Essential checklist after a fresh Linux installation part 2

0

To find out the previous topics read this.

  1. Change the grub timeout: there are few reasons we need to reduce the grub timeout. But most common reason is decreasing boot time of the operating system. It is necessary for maintenance. If we have to restart the server so that the server boots up early and start working soon.
    To do this we need to do two things. First edit a file and second run a grub command to make that effective.
    edit the file /etc/default/grub
    #vim /etc/default/grub

Now find the option GRUB_TIMEOUT then change the time to 5 or as you want. Then save and exit the file.
now run the below command
# grub2-mkconfig  –output  /boot/grub2/grub.cfg

 

  1. Disable IPv6 if not necessary: this is an optional step. But if there is any chance that we don’t have to use IPv6 in our system then it is better to complete this on the first check list. As we are trying to give beginners a easier way of getting habituated with Linux that’s why this is also a good step.
    we have to edit a file under etc directory. The file name is sysctl.conf. Now open the file with vim editor.
    #vim /etc/sysctl.conf

Now add the line given below:

net.ipv6.conf.all.diable_ipv6 = 1

after this save and exit the file. Run the command given below:

#sysctl                -p            /etc/sysctl.conf

It will be better if we reboot after completing the above tasks. On reboot IPv6 will be disabled.

 

  1. Set time zone: time is a very important issue for services to run. If the time is not right on the server then it is quite possible that the other side of the service may not accept the requests from this side. Also most of the servers have some schedule work on a list. So we need to maintain a time for that task to take place on time. We will see how to set time one Linux system.
    run the command shown below:
    #timedatectl list-timezones
    #timedatectl    set-timezone     Asia/Dhaka
    after running these two commands the time zone will be changed and the time will be set according to time zone.
    still if we need to set time manually then we will follow the below command:
    #timedatectl    set-time               ‘ year-month-day            hour:minute:second ’
    once this is set we can check if the time is set properly or not by running a simple command. That is :
    #timedatectl

 

  1. Make rule to lock user after 5 wrong attempts of SSH login: this is all about securing our server from attacks. This is particularly securing our server from brute force attack. As we all know brute force attack is a mechanism where attacker will keep trying till the password is not cracked. Also as SSH is the most common service for remote access so we will secure SSh service using PAM (Pluggable Authentication Modules).
    now open the file /etc/pam.d/password-auth and add the lines given below in auth section
    auth required              so    deny=5    even_deny_root     file=/var/log/tallylog            unlock_time=6000
    also add the below line in the account section:
    account              required              pam_tally2.so
    now save and exit this file. Reboot the system. After boot up try to login remotely via SSH. Give 5 wrong password and we will see “account locked due to 5 failed logins”.
  2. Disable iptables or firewalld: for beginner iptables and firewalld is a hard thing to understand. If we keep those services enabled and running then for every single service to run we have to configure iptables and firewalld. So in my opinion we have to think about the easiest way to become a Linux user. That’s why we should keep this service stopped and disabled.
    this is a very easy task to do. Run below mentioned commands the services will be stopped and disabled.
    #systemctl stop firewalld
    #systemctl disable firewalld
    #systemctl stop iptables
    #systemctl disabled iptables
  3. Check swap or create and configure swap for the system: first of all we need to know why we need swap and why this is recommended for Linux system. Well, swap is the secondary memory for the system. It can help low memory problems. It is very useful if the system have low memory.
    how to check swap space from command line! Just run any one of the commands given below.
    #swapon –s [it will show the swap space directly]

# free –m [it will show the memory and below that we can see the swap space. ]

Now if we want to increase the swap space then we should follow the below steps.
#fallocate          -l             2G          /swap_space

#chmod             600         /swap_space

# mkswap         /swap_space

# swapon          /swap_space
now check it increased by 2 gigabyte space.  Just run the first command on terminal
#swapon –s

 

Leave A Reply

Your email address will not be published.