Configuração inicial CentOS 7

# useradd -g users -c "Gean Martins" -m -d /home/gean gean
# getent passwd

# vim /etc/sudoers.d/users
gean ALL=(ALL) ALL

# chcon -u system_u /etc/sudoers.d/users

$ sudo timedatectl list-timezones | grep America

$ sudo timedatectl set-timezone America/Belem

$ sudo timedatectl status
      Local time: Dom 2015-05-10 13:51:39 BRT
  Universal time: Dom 2015-05-10 16:51:39 UTC
        RTC time: Dom 2015-05-10 16:51:38
        Timezone: America/Belem (BRT, -0300)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

$ sudo hostname
centos7

$ sudo hostnamectl status
   Static hostname: centos7
         Icon name: computer
           Chassis: n/a
        Machine ID: 60756ca06a124407bdc7907fb7cb0a8c
           Boot ID: a29c95b3bcd94d738e99876711c1f1f7
    Virtualization: oracle
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-229.el7.x86_64
      Architecture: x86_64

$ sudo hostnamectl set-hostname centos7.rascunhos.wiki.br

$ sudo hostnamectl status
   Static hostname: centos7.rascunhos.wiki.br
         Icon name: computer
           Chassis: n/a
        Machine ID: 60756ca06a124407bdc7907fb7cb0a8c
           Boot ID: a29c95b3bcd94d738e99876711c1f1f7
    Virtualization: oracle
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-229.el7.x86_64
      Architecture: x86_64

OU

$ sudo nmcli general hostname
cento7

$ sudo nmcli general hostname centos7.rascunhos.wiki.br

$ sudo nmcli general hostname
centos7.rascunhos.wiki.br

Ou ainda

$ sudo nmtui-hostname

$ sudo systemctl restart systemd-hostnamed

sed -i "s/http\:\/\/mirror.centos.org\/centos/http\:\/\/centos.rascunhos.wiki.br/g" /etc/yum.repos.d/CentOS-Base.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/CentOS-Base.repo
sed -i "s/mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-Base.repo
sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/CentOS-Base.repo

yum -y install vim-enhanced           # edictor
yum -y install ntp                    # time
yum -y install telnet                 #(client only to debug)
yum -y install net-tools              #(ifconfig, arp, netstat)
yum -y install lsof
yum -y install mlocate                #(locate)
yum -y install bind-utils             #(host, nslookup)
yum -y install open-vm-tools          #(VMware Tools)
yum -y install sg3_utils              #(scsi-rescan)
yum -y install cpulimit               #(limit CPU usage per process)
yum -y install nmap-ncat              # nc command
yum -y install policycoreutils-python # Politicas SELinux
yum -y install snoopy                 # log - audit
yum -y install psacct                 # monitoring user
yum -y install mailx                  # client mail
yum -y install wget                   # download
yum -y install zip                    # compact
yum -y install unzip
yum -y install bzip2 
yum -y install sos                    # report

yum -y install vim-enhanced which zip unzip bzip2 mlocate telnet wget mailx psacct ntp sos sysstat snoopy

$ sudo echo "set incsearch" >> /etc/vimrc
$ sudo echo "set background=dark" >> /etc/vimrc

$ vim ~/.bashrc
[...]
PS1="\[$(tput bold ; tput setaf 7)\][\[$(tput bold ; tput setaf 2)\]\u@\h \[$(tput sgr0)\]:\[$(tput bold ; tput setaf 7)\]\W]\\$ \[$(tput sgr0)\]"
 
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias echo='/bin/echo'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias vi='vim'
 
export HISTTIMEFORMAT="%d/%m/%y %T "
[...]

$ sudo firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.0.2.0/24" port port="22001" protocol="tcp" accept'

$ sudo firewall-cmd --reload
success

$ sudo firewall-cmd --list-all
internal (default, active)
  interfaces: enp0s8 enp0s9
  sources: 
  services: dhcpv6-client ipp-client mdns samba-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="192.0.2.0/24" port port="22001" protocol="tcp" accept

$ sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)

$ sudo sed -i "s/#Port 22/Port 22001/g" /etc/ssh/sshd_config

$ sudo cat /etc/ssh/sshd_config | egrep Port | egrep -v "^#"
Port 22001

$ sudo semanage port -a -t ssh_port_t -p tcp 22001

$ sudo vim /etc/ssh/sshd_config
[...]
PermitRootLogin no
[...]

$ sudo systemctl restart sshd.service

$ ss -nat | grep 22001
LISTEN     0      128                       *:22001                    *:*     
LISTEN     0      128                      :::22001                   :::*     

$ sudo vim /etc/ntp.conf
[...]
server ntp.rascunhos.com.br iburst
[...]

$ sudo systemctl enable ntpd
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
 
$ sudo systemctl start ntpd