CentOS is a popular Linux distribution widely used in the server field. Before preparing to put the newly installed CentOS system into production, we must perform some basic configuration. These configurations are designed to ensure system security and stability.
By default, the root user password of CentOS system is "centos". To improve security, use the passwd command to change the default password.
passwd root
To further improve security, you can restrict the root user to only log in through SSH, and prohibit the root user from logging in directly to the system console.
Edit file:/etc/ssh/sshd_config
Find the following line:
PermitRootLogin yes
Modify it to:
PermitRootLogin no
Restart SSH service:
systemctl restart sshd
You can install some security software, such as:
Fail2ban: Can help defend against brute force attacks.
Rkhunter: Can help scan your system for potential security vulnerabilities.
Lynis: Can help conduct a comprehensive system security audit.
You can use the yum command to install security software:
yum install fail2ban rkhunter lynis
CentOS system uses firewalld firewall by default. Firewall rules can be configured using the firewalld command.
Allow SSH service through the firewall:
firewall-cmd --permanent --add-service=ssh
Open other necessary ports:
Other necessary ports can be opened as needed. For example, if you want to run a web service, you need to open ports 80 and 443.
View current firewall rules:
firewall-cmd --list-all
Save firewall rules:
firewall-cmd --reload
If the system needs to use a static IP address, you can edit the configuration file to configure it.
Edit file:/etc/sysconfig/network-scripts/ifcfg-eth0
Where eth0 is the name of the network card.
Modify the following content:
DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=192.168.1.100 NETMASK=255.255.255.0 GATEWAY=192.168.1.1
Restart network service:
systemctl restart network
If the system needs to use DHCP dynamic IP address, modify the configuration file as follows:
Edit file:/etc/sysconfig/network-scripts/ifcfg-eth0
Modify the following content:
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes
Restart network service:
systemctl restart network
Selinux is a mandatory access control (MAC) system that improves system security. However, the configuration of Selinux may be complicated and may affect the normal operation of some applications. If you are unfamiliar with Selinux configuration, it is recommended to turn it off.
Edit file:/etc/selinux/config
Modify the following content:
SELINUX=disabled
Restart the system:
reboot
You can use the ntpdate command to set the system time:
ntpdate ntp.aliyun.com
You can install some common software according to your needs, such as:
The above is the detailed content of After installing the Linux system, what basic configurations need to be done?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
