Contents
1. SELinux Disable
First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it can limit the behavior of services and the configuration considerably.
Therefore, it is basically disabled in many cases.
To disable SELinux, a reboot is required by adding selinux=0 to the kernel command line as follows
|
1 2 |
# grubby --update-kernel ALL --args selinux=0 # reboot |
2. System Modernization
Package updates are performed as soon as possible immediately after OS installation.
However, when a dnf update is performed, a kernel update is also performed at the same time.
A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.
The kernel can be excluded from updates.
|
1 |
# dnf -y update --exclude=kernel* |
3. Services to be stopped due to security measures
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# systemctl stop atd.service # systemctl disable atd.service # systemctl stop kdump.service # systemctl disable kdump.service # systemctl stop lvm2-monitor.service # systemctl disable lvm2-monitor.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop tuned.service # systemctl disable tuned.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
4. Add Repositories
4.1 Add EPEL repository
|
1 2 |
# dnf -y install epel-release # dnf -y update --exclude=kernel* |
|
1 |
# vi /etc/yum.repos.d/epel.repo |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[epel] name=Extra Packages for Enterprise Linux $releasever - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. #baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/ metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever [epel-debuginfo] name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror |
4.2 Add Remi's RPM repository
|
1 2 |
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm # dnf -y config-manager --set-enabled remi |
|
1 |
# vi /etc/yum.repos.d/remi-safe.repo |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# This repository is safe to use with RHEL/CentOS base repository # it only provides additional packages for the PHP stack # all dependencies are in base repository or in EPEL [remi-safe] name=Safe Remi's RPM repository for Enterprise Linux 9 - $basearch #baseurl=http://rpms.remirepo.net/enterprise/9/safe/$basearch/ #mirrorlist=https://rpms.remirepo.net/enterprise/9/safe/$basearch/httpsmirror mirrorlist=http://cdn.remirepo.net/enterprise/9/safe/$basearch/mirror enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 repo_gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9 [remi-safe-debuginfo] name=Remi's RPM repository for Enterprise Linux 9 - $basearch - debuginfo baseurl=http://rpms.remirepo.net/enterprise/9/debug-remi/$basearch/ |
5. Network Settings
5.1 Check network device name
|
1 2 3 4 |
# nmcli dev s DEVICE TYPE STATE CONNECTION ens160 ethernet connected ens160 lo loopback unmanaged -- |
The network device name can be found as "ens160"
5.2 Host Name Change
Change the host name to "Alma"
|
1 2 3 4 |
# nmcli general hostname Alma # systemctl restart systemd-hostnamed # reboot [huong@Alma ~]$ |
5.3 Static IP address setting
The name of the network interface is "ens160" from 5.1
Change the static IP address to "192.168.11.11" using one of the following methods
①Rewrite /etc/sysconfig/network-scripts/ifcfg-ens160 to change
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# vi /etc/sysconfig/network-scripts/ifcfg-ens160 YPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=no IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=ens160 UUID=7c9c9cf5-6b18-411f-bb4f-67f285df54c6 DEVICE=ens160 ONBOOT=yes IPADDR=192.168.11.11 PREFIX=24 GATEWAY=192.168.11.1 DNS1=192.168.11.1 IPV6_DISABLED=yes |
|
1 |
# reboot |
|
1 2 3 |
# nmcli con mod ens160 ipv4.addresses 192.168.11.11/24 # nmcli con mod ens160 ipv4.method manual # reboot |
5. Vim Extension Installation
①Extension installation
|
1 |
# dnf -y install vim-enhanced |
|
1 2 |
# vi ~/.bashrc # Alias appended to the last line |
|
1 |
# source ~/.bashrc |
|
1 |
# vi ~/.vimrc |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
" Use vim's own extensions (not compatible with vi) set nocompatible " Specify character code set encoding=utf-8 " Specify file encoding (read from the beginning until success) set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp " Specify the line feed code to be recognized automatically set fileformats=unix,dos " Get Backup set backup " Specify the directory from which to obtain backups set backupdir=~/backup " Number of generations to keep search history set history=50 " Do not distinguish between upper and lower case letters when searching set ignorecase " Distinguish capital letters when searching set smartcase " Highlight words matching your search term set hlsearch " Use incremental search set incsearch " Display line numbers set number "Visualize line breaks ( $ ) and tabs ( ^I ) set list " Highlight corresponding parentheses when entering parentheses set showmatch " No newlines at the end of files set binary noeol " Enable automatic indentation set autoindent " Color-coded display by syntax syntax on " Change color of comment text in case of syntax on highlight Comment ctermfg=LightCyan " Wrap lines by window width set wrap |