-
Configure hostname
hostnamectl set-hostname server
-
Upgrade installed packages
dnf upgrade
-
Install required and useful packages
dnf -y install epel-release dnf -y install bind-utils dnf -y install net-tools dnf -y install wget dnf -y install tree dnf -y install tar dnf -y install dnf-automatic dnf -y install git
VERSION=3.4.1 wget "https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64" -O /usr/local/bin/yq chmod +x /usr/local/bin/yq -
Configure automated security updates
vi /etc/dnf/automatic.conf
[commands] upgrade_type = security apply_updates = yessystemctl enable --now dnf-automatic.timer systemctl list-timers *dnf-*
-
Prevent laptop from entering hibernate/suspend mode when the lid is closed.
vi /etc/systemd/logind.conf
HandleLidSwitch=ignore HandleLidSwitchExternalPower=ignore HandleLidSwitchDocked=ignoresystemctl restart systemd-logind.service
-
Copy public SSH key for authorization
mkdir -p ~/.ssh cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
-
Disable password based SSH login
vi /etc/ssh/sshd_config
PasswordAuthentication no -
Enable logging for firewalld
firewall-cmd --set-log-denied=all journalctl -f -l -u firewalld
-
Disable zone drifting for firewalld
vi /etc/firewalld/firewalld.conf
AllowZoneDrifting=no -
Configure git behaviour
git config --global pull.ff only
-
Disable IPv6
vi /etc/sysctl.d/70-ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1sysctl --load /etc/sysctl.d/70-ipv6.conf