OracleLinux9.5
Oracle Linux provides a 100% application binary compatible alternative to Red Hat Enterprise Linux and CentOS Linux for both hybrid and multi-cloud environments.
Since 2006, Oracle Linux has been completely free to download and use. Source code, binaries and updates are provided free of charge. It is freely redistributable. Free for use in production environments.
We will proceed with the latest Oracle Linux 9.5 (released November 20, 2024).
1.Oracle Linux9.5 Download
Download the Oracle Linux 9.5 installation image (OracleLinux-R9-U5-x86_64-dvd.iso ) from the following site
2.Oracle Linux 9.5 Install
Install USB media, change BIOS settings to boot from USB media, and install.
The installation procedure is the same as for Oracle Linux 9.3, so please refer to the following page
Initial setup after installation
1.Install bash completion extension package
1 2 |
# dnf -y install bash-completion # reboot |
2. Disabling SELinux
First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.
SELinux operating modes
Enforcing : SELinux functionality is enabled and access control is enabled
Permissive :SElinux will warn, but no access restrictions will be placed
disabled : Both SElinux function and access control are disabled
①Current SELinux status
1 2 |
# getenforce Enforcing |
②Switching to [permissive] mode
1 2 3 |
# setenforce 0 # getenforce Permissive |
③Switch to [enforcing] mode
1 2 3 |
# setenforce 1 # getenforce Enforcing |
④To completely disable SELinux, a reboot is required by adding selinux=0 to the kernel command line as follows。
1 2 |
# grubby --update-kernel ALL --args selinux=0 # reboot |
※To return SELinux to active, do the following (reboot after changes)
1 2 |
# grubby --update-kernel ALL --remove-args selinux # reboot |
3.System Modernization
Update packages as soon as possible after OS installation.
1 |
# dnf -y update |
4. Services to be stopped due to security measures
Stop the following services that you deem unnecessary.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# systemctl stop atd.service # systemctl disable atd.service # systemctl stop kdump.service # systemctl disable kdump.service # systemctl stop lvm2-monitor.service # systemctl disable lvm2-monitor.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop tuned.service # systemctl disable tuned.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
5. Adding Repositories
5.1 Added EPEL repository and epel-next repository
1 |
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# vi /etc/yum.repos.d/epel.repo [epel] name=Extra Packages for Enterprise Linux $releasever - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. #baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-debuginfo] name=Extra Packages for Enterprise Linux $releas |
1 |
# dnf install https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm -y |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# vi /etc/yum.repos.d/epel-next.repo [epel-next] name=Extra Packages for Enterprise Linux $releasever - Next - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. #baseurl=https://download.example/pub/epel/next/$releasever/Everything/$basearch/ metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-$releasever&arch=$basearch&infra=$infra&content=$contentdir enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever [epel-next-debuginfo] name=Extra Packages for Enterprise Linux $releasever - Next - $basearch - Debug |
5.2 Remi's RPM repository を追加
1 |
# dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# vi /etc/yum.repos.d/remi-safe.repo # This repository is safe to use with RHEL/CentOS base repository # it only provides additional packages for the PHP stack # all dependencies are in base repository or in EPEL [remi-safe] name=Safe Remi's RPM repository for Enterprise Linux 9 - $basearch #baseurl=http://rpms.remirepo.net/enterprise/9/safe/$basearch/ #mirrorlist=https://rpms.remirepo.net/enterprise/9/safe/$basearch/httpsmirror mirrorlist=http://cdn.remirepo.net/enterprise/9/safe/$basearch/mirror enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 repo_gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9 [remi-safe-debuginfo] name=Remi's RPM repository for Enterprise Linux 9 - $basearch - debuginfo baseurl=http://rpms.remirepo.net/enterprise/9/debug-remi/$basearch/ enabled=0 gpgcheck=1 repo_gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9 |
6. Network configuration (command line configuration method)
6.1 Host Name Change
Change the host name to Lepard to try it out
1 2 3 |
# hostnamectl set-hostname Lepard # reboot [huong@Lepard:~]$ |
6.2 Static IP address setting
If the default setting is to obtain an IP address via DHCP during OS installation, change the network settings to a fixed IP address if necessary.
First, find out the name of your network interface with the following command
In this case, it is “ens160”.
1 2 3 4 |
# nmcli dev s DEVICE TYPE STATE CONNECTION ens160 ethernet connected ens160 lo loopback connected (externally) lo |
In Oraclelinux8, this could be changed by rewriting the ifcfg-xxx file that was in network-scripts, but in Oraclelinux9, the ifcfg format is deprecated and by default, NetworkManager creates new profiles in this format and no longer exists.
Change it with the “nmcli” command.
Change the static IPv4 address to “192.168.11.83”.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# Fixed IPv4 address setting # nmcli connection modify ens160 ipv4.addresses 192.168.11.83/24 # Gateway Configuration # nmcli connection modify ens160 ipv4.gateway 192.168.11.1 # Referenced DNS settings # nmcli connection modify ens160 ipv4.dns 192.168.11.1 # DNS search base settings (own domain name) # nmcli connection modify ens160 ipv4.dns-search [domain] # Set to fixed IP address assignment # nmcli connection modify ens160 ipv4.method manual # Reboot interface to reflect settings # nmcli connection down ens160; nmcli connection up ens160 Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) |
7. Network configuration (how to configure via GUI)
1 |
# nmtui |
7.1 Static IP address setting
Change the address of the IPv4 configuration
Use the TAB key to move to the bottom and click OK.
7.2 Host Name Change
Change the host name to Lepard to try it out
8.Vim Settings
①Installing Vim Extensions
1 |
# dnf -y install vim-enhanced |
②Apply and reflect Vim
1 2 3 4 |
# vi ~/.bashrc # Alias appended to the last line alias vi='vim' |
1 |
# source ~/.bashrc |
③Configure Vim as a user-specific environment
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# vi ~/.vimrc " Use vim's own extensions (not compatible with vi) set nocompatible " Specify character code set encoding=utf-8 " Specify file encoding (read from the beginning until success) set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp " Specify the line feed code to be recognized automatically set fileformats=unix,dos " Get Backup set backup " Specify the directory from which to obtain backups set backupdir=~/backup " Number of generations to keep search history set history=50 " Do not distinguish between upper and lower case letters when searching set ignorecase " Mixing capital letters in search terms makes the search case sensitive set smartcase " Highlight words matching your search term set hlsearch " Use incremental search set incsearch " Display line numbers set number " Visualize line breaks ( $ ) and tabs ( ^I ) set list " Highlight corresponding parentheses when entering parentheses set showmatch " No newlines at the end of files set binary noeol " Enable automatic indentation set autoindent " Color-coded display by syntax syntax on " Change color of comment text in case of syntax on highlight Comment ctermfg=LightCyan " Wrap lines by window width set wrap |