CentOS7 initial settings

Introduction

It describes what to do with CentOS 7 (assuming the following)

OS / Package Update

Update OS / kernel / package If you don't want to update the OS or kernel, modify /etc/yum.conf (not this time)

# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

Do the following (it will take a few minutes)

# yum -y update
Loaded plugins: fastestmirror
:
Complete!
# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

Locale setting

Make the region and language Japan First check the current settings

# localectl status
   System Locale: LANG=en_US.UTF-8
       VC Keymap: jp
      X11 Layout: jp,us
     X11 Variant: ,

Change the locale

# localectl set-locale LANG=ja_JP.utf8
# localectl status
   System Locale: LANG=ja_JP.utf8
       VC Keymap: jp
      X11 Layout: jp,us
     X11 Variant: ,

It seems to safely rewrite /etc/locale.conf

/etc/locale.conf


LANG=ja_JP.utf8

It seems that it is not reflected in the environment variable of the current login

# env | grep LANG
LANG=en_US.UTF-8

To take effect, log in again or do the following

# . /etc/locale.conf

Change root user password

Set the password to use when logging in from the console

# passwd
Change user root password.
new password:
Please re-enter your new password:
Passwords do not match.
new password:
Please re-enter your new password:
passwd:All authentication tokens have been successfully renewed.

Stop unnecessary services (if necessary)

Check for valid pre-installed

# systemctl list-unit-files --state=enabled --type=service
UNIT FILE                                   STATE
acpid.service                               enabled
auditd.service                              enabled
[email protected]                             enabled
chronyd.service                             enabled
crond.service                               enabled
:
32 unit files listed.

Stop the service

#systemctl stop service name

Disable automatic start of service

#systemctl disable service name

Disables the service

#systemctl mask service name

Host name setting

Set the host name

# hostnamectl set-hostname www.example.com

Seems to safely rewrite/etc/hostname

/etc/hostname


www.example.com

In CentOS 6, it could be changed by editing/etc/sysconfig/network It was also possible to comment out the line with #, If you do the same thing on CentOS 7, the host name setting will be wrong.

The host name displayed at the prompt will be reflected when you log in again.

[root@www ~]#

DNS settings

If the DNS server of the VPS provider is not available, use the public DNS server

/etc/resolve.conf


# Generated by NetworkManager
search example.com
nameserver 8.8.8.8
nameserver 8.8.4.4

CentOS 7 is supposed to use the nmcli command without editing the configuration file directly search seems to automatically set the domain part by setting the host name nameserver seems to autoconfigure DNS in/etc/sysconfig/network-scripts/ifcfg-eth0

SSH port change

If you keep the default port, it is easy to be attacked, so change it If SELinux is enabled, you cannot change the port as it is, so disable SELinux this time. To disable it, edit the SELinux configuration file

# vi /etc/selinux/config

/etc/selinux/config


:
#SELINUX=enforcing
SELINUX=disabled
:

Reboot for SELinux changes to take effect

# shutdown -r now

Here is the SSH settings First, edit the sshd configuration file

# vi /etc/ssh/sshd_config

/etc/ssh/sshd_config


:
Port 22222
:

Restart the SSH service

# systemctl restart sshd

Also change the firewall settings If you do not do this, you will not be able to connect to SSH Copy firewalld's default config file and create your own config file

# cp -p /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
# vi /etc/firewalld/services/ssh.xml

Change the port number

/etc/firewalld/services/ssh.xml


:
  <port protocol="tcp" port="22222"/>
</service>

Reflects firewall changes

# firewall-cmd --reload
success

Firewall settings

Allow ports for published services First, check the current firewall settings

# firewall-cmd --list-all
public (active)
:
  services: dhcpv6-client ssh
:

As an example, allow connections to web services (http, https)

# firewall-cmd --zone=public --add-service=http --permanent
success
# firewall-cmd --zone=public --add-service=https --permanent
success

Reflect the changes

# firewall-cmd --reload
success
# firewall-cmd --list-all
public (active)
:
  services: dhcpv6-client http https ssh
:

As another example, allow all connections from a specific IP address Add a trusted zone in addition to the default public zone

# firewall-cmd --add-source=XXX.XXX.XXX.XXX --zone=trusted --permanent
success

Reflect the changes

# firewall-cmd --reload
success

Confirm changes

# firewall-cmd --get-active-zones
public
  interfaces: eth0
trusted
  sources: XXX.XXX.XXX.XXX
#  firewall-cmd --list-all --zone=trusted
trusted (active)
:
  sources: XXX.XXX.XXX.XXX
  services:
:

Recommended Posts

centos7 Initial settings
CentOS7 initial settings
CentOS8 bind settings
CentOS7 network settings
EC2 initial settings
Initial settings of Netbeans (for JavaEE)
RuboCop settings
Initial settings until S2Dao can be used