# dnf check-update # dnf -y update
# dnf install -y epel-release && dnf config-manager --set-enabled crb
# dnf -y install mc vim unzip git bind-utils telnet traceroute wget htop net-tools
Make sure SSH key auth is allowed:
# vim /etc/ssh/sshd_config ... PubkeyAuthentication yes ... PasswordAuthentication yes ...
Adding ability elevated user to sudo as root:
# vim /etc/sudoers ... elevated ALL=(ALL:ALL) NOPASSWD: ALL ...
Add necessary options to basic vimrc
# vim /etc/vimrc ... set paste set laststatus=2 set confirm set visualbell set t_vb= set shiftwidth=4 set tabstop=4 nnoremap <C-L> :nohl<CR><C-L> au BufRead,BufNewFile *.twig set filetype=html colorscheme default
Add export variables for all users:
# vim /etc/profile ... export EDITOR=vim export VISUAL=vim
You can check what hostname is set up:
# hostnamectl status
And you can set hostname with:
# hostnamectl set-hostname server1.example.com # hostnamectl status
# timedatectl # timedatectl list-timezones ... # timedatectl set-timezone America/New_York # timedatectl
# dnf install chrony # systemctl enable chronyd # timedatectl # hwclock -w
# vim /etc/security/access.conf ... +:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # pwconv
# ip addr # vim /etc/sysconfig/network-scripts/ifcfg-eth1 #static interface setup BOOTPROTO=static DEVICE=eth1 HWADDR=22:aa:22:aa:22:aa ONBOOT=yes TYPE=Ethernet USERCTL=no IPADDR=192.168.1.1 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=1.0.0.1 DNS2=1.1.1.1 DNS3=8.8.4.4 ZONE=internal # systemctl restart network # ip addr
# sestatus # vim /etc/sysconfig/selinux SELINUX=disabled # reboot
Check current swap and free space on disk:
# swapon -s # df -h
Create swap file and add it to swap:
# dd if=/dev/zero of=/swapfile count=16 bs=1GiB # ls -lh /swapfile # chmod 600 /swapfile # mkswap /swapfile # swapon /swapfile # swapon -s
Make it permanent:
# vim /etc/fstab /swapfile swap swap sw 0 0
E.g. PHP long running processes with monolog needs increasing numbe rof open files from default 1024 (see more here: https://access.redhat.com/solutions/61334 )
# vim /etc/security/limits.conf ... #author YYYY-MM-DD * soft nofile 65536 * hard nofile 65536 # End of file # reboot
If NetworkManager is being used (and not for example systemd-resolved, check with systemctl status systemd-resolved)
Cloudflare DNS:
Google DNS:
# mkdir /root/startup
# vim /root/startup/prepend_nameserver.sh
#!/bin/bash
NAMESERVER="1.1.1.1"
RESOLVCONFFILE="/etc/resolv.conf"
DT=`date '+%Y-%m-%d %H:%M:%S %Z'`
if [[ ! -f "$RESOLVCONFFILE" ]]; then
echo "[$DT] Error: Resolv conf file '$RESOLVCONFFILE' does not exist!"
exit 1
fi
if [[ `grep "$NAMESERVER" "$RESOLVCONFFILE" | wc -l` -gt 0 ]]; then
echo "[$DT] Resolv conf file $RESOLVCONFFILE already has nameserver $NAMESERVER."
exit 0
fi
sed -i 's/# Generated by NetworkManager/# Generated by NetworkManager\nnameserver '$NAMESERVER'/g' "$RESOLVCONFFILE"
ret=$?
if [[ $ret -ne 0 ]]; then
exit $ret
fi
echo "[$DT] Nameserver $NAMESERVER prepended successfully in resolv conf file $RESOLVCONFFILE" | tee -a /var/log/messages
exit 0
# chmod +x /root/startup/prepend_nameserver.sh
# vim /etc/systemd/system/prepend_nameserver.service
[Unit]
Description=Prepend nameserver after reboot.
After=network-online.target cloud-final.service
[Service]
Type=idle
ExecStart=/bin/bash /root/startup/prepend_nameserver.sh
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl enable prepend_nameserver.service
# reboot