However, because of those changes, it is replacing some well-known components to better fit the latest development - specifically the isolation of namespace. Some significant updates includes:
service --> systemctl
This is not a big change, but has more detailed control over different scope management. All the details are stored here:/usr/lib/systemd/system and you can further add new services.For example, you can start mysql via:
systemctl start mariadb.serviceOr if you want to start it permanently, via:
systemctl enable mariadb.serviceiptables --> firewalld
firewalldfeatures zone management, as a better variant of iptables. By default the computer is put to public zone, therefore we will need to add some service and port support. Typically the commands includes:firewall-cmd --add-port=222/tcp
firewall-cmd --add-service=http
sudo firewall-cmd --permanent --zone=public --add-port=22/tcp
And on my own server it looks like this:
[root@localhost ssh]# firewall-cmd --list-all
public (default, active)
interfaces: ens32 virbr0
sources:
services: dhcpv6-client http ssh
ports: 222/tcp 22/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
We will need to restart the firewall after set up: sudo systemctl restart firewalld.serviceenhanced selinux
selinux not an easy task for starters, sometimes we are not clear about the which rule is actually blocking the entire thing.To better deal with selinux (if you do not want to override all the nice settings), this article introduced some nice methods: Where to find SELinux permission denial details
The method includes setting
SELINUX=permissive in /etc/selinux/config, and later grep AVC errors from grep "type=AVC" /var/log/audit/audit.log