Rocky Linux8.6 : Initial Settings

1. Disable SELinux

First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.

# getenforce       ← Check SELinux functionality
Enforcing              ← SELinux is effective
# setenforce 0     ← Disable SELinux functionality
# getenforce       ← Reconfirmation of SELinux functionality
Permissive             ← SELinux functionality is disabled.

As it is, seinux will return to be enabled once the server is restarted, so to permanently disable selinux, modify the /etc/sysconfig/selinux file.

# vi /etc/sysconfig/selinux

Change "SELINUX=enforcing" to "SELINUX=disabled"

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pro
tected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

2. System Modernization

Package updates are performed as soon as possible immediately after OS installation.
However, when a dnf update is performed, a kernel update is also performed at the same time.
A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.
By running dnf -y update with "--exclude=kernel*" after
kernel*" after "update" to exclude the kernel from updates.

# dnf -y update --exclude=kernel*

3.Services to be stopped due to security measures

Stop the following services that you deem unnecessary.

# systemctl stop atd.service
# systemctl disable atd.service
# systemctl stop kdump.service
# systemctl disable kdump.service
# systemctl stop lvm2-monitor.service
# systemctl disable lvm2-monitor.service
# systemctl stop mdmonitor.service
# systemctl disable mdmonitor.service
# systemctl stop smartd.service
# systemctl disable smartd.service
# systemctl stop tuned.service
# systemctl disable tuned.service
# systemctl stop dm-event.socket
# systemctl disable dm-event.socket

4.Adding Repositories

4.1 Add EPEL repository

# dnf -y install epel-release
# vi /etc/yum.repos.d/epel.repo
[epel] name=Extra Packages for Enterprise Linux $releasever - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1   ← Repository enabled (0 : Repository disabled)
priority=10 ← Specify priority in the range of 1~99
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
[epel-debuginfo] name=Extra Packages for Enterprise Linux $releas

4.2 Added Remi's RPM repository

# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
# vi /etc/yum.repos.d/remi-safe.repo
# This repository is safe to use with RHEL/CentOS base repository
# it only provides additional packages for the PHP stack
# all dependencies are in base repository or in EPEL[remi-safe] name=Safe Remi's RPM repository for Enterprise Linux 8 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/8/safe/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/8/safe/$basearch/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/8/safe/$basearch/mirror
enabled=1   ← Repository enabled (0 : Repository disabled)
priority=10 ← Specify priority in the range of 1~99
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8[remi-safe-debuginfo] name=Remi's RPM repository for Enterprise Linux 8 - $basearch - debuginfo
baseurl=http://rpms.remirepo.net/enterprise/8/debug-remi/$basearch/

5.Network Settings

5.1 Host Name Change

Change the host name to Lepard to try it out

# hostnamectl set-hostname Lepard
# reboot
[huong@Lepard:~]$

5.2 Static IP address setting

If the default setting for obtaining an IP address by DHCP was made during OS installation, change the network settings to a fixed IP address if necessary.
First, find out the name of your network interface with the following command
This time it is "ens160
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3f:48:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.11.83/24 brd 192.168.11.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
Edit the network configuration file and change the static IP address to "192.168.11.11".
# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=dccaab30-4028-439e-a0ec-b385375811d1
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.11.11    ← chanchange
PREFIX=24
GATEWAY=192.168.11.1
DNS1=192.168.11.1
IPV6_DISABLED=yes
To reflect the settings, do one of the following
# /etc/init.d/network restart
or
# service network restart
or
# systemctl restart network

6.Vim Settings

①Install Vim
# dnf -y install vim-enhanced
②Apply and reflect Vim
# vi ~/.bashrc
# Alias appended to the last line
alias vi='vim'
# source ~/.bashrc
③Configure Vim as a user-specific environment
# vi ~/.vimrc

" vim の独自拡張機能を使用 (vi との互換性無し)
set nocompatible
" 文字コードを指定
set encoding=utf-8
" ファイルエンコードを指定 (先頭から順に成功するまで読み込む)
set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp
" 自動認識させる改行コードを指定
set fileformats=unix,dos
" バックアップを取得
set backup
" バックアップを取得するディレクトリを指定
set backupdir=~/backup
" 検索履歴を残す世代数
set history=50
" 検索時に大文字小文字を区別しない
set ignorecase
" 検索語に大文字を混ぜると検索時に大文字を区別する
set smartcase
" 検索語にマッチした単語をハイライト
set hlsearch
" インクリメンタルサーチを使用
set incsearch
" 行番号を表示
set number
" 改行 ( $ ) やタブ ( ^I ) を可視化
set list
" 括弧入力時に対応する括弧を強調
set showmatch
" ファイルの末尾に改行を入れない
set binary noeol
" 自動インデントを有効にする
set autoindent
" 構文ごとに色分け表示
syntax on
" syntax on の場合のコメント文の色を変更
highlight Comment ctermfg=LightCyan
" ウィンドウ幅で行を折り返す
set wrap

タイトルとURLをコピーしました