EL9 - Initial Setup

Update & Repositories

# dnf check-update
# dnf -y update

Install EPEL repo

# dnf install -y epel-release && dnf config-manager --set-enabled crb

Install some useful software

# dnf -y install mc vim unzip git bind-utils telnet traceroute wget htop net-tools

Configuration

Make sure SSH key auth is allowed:

# vim /etc/ssh/sshd_config
...
PubkeyAuthentication yes
...
PasswordAuthentication yes
...

Adding ability elevated user to sudo as root:

# vim /etc/sudoers
...
elevated ALL=(ALL:ALL) NOPASSWD: ALL
...

Add necessary options to basic vimrc

# vim /etc/vimrc
...
set paste
set laststatus=2
set confirm
set visualbell
set t_vb=
set shiftwidth=4
set tabstop=4
nnoremap <C-L> :nohl<CR><C-L>
au BufRead,BufNewFile *.twig set filetype=html
colorscheme default

Add export variables for all users:

# vim /etc/profile
...
export EDITOR=vim
export VISUAL=vim

Hostname

You can check what hostname is set up:

# hostnamectl status

And you can set hostname with:

# hostnamectl set-hostname server1.example.com
# hostnamectl status

Timezone

# timedatectl
# timedatectl list-timezones
...
# timedatectl set-timezone America/New_York
# timedatectl

Set correct time

# dnf install chrony
# systemctl enable chronyd

# timedatectl

# hwclock -w

Allow cron to root

# vim /etc/security/access.conf

...
+:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6

# pwconv

Set up static IP on network interface (private vlan)

# ip addr
# vim /etc/sysconfig/network-scripts/ifcfg-eth1
#static interface setup
BOOTPROTO=static
DEVICE=eth1
HWADDR=22:aa:22:aa:22:aa
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPADDR=192.168.1.1
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=1.0.0.1
DNS2=1.1.1.1
DNS3=8.8.4.4
ZONE=internal

# systemctl restart network
# ip addr

Disable SELinux

# sestatus
# vim /etc/sysconfig/selinux
SELINUX=disabled

# reboot

Add swap

Check current swap and free space on disk:

# swapon -s
# df -h

Create swap file and add it to swap:

# dd if=/dev/zero of=/swapfile count=16 bs=1GiB
# ls -lh /swapfile
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile

# swapon -s

Make it permanent:

# vim /etc/fstab

/swapfile   swap    swap    sw  0   0

Increase OS limits

E.g. PHP long running processes with monolog needs increasing numbe rof open files from default 1024 (see more here: https://access.redhat.com/solutions/61334 )

# vim /etc/security/limits.conf

...

#author YYYY-MM-DD
*   soft    nofile  65536
*   hard    nofile  65536

# End of file

# reboot