Vim is powerful and open source command line text editor. Configuration file for Vim is in /etc/vimrc. First We need to install VIM test editor, then open the configuration file to apply setting which you want to(to apply configuration to all system you need to do same this on /etc/vim/vimrc):
root@thehackertips:~# apt install vim
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
vim-common vim-runtime vim-tiny
Suggested packages:
ctags vim-doc vim-scripts indent
The following packages will be upgraded:
vim vim-common vim-runtime vim-tiny
4 upgraded, 0 newly installed, 0 to remove and 122 not upgraded.
Need to get 7,378 kB of archives.
After this operation, 4,096 B disk space will be freed.
Do you want to continue? [Y/n]
Get:1 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim amd64 2:8.1.0320-1ubuntu3.1 [1,180 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim-tiny amd64 2:8.1.0320-1ubuntu3.1 [505 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim-runtime all 2:8.1.0320-1ubuntu3.1 [5,609 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim-common all 2:8.1.0320-1ubuntu3.1 [84.4 kB]
Fetched 7,378 kB in 13s (559 kB/s)
(Reading database … 66699 files and directories currently installed.)
Preparing to unpack …/vim_2%3a8.1.0320-1ubuntu3.1_amd64.deb …
Unpacking vim (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Preparing to unpack …/vim-tiny_2%3a8.1.0320-1ubuntu3.1_amd64.deb …
Unpacking vim-tiny (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Preparing to unpack …/vim-runtime_2%3a8.1.0320-1ubuntu3.1_all.deb …
Unpacking vim-runtime (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Preparing to unpack …/vim-common_2%3a8.1.0320-1ubuntu3.1_all.deb …
Unpacking vim-common (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Setting up vim-common (2:8.1.0320-1ubuntu3.1) …
Setting up vim-runtime (2:8.1.0320-1ubuntu3.1) …
Setting up vim (2:8.1.0320-1ubuntu3.1) …
Setting up vim-tiny (2:8.1.0320-1ubuntu3.1) …
Processing triggers for mime-support (3.60ubuntu1) …
Processing triggers for man-db (2.8.5-2) …
root@thehackertips:~# vi /etc/vimrc
# You can applly vim configuration which you want, Some of them applied by default.
set number # Show line numbers
set linebreak # Break lines at word (requires Wrap lines)
set showbreak=+++ # Wrap-broken line prefix
set textwidth=100 # Line wrap (number of cols)
set showmatch # Highlight matching brace
set spell # Enable spell-checking
set errorbells # Beep or flash screen on errors
set visualbell # Use visual bell (no beeping)
set hlsearch # Highlight all search results
set smartcase # Enable smart-case search
set gdefault # Always substitute all matches in a line
set ignorecase # Always case-insensitive
set incsearch # Searches for strings incrementally
set autoindent # Auto-indent new lines
set cindent # Use 'C' style program indenting
set expandtab # Use spaces instead of tabs
set shiftwidth=4 # Number of auto-indent spaces
set smartindent # Enable smart-indent
set smarttab # Enable smart-tabs
set softtabstop=4 # Number of spaces per Tab
set confirm # Prompt confirmation dialogs
set ruler # Show row and column ruler information
set showtabline=2 # Show tab bar
set autochdir # Change working directory to open buffer
set autowriteall # Auto-write all file changes
set undolevels=1000 # Number of undo levels
set backspace=indent,eol,start # Backspace behaviour
Configure Firewall and SELinux
Firewalld is installed by default on Ubuntu 19.04, but if it is not installed on your system, you can install the package by typing:
root@thehackertips:~# apt install firewalld
To start the Firewalld service and enable it:
root@thehackertips:~# systemctl start firewalld
root@thehackertips:~# systemctl enable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable firewalld
root@thehackertips:~#
To check the status of Firewall on Ubuntu 19.04:
root@thehackertips:~# systemctl status firewalld
â firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-11-04 06:32:50 EST; 2min 47s ago
Docs: man:firewalld(1)
Main PID: 5034 (firewalld)
Tasks: 2 (limit: 1096)
Memory: 20.6M
CGroup: /system.slice/firewalld.service
ââ5034 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Nov 04 06:32:50 thehackertips.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 04 06:32:50 thehackertips.com systemd[1]: Started firewalld - dynamic firewall daemon.
root@thehackertips:~#
it’s possbile to stop and disable it like below.
root@thehackertips:~# systemctl stop firewalld
root@thehackertips:~# systemctl disable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
root@thehackertips:~#
The most used firewall commands as follow:
root@thehackertips:~# firewall-cmd --get-default-zone # display default zone
root@thehackertips:~# firewall-cmd --list-all # display current setting of default zone
root@thehackertips:~# firewall-cmd --set-default-zone=external # change default zone
root@thehackertips:~# firewall-cmd --get-services # get a list of the available services
# show allowed services on a specific zone
root@thehackertips:~# firewall-cmd --list-service --zone=internal
dhcpv6-client ipp-client mdns samba-client ssh
root@thehackertips:~# firewall-cmd --list-service --zone=external
ssh
root@thehackertips:~# firewall-cmd --list-service --zone=public
dhcpv6-client ntp ssh
root@thehackertips:~# firewall-cmd --add-service=https #Adding a Service to your Zones
root@thehackertips:~# firewall-cmd --remove-service=https #Remove a Service to your Zones
#For adding service permanently use command like below and reload the firewall
root@thehackertips:~# firewall-cmd --add-service=http --permanent
root@thehackertips:~# firewall-cmd --reload
# Opening ro removing a Port for your Zones
root@thehackertips:~# firewall-cmd --add-port=25/tcp
root@thehackertips:~# firewall-cmd --remove-port=25/tcp
root@thehackertips:~# firewall-cmd --add-port=25/tcp --permanent
root@thehackertips:~# firewall-cmd --reload
SELinux – Security-Enhanced Linux is a mandatory access control (MAC) security mechanism implemented in the kernel. There are three basic modes of operation, of which Enforcing is set as the installation default mode.
- Enforcing: The default mode which will enable and enforce the SELinux security policy on the system, denying access and logging actions
- Permissive: In Permissive mode, SELinux is enabled but will not enforce the security policy, only warn and log actions. Permissive mode is useful for troubleshooting SELinux issues
- Disabled: SELinux is turned off
To install SELinux:
root@thehackertips:~# apt install selinux-utils policycoreutils
You can use sestatus or getenforce command to view the current SELinux status:
root@thehackertips:~# sestatus
SELinux status: disabled
root@thehackertips:~# getenforce
Disabled
root@thehackertips:~#
If you want to disable SELinux open configuration file and change enforcing to disabled and then restart the server.
root@thehackertips:~# vi /etc/selinux/config