インストールから環境設定までは過去記事も参考にしてみて下さい。
VMware+CentOSで開発環境構築 - 1.インストール
VMware+CentOSで開発環境構築 - 2.環境設定
minimal iso からCentoOS8をインストールすると、以前とは違って、
- GUI環境(Gnome)で立ち上がる(インストール時の選択によるので要検証)
- postfixがデフォルトでインストールされていない
- yumからdnfへ変更(過渡期)
- git がデフォルトでインストールされている
dnfリポジトリの修正
CentOS8からyumは廃止となり、dnfへ変更に。コマンドyumは以前と同じように使えますが、実行しているのはdnfの模様。
インストール済みパッケージ(postfix)を調べたい時、
また、リポジトリの設定ファイルがリポジトリ毎に分かれたみたいです。
# dnf list installed | grep postfix
rpmコマンドでも可。
# rpm -qa | grep postfix
利用可能なパッケージ(postfix)を調べたい時、
# dnf list available | grep postfix
有効なリポジトリを表示、
# dnf repolist
- CentOS-AppStream.repo
- 開発者用パッケージ。最新ののものはこちらへ。
- CentOS-Base.repo
- OSの動作に必要なパッケージ。
- CentOS-Extras.repo
- 拡張パッケージ。
- CentOS-centosplus.repo
- 拡張パッケージ。デフォルトでは無効。
リポジトリ設定ファイル修正
# vi /etc/yum.repos.d/CentOS-AppStream.repo
[AppStream] name=CentOS-$releasever - AppStream #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra #baseurl=http://mirror.centos.org/$contentdir/$releasever/AppStream/$basearch/os/ baseurl=http://ftp.riken.jp/Linux/centos/$releasever/AppStream/$basearch/os/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# vi /etc/yum.repos.d/CentOS-Base.repo
[BaseOS] name=CentOS-$releasever - Base #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra #baseurl=http://mirror.centos.org/$contentdir/$releasever/BaseOS/$basearch/os/ baseurl=http://ftp.riken.jp/Linux/centos/$releasever/BaseOS/$basearch/os/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# vi /etc/yum.repos.d/CentOS-Extras.repo
[extras] name=CentOS-$releasever - Extras #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra #baseurl=http://mirror.centos.org/$contentdir/$releasever/extras/$basearch/os/ baseurl=http://ftp.riken.jp/Linux/centos/$releasever/extras/$basearch/os/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# vi /etc/yum.repos.d/CentOS-centosplus.repo
[centosplus] name=CentOS-$releasever - Plus #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra #baseurl=http://mirror.centos.org/$contentdir/$releasever/centosplus/$basearch/os/ baseurl=http://ftp.riken.jp/Linux/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
最新のパッケージに更新
# dnf -y updateそこそこ時間がかかるので、離席前などに。
開発ツールのインストール
# dnf -y groupinstall base "Development tools"
PERLのシンボリックリンク作成
# ln -s /usr/bin/perl /usr/local/bin/perl
NTPの設定
外部公開せず、内部のネットワークからのみ参照できるようにしておく。設定
# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project. #pool 2.centos.pool.ntp.org iburst server ntp.nict.jp iburst server ntp.ring.gr.jp iburst ・ ・ # Allow NTP client access from local network. allow 192.168.1.0/16
起動
# systemctl start chronyd # systemctl enable chronyd
強制同期
# chronyc makestep 200 OK
確認
# systemctl status chronyd ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor pre> Active: active (running) since Sat 2020-05-16 14:41:59 JST; 1 day 17h ago Docs: man:chronyd(8) man:chrony.conf(5) Process: 1047 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=ex> Process: 970 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCC> Main PID: 975 (chronyd) Tasks: 1 (limit: 4884) Memory: 1.1M CGroup: /system.slice/chronyd.service └─975 /usr/sbin/chronyd ・ ・ # chronyc sources 210 Number of sources = 2 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* ntp-b2.nict.go.jp 1 10 377 31m +11ms[ +11ms] +/- 30ms ^+ core.ring.gr.jp 2 10 377 750 +3254us[+3254us] +/- 46ms
vimの設定
# echo "alias vi='vim'" >> /etc/profile # source /etc/profile
SSHの設定
openSSHがデフォルトでインストール済みなので、設定を変更して再起動。実際に運用する場合はPort22は使用せず、大まかに1100番~60000の間で割り振り
攻撃を受けないようにするのをお勧めします。
設定
# vi /etc/ssh/sshd_config
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # Port 22 ・ ・ # Logging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: LoginGraceTime 30s PermitRootLogin no ・ ・ # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes PermitEmptyPasswords no PasswordAuthentication yes
起動
# systemctl restart sshd # systemctl enable sshd
FTPのインストール
実際に運用するにはセキュリティを考慮する必要有。CentOS8でサーバー構築 - 6.FTPサーバーの設定(vsftpd SSL/TLSなど)
インストール
# dnf -y install vsftpd
設定
# vi /etc/vsftpd/vsftpd.conf
# Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO ・ ・ # ASCII mangling is a horrible feature of the protocol. ascii_upload_enable=YES ascii_download_enable=YES
起動
# systemctl start vsftpd
# systemctl enable vsftpd Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# systemctl enable vsftpd Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
systemctlのBash保管 (2020/06/19追記)
completionインストール
# yum -y install bash-completion Last metadata expiration check: 0:47:01 ago on Fri 19 Jun 2020 08:05:10 AM JST. Package bash-completion-1:2.7-5.el8.noarch is already installed. Dependencies resolved. Nothing to do. Complete!
不要なサービスの停止
稼働中のサービスを調べてみて、不要だと思われるサービスは停止しておく。稼働中のサービス
# systemctl list-units --type=service UNIT LOAD ACTIVE SUB DESCRIPTION accounts-daemon.service loaded active running Accounts Service alsa-state.service loaded active running Manage Sound Card State (> atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack chronyd.service loaded active running NTP client/server colord.service loaded active running Manage, Install and Gener> crond.service loaded active running Command Scheduler cups.service loaded active running CUPS Scheduler dbus.service loaded active running D-Bus System Message Bus dovecot.service loaded active running Dovecot IMAP/POP3 email s> dracut-shutdown.service loaded active exited Restore /run/initramfs on> gdm.service loaded active running GNOME Display Manager gssproxy.service loaded active running GSSAPI Proxy Daemon httpd.service loaded active running The Apache HTTP Server import-state.service loaded active exited Import network configurat> iscsi-shutdown.service loaded active exited Logout off all iSCSI sess> kdump.service loaded active exited Crash recovery kernel arm> kmod-static-nodes.service loaded active exited Create list of required s> ksm.service loaded active exited Kernel Samepage Merging ksmtuned.service loaded active running Kernel Samepage Merging (> libstoragemgmt.service loaded active running libstoragemgmt plug-in se> libvirtd.service loaded active running Virtualization daemon lvm2-monitor.service loaded active exited Monitoring of LVM2 mirror> lvm2-pvscan@8:2.service loaded active exited LVM event activation on d> mcelog.service loaded active running Machine Check Exception L> ModemManager.service loaded active running Modem Manager NetworkManager-wait-online.service loaded active exited Network Manager Wai> NetworkManager.service loaded active running Network Manager nis-domainname.service loaded active exited Read and set NIS domainna> php-fpm.service loaded active running The PHP FastCGI Process M> polkit.service loaded active running Authorization Manager postfix.service loaded active running Postfix Mail Transport Ag> rngd.service loaded active running Hardware RNG Entropy Gath> rpc-statd-notify.service loaded active exited Notify NFS peers of a res> rpcbind.service loaded active running RPC Bind rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Po> saslauthd.service loaded active running SASL authentication daemo> smartd.service loaded active running Self Monitoring and Repor> sshd.service loaded active running OpenSSH server daemon sssd.service loaded active running System Security Services > systemd-fsck@dev-disk-by\x2duuid-c902437d\x2d4f4e\x2d4040\x2d829e\x2d80db761> systemd-journal-flush.service loaded active exited Flush Journal to Persist> systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running Login Service systemd-machined.service loaded active running Virtual Machine and Conta> systemd-random-seed.service loaded active exited Load/Save Random Seed systemd-remount-fs.service loaded active exited Remount Root and Kernel F> systemd-resolved.service loaded active running Network Name Resolution systemd-sysctl.service loaded active exited Apply Kernel Variables systemd-tmpfiles-setup-dev.service loaded active exited Create Static Devic> systemd-tmpfiles-setup.service loaded active exited Create Volatile Files a> systemd-udev-settle.service loaded active exited udev Wait for Complete De> systemd-udev-trigger.service loaded active exited udev Coldplug all Devices systemd-udevd.service loaded active running udev Kernel Device Manager systemd-update-utmp.service loaded active exited Update UTMP about System > systemd-user-sessions.service loaded active exited Permit User Sessions tuned.service loaded active running Dynamic System Tuning Dae> udisks2.service loaded active running Disk Manager upower.service loaded active running Daemon for power manageme> user-runtime-dir@1000.service loaded active exited /run/user/1000 mount wra> user-runtime-dir@42.service loaded active exited /run/user/42 mount wrapper user@1000.service loaded active running User Manager for UID 1000 user@42.service loaded active running User Manager for UID 42 vdo.service loaded active exited VDO volume services vgauthd.service loaded active running VGAuth Service for open-v> vmtoolsd.service loaded active running Service for virtual machi> wpa_supplicant.service loaded active running WPA supplicant LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 69 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.※postfix、dovecot、Apache、PHPインストール後に対応したので表示されています。
- atd
- スケジュール管理
- kdump
- システム異常時にメインメモリ上の内容をHDDに記録
- mdmonitor
- ソフトウェアRAID
# systemctl stop atd # systemctl disable atd # systemctl stop kdump # systemctl disable kdump # systemctl stop mdmonitor # systemctl disable mdmonitor