[Last time] I have installed CentOS8_1 and CentOS8 (1905)
, but this time I would like to open the network and update the system with package management dnf
.
For the time being, before opening the network, I will close the free ports such as SSH
by default.
Of course, after the network is opened, it will be possible to connect with SSH
, but since we want to be able to connect with proper security, we will close unnecessary ports once.
Immediately, check the free port with the firewall-cmd
command.
[root@localhost ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As the name suggests, firewall-cmd
is a command to set the firewall.
You can see the current settings in a list with firewall-cmd --list-all
.
services: cockpit dhcpv6-client ssh
The port specified by the service cockpit`` dhcpv6-client
ssh
is free.
cockpit
seems to be a tool that allows you to manage your system on your browser, but you don't need it, so close it permanently.
dhcpv6-client
seems to be necessary if you use Ipv6, but I don't need it for the time being, so I will close it permanently.
You can open ssh
after setting it properly later, so close it temporarily.
So, I will delete everything for the time being.
[root@localhost ~]# firewall-cmd --permanent --remove-service=cockpit
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=dhcpv6-client
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=ssh
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
It was refreshing.
Network settings are made with the nmcli
command.
First, check the current situation.
[root@localhost ~]# nmcli device
DEVICE TYPE STATE CONNECTION
ens3 ethernet disconnected--
lo loopback No management--
ʻEns3` becomes the NIC, but as you can see, it is disconnected, so connect it.
[root@localhost ~]# nmcli connection modify ens3 connection.autoconnect yes
status check.
[root@localhost ~]# nmcli device
DEVICE TYPE STATE CONNECTION
ens3 ethernet connected ens3
lo loopback No management--
Connected.
Since it is set to connection.autoconnect yes
, it will be connected automatically after that.
dnf
CentOS7
used yum
, but from CentOS
it seems to be dnf
. It seems that yum
can also be used, but it seems that it just wraps dnf
, so I will obediently use dnf
.
Update the packages installed on your system.
[root@localhost ~]# dnf update
...
Is this okay? [y/N]:
There is a list of straws, and you will be asked if you want to install it, so press y
to enter.
By the way, if you don't want to press y
, you can execute it with the -y
option and it will be y
. Usability is almost the same as yum
.
[root@localhost ~]# dnf update -y
Occasionally dnf update
to keep your system up to date.
It may be a problem for server administrators etc. if it is updated without permission, but in my case it is built for study purposes only, so I think that it is not a good idea to keep it up to date. .. ..
For the time being, the network has been opened, but after that, we need to be able to create users and connect to SSH. Here's what I want to do after this:
and manage users with
LDAP`.SSH
to allow the LDAP
account to log in with public key authentication.So, it will be a while before you can connect with SSH
~
Recommended Posts