30 things to do after installing the minimized Rhel/centos 7 (four) yards of rural network

17. Installing Webmin

Webmin is a WEB-based Linux Configuration tool. It is like a central system for configuring various system settings, such as users, disk allocations, services, and configuration of HTTP servers, Apache, MySQL, and so on.

# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm# RPM-IVH webmin-*.rpm

Installing Webmin

After installing Webmin, you will get a message on the terminal that prompts you to log in to your host (http://ip-address:10000) on port 10000 with the root password. If you are running a server without an interface, you can go to the port and then access it from the server that has the interface. (LCTT: No interface [headless] server refers to a server that does not have an interface or interface, in this scenario, it refers to an intranet server, which can be accessed by an extranet/router map)

18. Enable third-party libraries

Adding untrusted libraries is not a good idea, especially in a production environment, which can lead to fatal problems. But just as an example here we will add some community-proven trusted libraries to install third-party tools and packages.

Add additional packages for the Enterprise Linux (EPEL) library.

# yum Install Epel-release

Add Community Enterprise Linux (Community Enterprise Linux) libraries:

# RPM-UVH http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

Installing the Epel Library

Watch out! It is especially important to note when adding third-party libraries.

19. Installing the 7-zip tool

You didn't get a tool like unzip or Untar when you minimized the CentOS installation. We can choose to install each tool as needed, or a tool that can handle all formats. 7-zip is a tool that can compress and decompress all known types of files.

# yum Install P7zip

Installing 7zip Tools

Note : The package is downloaded and installed from the library in Fedora EPEL 7.

20. Installing the NTFS-3G Drive

NTFS-3G, a small but very useful NTFS driver, is available on most Unix-like distributions. It is useful for mounting and accessing the Windows NTFS file system. Although there are other alternatives available, such as Tuxera, NTFS-3G is the most widely used.

# yum Install ntfs-3g

Installing NTFS-3G for mounting Windows partitions

After the ntfs-3g installation is complete, you can use the following command to mount the Windows NTFS partition (my Windows partition is/dev/sda5).

# Mount-ro ntfs-3g/dev/sda5/mnt# cd/mnt# ls-l

21. Install the VSFTPD FTP server

VSFTPD represents the Very Secure File Transfer Protocol Daemon, which is an FTP server for Unix-like systems. It is one of the most efficient and secure FTP servers today.

# yum Install vsftpd

Installing VSFTPD FTP

Edit Profile '/etc/vsftpd/vsftpd.conf ' to protect vsftpd.

# vi/etc/vsftpd/vsftpd.conf

Edit some values and leave the other lines intact, unless you know what you're doing.

Anonymous_enable=nolocal_enable=yeswrite_enable=yeschroot_local_user=yes

You can also change the port number and remember to let the VSFTPD port pass through the firewall.

# firewall-cmd--add-port=21/tcp# firewall-cmd--reload

The next step is to restart the VSFTPD and enable start-up automatically.

# systemctl Restart vsftpd# systemctl enable VSFTPD

22. Installing and configuring sudo

Sudo is often referred to as super do or suitable user do, which is a software that executes programs with the security rights of other users in a UNIX-like operating system. Let's look at how to configure Sudo.

# Visudo

This will open the/etc/sudoers and edit it.

sudoers file

1. Give all permissions (equivalent to root) to an already created user (such as Tecmint).

   Tecmint   all= (All)    all

2. If you give an already created user (such as tecmint) all permissions except the restart and shutdown server (equivalent to root).

   First, open the file again and edit the following:

   Cmnd_alias nopermit =/sbin/shutdown,/sbin/reboot

   Then, add the alias with the logical operator (!).

   Tecmint   all= (All)    All,!nopermit

3. If you allow a group (such as Debian) to run some root commands, such as (add or remove users).

   Cmnd_alias permit =/usr/sbin/useradd,/usr/sbin/userdel

   Then, add permissions to the group Debian.

   Debian all= (All) permit

23. Install and enable SELinux

SELinux represents security-enhanced Linux, which is a kernel-level security module.

# yum Install Selinux-policy

Installing SElinux Policies

View the SELinux current mode.

# Getenforce

View SELinux Mode

The output is enforcing, which means that the SELinux policy is already in effect.

If debugging is required, you can temporarily set the SELinux mode to allow. No restart is required.

# Setenforce 0

After debugging, set the SELinux to mandatory mode again, without restarting.

# setenforce 1

LCTT: In a production environment, SELinux will certainly improve security, but it does bring a lot of trouble to application deployment and operation. Specific deployment needs to be based on the situation. ）

24. Installing the Rootkit Hunter

Rootkit Hunter, abbreviated as Rkhunter, is a program that scans rootkits and other potentially harmful attacks on Linux systems.

# yum Install Rkhunter

Installing Rootkit Hunter

In Linux, run Rkhunter from a script file as a scheduled job or manually scan for harmful attacks.

# Rkhunter--check

Scan rootkits

RootKit Scan Results

30 things to do after installing the minimized Rhel/centos 7 (four) yards of rural network