After installing the Linux system, what basic configurations need to be done?

CentOS is a popular Linux distribution widely used in the server field. Before preparing to put the newly installed CentOS system into production, we must perform some basic configuration. These configurations are designed to ensure system security and stability.

1. Reinforce the system

1.1 Change default password

By default, the root user password of CentOS system is "centos". To improve security, use the passwd command to change the default password.

passwd root

1.2 Restrict root user login

To further improve security, you can restrict the root user to only log in through SSH, and prohibit the root user from logging in directly to the system console.

Edit file:/etc/ssh/sshd_config

Find the following line:

PermitRootLogin yes

Modify it to:

PermitRootLogin no

Restart SSH service:

systemctl restart sshd

1.3 Install security software

You can install some security software, such as:

Fail2ban: Can help defend against brute force attacks.

Rkhunter: Can help scan your system for potential security vulnerabilities.

Lynis: Can help conduct a comprehensive system security audit.

You can use the yum command to install security software:

yum install fail2ban rkhunter lynis

1.4 Configure firewall

CentOS system uses firewalld firewall by default. Firewall rules can be configured using the firewalld command.

Allow SSH service through the firewall:

firewall-cmd --permanent --add-service=ssh

Open other necessary ports:

Other necessary ports can be opened as needed. For example, if you want to run a web service, you need to open ports 80 and 443.

View current firewall rules:

firewall-cmd --list-all

Save firewall rules:

firewall-cmd --reload

2. Configure IP address

2.1 Configure static IP address

If the system needs to use a static IP address, you can edit the configuration file to configure it.

Edit file:/etc/sysconfig/network-scripts/ifcfg-eth0

Where eth0 is the name of the network card.

Modify the following content:

DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1

Restart network service:

systemctl restart network

2.2 Configure DHCP dynamic IP address

If the system needs to use DHCP dynamic IP address, modify the configuration file as follows:

Edit file:/etc/sysconfig/network-scripts/ifcfg-eth0

Modify the following content:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

Restart network service:

systemctl restart network

3. Turn off Selinux

Selinux is a mandatory access control (MAC) system that improves system security. However, the configuration of Selinux may be complicated and may affect the normal operation of some applications. If you are unfamiliar with Selinux configuration, it is recommended to turn it off.

Edit file:/etc/selinux/config

Modify the following content:

SELINUX=disabled

Restart the system:

reboot

4. Other configuration

4.1 Set system time

You can use the ntpdate command to set the system time:

ntpdate ntp.aliyun.com

4.2 Install commonly used software

You can install some common software according to your needs, such as:

• vim: text editor
• wget：Download tool
• unzip: decompression tool
• tree: View directory tree

The above is the detailed content of After installing the Linux system, what basic configurations need to be done?. For more information, please follow other related articles on the PHP Chinese website!