Vous êtes sur la page 1sur 17

30 Things to Do After Minimal RHEL/CentOS 7 Installation

Register and Enable Red Hat Subscription


Configure Network with Static IP Address

# yum install net-tools


# ip addr show
# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
IPADDR = “[Enter your static IP here]”
GATEWAY = “[Enter your Default Gateway]”
DNS1 = “[Your Domain Name System 1]”
DNS2 = “[Your Domain Name System 2]”
# service network restart
# ip addr show
# ping -c4 google.com
Set Hostname of Server

# echo $HOSTNAME
# vi /etc/hostname
$ echo $HOSTNAME
Update or Upgrade CentOS Minimal Install

# yum update && yum upgrade


Or
# yum -y update && yum -y upgrade
Install Command Line Web Browser

# yum install links

Install Apache HTTP Server

# yum install httpd


LISTEN 80
# firewall-cmd --add-service=http
# firewall-cmd -permanent -add-port=3221/tcp
# firewall-cmd –reload
# systemctl restart httpd.service

# systemctl start httpd.service


# systemctl enable httpd.service
# links 127.0.0.1

Install PHP

# yum install php


# systemctl restart httpd.service
# echo -e "<?php\nphpinfo();\n?>" > /var/www/html/phpinfo.php
# php /var/www/html/phpinfo.php
OR
# links http://127.0.0.1/phpinfo.php

Install MariaDB Database

# yum install mariadb-server mariadb


# systemctl start mariadb.service
# systemctl enable mariadb.service
# firewall-cmd --add-service=mysql
# /usr/bin/mysql_secure_installation

Install and Configure SSH Server

# SSH –V
Or
# SSHD –V
Use Secure Protocol over the default SSH Protocol and change port
number also for extra Security. Edit the SSH configuration file
‘/etc/ssh/sshd_config‘.
Uncomment the line below line or delete 1 from the Protocol string, so
the line seems like:

# Protocol 2,1 (Original)


Protocol 2 (Now)

Disable SSH ‘root login‘ and allow to connect to root only after login to
normal user account for added additional Security. For this, open and
edit configuration file ‘/etc/ssh/sshd_config‘ and change

PermitRootLogin yes t PermitRootLogin no.


# PermitRootLogin yes (Original)
PermitRootLogin no (Now)

# systemctl restart sshd.service

Install GCC (GNU Compiler Collection)

# yum install gcc


# gcc –version

Install Java

# yum install java


# java –version

Install Apache Tomcat

# yum install tomcat


# systemctl start tomcat
# /usr/sbin/tomcat version

Add service tomcat and default port (8080) through firewall and reload
settings.

# firewall-cmd --zone=public --add-port=8080/tcp --permanent


# firewall-cmd --reload

Now it’s time to secure tomcat server, create a user and a password to
access and manage. We need to edit file ‘/etc/tomcat/tomcat-
users.xml‘. See the section which looks like:

<tomcat-users>
....
</tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="username" password="username" roles="manager-
gui,manager-script,manager-jmx,manager-status,admin-gui,admin-
script"/>
</tomcat-users>
# systemctl stop tomcat
# systemctl start tomcat
# systemctl enable tomcat.service

Install Nmap to Monitor Open Ports

# yum install nmap


# nmap 127.0.01
# firewall-cmd --list-ports

FirewallD Configuration

# systemctl status firewalld


OR
# firewall-cmd –state
# firewall-cmd --get-zones
# firewall-cmd --zone=work --list-all
# firewall-cmd --get-default-zone
# firewall-cmd --set-default-zone=work
# firewall-cmd --list-services
# firewall-cmd --add-service=http
# firewall-cmd –reload
# firewall-cmd --add-service=http --permanent
# firewall-cmd –reload
# firewall-cmd --remove-service=http
# firewall-cmd –reload
# firewall-cmd --zone=work --remove-service=http --permanent
# firewall-cmd –reload
# firewall-cmd --add-port=331/tcp
# firewall-cmd --reload
# firewall-cmd --add-port=331/tcp --permanent
# firewall-cmd –reload
# firewall-cmd --remove-port=331/tcp
# firewall-cmd –reload
# firewall-cmd --remove-port=331/tcp --permanent
# firewall-cmd –reload
# systemctl stop firewalld
# systemctl disable firewalld
# firewall-cmd –state
# systemctl enable firewalld
# systemctl start firewalld
# firewall-cmd –state

Installing Wget

# yum install wget

Installing Telnet

# yum install telnet


# telnet google.com 80
Installing Webmin

# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-
1.noarch.rpm
# rpm -ivh webmin-*.rpm

Enable Third Party Repositories

# yum install epel-release


# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-
2.el7.elrepo.noarch.rpm

Install 7-zip Utility

# yum install p7zip

Install NTFS-3G Driver

# yum install ntfs-3g


# mount -ro ntfs-3g /dev/sda5 /mnt
# cd /mnt
# ls –l

Install Vsftpd FTP Server

# yum install vsftpd


# vi /etc/vsftpd/vsftpd.conf

Edit a few fields and leave other as it is, unless you know what you are
doing.
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
# firewall-cmd --add-port=21/tcp
# firewall-cmd –reload
# systemctl restart vsftpd
# systemctl enable vsftpd

Install and Configure sudo

# visudo

It will open the file /etc/sudoers for editing..


Give all the permission (equal to root) to a user (say username), that
has already been created.
username ALL=(ALL) ALL
Give all the permission (equal to root) to a user (say username), except
the permission to reboot and shutdown the server.
Again open the same file and edit it with the below contents.
cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot
Then add alias with Logical (!) operator.
username ALL=(ALL) ALL,!nopermit
And then add the permission to group debian.
cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel
debian ALL=(ALL) permit

Install and Enable SELinux


# yum install selinux-policy
# getenforce
# setenforce 0
# setenforce 1

Install Rootkit Hunter

# yum install rkhunter


# rkhunter –check

Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus
Engine

# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xvf maldetect-current.tar.gz
# ls -l | grep maldetect
# ./install.sh

Configuring Linux Malware Detect

Summing up, the lines with these variables should look as follows in
/usr/local/maldetect/conf.maldet:
email_alert=1
email_addr=gacanepa@localhost
email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
quar_hits=1
quar_clean=1
quar_susp=1
clam_av=1

To install ClamAV in order to take advantage of the clamav_scan setting,


follow these steps:

Create the repo file /etc/yum.repos.d/dag.repo:


[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
enabled=1
# yum update && yum install clamd

Testing Linux Malware Detect

# cd /var/www/html
# wget http://www.eicar.org/download/eicar.com
# wget http://www.eicar.org/download/eicar.com.txt
# wget http://www.eicar.org/download/eicar_com.zip
# wget http://www.eicar.org/download/eicarcom2.zip
# maldet --scan-all /var/www/
# maldet --scan-all /var/www/*.zip
# maldet --report 021015-1051.3559
# ls –l

You can then remove all quarantined files with:

# rm -rf /usr/local/maldetect/quarantine/*
In case that,
# maldet --clean SCANID

Final Considerations

PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
SHELL=/bin/bash

END

Installing PlayOnLinux on Ubuntu & CentOS

$ sudo wget -O /etc/yum.repos.d/playonlinux.repo


http://rpm.playonlinux.com/playonlinux.repo

$ sudo yum install -y wine wxPython cabextract SDL.i686 p7zip-plugins


p7zip ImageMagick libXaw xterm mesa-dri-drivers.i686 mesa-libGL.i686
libGLEW.i686 mesa-libGLU.i686 nc

$ sudo yum install -y playonlinux

Now just run PlayOnLinux ignoring the error message in openGL:

$ playonlinux

centOS – Microsoft Internet explorer, ie, linux ie


1. IEs4Linux, project is doing that.

2. wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-
latest.tar.gz

3. # tar xvfz ies4linux-latest.tar.gz -C /root/

4. # ls

ies4linux lang lib LICENSE mac README ui winereg

# ./ies4linux

You need to install wine first!


Download it here: http://www.winehq.org

5. [root@www ies4linux-2.99.0.1]# yum install wine cabextract

How to clean up mysql installation on centos

# rpm -qa | grep mysql

It will list all installed mysql packages on your system. Eg: mysql-libs-
5.1.73-3.el6_5.x86_64

now execute the command:

# yum remove <name displayed in above step-1>

How to clean up mariadb installation on centos


rpm -qa | grep maria

It will list all installed mariadb packages on your system. Eg:

mariadb-server-5.5.56-2.el7.x86_64
mariadb-libs-5.5.56-2.el7.x86_64
mariadb-5.5.56-2.el7.x86_64

now execute the command:

# yum remove <name displayed in above step-1>

RED HAT ENTERISE LINUX 5, 6, AND 7


Common administrative commands

View subscription information

subscription-manager identity

Confgure subscription

subscription-manager
rhn_register
View system profile

sosreport
dmidecode
lstopo
lscp

View RHEL version information

/etc/redhat-release

View system profle

sosreport
dmidecode
lstopo
lscp

View RHEL version information


/etc/redhat-release

BASIC CONFIGURATION
Graphical confguration tools
gnome-control-center
Confgure network
nmcli
nmtui
nm-connection-editor

Confgure system language


Localectl

Confgure time and date


timedatectl
/etc/chrony.conf
ntpdate

Confgure keyboard
Localectl

Text-based confguration tools


system-confg-*-tui

Confgure printer
system-confg-printer

Confgure SSH
/etc/ssh/ssh_confg
/etc/ssh/sshd_confg
~/.ssh/confg ssh-keygen
SOFTWARE MANAGEMENT

Install software
yum install
yum group install

View software inf


yum info
yum group info

Update software
yum update

Upgrade software
yum upgrade

Confgure software repository


subscription-manager repos
/etc/yum.repos.d/*.repo

Find fle in package


rpm -qf flename
yum provides flename-glob

View software
version