====== Configuração inicial CentOS 7 ======
===== Usuário =====
<file bash>
# useradd -g users -c "Gean Martins" -m -d /home/gean gean
# getent passwd
</file>

<code bash>
# vim /etc/sudoers.d/users
gean ALL=(ALL) ALL
</code>

<file bash>
# chcon -u system_u /etc/sudoers.d/users
</file>

===== Timezone =====
<file bash>
$ sudo timedatectl list-timezones | grep America
</file>

<file bash>
$ sudo timedatectl set-timezone America/Belem
</file>

<file bash>
$ sudo timedatectl status
      Local time: Dom 2015-05-10 13:51:39 BRT
  Universal time: Dom 2015-05-10 16:51:39 UTC
        RTC time: Dom 2015-05-10 16:51:38
        Timezone: America/Belem (BRT, -0300)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a
</file>


===== Hostname =====
<file bash>
$ sudo hostname
centos7
</file>

<file bash>
$ sudo hostnamectl status
   Static hostname: centos7
         Icon name: computer
           Chassis: n/a
        Machine ID: 60756ca06a124407bdc7907fb7cb0a8c
           Boot ID: a29c95b3bcd94d738e99876711c1f1f7
    Virtualization: oracle
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-229.el7.x86_64
      Architecture: x86_64
</file>

<file bash>
$ sudo hostnamectl set-hostname centos7.rascunhos.wiki.br
</file>

<file bash>
$ sudo hostnamectl status
   Static hostname: centos7.rascunhos.wiki.br
         Icon name: computer
           Chassis: n/a
        Machine ID: 60756ca06a124407bdc7907fb7cb0a8c
           Boot ID: a29c95b3bcd94d738e99876711c1f1f7
    Virtualization: oracle
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-229.el7.x86_64
      Architecture: x86_64
</file>

OU

<file bash>
$ sudo nmcli general hostname
cento7
</file>

<file bash>
$ sudo nmcli general hostname centos7.rascunhos.wiki.br
</file>

<file bash>
$ sudo nmcli general hostname
centos7.rascunhos.wiki.br
</file>

Ou ainda

<file bash>
$ sudo nmtui-hostname
</file>

<file bash>
$ sudo systemctl restart systemd-hostnamed
</file>

===== Alterando o repositório para o repositório local =====

<file bash>
sed -i "s/http\:\/\/mirror.centos.org\/centos/http\:\/\/centos.rascunhos.wiki.br/g" /etc/yum.repos.d/CentOS-Base.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/CentOS-Base.repo
sed -i "s/mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-Base.repo
sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/CentOS-Base.repo
</file>

===== Pacotes essenciais =====
<code bash>
yum -y install vim-enhanced           # edictor
yum -y install ntp                    # time
yum -y install telnet                 #(client only to debug)
yum -y install net-tools              #(ifconfig, arp, netstat)
yum -y install lsof
yum -y install mlocate                #(locate)
yum -y install bind-utils             #(host, nslookup)
yum -y install open-vm-tools          #(VMware Tools)
yum -y install sg3_utils              #(scsi-rescan)
yum -y install cpulimit               #(limit CPU usage per process)
yum -y install nmap-ncat              # nc command
yum -y install policycoreutils-python # Politicas SELinux
yum -y install snoopy                 # log - audit
yum -y install psacct                 # monitoring user
yum -y install mailx                  # client mail
yum -y install wget                   # download
yum -y install zip                    # compact
yum -y install unzip
yum -y install bzip2 
yum -y install sos                    # report
</code>

<file bash>
yum -y install vim-enhanced which zip unzip bzip2 mlocate telnet wget mailx psacct ntp sos sysstat snoopy
</file>
===== Modificando o vim =====
<file bash>
$ sudo echo "set incsearch" >> /etc/vimrc
$ sudo echo "set background=dark" >> /etc/vimrc
</file>

===== Personalizando o Bash =====
<code bash>
$ vim ~/.bashrc
[...]
PS1="\[$(tput bold ; tput setaf 7)\][\[$(tput bold ; tput setaf 2)\]\u@\h \[$(tput sgr0)\]:\[$(tput bold ; tput setaf 7)\]\W]\\$ \[$(tput sgr0)\]"

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias echo='/bin/echo'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias vi='vim'

export HISTTIMEFORMAT="%d/%m/%y %T "
[...]
</code>

===== Configiurando o ssh =====
<file bash>
$ sudo firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.0.2.0/24" port port="22001" protocol="tcp" accept'

</file>

<file bash>
$ sudo firewall-cmd --reload
success
</file>

<file bash>
$ sudo firewall-cmd --list-all
internal (default, active)
  interfaces: enp0s8 enp0s9
  sources: 
  services: dhcpv6-client ipp-client mdns samba-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="192.0.2.0/24" port port="22001" protocol="tcp" accept
</file>

<file bash>
$ sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)
</file>

<file bash>
$ sudo sed -i "s/#Port 22/Port 22001/g" /etc/ssh/sshd_config
</file>

<file bash>
$ sudo cat /etc/ssh/sshd_config | egrep Port | egrep -v "^#"
Port 22001
</file>

<file bash>
$ sudo semanage port -a -t ssh_port_t -p tcp 22001
</file>

<file bash>
$ sudo vim /etc/ssh/sshd_config
[...]
PermitRootLogin no
[...]
</file>

<file bash>
$ sudo systemctl restart sshd.service
</file>

<file bash>
$ ss -nat | grep 22001
LISTEN     0      128                       *:22001                    *:*     
LISTEN     0      128                      :::22001                   :::*     
</file>


===== Ntp =====
<code bash>
$ sudo vim /etc/ntp.conf
[...]
server ntp.rascunhos.com.br iburst
[...]
</code>

<file bash>
$ sudo systemctl enable ntpd
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'

$ sudo systemctl start ntpd
</file>