20190726_Optimization and configuration required after installing CentOS7minimal version
CentOS system image download address: https://www.centos.org/
The difference between CentOS Minimal (minimized installation version) and DVD ISO (standard installation version):
The software package of the DVD ISO version is relatively rich and complete, with a graphical interface;
The Minimal version is the most streamlined version of CentOS. It does not come with a graphical interface and comes with the least software. Many of the commands and functions that come with the DVD ISO version are not available in the Minimal version. In order to save resources, it is a commonly used version for servers (servers pursue performance and stability and do not need redundant functions and graphical interfaces).
1. Equipped with network card
I use the NAT mode of the virtual machine to connect. Edit》Virtual Network Editor, change settings, NAT settings, note down the IP address information.
Since the CentoS Minimal version system just installed does not have a vim editor, use the vi editor to edit the network card configuration file parameters. The commented line is the change line, and the other parameters are unchanged:
vi /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static #Configure static connection for remote convenience DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=3b0abeb8-7cbe-4380-a727-b40fe2357616 DEVICE=ens33 ONBOOT=yes #yes enables the network card, no disables the network card IPADDR=192.168.88.111 #ip address, please note that the address must be in the same network segment as the gateway IP in the nat setting NETMASK=255.255.255.0 #Subnet mask GATEWAY=192.168.88.2 #The gateway address must be consistent with the nat gateway address DNS1=192.168.88.2 #DNS address must be consistent with the nat gateway address systemctl restart network #Restart network card service
After restarting the network card service, you should be able to access the external network. You can try pinging www.baidu.com.
2. Update the system and install necessary components
Many useful commands and tools that come with CentOS standard installation are not available in the CentOS7 Minimal version. You have to install the relevant software packages yourself to use them. For example: vim editor, ifconfig command (you can use ip addr to query the IP address), tab key completion command, wget, etc.
*-devel package: It is basically a development package, mainly including some header files (header files) and static link libraries.
yum update #Update system components yum install -y bash-completion #Install bash-completion, restart the system after installation, press tab to complete the command yum install -y vim #Install vim and provide vim commands yum install -y net-tools #This component provides dig, nslookup, ifconfig and other commands to facilitate initialization of the network environment yum install -y wget #Install wget, provide wget command yum install -y perl perl-devel yum install -y kernel-devel #This component contains the kernel header files and Makefile required for the kernel development environment yum groupinstall -y Development tools #One-time installation of development tools reboot #Restart the system
3. Configure telnet service
What is the use of telnet? The Telnet protocol is a member of the TCP/IP protocol suite and is the standard protocol and main method for Internet remote login services. It provides users with the ability to complete remote host work on their local computer. Use the telnet program on the end user’s computer to connect to the server. Terminal users can enter commands into the telnet program, and these commands will be run on the server as if they were entered directly on the server’s console. You can control the server locally. To start a telnet session, you must enter your username and password to log into the server. Telnet is a commonly used method to remotely control web servers.
When using Telnet to log in to a remote computer system, two programs are actually started:
- One is the Telnet client program, running on the local host;
- The other is the Telnet server program, which runs on the remote computer you want to log in to.
The Telnet client program on the local host mainly completes the following functions:
- Establish a TCP connection with the remote server;
- Receive locally entered characters from the keyboard;
The xinetd service and telnet service are not installed by default in the CentOS-Minimal version.
The telnet service needs to be started by the xinetd service, so you need to install the xinetd service first and then install the telnet service.
yum install -y xinetd #1. Install xinetd service<br>yum install -y telnet telnet-server #2. Install telnet client and telnet server
vim /etc/xinetd.d/telnet #3. Edit the configuration file and enable the telnet service in the xinetd service
# default: yes
# description: The telnet server servestelnet sessions
# unencrypted username/password pairs for authentication
service telnet
{
flags=REUSE
socket_type = stream
wait=no
user=root
server =/usr/sbin/in.telnetd
log_on_failure + = USERID
disable = no #yes means disabling the service, no means enabling the service
}
systemctl enable xinetd #Add the xinetd service and telnet.socket service to the startup items
systemctl enable telnet.socket
systemctl restart xinetd #Restart the xinetd service and telnet.socket service
systemctl restart telnet.socket
vi /etc/pam.d/remote #telnet Enter the account and password correctly but always prompts Login incorrect, modify this file
...
#auth required pam_securetty.so #Comment this line
...
firewall-cmd --list-all #View the services, ports, policies and other information allowed by the current firewall
firewall-cmd --permanent --add-service=telnet #If you want to allow the outside world to telnet to this machine, you need to add the telnet service to the firewall to allow it to pass (you can also disable the firewall directly)
firewall-cmd --reload #Make the firewall configuration take effect immediately
firewall-cmd --list-all #Check again, the telnet service has been added, and now the outside world can telnet the machine
It can be accessed in the form of telnet ip address [port number].
What is the difference between Telnet and SSH?
Both are communication protocols used for remote control. The difference is:
- SSH is encrypted and requires an exchange of keys;
- Telnet is in plain text and transmits plain text characters.
So SSH is more secure than Telnet.
4. Configure yum source and third-party source EPEL
Alibaba’s yum source is good, the address is: https://opsx.alibaba.com/mirror, click “Help” to get the guide for configuring the yum source.
163 NetEase yum official website: http://mirrors.163.com/
EPEL (Extra Packages for Enterprise Linux) is a project based on Fedora that provides additional software packages for “Red Hat” operating systems, suitable for RHEL, CentOS and Scientific Linux. You need to install a software package called “epel-release”, which will automatically configure the yum software repository.
mkdir -p /root/backups/yum.repos.d #Create a folder to back up the original yum source mv /etc/yum.repos.d/* /root/backups/yum.repos.d #Cut the original yum source file to the backup folder wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #Download Ali yum source to local /etc/yum.repos.d/ yum install -y epel-release #Add third-party source epel<br>yum clean all #Clear the software packages and old headers in the cache directory yum makecache #Download the server's package information to the local cache. Use it with yum -C search XXX to find software information without the need for online retrieval. yum list #List available packages from yum source
5. Turn off SELinux
Although the SELinux security subsystem plays a very good role in system security, its overly strict security mechanism often results in the failure of many software to be installed and used normally.
Generally, enterprise servers will directly disable SELinux.
vim /etc/selinux/config ... SELINUX=disabled #Disable SELinux, it will take effect after restarting ... setenforce 0 #Close SELinux immediately
6. Turn off the firewall
CentOS7 uses firewall by default, and iptables is not installed by default in the Minimal version.
Generally, enterprise servers disable firewalls, and security is generally managed centrally by cloud platforms like openstack.
systemctl stop firewalld systemctl disable firewalld
7. Configure ntp service synchronization time
yum install -y ntp systemctl enable ntpd systemctl restart ntpd