[LINUX] CentOS 7 basic settings after network settings

Introduction

Install CentOS7 What to set after network settings Specify your personal best practices.

You don't have to set everything, just pick up the ones you need.

conditions

Condition: CentOS 7.7 is already installed Select Infrastructure Server for software at installation The following CentOS network settings have been built Initial network settings of CentOS 7 after installation

procedure

Login

First, log in with an account that has administrator privileges.

CentOS7.7


localhost login:

Make sure the prompt is "#". If it is "$", log in as a user who does not have administrator privileges. Since it is, log in again as root.

CentOS7.7


[[email protected] ~]#

Disable SELINUX

Disables the SELINUX settings. Enter the vi / etc / selinux / config command.

CentOS7.7


[[email protected] ~]#vi /etc/selinux/config

Change the configuration file to:

#SELINUX=enforcing
SELINUX=disabled

Restart the server for the settings to take effect.

CentOS7.7


[[email protected] ~]#reboot

After restarting the server, enter the following command.

CentOS7.7


#If Disabled is displayed, it is OK.
[[email protected] ~]#getenforce

Change SSH connection port

Check the SSH connection port.

CentOS7.7


[[email protected] ~]#vi /etc/ssh/sshd_config

Change the configuration file to:

# The port number can be any unreserved number.
Port 22→Port 22222

Restart the service.

CentOS7.7


#Note: If you restart, you will not be able to connect with SSH, so open it in multiple windows.
[[email protected] ~]#systemctl restart sshd

You will need to change the Firewall settings (skip if firewalld is disabled). Enter the following command to copy the configuration file.

CentOS7.7


[[email protected] ~]#cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-22222.xml

Edit

CentOS7.7


vi /etc/firewalld/services/ssh-22222.xml

Change the configuration file to:

/etc/firewalld/services/ssh-22222.xml


#Here, it is 22222.
#<port protocol="tcp" port="22"/>
<port protocol="tcp" port="22222"/>

Reflect the configuration file on the firewall.

CentOS7.7


#If success is displayed, it's OK.
[[email protected] ~]#firewall-cmd --reload

Put the settings in the firewall.

CentOS7.7


#If success is displayed, it's OK.
#Even if you restart, the settings will be reflected in the firewall.
firewall-cmd --permanent --add-service=ssh-22222

Check if the firewall port is open with the following command.

CentOS7.7


#Set[ssh-22222]Is OK if exists.
[[email protected] ~]#firewall-cmd --list-all

Create user

Create a user.

CentOS7.7


#Enter any name for USERNAME.
#Example: useradd hogehoge
[[email protected] ~]#useradd {USERNAME}

User password setting

Decide on a user password.

CentOS7.7


#{USERNAME}Will use the user created above.
#Example: passed hogehoge
[[email protected] ~]#passwd {USERNAME}

sudo settings

Set the permission to use sudo. Enter the following command. Add the user to the wheel group.

CentOS7.7


#{USERNAME}Is the user you just created.
#Example: usermod -G wheel hogehoge
[[email protected] ~]#usermod -G wheel {USERNAME}

Enter the following command and confirm that the user added to the wheel group belongs.

CentOS7.7


#Example: cat /etc/group | grep hogeghoge
[[email protected] ~]#cat /etc/group | grep {USERNAME}

Enter the following command. Manages the users and groups that can be connected with sudo.

CentOS7.7


[[email protected] ~]#visudo 

Make sure the commands on the following lines are not commented out (#) %wheel =ALL(ALL) ALL

#%wheel =ALL(ALL) ALL
%wheel =ALL(ALL) ALL

Log in as the user you added to the wheel group.

CentOS7.7


localhost login: hogehoge

Try editing the file using sudo.

CentOS7.7


#If you are allowed to edit the file and you can edit it, you're done.
[[email protected] ~]#sudo vi /etc/hostname

NTP settings

Set up NTP. Enter the following command.

CentOS7.7


[[email protected] ~]#vi /etc/chrony.conf

Under the item of User public servers from the pool.ntp.org project If any settings have been submitted, comment them out.

/etc/chrony.conf


Example:
#User public servers from the pool.ntp.org project
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst

After that, input the settings of the NTP server to be used. Here, the public NTP server [ntp.jst.mfeed.ad.jp] is used.

/etc/chrony.conf


#User public servers from the pool.ntp.org project
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
server ntp.jst.mfeed.ad.jp

Restart the NTP service.

CentOS7.7


[[email protected] ~]#systemctl restart chronyd.service

Check if it is synchronized with the NTP server.

CentOS7.7


#[ntp.jst.mfeed.ad.jp]It is OK if it is synchronized with.
[[email protected] ~]#chronyc sources 

SSH connection prohibition setting by Root user

Set the connection prohibition by SSH as the root user. Open the SSH configuration file.

CentOS7.7


[[email protected] ~]#vi /etc/ssh/sshd_config

Change the following settings.

#PermitRootLogin yes
PermitRootLogin no

Restart the SSH service.

CentOS7.7


[[email protected] ~]#systemctl restart sshd

Disable firewall service

Disable the firewall service. Skip if you need the firewall service. Stop firewalld.service.

CentOS7.7


[[email protected] ~]#systemctl stop firewalld.service

Disable firewalld.service.

CentOS7.7


* The service will not start even if you restart.
[[email protected] ~]#systemctl disable firewalld.service

reboot.

CentOS7.7


[[email protected] ~]#reboot

After rebooting, make sure that the firewall service is not started.

CentOS7.7


[[email protected] ~]#systemctl status firewalld.service

limit setting of su

Limit the users who can su. Open the following su configuration file.

CentOS7.7


[[email protected] ~]#vi /etc/pam.d/su

Please uncomment the following. Allows only users who have been added to the wheel group to su.

CentOS7.7


#auth required pam_wheel.so use_uid quiet
auth required pam_wheel.so use_uid quiet

Make sure it fails if you su to root as a user who has not been added to the wheel group. Make sure it succeeds if you su to root as a user added to the wheel group.

CentOS7.7


It is OK if you can confirm that you can log in as the root user.
[[email protected] ~]#su hogehoge

Host name setting

Set the host name.

CentOS7.7


[[email protected] ~]#vi /etc/hostname

Change the following settings.

#localhost.localdmains
hogehoge.localdomains

reboot.

CentOS7.7


[[email protected] ~]#reboot

After rebooting, enter the following command.

CentOS7.7


#Confirm that the settings have been changed.
[[email protected] ~]#hostname

Time zone setting

Timezone setting (Tokyo by default in CentOS 7.7) Enter the following command.

CentOS7.7


[[email protected] ~]#timedatectl set-timezone Asia/Tokyo

Check with the following command.

CentOS7.7


#Asia/It's OK if it's in Tokyo.
[[email protected] ~]#timedatectl status

At the end

Pick up the required settings and use them. Also, if there are other settings that you think are necessary I would appreciate it if you could describe it in the comments.

That is all.

Recommended Posts

CentOS 7 basic settings after network settings
[Linux] Basic settings after OS installation of CentOS 7.3
[RHEL / CentOS 8] Network settings memo
Network settings and confirmation in CentOS7
AWS Lightsail Primer 4 Basic Settings (CentOS 7)
Network programming (basic)
CentOS 7 NW settings
CentOS 7 network initialization
Teaming (LACP) settings in CentOS 8
[CentOS] Network check / change command [RHEL]
CLI file manager ranger basic settings