Computer Tutorials
Computer Knowledge
After installing the Linux system, what basic configurations need to be done?
After installing the Linux system, what basic configurations need to be done?
CentOS is a popular Linux distribution widely used in the server field. Before preparing to put the newly installed CentOS system into production, we must perform some basic configuration. These configurations are designed to ensure system security and stability.
1. Reinforce the system
1.1 Change default password
By default, the root user password of CentOS system is "centos". To improve security, use the passwd command to change the default password.
passwd root
1.2 Restrict root user login
To further improve security, you can restrict the root user to only log in through SSH, and prohibit the root user from logging in directly to the system console.
Edit file:/etc/ssh/sshd_config
Find the following line:
PermitRootLogin yes
Modify it to:
PermitRootLogin no
Restart SSH service:
systemctl restart sshd
1.3 Install security software
You can install some security software, such as:
Fail2ban: Can help defend against brute force attacks.
Rkhunter: Can help scan your system for potential security vulnerabilities.
Lynis: Can help conduct a comprehensive system security audit.
You can use the yum command to install security software:
yum install fail2ban rkhunter lynis
1.4 Configure firewall
CentOS system uses firewalld firewall by default. Firewall rules can be configured using the firewalld command.
Allow SSH service through the firewall:
firewall-cmd --permanent --add-service=ssh
Open other necessary ports:
Other necessary ports can be opened as needed. For example, if you want to run a web service, you need to open ports 80 and 443.
View current firewall rules:
firewall-cmd --list-all
Save firewall rules:
firewall-cmd --reload
2. Configure IP address
2.1 Configure static IP address
If the system needs to use a static IP address, you can edit the configuration file to configure it.
Edit file:/etc/sysconfig/network-scripts/ifcfg-eth0
Where eth0 is the name of the network card.
Modify the following content:
DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=192.168.1.100 NETMASK=255.255.255.0 GATEWAY=192.168.1.1
Restart network service:
systemctl restart network
2.2 Configure DHCP dynamic IP address
If the system needs to use DHCP dynamic IP address, modify the configuration file as follows:
Edit file:/etc/sysconfig/network-scripts/ifcfg-eth0
Modify the following content:
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes
Restart network service:
systemctl restart network
3. Turn off Selinux
Selinux is a mandatory access control (MAC) system that improves system security. However, the configuration of Selinux may be complicated and may affect the normal operation of some applications. If you are unfamiliar with Selinux configuration, it is recommended to turn it off.
Edit file:/etc/selinux/config
Modify the following content:
SELINUX=disabled
Restart the system:
reboot
4. Other configuration
4.1 Set system time
You can use the ntpdate command to set the system time:
ntpdate ntp.aliyun.com
4.2 Install commonly used software
You can install some common software according to your needs, such as:
- vim: text editor
- wget:Download tool
- unzip: decompression tool
- tree: View directory tree
The above is the detailed content of After installing the Linux system, what basic configurations need to be done?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Log in to Ubuntu as superuser
Mar 20, 2024 am 10:55 AM
In Ubuntu systems, the root user is usually disabled. To activate the root user, you can use the passwd command to set a password and then use the su- command to log in as root. The root user is a user with unrestricted system administrative rights. He has permissions to access and modify files, user management, software installation and removal, and system configuration changes. There are obvious differences between the root user and ordinary users. The root user has the highest authority and broader control rights in the system. The root user can execute important system commands and edit system files, which ordinary users cannot do. In this guide, I'll explore the Ubuntu root user, how to log in as root, and how it differs from a normal user. Notice
How to input Chinese in centos
Apr 07, 2024 pm 08:21 PM
Methods for using Chinese input in CentOS include: using the fcitx input method: install and enable fcitx, set shortcut keys, press the shortcut keys to switch input methods, and input pinyin to generate candidate words. Use iBus input method: Install and enable iBus, set shortcut keys, press the shortcut keys to switch input methods, and input pinyin to generate candidate words.
How to read USB disk files in centos7
Apr 07, 2024 pm 08:18 PM
To read U disk files in CentOS 7, you need to first connect the U disk and confirm its device name. Then, use the following steps to read the file: Mount the USB flash drive: mount /dev/sdb1 /media/sdb1 (replace "/dev/sdb1" with the actual device name) Browse the USB flash drive file: ls /media/sdb1; cd /media /sdb1/directory; cat file name
How to enter root permissions in centos7
Apr 02, 2024 pm 08:57 PM
There are two ways to enter the root authority of CentOS 7: use the sudo command: enter sudo su - in the terminal and enter the current user password. Log in directly as the root user: Select "Other" on the login screen, enter "root" and the root password. Note: Operate carefully with root privileges, perform tasks with sudo privileges, and change the root password regularly.
SCP usage tips-recursively exclude files
Apr 22, 2024 am 09:04 AM
One can use the scp command to securely copy files between network hosts. It uses ssh for data transfer and authentication. Typical syntax is: scpfile1user@host:/path/to/dest/scp -r/path/to/source/user@host:/path/to/dest/scp exclude files I don't think you can when using scp command Filter or exclude files. However, there is a good workaround to exclude the file and copy it securely using ssh. This page explains how to filter or exclude files when copying directories recursively using scp. How to use rsync command to exclude files The syntax is: rsyncav-essh-
What to do if you forget your password to log in to centos
Apr 07, 2024 pm 07:33 PM
Solutions for forgotten CentOS passwords include: Single-user mode: Enter single-user mode and reset the password using passwd root. Rescue Mode: Boot from CentOS Live CD/USB, mount root partition and reset password. Remote access: Use SSH to connect remotely and reset the password with sudo passwd root.
What should I do if I forget my centos username and password?
Apr 02, 2024 pm 08:54 PM
After forgetting your CentOS username and password, there are two ways to restore access: Reset the root password: Restart the server, edit the kernel command line in the GRUB menu, add "rw init=/sysroot/bin/sh" and press Ctrl+x ;Mount the root file system and reset the password in single-user mode. Use rescue mode: Start the server from the CentOS installation ISO image, select rescue mode; mount the root file system, copy the chroot environment from the ISO image, reset the password, exit the chroot environment and restart the server.
How to enable root permissions in centos7
Apr 07, 2024 pm 08:03 PM
CentOS 7 disables root permissions by default. You can enable it by following the following steps: Temporarily enable it: Enter "su root" on the terminal and enter the root password. Permanently enabled: Edit "/etc/ssh/sshd_config", change "PermitRootLogin no" to "yes", and restart the SSH service.
