Seamlessly Replace CentOS: Ubuntu 22.04 & Anolis 8.6 DNS, Time Sync, Security Guide
With CentOS reaching end‑of‑life, this guide compares Ubuntu 22.04 and Anolis 8.6 as replacements, detailing DNS configuration, time synchronization, security baselines, SELinux, firewall setup, kernel tweaks, and provides concrete commands and code snippets for a smooth migration.
Background and Requirements
CentOS is being discontinued, prompting many operations teams to look for compatible alternatives. The key criteria are OS compatibility with existing CentOS workflows, licensing (especially for Chinese‑government‑approved "Xinchuang" systems), and support for the full stack of open‑source tools, middleware, and databases. Additionally, CentOS 7.9 no longer receives updates for features such as cgroups v2 and rootless containers, so preparation for a new OS is essential.
Ubuntu 22.04 Configuration
1. DNS Settings
Ubuntu 22.04 replaces systemd-resolve with resolvectl. To view the current configuration: $ resolvectl status Typical output shows global protocols and per‑interface DNS servers.
Temporary DNS can be set by editing /etc/resolv.conf:
# vim /etc/resolv.conf
nameserver 1.1.1.2
nameserver 1.0.0.2For a permanent solution, install resolvconf and edit its head file:
# apt install resolvconf
# vim /etc/resolvconf/resolv.conf.d/head
nameserver 1.1.1.2
nameserver 1.0.0.2
resolvconf -u
systemctl enable --now resolvconf.serviceAfter updating, run resolvconf -u to apply changes. The configuration will be written to /etc/resolv.conf, which is the authoritative source.
Alternatively, modify the Netplan YAML file for interface‑specific DNS:
# vim /etc/netplan/xxx.yml
network:
ethernets:
enp1s0:
dhcp4: true
nameservers:
addresses: [8.8.8.8, 8.4.4.8]
version: 2
# netplan applyNote that Netplan changes affect only the specified NIC and do not update /etc/resolv.conf.
2. Time Synchronization
Ubuntu 22.04 uses timedatectl (which invokes systemd-timesyncd) instead of the legacy ntpdate. On boot, timedatectl syncs the clock immediately and re‑checks after the network becomes active.
Key differences between timesyncd and ntpd:
ntpd adjusts time gradually (step‑wise smoothing).
timesyncd performs abrupt updates, which can affect time‑sensitive services in production.
Configuration example ( /etc/systemd/timesyncd.conf):
# vi /etc/systemd/timesyncd.conf
[Time]
# NTP= (list of NTP servers)
# FallbackNTP=ntp.ubuntu.com
RootDistanceMaxSec=5
PollIntervalMinSec=32
PollIntervalMaxSec=2048Check status with:
# timedatectl3. Security Baseline
Set password expiration policies in /etc/login.defs:
# vim /etc/login.defs
PASS_MAX_DAYS 90
PASS_MIN_DAYS 0
PASS_WARN_AGE 10Install libpam-pwquality to enforce password complexity:
# apt install libpam-pwquality
# vim /etc/security/pwquality.conf
minlen = 8
dcredit = -1
lcredit = -1
ocredit = -1
ucredit = -1Limit password attempts and lockout behavior with pam_faillock (no extra package needed):
# vim /etc/security/faillock.conf
dir = /var/run/faillock
audit
silent
deny = 3
fail_interval = 900
unlock_time = 120Update PAM configuration files:
# vim /etc/pam.d/common-auth
auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900
auth [success=1 default=ignore] pam_unix.so nullok
auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900
auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
# vim /etc/pam.d/common-account
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
account required pam_faillock.so4. SELinux
Ubuntu 22.04 does not ship SELinux by default. To enable it:
# apt update
# apt install policycoreutils selinux-utils selinux-basics
# selinux-activate
# selinux-config-enforcing # requires reboot
# setstatus # shows SELinux status
# vim /etc/selinux/config
SELINUX=enforcing # or SELINUX=disabled
# setenforce 0 # temporary disable
# setenforce 1 # temporary enable5. Firewall (UFW)
Ubuntu uses ufw for firewall management. Install and check status:
# apt install ufw
# ufw status verbose6. Kernel Parameter Notes
Ubuntu 22.04 kernel 5.15.0‑60‑generic no longer supports tcp_tw_recycle (removed after 4.12). tcp_tw_reuse remains usable, but TCP_TIMEWAIT_LEN modifications are discouraged.
Anolis 8.6 Configuration
1. Time Synchronization
Anolis 8.6 drops the traditional ntp package and relies on chrony:
# vim /etc/chrony.conf
server 192.168.20.17 iburst
# systemctl restart chronyd.service
# chronyc tracking # shows update interval
# chronyc sources -v # list NTP sources
# chronyc activity # show online/offline status
# chronyc add server XXXX # add a new NTP server
# chronyc -a makestep # force immediate syncConclusion
Ubuntu 22.04 and Anolis 8.6 are two viable CentOS replacements; other options include Oracle Linux, OpenEuler, UnionTech UOS, Zhongbiao Kylin, Galaxy Kylin, and Rocky Linux. Choose based on compatibility, licensing, and feature support.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
dbaplus Community
Enterprise-level professional community for Database, BigData, and AIOps. Daily original articles, weekly online tech talks, monthly offline salons, and quarterly XCOPS&DAMS conferences—delivered by industry experts.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.