Centos7 some things to do after the installation is finished!

1. Update the system and patches

Our internet is very insecure, every day new vulnerabilities appear and repair, so be sure to update, update, UPDATE,

Yum-y Update

The above command is to check for updates and installs, including the kernel and software, which are recommended to be updated once the installation is complete, but have been put into production

System, must be carefully updated.

2, modify the SSH remote login default port

If you open some common default ports, someone will scan and try to log in every day, causing security problems and consuming resources

Vi/etc/ssh/sshd_config

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8C/9D/wKiom1hyEYWBhWyvAABmi7tToqg012.png-wh_500x0-wm_3 -wmp_4-s_285627477.png "title=" 875l5lm3i}znw86%]_[7rzl.png "alt=" Wkiom1hyeywbhwyvaabmi7ttoqg012.png-wh_50 "/>

Find #port 23,port Front default is #, remove and then change 23 to unconventional port, and then save.

Systemctl Restart sshd

Restarting the SSH service will take effect.

PS: Remember your remote connection to the port also to change, otherwise it is unable to connect.

3, prohibit the default root account login, and create a regular account for landing

or edit the file above

Vi/etc/ssh/sshd_config

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/8C/9D/wKiom1hyEzjwrsPoAAByfcmn5mI834.png-wh_500x0-wm_3 -wmp_4-s_1194767813.png "title=" 8o~udxg ' 7oh4kehtqfsrx[7.png "alt=" Wkiom1hyezjwrspoaabyfcmn5mi834.png-wh_50 "/>

Find #permitrootlogin No this line, the front of the # removed, modify no to Yes, save can.

Then do not worry about restarting the service, first create an account.

Useradd Admin

Useradd is the Create command, admin is the name of the account you want to create, and then you need to set the password for the new account.

passwd Admin

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8C/9D/wKiom1hyFPLxdBeWAAAN_tsHk-w800.png "title=" zm8p] Hs8$}ijmqgt7a~h2{3.png "alt=" Wkiom1hyfplxdbewaaan_tshk-w800.png "/>

Entering the above command will let you enter the password and determine the password, and then you can try to log in with a new account remote login.

Systemctl Restart sshd

After restarting the service, you will find that the root account cannot be logged in, enter Su after landing with a regular account, and then enter the root password

You can use root permissions.

4. Turn off SELinux

This is a security service, but the configuration is complex and can affect the deployment of many software.

Vi/etc/selinux/config

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8C/99/wKioL1hyFzSRlADlAABNEzbvcvo980.png-wh_500x0-wm_3 -wmp_4-s_283090371.png "title=" @VG ' 9k@ob9m]4i]{cr28gm5.png "alt=" Wkiol1hyfzsrladlaabnezbvcvo980.png-wh_50 "/>

Find #selinux=enforcing, change to selinux=disabled, like, save. This operation requires a reboot

To take effect permanently, so you can temporarily close it.

Setenforce 0

View the commands that are in effect

Sestatus

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8C/9A/wKioL1hyGBSwCxHeAAAKEDzV_Ts304.png "title=" JK) 3j9@%6y3%p@ @OESR01}a.png "alt=" Wkiol1hygbswcxheaaakedzv_ts304.png "/>

Show off on the modification succeeded!

Centos7 some things to do after the installation is finished!