[LINUX] CentOS 7 basic settings after network settings

Introduction

Install CentOS7 What to set after network settings Specify your personal best practices.

You don't have to set everything, just pick up the ones you need.

conditions

Condition: CentOS 7.7 is already installed Select Infrastructure Server for software at installation The following CentOS network settings have been built Initial network settings of CentOS 7 after installation

procedure

Login

First, log in with an account that has administrator privileges.

CentOS7.7


localhost login:

Make sure the prompt is "#". If it is "$", log in as a user who does not have administrator privileges. Since it is, log in again as root.

CentOS7.7


[root@localhost ~]#

Disable SELINUX

Disables the SELINUX settings. Enter the vi / etc / selinux / config command.

CentOS7.7


[root@localhost ~]#vi /etc/selinux/config

Change the configuration file to:

#SELINUX=enforcing
SELINUX=disabled

Restart the server for the settings to take effect.

CentOS7.7


[root@localhost ~]#reboot

After restarting the server, enter the following command.

CentOS7.7


#If Disabled is displayed, it is OK.
[root@localhost ~]#getenforce

Change SSH connection port

Check the SSH connection port.

CentOS7.7


[root@localhost ~]#vi /etc/ssh/sshd_config

Change the configuration file to:

# The port number can be any unreserved number.
Port 22→Port 22222

Restart the service.

CentOS7.7


#Note: If you restart, you will not be able to connect with SSH, so open it in multiple windows.
[root@localhost ~]#systemctl restart sshd

You will need to change the Firewall settings (skip if firewalld is disabled). Enter the following command to copy the configuration file.

CentOS7.7


[root@localhost ~]#cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-22222.xml

Edit

CentOS7.7


vi /etc/firewalld/services/ssh-22222.xml

Change the configuration file to:

/etc/firewalld/services/ssh-22222.xml


#Here, it is 22222.
#<port protocol="tcp" port="22"/>
<port protocol="tcp" port="22222"/>

Reflect the configuration file on the firewall.

CentOS7.7


#If success is displayed, it's OK.
[root@localhost ~]#firewall-cmd --reload

Put the settings in the firewall.

CentOS7.7


#If success is displayed, it's OK.
#Even if you restart, the settings will be reflected in the firewall.
firewall-cmd --permanent --add-service=ssh-22222

Check if the firewall port is open with the following command.

CentOS7.7


#Set[ssh-22222]Is OK if exists.
[root@localhost ~]#firewall-cmd --list-all

Create user

Create a user.

CentOS7.7


#Enter any name for USERNAME.
#Example: useradd hogehoge
[root@localhost ~]#useradd {USERNAME}

User password setting

Decide on a user password.

CentOS7.7


#{USERNAME}Will use the user created above.
#Example: passed hogehoge
[root@localhost ~]#passwd {USERNAME}

sudo settings

Set the permission to use sudo. Enter the following command. Add the user to the wheel group.

CentOS7.7


#{USERNAME}Is the user you just created.
#Example: usermod -G wheel hogehoge
[root@localhost ~]#usermod -G wheel {USERNAME}

Enter the following command and confirm that the user added to the wheel group belongs.

CentOS7.7


#Example: cat /etc/group | grep hogeghoge
[root@localhost ~]#cat /etc/group | grep {USERNAME}

Enter the following command. Manages the users and groups that can be connected with sudo.

CentOS7.7


[root@localhost ~]#visudo

Make sure the commands on the following lines are not commented out (#) %wheel =ALL(ALL) ALL

#%wheel =ALL(ALL) ALL
%wheel =ALL(ALL) ALL

Log in as the user you added to the wheel group.

CentOS7.7


localhost login: hogehoge

Try editing the file using sudo.

CentOS7.7


#If you are allowed to edit the file and you can edit it, you're done.
[hogehoge@localhost ~]#sudo vi /etc/hostname

NTP settings

Set up NTP. Enter the following command.

CentOS7.7


[root@localhost ~]#vi /etc/chrony.conf

Under the item of User public servers from the pool.ntp.org project If any settings have been submitted, comment them out.

/etc/chrony.conf


Example:
#User public servers from the pool.ntp.org project
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst

After that, input the settings of the NTP server to be used. Here, the public NTP server [ntp.jst.mfeed.ad.jp] is used.

/etc/chrony.conf


#User public servers from the pool.ntp.org project
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
server ntp.jst.mfeed.ad.jp

Restart the NTP service.

CentOS7.7


[root@localhost ~]#systemctl restart chronyd.service

Check if it is synchronized with the NTP server.

CentOS7.7


#[ntp.jst.mfeed.ad.jp]It is OK if it is synchronized with.
[root@localhost ~]#chronyc sources

SSH connection prohibition setting by Root user

Set the connection prohibition by SSH as the root user. Open the SSH configuration file.

CentOS7.7


[root@localhost ~]#vi /etc/ssh/sshd_config

Change the following settings.

#PermitRootLogin yes
PermitRootLogin no

Restart the SSH service.

CentOS7.7


[root@localhost ~]#systemctl restart sshd

Disable firewall service

Disable the firewall service. Skip if you need the firewall service. Stop firewalld.service.

CentOS7.7


[root@localhost ~]#systemctl stop firewalld.service

Disable firewalld.service.

CentOS7.7


* The service will not start even if you restart.
[root@localhost ~]#systemctl disable firewalld.service

reboot.

CentOS7.7


[root@localhost ~]#reboot

After rebooting, make sure that the firewall service is not started.

CentOS7.7


[root@localhost ~]#systemctl status firewalld.service

limit setting of su

Limit the users who can su. Open the following su configuration file.

CentOS7.7


[root@localhost ~]#vi /etc/pam.d/su

Please uncomment the following. Allows only users who have been added to the wheel group to su.

CentOS7.7


#auth required pam_wheel.so use_uid quiet
auth required pam_wheel.so use_uid quiet

Make sure it fails if you su to root as a user who has not been added to the wheel group. Make sure it succeeds if you su to root as a user added to the wheel group.

CentOS7.7


It is OK if you can confirm that you can log in as the root user.
[hogehoge@localhost ~]#su hogehoge

Host name setting

Set the host name.

CentOS7.7


[hogehoge@localhost ~]#vi /etc/hostname

Change the following settings.

#localhost.localdmains
hogehoge.localdomains

reboot.

CentOS7.7


[root@localhost ~]#reboot

After rebooting, enter the following command.

CentOS7.7


#Confirm that the settings have been changed.
[root@hogehoge ~]#hostname

Time zone setting

Timezone setting (Tokyo by default in CentOS 7.7) Enter the following command.

CentOS7.7


[root@hogehoge ~]#timedatectl set-timezone Asia/Tokyo

Check with the following command.

CentOS7.7


#Asia/It's OK if it's in Tokyo.
[root@hogehoge ~]#timedatectl status

At the end

Pick up the required settings and use them. Also, if there are other settings that you think are necessary I would appreciate it if you could describe it in the comments.

That is all.

Recommended Posts

CentOS 7 basic settings after network settings
[Linux] Basic settings after OS installation of CentOS 7.3
[RHEL / CentOS 8] Network settings memo
Network settings and confirmation in CentOS7
AWS Lightsail Primer 4 Basic Settings (CentOS 7)
Network programming (basic)
CentOS 7 NW settings
CentOS 7 network initialization
Teaming (LACP) settings in CentOS 8
[CentOS] Network check / change command [RHEL]
CLI file manager ranger basic settings