[Linux] Basic settings after OS installation of CentOS 7.3
Introduction
In order to introduce ansible to CentOS 7.3, OS installation-basic settings were carried out. I would like to output the OS basic settings set at that time.
environment
| item | Description |
|---|---|
| Hypervisor | ESXi6.7 |
| OS | CentOS7.3 |
- CentOS 7.3 is a "minimal installation".
Basic setting parameters
| item | Settings |
|---|---|
| hostname | tspdev01 |
| IP address | 192.168.0.200 |
| sub-net mask | 255.255.255.0(/24) |
| default gateway | 192.168.0.1 |
| DNS settings | 8.8.8.8/8.8.4.4 |
| NTP settings | ntp.nict.jp |
| SElinux settings | disabled |
| NetworkManager | Stop/Automatic start / stop |
| firewalld | Stop/Automatic start / stop |
Packages to install
| item | Settings |
|---|---|
| vim | Editor with multi-functional vi |
- Because it is easy to use, it is often used in business.
basic configuration
Host name setting
Permanently set the host name to tspdev01.
[root@localhost ~]# hostnamectl set-hostname tspdev01
[root@localhost ~]# cat /etc/hostname
tspdev01
[root@localhost ~]#
IP address setting
** Set the IP address / subnet mask / default gateway. ** **
① Confirm IP address information in advance
** → Confirm that "ens192" is DOWN. ** **
- "Lo" is a loopback interface that represents itself. No setting is required here. (It is not the interface used for communication with the outside.)
(2) Back up the network setting file in advance
--File backup
Make a backup of ʻifcfg-ens192`
[root@tspdev01 ~]# cp -p /etc/sysconfig/network-scripts/ifcfg-ens192 /etc/sysconfig/network-scripts/ifcfg-ens192_20200614
--File backup confirmation
ʻIfcfg-ens192_20200614` is the backup file
[root@tspdev01 ~]# ll /etc/sysconfig/network-scripts/ | grep ifcfg
-rw-r--r--.1 root root 171 June 14 20:59 ifcfg-ens192
-rw-r--r--1 root root 171 June 14 20:59 ifcfg-ens192_20200614
-rw-r--r--.1 root root 254 September 12 2016 ifcfg-lo
[root@tspdev01 ~]#
③ Edit the setting file
vi /etc/sysconfig/network-scripts/ifcfg-ens192
** [Details] **
[root@tspdev01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
BOOTPROTO=none
IPV6INIT=no
NAME=ens192
UUID=285600e1-fb02-475a-aa5d-ef105c89a333
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.0.200
PREFIX=24
GATEWAY=192.168.0.1
[root@tspdev01 ~]#
After setting, save with wq!.
** [Settings] **
| item | Description |
|---|---|
| TYPE | type |
| BOOTPROTO | When using DHCP"dhcp", If you want to set it statically"static"Or"none" |
| IPV6INIT | Whether IPv6 setting is implemented |
| NAME | NIC name |
| UUID | Associate ifcfg with NetworkManager connections |
| ONBOOT | Whether to boot the NIC when the OS boots |
| IPADDR | IP address(Static setting) |
| PREFIX | sub-net mask |
| GATEWAY | default gateway |
- If "UUID" has already been specified, it is not necessary to specify "MAC address".
③ After setting, check the contents
[root@tspdev01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
BOOTPROTO=none
IPV6INIT=no
NAME=ens192
UUID=285600e1-fb02-475a-aa5d-ef105c89a333
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.0.200
PREFIX=24
GATEWAY=192.168.0.1
[root@tspdev01 ~]#
④ Restart the network service
[root@tspdev01 ~]# systemctl restart network
[root@tspdev01 ~]#
⑤ Confirm that ssh connection is possible with terminal software such as TeraTerm.
DNS settings
Set the DNS server to ** 8.8.8.8 ** and ** 8.8.4.4 **.
① File backup in advance
--File backup
[root@tspdev01 ~]# cp -p /etc/resolv.conf /etc/resolv.conf_20200614
--Backup confirmation
[root@tspdev01 ~]# ll /etc | grep resolv
-rw-r--r--.1 root root 38 June 14 21:00 resolv.conf
-rw-r--r--1 root root 38 June 14 21:00 resolv.conf_20200614
[root@tspdev01 ~]#
② "/etc/resolv.conf" setting
vi /etc/resolv.conf
** [Settings] **
nameserver 8.8.8.8
nameserver 8.8.4.4
③ Check settings
[root@tspdev01 ~]# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
[root@tspdev01 ~]#
NTP settings
Set the NTP synchronization destination to ntp.nict.jp
① Backup of configuration file
--File backup
[root@tspdev01 ~]# cp -p /etc/chrony.conf /etc/chrony.conf_20200614
[root@tspdev01 ~]#
--Backup confirmation
"Chrony.conf_20200614" exists.
[root@tspdev01 ~]# ll /etc | grep chron
-rw-r--r--.1 root root 1199 June 14 21:11 chrony.conf
-rw-r--r--1 root root 1199 June 14 21:11 chrony.conf_20200614
-rw-r-----.1 root chrony 62 June 14 20:57 chrony.keys
[root@tspdev01 ~]#
② Update the configuration file
vi /etc/chrony.conf
[Settings]
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
3 # server 0.centos.pool.ntp.org iburst ← Comment out
4 # server 1.centos.pool.ntp.org iburst ← Comment out
5 # server 2.centos.pool.ntp.org iburst ← Comment out
6 # server 3.centos.pool.ntp.org iburst ← Comment out
7 server ntp.nict.jp iburst ← added
8
9 # Ignore stratum in source selection.
10 stratumweight 0
11
12 # Record the rate at which the system clock gains/losses time.
13 driftfile /var/lib/chrony/drift
14
After setting, save as wq!
③ Check the file contents
Check if the corrected part is reflected
[root@tspdev01 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst
server ntp.nict.jp iburst
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
~~
④ Restart the chronyd service
--Service restart
[root@tspdev01 ~]# systemctl restart chronyd
--Startup confirmation
OK if it is ʻactive (running)`
[root@tspdev01 ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running)since day 2020-06-14 23:19:27 JST; 54s ago
Process: 9995 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 9991 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 9993 (chronyd)
CGroup: /system.slice/chronyd.service
mq9993 /usr/sbin/chronyd
June 14 23:19:27 tspdev01 systemd[1]: Starting NTP client/server...
June 14 23:19:27 tspdev01 chronyd[9993]: chronyd version 2.1.1 starting (+C...)
June 14 23:19:27 tspdev01 chronyd[9993]: Frequency 12.670 +/- 0.485 ppm rea...t
June 14 23:19:27 tspdev01 systemd[1]: Started NTP client/server.
June 14 23:19:32 tspdev01 chronyd[9993]: Selected source 2001:ce8:78::2
Hint: Some lines were ellipsized, use -l to show in full.
[root@tspdev01 ~]#
--Automatic start confirmation
Make sure it is ʻenabled`
- If it is ʻenabled`, the service will start automatically when the OS starts.
[root@tspdev01 ~]# systemctl is-enabled chronyd
enabled
[root@tspdev01 ~]#
⑤ Time synchronization confirmation
- timedatectl status
[root@tspdev01 ~]# timedatectl status
Local time:Sun 2020-06-14 23:22:59 JST
Universal time:Sun 2020-06-14 14:22:59 UTC
RTC time:Sun 2020-06-14 14:22:59
Time zone: Asia/Tokyo (JST, +0900)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
[root@tspdev01 ~]#
→ Confirm that NTP enabled and NTP synchronized are "yes".
- chronyc sources
[root@tspdev01 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 2001:ce8:78::2 1 6 377 28 -301us[ -763us] +/- 8424us
[root@tspdev01 ~]#
→ If it is ^ *, there is no problem. (Time synchronized state)
SElinux disable settings
What is SElinux in the first place? ??
"SElinux" is a security-related function used for access control. In actual construction work, it is often disabled.
If you would like to know more about "SELinux", please refer to the link below. [Roughly understand] What is SELinux?
Invalidation procedure
① Check the current status
[root@tspdev01 ~]# getenforce
enforcing
[root@tspdev01 ~]#
→ Confirm that it is ʻenforcing`.
- ʻEnforcing` means that SELinux is effective. Deny access that violates the security policy.
② Configuration file backup
--File backup
[root@tspdev01 ~]# cp -p /etc/selinux/config /etc/selinux/config_20200614
--Backup confirmation
Make sure config_20200614 exists
[root@tspdev01 ~]# ll /etc/selinux | grep config
-rw-r--r--.1 root root 546 June 14 21:01 config
-rw-r--r--1 root root 546 June 14 21:01 config_20200614
[root@tspdev01 ~]#
③ Modify the setting file
[root@tspdev01 ~]# vi /etc/selinux/config
[Settings]
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=disabled ← Change from "enforcing" to "disabled"
8 # SELINUXTYPE= can take one of three two values:
9 # targeted - Targeted processes are protected,
10 # minimum - Modification of targeted policy. Only selected processes are protected.
11 # mls - Multi Level Security protection.
12 SELINUXTYPE=targeted
13
14
After setting, save with "wq!".
④ Check the file after setting
[root@tspdev01 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@tspdev01 ~]#
⑤ OS restart
OS restart is required to reflect SElinux settings.
[root@tspdev01 ~]# reboot
⑤ Check the status of SElinux again.
Confirm that it is "Disabled".
[root@tspdev01 ~]# getenforce
Disabled
[root@tspdev01 ~]#
Service stop / automatic start stop
| item | Settings | Remarks |
|---|---|---|
| NetworkManager | Stop/Automatic start / stop | A service that allows you to dynamically configure your network |
| firewalld | Stop/Automatic start / stop | As the name implies, firewall service |
Both services will be stopped because they are not used.
NetworkManager stop / automatic start stop
① Network Manager service stop / automatic start stop
--NetworkManager service stopped
systemctl stop NetworkManager
--NetworkManager service automatic start / stop
systemctl disable NetworkManager
② Network Manager service confirmation
--NetworkManager service stop confirmation
ʻActive: Confirm that it is inactive (dead) `.
[root@tspdev01 ~]# systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:NetworkManager(8)
[root@tspdev01 ~]#
--NetworkManager service automatic start / stop confirmation
Confirm that it is disabled.
[root@tspdev01 ~]# systemctl is-enabled NetworkManager
disabled
[root@tspdev01 ~]#
firewalld stop / auto start stop
① firewalld service stop / automatic start stop
--Firearmd service stopped
systemctl stop firewalld
--Firewalld service automatic start / stop
systemctl disable firewalld
② firewalld service confirmation
--Firewalld service stop confirmation
ʻActive: Confirm that it is inactive (dead) `.
[root@tspdev01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@tspdev01 ~]#
--Firewalld service automatic start / stop confirmation
Confirm that it is disabled.
[root@tspdev01 ~]# systemctl is-enabled firewalld
disabled
[root@tspdev01 ~]#
Package installation
This time only vim is installed.
Prerequisites
--You must be able to connect to the Internet --DNS settings are complete
Installation procedure
① Read repository
--Clear cache
[root@tspdev01 ~]# yum clean all
Loaded plugin:fastestmirror
Cleaning the repository: base extras updates
Cleaning up everything
[root@tspdev01 ~]#
--Repository read
/etc/yum.repos.d/ Read the repository file directly under.
- This time, the default file does not need to be changed.
[root@tspdev01 ~]# yum repolist all
Loaded plugin:fastestmirror
base | 3.6 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00
(2/4): extras/7/x86_64/primary_db | 194 kB 00:00
(3/4): updates/7/x86_64/primary_db | 2.1 MB 00:01
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:02
Determining fastest mirrors
* base: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
Repository ID Repository name Status
C7.0.1406-base/x86_64 CentOS-7.0.1406 -Base disabled
C7.0.1406-centosplus/x86_64 CentOS-7.0.1406 -CentOSPlus disabled
C7.0.1406-extras/x86_64 CentOS-7.0.1406 -Extras disabled
C7.0.1406-fasttrack/x86_64 CentOS-7.0.1406 -CentOSPlus disabled
C7.0.1406-updates/x86_64 CentOS-7.0.1406 -Updates disabled
C7.1.1503-base/x86_64 CentOS-7.1.1503 -Base disabled
C7.1.1503-centosplus/x86_64 CentOS-7.1.1503 -CentOSPlus disabled
C7.1.1503-extras/x86_64 CentOS-7.1.1503 -Extras disabled
C7.1.1503-fasttrack/x86_64 CentOS-7.1.1503 -CentOSPlus disabled
C7.1.1503-updates/x86_64 CentOS-7.1.1503 -Updates disabled
C7.2.1511-base/x86_64 CentOS-7.2.1511 -Base disabled
C7.2.1511-centosplus/x86_64 CentOS-7.2.1511 -CentOSPlus disabled
C7.2.1511-extras/x86_64 CentOS-7.2.1511 -Extras disabled
C7.2.1511-fasttrack/x86_64 CentOS-7.2.1511 -CentOSPlus disabled
C7.2.1511-updates/x86_64 CentOS-7.2.1511 -Updates disabled
base/7/x86_64 CentOS-7 -Base valid: 10,070
base-debuginfo/x86_64 CentOS-7 -Debuginfo disabled
base-source/7 CentOS-7 -Base Sources disabled
c7-media CentOS-7 -Media disabled
centosplus/7/x86_64 CentOS-7 -Plus disabled
centosplus-source/7 CentOS-7 -Plus Sources disabled
cr/7/x86_64 CentOS-7 -cr invalid
extras/7/x86_64 CentOS-7 -Extras enabled: 397
extras-source/7 CentOS-7 -Extras Sources disabled
fasttrack/7/x86_64 CentOS-7 -fasttrack disabled
updates/7/x86_64 CentOS-7 -Updates enabled: 754
updates-source/7 CentOS-7 -Updates Sources disabled
repolist: 11,221
[root@tspdev01 ~]#
② Install "vim"
[root@tspdev01 ~]# yum install vim -y
If the last line says "Completed!", There is no problem.
perl-Pod-Escapes.noarch 1:1.04-295.el7
perl-Pod-Perldoc.noarch 0:3.20-4.el7
perl-Pod-Simple.noarch 1:3.28-4.el7
perl-Pod-Usage.noarch 0:1.63-3.el7
perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
perl-Socket.x86_64 0:2.010-5.el7
perl-Storable.x86_64 0:2.45-3.el7
perl-Text-ParseWords.noarch 0:3.29-4.el7
perl-Time-HiRes.x86_64 4:1.9725-3.el7
perl-Time-Local.noarch 0:1.2300-2.el7
perl-constant.noarch 0:1.27-2.el7
perl-libs.x86_64 4:5.16.3-295.el7
perl-macros.x86_64 4:5.16.3-295.el7
perl-parent.noarch 1:0.225-244.el7
perl-podlators.noarch 0:2.5.1-3.el7
perl-threads.x86_64 0:1.87-4.el7
perl-threads-shared.x86_64 0:1.43-6.el7
vim-common.x86_64 2:7.4.629-6.el7
vim-filesystem.x86_64 2:7.4.629-6.el7
Has completed!
[root@tspdev01 ~]#
Reference article
About CentOS6 / 7 ifcfg and other configuration files [Getenforce] command / [setenforce] command-Display / temporarily change SELinux mode Setting up an NTP client on CentOS 7
Recommended Posts