Vim is powerful and open source command line text editor. Configuration file for Vim is in /etc/vimrc. First We need to install VIM test editor, then open the configuration file to apply setting which you want to:
[root@thehackertips ~]# yum -y install vim-enhanced
[root@thehackertips ~]# vi /etc/vimrc
# You can applly vim configuration which you want, Some of them applied by default.
set number # Show line numbers
set linebreak # Break lines at word (requires Wrap lines)
set showbreak=+++ # Wrap-broken line prefix
set textwidth=100 # Line wrap (number of cols)
set showmatch # Highlight matching brace
set spell # Enable spell-checking
set errorbells # Beep or flash screen on errors
set visualbell # Use visual bell (no beeping)
set hlsearch # Highlight all search results
set smartcase # Enable smart-case search
set gdefault # Always substitute all matches in a line
set ignorecase # Always case-insensitive
set incsearch # Searches for strings incrementally
set autoindent # Auto-indent new lines
set cindent # Use 'C' style program indenting
set expandtab # Use spaces instead of tabs
set shiftwidth=4 # Number of auto-indent spaces
set smartindent # Enable smart-indent
set smarttab # Enable smart-tabs
set softtabstop=4 # Number of spaces per Tab
set confirm # Prompt confirmation dialogs
set ruler # Show row and column ruler information
set showtabline=2 # Show tab bar
set autochdir # Change working directory to open buffer
set autowriteall # Auto-write all file changes
set undolevels=1000 # Number of undo levels
set backspace=indent,eol,start # Backspace behaviour
Configure Firewall and SELinux
Firewalld is installed by default on CentOS 7, but if it is not installed on your system, you can install the package by typing:
[root@thehackertips ~]# sudo yum install firewalld
To start the FirewallD service and enable it:
[root@thehackertips ~]# sudo systemctl start firewalld [root@thehackertips ~]# sudo systemctl enable firewalld
To check the status of Firewall on Centos7:
[root@thehackertips ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Mon 2019-10-21 07:01:17 EDT; 55min ago
Main PID: 581 (firewalld)
CGroup: /system.slice/firewalld.service
ââ581 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Oct 21 07:01:17 thehackertips.com systemd[1]: Started firewalld - dynamic fi....
Hint: Some lines were ellipsized, use -l to show in full.
[root@thehackertips ~]# getenforce
Enforcing
[root@thehackertips ~]#
it’s possbile to stop and disable it like below.
[root@thehackertips ~]# sudo systemctl stop firewalld
[root@thehackertips ~]# sudo systemctl disable firewalld
The most used firewall commands as follow:
[root@thehackertips ~]# firewall-cmd --get-default-zone # display default zone
[root@thehackertips ~]# firewall-cmd --list-all # display current setting of default zone
[root@thehackertips ~]# firewall-cmd --set-default-zone=external # change default zone
[root@thehackertips ~]# firewall-cmd --get-services # get a list of the available services
# show allowed services on a specific zone
[root@thehackertips ~]# firewall-cmd --list-service --zone=internal
dhcpv6-client ipp-client mdns samba-client ssh
[root@thehackertips ~]# firewall-cmd --list-service --zone=external
ssh
[root@thehackertips ~]# firewall-cmd --list-service --zone=public
dhcpv6-client ntp ssh
[root@thehackertips ~]# firewall-cmd --add-service=https #Adding a Service to your Zones
[root@thehackertips ~]# firewall-cmd --remove-service=https #Remove a Service to your Zones
#For adding service permanently use command like below and reload the firewall
[root@thehackertips ~]# firewall-cmd --add-service=http --permanent
[root@thehackertips ~]# firewall-cmd --reload
# Opening ro removing a Port for your Zones
[root@thehackertips ~]# firewall-cmd --add-port=25/tcp
[root@thehackertips ~]# firewall-cmd --remove-port=25/tcp
[root@thehackertips ~]# firewall-cmd --add-port=25/tcp --permanent
[root@thehackertips ~]# firewall-cmd --reload
SELinux – Security-Enhanced Linux is a mandatory access control (MAC) security mechanism implemented in the kernel. There are three basic modes of operation, of which Enforcing is set as the installation default mode.
- Enforcing: The default mode which will enable and enforce the SELinux security policy on the system, denying access and logging actions
- Permissive: In Permissive mode, SELinux is enabled but will not enforce the security policy, only warn and log actions. Permissive mode is useful for troubleshooting SELinux issues
- Disabled: SELinux is turned off
You can use sestatus or getenforce command to view the current SELinux status:
[root@thehackertips ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@thehackertips ~]# getenforce
Enforcing
If you want to disable SELinux open configuration file and change enforcing to disabled and then restart the server:
[root@thehackertips ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@thehackertips ~]# reboot
