Vim adalah editor teks baris perintah yang kuat dan open source. File konfigurasi untuk Vim ada di /etc/vimrc. Pertama Kita perlu menginstal editor tes VIM, kemudian buka file konfigurasi untuk menerapkan pengaturan yang Anda inginkan:
[root@thehackertips ~]# yum -y install vim-enhanced
[root@thehackertips ~]# vi /etc/vimrc
# You can applly vim configuration which you want, Some of them applied by default.
set number # Show line numbers
set linebreak # Break lines at word (requires Wrap lines)
set showbreak=+++ # Wrap-broken line prefix
set textwidth=100 # Line wrap (number of cols)
set showmatch # Highlight matching brace
set spell # Enable spell-checking
set errorbells # Beep or flash screen on errors
set visualbell # Use visual bell (no beeping)
set hlsearch # Highlight all search results
set smartcase # Enable smart-case search
set gdefault # Always substitute all matches in a line
set ignorecase # Always case-insensitive
set incsearch # Searches for strings incrementally
set autoindent # Auto-indent new lines
set cindent # Use 'C' style program indenting
set expandtab # Use spaces instead of tabs
set shiftwidth=4 # Number of auto-indent spaces
set smartindent # Enable smart-indent
set smarttab # Enable smart-tabs
set softtabstop=4 # Number of spaces per Tab
set confirm # Prompt confirmation dialogs
set ruler # Show row and column ruler information
set showtabline=2 # Show tab bar
set autochdir # Change working directory to open buffer
set autowriteall # Auto-write all file changes
set undolevels=1000 # Number of undo levels
set backspace=indent,eol,start # Backspace behaviour
Konfigurasi Firewall dan SELinux
Firewalld diinstal secara default pada CentOS 7, tetapi jika tidak diinstal pada sistem Anda, Anda dapat menginstal paket dengan mengetik:
[root@thehackertips ~]# sudo yum install firewalld
Untuk memulai layanan FirewallD dan mengaktifkannya:
[root@thehackertips ~]# sudo systemctl start firewalld [root@thehackertips ~]# sudo systemctl enable firewalld
Untuk memeriksa status Firewall di Centos7:
[root@thehackertips ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Mon 2019-10-21 07:01:17 EDT; 55min ago
Main PID: 581 (firewalld)
CGroup: /system.slice/firewalld.service
ââ581 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Oct 21 07:01:17 thehackertips.com systemd[1]: Started firewalld - dynamic fi....
Hint: Some lines were ellipsized, use -l to show in full.
[root@thehackertips ~]# getenforce
Enforcing
[root@thehackertips ~]# mungkin untuk menghentikan dan menonaktifkannya seperti di bawah ini.
[root@thehackertips ~]# sudo systemctl stop firewalld
[root@thehackertips ~]# sudo systemctl disable firewalld
Perintah firewall yang paling sering digunakan sebagai berikut:
[root@thehackertips ~]# firewall-cmd --get-default-zone # display default zone
[root@thehackertips ~]# firewall-cmd --list-all # display current setting of default zone
[root@thehackertips ~]# firewall-cmd --set-default-zone=external # change default zone
[root@thehackertips ~]# firewall-cmd --get-services # get a list of the available services
# show allowed services on a specific zone
[root@thehackertips ~]# firewall-cmd --list-service --zone=internal
dhcpv6-client ipp-client mdns samba-client ssh
[root@thehackertips ~]# firewall-cmd --list-service --zone=external
ssh
[root@thehackertips ~]# firewall-cmd --list-service --zone=public
dhcpv6-client ntp ssh
[root@thehackertips ~]# firewall-cmd --add-service=https #Adding a Service to your Zones
[root@thehackertips ~]# firewall-cmd --remove-service=https #Remove a Service to your Zones
#For adding service permanently use command like below and reload the firewall
[root@thehackertips ~]# firewall-cmd --add-service=http --permanent
[root@thehackertips ~]# firewall-cmd --reload
# Opening ro removing a Port for your Zones
[root@thehackertips ~]# firewall-cmd --add-port=25/tcp
[root@thehackertips ~]# firewall-cmd --remove-port=25/tcp
[root@thehackertips ~]# firewall-cmd --add-port=25/tcp --permanent
[root@thehackertips ~]# firewall-cmd --reload
SELinux – Linux yang Ditingkatkan Keamanan adalah mekanisme keamanan kontrol akses wajib (MAC) yang diterapkan di kernel. Ada tiga mode operasi dasar, di mana Penegakan ditetapkan sebagai mode default instalasi.
- Enforcing:Mode default yang akan mengaktifkan dan menerapkan kebijakan keamanan SELinux pada sistem, menolak akses dan tindakan logging
- Permissive:Dalam mode Permissive, SELinux diaktifkan tetapi tidak akan menerapkan kebijakan keamanan, hanya memperingatkan dan mencatat tindakan. Mode permisif berguna untuk memecahkan masalah SELinux
- Dinonaktifkan:SELinux dimatikan
Anda dapat menggunakan status atau mendapatkan perintah untuk melihat status SELinux saat ini:
[root@thehackertips ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@thehackertips ~]# getenforce
Enforcing
Jika Anda ingin menonaktifkan SELinux, buka file konfigurasi dan ubah penegakan menjadi nonaktif, lalu restart server:
[root@thehackertips ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@thehackertips ~]# reboot