CentOS7

From Leaky
Revision as of 07:38, 3 June 2016 by Leaky (talk | contribs) (Enable firewall)
Jump to: navigation, search

See also Upstart

Change server hostname

[root@localhost ~]# hostnamectl status

  Static hostname: localhost.localdomain
        Icon name: computer-vm
          Chassis: vm
       Machine ID: 399b74f54385ee0d782648666a204c25
          Boot ID: 411893b81fee4fb0b865e1b18fd8dd6d
   Virtualization: kvm
 Operating System: CentOS Linux 7 (Core)
      CPE OS Name: cpe:/o:centos:centos:7
           Kernel: Linux 3.10.0-123.el7.x86_64
     Architecture: x86_64

Set the hostname. 

[root@localhost ~]# hostnamectl set-hostname centos7.internal

Check the host name again (Close the session and open new session using putty or console)

Enable firewall

Start the firewall running and set it to auto-start on bootup 

[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# systemctl enable firewalld

Enable HTTP and HTTPS 

[root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=http
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=https

Add a custom port for SSH 

[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=22222/tcp

Remove the original SSH service 

[root@localhost ~]# firewall-cmd --permanent --zone=public --remove-service=ssh

Add a rule for a service from a specific source port 

[root@localhost ~]# firewall-cmd --permanent --zone=public \
    --remove-rich-rule='rule family="ipv4" source address="1.2.3.0/24"
    port protocol="tcp" port="10022" accept'

Reload the firewall rules 

[root@localhost ~]# firewall-cmd --reload

Disable firewalld and use iptables

(content taken from racktables.com in case it disappears)

The first step is to stop and mask the firewalld service (i.e., the service you do not want to use): 

$ systemctl stop firewalld
$ systemctl mask firewalld

Then, install the "iptables-services" package (if it is not already installed): 

$ yum install iptables-services

Enable the service to start at boot-time: 

$ systemctl enable iptables

If you are saving your rules in that /etc/sysconfig/iptables file, you will then need to run one of the following commands: 

$ service iptables restart  # OR:
$ systemctl restart iptables

Next, check that the iptables service is "active" with: 

$ systemctl status iptables

You can query the systemd journal for a "log" of the changes you made to the iptables service with: 

$ journalctl -f -u iptables.service
Retrieved from "https://wiki.leaky.org/index.php?title=CentOS7&oldid=283"