CentOS7.9 : Initial Settings

Contents

1.Disable SELinux
2.System Modernization
3.Services to be stopped due to security measures
4.Adding Repositories
- 4.1 EPEL repository add
- 4.2 Remi's RPM repository add
5.Network Settings
5.Vim Configuration

1.Disable SELinux

First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.

# getenforce ←SELinux function check
Enforcing ←SELinux enable
# setenforce 0 ←SELinux function disabled
# getenforce ←SELinux function check
Permissive ←SELinux disabled

If this is not done, seinux will be enabled again when the server is restarted, so to permanently disable selinux, modify the /etc/sysconfig/selinux file.

# vi /etc/sysconfig/selinux

#This file controls the state of SELinux on the system.
#SELINUX= can take one of these three values:
#enforcing - SELinux security policy is enforced.
#permissive - SELinux prints warnings instead of enforcing.
#disabled - No SELinux policy is loaded.
SELINUX=disabled ←change
#SELINUXTYPE= can take one of three values:
#targeted - Targeted processes are protected,
#minimum - Modification of targeted policy. Only selected processes are protected.
#mls - Multi Level Security protection.
SELINUXTYPE=targeted

2.System Modernization

Package updates are performed as soon as possible immediately after OS installation.
However, when a dnf update is performed, a kernel update is also performed at the same time.
A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.
You can also exclude the kernel from updates by running yum -y update with "--exclude=kernel*" behind it.

# yum -y update --exclude=kernel*

3.Services to be stopped due to security measures

# systemctl stop atd.service
# systemctl disable atd.service
# systemctl stop kdump.service
# systemctl disable kdump.service
# systemctl stop lvm2-monitor.service
# systemctl disable lvm2-monitor.service
# systemctl stop mdmonitor.service
# systemctl disable mdmonitor.service
# systemctl stop smartd.service
# systemctl disable smartd.service
# systemctl stop tuned.service
# systemctl disable tuned.service
# systemctl stop dm-event.socket
# systemctl disable dm-event.socket

4.Adding Repositories

4.1 EPEL repository add

# yum -y install epel-release
# yum -y update

# vi /etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1    ←　Repository enabled (0 : Repository disabled)
priority=10　←　Specify priority in the range of 1~99
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

4.2 Remi's RPM repository add

# yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm

# vi /etc/yum.repos.d/remi-safe.repo

# This repository is safe to use with RHEL/CentOS base repository
# it only provides additional packages for the PHP stack
# all dependencies are in base repository or in EPEL

[remi-safe]
name=Safe Remi's RPM repository for Enterprise Linux 7 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/7/safe/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/7/safe/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/7/safe/mirror
enabled=1    ←　Repository enabled (0 : Repository disabled)
priority=10　←　Specify priority in the range of 1~99
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-safe-debuginfo]
name=Remi's RPM repository for Enterprise Linux 7 - $basearch - debuginfo
baseurl=http://rpms.remirepo.net/enterprise/7/debug-remi/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

5.Network Settings

5.1 Check network device name

DEVICE  TYPE    STATE      CONNECTION
ens33 ethernet  connected   ens33
lo    loopback  unmanaged   --

The network device name can be found as "ens33

5.2 Host Name Change

Change the host name to Alma to try it out

# nmcli general hostname Alma
# systemctl restart systemd-hostnamed
# reboot
[huong@Alma:~]$

5.3 Static IP address setting

From 5.1, the network interface is named "ens33".
Change the static IP address to "192.168.11.83" by one of the following methods
①Change "ifcfg" file

# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=69cff839-3860-4cf2-9a52-2850cb3f4a3f
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.11.83
PREFIX=24
GATEWAY=192.168.11.1
DNS1=192.168.11.1

To reflect the settings

# reboot

②Change by "nmcli" command

# nmcli con mod ens33 ipv4.addresses 192.168.11.83/24
# nmcli con mod ens33 ipv4.method manual
# reboot

5.Vim Configuration

①Install Vim

# yum -y install vim-enhanced

②Apply and reflect Vim

# vi ~/.bashrc
# Alias appended to the last line
alias vi='vim'

# source ~/.bashrc

③Configure Vim as a user-specific environment

# vi ~/.vimrc

" Use vim's own extensions (not compatible with vi)
set nocompatible
" Specify character code
set encoding=utf-8
" Specify file encoding (read from the beginning until success)
set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp
" Specify the line feed code to be automatically recognized
set fileformats=unix,dos
" Get Backup
set backup
" Specify the directory from which to obtain backups
set backupdir=~/backup
" Number of generations to keep search history
set history=50
" Do not distinguish case when searching
set ignorecase
" Mixing capital letters in search terms makes the search case sensitive
set smartcase
" Highlight words matching your search term
set hlsearch
" Use incremental search
set incsearch
" Display line numbers
set number
" Visualize line breaks ( $ ) and tabs ( ^I )
set list
"  Highlight corresponding parentheses when entering parentheses
set showmatch
" No newlines at the end of files
set binary noeol
" Enable automatic indentation
set autoindent
" Color-coded display by syntax
syntax on
" Change color of comment text in case of syntax on
highlight Comment ctermfg=LightCyan
" Wrap lines by window width
set wrap

Go to top