CentOS8が2021/12/31にサポート終了になりました。
CentOS7はまだ猶予がありそうですが、
代わりにRockyLinuxで環境を構築しました。
RockyLinuxインストール後の設定です。
インストールから始める方はこちらを参照↓
VMware+CentOS7で開発環境構築 - 1.インストール
SELinux停止
SELinuxが停止されているか確認
# getenforce
Disabled
停止されていなかったら停止しておく
# getenforce
Enforcing
# setenforce 0
# getenforce
Permissive
# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are proo
tected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Enforcing | SELinux有効 |
Permissive | SELinux無効。ポリシーに違反するアクセスがあった場合アクセスを許可する |
Disable | SELinux無効 |
rootになれるユーザの管理
wheelにrootになれるユーザhogehogeを追加
# usermod -G wheel hogehoge
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid ←コメント削除
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
root宛のメールを一般ユーザで受け取る
root宛をhogehogeに転送
# sed -i '/^root:/d' /etc/aliases
# echo "root: hogehoge" >> /etc/aliases
# newaliases
# newaliases
-bash: newaliases: command not found
と出た場合。Postfixがまだインストールされていないのでインストール後に。
# newaliases
newaliases: fatal: parameter inet_interfaces: no local interface found for ::1
と出た場合はPostfixが起動してないので起動させてから。
dnfリポジトリを日本サーバーに設定
AppStreamリポジトリファイルの修正
# vi /etc/yum.repos.d/Rocky-AppStream.repo
[appstream]
name=Rocky Linux $releasever - AppStream
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$relea
sever
#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/$basearch/os/
baseurl=https://ftp.riken.jp/Linux/rocky/$releasever/AppStream/$basearch/os/
gpgcheck=1
enabled=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
BaseOSリポジトリファイルの修正
# vi /etc/yum.repos.d/Rocky-BaseOS.repo
[baseos]
name=Rocky Linux $releasever - BaseOS
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasev
er
#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
baseurl=https://ftp.riken.jp/Linux/rocky/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
BaseOSリポジトリファイルの修正
# vi /etc/yum.repos.d/Rocky-Extras.repo
[extras]
name=Rocky Linux $releasever - Extras
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever
#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/extras/$basearch/os/
baseurl=https://ftp.riken.jp/Linux/rocky/$releasever/extras/$basearch/os/
gpgcheck=1
enabled=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial:q
有効にしているリポジトリの確認
# grep 'enabled=1' /etc/yum.repos.d/*
/etc/yum.repos.d/Rocky-AppStream.repo:enabled=1
/etc/yum.repos.d/Rocky-BaseOS.repo:enabled=1
/etc/yum.repos.d/Rocky-Extras.repo:enabled=1
epelリポジトリの追加
epel-releaseインストール
# dnf -y install epel-release
リポジトリ修正
# vi /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&i
nfra=$infra&content=$contentdir
enabled=1
priority=10
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
elrepoリポジトリの追加
elrepo-releaseインストール
# dnf -y install elrepo-release
リポジトリ修正
# vi /etc/yum.repos.d/elrepo.repo
[elrepo]
name=ELRepo.org Community Enterprise Linux Repository - el8
baseurl=http://elrepo.org/linux/elrepo/el8/$basearch/
http://mirrors.coreix.net/elrepo/elrepo/el8/$basearch/
http://mirror.rackspace.com/elrepo/elrepo/el8/$basearch/
http://linux-mirrors.fnal.gov/linux/elrepo/elrepo/el8/$basearch/
mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo.el8
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
remiリポジトリの追加
RockyLinuxのバージョン確認
# cat /etc/redhat-release
Rocky Linux release 8.5 (Green Obsidian)
remi-releaseインストール
# dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.5.rpm
※自分の環境にあったrpmを使用する事。
リポジトリ修正
# vi /etc/yum.repos.d/remi-safe.repo
[remi-safe]
name=Safe Remi's RPM repository for Enterprise Linux 8 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/8/safe/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/8/safe/$basearch/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/8/safe/$basearch/mirror
enabled=1
priority=10
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
# vi /etc/yum.repos.d/remi-modular.repo
[remi-modular]
name=Remi's Modular repository for Enterprise Linux 8 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/8/modular/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/8/modular/$basearch/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/8/modular/$basearch/mirror
enabled=1
priority=10
gpgcheck=1
repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
有効にしているリポジトリの確認
# grep 'enabled=1' /etc/yum.repos.d/*
/etc/yum.repos.d/elrepo.repo:enabled=1
/etc/yum.repos.d/epel-modular.repo:enabled=1
/etc/yum.repos.d/epel.repo:enabled=1
/etc/yum.repos.d/remi-modular.repo:enabled=1
/etc/yum.repos.d/remi-safe.repo:enabled=1
/etc/yum.repos.d/Rocky-AppStream.repo:enabled=1
/etc/yum.repos.d/Rocky-BaseOS.repo:enabled=1
/etc/yum.repos.d/Rocky-Extras.repo:enabled=1
最新のパッケージに更新
# dnf -y upgrade
その他の初期設定
ホスト名の設定
# hostnamectl set-hostname kowloonet.net
自動アップデート
# dnf -y install dnf-automatic
systemctl start dnf-automatic.timer
systemctl enable dnf-automatic.timer
開発ツールのインストール
# dnf -y groupinstall base "Development tools"
コンソール日本語化
# dnf -y install langpacks-ja glibc-langpack-ja
# localectl set-locale LANG=ja_JP.UTF-8
vimの設定
# echo "alias vi='vim'" >> /etc/profile
# source /etc/profile
# vi /etc/vimrc
下記を追加
set tabstop=2
set expandtab
set shiftwidth=2
set list
set whichwrap=b,s,[,],<,>
PERLのシンボリックリンク作成
# ln -s /usr/bin/perl /usr/local/bin/perl
不要なサービスの停止
サービス一覧
# systemctl list-units --type service
UNIT LOAD ACTIVE SUB DESCRIPTION
auditd.service loaded active running Security Auditing Service
chronyd.service loaded active running NTP client/server
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
dovecot.service loaded active running Dovecot IMAP/POP3 email server
dracut-shutdown.service loaded active exited Restore /run/initramfs on shutdown
firewalld.service loaded active running firewalld - dynamic firewall daemon
getty@tty1.service loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
import-state.service loaded active exited Import network configuration from initramfs
irqbalance.service loaded active running irqbalance daemon
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the curre>
ldconfig.service loaded active exited Rebuild Dynamic Linker Cache
lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd>
mailman.service loaded active running GNU Mailing List Manager
NetworkManager-wait-online.service loaded active exited Network Manager Wait Online
NetworkManager.service loaded active running Network Manager
nis-domainname.service loaded active exited Read and set NIS domainname from /etc/sysconfig/network
polkit.service loaded active running Authorization Manager
postfix.service loaded active running Postfix Mail Transport Agent
rsyslog.service loaded active running System Logging Service
saslauthd.service loaded active running SASL authentication daemon.
selinux-autorelabel-mark.service loaded active exited Mark the need to relabel after reboot
serial-getty@ttyS0.service loaded active running Serial Getty on ttyS0
sshd.service loaded active running OpenSSH server daemon
sssd.service loaded active running System Security Services Daemon
systemd-fsck-root.service loaded active exited File System Check on Root Device
systemd-hwdb-update.service loaded active exited Rebuild Hardware Database
systemd-journal-catalog-update.service loaded active exited Rebuild Journal Catalog
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-sysusers.service loaded active exited Create System Users
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-update-done.service loaded active exited Update is Completed
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
tuned.service loaded active running Dynamic System Tuning Daemon
user-runtime-dir@0.service loaded active exited User runtime directory /run/user/0
user-runtime-dir@1000.service loaded active exited User runtime directory /run/user/1000
user@0.service loaded active running User Manager for UID 0
user@1000.service loaded active running User Manager for UID 1000
vsftpd.service loaded active running Vsftpd ftp daemon
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
49 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
postfix,dovecot,httpd,sshd,vsftpd,mailmanは導入済み
不要なサービスはどれでしょうか。後回し。