Contents
1. Disable SELinux
First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases. If you build a server while browsing a website and it does not work as expected, it may be due to the fact that selinux is enabled. Therefore, do not forget to disable it after installation.
You can disable it by doing the following
|
1 |
# setenforce 0 |
If this is not done, seinux will be enabled again when the server is restarted, so to permanently disable selinux, modify the /etc/sysconfig/selinux file.
|
1 2 |
# vi /etc/sysconfig/selinux 「SELINUX=enforcing」を「SELINUX=disabled」に変更する |
2. Services stopped for system modernization and security measures
2.1 system modernization
|
1 |
# dnf -y update |
2.2 Services suspended due to security measures
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# systemctl stop atd.service # systemctl disable atd.service # systemctl stop auditd.service # systemctl disable auditd.service # systemctl stop kdump.service # systemctl disable kdump.service # systemctl stop lvm2-monitor.service # systemctl disable lvm2-monitor.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop tuned.service # systemctl disable tuned.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
3. Adding Repositories
3.1 PowerTools / HighAvailability
This repository is newly available in MIRACLE LINUX 8.4.
How to use
PowerTools and HighAvailability can be used by updating the miraclelinux-repos and activating the repository.
First, update miraclelinux-repos to 8.4-3.el8 or later. After the update, the following repository files will be added to /etc/yum.repos.d.
miraclelinux-powertools.repo
miraclelinux-highavailability.repo
|
1 |
# dnf update miraclelinux-repos |
①PowerTools can be used by activating the repository as follows
|
1 2 |
# dnf config-manager --set-enabled 8-latest-PowerTools # dnf module enable javapackages-tools:201801 |
※ When installing istack-commons provided by PowerTools, the javapackages-tools module must be manually activated beforehand.
Since istack-commons is also required to install the "MIRACLE LINUX PowerTools" group, the javapackages-tools module is also activated after the PowerTools repository is activated.
② HighAvailability is available by activating the repository as follows
|
1 |
# dnf config-manager --set-enabled 8-latest-HighAvailability |
3.2 Add EPEL repository
EPEL provides a package for adding repositories for RHEL 8, so even with MIRACLE LINUX 8.8, you only need to install the package to use it.
|
1 |
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm |
After installation, the following repository files will be added to /etc/yum.repos.d and made available.
epel.repo
epel-modular.repo
epel-testing-modular.repo
epel-testing.repo
3.3 Added Remi's RPM repository
This repository is unique in that it provides multiple versions of PHP packages, including the most recent. As an example, the following packages are provided
php5.6 php7.0 php7.1 php7.2 php7.3 php7.4 php8.0 php8.1 php8.2 php8.3
Remi provides a package for adding repositories for RHEL 8, so even if you are using MIRACLE LINUX 8.8, you only need to install the package to use Remi.
|
1 |
# dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm |
After installation, the following repository files will be added to /etc/yum.repos.d and made available.
remi.repo
remi-modular.repo
remi-safe.repo
4.Network Settings
4.1 Check network device name
|
1 2 3 4 |
# nmcli dev s ens160 ethernet connected ens160 lo loopback unmanaged -- |
The network device name can be found as "ens160"
4.2 Host Name Change
Change the host name to Lepard to try it out
|
1 2 3 4 |
# hostnamectl set-hostname Lepard Log in again [huong@Lepard:~]$ |
4.3 Static IPv4 address setting
Since 4.1, the name of the network interface is "ens160".
Change it with the "nmcli" command.
Change the static IPv4 address to "192.168.11.83".
Change with "nmcli" command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# Fixed IPv4 address setting # nmcli connection modify ens160 ipv4.addresses 192.168.11.83/24 # Gateway Settings # nmcli connection modify ens160 ipv4.gateway 192.168.11.1 # Referenced DNS settings # nmcli connection modify ens160 ipv4.dns 192.168.11.1 # DNS search base settings (own domain name) # nmcli connection modify ens160 ipv4.dns-search miracle.korodes.com # Set to fixed IP address assignment # nmcli connection modify ens160 ipv4.method manual # Reboot interface to reflect settings # nmcli connection down ens160; nmcli connection up ens160 Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) |
4.4 IPv6 Disable
Sets the ipv6.method parameter of the connection to disabled
|
1 |
# nmcli connection modify ens160 ipv6.method "disabled" |
Reboot network connection
|
1 |
# nmcli connection up ens160 |
View and verify device IP settings
|
1 2 3 4 5 6 7 |
# ip address show ens160 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:05:a7:c2 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.11.83/24 brd 192.168.11.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever |
If you do not see the inet6 entry, IPv6 is disabled on the device
Check that the /proc/sys/net/ipv6/conf/ens160/disable_ipv6 file contains the value 1
|
1 2 |
# cat /proc/sys/net/ipv6/conf/ens160/disable_ipv6 1 |
4. Vim Settings
①Vim Install
|
1 |
# dnf -y install vim-enhanced |
|
1 2 3 |
# vi ~/.bashrc # Alias appended to the last line alias vi='vim' |
Reflects changes
|
1 |
# source ~/.bashrc |
②Configure Vim as a user-specific environment
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# vi ~/.vimrc " Use vim's own extensions (not compatible with vi) set nocompatible " Specify character code set encoding=utf-8 " Specify file encoding (read from the beginning until success) set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp " Specify the line feed code to be recognized automatically set fileformats=unix,dos " Get Backup set backup " Specify the directory from which to obtain backups set backupdir=~/backup " Number of generations to keep search history set history=50 " Do not distinguish between upper and lower case letters when searching set ignorecase " Mixing capital letters in search terms makes the search case sensitive set smartcase " Highlight words matching your search term set hlsearch " Use incremental search set incsearch " Display line numbers set number " Visualize line breaks ( $ ) and tabs ( ^I ) set list " Highlight corresponding parentheses when entering parentheses set showmatch " No newlines at the end of files set binary noeol " Enable automatic indentation set autoindent " Color-coded display by syntax syntax on " Change color of comment text in case of syntax on highlight Comment ctermfg=LightCyan " Wrap lines by window width set wrap |