
• Set the Root password
• Create a user for yourself and enable: Make this user administrator
• Wait for the installation to finish
• Reboot the system

• Add the EPEL repository by running: dnf install epel-release
• Install the following packages:

dnf install -y sysstat iotop strace tcpdump lsof man man-pages mlocate wget perl iptraf-ng bind-utils net-tools psmisc vim-enhanced rsync chrony atop

• Add the noatime option to all ext3/ext4/XFS/etc filesystem options in /etc/fstab
• Edit /etc/default/grub and remove the rhgb and quiet options from GRUB_CMDLINE_LINUX. Replace these options with: nomodeset vga=normal consoleblank=0 (add elevator=deadline when running on an SSD or in a VM)
• Create a new grub2 config file using: grub2-mkconfig > /boot/grub2/grub.cfg
• Update the system: dnf upgrade
• Make sure root cannot log in via ssh by changing /etc/ssh/sshd_config:
  • PermitRootLogin prohibit-password
  • This will disable logging in as root, via ssh, but it is still possible to log in as root using SSH public key authentication.
• Optional: Set SELinux to permissive mode by setting SELINUX=permissive in /etc/sysconfig/selinux (run setenforce 0 to do this right away)
• Disable the firewall (only when in a secure network!), by running: systemctl disable --now firewalld
• Enable irqbalance: systemctl enable --now irqbalance.service (probably already enabled and only useful system with more than 1 CPU core)
• Edit /etc/chrony.conf and add an NTP server pool:

pool nl.pool.ntp.org iburst

• Or specify a number of NTP servers:

server 0.nl.pool.ntp.org iburst
server 1.nl.pool.ntp.org iburst
server 2.nl.pool.ntp.org iburst
server 3.nl.pool.ntp.org iburst

• Enable the chronyd service: systemctl enable --now chronyd

• Reboot the system to activate all changes

-- Ivo van Geel - 07 Jan 2020