Contents
1. Using su command
Not required if root password is set at the time of installation
If you set a root password, set it as follows
Log in as a general user
|
1 2 3 4 5 6 7 8 9 10 11 12 |
huong@localhost:~>sudo passwd root We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for root: New password: Retype new password: passwd: password updated successfully |
|
1 2 3 |
huong@localhost:~>su – Password: <password for root user set above>. localhost:~ # |
2.Disabling SELinux
First, disable SELnux, a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. For this reason, it is often basically disabled.
SELinux operating modes
Enforcing : SELinux functionality is enabled and access control is enabled
Permissive : SElinux will warn, but no access restrictions will be placed
disabled : Both SElinux function and access control are disabled
①Current SELinux status
|
1 2 |
# getenforce Enforcing |
②Switching to [permissive] mode
|
1 2 3 |
# setenforce 0 # getenforce Permissive |
③Switch to [enforcing] mode
|
1 2 3 |
# setenforce 1 # getenforce Enforcing |
④Disable SELinux completely
Edit selinux configuration file
|
1 2 3 4 |
# vi /etc/selinux/config Line 14 : Change SELINUX=enforcing → SELINUX=disabled |
reflect
|
1 |
# reboot |
3. Modernize the system
To modernize the system, enter the following command
|
1 |
# zypper -n update && reboot |
4. locate
The find command is used to search for a specific file on the entire Linux system, but find's options are somewhat confusing.
In such cases, it is useful to have the locate command available, which can extract all files with a given filename
Install
|
1 |
# zypper -n install mlocate |
Create database
|
1 |
# updatedb |
Example of executing the locate command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# locate sshd /etc/ssh/sshd_config.d /etc/systemd/system/multi-user.target.wants/sshd.service /usr/etc/ssh/sshd_config /usr/etc/ssh/sshd_config.d /usr/etc/ssh/sshd_config.d/40-suse-crypto-policies.conf /usr/lib/pam.d/sshd /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.socket /usr/lib/systemd/system/sshd@.service /usr/lib/sysusers.d/sshd.conf /usr/lib64/ruby/gems/3.4.0/gems/ruby-augeas-0.6.0/tests/root/etc/ssh/sshd_config /usr/libexec/ssh/sshd-auth /usr/libexec/ssh/sshd-session /usr/sbin/sshd /usr/sbin/sshd-gen-keys-start /usr/sbin/sshd.hmac /usr/share/YaST2/scrconf/etc_ssh_sshd_config.scr /usr/share/augeas/lenses/dist/sshd.aug /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man8/sshd.8.gz /usr/share/vim/vim91/ftplugin/sshdconfig.vim /usr/share/vim/vim91/syntax/sshdconfig.vim /var/lib/sshd |
5. Services suspended due to security measures
Services that are considered unnecessary are stopped and kept stopped after rebooting
|
1 2 3 4 5 6 7 8 9 10 |
# systemctl stop auditd.service # systemctl disable auditd.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop tuned.service # systemctl disable tuned.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
6. Vim
Vim configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# vi ~/.vimrc " Use vim's own extensions (not compatible with vi) set nocompatible " Specify character code set encoding=utf-8 " Specify file encoding set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp " Specify the line feed code to be automatically recognized set fileformats=unix,dos " Obtain a backup "The opposite is[ set nobackup ] set backup " Specify the directory from which to obtain backups set backupdir=~/backup " Specify the directory from which to obtain backups set backupdir=~/backup " Number of generations to keep search history set history=50 " Do not distinguish between upper and lower case letters when searching set ignorecase " Mixing capital letters in search terms makes the search case sensitive set smartcase " Highlight words matching your search term "The opposite is[ set nohlsearch ] set hlsearch " Use incremental search "The opposite is [ set noincsearch ] set incsearch " Display line numbers "The opposite is [ set nonumber ] set number " Visualize line breaks ( $ ) and tabs ( ^I ) set list " Highlight corresponding parentheses when typing parentheses set showmatch " No newlines at the end of files set binary noeol "Enable automatic indentation "The opposite is [ noautoindent ] set autoindent " Color-coded display by syntax "The opposite is [ syntax off ] syntax on "Change color of comment text in case of [ syntax on ] highlight Comment ctermfg=LightCyan " Wrap lines by window width "The opposite is [ set nowrap ] set wrap |
7. Network Settings
The default is to configure the network via "Network-Manager" instead of the traditional Wicked configuration.
If configuring with YaST as before, during installation, select "Wicked" from "Network-Manager" for "Network Settings".Wicked
In this case, we will use "Network-Manager" to configure the settings.
7.1 Host name and static IP address settings
・Changed host name to Lepard
・Fixed IP address (192.168.11.83)
①First, find out the name of your network interface with the following command
This time it is "ens33"
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:81:85:fb brd ff:ff:ff:ff:ff:ff altname enp2s1 altname enx000c298185fb inet 192.168.11.26/24 brd 192.168.11.255 scope global dynamic noprefixroute ens33 valid_lft 168454sec preferred_lft 168454sec inet6 fe80::20c:29ff:fe81:85fb/64 scope link noprefixroute valid_lft forever preferred_lft forever |
➁Fixed IP address (192.168.11.83)
In most cases, the router address is "192.168.11.1" or "192.168.0.1." In this case, we will proceed with "192.168.11.1" as an example
|
1 |
# nmcli c m ens33 ipv4.address 192.168.11.83/24 ipv4.method manual ipv4.gateway 192.168.11.1 ipv4.dns 192.168.11.1 |
Reflect settings
|
1 |
# nmcli c up ens33 |
confirmation
|
1 2 3 4 |
# nmcli conn show ens33 | grep -E 'ipv4.method|ipv4.addresses' ipv4.method: manual ipv4.addresses: 192.168.11.83/24 |
➂Change hostname to Lepard
|
1 |
# nmcli general hostname Lepard |
Check it as it is reflected instantly.
|
1 2 3 |
# cat /etc/hostname Lepard |
7.2 IPv6 invalidate
|
1 2 3 4 |
# vi /etc/default/grub # Line 12: Memorization GRUB_CMDLINE_LINUX="ipv6.disable=1" |
Reflects changes
|
1 2 3 4 5 6 7 8 9 10 |
# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found theme: /boot/grub2/themes/openSUSE/theme.txt Found linux image: /boot/vmlinuz-6.4.0-150600.21-default Found initrd image: /boot/initrd-6.4.0-150600.21-default Warning: os-prober will be executed to detect other bootable partitions. Its output will be used to detect bootable binaries on them and create new boot entries. 583.946149 | DM multipath kernel driver not loaded Adding boot menu entry for UEFI Firmware Settings ... done |
|
1 |
# shutdown -r now |