6.5 KiB
30 Things to Do After Minimal RHEL/CentOS 7 Installation--4
17. Installing Webmin
Webmin is a Web based configuration tool for Linux. It acts as a central system to configure various system configuration like users, disk quota, services and configurations of HTTP server, Apache, MySQL, etc.
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm
# rpm -ivh webmin-*.rpm
Install Webmin
After webmin installation, you will get a message on terminal to login to your host (http://ip-address:10000) using your root password on port number 10000. If running a headless server you can forward the port and access it on a machine/server that is headed.
18. Enable Third Party Repositories
It is not a good idea to add untrusted repositories specially in production and it may be fatal. However just for example here we will be adding a few community approved trusted repositories to install third party tools and packages.
Add Extra Package for Enterprise Linux (EPEL) Repository.
# yum install epel-release
Add Community Enterprise Linux Repository.
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
Install Epel Repo
Attention! Extra care is needs to be taken while adding Third Party Repository.
19. Install 7-zip Utility
In the CentOS Minimal Install you don’t get utility like unzip or unrar. We have the option to install each utility as required or an utility that servers for all. 7-zip is such an utility which compress and extract files of all known types.
# yum install p7zip
Install 7zip Tool
Notice: The package is downloaded and installed from Fedora EPEL 7 Repository.
20. Install NTFS-3G Driver
A small yet very useful NTFS driver called NTFS-3G is available for most of the UNIX-like distribution. It is useful to mount and access Windows NTFS file system. Though other alternatives like Tuxera NTFS is available, NTFS-3G is most widely used.
# yum install ntfs-3g
Install NTFS-3G to Mount Windows Partition
After installing ntfs-3g has been installed, you can mount Windows NTFS partitions (where /dev/sda5 is my windows drive) using following command.
# mount -ro ntfs-3g /dev/sda5 /mnt
# cd /mnt
# ls -l
21. Install Vsftpd FTP Server
VSFTPD which stands for Very Secure File Transfer Protocol Daemon is a FTP server for UNIX-like System. It is one of the most efficient and secure FTP Server available today.
# yum install vsftpd
Install Vsftpd FTP
Edit the configuration file located at ‘/etc/vsftpd/vsftpd.conf‘ to secure vsftpd.
# vi /etc/vsftpd/vsftpd.conf
Edit a few fields and leave other as it is, unless you know what you are doing.
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
You may also change the port number and open vsftpd port through the firewall.
# firewall-cmd --add-port=21/tcp
# firewall-cmd --reload
Next restart vsftpd and enable to start at boot time.
# systemctl restart vsftpd
# systemctl enable vsftpd
22. Install and Configure sudo
sudo which is commonly called as super do as well as suitable user do is a program for UNIX-like operating system to execute a program with the security privileged of another user. Let’s see how to configure sudo…
# visudo
It will open the file /etc/sudoers for editing..
sudoers File
Give all the permission (equal to root) to a user (say tecmint), that has already been created.
tecmint ALL=(ALL) ALL
Give all the permission (equal to root) to a user (say tecmint), except the permission to reboot and shutdown the server.
Again open the same file and edit it with the below contents.
cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot
Then add alias with Logical (!) operator.
tecmint ALL=(ALL) ALL,!nopermit
Give permission to a group (say debian) to run a few root privilege command say (add user and delete user) .
cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel
And then add the permission to group debian.
debian ALL=(ALL) permit
23. Install and Enable SELinux
SELinux which stands for Security-Enhanced Linux is a security module at kernel level.
yum install selinux-policy
Install SElinux Policy
Check SELinux Mode.
# getenforce
Check SELinux Mode
The output is enforcing mode which means SELinux policy is in effect.
For debugging, set selinux mode to permissive temporarily. No need to reboot.
# setenforce 0
After debugging set selinux to enforcing again without rebooting.
# setenforce 1
24. Install Rootkit Hunter
Rootkit Hunter abbreviated as Rkhunter is an application that scan rootkits and other potentially harmful exploits in Linux systems.
# yum install rkhunter
Install Rootkit Hunter
Run rkhunter as a scheduled job, from a script file or manually to scan harmful exploits in Linux.
# rkhunter --check
Scan for rootkits
RootKit Scan Results
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/4/
作者:Avishek Kumar 译者:译者ID 校对:校对者ID