Technical Recipes

Initial system settings on Linux

Right after you start to work on a brand new Linux system, you may find that the only user you have is the root user, and the time zone is not in your area. And you may not like the default system console. The following simple instructions can help you to get something to start with. You have to login as root now, you may change to other user to login later.

1. Change time zone with the correct local time
 
	1.1 Change to the current time zone, assume you are in "Los_Angeles"
 	
 		# mv /etc/localtime /etc/localtime.bak
		# ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
 
	1.2 Correct the date/time
 	
 		# date +%T%p -s "10:10:10AM"
 		
	1.3 Check system's hardware time which may not be the same as the time you set

		# hwclock --show
		
	1.4 Set the hardware clock so that it may be kept after reboot
	
		# hwclock --systohc

2. Create users

	2.1 Create a normal user 'user1' within its primary group 'user1' by default
 
	    # useradd user1
		# passwd user1
		
	2.2 Create a normal user 'user2' for your httpd server and grant him with sudoer's privilege
	
		# useradd user2
		# passwd user2
		# vi /etc/sudoers
		user2 ALL=(ALL)ALL
		
	2.3 Create another normal user 'user3' and add him to any exisitng group, say 'user2' group
	
		# useradd user3
		# passwd user3
		# usermod -a -Guser2 user3
		
	2.4 Find the user info
	
		# id <username>
		
	2.5 Find the user's group
	
		# groups <username>
		
	2.6 Create a normal user 'user4' in the primary group of 'user3'
	
		# usermod -g <group> <username>
		# useradd -g user3 user4
		
	2.7 Add 'user4' to one (user2's secondary group) or more secondary groups
	
		# usermod -G <group1, gropu2 ,...> <username>
		# usermod -G user2 user4
		
		But if the user is currently a member of a group which is not listed, the user will be removed from that group. This behavior can be changed via the -a option, which appends the user to the current supplementary group list.
		
		# usermod -a -G <group> <username>
		
		or
		
		@ gpasswd -a <username> <group>
	
	2.8 Remove user 'user4' from the secondary group 'user2'
	
		# gpasswd -d <username> <group>
		# gpasswd -G user4 user2
		
	2.9 Change user1's primary group to group 'user2'
	
		# usermod -g <group> <username>
		# usermod -g user1 user2
		
	2.10 Delete user
	
		#userdel <usename>
 
3. Login as the new user and change the setting for the editor by adding or modify .exrc file under $home
	
	$ cd
	$ vi .exrc
	:se ts=3
	:se ai
	:color ron
	
	Save and exit.
	
	The above commands set the table space to be 3, auto indent is on and chose the color set to be 'ron'. 
 
4. Stop and disable the original HTTPD service
 
 	4.0 Login as super user
 	
 		$ su
 		
 	4.1 Check whether HTTPD server is installed
 	
		# rpm -qa | grep httpd
		
	4.2 Keep the original configuration unchanged, like mentioned in the previous blogs
	
		# chattr +i /etc/httpd/conf/httpd.conf
		# chattr +i /etc/httpd/conf.d/ssl.conf
		
		Make sure to remove the lock when you do need to enable the original instance:
		
		# chattr -i /etc/httpd/conf/httpd.conf
		# chattr -i /etc/httpd/conf.d/ssl.conf

	4.3 Disable PHP if it was enabled.
	
		# mv /etc/httpd/conf.d/php.conf php.conf.bak
		
	4.4 Check the HTTPD server status
	
		# service httpd status

	4.5 Stop the HTTPD server if it's running
	
		# service httpd stop

	4.6 Stop the default httpd daemon and disable the httpd service automatically started when the system boots
	
		# chkconfig --list | grep httpd
		# chkconfig httpd off

5. Change root password and disable root SSH login, change the SSH from default 22 to some other port number (non-existing) for intrusion prevention
 
	# passwd
	# vi /etc/ssh/sshd_config
	PermitRootLogin no
	Port xxx
	
	Before you restart the sshd service, make sure:
	
	   1) Have at least one normal user to gain login
	   2) Changed your firewall setting accordingly
	   3) Restart the firewall service
	   4) Change the port number in the client SSH program
	
	# vi /etc/sysconfig/iptables
	-A INPUT -p tcp -m tcp --dport xxx -j ACCEPT
	# service iptables restart
	
	# /etc/init.d/sshd restart