LL
systemctl disable firewalldsystemctl stop firewalld systemctl enable sshdsystemctl start sshdcp /etc/ssh/sshd_config /etc/ssh/sshd_config.bakvi /etc/ssh/sshd_configPort 33556firewall-cmd --remove-service=ssh --permanentfirewall-cmd --add-port=33556/tcp --permanentfirewall-cmd --reloadsystemctl restart sshdss -tulpn | grep sshssh -p 33556 username@10.20.30.40[root@mail ~]# dnf -y install open-vm-tools
dnf install -y epel-release -y dnf update -y dnf --security update
dnf -y install nmap lsof net-tools quota* xfsprogs xfsdump xfsprogs-devel xfsprogs-qa-devel htop iptraf-ng iftop mutt vim* mlocate httpd* NetworkManager-tui gcc openssl cyrus* ntsysv curl git wget unzip bash-completion NetworkManager cronie xrdp gcc gcc-c++ flex bison make libtool which patch lsof glibc-headers xfsprogs rsyslog logrotate crontabs file kernel-headers net-tools perl perl-Net-SSLeay perl-Encode-Detect perl-Filter perl-open qrencode-libs lynx perl-Time-Piece qrencode Webmin:dnf -y install perl perl-Net-SSLeay perl-Encode-Detect perl-Filter perl-open qrencode-libs lynx perl-Time-Piece qrencode dnf -y install perl-IO-TtyConfigure System Monitoring Tools
# dnf install htop glances nmon -y
htopglancesnmonEnhance System Performance
dnf install preload -y
systemctl enable --now preload
firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=httpsfirewall-cmd --reloaddnf groupinstall "KDE Plasma Workspaces" -y
Configure Automatic Updates
dnf install dnf-automatic -y
systemctl enable --now dnf-automatic.timer
By default, dnf-automatic downloads updates but does not install them. To change this behavior, edit the /etc/dnf/automatic.conf file and modify the apply_updates setting −
# vi /etc/dnf/automatic.conf
Change apply_updates = no to apply_updates = yes, save the file, and exit the editor. Restart the dnf-automatic service to apply the changes −
systemctl restart dnf-automatic.timer
-
--------Cockpit---------
# dnf -y install cockpit*systemctl enable --now cockpit.socketsystemctl restart cockpitIf you are unable to access Cockpit as root on Alma Linux 9
# vi /etc/cockpit/disallowed-users Ensure that root login is enabled for Cockpit. Check /etc/cockpit/cockpit.conf and remove disallowed-users = root firewall-cmd --add-service=cockpitfirewall-cmd --add-service=cockpit --permanent to https://<Your-Server-IP>:9090. If you’re installing on a local machine, you can use https://localhost:9090.
dnf install sudo dnf update -y sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y sudo dnf install -y epel-release -y url -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version="mariadb-11.4"
dnf install mariadb-server mariadb -y systemctl status mariadb sudo systemctl start mariadb sudo systemctl enable mariadb mariadb-secure-installation
---------
~]# sudo mariadb-secure-installation
NOTE: IT IS RECOMMENDED TO RUN ALL PARTS OF THIS SCRIPT FOR ALL MariaDB SERVERS
FOR PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
To log into MariaDB to secure it, we will need the current
password for the root user. If you have just installed MariaDB and
haven't set the root password yet, you should just hit enter here.
Enter the current password for root (enter if absent):OK, the password has been successfully used, continue...Setting a root password or using a unix_socket ensures that no onewill not be able to log into MariaDB as root without proper permission.You already have your root account secured, so you can safely answer 'n'.Switch to unix_socket authentication [Y/n] YSuccessfully enabled!Reloading privilege tables.....Success!You already have your root account secured, so you can safely answer 'n'.Change root password? [Y/n]YNew Password:Repeat new password:Password successfully updated!Reloading privilege tables.....Success!By default, the MariaDB installation has an anonymous user, allowing anyonelogin to MariaDB without having a user account created for them. This is for testing purposes only, and to allow installationit went a little smoother. You must remove them before proceeding toproduction environment.Delete anonymous users? [Y/n]Y...Success!Typically, root should only be able to connect from 'localhost'. Thisensures that someone cannot guess the root password over the network.Deny remote login as root? [Y/n]Y...Success!By default, MariaDB comes with a database called 'test', which can be accessedanyone can access. This is also for testing purposes only, and should be removedbefore moving into production.Delete the test database and access to it? [Y/n]Y- Deleting the test database......Success!- Removing privileges on the test database......Success!Reloading the privilege tables ensures that all changes made so far arewill take effect immediately.Reload privilege tables now? [Y/n]Y...Success!Cleaning...All is ready! If you have completed all the above steps, your MariaDB installationshould now be safe.Thanks for using MariaDB! ---------------------------------
sudo dnf module reset php -y sudo dnf module enable php:remi-8.1 -y sudo dnf install php81 php81-php-fpm php81-php-cli php81-php-mysqlnd php81-php-gd php81-php-ldap php81-php-odbc php81-php-pdo php81-php-pear php81-php-xml php81-php-xmlrpc php81-php-mbstring php81-php-snmp php81-php-soap php81-php-zip php81-php-opcache -ysystemctl enable --now php81-php-fpm.service
LL