1. Rocky Linux9.8
The Rocky Release Engineering team announced the latest version of Rocky Linux 9.0 on July 14, 2022.
Rocky Linux is a Linux distribution compatible with Red Hat Enterprise Linux; Rocky Linux 9 is a compatible release with RHEL 9 released in May and will be supported until the end of May 2032.
This time we will install Rocky Linux 9.8, released May 27, 2026.
1.1 Rocky Linux 9.8 Download
To download the Rocky Linux 9.8 installation image, go to the following site
Download "Rocky-9.8-x86_64-dvd.iso"
https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.8-x86_64-dvd.iso
1.2 Rocky Linux 9.8 Install
Install USB media Change BIOS settings to boot from USB media.
The installation procedure is the same as for Rocky Linux 9.3, so we omit it. Please refer to the following page.
2. Disabling SELinux
First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.
SELinux operating modes
Enforcing : SELinux functionality is enabled and access control is enabled
Permissive : SElinux will warn, but no access restrictions will be placed
disabled : Both SElinux function and access control are disabled
①Current SELinux status
# getenforce
Enforcing
②Switching to [permissive] mode
# setenforce 0
# getenforce
Permissive
③Switching to [enforcing] mode
# setenforce 1
# getenforce
Enforcing
④To completely disable SELinux,
You must add selinux=0 to the kernel command line as shown below and then reboot.
# grubby --update-kernel ALL --args selinux=0
# reboot
※ To return SELinux to active, do the following (reboot after changes)
# grubby --update-kernel ALL --remove-args selinux
# reboot
3. System Modernization
Update packages as soon as possible after OS installation.。
# dnf -y update
A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.
The kernel can be excluded from updates by running dnf -y update with "--exclude=kernel*" after it.
# dnf -y update --exclude=kernel*
4. Services to be stopped due to security measures
# systemctl stop atd.service
# systemctl disable atd.service
# systemctl stop kdump.service
# systemctl disable kdump.service
# systemctl stop lvm2-monitor.service
# systemctl disable lvm2-monitor.service
# systemctl stop mdmonitor.service
# systemctl disable mdmonitor.service
# systemctl stop smartd.service
# systemctl disable smartd.service
# systemctl stop dm-event.socket
# systemctl disable dm-event.socket
5. Adding Repositories
① Add EPEL repository
# dnf config-manager --set-enabled crb
# dnf -y install epel-release
# vi /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 9 - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
# baseurl=https://download.example/pub/epel/9/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
priority=10 ←Additional
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 9 - $basearch - Debug
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
# baseurl=https://download.example/pub/epel/9/Everything/$basearch/debug/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-9&arch=$basearch&infra=$infra&content=$contentdir
➁ Added Remi's RPM repository
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
# dnf -y config-manager --set-enabled remi
# vi /etc/yum.repos.d/remi-safe.repo
# This repository is safe to use with RHEL/CentOS base repository
# it only provides additional packages for the PHP stack
# all dependencies are in base repository or in EPEL
[remi-safe]
name=Safe Remi's RPM repository for Enterprise Linux $releasever_major - $basearch
# baseurl=http://rpms.remirepo.net/enterprise/$releasever_major/safe/$basearch/
# mirrorlist=https://rpms.remirepo.net/enterprise/$releasever_major/safe/$basearch/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/$releasever_major/safe/$basearch/mirror
enabled=1
priority=10 ←Additional
gpgcheck=1
# can be enabled if not behind a proxy because of possible cache issue
repo_gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el$releasever_major
[remi-safe-debuginfo]
name=Remi's RPM repository for Enterprise Linux $releasever_major - $basearch - debuginfo
baseurl=http://rpms.remirepo.net/enterprise/$releasever_major/debug-remi/$basearch/
enabled=0
gpgcheck=1
repo_gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el$releasever_major
6. Network Settings(Set on command line)
① Check network device name
# nmcli dev s
DEVICE TYPE STATE CONNECTION
ens160 ethernet connected ens160
lo loopback connected (externally) lo
The network device name can be found as "ens160"
➁ Host Name Change
Change the host name to Lepard to try it out
# hostnamectl set-hostname Lepard
Log in again
[huong@Lepard:~]$
➂ Static IPv4 address configuration
The name of the network interface is "ens160" from ①
In Rockylinux8.x, this could be changed by rewriting the ifcfg-xxx file found in network-scripts, but in Rockylinux9.x
directory is empty and this method cannot be used, so use the "nmcli" command to change it.
Change the static IPv4 address to "192.168.11.83".
Change by "nmcli" command
Change by "nmcli" command
Fixed IPv4 address setting
# nmcli connection modify ens160 ipv4.addresses 192.168.11.83/24
Gateway Configuration
# nmcli connection modify ens160 ipv4.gateway 192.168.11.1
Referenced DNS settings
# nmcli connection modify ens160 ipv4.dns 192.168.11.1
DNS search base settings (own domain name)
# nmcli connection modify ens160 ipv4.dns-search [Domain]
Set to fixed IP address assignment
# nmcli connection modify ens160 ipv4.method manual
Reboot interface to reflect settings
# nmcli connection down ens160; nmcli connection up ens160
7. Network Settings(Set by GUI)
① Static IP address setting
If the default setting is to obtain an IP address via DHCP during OS installation, change the network settings to a fixed IP address if necessary.
In this case, the network interface is named “ens160”.
Change the fixed IPv4 address to “192.168.11.83
Execute the following command
# nmtui
Click <OK>
Click <Edit…>
Enter the following items and Click <OK>
➁ Host Name Change
Change the hostname to Lepard
Return to the first screen of [NetworkManager TUI], select [Set system hostname], and click <OK>
Enter [Hostname] and click <OK>
8. Vim Configuration
①Vim Install
# dnf -y install vim-enhanced
②Apply and reflect Vim
# vi ~/.bashrc
Add alias to the last line
alias vi='vim'
# source ~/.bashrc
③Configure Vim as a user-specific environment
# vi ~/.vimrc
"Use Vim's proprietary extensions (not compatible with vi)
set nocompatible
" Specify character encoding
set encoding=utf-8
" Specify file encoding (read sequentially from the beginning until successful)
set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp
" Specify the line break code for automatic recognition
set fileformats=unix,dos
" Take a backup
set backup
" Specify the directory to back up
set backupdir=~/backup
" Number of generations to retain search history
set history=50
" Searches are case-insensitive
set ignorecase
" If you include uppercase letters in your search terms, the search will distinguish between uppercase and lowercase letters.
set smartcase
" Highlight words matching the search term
set hlsearch
" Use incremental search
set incsearch
" Show line numbers
set number
" Visualize line breaks ($) and tabs (^I)
set list
" Highlight the corresponding bracket when entering a bracket
set showmatch
" Do not add a line break at the end of the file.
set binary noeol
" Enable auto-indentation
set autoindent
" Syntax highlighting
syntax on
" Change the color of comment statements when syntax is enabled
highlight Comment ctermfg=LightCyan
" Wrap lines to fit the window width
set wrap