After reboot system login with root, We will add user for perform as root later with “su” for better security
[root@idm ~]# useradd thaigaming // add a user 'thaigaming'
[root@idm ~]# passwd thaigaming // add password for user 'thaigaming'
Changing password for user thaigaming.
New UNIX password: // input password you want to set
Retype new UNIX password: // verify
passwd: all authentication tokens updated successfully.
[root@idm ~]# exit // logout current root
now try to switch to new user that just creat
idm login: thaigaming // input user name
password: // input password
[thaigaming@idm ~]$ su - // switch to root and can use all command
Password: // input password for root
[root@idm ~]# // done to switching to root
make latest user that just add to be only user that can change to root
[root@idm ~]#vi /etc/group // open the file with vi
wheel:x:10:root,thaigaming // line 11: add user
[root@idm ~]#vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid // remove '#' that was on the head of line
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
[root@idm ~]#vi /etc/login.defs
SU_WHEEL_ONLY yes // add this line at the bottom
set alias for alias mail root to user
[root@idm ~]#vi /etc/aliases
# Person who should get root's mail
root:thaigaming // at bottom of file: remove '#' and add user name
[root@idm ~]#newaliases // set new aliases
/etc/aliases: 77 aliases, longest 10 bytes, 776 bytes total
disable ipv6
[root@idm ~]# chkconfig ip6tables off
now make sure to disable SELINUX from running too
[root@idm ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled // set to disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
then edit grub boot mode to complete disable selinux
usally /boot/grub/grub.conf, if you’re using the GRUB boot loader. On the kernel line, add selinux=0
now need to disable unneccessory that default load to memory, first we need to list them
[root@idm ~]# chkconfig --list
for example the unneccessory service is yum-updatesd you can see on the list then stop it
[root@idm ~]# /etc/rc.d/init.d/yum-updatesd stop
addition it is better to remove from your server too
[root@idm ~]# rpm -e yum-updatesd
below are list of service and information the mark with * is my setting to load on start
| NetworkManager |
The NetworkManager daemon attempts to keep an active network connection available at all times. |
|
| NetworkManagerDispatcher |
The NetworkManagerDispatcher daemon runs commands in the /etc/NetworkManager/dispatcher.d directory in response to interfaces coming up and down. |
|
| acpid |
Advanced Configuration and Power Interface event daemon. |
|
| anacron |
Anacron can be used to execute commands periodically, with a frequency specified in days. |
|
| apmd |
Advanced Power Management (APM) BIOS utilities for laptops. |
|
| atd |
atd runs jobs queued by at. |
|
| auditd |
The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. |
* |
| autofs |
autofs controls the operation of the automount(8) daemons running on the Linux system. |
|
| avahi-daemon |
Avahi mDNS/DNS-SD daemon Avahi is a fully LGPL framework for Multicast DNS Service Discovery. |
|
| avahi-dnsconfd |
avahi-dnsconfd is a small daemon which may be used to configure conventional DNS servers using mDNS in a DHCP-like fashion. |
|
| bluetooth |
It provids wireless connections among computers. |
|
| conman |
ConMan is a serial console management program designed to support a large number of console devices and simultaneous users. |
|
| cpuspeed |
This program monitors the system idle percentage and reduces or raises the CPUs clock speeds and voltages accordingly to minimize power consumption when idle and maximize perfor-mance when needed. |
|
| crond |
The daemon to execute scheduled commands. |
* |
| cups |
It’s the print system. |
|
| dund |
It’s BlueZ Bluetooth dial-up networking daemon. |
|
| firstboot |
It’s a tool that we can configure basic settings ofthe system by it. |
|
| gpm |
It’s a cut and paste utility and mouse server for virtual consoles. |
|
| haldaemon |
It searches infomations for hardwares. |
|
| hidd |
It’s Bluetooth HID daemon. |
|
| ibmasm |
IBM Advanced System Management software Group. |
|
| ip6tables |
It’s IPv6 packet filter administration. |
|
| iptables |
It’s administration tool for IPv4 packet filtering and NAT. |
|
| irda |
IrDA is a complete implementation of the various IrDA protocols and IrDA drivers for Linux. |
|
| irqbalance |
It distributes hardware interrupts across processors on a multiprocessor system. |
* |
| kudzu |
It detects and configures new and/or changed hardware on a system. |
|
| mcstrans |
It’s the daemon for SELinux. |
|
| mdmonitor |
It watches software-based RAID. |
|
| mdmpd |
It watches software-based RAID. |
|
| messagebus |
It sends messages between apprications. |
* |
| microcode_ctl |
It’s microcode utility for Intel IA32 processors. |
* |
| netfs |
It’s NFS client. |
|
| netplugd |
It’s the daemon for network cable hotplug management. |
|
| network |
It’s the daemon for network system. |
* |
| nfs |
It’s NFS server. |
|
| nfslock |
It provids file lock function for NFS server. |
|
| nscd |
Nscd is a daemon that provides a cache for the most common name service requests. |
|
| oddjobd |
The oddjobd daemon provides the com.redhat.oddjob service on the system-wide message bus. |
|
| pand |
The pand PAN daemon allows your computer to connect to ethernet networks using Bluetooth. |
|
| pcscd |
It’s PC/SC Smart Card Daemon. |
|
| portmap |
Portmap is a server that converts RPC program numbers into DARPA protocol port numbers. |
|
| psacct |
PSACCT is a standard process running on each node that generates daily usage logs containing information on the jobs that ran and how many resources they consumed. |
|
| rawdevices |
bind a Linux raw character device |
* |
| rdisc |
??????? Sorry, I don’t know. it is already off |
|
| readahead_early |
It reads files in page cache early. |
* |
| readahead_later |
It reads files in page cache early when system is running in GUI mode. |
|
| restorecond |
It’s the daemon that watches for file creation and then sets the default SELinux file context. |
|
| rpcgssd |
It’s the daemon which is used for network filesystem like NIS or NFS. |
|
| rpcidmapd |
It’s the daemon which is used for network filesystem like NIS or NFS. |
|
| rpcsvcgssd |
It’s the daemon which is used for network filesystem like NIS or NFS. |
|
| saslauthd |
saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library. |
|
| sendmail |
It’s SMTP server. |
|
| smartd |
It’s SMART Disk Monitoring Daemon. |
|
| sshd |
It’s OpenSSH SSH daemon. |
* |
| syslog |
It reads and/or clears kernel message ring buffer; set console_loglevel. |
* |
| wpa_supplicant |
It’s Wi-Fi Protected Access client and IEEE 802.1X supplicant. |
|
| xfs |
It’s X fonts server. |
|
| ypbind |
ypbind finds the server for NIS domains and maintains the NIS binding information. |
|
| yum-updatesd |
yum-updatesd provides notification of updates which are available to be applied to your system. |
|
credit: information from server-world.info
please check to disable all unnecessory service such as bluetooth, print service etc. to run on server.
mark with green mean let them load on startup
mark with red that is service I have decided to remove from server with rpm -e
Now we going to set server up-to-date, but we need to set it to look fastest mirror
[root@idm ~]# yum -y install yum-fastestmirror
let’s go update server.
[root@idm ~]# yum -y update
