Fedora36: Initial settings

🔗

1. Extend the root file system.
2. Create a general user.
3. Limit users who can become root.
4. Deletion of general users.
5. Disable firewall and SELinux.
6. Network settings.
7. router settings
8. System modernization.
9. Add module.
10. Package auto-update settings.
11. Web management console settings.
12. Vim (text editor) settings.
13. Configure sudo (root privileges).

Extend the root file system.

Check and record the top level ( / ) root file system.

[root@www ~]# df -h
filesys                    size    used  remaining %used mount　location
devtmpfs                   3.9G      0  3.9G     0% /dev
tmpfs                      3.9G      0  3.9G     0% /dev/shm
tmpfs                      3.9G   1.1M  3.9G     1% /run
/dev/fedora/fedora-root     15G   1.9G   14G    13% / #Expansion
tmpfs                      3.9G   4.0K  3.9G     1% /tmp
/dev/sda1                  1014M  194M  821M    20% /boot
tmpfs                      783M      0  783M     0% /run/user/1000

The root file system is 15Gb by default, so expand it.
Extend the root logical volume at the top level ( / ) you recorded. (Please change to your own file path in the above form.)

[webmaster@www ~]$ sudo lvextend -l +100%FREE /dev/fedora/fedora-root

Extend the topmost ( / ) root filesystem you recorded.

[webmaster@www ~]$ sudo xfs_growfs /dev/fedora/fedora-root

Create a general user.

Log in to root user.

[webmaster@www ~]$ su -
password:
[root@www ~]#

Create a general user.

[root@www ~]# useradd ユーザー名

Set your password.

[root@www ~]# passwd ユーザー名
New Password:
Re-enter new password:

Limit users who can become root.

Limit users who can become root.

[root@www ~]# usermod -G wheel webmaster
[root@www ~]# vi /etc/pam.d/su

Remove # to uncomment

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

Deletion of general users.

If you want to delete only the user

[root@www ~]# userdel ユーザー名

If you also want to delete your home directory

[root@www ~]# userdel -r ユーザー名

Disable firewall and SELinux.

Stop the firewall service.

[root@www ~]# systemctl stop firewalld

Disable the autostart setting.

[root@www ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

Disable SELinux.

[root@www ~]# vi /etc/selinux/config

Change it to disabled.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled　#変更
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Restart.

[root@www ~]# reboot

Network settings.

IPv6 を無効にします。

[root@www ~]# vi /etc/default/grub

Line 6: Add “ipv6.disable=1”.

GRUB_CMDLINE_LINUX="ipv6.disable=1 rd.lvm.lv=centos/root..

reflect the changes.

[root@www ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
[root@www ~]# reboot

router settings

If DHCP fixed IP address can be set on the router, set “MAC address” and “Server IP address” in ” DHCPv4 server setting > DHCP fixed IP address setting ” and record the IP address.

MAC address（例：0c:2e:48:2b:dg:f4）

Server IP address:192.168.1.3

System modernization.

Modernize your system.

[root@www ~]# dnf -y update

Add module.

Install Node.js 14.

[root@www ~]# dnf module -y install nodejs:14

Check the module.

[root@www ~]# node -v
v14.14.0

Reset Node.js.

[root@www ~]# dnf module reset nodejs

Install Node.js 16.

[root@www ~]# dnf module enable nodejs:16
[root@www ~]# dnf module -y install nodejs:16/common

Check the module.

[root@www ~]# node -v
v16.14.0

Package auto-update settings.

Set dnf-automatic.

[root@www ~]# dnf install dnf-automatic dnf-utils -y

dnf-automaticを設定します。

[root@www ~]# vi /etc/dnf/automatic.conf

Enable automatic download & automatic update

# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes #change

Package auto-update auto-start settings

[root@www ~]# systemctl enable --now dnf-automatic.timer

Web management console settings.

Enable Cockpit to make the web management console available.

[root@www ~]# systemctl enable --now cockpit.socket
[root@www ~]# ss -napt
State Recv-Q Send-Q Local Address:Port Peer Address:Port 
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=831,fd=6)) 
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=831,fd=8)) 
LISTEN 0 128 *:9090 *:* users:(("systemd",pid=1,fd=24)) 

Access the web management console using a web browser on the client PC and log in as “root”.

http://192.168.1.3:9090/

Vim (text editor) settings.

Install Vim (text editor).

[root@www ~]# dnf -y install vim-enhanced

Applies a command alias.

[root@www ~]# vi /etc/profile

Append to the last line.

alias vi='vim'

reflect the changes.

[root@www ~]# source /etc/profile

Configure vim.

[root@www ~]# vi ~/.vimrc

Display line numbers (The server settings are explained using line numbers.)

set number

Configure sudo (root privileges).

Set root privileges to a specific user.

[root@www ~]# visudo

Append to the last line.

webmaster    ALL=(ALL)       ALL