I am working on building some new CentOs 6 servers and creating documentation for the installation of said servers. I would like to create a base CentOS 6 server install that would be light on the packages to reduce bloat by default. Additionally, I am looking for some common or industry practices in which to harden the server so that it can be used in production and online facing to the world. I am curious if there are any best practice guides, techniques, or steps that you use in performing such a task? Later, I would look at adding servers and sections to the documentation about using the server for web serving, database hosting, etc. For now, I am looking for a base server install.
The US National Security Agency (NSA) provides guides for hardening Linux and other operating systems which may be of some help. Since CentOS is so similar to RedHat, you may be intrested in:
The lightest install you can do will require Kickstart with the below option:
%packages --nobase
You will need to experiment to figure out what packages you will explicitly want to include after that. At minimum you'll probably want to include these just to get started.
%packages --nobase
openssh
openssh-server
yum
Regarding a secure/hardended install, DISA provides STIGs for Linux. It's hard to navigate, but it's out there... I hate linking, but it's too much to copy/paste here. Check this for a Kickstart with DISA STIGs. https://nazar.karan.org/cgit/bluecain/tree/ (secure-kickstart.cfg)
The bastille package helps you to harden your host step by step by asking questions and letting you make choices. It provides information about every step, so educating the user is a goal of the project, too.