CentOS Stream9 : Initial settings after installation

Contents

1.Disabling SELinux
2.System Modernization
3.Services to be stopped due to security measures
4.Adding Repositories
- 4.1 Add EPEL repository
- 4.2 Added Remi's RPM repository
5.Network configuration (command line configuration)
6.Vim Settings

1.Disabling SELinux

First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.
SELinux Operation Mode
Enforcing : SELinux functionality is enabled and access control is enabled
Permissive : SElinux will warn, but no access restrictions will be placed
disabled : Both SElinux function and access control are disabled

①Current SELinux status

# getenforce
Enforcing

②Switching to [permissive] mode

# setenforce 0
# getenforce
Permissive

➂To completely disable SELinux, a reboot is required by adding selinux=0 to the kernel command line as follows

# grubby --update-kernel ALL --args selinux=0
# reboot

※　To return SELinux to active, do the following (reboot after changes)

# grubby --update-kernel ALL --remove-args selinux
# reboot

2.System Modernization

Update packages as soon as possible after OS installation.

# dnf -y update

3.Services to be stopped due to security measures

# systemctl stop atd.service
# systemctl disable atd.service
# systemctl stop kdump.service
# systemctl disable kdump.service
# systemctl stop lvm2-monitor.service
# systemctl disable lvm2-monitor.service
# systemctl stop mdmonitor.service
# systemctl disable mdmonitor.service
# systemctl stop smartd.service
# systemctl disable smartd.service
# systemctl stop dm-event.socket
# systemctl disable dm-event.socket

4.Adding Repositories

4.1 Add EPEL repository

# dnf config-manager --set-enabled crb
# dnf -y install epel-release

# vi /etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
priority=10  # ←　Specify priority in the range of 1~99
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
# It is much more secure to use the metalink, but if you wish to use a local mirror

[epel]

name=Extra Packages for Enterprise Linux $releasever - $basearch

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place its address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/

metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir

enabled=1

priority=10 # ←　Specify priority in the range of 1~99

gpgcheck=1

countme=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

[epel-debuginfo]

name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug

# It is much more secure to use the metalink, but if you wish to use a local mirror

4.2 Added Remi's RPM repository

# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
# dnf -y config-manager --set-enabled remi

# vi /etc/yum.repos.d/remi-safe.repo

# This repository is safe to use with RHEL/CentOS base repository
# it only provides additional packages for the PHP stack
# all dependencies are in base repository or in EPEL

[remi-safe]
name=Safe Remi's RPM repository for Enterprise Linux 9 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/9/safe/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/9/safe/$basearch/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/9/safe/$basearch/mirror
enabled=1
priority=10   # ←　Specify priority in the range of 1~99
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9

[remi-safe-debuginfo]
name=Remi's RPM repository for Enterprise Linux 9 - $basearch - debuginfo
baseurl=http://rpms.remirepo.net/enterprise/9/debug-remi/$basearch/
enabled=0
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9

# This repository is safe to use with RHEL/CentOS base repository

# it only provides additional packages for the PHP stack

# all dependencies are in base repository or in EPEL

[remi-safe]

name=Safe Remi's RPM repository for Enterprise Linux 9 - $basearch

#baseurl=http://rpms.remirepo.net/enterprise/9/safe/$basearch/

#mirrorlist=https://rpms.remirepo.net/enterprise/9/safe/$basearch/httpsmirror

mirrorlist=http://cdn.remirepo.net/enterprise/9/safe/$basearch/mirror

enabled=1

priority=10 # ←　Specify priority in the range of 1~99

gpgcheck=1

repo_gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9

[remi-safe-debuginfo]

name=Remi's RPM repository for Enterprise Linux 9 - $basearch - debuginfo

baseurl=http://rpms.remirepo.net/enterprise/9/debug-remi/$basearch/

enabled=0

gpgcheck=1

repo_gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9

5.Network configuration (command line configuration)

5.1 Check network device name

# nmcli dev s
DEVICE  TYPE      STATE      CONNECTION
ens160  ethernet  connected  ens160
lo      loopback  unmanaged  --

Network device name is "ens160".

5.2 Host Name Change

Change the host name to Lepard

# hostnamectl set-hostname Lepard

Log in again
[huong@Lepard:~]$

5.3 Static IPv4 address configuration

The name of the network interface is "ens160" from 5.1
On CentOS8, it could be changed by rewriting the ifcfg-xxx file found in network-scripts, but on CentOS9, it can be changed with the "nmcli" command.
Change the static IPv4 address to "192.168.11.83".

①Change by "nmcli" command

# Fixed IPv4 address setting
# nmcli connection modify ens160 ipv4.addresses 192.168.11.83/24

# Gateway Configuration
# nmcli connection modify ens160 ipv4.gateway 192.168.11.1

# Referenced DNS settings
# nmcli connection modify ens160 ipv4.dns 192.168.11.1

# DNS Search Base Settings (own domain name)
# nmcli connection modify ens160 ipv4.dns-search cent.korodes.com

# Set to fixed IP address assignment
# nmcli connection modify ens160 ipv4.method manual

# Reboot interface to reflect settings
# nmcli connection down ens160; nmcli connection up ens160
Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

➁Change in GUI

# nmtui

# nmtui

Change the fixed IPv4 address to "192.168.11.83" as above.

Change the address of the IPv4 configuration

5.4 Host Name Change

Change the host name to Lepard

6.Vim Settings

①Installing Vim

# dnf -y install vim-enhanced

②Apply and reflect Vim

# vi ~/.bashrc
# Alias appended to the last line
alias vi='vim'

# source ~/.bashrc

③Configure Vim as a user-specific environment

# vi ~/.vimrc

" Use vim's own extensions (not compatible with vi)
set nocompatible
" Specify character code
set encoding=utf-8
" Specify file encoding (read from the beginning until success)
set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp
" Specify the line feed code to be recognized automatically
set fileformats=unix,dos
" Get Backup
set backup
" Specify the directory from which to obtain backups
set backupdir=~/backup
" Number of generations to keep search history
set history=50
" Do not distinguish case when searching
set ignorecase
" Mixing capital letters in search terms makes the search case sensitive
set smartcase
" Highlight words matching your search term
set hlsearch
" Use incremental search
set incsearch
" Display line numbers
set number
" Visualize line breaks ( $ ) and tabs ( ^I )
set list
" Highlight corresponding parentheses when entering parentheses
set showmatch
" No newlines at the end of files
set binary noeol
" Enable automatic indentation
set autoindent
" Color-coded display by syntax
syntax on
" Change color of comment text in case of syntax on
highlight Comment ctermfg=LightCyan
" Wrap lines by window width
set wrap

" Use vim's own extensions (not compatible with vi)

set nocompatible

" Specify character code

set encoding=utf-8

" Specify file encoding (read from the beginning until success)

set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp

" Specify the line feed code to be recognized automatically

set fileformats=unix,dos

" Get Backup

set backup

" Specify the directory from which to obtain backups

set backupdir=~/backup

" Number of generations to keep search history

set history=50

" Do not distinguish case when searching

set ignorecase

" Mixing capital letters in search terms makes the search case sensitive

set smartcase

" Highlight words matching your search term

set hlsearch

" Use incremental search

set incsearch

" Display line numbers

set number

" Visualize line breaks ( $ ) and tabs ( ^I )

set list

" Highlight corresponding parentheses when entering parentheses

set showmatch

" No newlines at the end of files

set binary noeol

" Enable automatic indentation

set autoindent

" Color-coded display by syntax

syntax on

" Change color of comment text in case of syntax on

highlight Comment ctermfg=LightCyan

" Wrap lines by window width

set wrap

Go to top