Add the noatime option to all ext3/ext4/XFS/etc filesystem options in /etc/fstab
Edit /etc/default/grub and remove the rhgb and quiet options from GRUB_CMDLINE_LINUX. Replace these options with: nomodeset vga=normal consoleblank=0 (add elevator=deadline when running on an SSD or in a VM)
Create a new grub2 config file using: grub2-mkconfig > /boot/grub2/grub.cfg
Changed:
< <
Update the system: yum upgrade
> >
Update the system: dnf upgrade
Make sure root cannot log in via ssh by changing /etc/ssh/sshd_config:
PermitRootLogin prohibit-password
This will disable logging in as root, via ssh, but it is still possible to log in as root using SSH public key authentication.
Changed:
< <
Disable SELinux by setting SELINUX=disabled in /etc/sysconfig/selinux (a reboot is needed to fully disable SELinux)
Disable the firewall (when in a secure network), by running: systemctl disable firewalld
Enable irqbalance: systemctl enable irqbalance.service (only useful system with more than 1 CPU cores)
> >
Optional: Set SELinux to permissive mode by setting SELINUX=permissive in /etc/sysconfig/selinux (run setenforce 0 to do this right away)
Disable the firewall (only when in a secure network!), by running: systemctl disable --now firewalld
Enable irqbalance: systemctl enable --now irqbalance.service (probably already enabled and only useful system with more than 1 CPU core)
Edit /etc/chrony.conf and add an NTP server pool:
pool nl.pool.ntp.org iburst
Line: 71 to 71
server 2.nl.pool.ntp.org iburst
server 3.nl.pool.ntp.org iburst
Changed:
< <
Enable the chronyd service: systemctl enable chronyd
> >
Enable the chronyd service: systemctl enable --now chronyd