- Update system
It is recommended to update the system first after installing Centos.
[root@node1 ~]# yum -y update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.mirror.nucleus.be
* extras: centos.mirror.nucleus.be
* updates: centos.mirror.nucleus.be
No packages marked for update
[root@node1 ~]#
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.mirror.nucleus.be
* extras: centos.mirror.nucleus.be
* updates: centos.mirror.nucleus.be
No packages marked for update
[root@node1 ~]#
- Adding repositories
Add external repositories to allow us to install additional software that isn’t available within our official repository. First install a plugin to add priorities to each installed repositories and set priority=1 for the official repository.
[root@node1 ~]# yum -y install yum-plugin-priorities
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo
Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains and manage a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).
[root@node1 ~]# yum -y install epel-release
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo
The Software Collections SIG will provide an upstream development area for various software collections and related tools. Developers can build on and extend existing SCLs, so they don't need to re-invent the wheel or take responsibility for packaging unnecessary dependencies.
[root@node1 ~]# yum -y install centos-release-scl-rh centos-release-scl
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@node1 ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
- Networking
Disable Ipv6.
[root@node1 ~]# vi /etc/default/grub
# line 6: add
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rd.lvm….
# apply changing
[root@node1 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
[root@node1 ~]# reboot
# line 6: add
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rd.lvm….
# apply changing
[root@node1 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
[root@node1 ~]# reboot
Security hardening.
[root@node1 ~]# vi /etc/sysctl.d/10-disableIPv6.conf
# Add
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# Add
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
Adjust the SSH daemon configuration file to only listen on IPv4 addresses.
[root@node1 ~]# vi /etc/ssh/sshd_config
# line 18: replace
#AddressFamily any > AddressFamily inet
# apply changes
[root@node1 ~]# systemctl restart sshd.service
# line 18: replace
#AddressFamily any > AddressFamily inet
# apply changes
[root@node1 ~]# systemctl restart sshd.service
- Firewall
Install firewall software.
[root@node1 ~]# yum -y install firewalld
[root@node1 ~]# systemctl status firewalld
Active: inactive (dead)
[root@node1 ~]#
[root@node1 ~]# systemctl start firewalld
Active: active (running) since Thu 20**-**-** 22:04:01 CEST; 2s ago
Main PID: 10096 (firewalld)
CGroup: /system.slice/firewalld.service
└─10096 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
*** ** 22:04:00 node1.server.lab systemd[1]: Starting firewalld - dynamic firewall daemon...
*** ** 22:04:01 node1.server.lab systemd[1]: Started firewalld - dynamic firewall daemon.
[root@node1 ~]#
[root@node1 ~]# systemctl status firewalld
- firewalld.service - firewalld - dynamic firewall daemon
Active: inactive (dead)
[root@node1 ~]#
[root@node1 ~]# systemctl start firewalld
- firewalld.service - firewalld - dynamic firewall daemon
Active: active (running) since Thu 20**-**-** 22:04:01 CEST; 2s ago
Main PID: 10096 (firewalld)
CGroup: /system.slice/firewalld.service
└─10096 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
*** ** 22:04:00 node1.server.lab systemd[1]: Starting firewalld - dynamic firewall daemon...
*** ** 22:04:01 node1.server.lab systemd[1]: Started firewalld - dynamic firewall daemon.
[root@node1 ~]#
Activate firewall during boot.
[root@node1 ~]# systemctl enable firewalld
[root@node1 ~]# systemctl is-enabled firewalld
enabled
[root@node1 ~]# systemctl is-enabled firewalld
enabled
- Services
Disable postfix service.
[root@node1 ~]# systemctl stop postfix
[root@node1 ~]# systemctl disable postfix
[root@node1 ~]# systemctl disable postfix
- Software
Install command-line performance software.
[root@node1 ~]# yum -y install net-tools dstat tcpdump htop iftop iotop bind-utils
[root@node1 ~]# yum -y install collectl iptraf-ng arpwatch nethogs hdparm iperf3
[root@node1 ~]# yum -y install smartmontools
[root@node1 ~]# yum -y install collectl iptraf-ng arpwatch nethogs hdparm iperf3
[root@node1 ~]# yum -y install smartmontools
Install additional software.
[root@node1 ~]# yum -y install mc mlocate policycoreutils-python screen tmux wget
Install editor software.
[root@node1 ~]# yum -y install nano vim-enhanced
6.1 hdparm
Display drive identification, use this command:
[root@node1 ~]# hdparm -i /dev/sda
Config={ HardSect NotMFM HdSw>15uSec SpinMotCtl Fixed DTR>5Mbs FmtGapReq }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=50
BuffType=unknown, BuffSize=16384kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=625140335
IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 udma5 *udma6
AdvancedPM=no WriteCache=enabled
Drive conforms to: Unspecified: ATA/ATAPI-1,2,3,4,5,6,7
* signifies the current active mode
/dev/sda:
Model=WDC WD****AAKS-00***0, FwRev=12.01B02, SerialNo=WD-*****0**8**3Config={ HardSect NotMFM HdSw>15uSec SpinMotCtl Fixed DTR>5Mbs FmtGapReq }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=50
BuffType=unknown, BuffSize=16384kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=625140335
IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 udma5 *udma6
AdvancedPM=no WriteCache=enabled
Drive conforms to: Unspecified: ATA/ATAPI-1,2,3,4,5,6,7
* signifies the current active mode
Detailed/current information directly from drive, use this command:
[root@node1 ~]# hdparm -i /dev/sda
Check the performance with this command:
[root@node1 ~]# hdparm -Tt /dev/sda
Timing buffered disk reads: 212 MB in 3.02 seconds = 70.29 MB/sec
/dev/sda:
Timing cached reads: 12454 MB in 2.00 seconds = 6231.84 MB/secTiming buffered disk reads: 212 MB in 3.02 seconds = 70.29 MB/sec
This is a possible setting for your hard disk. As an example, to enable 32-bit data transfers flag to 1.
[root@node1 ~]# hdparm -c1 /dev/sda
6.2 smartmontools
Add to startup and run the daemon:
[root@node1 ~]# systemctl start smartd.service
[root@node1 ~]# systemctl status smartd.service
Active: active (running) since Fri 20**-**-30 16:15:32 CET; 2h 9min ago
Main PID: 3245 (smartd)
CGroup: /system.slice/smartd.service
└─3245 /usr/sbin/smartd -n -q never
....
[root@node1 ~]# systemctl enable smartd.service
[root@node1 ~]# systemctl is-enabled smartd.service
enabled
[root@node1 ~]# systemctl status smartd.service
- smartd.service - Self Monitoring and Reporting Technology (SMART) Daemon
Active: active (running) since Fri 20**-**-30 16:15:32 CET; 2h 9min ago
Main PID: 3245 (smartd)
CGroup: /system.slice/smartd.service
└─3245 /usr/sbin/smartd -n -q never
....
[root@node1 ~]# systemctl enable smartd.service
[root@node1 ~]# systemctl is-enabled smartd.service
enabled
Enable S.M.A.R.T (if turned off):
[root@node1 ~]# smartctl -s on /dev/sda
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-514.2.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF ENABLE/DISABLE COMMANDS SECTION ===
SMART Enabled.
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-514.2.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF ENABLE/DISABLE COMMANDS SECTION ===
SMART Enabled.
Show identity information for device.
[root@node1 ~]# smartctl -i /dev/sda
Show device SMART health status.
[root@node1 ~]# smartctl -H /dev/sda
Show device SMART vendor-specific Attributes and values.
[root@node1 ~]# smartctl -A /dev/sda
6.3 vim-enhanced
Set comand alias for ‘vim’
[root@node1 ~]# vi /etc/profile
# Add at the last line
alias vi='vim'
[root@node1 ~]# source /etc/profile
# Add at the last line
alias vi='vim'
[root@node1 ~]# source /etc/profile
Setup a vim configuration file for root.
[root@node1 ~]# vi .vimrc
# Add
set nocompatible
set encoding=utf-8
set fileencoding=utf-8
set fileformats=unix,dos
set history=50
set ignorecase
set smartcase
set hlsearch
set incsearch
set number
set list
set showmatch
syntax on
colorscheme evening
set wrap
set shiftwidth=4
# Add
set nocompatible
set encoding=utf-8
set fileencoding=utf-8
set fileformats=unix,dos
set history=50
set ignorecase
set smartcase
set hlsearch
set incsearch
set number
set list
set showmatch
syntax on
colorscheme evening
set wrap
set shiftwidth=4
Create a vim configuration file under folder /etc/skel.
[root@node1 ~]# vi /etc/skel/.vimrc
# Add
set nocompatible
set encoding=utf-8
set fileencoding=utf-8
set fileformats=unix,dos
set history=50
set ignorecase
set smartcase
set hlsearch
set incsearch
set number
set list
set showmatch
syntax on
colorscheme evening
set wrap
set shiftwidth=4
[root@node1 ~]# chmod 644 /etc/skel/.vimrc
# Add
set nocompatible
set encoding=utf-8
set fileencoding=utf-8
set fileformats=unix,dos
set history=50
set ignorecase
set smartcase
set hlsearch
set incsearch
set number
set list
set showmatch
syntax on
colorscheme evening
set wrap
set shiftwidth=4
[root@node1 ~]# chmod 644 /etc/skel/.vimrc
6.4 nano
Create a new global nano configuration file.
[root@node1 ~]# rm -f /etc/nanorc
[root@node1 ~]# vi /etc/nanorc
# Add
include /usr/share/nano/awk.nanorc
include /usr/share/nano/c.nanorc
include /usr/share/nano/cmake.nanorc
include /usr/share/nano/css.nanorc
include /usr/share/nano/debian.nanorc
include /usr/share/nano/gentoo.nanorc
include /usr/share/nano/html.nanorc
include /usr/share/nano/makefile.nanorc
include /usr/share/nano/man.nanorc
include /usr/share/nano/mutt.nanorc
include /usr/share/nano/nanorc.nanorc
include /usr/share/nano/objc.nanorc
include /usr/share/nano/patch.nanorc
include /usr/share/nano/perl.nanorc
include /usr/share/nano/php.nanorc
include /usr/share/nano/python.nanorc
include /usr/share/nano/ruby.nanorc
include /usr/share/nano/sh.nanorc
include /usr/share/nano/spec.nanorc
include /usr/share/nano/tcl.nanorc
include /usr/share/nano/tex.nanorc
include /usr/share/nano/xml.nanorc
set backwards
set nowrap
set smooth
set speller “hunspell”
set tabsize 4
[root@node1 ~]# vi /etc/nanorc
# Add
include /usr/share/nano/awk.nanorc
include /usr/share/nano/c.nanorc
include /usr/share/nano/cmake.nanorc
include /usr/share/nano/css.nanorc
include /usr/share/nano/debian.nanorc
include /usr/share/nano/gentoo.nanorc
include /usr/share/nano/html.nanorc
include /usr/share/nano/makefile.nanorc
include /usr/share/nano/man.nanorc
include /usr/share/nano/mutt.nanorc
include /usr/share/nano/nanorc.nanorc
include /usr/share/nano/objc.nanorc
include /usr/share/nano/patch.nanorc
include /usr/share/nano/perl.nanorc
include /usr/share/nano/php.nanorc
include /usr/share/nano/python.nanorc
include /usr/share/nano/ruby.nanorc
include /usr/share/nano/sh.nanorc
include /usr/share/nano/spec.nanorc
include /usr/share/nano/tcl.nanorc
include /usr/share/nano/tex.nanorc
include /usr/share/nano/xml.nanorc
set backwards
set nowrap
set smooth
set speller “hunspell”
set tabsize 4
- SSH daemon
Let's tweak our SSH daemon configuration file.
[root@node1 ~]# vi /etc/ssh/sshd_config
# line 17 : replace
Port 22
# line 17 : replace
Port 22
# line 23 : replace
Protocol 2
# line 38 : replace
RekeyLimit 256M
# line 48: replace
LoginGraceTime 30
# line 49: replace
PermitRootLogin no
# line 50: replace
StrictModes yes
# line 51: replace
MaxAuthTries 3
# line 69: replace
HostbasedAuthentication no
# line 72: replace
IgnoreUserKnownHosts yes
# line 74: replace
IgnoreRhosts yes
# line 78: replace
PermitEmptyPasswords no
# line 113: replace
AllowTcpForwarding no
# line 114: replace
GatewayPorts no
# line 115: replace
X11Forwarding no
# line 126: replace
ClientAliveInterval 900
# line 127: replace
ClientAliveCountMax 0
# line 132: replace
PermitTunnel no
# line 137: replace
Banner /etc/issue
Create our banner file.
[root@node1 ~]# vi /etc/issue
# Replace content
-------------
W A R N I N G
-------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This system is provided for use by authorized users only. All connections
are monitored and recorded by an artificial intelligence with no moral code
and a sysadmin with a sense of divine retribution.
Hack at your own risk. Pray that the authorities get there first.
# Replace content
-------------
W A R N I N G
-------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This system is provided for use by authorized users only. All connections
are monitored and recorded by an artificial intelligence with no moral code
and a sysadmin with a sense of divine retribution.
Hack at your own risk. Pray that the authorities get there first.
Restart the service and check the status.
[root@node1 ~]# systemctl restart sshd.service
[root@node1 ~]# systemctl status sshd.service
[root@node1 ~]# systemctl status sshd.service
- Message Of The Day
Let's create our motd.sh file.
[root@node1 ~]# vi /etc/motd.sh
# Copy content below into the file
#!/usr/bin/bash
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
#
# Variable settings
yellow="\e[1;33m"
green="\e[1;32m"
blue="\e[1;34m"
purple="\e[1;35m"
grey="\e[37m"
white="\e[0m"
orange="\033[00;033m"
cyan="\033[00;036m"
echo -e "${yellow} .."
echo -e "${yellow} .PLTJ."
echo -e "${yellow} <><><><> "
echo -e " ${green}KKSSV' 4KKK ${yellow}LJ${purple} KKKL.'VSSKK ${orange} `date +'%A, %d %B %Y, %R'`"
echo -e " ${green}KKV' 4KKKKK ${yellow}LJ${purple} KKKKAL 'VKK ${orange} `uname -s -r`"
echo -e " ${green}V' ' 'VKKKK ${yellow}LJ${purple} KKKKV' ' 'V"
echo -e " ${green}.4MA.' 'VKK ${yellow}LJ${purple} KKV' '.4Mb. ${orange} Uptime....: `awk '{printf("%d days, %02dh %02dm %02ds",($1/60/60/24),($1/60/60%24),($1/60%60),($1%60))}'
/proc/uptime`"
echo -e "${purple} . ${green}KKKKKA.' 'V ${yellow}LJ${purple} V' '.4KKKKK ${blue}. ${orange} Load avg..: `awk '{printf "%.1f%(5m) %.1f%(15m)",$2, $3} ' /proc/loadavg`"
echo -e "${purple} .4D ${green}KKKKKKKA.'' ${yellow}LJ${purple} ''.4KKKKKKK ${blue}FA. ${orange} Memory....: `free | awk '/Mem/{printf("%.2f% (Used) "), $3/$2*100}'`"
echo -e "${purple} +QDD ++++++++++++ ${blue}++++++++++++ GFD+ ${orange} Processess: `ps -ax | wc -l | tr -d ""`" echo -e "${purple} 'VD ${blue}KKKKKKKK'.. ${green}LJ ${yellow}..'KKKKKKKK ${blue}FV'"
echo -e "${purple} ' ${blue}VKKKKK'. .4 ${green}LJ ${yellow}K. .'KKKKKV ${blue}' ${orange} boot......: `df | awk '/\/boot$/{printf("%3.0f% (Used) "), $5}'`"
echo -e " ${blue} 'VK'. .4KK ${green}LJ ${yellow}KKA. .'KV' ${orange} home......: `df | awk '/\/home$/{printf("%3.0f% (Used) "), $5}'`"
echo -e " ${blue}A. . .4KKKK ${green}LJ ${yellow}KKKKA. . .4 ${orange} root......: `df | awk '/\/$/{printf("%3.0f% (Used) "), $5}'`"
echo -e " ${blue}KKA. 'KKKKK ${green}LJ ${yellow}KKKKK' .4KK"
echo -e " ${blue}KKSSA. VKKK ${green}LJ ${yellow}KKKV .4SSKK"
echo -e "${green} <><><><> ${cyan} Welcome to `hostname --fqdn`"
echo -e "${green} 'MKKM'"
echo -e "${green} ''"
echo -e "${white}"
echo -e "::::::::::::::::::::::::::::::::::-RULES-:::::::::::::::::::::::::::::::::::::"
echo -e " This is a private system that you are not to give out access to anyone"
echo -e " without permission from the admin. No illegal files or activity. Stay,"
echo -e " in your home directory, keep the system clean and make regular backups."
echo -e " -== DISABLE YOUR PROGRAMS FROM KEEPING SENSITIVE LOG OR HISTORY ==-"
echo -e ""
[root@node1 ~]# chmod +x /etc/motd.sh
# Copy content below into the file
#!/usr/bin/bash
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
#
# Variable settings
yellow="\e[1;33m"
green="\e[1;32m"
blue="\e[1;34m"
purple="\e[1;35m"
grey="\e[37m"
white="\e[0m"
orange="\033[00;033m"
cyan="\033[00;036m"
echo -e "${yellow} .."
echo -e "${yellow} .PLTJ."
echo -e "${yellow} <><><><> "
echo -e " ${green}KKSSV' 4KKK ${yellow}LJ${purple} KKKL.'VSSKK ${orange} `date +'%A, %d %B %Y, %R'`"
echo -e " ${green}KKV' 4KKKKK ${yellow}LJ${purple} KKKKAL 'VKK ${orange} `uname -s -r`"
echo -e " ${green}V' ' 'VKKKK ${yellow}LJ${purple} KKKKV' ' 'V"
echo -e " ${green}.4MA.' 'VKK ${yellow}LJ${purple} KKV' '.4Mb. ${orange} Uptime....: `awk '{printf("%d days, %02dh %02dm %02ds",($1/60/60/24),($1/60/60%24),($1/60%60),($1%60))}'
/proc/uptime`"
echo -e "${purple} . ${green}KKKKKA.' 'V ${yellow}LJ${purple} V' '.4KKKKK ${blue}. ${orange} Load avg..: `awk '{printf "%.1f%(5m) %.1f%(15m)",$2, $3} ' /proc/loadavg`"
echo -e "${purple} .4D ${green}KKKKKKKA.'' ${yellow}LJ${purple} ''.4KKKKKKK ${blue}FA. ${orange} Memory....: `free | awk '/Mem/{printf("%.2f% (Used) "), $3/$2*100}'`"
echo -e "${purple} +QDD ++++++++++++ ${blue}++++++++++++ GFD+ ${orange} Processess: `ps -ax | wc -l | tr -d ""`" echo -e "${purple} 'VD ${blue}KKKKKKKK'.. ${green}LJ ${yellow}..'KKKKKKKK ${blue}FV'"
echo -e "${purple} ' ${blue}VKKKKK'. .4 ${green}LJ ${yellow}K. .'KKKKKV ${blue}' ${orange} boot......: `df | awk '/\/boot$/{printf("%3.0f% (Used) "), $5}'`"
echo -e " ${blue} 'VK'. .4KK ${green}LJ ${yellow}KKA. .'KV' ${orange} home......: `df | awk '/\/home$/{printf("%3.0f% (Used) "), $5}'`"
echo -e " ${blue}A. . .4KKKK ${green}LJ ${yellow}KKKKA. . .4 ${orange} root......: `df | awk '/\/$/{printf("%3.0f% (Used) "), $5}'`"
echo -e " ${blue}KKA. 'KKKKK ${green}LJ ${yellow}KKKKK' .4KK"
echo -e " ${blue}KKSSA. VKKK ${green}LJ ${yellow}KKKV .4SSKK"
echo -e "${green} <><><><> ${cyan} Welcome to `hostname --fqdn`"
echo -e "${green} 'MKKM'"
echo -e "${green} ''"
echo -e "${white}"
echo -e "::::::::::::::::::::::::::::::::::-RULES-:::::::::::::::::::::::::::::::::::::"
echo -e " This is a private system that you are not to give out access to anyone"
echo -e " without permission from the admin. No illegal files or activity. Stay,"
echo -e " in your home directory, keep the system clean and make regular backups."
echo -e " -== DISABLE YOUR PROGRAMS FROM KEEPING SENSITIVE LOG OR HISTORY ==-"
echo -e ""
[root@node1 ~]# chmod +x /etc/motd.sh
Add script into the hiddden bash_profile file.
[root@node1 ~]# vi /etc/skel/.bash_profile
# Add at the end
# Display Message of the Day
if [ -f /etc/motd.sh ]; then
/etc/motd.sh
fi
# Add at the end
# Display Message of the Day
if [ -f /etc/motd.sh ]; then
/etc/motd.sh
fi
Add script into the hiddden bash_profile file of our root user.
[root@node1 ~]# vi /root/.bash_profile
# Add at the end
# Display Message of the Day
if [ -f /etc/motd.sh ]; then
/etc/motd.sh
fi
# Add at the end
# Display Message of the Day
if [ -f /etc/motd.sh ]; then
/etc/motd.sh
fi
Fancy our CLI prompt.
[root@node1 ~]# vi /etc/profile.d/colors.sh
# Add
#!/bin/bash
if [ $(id -u) -eq 0 >/dev/null 2>&1 ]; then
export PS1="\[\033[01;31m\][\u@\h \[\033[01;34m\]\W\[\033[01;31m\]]#\[\033[00;37m\] "
else
export PS1="\[\033[01;32m\][\u@\h \[\033[01;34m\]\W\[\033[01;32m\]]\$\[\033[00;37m\] "
fi
# Add
#!/bin/bash
if [ $(id -u) -eq 0 >/dev/null 2>&1 ]; then
export PS1="\[\033[01;31m\][\u@\h \[\033[01;34m\]\W\[\033[01;31m\]]#\[\033[00;37m\] "
else
export PS1="\[\033[01;32m\][\u@\h \[\033[01;34m\]\W\[\033[01;32m\]]\$\[\033[00;37m\] "
fi
Geen opmerkingen:
Een reactie posten