30 things to be done after minimal RHEL/CentOS 7 installation (4)

30 things to be done after minimal RHEL/CentOS 7 installation (4)

30 things to be done after minimal RHEL/CentOS 7 installation (4)

17. Install Webmin

Webmin is a Web-based Linux Configuration tool. Like a central system, it is used to configure various system settings, such as user, disk allocation, service, and HTTP server, Apache, and MySQL.

1. # wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm
2. # rpm -ivh webmin-*.rpm

Install Webmin

After installing webmin, you will receive a message on the terminal asking you to log on to your host (http: // ip-address: 10000) with the root password on port 10000 ). If an interface-free server is running, you can forward the port and access it from the server with the interface. An interface-free [headless] server refers to a server without an interface or interface. In this scenario, it refers to an intranet server, you can use Internet/router ing to access this port)

18. enable third-party Libraries

Adding untrusted databases is not a good idea, especially in the production environment, which may cause fatal problems. However, as an example, here we will add some libraries that prove trustworthy to the community to install third-party tools and software packages.

Add additional software packages to the Enterprise Edition Linux (EPEL) Library.

1. # yum install epel-release

Add the Community Enterprise Edition Linux Library:

1. # rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

Install Epel Library

Note! Pay special attention when adding third-party libraries.

19. Install the 7-zip Tool

You do not have a tool similar to unzip or untar to minimize the installation of CentOS. We can choose to install each tool as needed, or a tool that can process all formats. 7-zip is a tool that can compress and decompress all known types of files.

1. # yum install p7zip

Install the 7zip Tool

Note: This package is downloaded and installed from the ora EPEL 7 library.

20. Install NTFS-3G driver

NTFS-3G, a small but very useful NTFS Driver, available on most UNIX-like distributions. It is useful for mounting and accessing the Windows NTFS file system. Although there are other available alternatives, such as Tuxera, NTFS-3G is the most widely used.

1. # yum install ntfs-3g

Install NTFS-3G for mounting Windows partitions

After the ntfs-3g is installed, you can mount the Windows NTFS partition using the following command (my Windows partition is/dev/sda5 ).

1. # mount -ro ntfs-3g /dev/sda5 /mnt
2. # cd /mnt
3. # ls -l

21. Install the Vsftpd FTP Server

VSFTPD indicates Very Secure File Transfer Protocol Daemon, which is an FTP server used for UNIX-like systems. It is one of the most efficient and secure FTP servers today.

1. # yum install vsftpd

Install Vsftpd FTP

Edit the configuration file '/etc/vsftpd. conf' to protect vsftpd.

1. # vi /etc/vsftpd/vsftpd.conf

Edit some values and keep other rows as they are, unless you know what you are doing.

1. anonymous_enable=NO
2. local_enable=YES
3. write_enable=YES
4. chroot_local_user=YES

You can also change the port number. Remember to make the vsftpd port pass through the firewall.

1. # firewall-cmd --add-port=21/tcp
2. # firewall-cmd --reload

Next, restart vsftpd and enable Automatic startup.

1. # systemctl restart vsftpd
2. # systemctl enable vsftpd

22. install and configure sudo

Sudo is usually referred to as super do or suitable user do. It is a software that uses the security permissions of other users to execute programs in UNIX-like operating systems. Let's see how to configure sudo.

1. # visudo

This will open/etc/sudoers and edit it.

Sudoers file

1. Grant all permissions (equivalent to root) to a created user (such as tecmint ).

   1. tecmint ALL=(ALL) ALL

2. If a user (such as tecmint) has been created with all permissions except restarting and disabling the server (equivalent to root ).

   First, open the file again and edit the following content:

   1. cmnd_Alias nopermit =/sbin/shutdown,/sbin/reboot

   Then, use the logical operator (!) Add this alias.

   1. tecmint ALL=(ALL) ALL,!nopermit

3. If a group (such as debian) is allowed to run some root permission commands, such as adding or deleting users ).

   1. cmnd_Alias permit =/usr/sbin/useradd,/usr/sbin/userdel

   Then, add permissions to the debian group.

   1. debian ALL=(ALL) permit

23. Install and enable SELinux

SELinux indicates Security-Enhanced Linux, which is a kernel-level Security module.

1. # yum install selinux-policy

Install SElinux policies

View the current mode of SELinux.

1. # getenforce

View SELinux Mode

The output is Enforcing, which means the SELinux policy has taken effect.

If debugging is required, you can temporarily set The selinux mode to allow. No need to restart.

1. # setenforce 0

After debugging, set selinux to forced mode again without restarting.

1. # setenforce 1

In the production environment, SELinux improves security, but it does bring a lot of trouble to application deployment and operation. Whether to deploy the service depends on the actual situation .)

24. Install Rootkit Hunter

Rootkit Hunter, abbreviated as RKhunter, is a program that scans rootkits and other potentially harmful attacks in Linux.

1. # yum install rkhunter

Install Rootkit Hunter

In Linux, run rkhunter from a script file in the form of a scheduled job or manually scan for harmful attacks.

1. # rkhunter --check

Scan rootkits

RootKit scan results