[LINUX] CentOS8 server construction (network opening and package update)

Introduction

[Last time] I have installed CentOS8_1 and CentOS8 (1905), but this time I would like to open the network and update the system with package management dnf.

Close open ports

For the time being, before opening the network, I will close the free ports such as SSH by default. Of course, after the network is opened, it will be possible to connect with SSH, but since we want to be able to connect with proper security, we will close unnecessary ports once.

Immediately, check the free port with the firewall-cmd command.

[root@localhost ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

As the name suggests, firewall-cmd is a command to set the firewall. You can see the current settings in a list with firewall-cmd --list-all.

  services: cockpit dhcpv6-client ssh

The port specified by the service cockpit`` dhcpv6-client ssh is free.

cockpit seems to be a tool that allows you to manage your system on your browser, but you don't need it, so close it permanently. dhcpv6-client seems to be necessary if you use Ipv6, but I don't need it for the time being, so I will close it permanently. You can open ssh after setting it properly later, so close it temporarily.

So, I will delete everything for the time being.

[root@localhost ~]# firewall-cmd --permanent --remove-service=cockpit
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=dhcpv6-client
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=ssh
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

It was refreshing.

Open the network

Network settings are made with the nmcli command. First, check the current situation.

[root@localhost ~]# nmcli device
DEVICE  TYPE      STATE     CONNECTION
ens3 ethernet disconnected--
lo loopback No management--

ʻEns3` becomes the NIC, but as you can see, it is disconnected, so connect it.

[root@localhost ~]# nmcli connection modify ens3 connection.autoconnect yes

status check.

[root@localhost ~]# nmcli device
DEVICE  TYPE      STATE     CONNECTION
ens3 ethernet connected ens3
lo loopback No management--

Connected. Since it is set to connection.autoconnect yes, it will be connected automatically after that.

Update with package management dnf

CentOS7 used yum, but from CentOS it seems to be dnf. It seems that yum can also be used, but it seems that it just wraps dnf, so I will obediently use dnf.

Update the packages installed on your system.

[root@localhost ~]# dnf update
...
Is this okay? [y/N]:

There is a list of straws, and you will be asked if you want to install it, so press y to enter. By the way, if you don't want to press y, you can execute it with the -y option and it will be y. Usability is almost the same as yum.

[root@localhost ~]# dnf update -y

Occasionally dnf update to keep your system up to date. It may be a problem for server administrators etc. if it is updated without permission, but in my case it is built for study purposes only, so I think that it is not a good idea to keep it up to date. .. ..

Up to here for this time

For the time being, the network has been opened, but after that, we need to be able to create users and connect to SSH. Here's what I want to do after this:

So, it will be a while before you can connect with SSH ~

Related article

Recommended Posts

CentOS8 server construction (network opening and package update)
Network settings and confirmation in CentOS7
Server construction with CONOHA VPS (CentOS)
Linux server construction link summary (CentOS7)
Create an account from CentOS mail server construction
Linux (CentOS) construction
CentOS 7 network initialization
Web system construction (super basic) ③: DB server construction and basic operation
Web system construction (super basic) ②: AP server construction and basic operation