Contents
1. Disable SELinux
SELinux is a feature that provides a highly secure system architecture that prevents the concentration of privileges on root.
In openSUSE, it is disabled at the time of installation.
To check
|
1 2 |
# vi /etc/selinux/config SELINUX=disabled |
2. Use su command
Not required if you set the root password at the time of installation.
If you don't want to set the root password, set it as follows
After logging in as a general user
If you don't want to set the root password, set it as follows
After logging in as a general user
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
lan@localhost:~> sudo passwd root We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for root: New password: Retype new password: passwd: password updated successfully |
|
1 2 3 |
lan@localhost:~> su - Password: localhost:~ # |
3. Modernize the system
To bring the system up to date, enter the following command。
|
1 |
# zypper -n update reboot |
4. Install locate
In many cases, the find command is used to search for a specific file on the entire Linux system.
The find option is somewhat confusing.
The locate command is capable of extracting all files with the specified file name
Install
|
1 |
# zypper -n install mlocate |
|
1 |
# updatedb |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# locate sshd etc/pam.d/sshd /etc/ssh/sshd_config /etc/sysconfig/SuSEfirewall2.d/services/sshd /etc/systemd/system/multi-user.target.wants/sshd.service /usr/lib/systemd/system/sshd.service /usr/lib/sysusers.d/sshd.conf /usr/lib64/ruby/gems/2.5.0/gems/ruby-augeas-0.5.0/tests/root/etc/ssh/sshd_config /usr/sbin/rcsshd /usr/sbin/sshd /usr/sbin/sshd-gen-keys-start /usr/share/YaST2/scrconf/etc_ssh_sshd_config.scr /usr/share/apparmor/extra-profiles/usr.sbin.sshd /usr/share/augeas/lenses/dist/sshd.aug /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man8/sshd.8.gz /usr/share/vim/vim80/syntax/sshdconfig.vim /var/lib/sshd |
5. Services stopped for security measures.
Stopped and restarted services that were deemed unnecessary.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# systemctl stop atd.service # disable atd.service # systemctl stop auditd.service # systemctl disable auditd.service # systemctl stop mdmonitor.service # systemctl disable mdmonitor.service # systemctl stop smartd.service # systemctl disable smartd.service # systemctl stop tuned.service # systemctl disable tuned.service # systemctl stop dm-event.socket # systemctl disable dm-event.socket |
6. Network Settings
6.1 Host name setting
Change the hostname to Lepard to test it.
|
1 2 3 |
localhost:~ # hostnamectl set-hostname Lepard localhost:~# reboot lan@Lepard:~> |
6.2 Fixed IP address setting
First, find out the name of your network interface with the following command
This time it is "eth0".
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:aa:4e:15 brd ff:ff:ff:ff:ff:ff altname enp2s1 altname ens33 inet 192.168.11.84/24 brd 192.168.11.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feaa:4e15/64 scope link valid_lft forever preferred_lft forever |
Change the IP address of your server to "192.168.11.11".
In most cases, the router address is something like "192.168.11.1" or "192.168.0.1.
We will use "192.168.11.1" as an example.
In most cases, the router address is something like "192.168.11.1" or "192.168.0.1.
We will use "192.168.11.1" as an example.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Lepard:~ # vi /etc/sysconfig/network/ifcfg-eth0 # Change as follows (replace IP address and other values with your own environment) BOOTPROTO='static' BROADCAST='192.168.11.255' ETHTOOL_OPTIONS='' IPADDR='192.168.11.11' MTU='' NAME='' NETMASK='255.255.255.0' NETWORK='192.168.11.0' REMOTE_IPADDR='' STARTMODE='auto' DHCLIENT_SET_DEFAULT_ROUTE='yes' |
|
1 2 3 4 5 6 |
# vi /etc/sysconfig/network/config # Line 182: Add your domain name. (To be added to the search line in resolv.conf) NETCONFIG_DNS_STATIC_SEARCHLIST="<your domain name.>" # Line 195: DNS server settings to reference NETCONFIG_DNS_STATIC_SERVERS="192.168.11.1" |
|
1 2 3 4 |
# vi /etc/sysconfig/network/routes #Create New: Default Gateway Settings default 192.168.11.1 - eth0 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# reboot # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:aa:4e:15 brd ff:ff:ff:ff:ff:ff altname enp2s1 altname ens33 inet 192.168.11.11/24 brd 192.168.11.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feaa:4e15/64 scope link valid_lft forever preferred_lft forever |
6. IPv6 disablement
|
1 2 3 4 |
# vi /etc/default/grub # Line 12: additional entry GRUB_CMDLINE_LINUX="ipv6.disable=1" |
|
1 2 3 4 5 6 |
# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found theme: /boot/grub2/themes/openSUSE/theme.txt Found linux image: /boot/vmlinuz-5.3.18-150300.59.43-default Found initrd image: /boot/initrd-5.3.18-150300.59.43-default done |