Post-Installation Setup and Optimization for CentOS Systems
System Package Maintenance
Maintaining an up-to-date system is critical for security and stability. Use the package manager to synchronize repositories and apply pending updates:
sudo yum update -y
Network Interface Configuration
To ensure consistent connectivity, you may need to configure a static IP address. Network configurations are stored in /etc/sysconfig/network-scripts/. Locate your specific interface file (e.g., ifcfg-eth0 or ifcfg-ens33):
sudo vi /etc/sysconfig/network-scripts/ifcfg-<interface_name>
Update the configuration with the following parameters for a static assignment:
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=1.1.1.1
After saving the changes, restart the networking service to apply the new settings:
systemctl restart network
Essential System Utilities
Install a suite of basic tools for networking diagnostics and file retrieval that are often missing from minimal installations:
sudo yum install -y wget net-tools vim curl
Firewall Management with Firewalld
CentOS uses firewalld to manage packet filtering. Common operations include opening specific ports and checking the service status:
# Permit traffic on a specific port (e.g., 8080) permanently
sudo firewall-cmd --permanent --add-port=8080/tcp
# Apply the changes
sudo firewall-cmd --reload
# Audit currently open ports
sudo firewall-cmd --list-ports
# Verify firewall daemon status
sudo systemctl status firewalld
Localization and Time Synchronization
Set the system clock to your local region to ensure logs and scheduled tasks reflect the correct time:
# Identify the correct timezone string
timedatectl list-timezones
# Apply the timezone
sudo timedatectl set-timezone America/New_York
Identity and Access Management
Avoid using the root account for daily operations. Create a dedicated user and grant administrative privileges via the wheel group:
# Create a new system user
sudo adduser dev_user
# Assign a secure password
sudo passwd dev_user
# Grant sudo permissions
sudo usermod -aG wheel dev_user
To apply SSH configuration changes after hardening /etc/ssh/sshd_config, reload the daemon:
sudo systemctl restart sshd
Optimizing Resource Limits (File Descriptors)
High-performance applications like web servers or databases often require more simultaneous file handles than the default system limit allows. This is configured in /etc/security/limits.conf.
Each entry follows the pattern: <domain> <type> <item> <value>.
- Domain: User, group, or
*for everyone. - Type:
soft(user-adjustable limit) orhard(enforced by the kernel). - Item:
nofilerepresents the maximum number of open files.
To increase the capacity for all users, append the following lines:
* soft nofile 65535
* hard nofile 65535
Why Resource Limits Matter
In Linux, almost everything is treated as a file, including network sockets. For services handling high concurrency (HTTPS, WebSockets, or database connections), the default limit (usually 1024) is often insufficient. When a process hits this ceiling, it will trigger "Too many open files" errors, leading to dropped connections and service instability. Adjusting these values ensures the kernel can handle high-volume I/O without prematurely terminating active sessions.
