CentOS7
See also Upstart
Contents
Change server hostname
[root@localhost ~]# hostnamectl status
Static hostname: localhost.localdomain
Icon name: computer-vm
Chassis: vm
Machine ID: 399b74f54385ee0d782648666a204c25
Boot ID: 411893b81fee4fb0b865e1b18fd8dd6d
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-123.el7.x86_64
Architecture: x86_64
Set the hostname.
[root@localhost ~]# hostnamectl set-hostname centos7.internal
Check the host name again (Close the session and open new session using putty or console)
CentOS7 kernel panic on some hardware
If you can't even get the installer to work and it just causes a kernel panic on startup, check this link: http://centosfaq.org/centos/centos-72-kernel-panic/
The relevant info is pasted below in case the page is removed in the future.
During the startup of the installer, edit the options for the kernel to include:
initcall_blacklist=clocksource_done_booting
If the machine is already installed and you're moving the disks to another system and get a kernel panic, it's possible to use an older rescue disk and
Append the line
GRUB_CMDLINE_LINUX_DEFAULT=”initcall_blacklist=clocksource_done_booting”
to /etc/default/grub, and run
# grub2-mkconfig > /boot/grub2/grub.cfg
On reboot this should allow you to boot succesfully.
Enable firewall
Start the firewall running and set it to auto-start on bootup
[root@localhost ~]# systemctl start firewalld [root@localhost ~]# systemctl enable firewalld
Enable HTTP and HTTPS
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=http [root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=https
Add a custom port for SSH
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=22222/tcp
Remove the original SSH service
[root@localhost ~]# firewall-cmd --permanent --zone=public --remove-service=ssh
Add a rule for access to a service on a specific local port from a specific source IP
[root@localhost ~]# firewall-cmd --permanent --zone=public \
--add-rich-rule='rule family="ipv4" source address="1.2.3.0/24"
port protocol="tcp" port="22222" accept'
Block a single IP from all services (and yes, that's a real IP that was pounding on a WordPress login page)
[root@localhost ~]# firewall-cmd --add-rich-rule="rule family='ipv4' source address='176.28.22.192' reject"
Reload the firewall rules
[root@localhost ~]# firewall-cmd --reload
Add port forwarding for port 22 to port 922 on the same machine
[root@localhost ~]# firewall-cmd --add-forward-port=port=22:proto=tcp:toport=922
Disable firewalld and use iptables
(content taken from racktables.com in case it disappears)
The first step is to stop and mask the firewalld service (i.e., the service you do not want to use):
$ systemctl stop firewalld $ systemctl mask firewalld
Then, install the "iptables-services" package (if it is not already installed):
$ yum install iptables-services
Enable the service to start at boot-time:
$ systemctl enable iptables
If you are saving your rules in that /etc/sysconfig/iptables file, you will then need to run one of the following commands:
$ service iptables restart # OR: $ systemctl restart iptables
Next, check that the iptables service is "active" with:
$ systemctl status iptables
You can query the systemd journal for a "log" of the changes you made to the iptables service with:
$ journalctl -f -u iptables.service
Enable disk quota on ext4
Add to /etc/fstab the following options on the line with the ext4 fs (eg /home):
usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0
Then check quotas and enable them
# quotaoff -a # quotacheck -auvgm # quotaon -a
To check the quotas
# repquota -auv
