使用新建之非 root 帳號登入 Linux 進行操作,搭配 sudo 執行需要權限更高之指令
Follow 系統密碼複雜度原則
系統預設的 SELinux 其實是有啟用的,不建議關閉
$ sudo getenforce
Enforcing
$ sudo cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
RHEL 7 / CentOS 7 預設本機防火牆開啟,使用 firewalld 管理,不建議關閉。
$ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-09-13 11:00:05 CST; 14min ago
Docs: man:firewalld(1)
Main PID: 841 (firewalld)
CGroup: /system.slice/firewalld.service
└─841 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Sep 13 11:00:04 centos7-cli.lab.example.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Sep 13 11:00:05 centos7-cli.lab.example.com systemd[1]: Started firewalld - dynamic firewall daemon.
預設安裝已提供系統「最基本」的安全性,如無必要,SELinux、firewalld 勿輕易關閉。
安裝小工具、YUM 源
$ sudo yum install bash-completion net-tools yum-utils epel-release -y
安裝 MariaDB
$ sudo yum install mariadb mariadb-server -y
$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb
$ sudo systemctl status mariadb
$ sudo mysql_secure_installation
安裝 Apache
$ sudo yum install httpd -y
$ sudo systemctl start httpd
$ sudo systemctl enable httpd
$ sudo systemctl status httpd
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --reload
安裝 PHP
$ sudo yum localinstall http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
$ sudo yum-config-manager --enable remi-php73
$ sudo yum --enablerepo=remi-php73 install php -y