[Last time] I have installed CentOS8_1 and CentOS8 (1905), but this time I would like to open the network and update the system with package management dnf.
For the time being, before opening the network, I will close the free ports such as SSH by default.
Of course, after the network is opened, it will be possible to connect with SSH, but since we want to be able to connect with proper security, we will close unnecessary ports once.
Immediately, check the free port with the firewall-cmd command.
[root@localhost ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As the name suggests, firewall-cmd is a command to set the firewall.
You can see the current settings in a list with firewall-cmd --list-all.
services: cockpit dhcpv6-client ssh
The port specified by the service cockpit`` dhcpv6-client ssh is free.
cockpit seems to be a tool that allows you to manage your system on your browser, but you don't need it, so close it permanently.
dhcpv6-client seems to be necessary if you use Ipv6, but I don't need it for the time being, so I will close it permanently.
You can open ssh after setting it properly later, so close it temporarily.
So, I will delete everything for the time being.
[root@localhost ~]# firewall-cmd --permanent --remove-service=cockpit
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=dhcpv6-client
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=ssh
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
It was refreshing.
Network settings are made with the nmcli command.
First, check the current situation.
[root@localhost ~]# nmcli device
DEVICE TYPE STATE CONNECTION
ens3 ethernet disconnected--
lo loopback No management--
ʻEns3` becomes the NIC, but as you can see, it is disconnected, so connect it.
[root@localhost ~]# nmcli connection modify ens3 connection.autoconnect yes
status check.
[root@localhost ~]# nmcli device
DEVICE TYPE STATE CONNECTION
ens3 ethernet connected ens3
lo loopback No management--
Connected.
Since it is set to connection.autoconnect yes, it will be connected automatically after that.
dnfCentOS7 used yum, but from CentOS it seems to be dnf. It seems that yum can also be used, but it seems that it just wraps dnf, so I will obediently use dnf.
Update the packages installed on your system.
[root@localhost ~]# dnf update
...
Is this okay? [y/N]:
There is a list of straws, and you will be asked if you want to install it, so press y to enter.
By the way, if you don't want to press y, you can execute it with the -y option and it will be y. Usability is almost the same as yum.
[root@localhost ~]# dnf update -y
Occasionally dnf update to keep your system up to date.
It may be a problem for server administrators etc. if it is updated without permission, but in my case it is built for study purposes only, so I think that it is not a good idea to keep it up to date. .. ..
For the time being, the network has been opened, but after that, we need to be able to create users and connect to SSH. Here's what I want to do after this:
and manage users with LDAP`.SSH to allow the LDAP account to log in with public key authentication.So, it will be a while before you can connect with SSH ~
Recommended Posts