[1] Add a new user. I used user name as 'cent' on following examples, but Set any names you like to use.
[root@ns ~]# useradd cent // add a user 'cent'
[root@ns ~]# passwd cent // set password for cent
Changing password for user cent. New UNIX password: // input password you want to set
Retype new UNIX password: // verify
passwd: all authentication tokens updated successfully.
[root@ns ~]# exit // logout
[2] Try to switch by user that was added in section [1].
ns login: cent // input user name password: // input password
[cent@ns ~]$ su - // switch to root Password: // input password for root
[root@ns ~]# // done to switching to root
[3] Make 'cent' user that was added in section [1] be only a user who can switch to root.
[root@ns ~]# vi /etc/group // open the file with vi
wheel:x:10:root ,cent // line 11: add user
[root@ns ~]# vi /etc/pam.d/su
#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid // remove '#' that was on the head of line
auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so
[root@ns ~]# vi /etc/login.defs
SU_WHEEL_ONLY yes // add this line at the bottom Forwarding email for root
[4] Set config to forward mails for root to a user who is a system administrator you set as.
[root@ns ~]# vi /etc/aliases
# Person who should get root's mail root: cent // bottom: remove '#' and add user name
[root@ns ~]# newaliases // set new aliases
/etc/aliases: 77 aliases, longest 10 bytes, 776 bytes total
----------------------------------------------- songbei6 notes: # visudo uncommented the following line %wheel ALL=(ALL) ALL become to wheel ALL=(ALL) ALL -----------------------------------------------
[5] It's unnecessarry to enable FireWall because it's enable on the Routers, so Change it to disabled.
[root@ns ~]# /etc/rc.d/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@ns ~]# chkconfig iptables off
[root@ns ~]# chkconfig ip6tables off
[6] Change to disabled SELinux (Security-Enhanced Linux).
[root@ns ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled // change
# SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
[8] Stop unnecessary services for your system which are enabled on the default settings. First, Output the list of services with following commands.
[root@ns ~]# chkconfig --list | less
[9] Stop unnecessary services. Following example, a service 'yum-updatesd' is stopped and Disable autostart function.
[root@ns ~]# /etc/rc.d/init.d/yum-updatesd stop
Stopping yum-updatesd [ OK ]
[root@ns ~]# chkconfig yum-updatesd off
[10] Or if a service is not needed for your system, Uninstall it. If you don't know the service which how to work, output documents of it. Following example, documents of 'yum-updatesd' is outputed and uninstalled.
[root@ns ~]# man yum-updatesd
yum-updatesd(8)
NAME
yum-updatesd - Update notifier daemon
SYNOPSIS
yum-updatesd
DESCRIPTION
yum-updatesd provides notification of updates which are available to be applied to your system. This notification can be either via syslog, email or over dbus. Configuration is done via the yum-updatesd.conf (5) file.
SEE ALSO
yum (8) yum-updatesd.conf (5)
Jeremy Katz 2006 June 26 yum-updatesd(8)
[root@ns ~]# rpm -e yum-updatesd
[11] Following lists are all services on the default settings if you would installed with the same way to this site. The one which has marked '*' is the one I turned on for autostart.
NetworkManager
The NetworkManager daemon attempts to keep an active network connection available at all times.
NetworkManagerDispatcher
The NetworkManagerDispatcher daemon runs commands in the /etc/NetworkManager/dispatcher.d
directory in response to interfaces coming up and down.
acpid
Advanced Configuration and Power Interface event daemon.
anacron
Anacron can be used to execute commands periodically, with a frequency specified in days.
apmd
Advanced Power Management (APM) BIOS utilities for laptops.
atd
atd runs jobs queued by at.
auditd
The audit package contains the user space utilities for
storing and searching the audit records generate by
the audit subsystem in the Linux 2.6 kernel.
*
autofs
autofs controls the operation of the automount(8) daemons running on the Linux system.
avahi-daemon
Avahi mDNS/DNS-SD daemon Avahi is a fully LGPL framework for Multicast DNS Service Discovery.
avahi-dnsconfd
avahi-dnsconfd is a small daemon which may be used to configure conventional DNS servers using
mDNS in a DHCP-like fashion.
bluetooth
It provids wireless connections among computers.
conman
ConMan is a serial console management program designed to support a
large number of console devices and simultaneous users.
