30 Things to Do After Minimal RHEL/CentOS 7 Installation
Webmin is a Web based configuration tool for Linux. It acts as a central system to configure various system configuration like users, disk quota, services and configurations of HTTP server, Apache, MySQL, etc.
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm # rpm -ivh webmin-*.rpm
After webmin installation, you will get a message on terminal to login to your host (http://ip-address:10000) using your root password on port number 10000. If running a headless server you can forward the port and access it on a machine/server that is headed.
It is not a good idea to add untrusted repositories specially in production and it may be fatal. However just for example here we will be adding a few community approved trusted repositories to install third party tools and packages.
Add Extra Package for Enterprise Linux (EPEL) Repository.
# yum install epel-release
Add Community Enterprise Linux Repository.
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
Attention! Extra care is needs to be taken while adding Third Party Repository.
In the CentOS Minimal Install you don’t get utility like unzip or unrar. We have the option to install each utility as required or an utility that servers for all. 7-zip is such an utility which compress and extract files of all known types.
# yum install p7zip
Notice: The package is downloaded and installed from Fedora EPEL 7 Repository.
A small yet very useful NTFS driver called NTFS-3G is available for most of the UNIX-like distribution. It is useful to mount and access Windows NTFS file system. Though other alternatives like Tuxera NTFS is available, NTFS-3G is most widely used.
# yum install ntfs-3g
After installing ntfs-3g has been installed, you can mount Windows NTFS partitions (where /dev/sda5 is my windows drive) using following command.
# mount -ro ntfs-3g /dev/sda5 /mnt # cd /mnt # ls -l
VSFTPD which stands for Very Secure File Transfer Protocol Daemon is a FTP server for UNIX-like System. It is one of the most efficient and secure FTP Server available today.
# yum install vsftpd
Edit the configuration file located at ‘/etc/vsftpd/vsftpd.conf‘ to secure vsftpd.
# vi /etc/vsftpd/vsftpd.conf
Edit a few fields and leave other as it is, unless you know what you are doing.
anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES
You may also change the port number and open vsftpd port through the firewall.
# firewall-cmd --add-port=21/tcp # firewall-cmd --reload
Next restart vsftpd and enable to start at boot time.
# systemctl restart vsftpd # systemctl enable vsftpd
sudo which is commonly called as super do as well as suitable user do is a program for UNIX-like operating system to execute a program with the security privileged of another user. Let’s see how to configure sudo…
It will open the file /etc/sudoers for editing..
Give all the permission (equal to root) to a user (say tecmint), that has already been created.
tecmint ALL=(ALL) ALL
Give all the permission (equal to root) to a user (say tecmint), except the permission to reboot and shutdown the server.
Again open the same file and edit it with the below contents.
cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot
Then add alias with Logical (!) operator.
tecmint ALL=(ALL) ALL,!nopermit
Give permission to a group (say debian) to run a few root privilege command say (add user and delete user) .
cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel
And then add the permission to group debian.
debian ALL=(ALL) permit
SELinux which stands for Security-Enhanced Linux is a security module at kernel level.
# yum install selinux-policy
Check SELinux Mode.
The output is enforcing mode which means SELinux policy is in effect.
For debugging, set selinux mode to permissive temporarily. No need to reboot.
# setenforce 0
After debugging set selinux to enforcing again without rebooting.
# setenforce 1
Rootkit Hunter abbreviated as Rkhunter is an application that scan rootkits and other potentially harmful exploits in Linux systems.
# yum install rkhunter
Run rkhunter as a scheduled job, from a script file or manually to scan harmful exploits in Linux.
# rkhunter --check