Contents
1. Disabling SELinux
First, disable SELinux. SELinux is a feature that enhances Linux auditing and security, but when enabled, it imposes significant restrictions on service operation and configuration. For this reason, it is commonly disabled in practice. If you're building a server while following a website and it doesn't function as expected, SELinux being enabled is often the cause. Therefore, be sure to disable it after installation.
|
1 |
# grubby --update-kernel ALL --args selinux=0 |
System Restart
|
1 |
# reboot |
Post-Change Confirmation
|
1 2 |
# getenforce Disabled |
2. Services suspended for system updates and security measures
2.1 System Upgrade
|
1 2 3 |
# dnf -y upgrade # cat /etc/fedora-release Fedora release 43 (Forty Three) |
2.2 Services suspended for security reasons
|
1 2 3 4 5 6 7 8 9 10 |
# systemctl stop atd.service # systemctl disable atd.service # systemctl stop lvm2-monitor.service # systemctl disable lvm2-monitor.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
3.Network Settings
3.1 Set the hostname
When setting the hostname to "Lepard"
|
1 |
# hostnamectl set-hostname Lepard |
After logging in again following the change, the modified hostname will be reflected in the prompt.
|
1 2 |
# cat /etc/hostname Lepard |
3.2 Change the network settings to a static IP address
(The name of the network interface [ens160] may vary depending on your environment; replace it with the name for your specific setup.)
Network Device Verification
|
1 2 3 4 |
# nmcli device DEVICE TYPE STATE CONNECTION ens160 ethernet connected ens160 lo loopback connected (externally) lo |
Change the IP address of the network interface named [ens160] to "192.168.11.83".
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
* Static IPv4 Address Configuration # nmcli connection modify ens160 ipv4.addresses 192.168.11.83/24 * Gateway Settings # nmcli connection modify ens160 ipv4.gateway 192.168.11.1 * DNS settings to reference # nmcli connection modify ens160 ipv4.dns 192.168.11.1 * DNS Search Base Settings (Your Domain Name) # nmcli connection modify ens160 ipv4.dns-search <Custom domain name> * Set to static IP address assignment # nmcli connection modify ens160 ipv4.method manual * Restart the interface to apply the settings. # nmcli connection down ens160; nmcli connection up ens160 |
Configuration Verification
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# nmcli device show ens160 GENERAL.DEVICE: ens160 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:4D:66:86 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens160 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.11.83/24 IP4.GATEWAY: 192.168.11.1 IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.11.1, mt = 100 IP4.ROUTE[2]: dst = 192.168.11.0/24, nh = 0.0.0.0, mt = 100 IP4.DNS[1]: 192.168.11.1 IP4.SEARCHES[1]: korodes.com IP6.ADDRESS[1]: fe80::20c:29ff:fe4d:6686/64 IP6.GATEWAY: fe80::22b:f5ff:feea:6670 IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024 IP6.ROUTE[2]: dst = ::/0, nh = fe80::22b:f5ff:feea:6670, mt = 100 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:0b:32:47 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.11.83/24 brd 192.168.11.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0b:3247/64 scope link noprefixroute valid_lft forever preferred_lft forever |
3.3 Disable IPv6 if not required.
|
1 2 |
# grubby --update-kernel ALL --args ipv6.disable=1 # reboot |
4.Implement an NTP server and configure the time synchronization service
4.1 Install Chrony
|
1 |
# dnf -y install chrony |
4.2 Editing the configuration file
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/chrony.conf # Line 8: Change the NTP server for time synchronization # pool 2.fedora.pool.ntp.org iburst pool ntp.nict.jp iburst # Around line 32: Add the network accepting time synchronization requests from NTP clients # Specify your own local network, etc. allow 192.168.11.0/24 |
4.3 Restart chrony and keep chrony enabled after restart.
|
1 2 |
# systemctl enable chronyd.service # systemctl restart chronyd.service |
4.4 If Firewalld is enabled, you must allow the NTP service.
Note that NTP uses [123/UDP].
We will cover Firewalld in detail in the next section, so here we will only open the NTP port using the following command.
|
1 2 3 4 |
# firewall-cmd --add-service=ntp --permanent success # firewall-cmd --reload success |
4.5 Verifying chronyd Operation
|
1 2 3 4 5 6 7 8 |
# chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ ntp-k1.nict.jp 1 6 17 31 -484us[-1289us] +/- 4325us ^+ ntp-b2.nict.go.jp 1 6 17 31 -871us[-1676us] +/- 8110us ^- ntp-a3.nict.go.jp 1 6 17 31 -292us[ -292us] +/- 6701us ^* ntp-a2.nict.go.jp 1 6 17 31 +815us[+9696ns] +/- 5709us |
If a checkmark(*) appears, synchronization is complete.
5.Set the server's time zone
Set the time zone to Japan (Tokyo)
|
1 |
# timedatectl set-timezone Asia/Tokyo |
Configuration Verification
|
1 2 3 4 5 6 7 8 |
# timedatectl Local time: Wed 2025-04-16 12:44:10 JST Universal time: Wed 2025-04-16 03:44:10 UTC RTC time: Wed 2025-04-16 03:44:11 Time zone: Asia/Tokyo (JST, +0900) System clock synchronized: yes NTP service: active RTC in local TZ: no |
6.Vim Configuration
①Installing Vim
|
1 |
# dnf -y install vim-enhanced |
②Application and Reflection of Vim
|
1 2 3 4 5 |
# vi ~/.bashrc # Add alias to the last line alias vi='vim' # source ~/.bashrc |
③Vim configuration as a user-specific environment
|
1 |
# vi ~/.vimrc |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
" Use vim's own extensions (not compatible with vi) set nocompatible " Use vim's own extensions (not compatible with vi) set encoding=utf-8 " Specify file encoding set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp " Specify the line feed code to be automatically recognized set fileformats=unix,dos " Obtain a backup set backup " Specify the directory from which to obtain backups set backupdir=~/backup " Number of generations to keep search history set history=50 " Do not distinguish between upper and lower case letters when searching set ignorecase "Mixing capital letters in search terms makes the search case sensitive set smartcase " Highlight words matching your search term set hlsearch " Use incremental search set incsearch " Display line numbers set number " Visualize line breaks ( $ ) and tabs ( ^I ) set list " Highlight corresponding parentheses when entering parentheses set showmatch "No newlines at the end of files set binary noeol " Enable automatic indentation set autoindent " Color-coded display by syntax syntax on "change color of comment text in case of [ syntax on] highlight Comment ctermfg=LightCyan "Wrap lines by window width set wrap |
