After installing Linux, there are a few things you might want to do before proceeding with things like installing Apache, Tomcat, Samba Services, etc. These are by no means a must but a recommendation and are not always needed as the setting may be correct.
Set the hostname
hostnamectl set-hostname new_hostname
Set the Time Zone
timedatectl set-timezone Europe/London
Enabled SELinux which is disabled by default
sed -i 's/^SELINUX=.*/SELINUX=ENFORCING/' /etc/selinux/config
Disable IPv6. This can be done on the kernel line or through sysctl. The latter may break ssh Xforwarding unless sshd_config contains AddressFamily inet.
Edit /etc/default/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample:
GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root ipv6.disable=1"
Run the grub2-mkconfig command to regenerate the grub.cfg file:
grub2-mkconfig -o /boot/grub2/grub.cfg
Reboot the system to disable IPv6 support
Note: While following above method if you notice any Selinux denied messages in audit.log file such as avc: denied { module_request } then disable the ipv6 from /etc/sysctl.d/ipv6.conf file shown below instead.
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/ipv6.conf
Mask services iptables, ip6tables and ebtables
for service in iptables ip6tables ebtables;do systemctl mask ${service}.service;done
Configure Firewall to allow only required access in. There is an improvment to be made here to prevent all outbound access and only allow the necessary.
firewall-cmd --permanent --remove-service=dhcpv6-client
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.10.10/24" service name="ssh" accept'
firewall-cmd --permanent --remove-service="ssh"
firewall-cmd --reload
Update all packages
yum clean all
yum -y update
Reboot the Server
systemctl reboot