Contents
1.Disabling SELinux
First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.
SELinux Operation Mode
Enforcing : SELinux functionality is enabled and access control is enabled
Permissive : SElinux will warn, but no access restrictions will be placed
disabled : Both SElinux function and access control are disabled
①Current SELinux status
|
1 2 |
# getenforce Enforcing |
②Switching to [permissive] mode
|
1 2 3 |
# setenforce 0 # getenforce Permissive |
③Switch to [enforcing] mode
|
1 2 3 |
# setenforce 1 # getenforce Enforcing |
④To completely disable SELinux, a reboot is required by adding selinux=0 to the kernel command line as follows
|
1 2 |
# grubby --update-kernel ALL --args selinux=0 # reboot |
※ To return SELinux to active, do the following (reboot after changes)
|
1 2 |
# grubby --update-kernel ALL --remove-args selinux # rebbot |
2.System Modernization
Update packages as soon as possible after OS installation.
However, when a dnf update is performed, a kernel update is also performed at the same time.
Kernel updates may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot.
It is wiser to exclude the kernel and update it.
By running dnf -y update with "--exclude=kernel*", the kernel can be excluded from updates.
|
1 |
# dnf -y update --exclude=kernel* |
3.Services stopped for system modernization and security measures.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# systemctl stop atd.service # systemctl disable atd.service # systemctl stop kdump.service # systemctl disable kdump.service # systemctl stop lvm2-monitor.service # systemctl disable lvm2-monitor.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
4.Adding Repositories
4.1 PowerTools / HighAvailability
PowerTools and HighAvailability are available by updating miraclelinux-repos and activating the repository.
First, update miraclelinux-repos.
|
1 |
# dnf update miraclelinux-repos |
①PowerTools can be used by activating the repository as follows
|
1 |
# dnf config-manager --set-enabled 9-latest-PowerTools |
②HighAvailability is available by activating the repository as follows
|
1 |
# dnf config-manager --set-enabled 9-latest-HighAvailability |
4.2 EPEL
EPEL is a repository provided by the Fedora project, officially named Extra Packages for Enterprise Linux. This repository is unique in that it contains many commonly used packages that are not included in the distribution's repositories.
Since EPEL provides packages for adding repositories for RHEL 9, they can be used with MIRACLE LINUX 9 by simply installing the packages.
|
1 |
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm |
|
1 |
# vi /etc/yum.repos.d/epel.repo |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[epel] name=Extra Packages for Enterprise Linux $releasever - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. #baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/ metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever [epel-debuginfo] name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror |
After installation, the following repository files will be added to /etc/yum.repos.d and made available.
epel.repo
epel-testing.repo
4.3 Remi's RPM repository
|
1 2 |
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm # dnf -y config-manager --set-enabled remi |
|
1 |
# vi /etc/yum.repos.d/remi-safe.repo |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# This repository is safe to use with RHEL/CentOS base repository # it only provides additional packages for the PHP stack # all dependencies are in base repository or in EPEL [remi-safe] name=Safe Remi's RPM repository for Enterprise Linux 9 - $basearch #baseurl=http://rpms.remirepo.net/enterprise/9/safe/$basearch/ #mirrorlist=https://rpms.remirepo.net/enterprise/9/safe/$basearch/httpsmirror mirrorlist=http://cdn.remirepo.net/enterprise/9/safe/$basearch/mirror enabled=1 ← Repository enabled (0 : Repository disabled) priority=10 ← Specify priority in the range of 1~99 gpgcheck=1 repo_gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9 [remi-safe-debuginfo] name=Remi's RPM repository for Enterprise Linux 9 - $basearch - debuginfo baseurl=http://rpms.remirepo.net/enterprise/9/debug-remi/$basearch/ |
After installation, the following repository files will be added to /etc/yum.repos.d and made available.
remi.repo
remi-modular.repo
remi-safe.repo
5.Network Settings
5.1 Check network device name
|
1 2 3 4 |
# nmcli dev s DEVICE TYPE STATE CONNECTION ens160 ethernet connected ens160 lo loopback unmanaged -- |
5.2 Host Name Change
Change the host name to Lepard
|
1 2 3 4 |
# hostnamectl set-hostname Lepard Log in again [huong@Lepard:~]$ |
5.3 Static IPv4 address configuration
Change the static IPv4 address to "192.168.11.83".
Change by "nmcli" command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# Fixed IPv4 address setting # nmcli connection modify ens160 ipv4.addresses 192.168.11.83/24 # Gateway Settings # nmcli connection modify ens160 ipv4.gateway 192.168.11.1 # Referenced DNS settings # nmcli connection modify ens160 ipv4.dns 192.168.11.1 # DNS search base settings (own domain name) # nmcli connection modify ens160 ipv4.dns-search miracle.korodes.com # Set to fixed IP address assignment # nmcli connection modify ens160 ipv4.method manual # Reboot interface to reflect settings # nmcli connection down ens160; nmcli connection up ens160 Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) |
6.Vim Settings
①Vim install
|
1 |
# dnf -y install vim-enhanced |
|
1 2 3 |
# vi ~/.bashrc # Alias appended to the last line alias vi='vim' |
|
1 |
# source ~/.bashrc |
|
1 |
# vi ~/.vimrc |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
" Use your own extensions to vim (not compatible with vi) set nocompatible " Specify the character encoding set encoding=utf-8 " Specify file encoding (read from top to bottom until success) set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp " Specify the line feed code to be recognized automatically. set fileformats=unix,dos " Get a backup set backup " Specify the directory to get the backup set backupdir=~/backup " Number of generations to keep search history set history=50 " Search is not case-sensitive. set ignorecase " If you mix capital letters in search terms, the search will distinguish between capital letters. set smartcase " Highlight words that match the search term. set hlsearch " Use incremental search (start searching for matching strings at any time while entering search terms) set incsearch " Display line numbers set number " Visualize line breaks ( $ ) and tabs ( ^I ) set list " Emphasize the corresponding parentheses when entering parentheses set showmatch " Don't put a newline at the end of a file set binary noeol " Enable auto-indent. set autoindent "Color coding for each syntax syntax on "Change the color of the comment text when syntax on highlight Comment ctermfg=LightCyan "Wrap lines by window width set wrap |