Network Security: Managing Firewall Services

In certain deployment scenarios, local firewall services are intentionally deactivated to rely on external perimeter defenses or specific network architectures. The procedures to manipulate these services differ between legacy and modern CentOS releases.

CentOS 6 (iptables)

# Verify current iptables state
/etc/init.d/iptables status

# Halt the service immediately
/etc/init.d/iptables stop

# Remove from boot initialization
chkconfig iptables off

CentOS 7 (firewalld)

# Inspect current runtime status
systemctl is-active firewalld

# Stop the firewall for the current session
systemctl stop firewalld

# Ensure it does not start on subsequent boots
systemctl disable firewalld
systemctl is-enabled firewalld

Access Control: Managing SELinux States

SELinux implements Mandatory Access Control (MAC), restricting process privileges even for the root user based on security policies. Because strict enforcement can complicate application deployments, many enterprise environments opt to disable it.

The system operates in three distinct modes:

• Enforcing: Policies are actively enforced and violations are blocked.
• Permissive: Violations are logged but not blocked; essentially a temporary disabled state for debugging.
• Disabled: The SELinux framework is entire turned off.

To check the current runtime state:

getenforce

For a temporary mode switch:

# Switch to Permissive (temporary disable blocking)
setenforce 0

# Switch back to Enforcing
setenforce 1

To permanently disable SELinux, modify the configuration file. Using a terminal command ansures the change is applied without interactive editing:

# Overwrite the SELinux directive in the config file
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

# A full system reboot is mandatory for this change to take full effect

Internationalization: Configuring System Locales

Proper locale configuration is essential for processing non-English characters, a common requirement when constructing Docker base images. UTF-8 is the universal standard, while GBK is prevalent in specific regional applications. Character distortion (mojibake) typically arises from mismatches among the operating system locale, the terminal emulator settings, or the file's inherent encoding.

To inspect the active locale environment variable:

echo $LANG

For a temporary session-level adjustment:

export LANG="en_US.UTF-8"

CentOS 6 Permanent Locale Configuration

# Method 1: Define globally via the system profile
echo 'export LANG="en_US.UTF-8"' >> /etc/profile
source /etc/profile

# Method 2: Define via the native i18n configuration
echo 'LANG="en_US.UTF-8"' > /etc/sysconfig/i18n
source /etc/sysconfig/i18n

CentOS 7 Permanent Locale Configuration

# Method 1: Define globally via the system profile
echo 'export LANG="en_US.UTF-8"' >> /etc/profile
source /etc/profile

# Method 2: Define via the native locale configuration file
echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
source /etc/locale.conf

# Method 3: The streamlined localectl utility (configures both runtime and boot persistence)
localectl set-locale LANG=en_US.UTF-8